public LavaResult AddNewFile(LavaUser user, out string Path, out int fileId)
{
LavaResult result = new LavaResult();
fileId = 0;
SqlConnection conn = new SqlConnection(connectionString);
SqlCommand cmdNewCustomer = new SqlCommand("Volcano.uspNewFile", conn);
cmdNewCustomer.CommandType = CommandType.StoredProcedure;
cmdNewCustomer.Parameters.Add(new SqlParameter("@UserName", SqlDbType.NChar, 32));
cmdNewCustomer.Parameters["@UserName"].Value = user.UserName;
Path = DateTime.Now.ToString("yyyyMMddHHmmssfff") + "_" + Guid.NewGuid().ToString();
cmdNewCustomer.Parameters.Add(new SqlParameter("@Path", SqlDbType.VarChar));
cmdNewCustomer.Parameters["@Path"].Value = Path;
cmdNewCustomer.Parameters.Add(new SqlParameter("@FileID", SqlDbType.Int));
cmdNewCustomer.Parameters["@FileID"].Direction = ParameterDirection.Output;
try
{
conn.Open();
cmdNewCustomer.ExecuteNonQuery();
fileId = (int)cmdNewCustomer.Parameters["@FileID"].Value;
}
catch (SqlException sqlEx)
{
if (sqlEx.Errors.Count > 0) // Assume the interesting stuff is in the first error
{
switch (sqlEx.Errors[0].Number)
{
case 2627: // Foreign Key violation
result.Result = LAVA_ERROR_CODE.FILE_ALREADY_EXIST;
result.Message = "File already exist. " + sqlEx.Message;
break;
default:
result.Result = LAVA_ERROR_CODE.UNKNOWH_ERROR;
result.Message = "Customer ID was not returned. Account could not be created. " + sqlEx.Errors[0].Number + sqlEx.Message;
break;
}
}
}
catch (Exception ex)
{
result.Result = LAVA_ERROR_CODE.UNKNOWH_ERROR;
result.Message = "Customer ID was not returned. Account could not be created. " + ex.Message;
}
finally
{
conn.Close();
}
return result;
}
public LavaResult AddNewUser(LavaUser user)
{
LavaResult result = new LavaResult();
SqlConnection conn = new SqlConnection(connectionString);
SqlCommand cmdNewCustomer = new SqlCommand("Volcano.uspNewUser", conn);
cmdNewCustomer.CommandType = CommandType.StoredProcedure;
cmdNewCustomer.Parameters.Add(new SqlParameter("@UserName", SqlDbType.NChar, 32));
cmdNewCustomer.Parameters["@UserName"].Value = user.UserName;
byte[] password = Utility.StringToByteArray(user.Password);
Gost3411Digest digest = new Gost3411Digest();
SecureRandom random = new SecureRandom();
byte[] salt = random.GenerateSeed(16);
digest.BlockUpdate(password, 0, password.Length);
digest.BlockUpdate(salt, 0, 16);
byte[] hash = new byte[digest.GetDigestSize()];
digest.DoFinal(hash, 0);
cmdNewCustomer.Parameters.AddWithValue("@Password", hash);
cmdNewCustomer.Parameters.AddWithValue("@Salt", salt);
cmdNewCustomer.Parameters.Add(new SqlParameter("@UserID", SqlDbType.Int));
cmdNewCustomer.Parameters["@UserID"].Direction = ParameterDirection.Output;
try
{
conn.Open();
cmdNewCustomer.ExecuteNonQuery();
user.UserID = (int)cmdNewCustomer.Parameters["@UserID"].Value;
}
catch (SqlException sqlEx)
{
if (sqlEx.Errors.Count > 0) // Assume the interesting stuff is in the first error
{
switch (sqlEx.Errors[0].Number)
{
case 2627: // Foreign Key violation
result.Result = LAVA_ERROR_CODE.USER_ALREADY_EXIST;
result.Message = "UserName already exist. " + sqlEx.Message;
break;
default:
result.Result = LAVA_ERROR_CODE.UNKNOWH_ERROR;
result.Message = "Customer ID was not returned. Account could not be created. " + sqlEx.Errors[0].Number + sqlEx.Message;
break;
}
}
}
catch (Exception ex)
{
result.Result = LAVA_ERROR_CODE.UNKNOWH_ERROR;
result.Message = "Customer ID was not returned. Account could not be created. " + ex.Message;
}
finally
{
conn.Close();
}
return result;
}
public LavaResult PutKeyContainer(string UserName, byte[] KeyContainer)
{
LavaResult result = new LavaResult();
SqlConnection conn = new SqlConnection(connectionString);
string sql = "update Volcano.UserTable set KeyContainer = @KeyContainer where UserName = @UserName";
SqlCommand cmdPutKey = new SqlCommand(sql, conn);
cmdPutKey.Parameters.Add(new SqlParameter("@KeyContainer", SqlDbType.Binary, 64));
cmdPutKey.Parameters["@KeyContainer"].Value = KeyContainer;
cmdPutKey.Parameters.Add(new SqlParameter("@UserName", SqlDbType.NChar, 32));
cmdPutKey.Parameters["@UserName"].Value = UserName;
try
{
conn.Open();
result.Message = cmdPutKey.ExecuteNonQuery().ToString();
}
catch (Exception e)
{
result.Result = LAVA_ERROR_CODE.USER_NOT_FOUND;
result.Message = "Container loading failed.";
}
finally
{
conn.Close();
}
return result;
}
public LavaResult ListUsers(out DataTable data)
{
