public ChallengeResponse ProcessProvisionRequest(HttpRequestMessage Request, ClientTransaction client)
{
if (Request == null)
{
HttpResponseException e = new HttpResponseException(System.Net.HttpStatusCode.InternalServerError);
options.LogThrownException(e);
throw e;
}
// Update client state
if (client == null || !client.sigmaSequenceCheck.UpdateState(Constants.SequenceState.Provision))
{
throw new HttpResponseException(System.Net.HttpStatusCode.PreconditionFailed);
}
// For a non-local server scenario, a timing
// method that dumps the pseudo session and reinitializes the
// sigmaSequenceCheck object after some time has elapsed should be implemented.
// Look at the incoming request content and verify the request.
var result = Request.Content.ReadAsStringAsync();
string jsonProvRequest = result.Result;
ProvisionRequestMessage provReqRecieved = new ProvisionRequestMessage();
try
{
provReqRecieved = JsonConvert.DeserializeObject <ProvisionRequestMessage>(jsonProvRequest);
}
catch (Exception provReqError)
{
log.DebugFormat("******* Provisioning Request JSON Content Error: {0}", provReqError);
throw new HttpResponseException(System.Net.HttpStatusCode.InternalServerError);
}
string recievedPstring = provReqRecieved.GetMsgString();
log.DebugFormat("Received Provisioning Request: {0}{1}", Request.Headers, jsonProvRequest);
log.DebugFormat("Prov Base16 Encoded String: {0}", recievedPstring);
// Validate the recieved provisioning request
// If the server received a valid request, create the response.
// Since the provisioning request is fixed and known in advance,
// build a reference base16 representation and compare
// with a similar base16 representation of the recieved message.
ProvisionRequestMessage referenceP = new ProvisionRequestMessage();
string refPstring = null;
bMessage.buildProvisioningRequest(out referenceP, out refPstring);
// Compare base16 encoded message strings and if equal, start
// the sequence by returning a challenge response.
// Since this was a valid provisioning request, create the challenge response.
ChallengeResponse challengeResponseMessage = new RaSpRef.ChallengeResponse();
// Build a populated challenge response object
bMessage.buildChallengeResponse(out challengeResponseMessage);
challengeResponseMessage.respHeader.sessionNonce = client.sigmaSequenceCheck.currentNonce;
// capture the nonce as the "current nonce"
//client.sigmaSequenceCheck.currentNonce = challengeResponseMessage.respHeader.sessionNonce;
// Since this is the start of a new sequence, set the provisioningInProgress flag
client.sigmaSequenceCheck.provisioningInProgress = true;
log.Info("*********** Provisioning Request Valid - Sending Challenge Response");
string challengeMsgJsonString = JsonConvert.SerializeObject(challengeResponseMessage);
log.DebugFormat("\nChallenge Message JSON String: {0}\n\n", challengeMsgJsonString);
return(challengeResponseMessage);
}
/// <summary>
/// Create a new Provision/Remote Attestation request
/// Processes provision request and creates a Challenge response to send to a client
/// </summary>
/// <param name="data">Thread Data, input parameter (HttpRequestMessage) from the client</param>
public void CreateNewRequest(object data)
{
challengeResponse = null;
log.Debug("CreateNewRequest(.) started.");
try
{
if (data == null)
{
HttpResponseException e = new HttpResponseException(System.Net.HttpStatusCode.InternalServerError);
options.LogThrownException(e);
throw e;
}
HttpRequestMessage request = (HttpRequestMessage)data;
var result = request.Content.ReadAsStringAsync();
string jsonMsgRequest = result.Result;
ProvisionRequestMessage pReceived = JsonConvert.DeserializeObject <ProvisionRequestMessage>(jsonMsgRequest);
// Get client ID so we can track it
string clientID = ClientDatabase.GetClientID(request, Constants.ProvisionStr);
mClient = new ClientTransaction(clientID);
mClient.sigmaSequenceCheck.currentNonce = pReceived.reqHeader.nonce;
ProvisionRequest provRequest = new ProvisionRequest();
ChallengeResponse tChallengeResponse = provRequest.ProcessProvisionRequest(request, mClient);
// Add new client to request database only if successful
if (!ClientDatabase.AddClient(mClient))
{
HttpResponseException e = new HttpResponseException(System.Net.HttpStatusCode.Conflict);
options.LogThrownException(e);
throw e;
}
log.Info("\n ***** State: Starting Provision request for client: " + mClient.ID + "\n");
// Update client state
if (!mClient.sigmaSequenceCheck.UpdateState(Constants.SequenceState.Challenge))
{
HttpResponseException e = new HttpResponseException(System.Net.HttpStatusCode.PreconditionFailed);
options.LogThrownException(e);
throw e;
}
// Set Client State
challengeResponse = tChallengeResponse;
}
catch (HttpResponseException re)
{
options.LogCaughtException(re);
httpRE = re;
}
catch (Exception ex)
{
options.LogCaughtException(ex);
threadException = ex;
}
finally
{
log.Debug("CreateNewRequest(.) returning.");
}
}
