/// <summary>
/// Illustrate recovery using a not-normal-"consumer mode" recovery agent.
/// </summary>
/// <param name="tokenClient">SDK client</param>
/// <param name="alias">Alias of member to recover</param>
/// <returns>the recovered member</returns>
public Tokenio.Member RecoverWithComplexRule(
TokenClient tokenClient,
Alias alias)
{
var memberId = tokenClient.GetMemberId(alias).Result;
var cryptoEngine = new TokenCryptoEngine(memberId, new InMemoryKeyStore());
var newKey = cryptoEngine.GenerateKey(Privileged);
var verificationId = tokenClient.BeginRecovery(alias).Result;
var authorization = tokenClient.CreateRecoveryAuthorization(memberId, newKey).Result;
var agentSignature = GetRecoveryAgentSignature(authorization);
var mro = new MemberRecoveryOperation
{
AgentSignature = agentSignature,
Authorization = authorization
};
var recoveredMember = tokenClient.CompleteRecovery(
memberId,
new List <MemberRecoveryOperation> {
mro
},
newKey,
cryptoEngine).Result;
recoveredMember.VerifyAlias(verificationId, "1thru6").Wait();
return(recoveredMember);
}
public void Recovery_withSecondaryAgent()
{
var alias = Alias();
var member = tokenClient.CreateMemberBlocking(alias);
var memberId = member.MemberId();
var primaryAgentId = member.GetDefaultAgentBlocking();
var secondaryAgent = tokenClient.CreateMemberBlocking(Alias());
var unusedSecondaryAgent = tokenClient.CreateMemberBlocking(Alias());
member.AddRecoveryRuleBlocking(new RecoveryRule
{
PrimaryAgent = primaryAgentId,
SecondaryAgents = { secondaryAgent.MemberId(), unusedSecondaryAgent.MemberId() }
});
var cryptoEngine = new TokenCryptoEngine(memberId, new InMemoryKeyStore());
var key = cryptoEngine.GenerateKey(Privileged);
var verificationId = tokenClient.BeginRecoveryBlocking(alias);
var authorization = new Authorization
{
MemberId = memberId,
MemberKey = key,
PrevHash = member.GetLastHashBlocking()
};
var signature = secondaryAgent.AuthorizeRecoveryBlocking(authorization);
var op1 = tokenClient.GetRecoveryAuthorizationBlocking(verificationId, "code", key);
var op2 = new MemberRecoveryOperation
{
Authorization = authorization,
AgentSignature = signature
};
var recovered = tokenClient.CompleteRecoveryBlocking(
memberId,
new[] { op1, op2 },
key,
cryptoEngine);
Assert.Equal(member.MemberId(), recovered.MemberId());
Assert.Equal(3, recovered.GetKeysBlocking().Count);
Assert.Empty(recovered.GetAliasesBlocking());
Assert.False(tokenClient.AliasExistsBlocking(alias));
recovered.VerifyAliasBlocking(verificationId, "code");
Assert.True(tokenClient.AliasExistsBlocking(alias));
CollectionAssert.Equivalent(new[] { alias.ToNormalized() }, recovered.GetAliasesBlocking());
}
/// <summary>
/// Illustrate recovery using a not-normal-"consumer mode" recovery agent.
/// </summary>
/// <param name="tokenClient">SDK client</param>
/// <param name="alias">Alias of member to recover</param>
/// <returns>recovered member</returns>
public TppMember RecoverWithComplexRule(
Tokenio.Tpp.TokenClient tokenClient,
Alias alias)
{
// complexRecovery begin snippet to include in docs
string memberId = tokenClient.GetMemberIdBlocking(alias);
ICryptoEngine cryptoEngine = new TokenCryptoEngine(memberId, new InMemoryKeyStore());
Key newKey = cryptoEngine.GenerateKey(Key.Types.Level.Privileged);
string verificationId = tokenClient.BeginRecoveryBlocking(alias);
MemberRecoveryOperation.Types.Authorization authorization = tokenClient.CreateRecoveryAuthorizationBlocking(
memberId,
newKey);
// ask recovery agent to verify that I really am this member
Signature agentSignature = getRecoveryAgentSignature(authorization);
// We have all the signed authorizations we need.
// (In this example, "all" is just one.)
MemberRecoveryOperation mro = new MemberRecoveryOperation
{
Authorization = authorization,
AgentSignature = agentSignature
};
TppMember recoveredMember = tokenClient.CompleteRecoveryBlocking(
memberId,
(new[] { mro }).ToList(),
newKey,
cryptoEngine);
// after recovery, aliases aren't verified
// In the real world, we'd prompt the user to enter the code emailed to them.
// Since our test member uses an auto-verify email address, any string will work,
// so we use "1thru6".
recoveredMember.VerifyAliasBlocking(verificationId, "1thru6");
// complexRecovery done snippet to include in docs
return(recoveredMember);
}
