d6/df6/_legal_signature_8cs_source.html

using System;

using System.Collections.Generic;

using System.Threading.Tasks;

using Waher.Content;

using Waher.IoTGateway;

using Waher.Networking.HTTP;

using Waher.Networking.HTTP.HeaderFields;

using Waher.Networking.XMPP.Server;

using Waher.Persistence;

using Waher.Persistence.Filters;

using Waher.Script;

using Waher.Security;

using Waher.Security.LoginMonitor;

using Waher.Service.IoTBroker.Legal.Attachments;


namespace Waher.Service.IoTBroker.Legal.Identity

{

    public class LegalSignature : HttpAuthenticationScheme

    {

        private readonly Dictionary<string, DateTime> expirationByNonce = new Dictionary<string, DateTime>();

        private readonly SortedDictionary<DateTime, string> nonceByExpiration = new SortedDictionary<DateTime, string>();

        private readonly LegalComponent legalComponent;

        private readonly string realm;


        public LegalSignature(string Realm, LegalComponent LegalComponent)

            : base(false, 0)

        {

            this.realm = Realm;

            this.legalComponent = LegalComponent;

        }


        public override bool UserSessions => true;


        public override string GetChallenge()

        {

            string Nonce = Convert.ToBase64String(Gateway.NextBytes(128));

            DateTime Expires = DateTime.Now.AddMinutes(1);


            while (true)

            {

                lock (this)

                {

                    if (!this.nonceByExpiration.ContainsKey(Expires))

                    {

                        this.expirationByNonce[Nonce] = Expires;

                        this.nonceByExpiration[Expires] = Nonce;

                        break;

                    }

                }


                byte[] b = Gateway.NextBytes(1);


                Expires = Expires.AddTicks(b[0] & 15);

            }


            return "NeuroFoundation.Sign realm=\"" + this.realm + "\", n=\"" + Nonce + "\"";

        }


        public override async Task<IUser> IsAuthenticated(HttpRequest Request)

        {

            if (!(Request.Session is null) &&

                Request.Session.TryGetVariable("User", out Variable v) &&

                v.ValueObject is IUser User &&

                (User is LegalIdentityUser || User.HasPrivilege("Legal.Attachments")))

            {

                return User;

            }


            HttpFieldAuthorization Authorization = Request.Header.Authorization;

            if (!(Authorization is null) && Authorization.Value.StartsWith("NeuroFoundation.Sign ", StringComparison.CurrentCultureIgnoreCase))

            {

                string FullJid = null;

                string Realm = null;

                string NonceStr = null;

                string SignatureStr = null;


                foreach (KeyValuePair<string, string> P in CommonTypes.ParseFieldValues(Authorization.Value.Substring(21)))

                {

                    switch (P.Key.ToLower())

                    {

                        case "jid":

                            FullJid = P.Value;

                            break;


                        case "realm":

                            Realm = P.Value;

                            break;


                        case "n":

                            NonceStr = P.Value;

                            break;


                        case "s":

                            SignatureStr = P.Value;

                            break;

                    }

                }


                if (this.realm != Realm || NonceStr is null || SignatureStr is null || FullJid is null)

                    return null;


                DateTime TP = DateTime.Now;


                lock (this)

                {

                    LinkedList<DateTime> ToRemove = null;


                    foreach (KeyValuePair<DateTime, string> Pair in this.nonceByExpiration)

                    {

                        if (Pair.Key <= TP)

                        {

                            if (ToRemove is null)

                                ToRemove = new LinkedList<DateTime>();


                            ToRemove.AddLast(Pair.Key);

                            this.expirationByNonce.Remove(Pair.Value);

                        }

                        else

                            break;

                    }


                    if (!(ToRemove is null))

                    {

                        foreach (DateTime ExpiryDate in ToRemove)

                            this.nonceByExpiration.Remove(ExpiryDate);

                    }


                    if (!this.expirationByNonce.TryGetValue(NonceStr, out TP))

                        return null;


                    if (Request.Header.Method != "HEAD")

                    {

                        this.expirationByNonce.Remove(NonceStr);

                        this.nonceByExpiration.Remove(TP);

                    }

                }


                XmppAddress From = new XmppAddress(FullJid);

                byte[] Nonce = Convert.FromBase64String(NonceStr);

                byte[] Signature = Convert.FromBase64String(SignatureStr);

                (LegalIdentity Identity, _) = await this.legalComponent.ValidateSenderSignature(From, null, TP, Nonce, Signature, null);


                if (Identity is null)

