public override int Run(string[] remainingArguments)
{
try
{
var license = _uow.Settings.Get(QueryExpressionFactory.GetQueryExpression <tbl_Setting>()
.Where(x => x.ConfigKey == "RebexLicense").ToLambda()).OrderBy(x => x.Created)
.Last();
Rebex.Licensing.Key = license.ConfigValue;
AsymmetricKeyAlgorithm.Register(Curve25519.Create);
AsymmetricKeyAlgorithm.Register(Ed25519.Create);
AsymmetricKeyAlgorithm.Register(EllipticCurveAlgorithm.Create);
if (string.IsNullOrEmpty(_privKeyPass))
{
Console.Out.Write(" *** Enter password for the private key *** : ");
_privKeyPass = StandardInput.GetHiddenInput();
}
if (string.IsNullOrEmpty(_pubKeyComment))
{
Console.Out.Write(" *** Enter user@hostname or a comment for the public key *** : ");
_pubKeyComment = StandardInput.GetInput();
}
Console.Out.WriteLine();
Console.Out.WriteLine("Opened " + _path.FullName);
KeyHelper.ImportPrivKey(_conf, _uow, _user, _privKeyPass, SignatureHashAlgorithm.SHA256, _pubKeyComment, new FileInfo(_path.FullName));
return(StandardOutput.FondFarewell());
}
catch (Exception ex)
{
return(StandardOutput.AngryFarewell(ex));
}
}
public void Repo_AuthActivity_CreateV1_Success()
{
var data = new TestDataFactory(UoW);
data.Destroy();
data.CreateAudiences();
var audience = UoW.Audiences.Get(QueryExpressionFactory.GetQueryExpression <tbl_Audience>()
.Where(x => x.Name == TestDefaultConstants.AudienceName).ToLambda())
.Single();
var result = UoW.AuthActivity.Create(
Mapper.Map <tbl_AuthActivity>(new AuthActivityV1()
{
AudienceId = audience.Id,
LoginType = GrantFlowType.ClientCredentialV2.ToString(),
LoginOutcome = GrantFlowResultType.Success.ToString(),
}));
UoW.Commit();
result.Should().BeAssignableTo <tbl_AuthActivity>();
}
public void CreateLogins()
{
/*
* create test logins
*/
foundLogin = _uow.Logins.Get(QueryExpressionFactory.GetQueryExpression <tbl_Login>()
.Where(x => x.Name == TestDefaultConstants.LoginName).ToLambda())
.SingleOrDefault();
if (foundLogin == null)
{
foundLogin = _uow.Logins.Create(
_map.Map <tbl_Login>(new LoginV1()
{
Name = TestDefaultConstants.LoginName,
LoginKey = AlphaNumeric.CreateString(16),
IsDeletable = true,
}));
_uow.Commit();
}
}
public void Repo_States_UpdateV1_Success()
{
var data = new TestDataFactory(UoW);
data.Destroy();
data.CreateUserStates();
var user = UoW.Users.Get(QueryExpressionFactory.GetQueryExpression <tbl_User>()
.Where(x => x.UserName == TestDefaultConstants.UserName).ToLambda())
.Single();
var state = UoW.States.Get(QueryExpressionFactory.GetQueryExpression <tbl_State>()
.Where(x => x.UserId == user.Id).ToLambda())
.First();
state.StateConsume = true;
var result = UoW.States.Update(state);
UoW.Commit();
result.Should().BeAssignableTo <tbl_State>();
}
public IActionResult DeleteV1([FromRoute] Guid claimID)
{
var claim = uow.Claims.Get(QueryExpressionFactory.GetQueryExpression <tbl_Claim>()
.Where(x => x.Id == claimID).ToLambda())
.SingleOrDefault();
if (claim == null)
{
ModelState.AddModelError(MessageType.ClaimNotFound.ToString(), $"Claim:{claimID}");
return(NotFound(ModelState));
}
if (!claim.IsDeletable)
{
ModelState.AddModelError(MessageType.ClaimImmutable.ToString(), $"Claim:{claimID}");
return(BadRequest(ModelState));
}
uow.Claims.Delete(claim);
uow.Commit();
return(NoContent());
}
public override int Run(string[] remainingArguments)
{
try
{
if (!string.IsNullOrEmpty(_privKeyPass))
{
Console.Out.Write(" *** Enter password for the private key *** : ");
_privKeyPass = StandardInput.GetHiddenInput();
}
else
{
_privKeyPass = AlphaNumeric.CreateString(32);
Console.Out.WriteLine($" *** The password for the private key *** : {_privKeyPass}");
}
if (string.IsNullOrEmpty(_pubKeyComment))
{
_pubKeyComment = Dns.GetHostName();
}
var privKey = KeyHelper.CreatePrivKey(_conf, _uow, _user, _keyAlgo, _privKeySize, _privKeyPass, SignatureHashAlgorithm.SHA256, _pubKeyComment);
var pubKey = _uow.PublicKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PublicKey>()
.Where(x => x.PrivateKeyId == privKey.Id).ToLambda())
.Single();
Console.Out.WriteLine();
Console.Out.WriteLine($"{privKey.KeyValue}");
Console.Out.WriteLine($"{pubKey.KeyValue}");
return(StandardOutput.FondFarewell());
}
catch (Exception ex)
{
return(StandardOutput.AngryFarewell(ex));
}
}
public LoginDeleteCommand()
{
_conf = (IConfiguration) new ConfigurationBuilder()
.AddJsonFile("clisettings.json", optional: false, reloadOnChange: true)
.Build();
_map = new MapperConfiguration(x => x.AddProfile <AutoMapperProfile_EF6>())
.CreateMapper();
var env = new ContextService(InstanceContext.DeployedOrLocal);
_uow = new UnitOfWork(_conf["Databases:IdentityEntities_EF6"], env);
_service = new AdminService(_conf)
{
Grant = new ResourceOwnerGrantV2(_conf)
};
IsCommand("login-delete", "Delete login");
HasRequiredOption("l|login="******"Enter existing login", arg =>
{
if (string.IsNullOrEmpty(arg))
{
throw new ConsoleHelpAsException($" *** No login given ***");
}
_login = _uow.Logins.Get(QueryExpressionFactory.GetQueryExpression <E_Login>()
.Where(x => x.Name == arg).ToLambda())
.SingleOrDefault();
if (_login == null)
{
throw new ConsoleHelpAsException($" *** No login '{arg}' ***");
}
});
}
public UserCreateCommands()
{
IsCommand("user-create", "Create user");
HasRequiredOption("u|user="******"Enter user that does not exist already", arg =>
{
if (string.IsNullOrEmpty(arg))
{
throw new ConsoleHelpAsException($" *** No user given ***");
}
_conf = (IConfiguration) new ConfigurationBuilder()
.AddJsonFile("clisettings.json", optional: false, reloadOnChange: true)
.Build();
var instance = new ContextService(InstanceContext.DeployedOrLocal);
_uow = new UnitOfWork(_conf["Databases:AuroraEntities"], instance);
var user = _uow.Users.Get(QueryExpressionFactory.GetQueryExpression <tbl_User>()
.Where(x => x.IdentityAlias == arg).ToLambda()).SingleOrDefault();
if (user != null)
{
throw new ConsoleHelpAsException($" *** The user '{arg}' alreay exists ***");
}
_userName = arg;
});
HasRequiredOption("f|filesystem=", "Enter type of filesystem for user", arg =>
{
if (!Enum.TryParse(arg, out _fileSystem))
{
throw new ConsoleHelpAsException($"*** Invalid filesystem type. Options are '{_fileSystemList}' ***");
}
});
}
public void CreateIssuers()
{
/*
* create test issuers
*/
foundIssuer = _uow.Issuers.Get(QueryExpressionFactory.GetQueryExpression <E_Issuer>()
