public async Task<VerifiableString> GetData()
{
Console.WriteLine("enter GetData");
o = @"
web service claims you have 5 dollars.
claim signed by " + typeof(NamedKeyPairs.WebServiceAuthorityPrivateKey).Name + @".
---
"
+ new { Environment.StackTrace }
;
o = o.Replace(Environment.NewLine, "\n").Replace("\n", Environment.NewLine);
var x = new VerifiableString
{
value = o
// if we can verify it later, we can trust it to be set by the web service. otherwise we cannot trust it.
// this would also enable state sharing now.
// signed and perhaps encrypted too..
}.Sign(NamedKeyPairs.WebServiceAuthorityPrivateKey.RSAParameters);
Verify(x);
return x;
}
// https://sites.google.com/a/jsc-solutions.net/backlog/knowledge-base/2015/201511/20151123/ubuntumidexperiment
public async Task<bool> Verify(VerifiableString x)
{
var verify = x.Verify(NamedKeyPairs.WebServiceAuthorityPrivateKey.RSAParameters);
//Console.WriteLine(
// new { isoriginal = o == x.value, o = o.Length, t = x.value.Length, verify }.ToString()
// );
return verify;
}
public async Task<VerifiableString> GetData()
{
Console.WriteLine("enter GetData");
var rsa = new RSACryptoServiceProvider();
rsa.ImportParameters(NamedKeyPairs.WebServiceAuthorityPrivateKey.RSAParameters);
var PublicKey = rsa.ExportParameters(includePrivateParameters: false);
this.PublicKeyExponent = PublicKey.Exponent;
Console.WriteLine(new { PublicKeyExponent = Convert.ToBase64String(PublicKeyExponent) });
this.PublicKeyModulus = PublicKey.Modulus;
Console.WriteLine(new { PublicKeyModulus = Convert.ToBase64String(PublicKeyModulus) });
var o = @"
web service claims you have 5 dollars.
claim signed by " + typeof(NamedKeyPairs.WebServiceAuthorityPrivateKey).Name + @".
---
"
+ new { Environment.StackTrace }
;
o = o.Replace(Environment.NewLine, "\n").Replace("\n", Environment.NewLine);
var x = new VerifiableString
{
value = o
// if we can verify it later, we can trust it to be set by the web service. otherwise we cannot trust it.
// this would also enable state sharing now.
// signed and perhaps encrypted too..
}.Sign(NamedKeyPairs.WebServiceAuthorityPrivateKey.RSAParameters);
//Verify(x);
return x;
}
public ApplicationWebService()
{
var sw = Stopwatch.StartNew();
Console.WriteLine("enter ApplicationWebService");
{ var copy = typeof(NamedKeyPairs.Key1PrivateKey); }
this.SpecialData = "hello world";
this.SpecialDataSignature48 = new RSACryptoStream(NamedKeyPairs.Key1PrivateKey.RSAParameters).SignString(this.SpecialData);
this.foo = new VerifiableString { value = "foo string" }.Sign(NamedKeyPairs.Key1PrivateKey.RSAParameters);
//this.foo.signature = new RSACryptoStream(NamedKeyPairs.Key1PrivateKey.RSAParameters).SignString(this.foo.value);
Console.WriteLine("exit ApplicationWebService " + new { sw.ElapsedMilliseconds });
}
public async Task GetStatus()
{
{ var ref0 = typeof(NamedKeyPairs.WebServiceAuthorityPrivateKey); }
var x = new VerifiableString
{
value = "guest"
// if we can verify it later, we can trust it to be set by the web service. otherwise we cannot trust it.
// this would also enable state sharing now.
// signed and perhaps encrypted too..
}.Sign(NamedKeyPairs.WebServiceAuthorityPrivateKey.RSAParameters);
// sign status
// mouse over shows the sig. yay.
status.SetAttributeValue("title", Convert.ToBase64String(x.signature));
status.Value = x.value;
}
// is firefox sending it?
