From 52588d66d57dcbf9972911d6d1787994eb3687c8 Mon Sep 17 00:00:00 2001
From: Harald Wolff <haraldwolff@skyoffice>
Date: Fri, 15 Nov 2019 13:49:21 +0100
Subject: [PATCH] Initial Commit

---
 .gitignore                  | 41 +++++++++++++++++++
 AuthenticationChallenges.cs | 41 +++++++++++++++++++
 AuthenticationProve.cs      | 23 +++++++++++
 AuthenticationRequest.cs    | 21 ++++++++++
 BaseIdentityProvider.cs     | 34 ++++++++++++++++
 IIdentityProvider.cs        | 18 +++++++++
 Identity.cs                 | 60 ++++++++++++++++++++++++++++
 ODBIdentityProvider.cs      | 78 +++++++++++++++++++++++++++++++++++++
 Properties/AssemblyInfo.cs  | 26 +++++++++++++
 Role.cs                     | 13 +++++++
 RoleAssignment.cs           | 10 +++++
 SecureAttribute.cs          | 36 +++++++++++++++++
 SeededPassword.cs           | 61 +++++++++++++++++++++++++++++
 ln.identities.csproj        | 53 +++++++++++++++++++++++++
 14 files changed, 515 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 AuthenticationChallenges.cs
 create mode 100644 AuthenticationProve.cs
 create mode 100644 AuthenticationRequest.cs
 create mode 100644 BaseIdentityProvider.cs
 create mode 100644 IIdentityProvider.cs
 create mode 100644 Identity.cs
 create mode 100644 ODBIdentityProvider.cs
 create mode 100644 Properties/AssemblyInfo.cs
 create mode 100644 Role.cs
 create mode 100644 RoleAssignment.cs
 create mode 100644 SecureAttribute.cs
 create mode 100644 SeededPassword.cs
 create mode 100644 ln.identities.csproj

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..bf793ed
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,41 @@
+# Autosave files
+*~
+
+# build
+[Oo]bj/
+[Bb]in/
+packages/
+TestResults/
+
+# globs
+Makefile.in
+*.DS_Store
+*.sln.cache
+*.suo
+*.cache
+*.pidb
+*.userprefs
+*.usertasks
+config.log
+config.make
+config.status
+aclocal.m4
+install-sh
+autom4te.cache/
+*.user
+*.tar.gz
+tarballs/
+test-results/
+Thumbs.db
+.vs/
+
+# Mac bundle stuff
+*.dmg
+*.app
+
+# resharper
+*_Resharper.*
+*.Resharper
+
+# dotCover
+*.dotCover
diff --git a/AuthenticationChallenges.cs b/AuthenticationChallenges.cs
new file mode 100644
index 0000000..f5a6c02
--- /dev/null
+++ b/AuthenticationChallenges.cs
@@ -0,0 +1,41 @@
+using System;
+using System.Collections.Generic;
+namespace ln.identities
+{
+    public class AuthenticationChallenges
+    {
+        public AuthenticationChallenge[] Challenges => authenticationChallenges.ToArray();
+
+        List<AuthenticationChallenge> authenticationChallenges = new List<AuthenticationChallenge>();
+
+        private AuthenticationChallenges()
+        {
+        }
+
+        public AuthenticationChallenges(IEnumerable<SecureAttribute> secureAttributes)
+        {
+            foreach (SecureAttribute secureAttribute in secureAttributes)
+            {
+                authenticationChallenges.Add(new AuthenticationChallenge(secureAttribute));
+            }
+        }
+    }
+
+    public class AuthenticationChallenge
+    {
+        public Guid SecureAttributeID { get; private set; }
+        public String SecureAttributeTypeName { get; private set; }
+        public string SecureAttributeLabel { get; private set; }
+        public String AuthenticationParameters { get; private set; }
+        public byte[] Challenge { get; private set; }
+
+        public AuthenticationChallenge(SecureAttribute secureAttribute)
+        {
+            SecureAttributeID = secureAttribute.UniqueID;
+            SecureAttributeTypeName = secureAttribute.GetAttributeTypeName();
+            SecureAttributeLabel = secureAttribute.Label;
