/// <summary>
/// Creates authenticated client backed by the specified channel. The supplied
/// signer is used to authenticate the caller for every call.
/// </summary>
/// <param name="channel">the RPC channel to use</param>
/// <param name="memberId">the member id</param>
/// <param name="crypto">the engine to use for signing requests, tokens, etc</param>
/// <returns>the created client</returns>
public static Client Authenticated(
ManagedChannel channel,
string memberId,
ICryptoEngine crypto)
{
return(new Client(memberId, crypto, channel));
}
public ConfigurationTests()
{
_engine = new RijndaelEngine("WVZwzJ/n<Czp1p73iL=?!0_FR[yYjqq#~zJi$Z")
.SetInitVector("nj9VU7Bksh9EAqPE")
.SetRandomSaltLength(13, 19)
.SetKeySize(RijndaelKeySize.Key256Bit);
}
/// <summary>
/// Completes account recovery.
/// </summary>
/// <param name="memberId">the member id</param>
/// <param name="recoveryOperations">the member recovery operations</param>
/// <param name="privilegedKey">the privileged public key in the member recovery operations</param>
/// <param name="cryptoEngine">the new crypto engine</param>
/// <returns>the new member</returns>
public Task <ProtoMember> CompleteRecovery(
string memberId,
IList <MemberRecoveryOperation> recoveryOperations,
Key privilegedKey,
ICryptoEngine cryptoEngine)
{
var operations = recoveryOperations.Select(re => new MemberOperation {
Recover = re
}).ToList();
operations.Add(Util.ToAddKeyOperation(privilegedKey));
operations.Add(Util.ToAddKeyOperation(cryptoEngine.GenerateKey(Level.Standard)));
operations.Add(Util.ToAddKeyOperation(cryptoEngine.GenerateKey(Level.Low)));
var signer = cryptoEngine.CreateSigner(privilegedKey.Id);
var memberRequest = new GetMemberRequest {
MemberId = memberId
};
return(gateway.GetMemberAsync(memberRequest)
.ToTask(response => response.Member)
.FlatMap(member =>
{
var request = Util.ToUpdateMemberRequest(member, operations, signer);
return gateway.UpdateMemberAsync(request).ToTask(response => response.Member);
}));
}
/// <summary>
/// Completes account recovery if the default recovery rule was set.
/// </summary>
/// <param name="memberId">the member id</param>
/// <param name="verificationId">the verification id</param>
/// <param name="code">the code</param>
/// <param name="cryptoEngine">the new crypto engine</param>
/// <returns>the new member</returns>
public Task <ProtoMember> CompleteRecoveryWithDefaultRule(
string memberId,
string verificationId,
string code,
ICryptoEngine cryptoEngine)
{
var privilegedKey = cryptoEngine.GenerateKey(Level.Privileged);
var standardKey = cryptoEngine.GenerateKey(Level.Standard);
var lowKey = cryptoEngine.GenerateKey(Level.Low);
var signer = cryptoEngine.CreateSigner(Level.Privileged);
var operations = new List <Key> {
privilegedKey, standardKey, lowKey
}
.Select(Util.ToAddKeyOperation)
.ToList();
return(Util.TwoTasks(
GetMember(memberId),
GetRecoveryAuthorization(verificationId, code, privilegedKey))
.Map(memberAndEntry =>
{
operations.Add(new MemberOperation {
Recover = memberAndEntry.Value
});
return Util.ToUpdateMemberRequest(memberAndEntry.Key, operations, signer);
})
.FlatMap(updateMember => gateway
.UpdateMemberAsync(updateMember)
.ToTask(response => response.Member)));
}
public StaffMController()
{
con = new ConnectionClass();
//Db = con.Db();
//DbLog = con.DbLog();
ObjectCrypto = new CryptoEngineData();
}
public void FixtureSetup()
{
_engine = new RijndaelEngine("WVZwzJ/n<Czp1p73iL=?!0_FR[yYjqq#~zJi$Z")
.SetInitVector("nj9VU7Bksh9EAqPE")
.SetRandomSaltLength(13, 19)
.SetKeySize(KeySize.Key256Bit);
}
/// <summary>
/// Recovers an eIDAS-verified member with eidas payload.
