protected override void SetItems(IReadOnlyList <byte[]> data)
{
VuId = new Guid(data[0]);
CvkPub = data[1].Length != 0 ? C25519Key.Parse(data[1]) : null;
CVKi = new BigInteger(data[2], true, true);
CvkiAuth = AesKey.Parse(data[3]);
}
public async Task <TideResponse> Add([FromRoute] Guid uid, [FromRoute] string prism, [FromRoute] string cmk, [FromRoute] string prismAuth, [FromRoute] string cmkAuth, [FromRoute] string email)
{
_logger.LogInformation($"New registration for {uid}", uid);
var account = new CmkVault
{
UserId = uid,
Prismi = GetBigInteger(prism),
Cmki = GetBigInteger(cmk),
PrismiAuth = AesKey.Parse(FromBase64(prismAuth)),
CmkiAuth = AesKey.Parse(FromBase64(cmkAuth)),
Email = HttpUtility.UrlDecode(email)
};
var resp = await _manager.SetOrUpdate(account);
if (!resp.Success)
{
return(resp);
}
var m = Encoding.UTF8.GetBytes(_config.UserName + uid.ToString());
//TODO: The ork should not send the orkid because the client should already know
var signature = Convert.ToBase64String(_config.PrivateKey.Sign(m));
resp.Content = new { orkid = _config.UserName, sign = signature };
return(resp);
}
public async Task <ActionResult> ChangePrism([FromRoute] Guid uid, [FromRoute] string prism, [FromRoute] string prismAuth, [FromRoute] string token, [FromQuery] bool withCmk = false)
{
var tran = TranToken.Parse(FromBase64(token));
var toCheck = uid.ToByteArray().Concat(FromBase64(prism)).Concat(FromBase64(prismAuth)).ToArray();
var account = await _manager.GetById(uid);
if (account == null)
{
return(_logger.Log(Unauthorized($"Unsuccessful change password for {uid}"),
$"Unsuccessful change password for {uid}. Account was not found"));
}
var authKey = withCmk ? account.CmkiAuth : account.PrismiAuth;
if (!tran.Check(authKey, toCheck))
{
return(_logger.Log(Unauthorized($"Unsuccessful change password for {uid}"),
$"Unsuccessful change password for {uid} with {token}"));
}
_logger.LogInformation($"Change password for {uid}", uid);
account.Prismi = GetBigInteger(prism);
account.PrismiAuth = AesKey.Parse(FromBase64(prismAuth));
await _manager.SetOrUpdate(account);
return(Ok());
}
public VendorConfig CreateVendorConfig()
{
return(new VendorConfig
{
PrivateKey = C25519Key.Parse(Convert.FromBase64String(PrivateKey)),
SecretKey = AesKey.Parse(SecretKey)
});
}
protected override void SetItems(IReadOnlyList <byte[]> data)
{
UserId = new Guid(data[0]);
Prismi = new BigInteger(data[1], true, true);
Cmki = new BigInteger(data[2], true, true);
PrismiAuth = AesKey.Parse(data[3]);
CmkiAuth = AesKey.Parse(data[4]);
Email = Encoding.UTF8.GetString(data[5]);
}
public async Task <ActionResult <SignupRsponse> > SignUp([FromRoute] Guid vuid, [FromBody] SignupRequest data)
{
var authKey = AesKey.Parse(data.Auth);
var guids = await data.GetUrlIds();
var signatures = guids.Select(orkId => orkId.ToByteArray().Concat(vuid.ToByteArray()))
.Select(msg => Config.PrivateKey.Sign(msg.ToArray())).ToList();
await Repo.CreateUser(vuid, authKey, data.OrkUrls);
Logger.LogInformation($"Account created for {vuid}", vuid);
return(new SignupRsponse {
Token = TranToken.Generate(Config.SecretKey, vuid.ToByteArray()).ToByteArray(),
Signatures = signatures
});
}
public async Task <ActionResult <TideResponse> > Add([FromRoute] Guid vuid, [FromRoute] Guid keyId, [FromBody] string[] data)
{
var signature = FromBase64(data[3]);
var account = new CvkVault
{
VuId = vuid,
CvkPub = C25519Key.Parse(FromBase64(data[0])),
CVKi = GetBigInteger(data[1]),
CvkiAuth = AesKey.Parse(FromBase64(data[2]))
};
if (_features.Voucher)
{
var signer = await _keyIdManager.GetById(keyId);
if (signer == null)
{
return(BadRequest("Signer's key must be defined"));
}
if (!signer.Key.Verify(_config.Guid.ToByteArray().Concat(vuid.ToByteArray()).ToArray(), signature))
{
return(BadRequest("Signature is not valid"));
}
}
_logger.LogInformation("New cvk for {0} with pub {1}", vuid, data[0]);
var resp = await _managerCvk.SetOrUpdate(account);
if (!resp.Success)
{
return(resp);
}
var m = Encoding.UTF8.GetBytes(_config.UserName + vuid.ToString());
//TODO: The ork should not send the orkid because the client should already know
var signOrk = Convert.ToBase64String(_config.PrivateKey.Sign(m));
resp.Content = new { orkid = _config.UserName, sign = signOrk };
return(resp);
}
public static string Encrypt(string plainText, string key)
{
return(AesKey.Parse(key).EncryptStr(plainText));
}
public static string Decrypt(string cipherText, string key)
{
return(AesKey.Parse(key).DecryptStr(cipherText));
}
public AesKey GetSecretKey() => AesKey.Parse(SecretKey);