+            AuthenticationParameters = secureAttribute.GetAuthenticationParameters();
+            Challenge = secureAttribute.CreateChallenge();
+        }
+    }
+}
diff --git a/AuthenticationProve.cs b/AuthenticationProve.cs
new file mode 100644
index 0000000..8a25b3f
--- /dev/null
+++ b/AuthenticationProve.cs
@@ -0,0 +1,23 @@
+using System;
+namespace ln.identities
+{
+    public class AuthenticationProve
+    {
+        private AuthenticationProve()
+        {
+        }
+        public AuthenticationProve(string identityName,Guid secureAttributeUniqueID,byte[] challenge,byte[] prove)
+        {
+            IdentityName = identityName;
+            SecureAttributeUniqueID = secureAttributeUniqueID;
+            Challenge = challenge;
+            Prove = prove;
+        }
+
+        public string IdentityName { get; private set; }
+        public Guid SecureAttributeUniqueID { get; private set; }
+
+        public byte[] Challenge { get; private set; }
+        public byte[] Prove { get; private set; }
+    }
+}
diff --git a/AuthenticationRequest.cs b/AuthenticationRequest.cs
new file mode 100644
index 0000000..2be65f6
--- /dev/null
+++ b/AuthenticationRequest.cs
@@ -0,0 +1,21 @@
+using System;
+namespace ln.identities
+{
+    public class AuthenticationRequest
+    {
+        public String IdentityName { get; private set; }
+        public String SecureAttributeTypeName { get; private set; }
+
+        private AuthenticationRequest()
+        {
+        }
+
+        public AuthenticationRequest(String identityName,String secureAttributeTypeName)
+        {
+            IdentityName = identityName;
+            SecureAttributeTypeName = secureAttributeTypeName;
+        }
+
+        public AuthenticationRequest(String identityName) : this(identityName, null){}
+    }
+}
diff --git a/BaseIdentityProvider.cs b/BaseIdentityProvider.cs
new file mode 100644
index 0000000..ab87e9f
--- /dev/null
+++ b/BaseIdentityProvider.cs
@@ -0,0 +1,34 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+
+namespace ln.identities
+{
+    public abstract class BaseIdentityProvider : IIdentityProvider
+    {
+        public BaseIdentityProvider()
+        {
+        }
+
+        public virtual Identity Authenticate(AuthenticationProve authenticationProve)
+        {
+            Identity identity = GetIdentity(authenticationProve.IdentityName);
+            if (identity == null)
+                throw new KeyNotFoundException();
+
+            SecureAttribute secureAttribute = identity.GetSecureAttribute(authenticationProve.SecureAttributeUniqueID);
+            if (secureAttribute.Authenticate(authenticationProve.Challenge, authenticationProve.Prove))
+            {
+                return identity;
+            }
+            throw new ArgumentOutOfRangeException();
+        }
+
+        public abstract Identity CreateIdentity(string identityName);
+        public abstract IEnumerable<KeyValuePair<Guid, string>> GetIdentities();
+        public abstract Identity GetIdentity(Guid uniqueID);
+        public abstract bool Save(Identity identity);
+
+        public virtual Identity GetIdentity(string identityName) => GetIdentity(GetIdentities().FirstOrDefault((kvp) => identityName.Equals(kvp.Value)).Key);
+    }
+}
diff --git a/IIdentityProvider.cs b/IIdentityProvider.cs
new file mode 100644
index 0000000..17da2ba
--- /dev/null
+++ b/IIdentityProvider.cs
@@ -0,0 +1,18 @@
+using System;
+using System.Collections.Generic;
+namespace ln.identities
+{
+    public interface IIdentityProvider
+    {
+        IEnumerable<KeyValuePair<Guid, string>> GetIdentities();
