public IActionResult AddDocument(long spId, [FromBody] DocumentDto documentDto)
{
documentDto.DocumentId = _dataAccessService.AddSpDocument(spId, documentDto.DocumentName, documentDto.Hash);
SpDocument document = _dataAccessService.GetSpDocument(spId, documentDto.DocumentId);
StatePersistency statePersistency = _executionContextManager.ResolveStateExecutionServices(spId);
statePersistency.TransactionsService.IssueDocumentRecord(document.Hash.HexStringToByteArray(), document.AllowedSigners?.Select(s => s.GroupCommitment.HexStringToByteArray()).ToArray());
return(Ok(documentDto));
}
public IActionResult DeleteAllowedSigner(long spId, long allowedSignerId)
{
long documentId = _dataAccessService.RemoveSpDocumentAllowedSigner(spId, allowedSignerId);
SpDocument document = _dataAccessService.GetSpDocument(spId, documentId);
StatePersistency statePersistency = _executionContextManager.ResolveStateExecutionServices(spId);
statePersistency.TransactionsService.IssueDocumentRecord(document.Hash.HexStringToByteArray(), document.AllowedSigners.Select(s => s.GroupCommitment.HexStringToByteArray()).ToArray());
return(Ok());
}
public IActionResult DeleteAllowedSigner(ulong allowedSignerId)
{
ulong accountId = ulong.Parse(User.Identity.Name, CultureInfo.InvariantCulture);
ulong documentId = _dataAccessService.RemoveSpDocumentAllowedSigner(accountId, allowedSignerId);
SpDocument document = _dataAccessService.GetSpDocument(accountId, documentId);
StatePersistency statePersistency = _executionContextManager.ResolveStateExecutionServices(accountId);
statePersistency.TransactionsService.IssueDocumentRecord(document.Hash.HexStringToByteArray(), document.AllowedSigners.Select(s => s.GroupCommitment.HexStringToByteArray()).ToArray());
return(Ok());
}
public IActionResult AddDocument([FromBody] DocumentDto documentDto)
{
ulong accountId = ulong.Parse(User.Identity.Name, CultureInfo.InvariantCulture);
documentDto.DocumentId = _dataAccessService.AddSpDocument(accountId, documentDto.DocumentName, documentDto.Hash);
SpDocument document = _dataAccessService.GetSpDocument(accountId, documentDto.DocumentId);
StatePersistency statePersistency = _executionContextManager.ResolveStateExecutionServices(accountId);
statePersistency.TransactionsService.IssueDocumentRecord(document.Hash.HexStringToByteArray(), document.AllowedSigners?.Select(s => s.GroupCommitment.HexStringToByteArray()).ToArray());
return(Ok(documentDto));
}
public async Task <IActionResult> AddAllowedSigner(long spId, long documentId, [FromBody] AllowedSignerDto allowedSigner)
{
byte[] groupAssetId = await _assetsService.GenerateAssetId(AttributesSchemes.ATTR_SCHEME_NAME_EMPLOYEEGROUP, allowedSigner.GroupOwner + allowedSigner.GroupName, allowedSigner.GroupOwner).ConfigureAwait(false);
byte[] blindingFactor = ConfidentialAssetsHelper.GetRandomSeed();
byte[] groupCommitment = ConfidentialAssetsHelper.GetAssetCommitment(blindingFactor, groupAssetId);
allowedSigner.AllowedSignerId = _dataAccessService.AddSpDocumentAllowedSigner(spId, documentId, allowedSigner.GroupOwner, allowedSigner.GroupName, groupCommitment.ToHexString(), blindingFactor.ToHexString());
SpDocument document = _dataAccessService.GetSpDocument(spId, documentId);
StatePersistency statePersistency = _executionContextManager.ResolveStateExecutionServices(spId);
statePersistency.TransactionsService.IssueDocumentRecord(document.Hash.HexStringToByteArray(), document.AllowedSigners.Select(s => s.GroupCommitment.HexStringToByteArray()).ToArray());
return(Ok(allowedSigner));
}
public IActionResult AddAllowedSigner(ulong documentId, [FromBody] AllowedSignerDto allowedSigner)
{
ulong accountId = ulong.Parse(User.Identity.Name, CultureInfo.InvariantCulture);
byte[] groupAssetId = _assetsService.GenerateAssetId(AttributeType.EmployeeGroup, allowedSigner.GroupOwner + allowedSigner.GroupName);
