/// <summary>
/// Check the hash values of a collection of DG files with the stored hash values in a SOd file.
/// </summary>
/// <param name="dgFiles">DG files from which the hashes need to be checked.</param>
/// <param name="sod">SOd file containing hashes for the DG files.</param>
/// <returns>True if all hashes match the values in the SOd file or else false.</returns>
public static bool CheckHash(List<IDGFile> dgFiles, SODFile sod)
{
foreach (IDGFile dgFile in dgFiles)
{
if (!CheckHash(dgFile, sod))
return false;
}
return true;
}
/// <summary>
/// Check the hash values of a collection of DG files with the stored hash values in a SOd file.
/// </summary>
/// <param name="dgFiles">DG files from which the hashes need to be checked.</param>
/// <param name="sod">SOd file containing hashes for the DG files.</param>
/// <returns>True if all hashes match the values in the SOd file or else false.</returns>
public static bool CheckHash(List <IDGFile> dgFiles, SODFile sod)
{
foreach (IDGFile dgFile in dgFiles)
{
if (!CheckHash(dgFile, sod))
{
return(false);
}
}
return(true);
}
/// <summary>
/// Check the hash value of a specific DG file with the stored hash value in a SOd file.
/// </summary>
/// <param name="dgFile">DG file from which the hash needs to be checked.</param>
/// <param name="sod">SOd file containing the hash for the DG file.</param>
/// <returns>True if the hash of the DG file matches the value stored in the SOd file.</returns>
public static bool CheckHash(IDGFile dgFile, SODFile sod)
{
foreach (DataGroupHash hash in sod.GetDataGroupHashes())
{
if (hash.DataGroupNumber == dgFile.DataGroupNumber)
{
SHA256 sha256 = SHA256.Create();
byte[] dgHash = sha256.ComputeHash(dgFile.RawBytes);
byte[] sodHash = hash.DataGroupHashValue.GetOctets();
return(Compare(dgHash, sodHash));
}
}
throw new ArgumentException("Hash of DG" + dgFile.DataGroupNumber + " not found in SOd.");
}
/// <summary>
/// Check the hash value of a specific DG file with the stored hash value in a SOd file.
/// </summary>
/// <param name="dgFile">DG file from which the hash needs to be checked.</param>
/// <param name="sod">SOd file containing the hash for the DG file.</param>
/// <returns>True if the hash of the DG file matches the value stored in the SOd file.</returns>
public static bool CheckHash(IDGFile dgFile, SODFile sod)
{
foreach (DataGroupHash hash in sod.GetDataGroupHashes())
{
if (hash.DataGroupNumber == dgFile.DataGroupNumber)
{
SHA256 sha256 = SHA256.Create();
byte[] dgHash = sha256.ComputeHash(dgFile.RawBytes);
byte[] sodHash = hash.DataGroupHashValue.GetOctets();
return Compare(dgHash, sodHash);
}
}
throw new ArgumentException("Hash of DG" + dgFile.DataGroupNumber + " not found in SOd.");
}
static void Main(string[] args)
{
string bacstore = @"D:\AuthEP\svn\software\IDP\IDPWebsite\Bac\";
string ppid = "IHfP1FWxNwwvRTIBQ58xVVUnRAKZlWNPrJcHxzTF0k8=";
string host = "localhost";
int port = 9303;
if (args.Length > 0)
host = args[0];
if (args.Length > 1)
port = int.Parse(args[1]);
StreamReader reader = File.OpenText(bacstore + ppid + ".bac");
string docNumber = reader.ReadLine();
string dateOfBirth = reader.ReadLine();
string dateOfExpiry = reader.ReadLine();
reader.Close();
NetworkClient client = new NetworkClient(host, port);
client.SendBac(docNumber, dateOfBirth, dateOfExpiry);
List<IDGFile> dgFiles = new List<IDGFile>();
DG1File dg1 = new DG1File(client.GetDG(IDGFile.EF_DG1_TAG));
DG15File dg15 = new DG15File(client.GetDG(IDGFile.EF_DG15_TAG));
dgFiles.Add(dg1);
dgFiles.Add(dg15);
SODFile sod = new SODFile(client.GetDG(IDGFile.EF_SOD_TAG));
Console.WriteLine("Hello " + dg1.MRZ.getPrimaryIdentifier());
bool hashCheck = Verification.CheckHash(dgFiles, sod);
Console.WriteLine("Hash check result - " + hashCheck);
if (sod.CheckDocSignature())
{
Console.WriteLine("SOd signature Check - PASSED!");
Console.WriteLine("Issuing state - {0}", dg1.MRZ.getIssuingState().getName());
}
else
Console.WriteLine("SOd signature Check - FAILED!");
Random random = new Random();
byte[] message = new byte[8];
random.NextBytes(message);
byte[] signature = client.SendChallenge(message);
bool aaCheck = Verification.CheckAA(dg15.PublicKey, message, signature);
Console.WriteLine("AA Check - " + aaCheck);
client.Dispose();
}
/// <summary>
/// The WS-Trust Issue binding.
