public async Task ChangeAsymmetricKey() // Not thread-safe
{
this.ClientState.PrivateKey = this.AsymmetricCryptoProvider.GeneratePrivateKey();
byte[] publicKey = this.AsymmetricCryptoProvider.GetPublicKey(this.ClientState.PrivateKey);
byte[] iv = this.SymmetricCryptoProvider.GenerateIv();
SetKeyModel content = new SetKeyModel
{
Identifier = this.ClientState.Identifier,
Key = publicKey,
ClientSecret = await this.SymmetricCryptoProvider.EncryptBase64ToBase64Async(this.ClientState.ClientSecret, this.ClientState.RoundKey, iv),
Iv = iv
};
ServerResponse <SetKeyModel> response = await this.SendAsync <SetKeyModel>(HttpMethod.Put, "api/key/public", content);
if (!response.IsSuccessStatusCode)
{
throw new HmsException(response.ReasonPhrase);
}
SetKeyModel encryptedLoginModel = response.Content;
byte[] encryptedRoundKey = encryptedLoginModel.RoundKey;
byte[] roundKey = await this.AsymmetricCryptoProvider.DecryptBytesAsync(encryptedRoundKey, this.ClientState.PrivateKey);
this.ClientState.RoundKey = roundKey;
}
public async Task <IHttpActionResult> SetPublicKey([FromBody] SetKeyModel model)
{
if (model?.Identifier == null || model.Key == null)
{
return(this.BadRequest("Invalid arguments"));
}
try
{
if (string.IsNullOrEmpty(model.ClientSecret))
{
var clientSecretBytes = new byte[255];
var rnd = new Random();
rnd.NextBytes(clientSecretBytes);
var clientSecret = Convert.ToBase64String(clientSecretBytes);
model.ClientSecret = clientSecret;
}
else
{
var roundKey = await this.GadgetKeysService.GetGadgetRoundKeyAsync(model.Identifier);
model.ClientSecret = await this.SymmetricCryptoProvider.DecryptBase64ToBase64Async(model.ClientSecret, roundKey, model.Iv);
}
await this.GadgetKeysService.SetGadgetPublicKeyAsync(model.Identifier, model.ClientSecret, model.Key);
var newRoundKey = this.SymmetricCryptoProvider.GenerateKey();
model.RoundKey = newRoundKey;
await this.GadgetKeysService.SetGadgetRoundKeyAsync(model.Identifier, model.ClientSecret, newRoundKey);
var encryptedSecretBytes = await this.AsymmetricCryptoProvider.EncryptBytesAsync(Convert.FromBase64String(model.ClientSecret), model.Key);
var encryptedSecret = Convert.ToBase64String(encryptedSecretBytes);
var encryptedRoundKey = await this.AsymmetricCryptoProvider.EncryptBytesAsync(model.RoundKey, model.Key);
model.ClientSecret = encryptedSecret;
model.RoundKey = encryptedRoundKey;
return(this.Ok(model));
}
catch (Exception e)
{
return(this.BadRequest(e.Message));
}
}
public async Task <ActionResult> SetKey(SetKeyModel model)
{
this.CheckUser();
if (ModelState.IsValid)
{
if (!ViewBag.IsAdmin)
{
ModelState.AddModelError("", "Sorry, you do not have permission to change the firebase key");
}
else
{
try
{
var context = this.HttpContext.GetOwinContext();
var db = context.Get <ApplicationDbContext>();
var table = db.Config;
SharedAppConfig config = await table.FindAsync("ApiKey");
if (config == null)
{
config = new SharedAppConfig()
{
Id = "ApiKey",
Value = model.ApiKey
};
table.Add(config);
}
else
{
config.Value = model.ApiKey;
}
await db.SaveChangesAsync();
model.Result = "updated";
}
catch (Exception ex)
{
model.Result = ex.Message;
}
}
}
// If we got this far, something failed, redisplay form
return(View(model));
}
private async Task EnsureKeysInitializationAsync()
{
if (!this.IsInitialized)
{
await InitializationSemaphore.WaitAsync();
if (!this.IsInitialized)
{
try
{
this.ClientState.Identifier = Guid.NewGuid().ToString();
this.ClientState.PrivateKey = this.AsymmetricCryptoProvider.GeneratePrivateKey();
byte[] publicKey = this.AsymmetricCryptoProvider.GetPublicKey(this.ClientState.PrivateKey);
SetKeyModel content = new SetKeyModel {
Identifier = this.ClientState.Identifier, Key = publicKey
};
ServerResponse <SetKeyModel> result = await this.SendAsync <SetKeyModel>(HttpMethod.Put, "api/key/public", content, false);
if (!result.IsSuccessStatusCode)
{
throw new HmsException(result.ReasonPhrase);
}
SetKeyModel setKeyModel = result.Content;
string clientSecret = await this.AsymmetricCryptoProvider.DecryptBase64ToBase64Async(setKeyModel.ClientSecret, this.ClientState.PrivateKey);
this.ClientState.RoundKey = await this.AsymmetricCryptoProvider.DecryptBytesAsync(setKeyModel.RoundKey, this.ClientState.PrivateKey);
this.ClientState.ClientSecret = clientSecret;
this.IsInitialized = true;
}
finally
{
InitializationSemaphore.Release();
}
}
}
}