.Where(x => x.Name == TestDefaultConstants.IssuerName).ToLambda())
.SingleOrDefault();
if (foundIssuer == null)
{
foundIssuer = _uow.Issuers.Create(
_map.Map <E_Issuer>(new IssuerV1()
{
Name = TestDefaultConstants.IssuerName,
IssuerKey = TestDefaultConstants.IssuerKey,
IsEnabled = true,
IsDeletable = true,
}));
_uow.Commit();
}
}
public void Repo_EmailQueue_CreateV1_Success()
{
var data = new TestDataFactory(UoW);
data.Destroy();
data.CreateEmails();
var user = UoW.Users.Get(QueryExpressionFactory.GetQueryExpression <tbl_User>()
.Where(x => x.UserName == TestDefaultConstants.UserName).ToLambda())
.First();
var result = UoW.EmailQueue.Create(
Mapper.Map <tbl_EmailQueue>(new EmailV1()
{
FromEmail = user.EmailAddress,
ToEmail = user.EmailAddress,
Subject = "Subject-" + AlphaNumeric.CreateString(4),
Body = "Body" + AlphaNumeric.CreateString(4),
}));
UoW.Commit();
result.Should().BeAssignableTo <tbl_EmailQueue>();
}
public void Repo_States_CreateV1_Success()
{
var data = new TestDataFactory(UoW);
data.Destroy();
data.CreateUserStates();
var issuer = UoW.Issuers.Get(QueryExpressionFactory.GetQueryExpression <tbl_Issuer>()
.Where(x => x.Name == TestDefaultConstants.IssuerName).ToLambda())
.Single();
var audience = UoW.Audiences.Get(QueryExpressionFactory.GetQueryExpression <tbl_Audience>()
.Where(x => x.Name == TestDefaultConstants.AudienceName).ToLambda())
.Single();
var user = UoW.Users.Get(QueryExpressionFactory.GetQueryExpression <tbl_User>()
.Where(x => x.UserName == TestDefaultConstants.UserName).ToLambda())
.Single();
var result = UoW.States.Create(
Mapper.Map <tbl_State>(new StateV1()
{
IssuerId = issuer.Id,
AudienceId = audience.Id,
UserId = user.Id,
StateValue = AlphaNumeric.CreateString(32),
StateType = ConsumerType.Device.ToString(),
StateConsume = false,
ValidFromUtc = DateTime.UtcNow,
ValidToUtc = DateTime.UtcNow.AddSeconds(60),
}));
UoW.Commit();
result.Should().BeAssignableTo <tbl_State>();
}
public IActionResult GetV1([FromBody] DataStateV1 state)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
try
{
var result = new DataStateV1Result <UserV1>
{
Data = map.Map <IEnumerable <UserV1> >(
uow.Users.Get(
map.MapExpression <Expression <Func <IQueryable <tbl_User>, IQueryable <tbl_User> > > >(
QueryExpressionFactory.GetQueryExpression <tbl_User>().ApplyState(state)),
new List <Expression <Func <tbl_User, object> > >()
{
x => x.tbl_AuthActivities,
x => x.tbl_UserClaims,
x => x.tbl_UserLogins,
x => x.tbl_UserRoles,
})),
Total = uow.Users.Count(
map.MapExpression <Expression <Func <IQueryable <tbl_User>, IQueryable <tbl_User> > > >(
QueryExpressionFactory.GetQueryExpression <tbl_User>().ApplyPredicate(state)))
};
return(Ok(result));
}
catch (QueryExpressionException ex)
{
ModelState.AddModelError(MessageType.ParseError.ToString(), ex.ToString());
return(BadRequest(ModelState));
}
}
internal static tbl_UserFile FilePathToEntity(IUnitOfWork uow, tbl_User user, string path)
{
if (path.FirstOrDefault() == '/')
{
path = path.Substring(1);
}
var pathBits = path.Split("/");
var filePath = path.Split("/").Last();
var folderPath = string.Empty;
for (int i = 0; i <= pathBits.Count() - 2; i++)
{
folderPath += "/" + pathBits.ElementAt(i);
}
var folder = FolderPathToEntity(uow, user, folderPath);
var file = uow.UserFiles.Get(QueryExpressionFactory.GetQueryExpression <tbl_UserFile>()
.Where(x => x.IdentityId == user.IdentityId && x.FolderId == folder.Id && x.VirtualName == filePath).ToLambda())
.SingleOrDefault();
return(file);
}
public void Repo_Roles_CreateV1_Success()
{
var data = new TestDataFactory(UoW);
data.Destroy();
data.CreateRoles();
var audience = UoW.Audiences.Get(QueryExpressionFactory.GetQueryExpression <tbl_Audience>()
.Where(x => x.Name == TestDefaultConstants.AudienceName).ToLambda())
.Single();
var result = UoW.Roles.Create(
Mapper.Map <tbl_Role>(new RoleV1()
{
AudienceId = audience.Id,
Name = TestDefaultConstants.RoleName,
IsEnabled = true,
IsDeletable = true,
}));
UoW.Commit();
result.Should().BeAssignableTo <tbl_Role>();
}
public void Repo_Audiences_CreateV1_Success()
{
var data = new TestDataFactory(UoW);
data.Destroy();
data.CreateAudiences();
var issuer = UoW.Issuers.Get(QueryExpressionFactory.GetQueryExpression <E_Issuer>()
.Where(x => x.Name == TestDefaultConstants.IssuerName).ToLambda())
.Single();
var result = UoW.Audiences.Create(
Mapper.Map <E_Audience>(new AudienceV1()
{
IssuerId = issuer.Id,
Name = TestDefaultConstants.AudienceName,
IsLockedOut = false,
IsDeletable = true,
}));
UoW.Commit();
result.Should().BeAssignableTo <E_Audience>();
}
public void CreateLogins()
{
/*
* create default logins
*/
foundLogin = _uow.Logins.Get(QueryExpressionFactory.GetQueryExpression <uvw_Login>()
.Where(x => x.Name == DefaultConstants.LoginName).ToLambda())
.SingleOrDefault();
if (foundLogin == null)
{
foundLogin = _uow.Logins.Create(
_map.Map <uvw_Login>(new LoginV1()
{
Name = DefaultConstants.LoginName,
LoginKey = DefaultConstants.LoginKey,
IsEnabled = true,
IsDeletable = false,
}));
_uow.Commit();
}
}
public void Repo_TextQueue_CreateV1_Success()
{
var data = new TestDataFactory(UoW);
data.Destroy();
data.CreateTexts();
var user = UoW.Users.Get(QueryExpressionFactory.GetQueryExpression <tbl_User>()
.Where(x => x.UserName == TestDefaultConstants.UserName).ToLambda())
.First();
var result = UoW.TextQueue.Create(
Mapper.Map <tbl_TextQueue>(new TextV1()
{
FromPhoneNumber = TestDefaultConstants.UserPhoneNumber,
ToPhoneNumber = TestDefaultConstants.UserPhoneNumber,
Body = "Body-" + Base64.CreateString(32),
SendAtUtc = DateTime.UtcNow,
}));
UoW.Commit();
result.Should().BeAssignableTo <tbl_TextQueue>();
}
public override int Run(string[] remainingArguments)
{
try
{
var dir = $"{Directory.GetCurrentDirectory()}{Path.DirectorySeparatorChar}.system";
if (!Directory.Exists(dir))
{
Directory.CreateDirectory(dir);
}
var keys = _uow.PublicKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PublicKey>()
.Where(x => x.IdentityId == null && x.Deletable == false).ToLambda(),
new List <Expression <Func <tbl_PublicKey, object> > >()
{
x => x.PrivateKey,
});
ConsoleHelper.StdOutKeyPairs(keys);
Console.Out.Write(" *** Enter GUID of public key to export *** : ");
var input = Guid.Parse(StandardInput.GetInput());
var pubKey = keys.Where(x => x.Id == input).SingleOrDefault();
if (pubKey != null)
{
//public pkcs8 key format
