From 401e9ed5d7fe061377a109a733227bb64dc9fc05 Mon Sep 17 00:00:00 2001
From: Klaus Fischer <klaus.fischer@eloware.com>
Date: Tue, 11 Oct 2022 16:43:07 +0200
Subject: [PATCH] BUG: Attachment Id

---
 FitConnect/Models/Attachment.cs |  2 +-
 FitConnect/Subscriber.cs        | 36 ++++++++++++++++++++-------------
 2 files changed, 23 insertions(+), 15 deletions(-)

diff --git a/FitConnect/Models/Attachment.cs b/FitConnect/Models/Attachment.cs
index 5547ff9d..12688a15 100644
--- a/FitConnect/Models/Attachment.cs
+++ b/FitConnect/Models/Attachment.cs
@@ -52,7 +52,7 @@ public class Attachment {
     }
 
 
-    public string Id { get; } = Guid.NewGuid().ToString();
+    public string Id { get; set; } = Guid.NewGuid().ToString();
 
     public byte[]? Content { get; init; }
     public string? AttachmentAuthentication { get; }
diff --git a/FitConnect/Subscriber.cs b/FitConnect/Subscriber.cs
index d6b2f7c5..ec7da3aa 100644
--- a/FitConnect/Subscriber.cs
+++ b/FitConnect/Subscriber.cs
@@ -10,6 +10,7 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using Newtonsoft.Json;
 using Metadata = FitConnect.Models.Api.Metadata.Metadata;
+using SecurityEventToken = FitConnect.Models.SecurityEventToken;
 
 namespace FitConnect;
 
@@ -71,25 +72,25 @@ public class Subscriber : FitConnectClient,
     /// <returns></returns>
     public ISubscriberWithSubmission RequestSubmission(string submissionId) {
         var submission = (Submission)SubmissionService.GetSubmission(submissionId);
-
-        CheckSubmitEvent(submission);
+        var submitEvent = CheckSubmitEvent(submission);
 
         var (metaDataString, _, metaHash) = Encryption.Decrypt(submission.EncryptedMetadata!);
-
-
         VerifyMetadata(submission, metaDataString);
-
-
         submission.Metadata = JsonConvert.DeserializeObject<Metadata>(metaDataString);
 
-        submission.Attachments = DownloadAttachments(submission);
-
         if (submission.EncryptedData != null) {
             var (dataString, _, dataHash) = Encryption.Decrypt(submission.EncryptedData);
             submission.Data = dataString;
             VerifyDataHash(submission, dataString);
         }
 
+        Dictionary<string, string> attachmentSignatures =
+            (submitEvent.Payload as dynamic)?.authenticationTags?.attachments
+            .ToObject<Dictionary<string, string>>()!;
+
+        submission.Attachments = DownloadAttachments(submission);
+        CheckAttachments(submission, attachmentSignatures);
+
         Submission = submission;
         return this;
     }
@@ -122,7 +123,7 @@ public class Subscriber : FitConnectClient,
     }
 
 
-    private void CheckSubmitEvent(Submission submission) {
+    private SecurityEventToken CheckSubmitEvent(Submission submission) {
         var status = GetStatusForSubmission(submission);
         if (status.Count(set => set.EventType == EventType.Submit) != 1) {
             RejectSubmission(submission, Problems.SchemaViolation);
@@ -134,8 +135,6 @@ public class Subscriber : FitConnectClient,
 
         var dataSignature = authenticationTag?.data?.ToString();
         var metadataSignature = authenticationTag?.metadata.ToString();
-        var attachmentSignatures =
-            authenticationTag?.attachments.ToObject<Dictionary<string, string>>();
 
         if (submission.EncryptedData?.Split('.').Last() != dataSignature) {
             RejectSubmission(submission, Problems.IncorrectAuthenticationTag);
@@ -147,8 +146,19 @@ public class Subscriber : FitConnectClient,
             throw new AggregateException("Metadata signature mismatch");
         }
 
+        return submitEvent;
+    }
+
+    private void CheckAttachments(Submission submission,
+        Dictionary<string, string> attachmentSignatures) {
         if (submission?.Attachments != null) {
+            if (submission.Attachments.Count != attachmentSignatures.Count) {
+                RejectSubmission(submission, Problems.AttachmentsMissmatch);
+                throw new ArgumentException("Attachment count mismatch");
+            }
+
             foreach (var attachment in submission.Attachments) {
+                // BUG: Attachment.ID is wrong set
                 if (attachmentSignatures?[attachment.Id] != attachment.AttachmentAuthentication) {
                     RejectSubmission(submission, Problems.IncorrectAuthenticationTag);
                     throw new AggregateException("Attachment signature mismatch");
@@ -169,8 +179,7 @@ public class Subscriber : FitConnectClient,
     public IEnumerable<Attachment> GetAttachments() {
         if (Submission?.Id == null || Submission?.Metadata == null)
             throw new Exception("No submission available");
-
-
+        
         return Submission.Attachments;
     }
 
@@ -186,7 +195,6 @@ public class Subscriber : FitConnectClient,
                 attachments.Add(new Attachment(attachmentMeta, content,
                     encryptedAttachment.Split('.').Last()));
         }
-
         return attachments;
     }
 
-- 
GitLab