BulkPrintingAPI/BulkPrintingAPI/Controllers/Utils.cs

using BulkPrintingAPI.Configuration;
using CoreFtp;
using MAX.Models;
using Microsoft.AspNetCore.Http;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Caching.Memory;
using Microsoft.Extensions.Logging;
using System;
using System.Diagnostics;
using System.IO;
using System.Security.Claims;
using System.Security.Cryptography;
using System.Text;
using System.Threading.Tasks;

namespace BulkPrintingAPI.Controllers
{
    public static class Utils
    {
        public static byte GetMinimalBitmask(byte value)
        {
            if (value == 0)
            {
                return 0;
            }
            value--;
            value |= (byte)(value >> 1);
            value |= (byte)(value >> 2);
            value |= (byte)(value >> 4);
            return value;
        }

        public static string GenerateRandomStringFromAlphabet(int length, string alphabet =
            "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()_-+=[{]};:<>|./?")
        {
            if (alphabet.Length > 255)
            {
                throw new ArgumentException("Alphabet too long", nameof(alphabet));
            }

            var minimalBitmask = GetMinimalBitmask((byte)alphabet.Length);
            var builder = new StringBuilder(length);
            var randomBytes = new byte[length * 2];
            int offset = randomBytes.Length;
            using (var rng = RandomNumberGenerator.Create())
            {
                while (builder.Length < length)
                {
                    if (offset >= randomBytes.Length)
                    {
                        rng.GetBytes(randomBytes);
                        offset = 0;
                    }

                    // We constrain c using minimalBitmask (minimal power of
                    // two greater than alphabetSize, minus 1) so that it is as
                    // close to fitting within alphabet.Length as possible while still
                    // being evenly distributed. We then throw away any numbers >=
                    // alphabet.Length. This is wasteful but it is the only way of
                    // generating an unbiased selection, and random number
                    // generators are very fast.
                    byte c = (byte)(randomBytes[offset] & minimalBitmask);
                    if (c < alphabet.Length)
                    {
                        builder.Append(alphabet[c]);
                    }
                    offset++;
                }
            }

            return builder.ToString();
        }

        public static byte[] GenerateAndAesEncryptKey(int keyLength, byte[] encryptingKey)
        {
            var key = new byte[keyLength];
            using (var rng = RandomNumberGenerator.Create())
            {
                rng.GetBytes(key);
            }
            using (var aes = Aes.Create())
            using (var encryptor = aes.CreateEncryptor(encryptingKey, new byte[16]))
            {
                return MAX.Utils.Transform(encryptor, key);
            }
        }

        public static byte[] GenerateAndAesEncryptPassword(int passwordLength, byte[] encryptingKey)
        {
            var password = GenerateRandomStringFromAlphabet(passwordLength);
            using (var aes = Aes.Create())
            using (var encryptor = aes.CreateEncryptor(encryptingKey, new byte[16]))
            {
                return MAX.Utils.Transform(encryptor, Encoding.ASCII.GetBytes(password));
            }
        }

        public static byte[] AesDecryptBytes(byte[] cipherText, byte[] key)
        {
            using (var aes = Aes.Create())
            using (var decryptor = aes.CreateDecryptor(key, new byte[16]))
            {
                return MAX.Utils.Transform(decryptor, cipherText);
            }
        }

        public static string AesDecryptString(byte[] cipherText, byte[] key)
        {
            return Encoding.ASCII.GetString(AesDecryptBytes(cipherText, key));
        }

        public static byte[] AesReEncrypt(byte[] cipherText, byte[] originalKey, byte[] newKey)
        {
            using (var aes = Aes.Create())
            {
                byte[] plainText;
                using (var decryptor = aes.CreateDecryptor(originalKey, new byte[16]))
                {
                    plainText = MAX.Utils.Transform(decryptor, cipherText);
                }
                using (var encryptor = aes.CreateEncryptor(newKey, new byte[16]))
                {
                    return MAX.Utils.Transform(encryptor, plainText);
                }
            }
        }

        public static async Task<MAX.LoginCredentials> SyncUserAndVendorWithDb(MAXContext context,
            DataEncryptionOptions dataEncryptionOptions, User user, string password, int vendorId,
            string serialNumber)
        {
            var warehouse = user.Account.Warehouse;
            var existingWarehouse = await context.Warehouses.FindAsync(warehouse.Id).ConfigureAwait(false);
            if (existingWarehouse == null)
            {
                context.Warehouses.Add(warehouse);
            }
            else
            {
                existingWarehouse.Name = warehouse.Name;
                warehouse = existingWarehouse;
            }

            var account = user.Account;
            var existingAccount = await context.Accounts.FindAsync(account.Id).ConfigureAwait(false);
            if (existingAccount == null)
            {
                context.Accounts.Add(account);
            }
            else
            {
                existingAccount.Name = account.Name;
                existingAccount.Status = account.Status;
                existingAccount.Reference = account.Reference;
                existingAccount.Balance = account.Balance;

                account = existingAccount;
            }
            account.Warehouse = warehouse;

            var existingUser = await context.Users.FindAsync(user.Id).ConfigureAwait(false);
            if (existingUser == null)
            {
                context.Users.Add(user);
            }
            else
            {
                existingUser.Username = user.Username;
                existingUser.FirstName = user.FirstName;
                existingUser.Surname = user.Surname;
                existingUser.Enabled = user.Enabled;
                existingUser.Level = user.Level;
                existingUser.System = user.System;
                existingUser.LastLogin = user.LastLogin;

