/// <summary>
/// Second part of 2FA.
/// </summary>
/// <param name="user">User information.</param>
/// <param name="certificate">User <see cref="X509Certificate2"/> public certificate in raw form.</param>
/// <param name="usersDb">Enigma's user database.</param>
/// <param name="crlListPath">Path on FS to CRL directory.</param>
/// <param name="caTrustListPath">Path on FS to CA trust list.</param>
public void LoginPartTwo(User user, byte[] certificate, UserDatabase usersDb, string crlListPath, string caTrustListPath)
{
var userCert = new X509Certificate2(certificate);
var publicKeyFromCertificate = ((RSACryptoServiceProvider)userCert.PublicKey.Key).ExportParameters(false);
// compare user public RSA key from x509 public certificate with a public RSA key that was stored when user first registered
if (!RsaAlgorithm.CompareKeys(publicKeyFromCertificate, RsaAlgorithm.ExportParametersFromXmlString(user.PublicKey, false)))
{
throw new Exception("Wrong certificate used.");
}
// if wrong file is loaded instead of the x509 public certificate in PEM format
if (userCert == null)
{
throw new Exception("Certificate error.");
}
// update user last login time and reset atttemp count
usersDb.UpdateLoginTime(user, DateTime.Now.ToString("dddd, MMM dd yyyy, hh:mm:ss"));
// reset login attempt if necessary
if (user.LoginAttempt != 0)
{
usersDb.ResetLoginAttempts(user);
}
//if (CertificateValidator.VerifyCertificate(userCert, out var errorMsg, false) == false)
//{
// throw new Exception(errorMsg);
//}
// Check if the certificate has been revoked and set Revoked value if necessary.
if (CertificateValidator.VerifyCertificateRevocationStatus(userCert, crlListPath, caTrustListPath))
{
usersDb.SetCertificateRevokeStatus(user);
//throw new Exception("Certificate has been revoked.");
}
}
