public string Authenticate([FromBody] AuthenticateParameter parameter)
{
var dto = this._mapper.Map <AuthenticateDto>(parameter);
var token = _userService.Authenticate(dto);
return(token);
}
public async Task <bool> Execute(string openidWellKnownConfiguration, AddDocumentParameter document, AuthenticateParameter authenticateParameter)
{
if (string.IsNullOrWhiteSpace(openidWellKnownConfiguration))
{
throw new ArgumentNullException(nameof(openidWellKnownConfiguration));
}
if (document == null)
{
throw new ArgumentNullException(nameof(document));
}
if (authenticateParameter == null)
{
throw new ArgumentNullException(nameof(authenticateParameter));
}
_addDocumentParameterValidator.Check(document);
var officeDocument = await _officeDocumentRepository.Get(document.Id);
if (officeDocument != null)
{
throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.OfficeDocumentExists);
}
var grantedToken = await _accessTokenStore.GetToken(authenticateParameter.WellKnownConfigurationUrl, authenticateParameter.ClientId, authenticateParameter.ClientSecret, new[] { "uma_protection" });
if (grantedToken == null || string.IsNullOrWhiteSpace(grantedToken.AccessToken))
{
throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.CannotRetrieveAccessToken);
}
var resource = await _identityServerUmaClientFactory.GetResourceSetClient().AddByResolution(new PostResourceSet
{
Name = $"officedocument_{document.Id}",
Scopes = Constants.DEFAULT_SCOPES.ToList()
}, authenticateParameter.WellKnownConfigurationUrl, grantedToken.AccessToken);
if (resource.ContainsError)
{
throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.CannotAddUmaResource);
}
var policy = await _identityServerUmaClientFactory.GetPolicyClient().AddByResolution(new PostPolicy
{
ResourceSetIds = new List <string> {
resource.Content.Id
},
Rules = new List <PostPolicyRule>
{
new PostPolicyRule
{
Claims = new List <PostClaim>
{
new PostClaim
{
Type = "sub",
Value = document.Subject
}
},
Scopes = Constants.DEFAULT_SCOPES.ToList(),
OpenIdProvider = openidWellKnownConfiguration
}
}
}, authenticateParameter.WellKnownConfigurationUrl, grantedToken.AccessToken);
if (policy.ContainsError)
{
throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.CannotAddUmaPolicy);
}
officeDocument = new OfficeDocumentAggregate
{
Id = document.Id,
Subject = document.Subject,
DisplayName = document.DisplayName,
UmaResourceId = resource.Content.Id,
UmaPolicyId = policy.Content.PolicyId,
};
if (!await _officeDocumentRepository.Add(officeDocument))
{
throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.CannotAddOfficeDocument);
}
return(true);
}
public Task <bool> ValidateConfirmationLink(string wellKnownConfiguration, ValidateConfirmationLinkParameter validateConfirmationLinkParameter, AuthenticateParameter authenticateParameter)
{
return(_validateConfirmationLinkAction.Execute(wellKnownConfiguration, validateConfirmationLinkParameter, authenticateParameter));
}
public async Task <bool> Execute(string wellKnownConfiguration, ValidateConfirmationLinkParameter validateConfirmationLinkParameter, AuthenticateParameter authenticateParameter)
{
if (string.IsNullOrWhiteSpace(wellKnownConfiguration))
{
throw new ArgumentNullException(nameof(wellKnownConfiguration));
}
_validateConfirmationLinkParameterValidator.Check(validateConfirmationLinkParameter);
var confirmationLink = await _officeDocumentConfirmationLinkStore.Get(validateConfirmationLinkParameter.ConfirmationCode);
if (confirmationLink == null)
{
throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.TheConfirmationCodeIsNotValid);
}
CheckConfirmationLink(confirmationLink);
var officeDocument = await _officeDocumentRepository.Get(confirmationLink.DocumentId);
if (officeDocument == null)
{
throw new DocumentNotFoundException();
}
if (string.IsNullOrWhiteSpace(officeDocument.UmaResourceId))
{
throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.NoUmaResource);
}
if (string.IsNullOrWhiteSpace(officeDocument.UmaPolicyId))
{
throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.NoUmaPolicy);
}
var grantedToken = await _tokenStore.GetToken(authenticateParameter.WellKnownConfigurationUrl, authenticateParameter.ClientId, authenticateParameter.ClientSecret, new[] { "uma_protection" });
if (grantedToken == null || string.IsNullOrWhiteSpace(grantedToken.AccessToken))
{
throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.CannotRetrieveAccessToken);
}
var policy = await _identityServerUmaClientFactory.GetPolicyClient().GetByResolution(officeDocument.UmaPolicyId, authenticateParameter.WellKnownConfigurationUrl, grantedToken.AccessToken);
if (policy.ContainsError)
{
throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.UmaPolicyDoesntExist);
}
var putPolicyRules = new List <PutPolicyRule>();
if (policy.Content.Rules != null)
{
foreach (var rule in policy.Content.Rules)
{
putPolicyRules.Add(new PutPolicyRule
{
Id = rule.Id,
