Implemented 5.4

FitConnect/Services/Models/v1/Api/Problems.cs

@@ -25,7 +25,8 @@ public class Problems {
     public const string DetailMissingData = "Der Fachdatensatz fehlt.";
 
     public const string TitleHashMismatch = "Prüfsumme stimmt nicht";
-    public const string DetailDataHashMismatch = "Die Prüfsumme des Fachdatensatzes stimmt nicht.";
+    public const string DetailHashMismatchData = "Die Prüfsumme des Fachdatensatzes stimmt nicht.";
+    public const string DetailHashMismatchAttachment = "Der Hash der Anlage {0} stimmt nicht.";
 
     public const string TitleMissingSchema = "Schema-Referenz fehlt";
     public const string DetailMissingSchema = "Die Schema-Referenz fehlt im Metadatensatz.";

FitConnect/Subscriber.cs

@@ -283,7 +283,7 @@ public class Subscriber : FitConnectClient,
         // SuccessCriteria: 4.3
         var problem = new Problems(Problems.ProblemTypeEnum.HashMismatch,
             Problems.TitleHashMismatch,
-            detail: Problems.DetailDataHashMismatch, Problems.ProblemInstanceEnum.Data);
+            detail: Problems.DetailHashMismatchData, Problems.ProblemInstanceEnum.Data);
         RejectSubmission(submission, Problems.EncryptionIssue);
         throw new SecurityEventException(problem);
     }
@@ -339,7 +339,7 @@ public class Subscriber : FitConnectClient,
         if (submission.EncryptedData?.Split('.').Last() != dataSignature) {
             // SuccessCriteria: 4.1
             var problem = new Problems(Problems.ProblemTypeEnum.IncorrectAuthenticationTag,
-                Problems.DetailDataHashMismatch);
+                Problems.DetailHashMismatchData);
             RejectSubmission(submission, problem);
             throw new SecurityEventException(problem);
         }
@@ -420,16 +420,10 @@ public class Subscriber : FitConnectClient,
                 throw new SecurityEventException(problem, e);
             }
 
+            byte[]? content;
+            byte[]? hash;
             try {
-                var (_, content, hash) = Encryption.Decrypt(encryptedAttachment);
-                var attachmentMeta =
-                    submission.Metadata?.ContentStructure.Attachments.First(a =>
-                        a.AttachmentId == id);
-
-                if (attachmentMeta != null)
-                    attachments.Add(new Attachment(id, attachmentMeta, content,
-                        encryptedAttachment.Split('.').Last()));
-
+                (_, content, hash) = Encryption.Decrypt(encryptedAttachment);
             }
             catch (Exception e) {
                 var problem = new Problems(
@@ -437,11 +431,30 @@ public class Subscriber : FitConnectClient,
                     Problems.TitleEncryptionIssue,
                     string.Format(Problems.DetailEncryptionIssueAttachment, id),
                     "attachment:{id}"
-                    );
-                
+                );
+
                 RejectSubmission(submission, problem);
                 throw new SecurityEventException(problem, e);
             }
+
+            var attachmentMeta =
+                submission.Metadata?.ContentStructure.Attachments.First(a =>
+                    a.AttachmentId == id);
+
+            if (attachmentMeta != null)
+                attachments.Add(new Attachment(id, attachmentMeta, content,
+                    encryptedAttachment.Split('.').Last()));
+
+            // SuccessCriteria: Hash-Check 5.4
+            if (attachmentMeta?.Hash.Content != FitEncryption.CalculateHash(content)) {
+                var problem = new Problems(
+                    Problems.ProblemTypeEnum.HashMismatch,
+                    Problems.TitleHashMismatch,
+                    string.Format(Problems.DetailHashMismatchAttachment, id),
+                    "attachment:{id}");
+                RejectSubmission(submission, problem);
+                throw new SecurityEventException(problem);
+            }
         }
 
         return attachments;