var pubPkcs8File = new FileInfo(dir + Path.DirectorySeparatorChar + "pub." + SshPublicKeyFormat.Pkcs8.ToString().ToLower() + ".txt");
var pubPkcs8Bytes = KeyHelper.ExportPubKey(pubKey, SshPublicKeyFormat.Pkcs8);
File.WriteAllBytes(pubPkcs8File.FullName, pubPkcs8Bytes);
Console.Out.WriteLine("Created " + pubPkcs8File);
//public ssh2base64 key format
var pubSsh2Base64File = new FileInfo(dir + Path.DirectorySeparatorChar + "pub." + SshPublicKeyFormat.Ssh2Base64.ToString().ToLower() + ".txt");
var pubSsh2Base64Bytes = KeyHelper.ExportPubKey(pubKey, SshPublicKeyFormat.Ssh2Base64);
File.WriteAllBytes(pubSsh2Base64File.FullName, pubSsh2Base64Bytes);
Console.Out.WriteLine("Created " + pubSsh2Base64File);
//public ssh2raw key format
var pubSsh2RawFile = new FileInfo(dir + Path.DirectorySeparatorChar + "pub." + SshPublicKeyFormat.Ssh2Raw.ToString().ToLower());
var pubSsh2RawBytes = KeyHelper.ExportPubKey(pubKey, SshPublicKeyFormat.Ssh2Raw);
File.WriteAllBytes(pubSsh2RawFile.FullName, pubSsh2RawBytes);
Console.Out.WriteLine("Created " + pubSsh2Base64File);
if (pubKey.PrivateKey != null)
{
var privKey = pubKey.PrivateKey;
//private key password in cleartext
var privKeyPassFile = new FileInfo(dir + Path.DirectorySeparatorChar + "cleartext_passowrd.txt");
File.WriteAllText(privKeyPassFile.FullName, AES.DecryptString(privKey.KeyPass, _conf["Databases:AuroraSecret"]));
Console.Out.WriteLine("Created " + privKeyPassFile);
//private newopenssh key format
var privNewOpenSshFile = new FileInfo(dir + Path.DirectorySeparatorChar + "priv." + SshPrivateKeyFormat.NewOpenSsh.ToString().ToLower() + ".txt");
var privNewOpenSshBytes = KeyHelper.ExportPrivKey(_conf, privKey, SshPrivateKeyFormat.NewOpenSsh, privKey.KeyPass);
File.WriteAllBytes(privNewOpenSshFile.FullName, privNewOpenSshBytes);
Console.Out.WriteLine("Created " + privNewOpenSshFile);
//private openssh key format
var privOpenSshFile = new FileInfo(dir + Path.DirectorySeparatorChar + "priv." + SshPrivateKeyFormat.OpenSsh.ToString().ToLower() + ".txt");
var privOpenSshBytes = KeyHelper.ExportPrivKey(_conf, privKey, SshPrivateKeyFormat.OpenSsh, privKey.KeyPass);
File.WriteAllBytes(privOpenSshFile.FullName, privOpenSshBytes);
Console.Out.WriteLine("Created " + privOpenSshFile);
//private pkcs8 key format
var privPcks8File = new FileInfo(dir + Path.DirectorySeparatorChar + "priv." + SshPrivateKeyFormat.Pkcs8.ToString().ToLower() + ".txt");
var privPcks8Bytes = KeyHelper.ExportPrivKey(_conf, privKey, SshPrivateKeyFormat.Pkcs8, privKey.KeyPass);
File.WriteAllBytes(privPcks8File.FullName, privPcks8Bytes);
Console.Out.WriteLine("Created " + privPcks8File);
//private putty key format
var privPuttyFile = new FileInfo(dir + Path.DirectorySeparatorChar + "priv." + SshPrivateKeyFormat.Putty.ToString().ToLower() + ".txt");
var privPuttyBytes = KeyHelper.ExportPrivKey(_conf, privKey, SshPrivateKeyFormat.Putty, privKey.KeyPass);
File.WriteAllBytes(privPuttyFile.FullName, privPuttyBytes);
Console.Out.WriteLine("Created " + privPuttyFile);
}
}
else
{
throw new ConsoleHelpAsException($" *** Public key with GUID {input} not found ***");
}
return(StandardOutput.FondFarewell());
}
catch (Exception ex)
{
return(StandardOutput.AngryFarewell(ex));
}
}
public void CreateAudiences()
{
if (foundIssuer == null)
{
CreateIssuers();
}
/*
* create default audiences
*/
foundAudience_Alert = _uow.Audiences.Get(QueryExpressionFactory.GetQueryExpression <uvw_Audience>()
.Where(x => x.Name == DefaultConstants.Audience_Alert).ToLambda())
.SingleOrDefault();
if (foundAudience_Alert == null)
{
foundAudience_Alert = _uow.Audiences.Create(
_map.Map <uvw_Audience>(new AudienceV1()
{
IssuerId = foundIssuer.Id,
Name = DefaultConstants.Audience_Alert,
IsLockedOut = false,
IsDeletable = false,
}));
_uow.Commit();
}
foundAudience_Identity = _uow.Audiences.Get(QueryExpressionFactory.GetQueryExpression <uvw_Audience>()
.Where(x => x.Name == DefaultConstants.Audience_Identity).ToLambda())
.SingleOrDefault();
if (foundAudience_Identity == null)
{
foundAudience_Identity = _uow.Audiences.Create(
_map.Map <uvw_Audience>(new AudienceV1()
{
IssuerId = foundIssuer.Id,
Name = DefaultConstants.Audience_Identity,
IsLockedOut = false,
IsDeletable = false,
}));
_uow.Commit();
}
/*
* set password to audiences
*/
if (!_uow.Audiences.IsPasswordSet(foundAudience_Alert))
{
_uow.Audiences.SetPassword(foundAudience_Alert, DefaultConstants.AudiencePassword_Alert);
_uow.Commit();
}
if (!_uow.Audiences.IsPasswordSet(foundAudience_Identity))
{
_uow.Audiences.SetPassword(foundAudience_Identity, DefaultConstants.AudiencePassword_Identity);
_uow.Commit();
}
}
public void CreateRoles()
{
if (foundAudience_Alert == null ||
foundAudience_Identity == null)
{
CreateAudiences();
}
/*
* create default roles
*/
foundRoleForAdmin_Alert = _uow.Roles.Get(QueryExpressionFactory.GetQueryExpression <uvw_Role>()
.Where(x => x.Name == DefaultConstants.RoleForAdmins_Alert).ToLambda())
.SingleOrDefault();
if (foundRoleForAdmin_Alert == null)
{
foundRoleForAdmin_Alert = _uow.Roles.Create(
_map.Map <uvw_Role>(new RoleV1()
{
AudienceId = foundAudience_Alert.Id,
Name = DefaultConstants.RoleForAdmins_Alert,
IsEnabled = true,
IsDeletable = false,
}));
_uow.Commit();
}
foundRoleForUser_Alert = _uow.Roles.Get(QueryExpressionFactory.GetQueryExpression <uvw_Role>()
.Where(x => x.Name == DefaultConstants.RoleForUsers_Alert).ToLambda())
.SingleOrDefault();
if (foundRoleForUser_Alert == null)
{
foundRoleForUser_Alert = _uow.Roles.Create(
_map.Map <uvw_Role>(new RoleV1()
{
AudienceId = foundAudience_Alert.Id,
Name = DefaultConstants.RoleForUsers_Alert,
IsEnabled = true,
IsDeletable = false,
}));
_uow.Commit();
}
foundRoleForAdmin_Identity = _uow.Roles.Get(QueryExpressionFactory.GetQueryExpression <uvw_Role>()
.Where(x => x.Name == DefaultConstants.RoleForAdmins_Identity).ToLambda())
.SingleOrDefault();
if (foundRoleForAdmin_Identity == null)
{
foundRoleForAdmin_Identity = _uow.Roles.Create(
_map.Map <uvw_Role>(new RoleV1()
{
AudienceId = foundAudience_Identity.Id,
Name = DefaultConstants.RoleForAdmins_Identity,
IsEnabled = true,
IsDeletable = false,
}));
_uow.Commit();
}
foundRoleForUser_Identity = _uow.Roles.Get(QueryExpressionFactory.GetQueryExpression <uvw_Role>()
.Where(x => x.Name == DefaultConstants.RoleForUsers_Identity).ToLambda())
.SingleOrDefault();
if (foundRoleForUser_Identity == null)
{
