public void CryptoRandomizer_BasicUsage()
{
CryptoRandomizer randomizer = new CryptoRandomizer();
int blockSize = 20000;
int iterations = 50000;
for (int i = 0; i < iterations; i++)
{
// Get some random bytes
byte[] bytes = new byte[blockSize];
randomizer.GetBytes(bytes);
Assert.IsTrue(bytes.Length == blockSize);
// Get Random Int
int randomInt = randomizer.Next();
// Not really testible
// Get Random Int less than 5
int randomIntLess5 = randomizer.Next(5);
Assert.IsTrue(randomIntLess5 < 5);
// Get Random Int between 1000 - 2000
int randomIntBetween1000And1500 = randomizer.Next(1000, 2000);
Assert.IsTrue(randomIntBetween1000And1500 > 999 && randomIntBetween1000And1500 < 20001);
double randomDouble = randomizer.NextDouble();
// Not really testible
}
}
private async Task <TokenAndClaimsPrincipal> CreateShortTokenAsync(
User user, string lat2r, string lat2, long sessionId)
{
List <Claim> claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
new Claim(TokenClaimNames.LongToken2Ran, lat2r),
new Claim(JwtRegisteredClaimNames.Jti,
CryptoRandomizer.GetRandomString(DbColumnSizes.BlackListShortToken_TokenId))
};
var roleNames = await userManager.GetRolesAsync(user);
foreach (var role in roleNames)
{
claims.Add(new Claim(ClaimTypes.Role, role));
}
var expiration = DateTime.UtcNow.AddMinutes(jwtOptions.ShortTokenLiveTimeMinutes);
var token = new JwtSecurityToken(
claims: claims.ToArray(),
expires: expiration);
var claimsIdentity = new ClaimsIdentity(claims, "JwtShortToken");
var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
return(new TokenAndClaimsPrincipal
{
ClaimsPrincipal = new SunClaimsPrincipal(claimsPrincipal, rolesCache, sessionId, lat2),
Token = cryptService.Crypt(CipherSecrets.ShortJwt, token.Payload.SerializeToJson()),
Expiration = expiration
});
}
private string CreateLong2AuthToken(LongSession longSession, out string lat2r)
{
var key = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(jwtOptions.LongJwtSecurityKey));
var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256Signature);
lat2r = CryptoRandomizer.GetRandomString(10);
List <Claim> claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, longSession.UserId.ToString()),
new Claim(TokenClaimNames.LongToken2Ran, lat2r),
new Claim(TokenClaimNames.LongToken2Db, longSession.LongToken2),
new Claim(TokenClaimNames.SessionId, longSession.Id.ToString())
};
var token = new JwtSecurityToken(
issuer: jwtOptions.Issuer,
audience: jwtOptions.Issuer,
claims: claims.ToArray(),
expires: longSession.ExpirationDate,
signingCredentials: credentials);
return(new JwtSecurityTokenHandler().WriteToken(token));
}
private string GetRandomDirName(List <DirectoryInfo> directories)
{
CryptoRandomizer randomizer = new CryptoRandomizer();
int index = randomizer.Next(0, directories.Count);
return(directories[index].FullName);
}
public void SymmetricEncryptor_HeavyUsage()
{
CryptoRandomizer random = new CryptoRandomizer();
const int Iterations = 100;
const int MaxMemoryBlock = 100000;
for (int i = 0; i < Iterations; i++)
{
int blockSize = random.Next(MaxMemoryBlock);
byte[] buffer = new ByteGenerator().GenerateBytes(blockSize);
string key = CryptoString.GenerateRandomText(1000);
byte[] decryptedBuffer;
byte[] encryptedBuffer;
using (SymmetricEncryptor encryptor = new SymmetricEncryptor())
