public void AddKey_ShouldOverwrite()
{
var km = new EntityKeyMap();
var rsa = new RSACryptoServiceProvider();
var identifier = new EntityIdentifier(EntityType.Directory, Guid.NewGuid());
km.AddKey(identifier, "key", rsa);
var rsa2 = km.GetKey(identifier, "key");
Assert.AreSame(rsa, rsa2);
var rsa3 = new RSACryptoServiceProvider();
km.AddKey(identifier, "key", rsa3);
var rsa4 = km.GetKey(identifier, "key");
Assert.AreSame(rsa3, rsa4);
}
public ServiceV3AuthsGetResponse ServiceV3AuthsGet(Guid authRequestId, EntityIdentifier subject)
{
var response = ExecuteRequest(HttpMethod.GET, $"/service/v3/auths/{authRequestId}", subject, null, new List <int> {
408
});
if ((int)response.StatusCode == 204)
{
// user has not responded yet
return(null);
}
if ((int)response.StatusCode == 408)
{
throw new AuthorizationRequestTimedOutError();
}
try
{
var coreResponse = DecryptResponse <ServiceV3AuthsGetResponseCore>(response);
var jwtHeader = response.Headers[IOV_JWT_HEADER];
var jwtData = _jwtService.GetJWTData(jwtHeader);
var audience = EntityIdentifier.FromString(jwtData.Audience);
var key = _keyMap.GetKey(audience, coreResponse.PublicKeyId);
bool authResponse = false;
string deviceId = null;
string[] servicePins = null;
string type;
string reason;
string denialReason;
AuthPolicy.JWEAuthPolicy authPolicy;
AuthPolicy.AuthMethod[] authMethods;
try
{
if (coreResponse.JweEncryptedDeviceResponse != null)
{
var decryptedResponse = DecryptJweData(coreResponse.JweEncryptedDeviceResponse);
var deviceResponse = DecodeResponse <ServiceV3AuthsGetResponseDeviceJWE>(decryptedResponse);
authResponse = deviceResponse.Type == "AUTHORIZED";
deviceId = deviceResponse.DeviceId;
servicePins = deviceResponse.ServicePins;
type = deviceResponse.Type;
reason = deviceResponse.Reason;
denialReason = deviceResponse.DenialReason;
authPolicy = deviceResponse.AuthPolicy;
authMethods = deviceResponse.AuthMethods;
}
else
{
var encryptedDeviceResponse = Convert.FromBase64String(coreResponse.EncryptedDeviceResponse);
var decryptedResponse = _crypto.DecryptRSA(encryptedDeviceResponse, key);
var decryptedResponseString = Encoding.UTF8.GetString(decryptedResponse);
var deviceResponse = _jsonDecoder.DecodeObject <ServiceV3AuthsGetResponseDevice>(decryptedResponseString);
authResponse = deviceResponse.Response;
deviceId = deviceResponse.DeviceId;
servicePins = deviceResponse.ServicePins;
type = null;
reason = null;
denialReason = null;
authPolicy = null;
authMethods = null;
}
return(new ServiceV3AuthsGetResponse(
audience,
subject.Id,
coreResponse.ServiceUserHash,
coreResponse.OrgUserHash,
coreResponse.UserPushId,
authRequestId,
authResponse,
deviceId,
servicePins,
type,
reason,
denialReason,
authPolicy,
authMethods
));
}
catch (Exception ex)
{
throw new CryptographyError("Error decrypting device response", ex);
}
}
catch (JwtError ex)
{
throw new CryptographyError("Unable to parse JWT to get key info", ex);
}
}
public void GetKey_ShouldThrowNoKeyFoundException()
{
var km = new EntityKeyMap();
km.GetKey(new EntityIdentifier(EntityType.Organization, Guid.NewGuid()), "key");
}