// 204 no content? no fields?
public async Task<string> Login()
{
{ var ref0 = typeof(NamedKeyPairs.WebServiceAuthorityPrivateKey); }
//<h2> <i>Could not load file or assembly 'TestFirefoxWebServiceField.AssetsLibrary, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. The system cannot find the file specified.</i> </h2></span>
this.MyLegalPersonCode = new VerifiableString { value = "xxx" }.Sign(NamedKeyPairs.WebServiceAuthorityPrivateKey.RSAParameters);
Console.WriteLine("Login " + new { MyLegalPersonCode });
// .field field_MyLegalPersonCode:<_02000013>%0d%0a <_04000021>eHh4</_04000021>%0d%0a <_04000022>I5FCZt058sQiF3nG9HzMHsegGdbe2qicSx/4ZXYPJEM+TFSVKol19jGJqNj05vMiAJBGtgpjMyHV2hzVhwCFqA==</_04000022>%0d%0a</_02000013>
// Z:\jsc.svn\core\ScriptCoreLib.Ultra\ScriptCoreLib.Ultra\JavaScript\Remoting\InternalWebMethodRequest.cs
return "not 204. got my fields firefox?";
}
public async Task<bool> Verify(VerifiableString v)
{
//var sw = Stopwatch.StartNew();
//var v = new RSACryptoStream(NamedKeyPairs.Key1PrivateKey.RSAParameters).VerifyString(this.foo.value, this.foo.signature);
return v.Verify(NamedKeyPairs.Key1PrivateKey.RSAParameters);
}
public async Task<bool> MobileAuthenticateAsync()
{
// Z:\jsc.svn\examples\java\hybrid\JVMCLRWSDLMID\Program.cs
// https://tsp.demo.sk.ee/?wsdl
//var c = new sk.DigiDocServicePortTypeClient("DigiDocService", "https://tsp.demo.sk.ee:443");
var c = new sk.DigiDocServicePortTypeClient(new BasicHttpsBinding(), new EndpointAddress("https://tsp.demo.sk.ee:443"));
var sw = Stopwatch.StartNew();
Console.WriteLine("invoke MobileAuthenticateAsync " + new { sw.ElapsedMilliseconds });
var xa = c.MobileAuthenticateAsync(new sk.MobileAuthenticateRequest
{
// http://www.id.ee/?id=30340
// http://www.sk.ee/upload/files/DigiDocService_spec_est.pdf
// Autenditava isiku isikukood.
//Kohustuslik on kas IDCode või PhoneNo,
//soovitatav on kasutada mõlemat
//sisendparameetrit! Leedu Mobiil-ID kasutajate
//puhul on kohustuslikud IDCode ja PhoneNo
IDCode = "14212128025",
// Isikukoodi välja andnud riik, kasutatakse ISO 3166
// 2 tähelisi riigikoode (näiteks: EE)
CountryCode = "EE",
// Autenditava isiku telefoninumber koos riigikoodiga
//kujul +xxxxxxxxx (näiteks +3706234566).
//Kui on määratud nii PhoneNo kui ka IDCode
//parameetrid, kontrollitakse telefoninumbri
//vastavust isikukoodile ja mittevastavuse korral
//tagastatakse SOAP veakood 301. Kohustuslik on
//kas IDCode või PhoneNo, soovitatav on kasutada
//mõlemat sisendparameetrit! Leedu Mobiil-ID
//kasutajate puhul on kohustuslikud IDCode ja
//PhoneNo (vt. peatükk 5.2). Kui element “PhoneNo”
//on määratud, siis teenuse siseselt lähtutakse
//prefiksis määratud riigi tunnusest (sõltumata
//elemendi "CountryCode" väärtusest)
//PhoneNo = "+37200007"
PhoneNo = "37200007",
// Telefonile kuvatavate teadete keel. Kasutatakse: 3-
// tähelisi koode suurtähtedes.Võimalikud variandid:
//(EST, ENG, RUS, LIT).
