private bool VerifyOTP(SoftTokenRegistrationRequest request, SoftTokenRegistrationResponse response, TransactionHeader transactionHeader, VpUser user)
{
using (VeriBranchDataEntities dataEntities = new VeriBranchDataEntities())
{
VpOtpHistory OTPHistory = dataEntities.VpOtpHistory.Where(obj => obj.UserID == user.ID).OrderByDescending(obj => obj.ID).FirstOrDefault();
var hashedOTP = HashHelper.Hash(request.OTP, string.Empty, HashTypeEnum.Md5);
if (OTPHistory != null && OTPHistory.OTP == hashedOTP)
{
return(false);
}
else
{
return(true);
}
}
}
public void Execute(object requestMessage, ref object responseMessage, TransactionHeader transactionHeader)
{
long userID = transactionHeader.Customer.UserId;
SoftTokenSelectAuthenticationRequest request = requestMessage as SoftTokenSelectAuthenticationRequest;
SoftTokenSelectAuthenticationResponse response = responseMessage as SoftTokenSelectAuthenticationResponse;
VpOtpHistory otpHistory = null;
string password = request.Password;
try
{
using (VeriBranchDataEntities context = new VeriBranchDataEntities())
{
otpHistory = context.VpOtpHistory.Where(obj => obj.UserID == userID).OrderByDescending(obj => obj.ID).FirstOrDefault();
if (otpHistory != null)
{
string decryptedOTP = string.Empty;
if (ConfigurationParametersPresenter.GetParameter(LoginConstants.FlowItemType.OTPEncryptionEnabledKey) != null)
{
// these must be replaced by fetching certificate from store
string privateKey = Convert.ToString(ConfigurationParametersPresenter.GetParameter(LoginConstants.FlowItemType.EncryptionPrivateKey));
int keySize = Convert.ToInt32(ConfigurationParametersPresenter.GetParameter(LoginConstants.FlowItemType.EncryptionKeySizeKey));
decryptedOTP = Encryption.DecryptString(otpHistory.EncryptedOTP, privateKey);
}
if (decryptedOTP == password)
{
response.Status = true;
}
}
}
}
catch (Exception ex)
{
response.Status = false;
}
}
public void Execute(object requestMessage, ref object responseMessage, TransactionHeader transactionHeader)
{
GenerateSoftTokenRequest request = requestMessage as GenerateSoftTokenRequest;
GenerateSoftTokenResponse response = responseMessage as GenerateSoftTokenResponse;
VpOtpHistory otpHistory = null;
string hashedPassword = string.Empty;
using (VeriBranchDataEntities context = new VeriBranchDataEntities())
{
var device = context.VpOtpDevice.Where(obj => obj.SerialNumber == request.DeviceId).FirstOrDefault();
if (device == null)
{
throw new VPBusinessException("DeviceNotExistException");
}
long userId = Convert.ToInt32(device.CreateBy);
if (!string.IsNullOrEmpty(request.Password))
{
hashedPassword = HashHelper.Hash(request.Password, string.Empty, HashTypeEnum.Md5);
if (context.VPSoftTokenRegistration.Where(obj => obj.UserId == userId && obj.Password == hashedPassword).FirstOrDefault() != null)
{
otpHistory = context.VpOtpHistory.Where(obj => obj.UserID == userId && obj.ExpireTime >= DateTime.Now).OrderByDescending(obj => obj.ID).FirstOrDefault();
}
else
{
throw new VPBusinessException("WrongPassword");
}
}
else if (string.IsNullOrEmpty(request.Password) && request.IsAuthenticatedWithFingerPrint)
{
string autoPass = request.DeviceId + "true" + request.DeviceId; // 1 because AutoPassword should have set IsAuthenticatedWithFingerPrint
if (autoPass.Equals(request.AutoPassword))
{
otpHistory = context.VpOtpHistory.Where(obj => obj.UserID == userId && obj.ExpireTime >= DateTime.Now).OrderByDescending(obj => obj.ID).FirstOrDefault();
}
else
{
throw new VPBusinessException("WrongPassword");
}
}
else
{
throw new VPBusinessException("WrongPassword");
}
}
if (otpHistory != null || string.IsNullOrEmpty(otpHistory.EncryptedOTP))
{
string decryptedOTP = string.Empty;
if (ConfigurationParametersPresenter.GetParameter(LoginConstants.FlowItemType.OTPEncryptionEnabledKey) != null)
{
// these must be replaced by fetching certificate from store
string privateKey = Convert.ToString(ConfigurationParametersPresenter.GetParameter(LoginConstants.FlowItemType.EncryptionPrivateKey));
int keySize = Convert.ToInt32(ConfigurationParametersPresenter.GetParameter(LoginConstants.FlowItemType.EncryptionKeySizeKey));
decryptedOTP = Encryption.DecryptString(otpHistory.EncryptedOTP, privateKey);
}
response.OTP = decryptedOTP;
}
else
{
response.OTP = VeriBranch.Utilities.ConfigurationUtilities.ResourceHelper.GetGeneralMessage("NoOTPAvailable");
}
}