                {

                    if (Request.Resource is AttachmentsResource)

                    {

                        string AttachmentId = Request.SubPath.Substring(1);


                        foreach (LegalIdentity ID in await Database.Find<LegalIdentity>(new FilterAnd(

                            new FilterFieldEqualTo("Account", From.Account),

                            new FilterFieldEqualTo("State", IdentityState.Created))))

                        {

                            if (ID.Attachments is null)

                                continue;


                            foreach (AttachmentReference Attachment in ID.Attachments)

                            {

                                if (Attachment.Id == AttachmentId)

                                {

                                    Identity = ID;

                                    break;

                                }

                            }


                            if (!(Identity is null))

                                break;

                        }

                    }

                }

                else if (Identity.State != IdentityState.Approved)

                    Identity = null;


                if (Identity is null)

                {

                    LoginAuditor.Fail("Login attempt failed.", From.BareJid, Request.RemoteEndPoint, "HTTP");

                    return null;

                }

                else

                {

                    LoginAuditor.Success("Login successful.", From.BareJid, Request.RemoteEndPoint, "HTTP");

                    return await LegalIdentityUser.Create(Identity, From, this.legalComponent);

                }

            }


            return null;

        }


    }

}

Waher.Content.CommonTypes
Helps with parsing of commong data types.
Definition: CommonTypes.cs:13

Waher.Content.CommonTypes.ParseFieldValues
static KeyValuePair< string, string >[] ParseFieldValues(string Value)
Parses a set of comma or semicolon-separated field values, optionaly delimited by ' or " characters.
Definition: CommonTypes.cs:472

Waher.IoTGateway.Gateway
Static class managing the runtime environment of the IoT Gateway.
Definition: Gateway.cs:126

Waher.IoTGateway.Gateway.NextBytes
static byte[] NextBytes(int NrBytes)
Generates an array of random bytes.
Definition: Gateway.cs:3534

Waher.Networking.HTTP.HeaderFields.HttpFieldAuthorization
Authorization HTTP Field header. (RFC 2616, §14.8)
Definition: HttpFieldAuthorization.cs:7

Waher.Networking.HTTP.HttpAuthenticationScheme
Base class for all HTTP authentication schemes, as defined in RFC-7235: https://datatracker....
Definition: HttpAuthenticationScheme.cs:11

Waher.Networking.HTTP.HttpField.Value
string Value
HTTP Field Value
Definition: HttpField.cs:31

Waher.Networking.HTTP.HttpRequestHeader.Method
string Method
HTTP Method
Definition: HttpRequestHeader.cs:147

Waher.Networking.HTTP.HttpRequestHeader.Authorization
HttpFieldAuthorization Authorization
Authorization HTTP Field header. (RFC 2616, §14.8)
Definition: HttpRequestHeader.cs:282

Waher.Networking.HTTP.HttpRequest
Represents an HTTP request.
Definition: HttpRequest.cs:18

Waher.Networking.HTTP.HttpRequest.Header
HttpRequestHeader Header
Request header.
Definition: HttpRequest.cs:134

Waher.Networking.HTTP.HttpRequest.RemoteEndPoint
string RemoteEndPoint
Remote end-point.
Definition: HttpRequest.cs:195

Waher.Networking.HTTP.HttpRequest.Session
Variables Session
Contains session states, if the resource requires sessions, or null otherwise.
Definition: HttpRequest.cs:164

Waher.Networking.HTTP.HttpRequest.SubPath
string SubPath
Sub-path. If a resource is found handling the request, this property contains the trailing sub-path o...
Definition: HttpRequest.cs:146

Waher.Networking.HTTP.HttpRequest.Resource
HttpResource Resource
Resource being accessed.
Definition: HttpRequest.cs:173

Waher.Networking.XMPP.Server.XmppAddress
Contains information about one XMPP address.
Definition: XmppAddress.cs:9

Waher.Networking.XMPP.Server.XmppAddress.BareJid
CaseInsensitiveString BareJid
Bare JID
Definition: XmppAddress.cs:45

Waher.Networking.XMPP.Server.XmppAddress.Account
CaseInsensitiveString Account
Account
Definition: XmppAddress.cs:124

Waher.Persistence.Database
Static interface for database persistence. In order to work, a database provider has to be assigned t...
Definition: Database.cs:19

Waher.Persistence.Database.Find
static Task< IEnumerable< object > > Find(string Collection, params string[] SortOrder)
Finds objects in a given collection.
Definition: Database.cs:247

