From b0d3fdb192e19b85060c638b2f2abd7b2b5a020b Mon Sep 17 00:00:00 2001
From: Klaus Fischer <klaus.fischer@eloware.com>
Date: Thu, 15 Sep 2022 07:36:09 +0200
Subject: [PATCH] WIP: TokenVerification for SET events not working for sender
due to missing public key
---
FitConnect/Encryption/FitEncryption.cs | 2 +-
FitConnect/FitConnectClient.cs | 14 +++++++++++---
FitConnect/Models/SecurityEventToken.cs | 12 +++++-------
3 files changed, 17 insertions(+), 11 deletions(-)
diff --git a/FitConnect/Encryption/FitEncryption.cs b/FitConnect/Encryption/FitEncryption.cs
index 4975ed14..c5005d87 100644
--- a/FitConnect/Encryption/FitEncryption.cs
+++ b/FitConnect/Encryption/FitEncryption.cs
@@ -209,7 +209,7 @@ public class FitEncryption {
return sb.ToString();
}
-
+
public static bool VerifyJwt(string signature, IEnumerable<JsonWebKey> keys,
ILogger? logger = null) {
foreach (var key in keys)
diff --git a/FitConnect/FitConnectClient.cs b/FitConnect/FitConnectClient.cs
index 19089979..fa1c531f 100644
--- a/FitConnect/FitConnectClient.cs
+++ b/FitConnect/FitConnectClient.cs
@@ -104,9 +104,17 @@ public abstract class FitConnectClient {
public List<SecurityEventToken> GetStatusForSubmission(string caseId, string destinationId,
bool skipTest = false) {
var events = SubmissionService.GetStatusForSubmissionAsync(caseId, destinationId, skipTest)
- .Result;
- return events?.Where(s => s != null)
- .Select(e => new SecurityEventToken(e!)).ToList() ?? new List<SecurityEventToken>();
+ .Result?.Select(e => new SecurityEventToken(e!)).ToList() ??
+ new List<SecurityEventToken>();
+
+ // Check OCSP Signature of SET Event
+ #warning Sender has no way to verify the OCSP signature
+ if (_publicKeySignatureVerification != null) {
+ var setsSignatureValid = events.Aggregate(true,
+ (run, e) => run &= FitEncryption.VerifyJwt(e.TokenString,
+ new JsonWebKey(_publicKeySignatureVerification), Logger));
+ }
+ return events;
}
/// <summary>
diff --git a/FitConnect/Models/SecurityEventToken.cs b/FitConnect/Models/SecurityEventToken.cs
index de3b3ec1..91ac89b8 100644
--- a/FitConnect/Models/SecurityEventToken.cs
+++ b/FitConnect/Models/SecurityEventToken.cs
@@ -18,7 +18,6 @@ public enum EventType {
}
public class SecurityEventToken {
-
public const string CreateSubmissionSchema =
"https://schema.fitko.de/fit-connect/events/create-submission";
@@ -42,12 +41,12 @@ public class SecurityEventToken {
public SecurityEventToken(string jwtEncodedString) {
- Token = new JsonWebToken(jwtEncodedString);
+ TokenString = jwtEncodedString;
EventType = DecodeEventType(Token.Claims);
- if (Token.Claims.All(c => c.Type != "iat"))
+ if (Token.Claims.All(c => c.Type != "iat"))
return;
-
+
var iat = Token.Claims.FirstOrDefault(c => c.Type == "iat")!.Value;
if (long.TryParse(iat, out var timeEpoch))
EventTime = DateTime.UnixEpoch.AddSeconds(timeEpoch);
@@ -59,7 +58,8 @@ public class SecurityEventToken {
public Events? Event { get; set; }
public object? Payload { get; set; }
- public JsonWebToken Token { get; set; }
+ public JsonWebToken Token => new JsonWebToken(TokenString);
+ public string TokenString { get; set; }
private EventType DecodeEventType(IEnumerable<Claim> claims) {
var eventsClaim = claims.FirstOrDefault(c => c.Type == "events");
@@ -87,14 +87,12 @@ public class SecurityEventToken {
ForwardSubmissionSchema))
return EventType.Forward;
if (eventsClaim.Value.Contains(
-
RejectSubmissionSchema)) {
Problems = GetProblems(events?.Values?.FirstOrDefault()?.ToString() ?? "");
return EventType.Reject;
}
-
if (eventsClaim.Value.Contains(AcceptSubmissionSchema))
return EventType.Accept;
--
GitLab