/// </summary>
/// <param name="request">A RequestSecurityToken (or RequestSecurityTokenResponse) message, with WS-Addressing Action http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue </param>
/// <returns>A RequestSecurityTokenResponse message.</returns>
public Message Issue(Message request)
{
try
{
OperationContext context = OperationContext.Current;
MessageProperties messageProperties = context.IncomingMessageProperties;
RemoteEndpointMessageProperty endpointProperty =
messageProperties[RemoteEndpointMessageProperty.Name] as RemoteEndpointMessageProperty;
Console.WriteLine("Request from {0}:{1}", endpointProperty.Address, endpointProperty.Port);
if (request == null)
{
throw new ArgumentNullException("request");
}
//Console.WriteLine("REQUEST: " + request.ToString());
// Parse the incoming request, an RST
RST rst = new RST(request.GetReaderAtBodyContents());
//Console.WriteLine("new request (" + DateTime.Now.ToLongTimeString() + ") " + rst.KeyType);
Console.WriteLine();
// Try to find the PPID in the claimsets
string ppid = "";
AuthorizationContext ctx = OperationContext.Current.ServiceSecurityContext.AuthorizationContext;
foreach (ClaimSet claimSet in ctx.ClaimSets)
{
foreach (Claim c in claimSet)
{
if (c.ClaimType == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier")
ppid = c.Resource.ToString();
Console.WriteLine("incoming claim: " + c.ClaimType + " resource: " + c.Resource.ToString());
}
}
string ppidBase64 = BytesToHex(UTF8Encoding.UTF8.GetBytes(ppid));
Console.WriteLine("ppid: " + ppid + " hex: "+ppidBase64);
string bacPath = ConfigurationManager.AppSettings["bacstore"] + ppidBase64 + ".bac";
Console.WriteLine("BacPath: " + bacPath);
StreamReader reader = File.OpenText(bacPath);
string docNumber = reader.ReadLine();
string dateOfBirth = reader.ReadLine();
string dateOfExpiry = reader.ReadLine();
reader.Close();
Console.WriteLine("BAC: " + docNumber + "<<<" + dateOfBirth + "<<<" + dateOfExpiry);
//NetworkClient client = new NetworkClient(endpointProperty.Address, 9303);
NetworkClient client = new NetworkClient(NetworkListener.IncomingClients[endpointProperty.Address]);
Console.WriteLine("NetworkClient found: " + client.ToString());
client.SendBac(docNumber, dateOfBirth, dateOfExpiry);
Console.WriteLine("BAC Send");
DG1File dg1 = new DG1File(client.GetDG(IDGFile.EF_DG1_TAG));
Console.WriteLine("DG1 Received");
DG15File dg15 = new DG15File(client.GetDG(IDGFile.EF_DG15_TAG));
Console.WriteLine("DG15 Received");
SODFile sod = new SODFile(client.GetDG(IDGFile.EF_SOD_TAG));
Console.WriteLine("SOD Received");
bool sodCheck = sod.CheckDocSignature();
Console.WriteLine("SOD DOC SIGNATURE CHECK: " + sodCheck);
bool hashCheck = Verification.CheckHash(dg1, sod);
Console.WriteLine("HASH CHECK DG1: " + hashCheck);
Random random = new Random();
byte[] message = new byte[8];
random.NextBytes(message);
byte[] signature = client.SendChallenge(message);
bool aaCheck = Verification.CheckAA(dg15.PublicKey, message, signature);
Console.WriteLine("AA CHECK: " + aaCheck);
client.Dispose();
RSTR rstr =null;
// Process the request and generate an RSTR
if (hashCheck && sodCheck && aaCheck)
rstr = new RSTR(rst, ppid, dg1.MRZ);
else
return null;
// Generate a response message
Message response = Message.CreateMessage(MessageVersion.Default, Constants.WSTrust.Actions.IssueResponse, rstr);
// Set the RelatesTo
if ( request.Headers.MessageId != null )
{
response.Headers.RelatesTo = request.Headers.MessageId;
}
else
{
// not supported in this sample
throw new NotSupportedException("Caller must provide a Message Id");
}
// Send back to the caller
return response;
}
catch (Exception e)
{
throw WSTrustFaultException.FromException(e);
}
}