public string GetPaymentAuthorization([FromBody] string xmlData) { string response; // creating object of CultureInfo CultureInfo cultures = new CultureInfo("en-US"); try { XmlDocument doc = new XmlDocument(); doc.LoadXml(xmlData); #region data fetched from xml string senderVirtualIdString, senderInstitutionIdString, receiverVirtualIdString, referenceNumberString, amountString, otherInfo; senderVirtualIdString = doc.GetElementsByTagName("SenderVID").Item(0).Attributes["value"].Value; senderInstitutionIdString = doc.GetElementsByTagName("SenderInstID").Item(0).Attributes["value"].Value; receiverVirtualIdString = doc.GetElementsByTagName("ReceiverVID").Item(0).Attributes["value"].Value; referenceNumberString = doc.GetElementsByTagName("ReferenceNo").Item(0).Attributes["value"].Value; amountString = doc.GetElementsByTagName("TxnAmount").Item(0).Attributes["value"].Value; otherInfo = doc.GetElementsByTagName("OtherInfo").Item(0).Attributes["value"].Value; #endregion double amount = 0; amount = System.Convert.ToDouble(amountString, cultures); IDTPUserEntity iDTPUserEntitySender = _businessLayer.GetAllIDTPUserEntities().Where(x => x.VirtualId == senderVirtualIdString).FirstOrDefault(); IDTPUserEntity iDTPUserEntityReceiver = _businessLayer.GetAllIDTPUserEntities().Where(x => x.VirtualId == receiverVirtualIdString).FirstOrDefault(); bool status = false; // TODO: we will add payment authorization rules validation here if (iDTPUserEntitySender != null && iDTPUserEntityReceiver != null) { response = IDTPXmlParser.PrepareSuccessResponse("PaymentAuthorizationResponse", "ReferenceNumber", referenceNumberString); status = true; } else { response = IDTPXmlParser.PrepareFailResponse("PaymentAuthorizationResponse"); status = false; } PaymentAuthorization paymentAuthorization = new PaymentAuthorization { SenderId = iDTPUserEntitySender.Id, ReceiverId = iDTPUserEntityReceiver.Id, Amount = amount, Status = status, OtherInfo = otherInfo, CreatedOn = DateTime.Now, ModifiedOn = DateTime.Now, EntityState = EntityState.Added }; _businessLayer.AddPaymentAuthorization(paymentAuthorization); return(response); } catch (Exception) { response = IDTPXmlParser.PrepareFailResponse("PaymentAuthorizationResponse"); return(response); } }
public async Task <IActionResult> SmartCardDigitalSignatureCallback([FromBody] SmartCardAuthorizationResponse smartCardAuthorizationResponse) { var sub = HttpContext.User.Claims.FirstOrDefault(x => x.Type == "sub")?.Value; if (string.IsNullOrEmpty(sub)) { return(Json(new { success = false })); } var user = await _users.FindByIdAsync(sub); if (user == null) { return(Json(new { success = false })); } if (smartCardAuthorizationResponse == null || string.IsNullOrEmpty(smartCardAuthorizationResponse.Certificate) || string.IsNullOrEmpty(smartCardAuthorizationResponse.Token)) { return(Json(new { success = false })); } var certificate = CertificateUtilities.GetAndValidateCertificate(smartCardAuthorizationResponse.Certificate, _authContext); if (certificate == null) { return(Json(new { success = false })); } //Get session data var paymentId = HttpContext.Session.GetString("smartCard.paymentId"); var payload = HttpContext.Session.GetString("smartCard.payload"); var verifyResult = JwtUtils.ValidateJWT( certificate, smartCardAuthorizationResponse.Token, smartCardAuthorizationResponse.Algorithm, payload); //Verify that decoded payload is the same as sent payload if (verifyResult) { try { //Store authorization var payment = _authContext.Payments.First(x => x.Id == paymentId); var paymentAuthorization = new PaymentAuthorization() { AuthenticatorData = smartCardAuthorizationResponse.Certificate, AuthorizationDateTime = DateTime.Now, Payment = payment, Signature = smartCardAuthorizationResponse.Token, Type = (int)DeviceType.SMART_CARD }; payment.Status = "authorized"; _authContext.PaymentAuthorizations.Add(paymentAuthorization); _authContext.SaveChanges(); return(Json(new { success = true })); } catch (Exception e) { return(Json(new { success = false })); } } else { return(Json(new { success = false })); } }
public async Task <IActionResult> AssertDigitalSignatureResult([FromBody] AuthenticatorAssertionRawResponse clientResponse) { var sub = HttpContext.User.Claims.FirstOrDefault(x => x.Type == "sub")?.Value; if (string.IsNullOrEmpty(sub)) { return(Json(new { success = false })); } var user = await _users.FindByIdAsync(sub); if (user == null) { return(Json(new { success = false })); } try { // 1. Get the assertion options we sent the client var jsonOptions = HttpContext.Session.GetString("fido2.assertionOptions"); var options = AssertionOptions.FromJson(jsonOptions); // 2. Get registered credential from database var creds = _authContext.FidoLogins.FirstOrDefault(x => x.PublicKeyIdBytes.SequenceEqual(clientResponse.Id) && x.UserId == user.Id); //DemoStorage.GetCredentialById(clientResponse.Id); if (creds == null) { return(Json(new { success = false })); } // 3. Get credential counter from database var storedCounter = creds.SignatureCounter; // 4. Create callback to check if userhandle owns the credentialId IsUserHandleOwnerOfCredentialIdAsync callback = async(args) => { return(_authContext.FidoLogins.FirstOrDefault(x => x.UserHandle.SequenceEqual(args.UserHandle) && x.PublicKeyIdBytes.SequenceEqual(args.CredentialId)) != null); }; // 5. Make the assertion var res = await _lib.MakeAssertionAsync(clientResponse, options, creds.PublicKey, storedCounter, callback); if (!string.IsNullOrEmpty(res.ErrorMessage)) { return(Json(new { success = false, error = res.ErrorMessage })); } var paymentId = HttpContext.Session.GetString("fido2.paymentId"); var payment = _authContext.Payments.First(x => x.Id == paymentId); var signature = Fido2NetLib.Base64Url.Encode(clientResponse.Response.Signature); var paymentAuthorization = new PaymentAuthorization() { Payment = payment, PublicKeyId = creds.PublicKeyId, Signature = signature, Type = (int)DeviceType.FIDO2, AuthorizationDateTime = DateTime.Now, ClientData = Fido2NetLib.Base64Url.Encode(clientResponse.Response.ClientDataJson), AuthenticatorData = Fido2NetLib.Base64Url.Encode(clientResponse.Response.AuthenticatorData) }; _authContext.PaymentAuthorizations.Add(paymentAuthorization); payment.Status = "authorized"; // 6. Store the updated counter creds.SignatureCounter = res.Counter; _authContext.SaveChanges(); // 7. return OK to client return(Json(new { signature, success = true })); } catch (Exception e) { return(Json(new { success = false })); } }