private string DecryptPrivateKey(string privateKey)
{
var setting = new SettingComponent().GetSetting();
if (setting.Encrypt)
{
if (!string.IsNullOrWhiteSpace(_cache.Get <string>("WalletPassphrase")))
{
try
{
return(AES128.Decrypt(privateKey, _cache.Get <string>("WalletPassphrase")));
}
catch
{
throw new CommonException(ErrorCode.Service.Transaction.WALLET_DECRYPT_FAIL);
}
}
else
{
//是否需要调用解密的逻辑
throw new CommonException(ErrorCode.Service.Transaction.WALLET_DECRYPT_FAIL);
}
}
else
{
return(privateKey);
}
}
public void SetPin(string pin, UserAccount user, string deviceNumber)
{
if (!string.IsNullOrEmpty(user.Pin))
{
throw new ApplicationException(MessageResources.PINHasSet);
}
var _pin = AES128.Decrypt(pin, AES128.DefaultKey);
using (var scope = new TransactionScope())
{
new UserAccountDAC().SetPinById(user.Id, PasswordHasher.HashPassword(_pin));
if (new UserDeviceDAC().GetUserDeviceByAccountId(user.Id)
.All(item => item.DeviceNumber != deviceNumber))
{
new UserDeviceDAC().Insert(new UserDevice()
{
DeviceNumber = deviceNumber,
LastActiveTime = DateTime.UtcNow,
Name = " ",
UserAccountId = user.Id
});
}
new UserAccountDAC().UpdateIsBindingDevice(user.Id);
scope.Complete();
}
}
private T LoadFile <T>(string filePath, string salt)
{
if (!File.Exists(filePath))
{
throw new CommonException(ErrorCode.Engine.Wallet.IO.FILE_NOT_FOUND);
}
string fileString = string.Empty;
try
{
fileString = FileHelper.LoadFileString(filePath);
}
catch (Exception ex)
{
throw new CommonException(ErrorCode.Engine.Wallet.IO.FILE_DATA_INVALID, ex);
}
try
{
if (!string.IsNullOrEmpty(salt))
{
fileString = AES128.Decrypt(fileString, salt);
}
}
catch (Exception ex)
{
throw new CommonException(ErrorCode.Engine.Wallet.DECRYPT_DATA_ERROR, ex);
}
return(JsonConvert.DeserializeObject <T>(fileString));
}
public void ChangePassword(string oldPassword, string newPassword)
{
SettingComponent sComponent = new SettingComponent();
var setting = sComponent.GetSetting();
if (MD5Helper.EncryptTo32(oldPassword) == setting.PassCiphertext)
{
var aclist = AccountDac.Default.SelectAll();
foreach (var item in aclist)
{
item.PrivateKey = AES128.Decrypt(item.PrivateKey, oldPassword);
item.PrivateKey = AES128.Encrypt(item.PrivateKey, newPassword);
}
try
{
AccountDac.Default.UpdatePrivateKeyAr(aclist);
setting = sComponent.GetSetting();
setting.Encrypt = true;
setting.PassCiphertext = MD5Helper.EncryptTo32(newPassword);
sComponent.SaveSetting(setting);
}
catch (Exception ex)
{
throw new CommonException(ErrorCode.Engine.Wallet.DB.EXECUTE_SQL_ERROR, ex);
}
}
else
{
throw new CommonException(ErrorCode.Engine.Wallet.CHECK_PASSWORD_ERROR);
}
}
public static void Verify(FixValueVerifier verifier, SystemPlatform plateForm, string uniqueKey, string hashedCode, string toCheckCode, bool needDecrypt = true)
{
var errorCountKey = verifier.GetErrorCountKey(plateForm, uniqueKey);
int errorCount = CheckErrorCount(verifier, errorCountKey);
bool result = true;
if (needDecrypt)
{
try
{
toCheckCode = AES128.Decrypt(toCheckCode, AES128.DefaultKey);
}
catch
{
result = false;
}
}
result = result && verifier.Verify(plateForm, uniqueKey, hashedCode, toCheckCode);
if (result)
{
if (errorCount > 0)
{
DeleteErrorCount(errorCountKey);
}
}
else
{
IncreaseErrorCount(verifier, errorCountKey);
}
}
/// <summary>Asynchronously authenticates the request.</summary>
/// <returns>The task that completes the authentication.</returns>
/// <param name="context">The authentication context.</param>
/// <param name="cancellationToken">The cancellation token.</param>
public Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
var request = context.Request;
if (request == null)
{
throw new InvalidOperationException("Request must not be null");
}
if (context.Request.Headers.Authorization == null)
{
return(Task.FromResult(0));
}
try
{
var authHeader = request.Headers.Authorization.Parameter;
var clientKey = ConfigurationManager.AppSettings["ClientKey"];
var secretKey = ConfigurationManager.AppSettings["SecretKey"];
try
{
var decryptedPIN = AES128.Decrypt(authHeader, secretKey);
if (decryptedPIN.Length > 14)
{
var date = decryptedPIN.Substring(0, 14);
var timestamp = DateTime.ParseExact(date, "yyyyMMddHHmmss", CultureInfo.InvariantCulture);
//Payment PIN submission must be within accepted time.