Language = "EST",
// Autentimisel telefonil kuvatav teenuse nimetus,
//maksimaalne pikkus 20 tähemärki.
//Eelnevalt on vajalik kasutatava teenuse nimetuse
//kokkuleppimine teenuse pakkujaga
ServiceName = "Testimine",
//Täiendav tekst, mis autentimise PIN-i küsimise
//eelselt lisaks teenuse nimetuse kasutaja telefonile
//kuvatakse. Maksimaalne pikkus 40 baiti (ladina
//tähtede puhul tähendab see ühtlasi ka 40 sümboli
//pikkust teksti, aga näiteks kirillitsa teksti puhul
//võidakse tähti kodeerida 2 baidistena ja siis ei saa
//saata pikemat kui 20-sümbolilist teksti).
MessageToDisplay = "Testimine",
//- Rakenduse pakkuja poolt genereeritud juhuslik 10
//baidine tekst, mis on osa (autentimise käigus)
//kasutaja poolt signeeritavast sõnumist.
//Edastatakse HEX stringina.
//NB! Suurema turvalisuse huvides on soovitatav
//see väli alati täita, iga kord erineva juhusliku
//väärtusega. Kui autentimine õnnestub, on
//soovitatav ka kontrollida, et kasutaja poolt
//allkirjastatud väärtus tõepoolest ka sisaldab antud
//SPChallenge-i väärtust. Täpsem info viimase
//verifitseerimise kohta on peatükis
//„GetMobileAuthenticateStatus“, „Signature“-
//elemendi kirjelduse all.
SPChallenge = "03010400000000000000",
// Autentimise toimingu vastuse tagastamise viis.
//Võimalikud variandid:
//- “asynchClientServer” – rakendus teeb pärast
//MobileAuthenticate meetodi väljakutsumist
//täiendavaid staatuspäringuid (kasutades
//meetodit GetMobileAuthenticateStatus).
//- “asynchServerServer” – toimingu lõppemisel
//või vea tekkimisel saadetakse vastus
//kliendirakendusele asünkroonselt (vt.
//parameeter AsyncConfiguration).
MessagingMode = "asynchClientServer",
//AsyncConfiguration =
// Määrab asünkroonselt vastuse tagasisaatmise
//konfiguratsiooni.Antud parameetri väärtust
//kasutatakse ainult juhul kui MessagingMode on
//“asynchServerServer”. Konfiguratsioon lepitakse
//kokku teenuse kasutaja ja teenuse pakkuja vahel.
//Hetkel on toetatud vastuse tagasi saatmine
//kasutades Java Message Services(JMS) liidest
// Kui väärtus on “TRUE”, tagastatakse vastuses
//autenditava isiku sertifikaat. Sertifikaat on vajalik,
//kui rakenduse pakkuja soovib talletada ja
//iseseisvalt kontrollida signatuuri korrektsust ja
//kehtivusinfot.
ReturnCertData = true,
//Väärtuse “TRUE” korral tagastatakse sertifikaadi
//kehtivusinfo vastuses RevocationData väljal.
ReturnRevocationData = false
});
// poll for status?
Console.WriteLine("after MobileAuthenticateAsync " + new { sw.ElapsedMilliseconds });
sk.MobileAuthenticateResponse x = xa.Result;
Console.WriteLine("after MobileAuthenticateAsync done " + new { sw.ElapsedMilliseconds, x.Sesscode });
var xGetMobileAuthenticateStatusResponseTask = c.GetMobileAuthenticateStatusAsync(
new sk.GetMobileAuthenticateStatusRequest
{
Sesscode = xa.Result.Sesscode,
WaitSignature = true
}
);
// are we to show xa.Result.Sesscode
// to client. signed?
