public async Task <DocumentUserSignatureDto> Handle(Command message)
{
var documentSigner = _mapper.Map <DocumentUserSignature>(message.DocumentUserSignatureDto);
var certificateData =
_certificateService.GetCertificateData(documentSigner.SignerCertificate,
CertificateService.GostAlgType);
if (!_certificateService.VerifyGostCertificate(certificateData.Certificate,
documentSigner.SignedData))
{
throw new Exception("Certificate is not valid");
}
var currentUserXin = _context.Users.Single(u => u.Id == documentSigner.UserId).XIN;
if (!currentUserXin.Equals(certificateData.Bin) && !currentUserXin.Equals(certificateData.Iin))
{
throw new Exception("XIN not suitable");
}
documentSigner.IsValidCertificate = true;
var documentId = _context.DocumentWorkflows.Find(documentSigner.WorkflowId)?.OwnerId;
if (documentId.HasValue)
{
await _signedDocumentApplierForRequest.ApplyAsync(documentSigner.UserId, documentId.Value);
await _signedDocumentApplierForContract.ApplyAsync(documentSigner.UserId, documentId.Value);
}
_context.DocumentUserSignatures.Add(documentSigner);
await _context.SaveChangesAsync();
return(_mapper.Map <DocumentUserSignatureDto>(documentSigner));
}
private async Task <IActionResult> CertificateSignIn(LoginModel model)
{
var certificateData = _certificateService.GetCertificateData(model.CertData, CertificateService.RsaAlgType);
if (string.IsNullOrEmpty(certificateData.Iin))
{
throw new SecurityException("Inn in certificate not found");
}
var userToVerify = await _userManager.FindByNameAsync(certificateData.Iin);
if (userToVerify == null)
{
throw new SecurityException("User not found");
}
var isValid = _certificateService.VerifyRsaCertificate(certificateData.Certificate, model.PlainData,
model.SignedPlainData);
if (!isValid)
{
throw new SecurityException("Certificate is not valid");
}
if (await _userManager.IsLockedOutAsync(userToVerify) ||
userToVerify.AccessFailedCount == MaxAccessFailedCount)
{
await _userManager.SetLockoutEnabledAsync(userToVerify, true);
throw new SecurityException("User is locked, contact your Administrator");
}
//var result = await _signInManager.PasswordSignInAsync(certificateData.Iin, model.Password, false, true);
var isCanSignIn = await _signInManager.CanSignInAsync(userToVerify);
if (isCanSignIn)
{
_logger.LogInformation(1, "User logged in.");
var response = await _jwtFactory.Create(userToVerify);
return(Ok(response));
}
throw new SecurityException("Invalid login attempt.");
}
public bool Execute(Domain.Entities.Document.DocumentUserSignature documentUserSignature)
{
var certificateData = _certificateService.GetCertificateData(documentUserSignature.SignerCertificate, CertificateService.GostAlgType);
if (!_certificateService.VerifyGostCertificate(certificateData.Certificate, documentUserSignature.SignedData))
{
throw new Exception("Certificate is not valid");
}
var userXin = NiisAmbientContext.Current.User.Identity.UserXin;
if (!userXin.Equals(certificateData.Bin) && !userXin.Equals(certificateData.Iin))
{
throw new Exception("XIN not suitable");
}
return(true);
}