//This is to prevent hacker copy the encrypted string and use it to authorize victim payment PIN without the need
//to know the exact PIN
if (timestamp.AddMinutes(5) >= DateTime.UtcNow && timestamp.AddMinutes(-5) <= DateTime.UtcNow)
{
var actualPIN = decryptedPIN.Substring(14);
if (actualPIN == clientKey)
{
SetSecurityPrincipal(ref context, "1", "FiiiPay", "");
}
}
}
}
catch (Exception)
{
//DANGER: Need to write log here
}
}
catch (Exception)
{
//DANGER: Need to write log here
}
return(Task.FromResult(0));
}
public void ModifyPIN(InvestorAccount investor, string oldPIN, string newPIN)
{
string plainNewPIN = AES128.Decrypt(newPIN, AES128.DefaultKey);
if (PasswordHasher.VerifyHashedPassword(investor.PIN, plainNewPIN))
{
throw new CommonException(ReasonCode.PIN_MUST_BE_DIFFERENT, R.新旧Pin码不能一致);
}
VerifyPIN(investor, oldPIN);
new InvestorAccountDAC().UpdatePIN(investor.Id, PasswordHasher.HashPassword(plainNewPIN));
new InvestorAccountDAC().UpdatePINStatus(investor.Id, 1);
}
public void TestBytes()
{
byte[] key = Enumerable.Range(100, 16).Select(val => (byte)val).ToArray();
byte[] IV = Enumerable.Range(128, 16).Select(val => (byte)val).ToArray();
byte[] testData = Enumerable.Range(0, 256).Select(val => (byte)val).ToArray();
var encData = AES128.Encrypt(testData, key, IV);
var decodeData = AES128.Decrypt(encData, key, IV);
Assert.IsTrue(testData.SequenceEqual(decodeData));
}
public void ModifyPassword(InvestorAccount investor, string oldPassword, string newPassword)
{
string plainNewPassword = AES128.Decrypt(newPassword, AES128.DefaultKey);
string plainOldPassword = AES128.Decrypt(oldPassword, AES128.DefaultKey);
if (!PasswordHasher.VerifyHashedPassword(investor.Password, plainOldPassword))
{
throw new CommonException(ReasonCode.WRONG_OLD_PASSWORD_ENTERRED, R.原密码不正确);
}
if (PasswordHasher.VerifyHashedPassword(investor.Password, plainNewPassword))
{
throw new CommonException(ReasonCode.WRONG_OLD_PASSWORD_ENTERRED, R.新旧密码不能一致);
}
new InvestorAccountDAC().UpdatePassword(investor.Id, PasswordHasher.HashPassword(plainNewPassword));
new InvestorAccountDAC().UpdatePasswordStatus(investor.Id, 1);
}
public void UpdatePin(UserAccount user, string oldPin, string newPin)
{
SecurityVerify.Verify <UpdatePinVerify>(new CustomVerifier("UpdatePin"), SystemPlatform.FiiiPay, user.Id.ToString(), (model) =>
{
return(model.PinVerified && model.CombinedVerified);
});
newPin = AES128.Decrypt(newPin, AES128.DefaultKey);
var _oldPin = AES128.Decrypt(oldPin, AES128.DefaultKey);
if (_oldPin.Equals(newPin))
{
throw new CommonException(ReasonCode.PIN_MUST_BE_DIFFERENT, MessageResources.NewPINOldPINDifferent);
}
new UserAccountDAC().SetPinById(user.Id, PasswordHasher.HashPassword(newPin));
}
public static bool TryParse(string cipherPin, out string pinText)
{
try
{
pinText = AES128.Decrypt(cipherPin, AES128.DefaultKey);
}
catch (Exception)
{
pinText = null;
return(false);
}
var reg = new Regex("^\\d{6}$");