Console.WriteLine("after GetMobileAuthenticateStatusAsync " + new { sw.ElapsedMilliseconds });
// we need to switch to ui and back
var xGetMobileAuthenticateStatusResponse = xGetMobileAuthenticateStatusResponseTask.Result;
Console.WriteLine("after GetMobileAuthenticateStatusAsync done " + new { sw.ElapsedMilliseconds, xGetMobileAuthenticateStatusResponse.Signature });
//NB! Enne esimese staatuse päringu saatmist on soovitatav oodata vähemalt 15
//sekundit kuna autentimise protsess ei saa tehniliste ja inimlike piirangute tõttu
//kiiremini lõppeda. Mobiil-ID toimingud aeguvad hiljemalt 4 minuti jooksul.
//invoke MobileAuthenticateAsync { ElapsedMilliseconds = 0 }
//after MobileAuthenticateAsync { ElapsedMilliseconds = 715 }
//after MobileAuthenticateAsync done { ElapsedMilliseconds = 1527, Sesscode = 622288131 }
//after GetMobileAuthenticateStatusAsync { ElapsedMilliseconds = 1531 }
//after GetMobileAuthenticateStatusAsync done { ElapsedMilliseconds = 16566, Signature = qxgf
var v = new VerifiableString
{
value = new { x.UserIDCode, x.Sesscode, xGetMobileAuthenticateStatusResponse.Status }.ToString()
// if we can verify it later, we can trust it to be set by the web service. otherwise we cannot trust it.
// this would also enable state sharing now.
// signed and perhaps encrypted too..
}.Sign(NamedKeyPairs.WebServiceAuthorityPrivateKey.RSAParameters);
// sign status
// mouse over shows the sig. yay.
status.SetAttributeValue("title", Convert.ToBase64String(v.signature));
status.Value = v.value;
return true;
}
public async Task<bool> MobileAuthenticateAsync15Continue()
{
var sw = Stopwatch.StartNew();
var c = new sk.DigiDocServicePortTypeClient(new BasicHttpsBinding(), new EndpointAddress("https://tsp.demo.sk.ee:443"));
Console.WriteLine("before GetMobileAuthenticateStatusAsync " + new { sw.ElapsedMilliseconds, MobileAuthenticateAsync15_Sesscode });
var xGetMobileAuthenticateStatusResponseTask = c.GetMobileAuthenticateStatusAsync(
new sk.GetMobileAuthenticateStatusRequest
{
Sesscode = MobileAuthenticateAsync15_Sesscode,
WaitSignature = true
}
);
// are we to show xa.Result.Sesscode
// to client. signed?
Console.WriteLine("after GetMobileAuthenticateStatusAsync " + new { sw.ElapsedMilliseconds });
// we need to switch to ui and back
var xGetMobileAuthenticateStatusResponse = xGetMobileAuthenticateStatusResponseTask.Result;
Console.WriteLine("after GetMobileAuthenticateStatusAsync done " + new { sw.ElapsedMilliseconds, xGetMobileAuthenticateStatusResponse.Signature });
//NB! Enne esimese staatuse päringu saatmist on soovitatav oodata vähemalt 15
//sekundit kuna autentimise protsess ei saa tehniliste ja inimlike piirangute tõttu
//kiiremini lõppeda. Mobiil-ID toimingud aeguvad hiljemalt 4 minuti jooksul.
//invoke MobileAuthenticateAsync { ElapsedMilliseconds = 0 }
//after MobileAuthenticateAsync { ElapsedMilliseconds = 715 }
//after MobileAuthenticateAsync done { ElapsedMilliseconds = 1527, Sesscode = 622288131 }
//after GetMobileAuthenticateStatusAsync { ElapsedMilliseconds = 1531 }
//after GetMobileAuthenticateStatusAsync done { ElapsedMilliseconds = 16566, Signature = qxgf
var v = new VerifiableString
{
value = new
{
MobileAuthenticateAsync15_UserIDCode,
//MobileAuthenticateAsync15_Sesscode,
xGetMobileAuthenticateStatusResponse.Status
}.ToString()
// if we can verify it later, we can trust it to be set by the web service. otherwise we cannot trust it.