byte[] blindingFactor = ConfidentialAssetsHelper.GetRandomSeed();
byte[] groupCommitment = ConfidentialAssetsHelper.GetAssetCommitment(groupAssetId, blindingFactor);
allowedSigner.AllowedSignerId = _dataAccessService.AddSpDocumentAllowedSigner(accountId, documentId, allowedSigner.GroupOwner, allowedSigner.GroupName, groupCommitment.ToHexString(), blindingFactor.ToHexString());
SpDocument document = _dataAccessService.GetSpDocument(accountId, documentId);
StatePersistency statePersistency = _executionContextManager.ResolveStateExecutionServices(accountId);
statePersistency.TransactionsService.IssueDocumentRecord(document.Hash.HexStringToByteArray(), document.AllowedSigners.Select(s => s.GroupCommitment.HexStringToByteArray()).ToArray());
return(Ok(allowedSigner));
}
private void ProcessDocumentSignRequest(DocumentSignRequest packet)
{
_clientCryptoService.DecodeEcdhTuple(packet.EcdhTuple, packet.TransactionPublicKey, out byte[] groupNameBlindingFactor, out byte[] documentHash, out byte[] issuer, out byte[] payload);
string sessionKey = payload.ToHexString();
SpDocument spDocument = _dataAccessService.GetSpDocument(_accountId, documentHash.ToHexString());
if (spDocument == null)
{
_idenitiesHubContext.Clients.Group(sessionKey).SendAsync("PushDocumentNotFound");
}
bool isEligibilityCorrect = CheckEligibilityProofs(packet.AssetCommitment, packet.EligibilityProof, issuer);
if (!isEligibilityCorrect)
{
_idenitiesHubContext.Clients.Group(sessionKey).SendAsync("PushDocumentSignIncorrect", new { Code = 2, Message = "Eligibility proofs were wrong" }).Wait();
return;
}
if (!ConfidentialAssetsHelper.VerifySurjectionProof(packet.SignerGroupRelationProof, packet.AssetCommitment, documentHash, BitConverter.GetBytes(spDocument.LastChangeRecordHeight)))
{
_idenitiesHubContext.Clients.Group(sessionKey).SendAsync("PushDocumentSignIncorrect", new { Code = 2, Message = "Signer group relation proofs were wrong" }).Wait();
return;
}
SurjectionProof signatureGroupProof = null;
string groupIssuer = null;
foreach (var allowedSigner in spDocument.AllowedSigners)
{
byte[] groupAssetId = _assetsService.GenerateAssetId(AttributeType.EmployeeGroup, allowedSigner.GroupIssuer + allowedSigner.GroupName);
byte[] expectedGroupCommitment = ConfidentialAssetsHelper.GetAssetCommitment(groupAssetId, groupNameBlindingFactor);
if (packet.AllowedGroupCommitment.Equals32(expectedGroupCommitment))
{
byte[] groupCommitment = _gatewayService.GetEmployeeRecordGroup(allowedSigner.GroupIssuer.HexStringToByteArray(), packet.SignerGroupRelationProof.AssetCommitments[0]);
if (groupCommitment != null && ConfidentialAssetsHelper.VerifySurjectionProof(packet.AllowedGroupNameSurjectionProof, packet.AllowedGroupCommitment))
{
byte[] diffBF = ConfidentialAssetsHelper.GetDifferentialBlindingFactor(groupNameBlindingFactor, allowedSigner.BlindingFactor.HexStringToByteArray());
byte[][] commitments = spDocument.AllowedSigners.Select(s => s.GroupCommitment.HexStringToByteArray()).ToArray();
byte[] allowedGroupCommitment = allowedSigner.GroupCommitment.HexStringToByteArray();
int index = 0;
for (; index < commitments.Length; index++)
{
if (commitments[index].Equals32(allowedGroupCommitment))
{
break;
}
}
signatureGroupProof = ConfidentialAssetsHelper.CreateSurjectionProof(packet.AllowedGroupCommitment, commitments, index, diffBF);
groupIssuer = allowedSigner.GroupIssuer;
break;
}
}
}
if (signatureGroupProof == null)
{
_idenitiesHubContext.Clients.Group(sessionKey).SendAsync("PushDocumentSignIncorrect", new { Code = 2, Message = "Signer group relation proofs were wrong" }).Wait();
return;
}
_transactionsService.IssueDocumentSignRecord(documentHash, spDocument.LastChangeRecordHeight, packet.AssetCommitment, packet.SignerGroupRelationProof, packet.AllowedGroupCommitment, groupIssuer.HexStringToByteArray(), packet.AllowedGroupNameSurjectionProof, signatureGroupProof, out ulong signatureRecordHeight);