///
/// </summary>
/// <param name="payload">a payload containing member id, the certificate and a new key to add to the member</param>
/// <param name="signature">a payload signature with the private key corresponding to the certificate</param>
/// <param name="cryptoEngine">a crypto engine that must contain the privileged key that is included in
/// the payload(if it does not contain keys for other levels they will be generated)</param>
/// <returns>a task of a new member</returns>
public Task <ProtoMember> RecoverEidasMember(
EidasRecoveryPayload payload,
string signature,
ICryptoEngine cryptoEngine)
{
Key privilegedKey = payload.Key;
Key standardKey = GetOrGenerateKeyForLevel(cryptoEngine,
Level.Standard);
Key lowKey = GetOrGenerateKeyForLevel(cryptoEngine,
Level.Low);
IList <Key> keys = new List <Key> {
privilegedKey, standardKey, lowKey
};
ISigner signer = cryptoEngine.CreateSigner(privilegedKey.Id);
string memberId = payload.MemberId;
var request = new RecoverEidasRequest
{
Payload = payload,
Signature = signature
};
var memberRequest = new GetMemberRequest {
MemberId = memberId
};
return(Util.TwoTasks(
gateway.GetMemberAsync(memberRequest)
.ToTask(response => response.Member),
gateway.RecoverEidasMemberAsync(request)
.ToTask(response => response.RecoveryEntry))
.Map(memberAndEntry =>
{
IList <MemberOperation> operations = new List <MemberOperation>();
operations.Add(new MemberOperation {
Recover = memberAndEntry.Value
});
var list = keys
.Select(key => new MemberOperation
{
AddKey = new MemberAddKeyOperation
{
Key = key
}
})
.ToList();
foreach (var operation in list)
{
operations.Add(operation);
}
return Util.ToUpdateMemberRequest(memberAndEntry.Key,
operations,
signer);
})
.FlatMap(updateMember => gateway
.UpdateMemberAsync(updateMember)
.ToTask(response => response.Member)));
}
public AsyncClientAuthenticator(string memberId,
ICryptoEngine crypto,
AuthenticationContext authentication)
{
this.memberId = memberId;
this.crypto = crypto;
this.authentication = authentication;
}
/// <summary>
/// Completes the recovery blocking.
/// </summary>
/// <returns>The recovery blocking.</returns>
/// <param name="memberId">Member identifier.</param>
/// <param name="recoveryOperations">the member Recovery operations.</param>
/// <param name="privilegedKey">the privileged public key in the member recovery operations</param>
/// <param name="cryptoEngine">New Crypto engine.</param>
public Member CompleteRecoveryBlocking(
string memberId,
IList <MemberRecoveryOperation> recoveryOperations,
Key privilegedKey,
ICryptoEngine cryptoEngine)
{
return(CompleteRecovery(memberId, recoveryOperations, privilegedKey, cryptoEngine).Result);
}
/// <summary>
/// Completes the recovery with default rule blocking.
/// </summary>
/// <returns>The recovery with default rule blocking.</returns>
/// <param name="memberId">Member identifier.</param>
/// <param name="verificationId">Verification identifier.</param>
/// <param name="code">Code.</param>
public Member CompleteRecoveryWithDefaultRuleBlocking(
string memberId,
string verificationId,
string code,
ICryptoEngine cryptoEngine)
{
return(CompleteRecoveryWithDefaultRule(memberId, verificationId, code, cryptoEngine).Result);
}
/// <summary>
/// Adds and removes keys.
/// </summary>
/// <param name="crypto">crypto engine</param>
/// <param name="member">member</param>
public static void Keys(ICryptoEngine crypto, TppMember member)
{
Key lowKey = crypto.GenerateKey(Key.Types.Level.Low);
member.ApproveKeyBlocking(lowKey);
Key standardKey = crypto.GenerateKey(Key.Types.Level.Standard);
Key privilegedKey = crypto.GenerateKey(Key.Types.Level.Privileged);
member.ApproveKeysBlocking(new[] { standardKey, privilegedKey });
member.RemoveKeyBlocking(lowKey.Id);
}
/// <summary>
/// Completes the recovery.
