public async Task <ActionResult <TideResponse> > Add([FromRoute] Guid vuid, [FromRoute] Guid keyId, [FromBody] string[] data)
{
var signature = FromBase64(data[3]);
var account = new CvkVault
{
VuId = vuid,
CvkPub = C25519Key.Parse(FromBase64(data[0])),
CVKi = GetBigInteger(data[1]),
CvkiAuth = AesKey.Parse(FromBase64(data[2]))
};
if (_features.Voucher)
{
var signer = await _keyIdManager.GetById(keyId);
if (signer == null)
{
return(BadRequest("Signer's key must be defined"));
}
if (!signer.Key.Verify(_config.Guid.ToByteArray().Concat(vuid.ToByteArray()).ToArray(), signature))
{
return(BadRequest("Signature is not valid"));
}
}
_logger.LogInformation("New cvk for {0} with pub {1}", vuid, data[0]);
var resp = await _managerCvk.SetOrUpdate(account);
if (!resp.Success)
{
return(resp);
}
var m = Encoding.UTF8.GetBytes(_config.UserName + vuid.ToString());
//TODO: The ork should not send the orkid because the client should already know
var signOrk = Convert.ToBase64String(_config.PrivateKey.Sign(m));
resp.Content = new { orkid = _config.UserName, sign = signOrk };
return(resp);
}
public async Task <ActionResult <KeyIdVaultDTO> > GetById([FromRoute] Guid id)
{
var key = await _manager.GetById(id);
if (key == null)
{
return(NotFound());
}
return(new KeyIdVaultDTO(key));
}