} /* this simple sample uses a no op */
/// <summary>
/// Illustrate setting up a recovery rule more complex than "normal consumer"
/// mode, without the "normal consumer" shortcuts.
/// </summary>
/// <param name="newMember">newly-created member we are setting up</param>
/// <param name="tokenClient">SDK client</param>
/// <param name="agentAlias">Alias of recovery agent.</param>
public void SetUpComplexRecoveryRule(
TppMember newMember,
Tokenio.Tpp.TokenClient tokenClient,
Alias agentAlias)
{
// setUpComplex begin snippet to include in docs
// Someday in the future, this user might ask the recovery agent
// "Please tell Token that I am the member with ID m:12345678 ."
// While we're setting up this new member, we need to tell the
// recovery agent the new member ID so the agent can "remember" later.
TellRecoveryAgentMemberId(newMember.MemberId());
string agentId = tokenClient.GetMemberIdBlocking(agentAlias);
RecoveryRule recoveryRule = new RecoveryRule {
PrimaryAgent = agentId
};
// This example doesn't call .setSecondaryAgents ,
// but could have. If it had, then recovery would have
// required one secondary agent authorization along with
// the primary agent authorization.
newMember.AddRecoveryRuleBlocking(recoveryRule);
// setUpComplex done snippet to include in docs
}
/// <summary>
/// Illustrate recovery using a not-normal-"consumer mode" recovery agent.
/// </summary>
/// <param name="tokenClient">SDK client</param>
/// <param name="alias">Alias of member to recover</param>
/// <returns>recovered member</returns>
public TppMember RecoverWithComplexRule(
Tokenio.Tpp.TokenClient tokenClient,
Alias alias)
{
// complexRecovery begin snippet to include in docs
string memberId = tokenClient.GetMemberIdBlocking(alias);
ICryptoEngine cryptoEngine = new TokenCryptoEngine(memberId, new InMemoryKeyStore());
Key newKey = cryptoEngine.GenerateKey(Key.Types.Level.Privileged);
string verificationId = tokenClient.BeginRecoveryBlocking(alias);
MemberRecoveryOperation.Types.Authorization authorization = tokenClient.CreateRecoveryAuthorizationBlocking(
memberId,
newKey);
// ask recovery agent to verify that I really am this member
Signature agentSignature = getRecoveryAgentSignature(authorization);
// We have all the signed authorizations we need.
// (In this example, "all" is just one.)
MemberRecoveryOperation mro = new MemberRecoveryOperation
{
Authorization = authorization,
AgentSignature = agentSignature
};
TppMember recoveredMember = tokenClient.CompleteRecoveryBlocking(
memberId,
(new[] { mro }).ToList(),
newKey,
cryptoEngine);
// after recovery, aliases aren't verified
// In the real world, we'd prompt the user to enter the code emailed to them.
// Since our test member uses an auto-verify email address, any string will work,
// so we use "1thru6".
recoveredMember.VerifyAliasBlocking(verificationId, "1thru6");
// complexRecovery done snippet to include in docs
return(recoveredMember);
}
/// <summary>
/// Recover previously-created member, assuming they were
/// configured with a "normal consumer" recovery rule.
/// </summary>
/// <param name="tokenClient">SDK client</param>
/// <param name="alias">alias of member to recoverWithDefaultRule</param>
/// <returns>recovered member</returns>
public TppMember RecoverWithDefaultRule(Tokenio.Tpp.TokenClient tokenClient, Alias alias)
{
string verificationId = tokenClient.BeginRecoveryBlocking(alias);
// recoverWithDefault begin snippet to include in docs
string memberId = tokenClient.GetMemberIdBlocking(alias);
ICryptoEngine cryptoEngine = new TokenCryptoEngine(memberId, new InMemoryKeyStore());
// In the real world, we'd prompt the user to enter the code emailed to them.
// Since our test member uses an auto-verify email address, any string will work,
// so we use "1thru6".
TppMember recoveredMember = tokenClient.CompleteRecoveryWithDefaultRuleBlocking(
memberId,
verificationId,
"1thru6",
cryptoEngine);
// We can use the same verification code to re-claim this alias.
recoveredMember.VerifyAliasBlocking(verificationId, "1thru6");
// recoverWithDefault done snippet to include in docs
return(recoveredMember);
}