Claims = rule.Claims,
ClientIdsAllowed = rule.ClientIdsAllowed,
OpenIdProvider = rule.OpenIdProvider,
Scopes = rule.Scopes
});
}
}
if (!putPolicyRules.Any(p => p.Claims != null && p.Claims.Any(c => c.Type == "sub" && c.Value == validateConfirmationLinkParameter.Subject)))
{
putPolicyRules.Add(new PutPolicyRule
{
Claims = new List <PostClaim>
{
new PostClaim
{
Type = "sub",
Value = validateConfirmationLinkParameter.Subject
}
},
OpenIdProvider = wellKnownConfiguration,
Scopes = Constants.DEFAULT_SCOPES.ToList()
});
}
var updatedResult = await _identityServerUmaClientFactory.GetPolicyClient().UpdateByResolution(new PutPolicy
{
PolicyId = policy.Content.Id,
Rules = putPolicyRules
}, authenticateParameter.WellKnownConfigurationUrl, grantedToken.AccessToken);
if (updatedResult.ContainsError)
{
throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.UmaPolicyCannotBeUpdated);
}
// TODO : DECREASE THE NUMBER OF CONFIRMATION LINKS
await UseConfirmationLink(confirmationLink);
return(true);
}
public Task <IEnumerable <OfficeDocumentPermissionResponse> > GetPermissions(string documentId, string subject, AuthenticateParameter authenticateParameter)
{
return(_getOfficeDocumentPermissionsAction.Execute(documentId, subject, authenticateParameter));
}
public Task <DecryptedResponse> Decrypt(DecryptOfficeDocumentParameter decryptOfficeDocumentParameter, string accessToken, AuthenticateParameter authenticateParameter)
{
return(_decryptOfficeDocumentAction.Execute(decryptOfficeDocumentParameter, accessToken, authenticateParameter));
}
public Task <bool> Add(string openidWellKnownConfiguration, AddDocumentParameter document, AuthenticateParameter authenticateParameter)
{
return(_addOfficeDocumentAction.Execute(openidWellKnownConfiguration, document, authenticateParameter));
}
public async Task <IEnumerable <OfficeDocumentPermissionResponse> > Execute(string documentId, string subject, AuthenticateParameter authenticateParameter)
{
if (string.IsNullOrWhiteSpace(subject))
{
throw new BaseDocumentManagementApiException(ErrorCodes.InvalidRequest, ErrorDescriptions.SubjectIsMissing);
}
var officeDocument = await _getOfficeDocumentAction.Execute(documentId);
if (officeDocument.Subject != subject)
{
throw new NotAuthorizedException(ErrorCodes.Authorization, ErrorDescriptions.NotAuthorized);
}
var grantedToken = await _accessTokenStore.GetToken(authenticateParameter.WellKnownConfigurationUrl, authenticateParameter.ClientId, authenticateParameter.ClientSecret, new[] { "uma_protection" });
if (grantedToken == null || string.IsNullOrWhiteSpace(grantedToken.AccessToken))
{
throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.CannotRetrieveAccessToken);
}
var policy = await _identityServerUmaClientFactory.GetPolicyClient().GetByResolution(officeDocument.UmaPolicyId, authenticateParameter.WellKnownConfigurationUrl, grantedToken.AccessToken);
if (policy.ContainsError)
{
throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.CannotGetUmaPolicy);
}
var result = new List <OfficeDocumentPermissionResponse>();
if (policy.Content != null && policy.Content.Rules != null)
{
foreach (var rule in policy.Content.Rules)
{
if (rule.Claims != null)
{
foreach (var claim in rule.Claims.Where(c => c.Type == "sub"))
{
result.Add(new OfficeDocumentPermissionResponse
{
UserSubject = claim.Value
});
}
}
}
}
return(result);
}
public async Task <DecryptedResponse> Execute(DecryptOfficeDocumentParameter decryptOfficeDocumentParameter, string accessToken, AuthenticateParameter authenticateParameter)
{
if (decryptOfficeDocumentParameter == null)
{
throw new ArgumentNullException(nameof(decryptOfficeDocumentParameter));
}
if (authenticateParameter == null)
{
throw new ArgumentNullException(nameof(authenticateParameter));
}
_decryptOfficeDocumentParameterValidator.Check(decryptOfficeDocumentParameter);
await _getOfficeDocumentAction.Execute(decryptOfficeDocumentParameter.DocumentId);
var jsonWebKey = await _jsonWebKeyRepository.Get(decryptOfficeDocumentParameter.Kid);
if (jsonWebKey == null)
{
throw new BaseDocumentManagementApiException(ErrorCodes.InvalidRequest, string.Format(ErrorDescriptions.TheJsonWebKeyDoesntExist, decryptOfficeDocumentParameter.Kid));
}
var payload = Convert.FromBase64String(decryptOfficeDocumentParameter.Credentials);
byte[] decryptedPayload = null;
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
using (var provider = new RSACryptoServiceProvider())
{
provider.FromXmlStringCore(jsonWebKey.SerializedKey);
decryptedPayload = provider.Decrypt(payload, true);
}
}
else
{
using (var rsa = new RSAOpenSsl())
{
rsa.FromXmlString(jsonWebKey.SerializedKey);
decryptedPayload = rsa.Decrypt(payload, RSAEncryptionPadding.OaepSHA1);
}
}
var decryptedContent = Encoding.UTF8.GetString(decryptedPayload);
var splitted = decryptedContent.Split('.');
return(new DecryptedResponse
{
Password = splitted[0],
Salt = splitted[1]
});
}