{
//Encrypt
encryptedBuffer = encryptor.EncryptBytes(buffer, key);
// Decrypt
decryptedBuffer = encryptor.DecryptBytes(encryptedBuffer, key);
} // IDispose - Closes and clears the keys in memory
// Assert - Check to make sure the bytes are all the same
Assert.IsTrue(buffer.SequenceEqual(decryptedBuffer));
}
}
public async Task <SunClaimsPrincipal> RenewSecurityTokensAsync(HttpResponse response, User user,
LongSession longSession = null)
{
void GenerateTokens(LongSession longSession1)
{
longSession1.LongToken1 = CryptoRandomizer.GetRandomString(LongSession.LongToken1Length);
longSession1.LongToken2 = CryptoRandomizer.GetRandomString(LongSession.LongToken2Length);
longSession1.ExpirationDate = DateTime.UtcNow.AddDays(jwtOptions.LongTokenLiveTimeDays);
}
if (longSession == null)
{
longSession = new LongSession
{
UserId = user.Id,
DeviceInfo = ""
};
GenerateTokens(longSession);
longSession.Id = await db.InsertWithInt64IdentityAsync(longSession);
}
else
{
GenerateTokens(longSession);
await db.UpdateAsync(longSession);
}
var lat2Token = CreateLong2AuthToken(longSession, out string lat2r);
response.Cookies.Append(
TokenClaimNames.LongToken2CoockiName,
lat2Token,
new CookieOptions
{
Path = "/",
HttpOnly = true,
IsEssential = true,
Expires = longSession.ExpirationDate
}
);
TokenAndClaimsPrincipal tokenAndClaimsPrincipal =
await GenerateShortAuthTokenAsync(user, lat2r, longSession.LongToken2, longSession.Id);
string json = JsonConvert.SerializeObject(new
{
LongToken = new
{
Token = longSession.LongToken1,
Expiration = longSession.ExpirationDate.ToInvariantString()
},
ShortToken = tokenAndClaimsPrincipal.Token
}, jsonSerializerSettings);
response.Headers.Add(Headers.TokensHeaderName, json);
return(tokenAndClaimsPrincipal.ClaimsPrincipal);
}
public string MakeCaptchaToken()
{
var token = CryptoRandomizer.GetRandomString(64);
var answer = GenerateCaptchaText();
captchaCacheService.Cache(token, answer);
return(token);
}
public FileAndDir GetNewImageNameAndDir(string ext)
{
var cid = CryptoRandomizer.GetRandomString(
DbColumnSizes.FileNameWithDirSize -
8); // Why -8. 4 needed for directory start "123/", and 4 needed for extension ".jpg"
byte[] bites = Encoding.UTF8.GetBytes(cid);
return(new FileAndDir(cid + ext, bites[0].ToString()));
}
public void Crypt()
{
string dataToCrypt = CryptoRandomizer.GenerateSecurityKey(16).ToUrlSafeBase64();
rsaCypherMock = new Mock <IRsaCypher>();
rsaCypherMock.Setup(x => x.GenerateKeys()).Returns <(string, string)>(result => result);
var keys = rsaCypherMock.Object.GenerateKeys();
string cryptedText = rsaCypherMock.Object.Crypt(keys.publicKey, dataToCrypt);
string decryptedText = rsaCypherMock.Object.Decrypt(keys.privateKey, cryptedText);
Assert.Equal(decryptedText, dataToCrypt);
}
public async Task <string> GenereteEmailToken(User user)
{
var claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, user.Id),
new Claim(JwtRegisteredClaimNames.Email, user.Email),
new Claim(JwtRegisteredClaimNames.Jti, CryptoRandomizer.GetRandomString(16)),
};
var token = new JwtSecurityToken(
claims: claims,
expires: DateTime.Now.AddDays(TokenParameters.EmailTokenLifeTime));
var cryptedToken = await crypt.Crypt(EmailCypherNameId, token.Payload.SerializeToJson());
return(cryptedToken);
}