foundRoleForUser_Identity = _uow.Roles.Create(
_map.Map <uvw_Role>(new RoleV1()
{
AudienceId = foundAudience_Identity.Id,
Name = DefaultConstants.RoleForUsers_Identity,
IsEnabled = true,
IsDeletable = false,
}));
_uow.Commit();
}
}
public void CreateIssuers()
{
/*
* create default issuers
*/
foundIssuer = _uow.Issuers.Get(QueryExpressionFactory.GetQueryExpression <uvw_Issuer>()
.Where(x => x.Name == DefaultConstants.IssuerName).ToLambda())
.SingleOrDefault();
if (foundIssuer == null)
{
foundIssuer = _uow.Issuers.Create(
_map.Map <uvw_Issuer>(new IssuerV1()
{
Name = DefaultConstants.IssuerName,
IssuerKey = DefaultConstants.IssuerKey,
IsEnabled = true,
IsDeletable = false,
}));
_uow.Commit();
}
var foundAccessExpire = _uow.Settings.Get(QueryExpressionFactory.GetQueryExpression <uvw_Setting>()
.Where(x => x.IssuerId == foundIssuer.Id && x.ConfigKey == SettingsConstants.AccessExpire).ToLambda())
.SingleOrDefault();
if (foundAccessExpire == null)
{
_uow.Settings.Create(
_map.Map <uvw_Setting>(new SettingV1()
{
IssuerId = foundIssuer.Id,
ConfigKey = SettingsConstants.AccessExpire,
ConfigValue = 600.ToString(),
IsDeletable = false,
}));
_uow.Commit();
}
var foundRefreshExpire = _uow.Settings.Get(QueryExpressionFactory.GetQueryExpression <uvw_Setting>()
.Where(x => x.IssuerId == foundIssuer.Id && x.ConfigKey == SettingsConstants.RefreshExpire).ToLambda())
.SingleOrDefault();
if (foundRefreshExpire == null)
{
_uow.Settings.Create(
_map.Map <uvw_Setting>(new SettingV1()
{
IssuerId = foundIssuer.Id,
ConfigKey = SettingsConstants.RefreshExpire,
ConfigValue = 86400.ToString(),
IsDeletable = false,
}));
_uow.Commit();
}
var foundTotpExpire = _uow.Settings.Get(QueryExpressionFactory.GetQueryExpression <uvw_Setting>()
.Where(x => x.IssuerId == foundIssuer.Id && x.ConfigKey == SettingsConstants.TotpExpire).ToLambda())
.SingleOrDefault();
if (foundTotpExpire == null)
{
_uow.Settings.Create(
_map.Map <uvw_Setting>(new SettingV1()
{
IssuerId = foundIssuer.Id,
ConfigKey = SettingsConstants.TotpExpire,
ConfigValue = 600.ToString(),
IsDeletable = false,
}));
_uow.Commit();
}
var foundPollingMax = _uow.Settings.Get(QueryExpressionFactory.GetQueryExpression <uvw_Setting>()
.Where(x => x.IssuerId == foundIssuer.Id && x.ConfigKey == SettingsConstants.PollingMax).ToLambda())
.SingleOrDefault();
if (foundPollingMax == null)
{
_uow.Settings.Create(
_map.Map <uvw_Setting>(new SettingV1()
{
IssuerId = foundIssuer.Id,
ConfigKey = SettingsConstants.PollingMax,
ConfigValue = 10.ToString(),
IsDeletable = false,
}));
_uow.Commit();
}
}
public IActionResult AuthCodeV2_Grant([FromQuery] AuthCodeV2 input)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
//clean out cruft from encoding...
input.issuer = HttpUtility.UrlDecode(input.issuer);
input.client = HttpUtility.UrlDecode(input.client);
input.user = HttpUtility.UrlDecode(input.user);
input.redirect_uri = HttpUtility.UrlDecode(input.redirect_uri);
input.code = HttpUtility.UrlDecode(input.code);
input.state = HttpUtility.UrlDecode(input.state);
if (!Uri.IsWellFormedUriString(input.redirect_uri, UriKind.Absolute))
{
ModelState.AddModelError(MessageType.UriInvalid.ToString(), $"Uri:{input.redirect_uri}");
return(BadRequest(ModelState));
}
Guid issuerID;
tbl_Issuer issuer;
//check if identifier is guid. resolve to guid if not.
if (Guid.TryParse(input.issuer, out issuerID))
{
issuer = uow.Issuers.Get(x => x.Id == issuerID).SingleOrDefault();
}
else
{
issuer = uow.Issuers.Get(x => x.Name == input.issuer).SingleOrDefault();
}
if (issuer == null)
{
ModelState.AddModelError(MessageType.IssuerNotFound.ToString(), $"Issuer:{input.issuer}");
return(NotFound(ModelState));
}
else if (!issuer.IsEnabled)
{
ModelState.AddModelError(MessageType.IssuerInvalid.ToString(), $"Issuer:{issuer.Id}");
return(BadRequest(ModelState));
}
Guid userID;
tbl_User user;
//check if identifier is guid. resolve to guid if not.
if (Guid.TryParse(input.user, out userID))
{
user = uow.Users.Get(x => x.Id == userID).SingleOrDefault();
}
else
{
user = uow.Users.Get(x => x.UserName == input.user).SingleOrDefault();
}
if (user == null)
{
ModelState.AddModelError(MessageType.UserNotFound.ToString(), $"User:{input.user}");
return(NotFound(ModelState));
}
//check that user is confirmed...
//check that user is not locked...
else if (uow.Users.IsLockedOut(user) ||
!user.EmailConfirmed ||
!user.PasswordConfirmed)
{
ModelState.AddModelError(MessageType.UserInvalid.ToString(), $"User:{user.Id}");
return(BadRequest(ModelState));
}
var audienceList = uow.Audiences.Get(QueryExpressionFactory.GetQueryExpression <tbl_Audience>()
.Where(x => x.tbl_Roles.Any(y => y.tbl_UserRoles.Any(z => z.UserId == user.Id))).ToLambda());
var audiences = new List <tbl_Audience>();
//check if client is single, multiple or undefined...
if (string.IsNullOrEmpty(input.client))
{
audiences = uow.Audiences.Get(x => audienceList.Contains(x) &&
x.IsLockedOut == false).ToList();
}
else
{
foreach (string entry in input.client.Split(","))
{
Guid audienceID;
tbl_Audience audience;
//check if identifier is guid. resolve to guid if not.
if (Guid.TryParse(entry.Trim(), out audienceID))
{
audience = uow.Audiences.Get(x => x.Id == audienceID, y => y.Include(z => z.tbl_Urls)).SingleOrDefault();
}
else
{
audience = uow.Audiences.Get(x => x.Name == entry.Trim(), y => y.Include(z => z.tbl_Urls)).SingleOrDefault();
}
if (audience == null)
{
ModelState.AddModelError(MessageType.AudienceNotFound.ToString(), $"Audience:{input.client}");
return(NotFound(ModelState));
}
else if (audience.IsLockedOut ||
!audienceList.Contains(audience))
{
ModelState.AddModelError(MessageType.AudienceInvalid.ToString(), $"Audience:{audience.Id}");
return(BadRequest(ModelState));
}
audiences.Add(audience);
}
}
if (audiences.Count == 0)
{
ModelState.AddModelError(MessageType.AudienceNotFound.ToString(), $"Audience:None");
return(BadRequest(ModelState));
}
//check if client uri is valid...
var redirect = new Uri(input.redirect_uri);
foreach (var entry in audiences)
{
if (!entry.tbl_Urls.Where(x => x.UrlHost == null && x.UrlPath == redirect.AbsolutePath).Any() &&
!entry.tbl_Urls.Where(x => new Uri(x.UrlHost + x.UrlPath).AbsoluteUri == redirect.AbsoluteUri).Any())
{
ModelState.AddModelError(MessageType.UriInvalid.ToString(), $"Uri:{input.redirect_uri}");
return(BadRequest(ModelState));
}
}
//check if state is valid...