                existingUser.CanPrintOffline = user.CanPrintOffline;
                existingUser.CanPrintOnline = user.CanPrintOnline;
                existingUser.CanReprintOffline = user.CanReprintOffline;
                existingUser.CanReprintOnline = user.CanReprintOnline;
                existingUser.OfflinePrintValue = user.OfflinePrintValue;
                existingUser.OfflineReprintValue = user.OfflineReprintValue;
                existingUser.OnlinePrintValue = user.OnlinePrintValue;
                existingUser.OnlineReprintValue = user.OnlineReprintValue;

                user = existingUser;
            }
            user.Account = account;

            var vendor = await context.Vendors.FindAsync(vendorId).ConfigureAwait(false);
            if (vendor == null)
            {
                vendor = new Vendor()
                {
                    Id = vendorId,
                    SerialNumber = serialNumber,
                    Account = account,
                    EncryptedDatabasePassword =
                        // A password length of 31 bytes results keeps us inside 2 AES blocks (32 bytes)
                        // as padding is a minimum of 1 byte.
                        GenerateAndAesEncryptPassword(31, dataEncryptionOptions.DefaultKey),
                    EncryptedVoucherKey =
                        GenerateAndAesEncryptKey(24, dataEncryptionOptions.DefaultKey)
                };
                context.Add(vendor);
            }
            else
            {
                vendor.SerialNumber = serialNumber;
                vendor.Account = account;
            }

            await context.SaveChangesAsync().ConfigureAwait(false);

            return new MAX.LoginCredentials
            {
                User = user,
                Vendor = vendor,
                Password = password
            };
        }

        public static async Task<MAX.LoginCredentials> GetLoginCredentialsFromRequest(
            HttpContext httpContext, MAXContext dbContext)
        {
            var authInfo = await httpContext.Authentication.GetAuthenticateInfoAsync("Bearer");
            if (authInfo == null)
            {
                throw new Exception("Not authenticated");
            }

            int userId = -1;
            int vendorId = -1;
            string password = null;
            foreach (var claim in authInfo.Principal.Claims)
            {
                switch (claim.Type)
                {
                    case ClaimTypes.NameIdentifier:
                        userId = int.Parse(claim.Value);
                        break;
                    case "xvid":
                        vendorId = int.Parse(claim.Value);
                        break;
                    case "xpwd":
                        password = claim.Value;
                        break;
                }
            }

            var credentials = new MAX.LoginCredentials()
            {
                User = await dbContext.Users
                    .Include(u => u.Account)
                    .ThenInclude(a => a.Warehouse)
                    .SingleOrDefaultAsync(u => u.Id == userId)
                    .ConfigureAwait(false),
                Vendor = await dbContext.Vendors
                    .Include(v => v.Account) // Technically not necessary as the account is loaded above
                    .SingleOrDefaultAsync(v => v.Id == vendorId)
                    .ConfigureAwait(false),
                Password = password
            };

            if ((credentials.User == null) || (credentials.Vendor == null))
            {
                throw new Exception(String.Format(
                    "Missing user or vendor information for userId={0} vendorId={1}",
                    userId, vendorId));
            }

            return credentials;
        }

        public static async Task<ProductCatalogue> GetProductCatalogueAsync(
            MAX.ClientFactory clientFactory, ILogger logger, IMemoryCache cache,
            MAX.LoginCredentials credentials)
        {
            return await cache.GetOrCreateAsync(
                CacheKeys.GetAccountProductsKey(credentials.User.AccountId),
                entry =>
                {
                    // TODO: set expiry time, etc.
                    return MAX.Utils.GetProductCatalogueAsync(clientFactory, logger, credentials);
                }).ConfigureAwait(false);
        }

        [Conditional("DEBUG")]
        private static void VoucherSanityCheck(Batch batch, decimal faceValue, int batchId,
            string productDescription)
        {
            if (batch.FaceValue != faceValue)
            {
                throw new Exception("Voucher face value mismatch");
            }
            if (batch.Id != batchId)
            {
                throw new Exception("Voucher batch ID mismatch");
            }
            if (batch.ProductDescription != productDescription)
            {
                throw new Exception("Voucher product description mismatch");
            }
        }

        public static async Task DownloadVouchersAsync(MAXContext context, Batch batch)
        {
            var remoteFileName = string.Format("{0}_{1}.dat", batch.Account.Id, batch.Id);
            using (var voucherStream = new MemoryStream())
            {
                using (var ftp = new FtpClient(new FtpClientConfiguration()
                {
                    Host = "41.223.25.5",
                    Username = "anonymous",
                    Password = "andrew@"
                }))
                {
                    await ftp.LoginAsync().ConfigureAwait(false);
                    using (var downloadStream = await ftp.OpenFileReadStreamAsync(remoteFileName)
                        .ConfigureAwait(false))
                    {
                        await downloadStream.CopyToAsync(voucherStream).ConfigureAwait(false);
                    }
                }

                voucherStream.Position = 0;
                using (var streamReader = new StreamReader(voucherStream))
                {
                    while (streamReader.Peek() >= 0)
                    {
                        var line = streamReader.ReadLine();
                        var parts = line.Split('|');

                        VoucherSanityCheck(batch, decimal.Parse(parts[4]), int.Parse(parts[5]),
                            parts[7]);

                        context.Add(new Voucher()
                        {
                            Id = int.Parse(parts[0]),
                            ExpiryDate = DateTime.Parse(parts[1]),
                            Serial = parts[2],
                            EncryptedPIN = parts[3],
                            SequenceNumber = int.Parse(parts[6]),
                            Batch = batch
                        });
                    }
                }
            }

            batch.ReadyForDownload = true;
            await context.SaveChangesAsync().ConfigureAwait(false);
        }
    }
}