LavaResult result = new LavaResult();
SqlConnection conn = new SqlConnection(connectionString);
string sql = "select * from Volcano.UserTable";
SqlCommand cmdOrderID = new SqlCommand(sql, conn);
data = new DataTable();
try
{
conn.Open();
SqlDataReader rdr = cmdOrderID.ExecuteReader();
data.Load(rdr);
rdr.Close();
}
catch (Exception e)
{
result.Result = LAVA_ERROR_CODE.UNKNOWH_ERROR;
result.Message = "The requested order could not be loaded into the form.";
}
finally
{
conn.Close();
}
return result;
}
public LavaResult ListFilesByName(string UserName, out string[] files)
{
files = null;
LavaResult result = new LavaResult();
SqlConnection conn = new SqlConnection(connectionString);
string sql = "select * from Volcano.Files where UserName = @UserName";
SqlCommand cmdOrderID = new SqlCommand(sql, conn);
DataTable data = new DataTable();
cmdOrderID.Parameters.Add(new SqlParameter("@UserName", SqlDbType.NChar, 32));
cmdOrderID.Parameters["@UserName"].Value = UserName;
try
{
conn.Open();
SqlDataReader rdr = cmdOrderID.ExecuteReader();
data.Load(rdr);
files = new string[data.Rows.Count];
int i = 0;
foreach (DataRow row in data.Rows)
{
files[i++] = row["Path"].ToString();
}
rdr.Close();
}
catch (Exception e)
{
result.Result = LAVA_ERROR_CODE.UNKNOWH_ERROR;
result.Message = "The requested order could not be loaded into the form.";
}
finally
{
conn.Close();
}
return result;
}
public LavaResult GetUserByUserName(string userName, out LavaUser user)
{
LavaResult result = new LavaResult();
user = new LavaUser();
SqlConnection conn = new SqlConnection(connectionString);
string sql = "select * from Volcano.UserTable where UserName = @UserName";
SqlCommand cmdGetUser = new SqlCommand(sql, conn);
cmdGetUser.Parameters.Add(new SqlParameter("@UserName", SqlDbType.NChar, 32));
cmdGetUser.Parameters["@UserName"].Value = userName;
try
{
conn.Open();
SqlDataReader rdr = cmdGetUser.ExecuteReader();
DataTable dataTable = new DataTable();
dataTable.Load(rdr);
foreach (DataRow row in dataTable.Rows)
{
user = new LavaUser(row["UserName"].ToString(),
(byte[])row["Password"],
(byte[])row["Salt"]);
user.UserID = (int)row["UserID"];
user.MasterKey = DBNull.Value.Equals(row["KeyContainer"]) ? null : (byte[])row["KeyContainer"];
}
rdr.Close();
}
catch (Exception e)
{
result.Result = LAVA_ERROR_CODE.USER_NOT_FOUND;
result.Message = "The requested order could not be loaded into the form. " + e.Message;
}
finally
{
conn.Close();
}
return result;
}
public LavaResult GetKeyContainer(string UserName, out byte[] KeyContainer)
{
KeyContainer = new byte[64];
LavaResult result = new LavaResult();
SqlConnection conn = new SqlConnection(connectionString);
string sql = "select KeyContainer from Volcano.UserTable where UserName = @UserName";
SqlCommand cmdGetKey = new SqlCommand(sql, conn);
cmdGetKey.Parameters.Add(new SqlParameter("@KeyContainer", SqlDbType.Binary, 64));
cmdGetKey.Parameters["@KeyContainer"].Direction = ParameterDirection.Output;
cmdGetKey.Parameters.Add(new SqlParameter("@UserName", SqlDbType.NChar, 32));
cmdGetKey.Parameters["@UserName"].Value = UserName;
try
{
conn.Open();
SqlDataReader rdr = cmdGetKey.ExecuteReader();
DataTable dataTable = new DataTable();
dataTable.Load(rdr);
foreach (DataRow row in dataTable.Rows)
{
KeyContainer = DBNull.Value.Equals(row["KeyContainer"]) ? null : (byte[])row["KeyContainer"];
}
}
catch (Exception e)
{
result.Result = LAVA_ERROR_CODE.USER_NOT_FOUND;
result.Message = "Container loading failed.";
}
finally
{
conn.Close();
}
return result;
}
public LavaResult DeleteFile(string fileName)
{
LavaResult result = new LavaResult();
SqlConnection conn = new SqlConnection(connectionString);
string sql = "delete from Volcano.Files where Path = @Path";
SqlCommand cmdOrderID = new SqlCommand(sql, conn);
DataTable data = new DataTable();
cmdOrderID.Parameters.Add(new SqlParameter("@Path", SqlDbType.VarChar));
cmdOrderID.Parameters["@Path"].Value = fileName;
try
{
conn.Open();
int rows = cmdOrderID.ExecuteNonQuery();
if (rows != 1)
{
result.Result = LAVA_ERROR_CODE.NO_FILES_DELETED;
result.Message = "No files deleted (Rows affected " + rows.ToString() + ").";
}
}
catch (Exception e)
{
result.Result = LAVA_ERROR_CODE.UNKNOWH_ERROR;
result.Message = e.Message;
}
finally
{
conn.Close();
}
return result;
}
public LavaResult BeginAuthenticate(string UserName, string Password)
{
LavaResult result = new LavaResult();
return result;
}