var state = uow.States.Get(x => x.StateValue == input.state &&
x.ValidFromUtc <DateTime.UtcNow &&
x.ValidToUtc> DateTime.UtcNow &&
x.StateType == ConsumerType.User.ToString()).SingleOrDefault();
if (state == null)
{
ModelState.AddModelError(MessageType.StateNotFound.ToString(), $"User code:{input.state}");
return(BadRequest(ModelState));
}
//check that payload can be decrypted and validated...
if (!new PasswordTokenFactory(uow.InstanceType.ToString()).Validate(user.SecurityStamp, input.code, user.Id.ToString(), user.SecurityStamp))
{
uow.AuthActivity.Create(
map.Map <tbl_AuthActivity>(new AuthActivityV1()
{
UserId = user.Id,
LoginType = GrantFlowType.AuthorizationCodeV2.ToString(),
LoginOutcome = GrantFlowResultType.Failure.ToString(),
}));
uow.Commit();
ModelState.AddModelError(MessageType.TokenInvalid.ToString(), $"Token:{input.code}");
return(BadRequest(ModelState));
}
var ac_claims = uow.Users.GenerateAccessClaims(issuer, user);
var ac = auth.ResourceOwnerPassword(issuer.Name, issuer.IssuerKey, conf["IdentityTenant:Salt"], audiences.Select(x => x.Name).ToList(), ac_claims);
uow.AuthActivity.Create(
map.Map <tbl_AuthActivity>(new AuthActivityV1()
{
UserId = user.Id,
LoginType = GrantFlowType.AuthorizationCodeV2.ToString(),
LoginOutcome = GrantFlowResultType.Success.ToString(),
}));
var rt_claims = uow.Users.GenerateRefreshClaims(issuer, user);
var rt = auth.ResourceOwnerPassword(issuer.Name, issuer.IssuerKey, conf["IdentityTenant:Salt"], audiences.Select(x => x.Name).ToList(), rt_claims);
uow.Refreshes.Create(
map.Map <tbl_Refresh>(new RefreshV1()
{
IssuerId = issuer.Id,
UserId = user.Id,
RefreshType = ConsumerType.User.ToString(),
RefreshValue = rt.RawData,
ValidFromUtc = rt.ValidFrom,
ValidToUtc = rt.ValidTo,
}));
uow.AuthActivity.Create(
map.Map <tbl_AuthActivity>(new AuthActivityV1()
{
UserId = user.Id,
LoginType = GrantFlowType.RefreshTokenV2.ToString(),
LoginOutcome = GrantFlowResultType.Success.ToString(),
}));
uow.Commit();
var result = new UserJwtV2()
{
token_type = "bearer",
access_token = ac.RawData,
refresh_token = rt.RawData,
user = user.UserName,
client = audiences.Select(x => x.Name).ToList(),
issuer = issuer.Name + ":" + conf["IdentityTenant:Salt"],
expires_in = (int)(new DateTimeOffset(ac.ValidTo).Subtract(DateTime.UtcNow)).TotalSeconds,
};
return(Ok(result));
}
public RoleEditCommand()
{
_conf = (IConfiguration) new ConfigurationBuilder()
.AddJsonFile("clisettings.json", optional: false, reloadOnChange: true)
.Build();
_map = new MapperConfiguration(x => x.AddProfile <AutoMapperProfile_EF6>())
.CreateMapper();
var env = new ContextService(InstanceContext.DeployedOrLocal);
_uow = new UnitOfWork(_conf["Databases:IdentityEntities_EF6"], env);
_service = new AdminService(_conf)
{
Grant = new ResourceOwnerGrantV2(_conf)
};
IsCommand("role-edit", "Edit role");
HasRequiredOption("r|role=", "Enter existing role", arg =>
{
if (string.IsNullOrEmpty(arg))
{
throw new ConsoleHelpAsException($" *** No role given ***");
}
_role = _uow.Roles.Get(QueryExpressionFactory.GetQueryExpression <E_Role>()
.Where(x => x.Name == arg).ToLambda(),
new List <Expression <Func <E_Role, object> > >()
{
x => x.AudienceRoles,
x => x.RoleClaims,
x => x.UserRoles,
})
.SingleOrDefault();
if (_role == null)
{
throw new ConsoleHelpAsException($" *** No role '{arg}' ***");
}
});
HasOption("n|name=", "Enter name", arg =>
{
if (string.IsNullOrEmpty(arg))
{
throw new ConsoleHelpAsException($" *** No name given ***");
}
_role.Name = arg;
});
HasOption("d|description=", "Enter description", arg =>
{
if (string.IsNullOrEmpty(arg))
{
throw new ConsoleHelpAsException($" *** No description given ***");
}
_role.Description = arg;
});
HasOption("E|enabled=", "Is user enabled", arg =>
{
_isEnabled = bool.Parse(arg);
});
HasOption("D|deletable=", "Is user deletable", arg =>
{
_isDeletable = bool.Parse(arg);
});
}
public static tbl_PrivateKey ImportPrivKey(IConfiguration conf, IUnitOfWork uow, tbl_User user,
string privKeyPass, SignatureHashAlgorithm sigAlgo, string comment, FileInfo inputFile)
{
var callPath = $"{MethodBase.GetCurrentMethod().DeclaringType.Name}.{MethodBase.GetCurrentMethod().Name}";
tbl_PrivateKey pubKey = null;
var keyPair = new SshPrivateKey(inputFile.FullName, privKeyPass);
var privId = Guid.NewGuid();
var pubId = Guid.NewGuid();
var privStream = new MemoryStream();
var pubStream = new MemoryStream();
keyPair.Save(privStream, privKeyPass, SshPrivateKeyFormat.Pkcs8);
keyPair.SavePublicKey(pubStream, SshPublicKeyFormat.Pkcs8);
var privKeyValue = Encoding.ASCII.GetString(privStream.ToArray());
var pubKeyValue = Encoding.ASCII.GetString(pubStream.ToArray());
var privKeyFound = uow.PrivateKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PrivateKey>()
.Where(x => x.Id == user.IdentityId && x.KeyValue == privKeyValue).ToLambda())
.SingleOrDefault();
var pubKeyFound = uow.PublicKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PublicKey>()
.Where(x => x.Id == user.IdentityId && x.KeyValue == pubKeyValue).ToLambda())
.SingleOrDefault();
if (privKeyFound == null &&
pubKeyFound == null)
{
uow.PrivateKeys.Create(
new tbl_PrivateKey
{
Id = privId,
PublicKeyId = pubId,
IdentityId = user.IdentityId,
KeyValue = privKeyValue,
KeyAlgo = keyPair.KeyAlgorithm.ToString(),
KeyPass = AES.EncryptString(privKeyPass, conf["Databases:AuroraSecret"]),
KeyFormat = SshPrivateKeyFormat.Pkcs8.ToString(),
Enabled = true,
Deletable = true,
Created = DateTime.Now,
LastUpdated = null,
});
Log.Information($"'{callPath}' '{user.IdentityAlias}' private key algo {keyPair.KeyAlgorithm} sig {keyPair.Fingerprint.ToString(sigAlgo, false)}" +
$"{Environment.NewLine}{privKeyValue}");
uow.PublicKeys.Create(
new tbl_PublicKey
{
Id = pubId,
PrivateKeyId = privId,
IdentityId = user.IdentityId,
KeyValue = pubKeyValue,
KeyAlgo = keyPair.KeyAlgorithm.ToString(),
KeyFormat = SshPublicKeyFormat.Pkcs8.ToString(),
SigValue = keyPair.Fingerprint.ToString(sigAlgo, false),
SigAlgo = sigAlgo.ToString(),
Comment = comment,
Enabled = true,
Deletable = true,
Created = DateTime.Now,
LastUpdated = null,
});
Log.Information($"'{callPath}' '{user.IdentityAlias}' public key algo {keyPair.KeyAlgorithm} sig {keyPair.Fingerprint.ToString(sigAlgo, false)}" +
$"{Environment.NewLine}{pubKeyValue}");