/// </summary>
/// <returns>The recovery.</returns>
/// <param name="memberId">Member identifier.</param>
/// <param name="recoveryOperations">Recovery operations.</param>
/// <param name="privilegedKey">the privileged public key in the member recovery operations</param>
/// <param name="cryptoEngine">Crypto engine.</param>
public Task <Member> CompleteRecovery(
string memberId,
IList <MemberRecoveryOperation> recoveryOperations,
Key privilegedKey,
ICryptoEngine cryptoEngine)
{
return(CompleteRecoveryImpl(memberId, recoveryOperations, privilegedKey, cryptoEngine)
.Map(member =>
{
var client = ClientFactory.Authenticated(channel, member.MemberId(), cryptoEngine);
return new Member(member.MemberId(), client,
tokenCluster, member.PartnerId(), member.RealmId());
}));
}
/// <summary>
/// Completes account recovery if the default recovery rule was set.
/// </summary>
/// <param name="memberId">the member id</param>
/// <param name="verificationId">the verification id</param>
/// <param name="code">the code</param>
/// <returns>the new member</returns>
public Task <Member> CompleteRecoveryWithDefaultRule(
string memberId,
string verificationId,
string code,
ICryptoEngine cryptoEngine)
{
return(CompleteRecoveryWithDefaultRuleImpl(memberId, verificationId, code, cryptoEngine)
.Map(member =>
{
var client = ClientFactory.Authenticated(channel, member.MemberId(), cryptoEngine);
return new Member(member.MemberId(), client,
tokenCluster, member.PartnerId(), member.RealmId());
}));
}
/// <summary>
/// Completes account recovery if the default recovery rule was set.
/// </summary>
/// <param name="memberId">the member id</param>
/// <param name="verificationId">the verification id</param>
/// <param name="code">the code</param>
/// <returns>the new member</returns>
public Task <Member> CompleteRecoveryWithDefaultRuleImpl(
string memberId,
string verificationId,
string code, ICryptoEngine cryptoEngine)
{
var unauthenticated = ClientFactory.Unauthenticated(channel);
//var cryptoEngine = new TokenCryptoEngine(memberId, new InMemoryKeyStore());
return(unauthenticated
.CompleteRecoveryWithDefaultRule(memberId, verificationId, code, cryptoEngine)
.Map(member =>
{
return new Member(member.Id, null, tokenCluster, member.PartnerId, member.RealmId);
}));
}
/// <summary>
/// Completes account recovery.
/// </summary>
/// <param name="memberId">the member id</param>
/// <param name="recoveryOperations">the member recovery operations</param>
/// <param name="privilegedKey">the privileged public key in the member recovery operations</param>
/// <param name="cryptoEngine">the new crypto engine</param>
/// <returns>the new member</returns>
public Task <Member> CompleteRecoveryImpl(
string memberId,
IList <MemberRecoveryOperation> recoveryOperations,
Key privilegedKey,
ICryptoEngine cryptoEngine)
{
var unauthenticated = ClientFactory.Unauthenticated(channel);
return(unauthenticated
.CompleteRecovery(memberId, recoveryOperations, privilegedKey, cryptoEngine)
.Map(member =>
{
return new Member(member.Id, null, tokenCluster, member.PartnerId, member.RealmId);
}));
}
/// <summary>
/// Completes account recovery.