Waher.Persistence.Filters.FilterAnd
This filter selects objects that conform to all child-filters provided.
Definition: FilterAnd.cs:10

Waher.Persistence.Filters.FilterFieldEqualTo
This filter selects objects that have a named field equal to a given value.
Definition: FilterFieldEqualTo.cs:7

Waher.Script.Variable
Contains information about a variable.
Definition: Variable.cs:10

Waher.Script.Variables.TryGetVariable
virtual bool TryGetVariable(string Name, out Variable Variable)
Tries to get a variable object, given its name.
Definition: Variables.cs:52

Waher.Security.LoginMonitor.LoginAuditor
Class that monitors login events, and help applications determine malicious intent....
Definition: LoginAuditor.cs:26

Waher.Security.LoginMonitor.LoginAuditor.Success
static async void Success(string Message, string UserName, string RemoteEndpoint, string Protocol, params KeyValuePair< string, object >[] Tags)
Handles a successful login attempt.
Definition: LoginAuditor.cs:487

Waher.Security.LoginMonitor.LoginAuditor.Fail
static async void Fail(string Message, string UserName, string RemoteEndpoint, string Protocol, params KeyValuePair< string, object >[] Tags)
Handles a failed login attempt.
Definition: LoginAuditor.cs:452

Waher.Service.IoTBroker.Legal.Attachments.Attachment
Represents an attachment to a document.
Definition: Attachment.cs:17

Waher.Service.IoTBroker.Legal.Attachments.Attachment.Id
CaseInsensitiveString Id
Attachment ID
Definition: Attachment.cs:52

Waher.Service.IoTBroker.Legal.Attachments.AttachmentReference
Represents an attachment to a document.
Definition: AttachmentReference.cs:11

Waher.Service.IoTBroker.Legal.Attachments.AttachmentsResource
Definition: AttachmentsResource.cs:18

Waher.Service.IoTBroker.Legal.Identity.LegalIdentity
Definition: LegalIdentity.cs:27

Waher.Service.IoTBroker.Legal.Identity.LegalIdentityUser
User object representing a legal identity.
Definition: LegalIdentityUser.cs:19

Waher.Service.IoTBroker.Legal.Identity.LegalIdentityUser.HasPrivilege
bool HasPrivilege(string Privilege)
If user has a given privilege.
Definition: LegalIdentityUser.cs:118

Waher.Service.IoTBroker.Legal.Identity.LegalIdentityUser.Create
static async Task< LegalIdentityUser > Create(LegalIdentity Identity, XmppAddress From, LegalComponent LegalComponent)
Creates a user object representing a legal identity.
Definition: LegalIdentityUser.cs:47

Waher.Service.IoTBroker.Legal.Identity.LegalSignature
Definition: LegalSignature.cs:19

Waher.Service.IoTBroker.Legal.Identity.LegalSignature.IsAuthenticated
override async Task< IUser > IsAuthenticated(HttpRequest Request)
Checks if the request is authorized.
Definition: LegalSignature.cs:59

Waher.Service.IoTBroker.Legal.Identity.LegalSignature.GetChallenge
override string GetChallenge()
Gets a challenge for the authenticating client to respond to.
Definition: LegalSignature.cs:34

Waher.Service.IoTBroker.Legal.LegalComponent
Provisioning and registry service component.
Definition: LegalComponent.cs:55

Waher.Security.IUser
Basic interface for a user.
Definition: IUser.cs:7

Waher.Content
Definition: Array.cs:6

Waher.IoTGateway
Definition: App.xaml.cs:23

Waher.Networking.HTTP.HeaderFields
Definition: AcceptRecord.cs:4

Waher.Networking.HTTP
Definition: Page.cs:6

Waher.Networking.XMPP.Server
Definition: AccountRecipient.cs:5

Waher.Persistence.Filters
Definition: Filter.cs:2

Waher.Persistence
Definition: Bookmark.cs:4

Waher.Script
Definition: Duration.cs:8

Waher.Security.LoginMonitor
Definition: AnnotateEndpointEventArgs.cs:6

Waher.Security
Definition: AcmeAccount.cs:8

Waher.Service.IoTBroker.Legal.Attachments
Definition: Attachment.cs:6

Waher.Service.IoTBroker.Legal.Identity
Definition: Enumerations.cs:4

Waher.Service.IoTBroker.Legal.Identity.IdentityState
IdentityState
Lists recognized legal identity states.
Definition: Enumerations.cs:9