}
else if (privKeyFound != null &&
pubKeyFound == null)
{
uow.PublicKeys.Create(
new tbl_PublicKey
{
Id = pubId,
PrivateKeyId = privKeyFound.Id,
IdentityId = user.IdentityId,
KeyValue = pubKeyValue,
KeyAlgo = keyPair.KeyAlgorithm.ToString(),
KeyFormat = SshPublicKeyFormat.Pkcs8.ToString(),
SigValue = keyPair.Fingerprint.ToString(sigAlgo, false),
SigAlgo = sigAlgo.ToString(),
Comment = comment,
Enabled = true,
Deletable = true,
Created = DateTime.Now,
LastUpdated = null,
});
Log.Information($"'{callPath}' '{user.IdentityAlias}' public key algo {keyPair.KeyAlgorithm} sig {keyPair.Fingerprint.ToString(sigAlgo, false)}" +
$"{Environment.NewLine}{pubKeyValue}");
}
else if (privKeyFound == null &&
pubKeyFound != null)
{
uow.PrivateKeys.Create(
new tbl_PrivateKey
{
Id = privId,
PublicKeyId = pubKeyFound.Id,
IdentityId = user.IdentityId,
KeyValue = privKeyValue,
KeyAlgo = keyPair.Fingerprint.ToString(sigAlgo, false).ToString(),
KeyPass = AES.EncryptString(privKeyPass, conf["Databases:AuroraSecret"]),
Enabled = true,
Deletable = true,
Created = DateTime.Now,
LastUpdated = null,
});
Log.Information($"'{callPath}' '{user.IdentityAlias}' private key algo {keyPair.KeyAlgorithm} sig {keyPair.Fingerprint.ToString(sigAlgo, false)}" +
$"{Environment.NewLine}{privKeyValue}");
}
uow.Commit();
return(pubKey);
}
public async Task StartAsync(CancellationToken cancellationToken)
{
await Task.Run(() =>
{
try
{
AsymmetricKeyAlgorithm.Register(Curve25519.Create);
AsymmetricKeyAlgorithm.Register(Ed25519.Create);
AsymmetricKeyAlgorithm.Register(EllipticCurveAlgorithm.Create);
using (var scope = _factory.CreateScope())
{
var conf = scope.ServiceProvider.GetRequiredService <IConfiguration>();
var uow = scope.ServiceProvider.GetRequiredService <IUnitOfWork>();
if (!Enum.TryParse <LogLevel>(conf["Rebex:LogLevel"], true, out _level))
{
throw new InvalidCastException();
}
var license = uow.Settings.Get(QueryExpressionFactory.GetQueryExpression <tbl_Setting>()
.Where(x => x.ConfigKey == "RebexLicense").ToLambda()).OrderBy(x => x.Created)
.Last();
Rebex.Licensing.Key = license.ConfigValue;
KeyHelper.CheckPrivKey(conf, uow, SshHostKeyAlgorithm.DSS, 1024, AlphaNumeric.CreateString(32), SignatureHashAlgorithm.SHA256);
KeyHelper.CheckPrivKey(conf, uow, SshHostKeyAlgorithm.RSA, 4096, AlphaNumeric.CreateString(32), SignatureHashAlgorithm.SHA256);
KeyHelper.CheckPrivKey(conf, uow, SshHostKeyAlgorithm.ECDsaNistP256, 256, AlphaNumeric.CreateString(32), SignatureHashAlgorithm.SHA256);
KeyHelper.CheckPrivKey(conf, uow, SshHostKeyAlgorithm.ECDsaNistP384, 384, AlphaNumeric.CreateString(32), SignatureHashAlgorithm.SHA256);
KeyHelper.CheckPrivKey(conf, uow, SshHostKeyAlgorithm.ECDsaNistP521, 521, AlphaNumeric.CreateString(32), SignatureHashAlgorithm.SHA256);
KeyHelper.CheckPrivKey(conf, uow, SshHostKeyAlgorithm.ED25519, 256, AlphaNumeric.CreateString(32), SignatureHashAlgorithm.SHA256);
var secret = conf["Databases:AuroraSecret"];
var dsaStr = SshHostKeyAlgorithm.DSS.ToString();
var dsaPrivKey = uow.PrivateKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PrivateKey>()
.Where(x => x.KeyAlgo == dsaStr && x.IdentityId == null).ToLambda()).OrderBy(x => x.Created)
.Single();
var dsaBytes = Encoding.ASCII.GetBytes(dsaPrivKey.KeyValue);
_server.Keys.Add(new SshPrivateKey(dsaBytes, AES.DecryptString(dsaPrivKey.KeyPass, secret)));
var rsaStr = SshHostKeyAlgorithm.RSA.ToString();
var rsaPrivKey = uow.PrivateKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PrivateKey>()
.Where(x => x.KeyAlgo == rsaStr && x.IdentityId == null).ToLambda()).OrderBy(x => x.Created)
.Single();
var rsaBytes = Encoding.ASCII.GetBytes(rsaPrivKey.KeyValue);
_server.Keys.Add(new SshPrivateKey(rsaBytes, AES.DecryptString(rsaPrivKey.KeyPass, secret)));
var ecdsa256Str = SshHostKeyAlgorithm.ECDsaNistP256.ToString();
var ecdsa256PrivKey = uow.PrivateKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PrivateKey>()
.Where(x => x.KeyAlgo == ecdsa256Str && x.IdentityId == null).ToLambda()).OrderBy(x => x.Created)
.Single();
var ecdsa256Bytes = Encoding.ASCII.GetBytes(ecdsa256PrivKey.KeyValue);
_server.Keys.Add(new SshPrivateKey(ecdsa256Bytes, AES.DecryptString(ecdsa256PrivKey.KeyPass, secret)));
var ecdsa384Str = SshHostKeyAlgorithm.ECDsaNistP384.ToString();
var ecdsa384PrivKey = uow.PrivateKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PrivateKey>()
.Where(x => x.KeyAlgo == ecdsa384Str && x.IdentityId == null).ToLambda()).OrderBy(x => x.Created)
.Single();
var ecdsa384Bytes = Encoding.ASCII.GetBytes(ecdsa384PrivKey.KeyValue);
_server.Keys.Add(new SshPrivateKey(ecdsa384Bytes, AES.DecryptString(ecdsa384PrivKey.KeyPass, secret)));
var ecdsa521Str = SshHostKeyAlgorithm.ECDsaNistP521.ToString();
var ecdsa521PrivKey = uow.PrivateKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PrivateKey>()
.Where(x => x.KeyAlgo == ecdsa521Str && x.IdentityId == null).ToLambda()).OrderBy(x => x.Created)
.Single();
var ecdsa521Bytes = Encoding.ASCII.GetBytes(ecdsa521PrivKey.KeyValue);
_server.Keys.Add(new SshPrivateKey(ecdsa521Bytes, AES.DecryptString(ecdsa521PrivKey.KeyPass, secret)));
var ed25519Str = SshHostKeyAlgorithm.ED25519.ToString();
var ed25519PrivKey = uow.PrivateKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PrivateKey>()
.Where(x => x.KeyAlgo == ed25519Str && x.IdentityId == null).ToLambda()).OrderBy(x => x.Created)
.Single();
var ed25519Bytes = Encoding.ASCII.GetBytes(ed25519PrivKey.KeyValue);
_server.Keys.Add(new SshPrivateKey(ed25519Bytes, AES.DecryptString(ed25519PrivKey.KeyPass, secret)));
_binding = conf.GetSection("Daemons:SftpService:Bindings").GetChildren().Select(x => x.Value);
}
foreach (var binding in _binding)
{
var pair = binding.Split("|");
_server.Bind(new IPEndPoint(IPAddress.Parse(pair[0]), int.Parse(pair[1])), FileServerProtocol.Sftp);
#if DEBUG
_server.Bind(new IPEndPoint(IPAddress.Parse(pair[0]), int.Parse(pair[1])), FileServerProtocol.Shell);
#endif
}
_server.LogWriter = new ConsoleLogWriter(_level);
_server.Settings.AllowedAuthenticationMethods = AuthenticationMethods.PublicKey | AuthenticationMethods.Password;
_server.Settings.SshParameters.EncryptionAlgorithms = SshEncryptionAlgorithm.Any;
_server.Settings.SshParameters.EncryptionModes = SshEncryptionMode.Any;
