internal static UserSecurityKeyModel ProcessSigninRequest(SigninRequestModel signinRequest)
{
try
{
var userName = RsaUtil.Decrypt(signinRequest.UserName).ToLower();
// get the user id
var userId = GetUserIdByUserName(userName);
if (userId == Guid.Empty)
{
throw new KeyNotFoundException("This user does not exist.");
}
// save the client RSA public key to database
RsaUtil.SaveClientKey(signinRequest.ClientRsaPublicKey, userId);
return(GetUserSecurityKey(userId));
}
catch (KeyNotFoundException)
{
throw;
}
catch (Exception e)
{
Logger.Error(e);
throw new Exception("Failed to process the sign in request.");
}
}
internal static void CreateUser(UserModel user)
{
try
{
using (var context = new AuthContext())
{
var username = RsaUtil.Decrypt(user.UserName).ToLower();
if (context.User.FirstOrDefault(u => u.UserName == username) != null)
{
throw new DuplicateNameException("Duplicate user");
}
user.Salt = Guid.NewGuid().ToString();
user.Password = Sha256Encrypt(RsaUtil.Decrypt(user.Password), user.Salt);
user.UserName = username;
user.Name = RsaUtil.Decrypt(user.Name);
user.SymKey = AesUtil.GenerateSymmetricKey();
context.User.Add(user);
RsaUtil.GenerateUserRsaKeyPair(user.Id);
context.SaveChanges();
}
}
catch (DuplicateNameException de)
{
throw de;
}
catch (Exception e)
{
Logger.Error(e);
throw new Exception("Error when creating the user.");
}
}
internal static string Signin(SigninRequestModel signinRequest)
{
try
{
var userId = GetUserIdByUserName(RsaUtil.Decrypt(signinRequest.UserName).ToLower());
return(ValidateUser(userId, signinRequest.Password)
? AesUtil.Encrypt(AuthUtil.GenerateToken(userId), userId)
: string.Empty);
}
catch (Exception e)
{
Logger.Error(e);
throw new Exception("Failed to validate the user login.");
}
}
private static bool ValidateUser(Guid userId, string pwdEncrypted)
{
try
{
using (var context = new AuthContext())
{
var pwdHash = RsaUtil.Decrypt(pwdEncrypted, userId);
if (pwdHash == string.Empty)
{
return(false);
}
var userPwdHash = context.User.FirstOrDefault(u => u.Id == userId)?.Password ?? string.Empty;
return(pwdHash == userPwdHash);
}
}
catch (Exception e)
{
Logger.Error(e);
throw new Exception("Failed to validate the user login.");
}
}
internal static UserSecurityKeyModel GetUserSecurityKey(Guid userId)
{
try
{
using (var context = new AuthContext())
{
var user = context.User.FirstOrDefault(u => u.Id == userId);
return(new UserSecurityKeyModel
{
Salt = RsaUtil.Encrypt(user?.Salt ?? string.Empty, userId, true),
UserAesKey = RsaUtil.Encrypt(user?.SymKey ?? string.Empty, userId, true),
UserRsaPublicKey = RsaUtil.GetRsaKeyString(false, userId)
});
}
}
catch (Exception e)
{
Logger.Error(e);
throw new Exception("Failed to get the user security key.");
}
}
public static string GenerateToken(Guid userId)
{
var rsa = new RSACryptoServiceProvider();
rsa.ImportParameters(RsaUtil.GetRsaParameters(true));
var secretKey = new RsaSecurityKey(rsa);
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.NameId, userId.ToString()),
new Claim(ClaimTypes.Role, "user")
};
var token = new JwtSecurityToken(
issuer: Constant.Issuer,
audience: Constant.Audience,
claims: claims,
notBefore: DateTime.Now,
expires: DateTime.Now.AddDays(1),
signingCredentials: new SigningCredentials(secretKey, SecurityAlgorithms.RsaSha256)
);
return(new JwtSecurityTokenHandler().WriteToken(token));
}