public virtual string GenerateChangeEmailToken(User user, string email)
{
List <Claim> claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
new Claim(JwtRegisteredClaimNames.Email, email),
new Claim(JwtRegisteredClaimNames.Jti, CryptoRandomizer.GetRandomString(16))
};
var token = new JwtSecurityToken(
claims: claims.ToArray(),
expires: DateTime.UtcNow.AddDays(3));
cryptService.Crypt(CipherSecrets.EmailChange, token.Payload.SerializeToJson());
return(new JwtSecurityTokenHandler().WriteToken(token));
}
private string CreateLong2Token(LongSession longSession, out string lat2r)
{
lat2r = CryptoRandomizer.GetRandomString(10);
List <Claim> claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, longSession.UserId.ToString()),
new Claim(TokenClaimNames.LongToken2Ran, lat2r),
new Claim(TokenClaimNames.LongToken2Db, longSession.LongToken2),
new Claim(TokenClaimNames.SessionId, longSession.Id.ToString())
};
var token = new JwtSecurityToken(
claims: claims.ToArray(),
expires: longSession.ExpirationDate);
return(cryptService.Crypt(CipherSecrets.Long2Jwt, token.Payload.SerializeToJson()));
}
public async Task <IActionResult> SignUpAsync([FromForm] RegisterModel model)
{
try
{
var longSession = CryptoRandomizer.GetRandomString(32);
var fingerPrint = authService.GetFingerPrint(HttpUtilities.GetDataFromHeaders(HttpContext, HttpConstants.UserAgentHeaderName), longSession);
var registerResult = await authService.RegisterAsync(model.UserName, model.Email, model.Password, fingerPrint, longSession);
authService.MakeLongSessionCookies(registerResult.RefreshToken);
return(Json(registerResult));
}
catch (ApiError infoExcetpion)
{
return(Unauthorized(infoExcetpion.ex.Description));
}
}
public virtual string GenerateChangeEmailToken(User user, string email)
{
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtOptions.SecurityKeyEmailChange));
var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256Signature);
List <Claim> claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
new Claim(JwtRegisteredClaimNames.Email, email),
new Claim(JwtRegisteredClaimNames.Jti, CryptoRandomizer.GetRandomString(16))
};
var token = new JwtSecurityToken(
issuer: jwtOptions.Issuer,
audience: jwtOptions.Issuer,
claims: claims.ToArray(),
expires: DateTime.Now.AddDays(3),
signingCredentials: credentials);
return(new JwtSecurityTokenHandler().WriteToken(token));
}
public string GenereteJwtToken(string userName, IdentityUser user, List <string> roles)
{
var claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, user.Id),
new Claim(ClaimsIdentity.DefaultNameClaimType, userName),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(CommonConstants.UniqueClaimName, CryptoRandomizer.GetRandomString(16))
};
foreach (string role in roles)
{
claims.Add(new Claim(ClaimsIdentity.DefaultRoleClaimType, role));
}
var signInCreditials = new SigningCredentials(signInEncodingKey.GetKey(),
signInEncodingKey.SignInAlgorithm);
var encryptedCreditials = new EncryptingCredentials(jwtEncryptionEncodingKey.GetKey(),
jwtEncryptionEncodingKey.SigningAlgorithm,
jwtEncryptionEncodingKey.EncryptingAlgorithm);
var expires = DateTime.Now.AddMinutes(Convert.ToDouble(tokenLifeTimeOptions.Value.AccessTokenLifeTime));
var now = DateTime.UtcNow;
var token = new JwtSecurityTokenHandler().CreateJwtSecurityToken(