/// </summary>
/// <param name="memberId">the member id</param>
/// <param name="recoveryOperations">the member recovery operations</param>
/// <param name="privilegedKey">the privileged public key in the member recovery operations</param>
/// <param name="cryptoEngine">the new crypto engine</param>
/// <returns>the new member</returns>
public Task <Member> CompleteRecovery(
string memberId,
IList <MemberRecoveryOperation> recoveryOperations,
Key privilegedKey,
ICryptoEngine cryptoEngine)
{
var unauthenticated = ClientFactory.Unauthenticated(channel);
return(unauthenticated
.CompleteRecovery(memberId, recoveryOperations, privilegedKey, cryptoEngine)
.Map(member =>
{
var client = ClientFactory.Authenticated(channel, member.Id, cryptoEngine);
return new Member(client);
}));
}
public static ICryptoEngine GetCryptoEngine(CryptoAlgorithm cryptoAlgorithm, params object[] constructorArguments)
{
ICryptoEngine cryptoEngine = null;
switch (cryptoAlgorithm)
{
case CryptoAlgorithm.RijndaelManaged:
cryptoEngine = (ICryptoEngine)Activator.CreateInstance(typeof(RijndaelCryptoEngine), constructorArguments);
break;
case CryptoAlgorithm.Aes:
cryptoEngine = (ICryptoEngine)Activator.CreateInstance(typeof(AesCryptoEngine), constructorArguments);
break;
}
return(cryptoEngine);
}
private static Key GetOrGenerateKeyForLevel(
ICryptoEngine cryptoEngine,
Level level)
{
var keys = cryptoEngine
.GetPublicKeys()
.ToList()
.Where(k => k.Level.Equals(level))
.ToList();
if (keys.Count == 0)
{
return(cryptoEngine.GenerateKey(level));
}
return(keys[0]);
}
/// <summary>
/// Recovers an eIDAS-verified member with eIDAS payload.
///
/// </summary>
/// <param name="payload">a payload containing member id, the certificate and a new key to add to the member</param>
/// <param name="signature">a payload signature with the private key corresponding to the certificate</param>
/// <param name="cryptoEngine">a crypto engine that must contain the privileged key that is included in
/// the payload(if it does not contain keys for other levels they will be generated)</param>
/// <returns>a Task of a new member</returns>
public Task <Member> RecoverEidasMember(
EidasRecoveryPayload payload,
string signature,
ICryptoEngine cryptoEngine)
{
var unauthenticated = ClientFactory.Unauthenticated(channel);
return(unauthenticated.RecoverEidasMember(payload,
signature,
cryptoEngine)
.Map(member =>
{
var client = ClientFactory.Authenticated(channel,
member.Id,
cryptoEngine);
return new Member(
member.Id,
client,
tokenCluster,
member.PartnerId,
member.RealmId);
}));
}
public ConnectionClass()
{
BaseURL = ConfigurationManager.AppSettings["BaseURL"].ToString();
ICryptoData = new CryptoEngineData();
}
public EncryptedString(ICryptoEngine cryptoEngine)
{
_cryptoEngine = cryptoEngine;
}
public OAuthContext(ICryptoEngine cryptoEngine) : base("QuickBooks")
{
((IObjectContextAdapter)this).ObjectContext.ObjectMaterialized += ObjectMaterialized;
_cryptoEngine = cryptoEngine;
}
public CryptoEngineTest()
{
memberId = Util.Nonce();
keyStore = new InMemoryKeyStore();
cryptoEngine = new TokenCryptoEngine(memberId, keyStore);
}
public AuthController(IConfiguration Configuration, IDBEngine DBEngine, ICryptoEngine CryptoEngine)
{
config = Configuration;
db = DBEngine;
crypto = CryptoEngine;
}
/// <summary>
/// Instantiates a client.
/// </summary>
/// <param name="memberId">the member id</param>
/// <param name="cryptoEngine">the crypto engine used to sign for authentication, request
/// payloads, etc</param>
/// <param name="channel">managed channel</param>
public Client(string memberId, ICryptoEngine cryptoEngine, ManagedChannel channel)
{
this.MemberId = memberId;
this.cryptoEngine = cryptoEngine;
this.channel = channel;
}
/// <summary>
/// Instantiates a client.
/// </summary>
/// <param name="memberId">the member id</param>
/// <param name="cryptoEngine">the crypto engine used to sign for authentication, request
/// payloads, etc</param>
/// <param name="channel">managed channel</param>
public Client(string memberId, ICryptoEngine cryptoEngine, ManagedChannel channel)
: base(memberId, cryptoEngine, channel)
{
}
/// <summary>
/// Initializes the CryptoEngine to use.
/// </summary>
/// <param name="engine">CryptoEngine to use</param>
public static void Initialize(ICryptoEngine engine)
{
_engine = engine;
}