private string GetApproveSignature(RequestActionDto action, ApproveCommand command)
{
var data = new
{
action.Timestamp,
action.ActionType,
command.Approved,
command.Comments,
EmployeeId = action.Employee.Id,
CreditRequestId = action.CreditRequest.Id,
Duration = action.CreditRequest.MonthDuration,
Sum = action.CreditRequest.CreditSum.Value,
SumCurrencyId = action.CreditRequest.CreditSum.Currency.Id,
CreditTypeId = action.CreditRequest.CreditType.Id
};
var json = JsonConvert.SerializeObject(data);
return(_signatureService.Sign(json, action.Employee.User.Key).Value);
}
public async Task <RegistrationResult> Register(RegistrationRequest request)
{
var result = new RegistrationResult {
Success = false
};
if (validation.IsValid(request))
{
result.Signature = await signatureService.Sign(request);
result.Success = true;
}
return(result);
}
public async Task <string> Perform(string message)
{
return(_signatureService.Sign(message));
}
private bool TrySendKeyBatchToTheGateway(TemporaryExposureKeyGatewayBatchProtoDto protoBatch, SortOrder keySortOrderForSignature)
{
var upoadKeysEndpointUrl = _euGatewayConfig.UrlNormalized + EuGatewayContract.Endpoint.KeysUploadEndpoint;
var batchBytes = protoBatch.ToByteArray();
//sign
var signing = _signatureService.Sign(protoBatch, keySortOrderForSignature);
var signingBase64 = _encodingService.EncodeToBase64(signing);
var body = new ByteArrayContent(batchBytes);
var uniqueTag = DateTimeOffset.UtcNow.ToUnixTimeMilliseconds().ToString();
body.Headers.Add("batchTag", uniqueTag);
body.Headers.Add("Content-Type", "application/protobuf;version=1.0");
body.Headers.Add("batchSignature", signingBase64);
var response = _gatewayHttpClient.PostAsync(upoadKeysEndpointUrl, body).Result;
var message = response.Content.ReadAsStringAsync().Result;
var code = response.StatusCode;
switch (code)
{
case System.Net.HttpStatusCode.OK:
_logger.LogInformation($"Response - OK. Message: {message}");
var containsHtml = message.Contains("<body>");
_logger.LogError($"UeGateway response with code 200 with HTML in the response: {containsHtml}. UeGateway Server is down!");
// Server is down - https://github.com/eu-federation-gateway-service/efgs-federation-gateway/issues/151
break;
case System.Net.HttpStatusCode.Created:
_logger.LogInformation("Keys successfully uploaded.");
return(true);
case System.Net.HttpStatusCode.MultiStatus:
_logger.LogWarning($"Data partially added with warnings: {message}.");
return(true);
case System.Net.HttpStatusCode.BadRequest:
_logger.LogError($"Bad request: {message}");
break;
case System.Net.HttpStatusCode.Forbidden:
_logger.LogError($"Forbidden call in cause of missing or invalid client certificate. Message: {message}");
break;
case System.Net.HttpStatusCode.NotAcceptable:
_logger.LogError($"Data format or content is not valid. Massage:{message}");
break;
case System.Net.HttpStatusCode.Conflict:
_logger.LogError($"Data already exist. Message: {message}");
break;
case System.Net.HttpStatusCode.RequestEntityTooLarge:
_logger.LogError($"Payload to large. Message: {message}");
break;
case System.Net.HttpStatusCode.InternalServerError:
_logger.LogError($"Are not able to write data. Retry please. Message: {message}");
break;
default:
_logger.LogError($"Response code was not recognized. Status code: {code}, message: {message}");
break;
}
return(false);
}
public ResponseDTO <Session> SsoLogin(SsoUserRequestDTO request)
{
ResponseDTO <Session> response = new ResponseDTO <Session>();
// Before anything happens, validate that this request is coming from the known sso server
if (!_signatureService.isValidSignature(request.GetStringToSign(), request.Signature))
{
response.Data = null;
response.Error = "My signature: " + _signatureService.Sign(request.GetStringToSign()) + " Compared to: " + request.Signature;
_loggerService.LogError(LogConstants.FAIL_LOGIN, request.SsoUserId, "", response.Error, "");
return(response);
}
// Protect against replay attacks by checking the timestamp
if (DateTimeOffset.Now.AddSeconds(5).ToUnixTimeMilliseconds() < request.Timestamp)
{
response.Data = null;
response.Error = ErrorStrings.OLD_SSO_REQUEST;
_loggerService.LogError(LogConstants.FAIL_LOGIN, request.SsoUserId, "", response.Error, "");
return(response);
}
// Convert request SsoId into Guid
Guid ssoId = new Guid(request.SsoUserId);
// Search for user in database
ResponseDTO <UserAccountDTO> userAccountResponse = _userManagementService.GetUserBySsoId(ssoId);
UserAccountDTO userDTO = userAccountResponse.Data;
// If the user does not exist in the data store, register the user as a standard user
if (userAccountResponse.Data == null)
{
// Verify the email is not null
if (request.Email == null)
{
response.Data = null;
response.Error = "User email may not be null.";
_loggerService.LogError(LogConstants.FAIL_LOGIN, request.SsoUserId, "", response.Error, "");
return(response);
}
// Create an unassigned user account
UserAccount user = new UserAccount()
{
SsoId = ssoId,
Username = request.Email,
IsActive = true,
AcceptedTOS = false,
RoleType = Roles.UNASSIGNED
};
List <Claim> newClaims = _claimService.GetUserClaims(Roles.UNASSIGNED, request.Email).Data;
// Add user to datastore
ResponseDTO <bool> createUserResponse = _userManagementService.CreateUser(user, newClaims);
// Check if user creation succeded
if (!createUserResponse.Data)
{
response.Data = null;
response.Error = createUserResponse.Error;
_loggerService.LogError(LogConstants.FAIL_LOGIN, request.SsoUserId, "", response.Error, "");
return(response);
}
// User now exists in database, proceed with login as normal
userDTO = new UserAccountDTO(user);
}
// Create session for user
ResponseDTO <Session> sessionResponseDTO = _sessionService.CreateSession(userDTO.Id);
_loggerService.LogAction(LogConstants.ACTION_LOGIN, userDTO.SsoId.ToString(), sessionResponseDTO.Data.SessionId.ToString());
return(sessionResponseDTO);
}