ulong signatureId = _dataAccessService.AddSpDocumentSignature(_accountId, spDocument.SpDocumentId, spDocument.LastChangeRecordHeight, signatureRecordHeight);
_idenitiesHubContext.Clients.Group(_accountId.ToString(CultureInfo.InvariantCulture))
.SendAsync("PushDocumentSignature",
new DocumentSignatureDto
{
DocumentId = spDocument.SpDocumentId,
DocumentHash = spDocument.Hash,
DocumentRecordHeight = spDocument.LastChangeRecordHeight,
SignatureRecordHeight = signatureRecordHeight
});
_idenitiesHubContext.Clients.Group(sessionKey)
.SendAsync("PushDocumentSignature",
new DocumentSignatureDto
{
DocumentId = spDocument.SpDocumentId,
DocumentHash = spDocument.Hash,
DocumentRecordHeight = spDocument.LastChangeRecordHeight,
SignatureRecordHeight = signatureRecordHeight
});
}
public IActionResult GetActionInfo([FromQuery] int actionType, [FromQuery] string publicKey, [FromQuery] string sessionKey, [FromQuery] string registrationKey)
{
Account spAccount = _accountsService.GetByPublicKey(publicKey.HexStringToByteArray());
bool isRegistered = false;
string extraInfo = null;
List <string> validityInfo = new List <string>();
string[] details = Array.Empty <string>();
// Onboarding & Login
if (actionType == 0)
{
ServiceProviderRegistration serviceProviderRegistration = _dataAccessService.GetServiceProviderRegistration(spAccount.AccountId, registrationKey.HexStringToByteArray());;
isRegistered = serviceProviderRegistration != null;
}
// Employee registration
else if (actionType == 1)
{
List <SpEmployee> spEmployees = _dataAccessService.GetSpEmployees(spAccount.AccountId, registrationKey);
extraInfo = "";
foreach (SpEmployee spEmployee in spEmployees)
{
if (!string.IsNullOrEmpty(extraInfo))
{
extraInfo += "/";
}
extraInfo += $"{spAccount.AccountInfo}|{spEmployee?.SpEmployeeGroup?.GroupName}|{!string.IsNullOrEmpty(spEmployee.RegistrationCommitment)}";
}
isRegistered = spEmployees.Count > 0;
}
// Document sign
else if (actionType == 2)
{
SpDocument spDocument = _dataAccessService.GetSpDocument(spAccount.AccountId, registrationKey);
if (spDocument != null)
{
isRegistered = true;
extraInfo = $"{spDocument.DocumentName}|{spDocument.Hash}|{spDocument.LastChangeRecordHeight}";
foreach (var allowedSigner in spDocument.AllowedSigners)
{
validityInfo.Add($"{allowedSigner.GroupIssuer};{allowedSigner.GroupName}");
}
}
}
if (actionType == 0 || actionType == 1)
{
IEnumerable <SpIdenitityValidation> spIdenitityValidations = _dataAccessService.GetSpIdenitityValidations(spAccount.AccountId);
if (spIdenitityValidations != null && spIdenitityValidations.Count() > 0)
{
IEnumerable <Tuple <AttributeType, string> > attributeDescriptions = _identityAttributesService.GetAssociatedAttributeTypes();
IEnumerable <Tuple <ValidationType, string> > validationDescriptions = _identityAttributesService.GetAssociatedValidationTypes();
List <string> validations = new List <string>();
foreach (SpIdenitityValidation spIdenitityValidation in spIdenitityValidations)
{
if (spIdenitityValidation.AttributeType != AttributeType.DateOfBirth)
{
validityInfo.Add(attributeDescriptions.FirstOrDefault(d => d.Item1 == spIdenitityValidation.AttributeType)?.Item2 ?? spIdenitityValidation.AttributeType.ToString());
}
else
{
validityInfo.Add(validationDescriptions.FirstOrDefault(d => d.Item1 == spIdenitityValidation.ValidationType)?.Item2 ?? spIdenitityValidation.ValidationType.ToString());
}
}
}
}
ServiceProviderActionAndValidationsDto serviceProviderActionAndValidations = new ServiceProviderActionAndValidationsDto
{
IsRegistered = isRegistered,
PublicKey = publicKey,
SessionKey = sessionKey,
ExtraInfo = extraInfo,
Validations = validityInfo
};
return(Ok(serviceProviderActionAndValidations));
}