_server.Settings.SshParameters.KeyExchangeAlgorithms = SshKeyExchangeAlgorithm.Any;
_server.Settings.SshParameters.HostKeyAlgorithms = SshHostKeyAlgorithm.Any;
_server.Settings.SshParameters.MacAlgorithms = SshMacAlgorithm.Any;
_server.Authentication += FsUser_Authentication;
_server.Connecting += FsUser_Connecting;
_server.Disconnected += FsUser_Disconnected;
_server.FileDownloaded += FsUser_FileDownloaded;
_server.FileUploaded += FsUser_FileUploaded;
_server.PreAuthentication += FsUser_PreAuthentication;
_server.Start();
}
catch (Exception ex)
{
Log.Error(ex.ToString());
}
}, cancellationToken);
}
private void FsUser_Authentication(object sender, AuthenticationEventArgs e)
{
/*
* https://www.rebex.net/file-server/features/events.aspx#authentication
*/
try
{
var callPath = $"{MethodBase.GetCurrentMethod().DeclaringType.Name}.{MethodBase.GetCurrentMethod().Name}";
using (var scope = _factory.CreateScope())
{
var conf = scope.ServiceProvider.GetRequiredService <IConfiguration>();
var log = scope.ServiceProvider.GetRequiredService <ILogger>();
var uow = scope.ServiceProvider.GetRequiredService <IUnitOfWork>();
var user = uow.Users.Get(QueryExpressionFactory.GetQueryExpression <tbl_User>()
.Where(x => x.IdentityAlias == e.UserName).ToLambda(),
new List <Expression <Func <tbl_User, object> > >()
{
x => x.tbl_PublicKey,
x => x.tbl_UserMount,
}).SingleOrDefault();
var admin = scope.ServiceProvider.GetRequiredService <IAdminService>();
var sts = scope.ServiceProvider.GetRequiredService <IStsService>();
if (e.Key != null)
{
Log.Information($"'{callPath}' '{e.UserName}' in-progress with public key");
if (UserHelper.ValidatePubKey(user.tbl_PublicKey.Where(x => x.Enabled).ToList(), e.Key) &&
admin.User_VerifyV1(user.IdentityId).Result)
{
Log.Information($"'{callPath}' '{e.UserName}' success with public key");
if (e.PartiallyAccepted ||
!user.RequirePassword)
{
/*
* an smb mount will not succeed without a user password or ambassador credential.
*/
if (user.FileSystemType == FileSystemTypes.SMB.ToString() &&
!user.tbl_UserMount.CredentialId.HasValue)
{
Log.Warning($"'{callPath}' '{e.UserName}' failure no credential to create {FileSystemTypes.SMB} filesystem");
e.Reject();
return;
}
var fs = FileSystemFactory.CreateFileSystem(_factory, log, user, e.UserName, e.Password);
var fsUser = new FileServerUser(e.UserName, e.Password);
fsUser.SetFileSystem(fs);
var fsNotify = fs.GetFileSystemNotifier();
fsNotify.CreatePreview += FsNotify_CreatePreview;
fsNotify.CreateCompleted += FsNotify_CreateCompleted;
fsNotify.DeletePreview += FsNotify_DeletePreview;
fsNotify.DeleteCompleted += FsNotify_DeleteCompleted;
e.Accept(fsUser);
return;
}
else
{
/*
* authenticate partially if another kind of credential has not been provided yet.
*/
e.AcceptPartially();
return;
}
}
else
{
Log.Warning($"'{callPath}' '{e.UserName}' failure with public key");
e.Reject();
return;
}
}
if (e.Password != null)
{
Log.Information($"'{callPath}' '{e.UserName}' in-progress with password");
try
{
var identity = admin.User_GetV1(user.IdentityId.ToString()).Result;
var auth = sts.ResourceOwner_GrantV2(
new ResourceOwnerV2()
{
issuer = conf["IdentityCredentials:IssuerName"],
client = conf["IdentityCredentials:AudienceName"],
grant_type = "password",
user = identity.UserName,
password = e.Password,
}).Result;
Log.Information($"'{callPath}' '{e.UserName}' success with password");
if (e.PartiallyAccepted ||
!user.RequirePublicKey)
{
var fs = FileSystemFactory.CreateFileSystem(_factory, log, user, e.UserName, e.Password);
var fsUser = new FileServerUser(e.UserName, e.Password);
fsUser.SetFileSystem(fs);
var fsNotify = fs.GetFileSystemNotifier();
fsNotify.CreatePreview += FsNotify_CreatePreview;
fsNotify.CreateCompleted += FsNotify_CreateCompleted;
fsNotify.DeletePreview += FsNotify_DeletePreview;
fsNotify.DeleteCompleted += FsNotify_DeleteCompleted;
e.Accept(fsUser);
return;
}
else
{
/*
* authenticate partially if another kind of credential has not been provided yet.
*/
e.AcceptPartially();
return;
}
}
catch (HttpRequestException)
{
Log.Warning($"'{callPath}' '{e.UserName}' failure with password");
e.Reject();
return;
}
}
Log.Warning($"'{callPath}' '{e.UserName}' denied");
e.Reject();
return;
}
}
catch (Exception ex)
{
Log.Error(ex.ToString());
}
}
private void FsUser_PreAuthentication(object sender, PreAuthenticationEventArgs e)
{
/*
* https://www.rebex.net/file-server/features/events.aspx#pre-authentication
*/
try
{
var callPath = $"{MethodBase.GetCurrentMethod().DeclaringType.Name}.{MethodBase.GetCurrentMethod().Name}";
using (var scope = _factory.CreateScope())
{
var uow = scope.ServiceProvider.GetRequiredService <IUnitOfWork>();
var user = uow.Users.Get(QueryExpressionFactory.GetQueryExpression <tbl_User>()
.Where(x => x.IdentityAlias == e.UserName && x.Enabled).ToLambda(),
new List <Expression <Func <tbl_User, object> > >()
{
x => x.tbl_Network,
x => x.tbl_PublicKey,
}).SingleOrDefault();
if (user == null ||
user.Enabled == false)
{
Log.Warning($"'{callPath}' '{e.UserName}' not found or not enabled");
e.Reject();
return;
}
var action = NetworkAction.Deny.ToString();
if (NetworkHelper.ValidateAddress(user.tbl_Network.Where(x => x.Action == action && x.Enabled), e.ClientAddress))
{
Log.Warning($"'{callPath}' '{e.UserName}' is denied from '{e.ClientEndPoint}' running '{e.ClientSoftwareIdentifier}'");
e.Reject();
return;
}
action = NetworkAction.Allow.ToString();
if (!NetworkHelper.ValidateAddress(user.tbl_Network.Where(x => x.Action == action && x.Enabled), e.ClientAddress))
{
Log.Warning($"'{callPath}' '{e.UserName}' is not allowed from '{e.ClientEndPoint}' running '{e.ClientSoftwareIdentifier}'");
e.Reject();
return;
}
Log.Information($"'{callPath}' '{e.UserName}' allowed from '{e.ClientEndPoint}' running '{e.ClientSoftwareIdentifier}'");
if (user.RequirePublicKey &&
user.RequirePassword)
{
Log.Information($"'{callPath}' '{e.UserName}' allowed with public key and password");
e.Accept(AuthenticationMethods.PublicKey | AuthenticationMethods.Password);
return;
}
if (user.RequirePublicKey &&
!user.RequirePassword)
{
Log.Information($"'{callPath}' '{e.UserName}' allowed with public key");
e.Accept(AuthenticationMethods.PublicKey);
return;
}
if (!user.RequirePublicKey &&
user.RequirePassword)