authOptions.Value.Issuer,
authOptions.Value.Audience,
notBefore: now,
subject: new ClaimsIdentity(claims),
expires: expires,
issuedAt: DateTime.Now,
signingCredentials: signInCreditials,
encryptingCredentials: encryptedCreditials
);
return(new JwtSecurityTokenHandler().WriteToken(token));
}
private async Task <TokenAndClaimsPrincipal> GenerateShortAuthTokenAsync(User user, string lat2r, string lat2, long sessionId)
{
// Generate and issue a JWT token
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtOptions.ShortJwtSecurityKey));
var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256Signature);
List <Claim> claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
new Claim(ClaimTypes.Name, user.UserName),
new Claim(TokenClaimNames.LongToken2Ran, lat2r),
new Claim(JwtRegisteredClaimNames.Jti, CryptoRandomizer.GetRandomString(DbColumnSizes.BlackListShortToken_TokenId))
};
var roleNames = await userManager.GetRolesAsync(user);
foreach (var role in roleNames)
{
claims.Add(new Claim(ClaimTypes.Role, role));
}
var token = new JwtSecurityToken(
issuer: jwtOptions.Issuer,
audience: jwtOptions.Issuer,
claims: claims.ToArray(),
expires: DateTime.UtcNow.AddMinutes(jwtOptions.ShortTokenLiveTimeMinutes),
signingCredentials: credentials);
var claimsIdentity = new ClaimsIdentity(claims, "JwtShortToken");
var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
return(new TokenAndClaimsPrincipal
{
ClaimsPrincipal = new SunClaimsPrincipal(claimsPrincipal, rolesCache, sessionId, lat2),
Token = new JwtSecurityTokenHandler().WriteToken(token)
});
}
private string GenerateCaptchaText()
{
return(CryptoRandomizer.GetRandomInt(10000, 999999).ToString());
}
protected override void OnModelCreating(ModelBuilder modelBuilder)
{
base.OnModelCreating(modelBuilder);
modelBuilder.Entity <LongSession>().HasKey(x => x.Id);
modelBuilder.Entity <Cypher>().HasKey(x => x.Id);
modelBuilder.Entity <StrongKey>().HasKey(x => x.Id);
modelBuilder.Entity <Picture>().HasKey(x => x.Id);
modelBuilder.Entity <Message>().HasKey(x => x.Id);
modelBuilder.Entity <PushTask>().HasKey(x => x.Id);
modelBuilder.Entity <City>().HasKey(x => x.Id);
modelBuilder.Entity <Country>().HasKey(x => x.Id);
modelBuilder.Entity <Like>().HasKey(x => x.Id);
modelBuilder.Entity <Profile>().HasKey(x => x.Id);
modelBuilder.Entity <Visit>().HasKey(x => x.Id);
modelBuilder.Entity <UserPair>().HasKey(x => x.Id);
modelBuilder.Entity <Cordinate>().HasKey(x => x.Id);
modelBuilder.Entity <RsaKey>().HasKey(x => x.Id);
modelBuilder.Entity <UserAccount>().HasKey(x => x.Id);
modelBuilder.Entity <UserToken>().HasKey(x => x.Id);
modelBuilder.Entity <Session>().HasKey(x => x.Id);
modelBuilder.Entity <Connection>().HasKey(x => x.Id);
modelBuilder.Entity <Dialog>().HasKey(x => x.Id);
modelBuilder.Entity <AccountingComment>().HasKey(x => x.Id);
modelBuilder.Entity <Flow>().HasKey(x => x.Id);
modelBuilder.Entity <AccountingPlan>().HasKey(x => x.Id);
modelBuilder.Entity <AccountingRecord>().HasKey(x => x.Id);
modelBuilder.Entity <LongSession>()
.HasOne(x => x.User)
.WithMany(x => x.LongSessions);
modelBuilder.Entity <Message>()
.HasOne(x => x.Cypher);
modelBuilder.Entity <PushTask>()
.HasOne(x => x.User)
.WithMany(x => x.PushTasks);
modelBuilder.Entity <City>()
.HasOne(x => x.Country)
.WithMany(x => x.Cities);