return(reg.IsMatch(pinText) && !ContinuousNumber.Contains(pinText));
}
/// <summary>
/// decrypt access token
/// </summary>
/// <param name="token"></param>
/// <typeparam name="T"></typeparam>
/// <returns></returns>
public static T DecryptToken <T>(string token) where T : AccessToken
{
return(JsonConvert.DeserializeObject <T>(AES128.Decrypt(token, DefaultKey)));
}
public static string GetDecryptString(string enStr)
{
return(AES128.Decrypt(enStr, DefaultKey));
}
public LoginOM NewDeviceLoginBySMSCode(NewDeviceLoginBySMSCodeIM im, string deviceNumber)
{
var user = CheckUser(im.CountryId, im.Cellphone);
var prevVerifier = new LoginCellphoneVerifier();
var customVerifier = new CustomVerifier("NewDeviceLogin");
var hadOpenedGoogleAuth = ValidationFlagComponent.CheckSecurityOpened(user.ValidationFlag, ValidationFlag.GooogleAuthenticator);
SecurityVerify.Verify <LoginBySMSVerify>(customVerifier, SystemPlatform.FiiiPay, user.Id.ToString(), (model) =>
{
bool result = model.CellphoneVerified;
if (user.L1VerifyStatus == VerifyStatus.Certified)
{
var identityNo = new UserProfileComponent().PreVerifyLv1(user).IdentityDocNo;
result = result && new IDNumberVerifier().Verify(SystemPlatform.FiiiPay, user.Id.ToString(), identityNo, im.IdentityDocNo);
if (!result)
{
var errorCountKey = customVerifier.GetErrorCountKey(SystemPlatform.FiiiPay, user.Id.ToString());
var errorCount = SecurityVerify.CheckErrorCount(customVerifier, errorCountKey);
new IDNumberVerifier().VerifyFaild(Constant.VIRIFY_FAILD_TIMES_LIMIT - errorCount - 1);
}
}
if (!string.IsNullOrEmpty(user.Pin))
{
result = result && new PinVerifier().Verify(SystemPlatform.FiiiPay, user.Id.ToString(), user.Pin, AES128.Decrypt(im.Pin, AES128.DefaultKey));
if (!result)
{
var errorCountKey = customVerifier.GetErrorCountKey(SystemPlatform.FiiiPay, user.Id.ToString());
var errorCount = SecurityVerify.CheckErrorCount(customVerifier, errorCountKey);
new PinVerifier().VerifyFaild(Constant.VIRIFY_FAILD_TIMES_LIMIT - errorCount - 1);
}
}
if (SecurityVerify.CheckSecurityOpened(user.ValidationFlag, ValidationFlag.GooogleAuthenticator))
{
var googleVerifier = new GoogleVerifier();
if (string.IsNullOrEmpty(im.GoogleCode))
{
result = false;
}
result = result && SecurityVerify.CheckCodeValid(googleVerifier, SystemPlatform.FiiiPay, user.Id.ToString(), im.GoogleCode);
result = result && googleVerifier.Verify(user.AuthSecretKey, im.GoogleCode);
if (!result)
{
var errorCountKey = customVerifier.GetErrorCountKey(SystemPlatform.FiiiPay, user.Id.ToString());
var errorCount = SecurityVerify.CheckErrorCount(customVerifier, errorCountKey);
googleVerifier.VerifyFaild(Constant.VIRIFY_FAILD_TIMES_LIMIT - errorCount - 1);
}
}
return(result);
});
new UserDeviceDAC().Insert(new UserDevice()
{
DeviceNumber = deviceNumber, Name = " ", UserAccountId = user.Id, LastActiveTime = DateTime.UtcNow
});
var loginOm = IssueAccessToken(user);
return(loginOm);
}