{
Log.Information($"'{callPath}' '{e.UserName}' allowed with password");
e.Accept(AuthenticationMethods.Password);
return;
}
Log.Warning($"'{callPath}' '{e.UserName}' denied");
e.Reject();
return;
}
}
catch (Exception ex)
{
Log.Error(ex.ToString());
}
}
public void Destroy()
{
/*
* delete test motds
*/
var motds = _uow.MOTDs.Get(QueryExpressionFactory.GetQueryExpression <tbl_MOTD>()
.Where(x => x.Author.Contains(TestDefaultConstants.MOTDAuthor)).ToLambda());
if (motds.Count() > 0)
{
_uow.MOTDs.Delete(motds);
_uow.Commit();
}
/*
* delete test emails
*/
var emails = _uow.EmailQueue.Get(QueryExpressionFactory.GetQueryExpression <tbl_EmailQueue>().ToLambda());
if (emails.Count() > 0)
{
_uow.EmailQueue.Delete(emails);
_uow.Commit();
}
/*
* delete test texts
*/
var texts = _uow.TextQueue.Get(QueryExpressionFactory.GetQueryExpression <tbl_TextQueue>().ToLambda());
if (texts.Count() > 0)
{
_uow.TextQueue.Delete(texts);
_uow.Commit();
}
/*
* delete test users
*/
var users = _uow.Users.Get(QueryExpressionFactory.GetQueryExpression <tbl_User>()
.Where(x => x.UserName.Contains(TestDefaultConstants.UserName)).ToLambda());
if (users.Count() > 0)
{
_uow.Users.Delete(users);
_uow.Commit();
}
/*
* delete test roles
*/
var roles = _uow.Roles.Get(QueryExpressionFactory.GetQueryExpression <tbl_Role>()
.Where(x => x.Name.Contains(TestDefaultConstants.RoleName)).ToLambda());
if (roles.Count() > 0)
{
_uow.Roles.Delete(roles);
_uow.Commit();
}
/*
* delete test logins
*/
var logins = _uow.Logins.Get(QueryExpressionFactory.GetQueryExpression <tbl_Login>()
.Where(x => x.Name.Contains(TestDefaultConstants.LoginName)).ToLambda());
if (logins.Count() > 0)
{
_uow.Logins.Delete(logins);
_uow.Commit();
}
/*
* delete test claims
*/
var claims = _uow.Claims.Get(QueryExpressionFactory.GetQueryExpression <tbl_Claim>()
.Where(x => x.Type.Contains(TestDefaultConstants.ClaimName)).ToLambda());
if (claims.Count() > 0)
{
_uow.Claims.Delete(claims);
_uow.Commit();
}
/*
* delete test audiences
*/
var audiences = _uow.Audiences.Get(QueryExpressionFactory.GetQueryExpression <tbl_Audience>()
.Where(x => x.Name.Contains(TestDefaultConstants.AudienceName)).ToLambda());
if (audiences.Count() > 0)
{
_uow.Audiences.Delete(audiences);
_uow.Commit();
}
/*
* delete test issuers
*/
var issuers = _uow.Issuers.Get(QueryExpressionFactory.GetQueryExpression <tbl_Issuer>()
.Where(x => x.Name.Contains(TestDefaultConstants.IssuerName)).ToLambda());
if (issuers.Count() > 0)
{
_uow.Issuers.Delete(issuers);
_uow.Commit();
}
}
/*
* openssh uses base64 and special formatting for public keys like with "authorized_keys"
* https://man.openbsd.org/ssh-keygen
*/
public static ICollection <tbl_PublicKey> ImportPubKeyBase64(IUnitOfWork uow, tbl_User user,
SignatureHashAlgorithm sigAlgo, FileInfo inputFile)
{
var callPath = $"{MethodBase.GetCurrentMethod().DeclaringType.Name}.{MethodBase.GetCurrentMethod().Name}";
var pubKeyLines = File.ReadAllLines(inputFile.FullName);
var pubKeys = new List <tbl_PublicKey>();
foreach (var line in pubKeyLines)
{
var base64 = line.Split(' ');
switch (base64[0])
{
case "ssh-dsa":
break;
case "ssh-rsa":
break;
//case "ecdsa-sha2-nistp256":
// break;
//case "ecdsa-sha2-nistp384":
// break;
//case "ecdsa-sha2-nistp521":
// break;
//case "ssh-ed25519":
// break;
default:
{
Log.Warning($"'{callPath}' '{user.IdentityAlias}' algorithm {base64[0]} not supported");
continue;
}
}
var pubKey = new SshPublicKey(Convert.FromBase64String(base64[1]));
var pubKeyStream = new MemoryStream();
pubKey.SavePublicKey(pubKeyStream, SshPublicKeyFormat.Pkcs8);
var pubKeyValue = Encoding.ASCII.GetString(pubKeyStream.ToArray());
if (!uow.PublicKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PublicKey>()
.Where(x => x.Id == user.IdentityId && x.KeyValue == pubKeyValue).ToLambda()).Any())
{
var newPubKey = uow.PublicKeys.Create(
new tbl_PublicKey
{
Id = Guid.NewGuid(),
IdentityId = user.IdentityId,
KeyValue = pubKeyValue,
KeyAlgo = pubKey.KeyAlgorithm.ToString(),
KeyFormat = SshPublicKeyFormat.Pkcs8.ToString(),
SigValue = pubKey.Fingerprint.ToString(sigAlgo, false),
SigAlgo = sigAlgo.ToString(),
Comment = base64[2],
Enabled = true,
Deletable = true,
Created = DateTime.Now,
LastUpdated = null,
});
pubKeys.Add(newPubKey);
Log.Information($"'{callPath}' '{user.IdentityAlias}' public key algo {pubKey.KeyAlgorithm} sig {pubKey.Fingerprint.ToString(sigAlgo, false)}" +
$"{Environment.NewLine}{pubKeyValue}");
}
else
{
Log.Warning($"'{callPath}' '{user.IdentityAlias}' skip public key algo {pubKey.KeyAlgorithm} sig {pubKey.Fingerprint.ToString(sigAlgo, false)}" +
$"{Environment.NewLine}{pubKeyValue}");
}
}
uow.Commit();
return(pubKeys);
}
public void Destroy()
{
/*
* delete test users
*/
var users = _uow.Users.Get(QueryExpressionFactory.GetQueryExpression <E_User>()
.Where(x => x.UserName.Contains(TestDefaultConstants.UserName)).ToLambda());
if (users.Count() > 0)
{
_uow.Users.Delete(users);
_uow.Commit();
}
/*
* delete test roles
*/
var roles = _uow.Roles.Get(QueryExpressionFactory.GetQueryExpression <E_Role>()
.Where(x => x.Name.Contains(TestDefaultConstants.RoleName)).ToLambda());
if (roles.Count() > 0)
{
_uow.Roles.Delete(roles);
_uow.Commit();
}
/*
* delete test logins
*/
var logins = _uow.Logins.Get(QueryExpressionFactory.GetQueryExpression <E_Login>()
.Where(x => x.Name.Contains(TestDefaultConstants.LoginName)).ToLambda());
if (logins.Count() > 0)
{
_uow.Logins.Delete(logins);
_uow.Commit();
}
/*
* delete test claims
*/
var claims = _uow.Claims.Get(QueryExpressionFactory.GetQueryExpression <E_Claim>()
.Where(x => x.Type.Contains(TestDefaultConstants.ClaimName)).ToLambda());
if (claims.Count() > 0)
{
_uow.Claims.Delete(claims);
_uow.Commit();
}
/*
* delete test audiences
*/
var audiences = _uow.Audiences.Get(QueryExpressionFactory.GetQueryExpression <E_Audience>()
.Where(x => x.Name.Contains(TestDefaultConstants.AudienceName)).ToLambda());
if (audiences.Count() > 0)
{
_uow.Audiences.Delete(audiences);
_uow.Commit();
}
/*
* delete test issuers
*/
var issuers = _uow.Issuers.Get(QueryExpressionFactory.GetQueryExpression <E_Issuer>()
.Where(x => x.Name.Contains(TestDefaultConstants.IssuerName)).ToLambda());
if (issuers.Count() > 0)
{
_uow.Issuers.Delete(issuers);
_uow.Commit();
}
}