modelBuilder.Entity <Like>()
.HasOne(x => x.User)
.WithMany(x => x.Likes);
modelBuilder.Entity <Visit>()
.HasOne(x => x.User)
.WithMany(x => x.Visits);
modelBuilder.Entity <Picture>()
.HasOne(x => x.User)
.WithMany(x => x.Pictures);
modelBuilder.Entity <Message>()
.HasOne(x => x.Cypher);
modelBuilder.Entity <Profile>()
.HasMany(x => x.Characters)
.WithOne(x => x.Profile);
modelBuilder.Entity <Profile>()
.HasOne(x => x.User)
.WithOne(x => x.Profile)
.HasForeignKey <Profile>(x => x.UserId);
modelBuilder.Entity <Profile>()
.HasOne(x => x.Country)
.WithMany(x => x.Profiles);
modelBuilder.Entity <City>()
.HasMany(x => x.Profiles)
.WithOne(x => x.City);
modelBuilder.Entity <Cordinate>()
.HasOne(x => x.User)
.WithMany(x => x.Cordinates);
modelBuilder.Entity <RsaKey>()
.HasOne(x => x.User)
.WithMany(x => x.RsaKeys);
modelBuilder.Entity <User>()
.HasMany(x => x.UserTokens)
.WithOne(x => x.User);
modelBuilder.Entity <User>()
.HasMany(x => x.Sessions)
.WithOne(x => x.User);
modelBuilder.Entity <User>()
.HasMany(x => x.Sessions)
.WithOne(x => x.User);
modelBuilder.Entity <StrongKey>()
.HasOne(x => x.Cypher);
modelBuilder.Entity <StrongKey>()
.HasOne(x => x.User)
.WithOne(x => x.StrongKey)
.HasForeignKey <StrongKey>(x => x.UserId);
modelBuilder.Entity <AccountingRecord>()
.HasOne(x => x.User)
.WithMany(x => x.AccountingRecords);
modelBuilder.Entity <LongSession>().HasIndex(x => x.UserId);
modelBuilder.Entity <Message>().HasIndex(x => new { x.ReceiverId, x.SenderId });
modelBuilder.Entity <PushTask>().HasIndex(x => x.UserId);
modelBuilder.Entity <Like>().HasIndex(x => x.UserId);
modelBuilder.Entity <Visit>().HasIndex(x => x.UserId);
modelBuilder.Entity <Profile>().HasIndex(x => x.UserId);
modelBuilder.Entity <UserPair>().HasIndex(x => new { x.UserId1, x.UserId2 });
modelBuilder.Entity <Message>().HasIndex(x => x.MessageId);
modelBuilder.Entity <IdentityRole>().HasData(new IdentityRole[]
{
new IdentityRole()
{
Name = "User",
NormalizedName = "USER"
},
new IdentityRole()
{
Name = "Admin",
NormalizedName = "ADMIN"
},
new IdentityRole()
{
Name = "ProtocoledUsers",
NormalizedName = "PROTOCOLEDUSERS"
}
});
modelBuilder.Entity <Cypher>().HasData(new Cypher[]
{
new Cypher()
{
Id = 1,
Secret = CryptoRandomizer.GenerateSecurityKey(32)
}
});
modelBuilder.Entity <UserAccount>().HasData(new UserAccount[]
{
new UserAccount()
{
Id = "1",
Login = "******",
Password = "******"
},
new UserAccount()
{
Id = "2",
Login = "******",
Password = "******"
}
});
modelBuilder.Entity <AccountingPlan>().HasData(AccountingInitializers.GetAccountingsPlan());
}
public async Task <CreateFirstMessangerSessionResponse> MakeFirstSessionAsync(CreateMessangerSessionRequest model,
string userId,
string sessionId)
{
var savedSessions = await sessionProvider.GetModelBySearchPredicate(x => x.SessionId == sessionId &&
x.UserId == userId);
if (savedSessions != null)
{
throw new ApiError(new ServerException("This session is alredy exist"));
}
var serverKeys = rsaCypher.GenerateKeys();
var user = await userManager.Users.FirstOrDefaultAsync(x => x.Id == userId);
var serverSession = new Session()
{
ClientPublicKey = model.PublicKey,
ServerPrivateKey = serverKeys.privateKey,
ServerPublicKey = serverKeys.publicKey,
SessionId = sessionId,
UserId = userId
};