// this would also enable state sharing now.
// signed and perhaps encrypted too..
}.Sign(NamedKeyPairs.WebServiceAuthorityPrivateKey.RSAParameters);
// sign status
// mouse over shows the sig. yay.
status.SetAttributeValue("title", Convert.ToBase64String(v.signature));
status.Value = v.value;
return true;
}
public async Task<MobileAuthenticateAsync15State> MobileAuthenticateAsync15Continue(MobileAuthenticateAsync15State args)
{
var sw = Stopwatch.StartNew();
//var c = new sk.DigiDocServicePortTypeClient(new BasicHttpsBinding(), new EndpointAddress("https://tsp.demo.sk.ee:443"));
var c = new sk.DigiDocServicePortTypeClient(new BasicHttpsBinding(), new EndpointAddress(serviceuri));
Console.WriteLine("before GetMobileAuthenticateStatusAsync " + new { sw.ElapsedMilliseconds, args.MobileAuthenticateAsync15_Sesscode });
var xGetMobileAuthenticateStatusResponseTask = c.GetMobileAuthenticateStatusAsync(
new sk.GetMobileAuthenticateStatusRequest
{
Sesscode = Convert.ToInt32(args.MobileAuthenticateAsync15_Sesscode.value),
WaitSignature = true
}
);
// are we to show xa.Result.Sesscode
// to client. signed?
Console.WriteLine("after GetMobileAuthenticateStatusAsync " + new { sw.ElapsedMilliseconds });
// we need to switch to ui and back
var xGetMobileAuthenticateStatusResponse = xGetMobileAuthenticateStatusResponseTask.Result;
Console.WriteLine("after GetMobileAuthenticateStatusAsync done " + new
{
sw.ElapsedMilliseconds,
xGetMobileAuthenticateStatusResponse.Status,
xGetMobileAuthenticateStatusResponse.Signature
});
//NB! Enne esimese staatuse päringu saatmist on soovitatav oodata vähemalt 15
//sekundit kuna autentimise protsess ei saa tehniliste ja inimlike piirangute tõttu
//kiiremini lõppeda. Mobiil-ID toimingud aeguvad hiljemalt 4 minuti jooksul.
// no pin entered?
// xGetMobileAuthenticateStatusResponse.Status = "USER_CANCEL"
if (xGetMobileAuthenticateStatusResponse.Status == "USER_AUTHENTICATED")
{
this.identity = new VerifiableString { value = args.MobileAuthenticateAsync15_UserIDCode.value }.Sign(NamedKeyPairs.WebServiceAuthorityPrivateKey.RSAParameters);
}
return new MobileAuthenticateAsync15State
{
MobileAuthenticateAsync15Continue_Status = new VerifiableString { value = xGetMobileAuthenticateStatusResponse.Status }.Sign(NamedKeyPairs.WebServiceAuthorityPrivateKey.RSAParameters)
};
}
public void Handler(ScriptCoreLib.Ultra.WebService.WebServiceHandler h)
{
// ssl handshake gives certificate to global, it gives it to the handler, we give it to UI
// Console.WriteLine("enter Handler " + new { h.ClientCertificate });
h.ClientCertificate.With(
c =>
{
//this.id = new { c.Subject }.ToString();
//this.status.Value = this.id;
Console.WriteLine("WebServiceHandler " + new { h.ClientCertificate.Subject });
var UserIDCode = c.Subject.SkipUntilOrEmpty("SERIALNUMBER=").TakeUntilOrEmpty(",");
this.identity = new VerifiableString { value = UserIDCode }.Sign(NamedKeyPairs.WebServiceAuthorityPrivateKey.RSAParameters);
});
}