var savedStrongKey = await strongKeyProvider.GetModelBySearchPredicate(x => x.UserId == userId);
if (savedStrongKey != null)
{
var savedCypher = await cypherProvider.GetModelBySearchPredicate(x => x.Id == savedStrongKey.CypherId);
await sessionProvider.CreateOrUpdateAsync(serverSession);
return(new CreateFirstMessangerSessionResponse()
{
ServerPublicKey = serverKeys.publicKey,
CryptedAes = rsaCypher.Crypt(model.PublicKey, savedCypher.Secret.ToUrlSafeBase64())
});
}
else
{
await using (var transaction = await transactionProvider.BeginTransactionAsync())
{
try
{
await sessionProvider.CreateOrUpdateAsync(serverSession);
var savedRole = await roleManager.Roles.FirstOrDefaultAsync(x => x.Name == "ProtocoledUsers");
await userManager.AddToRoleAsync(user, savedRole.Name);
byte[] strongKey = CryptoRandomizer.GenerateSecurityKey(16);
var cypher = await cypherProvider.CreateOrUpdateAsync(new Cypher()
{
Secret = strongKey
});
var key = await strongKeyProvider.CreateOrUpdateAsync(new StrongKey()
{
CypherId = cypher.Id,
UserId = user.Id
});
string strongKeyToCrypt = strongKey.ToUrlSafeBase64();
string cryptedAesKey = rsaCypher.Crypt(model.PublicKey, strongKeyToCrypt);
await transaction.CommitAsync();
return(new CreateFirstMessangerSessionResponse()
{
ServerPublicKey = serverKeys.publicKey,
CryptedAes = cryptedAesKey
});
}
catch (Exception ex)
{
await transaction.RollbackAsync();
throw new ApiError(new ServerException(ex.Message));
}
}
}
}
public string GenerateAesKey()
{
var result = CryptoRandomizer.GenerateSecurityKey(32);
return(result.ToUrlSafeBase64());
}
public async Task <SunClaimsPrincipal> RenewSecurityTokensAsync(
HttpContext httpContext,
User user,
LongSession longSession = null)
{
void GenerateTokens(LongSession longSession1)
{
longSession1.LongToken1 = CryptoRandomizer.GetRandomString(LongSession.LongToken1Length);
longSession1.LongToken2 = CryptoRandomizer.GetRandomString(LongSession.LongToken2Length);
longSession1.ExpirationDate = DateTime.UtcNow.AddDays(jweOptions.CurrentValue.LongTokenLiveTimeDays);
httpContext.Request.Headers.TryGetValue("User-Agent", out var userAgent);
longSession1.DeviceInfo = Parser.GetDefault()?.Parse(userAgent.ToString() ?? "")?.ToString() ?? "";
longSession1.UpdateDate = DateTime.UtcNow;
}
if (longSession == null)
{
longSession = new LongSession
{
UserId = user.Id
};
GenerateTokens(longSession);
longSession.Id = await db.InsertWithInt64IdentityAsync(longSession);
}
else
{
GenerateTokens(longSession);
await db.UpdateAsync(longSession);
}
var lat2Token = CreateLong2Token(longSession, out string lat2r);
httpContext.Response.Cookies.Append(
TokenClaimNames.LongToken2CoockiName,
lat2Token,
new CookieOptions
{
Path = "/",
HttpOnly = true,
Secure = globalOptions.CurrentValue.IsHttps,
IsEssential = true,
SameSite = SameSiteMode.Strict,
Expires = longSession.ExpirationDate
}
);
TokenAndClaimsPrincipal tokenAndClaimsPrincipal =
await CreateShortTokenAsync(user, lat2r, longSession.LongToken2, longSession.Id);
string json = JsonSerializer.Serialize(new
{
LongToken = longSession.LongToken1,
ShortToken = tokenAndClaimsPrincipal.Token,
ShortTokenExpiration = tokenAndClaimsPrincipal.Expiration
}, SunJson.DefaultJsonSerializerOptions);
httpContext.Response.Headers.Add(Headers.TokensHeaderName, json);
return(tokenAndClaimsPrincipal.ClaimsPrincipal);
}