+
+        Identity GetIdentity(Guid uniqueID);
+        Identity GetIdentity(string identityName);
+
+        Identity CreateIdentity(string identityName);
+
+        bool Save(Identity identity);
+
+        Identity Authenticate(AuthenticationProve authenticationProve);
+    }
+}
diff --git a/Identity.cs b/Identity.cs
new file mode 100644
index 0000000..5bb659f
--- /dev/null
+++ b/Identity.cs
@@ -0,0 +1,60 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+
+namespace ln.identities
+{
+    public class Identity
+    {
+        public Guid UniqueID { get; private set; }
+
+        public String IdentityName { get; set; }
+
+        List<SecureAttribute> secureAttributes = new List<SecureAttribute>();
+        List<RoleAssignment> roleAssignments = new List<RoleAssignment>();
+
+        private Identity()
+        {
+        }
+
+        private Identity(Guid uniqueID,string identityName)
+        {
+            UniqueID = uniqueID;
+            IdentityName = identityName;
+        }
+
+        public Identity(string identityName) : this(Guid.NewGuid(),identityName){}
+
+        public SecureAttribute GetSecureAttribute(Guid uniqueID)
+        {
+            foreach (SecureAttribute secureAttribute in secureAttributes)
+            {
+                if (secureAttribute.UniqueID.Equals(uniqueID))
+                    return secureAttribute;
+            }
+            throw new KeyNotFoundException();
+        }
+
+        public SecureAttribute[] GetSecureAttributes() => secureAttributes.ToArray();
+        public SecureAttribute[] GetSecureAttributes(String secureAttributeTypeName) => secureAttributeTypeName == null ? GetSecureAttributes() : secureAttributes.Where((secureAttribute)=>secureAttribute.GetAttributeTypeName().Equals(secureAttributeTypeName)).ToArray();
+        public KeyValuePair<Guid, byte[]>[] GetChallenges() => GetChallenges(null);
+        public KeyValuePair<Guid,byte[]>[] GetChallenges(String secureAttributeTypeName)
+        {
+            SecureAttribute[] sas = GetSecureAttributes(secureAttributeTypeName);
+            KeyValuePair<Guid, byte[]>[] challenges = new KeyValuePair<Guid, byte[]>[sas.Length];
+
+            for (int n = 0; n < sas.Length; n++)
+            {
+                challenges[n] = new KeyValuePair<Guid, byte[]>(sas[n].UniqueID, sas[n].CreateChallenge());
+            }
+
+            return challenges;
+        }
+
+        public void AddSecureAttribute(SecureAttribute secureAttribute) => secureAttributes.Add(secureAttribute);
+        public void RemoveSecureAttribute(SecureAttribute secureAttribute) => secureAttributes.Remove(secureAttribute);
+
+
+
+    }
+}
diff --git a/ODBIdentityProvider.cs b/ODBIdentityProvider.cs
new file mode 100644
index 0000000..9fc81e1
--- /dev/null
+++ b/ODBIdentityProvider.cs
@@ -0,0 +1,78 @@
+using System;
+using System.Collections.Generic;
+using ln.types.odb.ng.storage;
+using ln.types.odb.ng;
+using System.Linq;
+using ln.types.btree;
+using ln.types.collections;
+using System.Security.Principal;
+namespace ln.identities
+{
+    public class ODBIdentityProvider : BaseIdentityProvider
+    {
+        public IStorageContainer StorageContainer { get; }
+
+        Mapper mapper;
+        WeakValueDictionary<Guid, Identity> identityCache = new WeakValueDictionary<Guid, Identity>();
+
+        public ODBIdentityProvider(IStorageContainer storageContainer)
+        {
+            StorageContainer = storageContainer;
+            mapper = new Mapper(storageContainer);
+
+            mapper.EnsureIndex<Identity>("UniqueID");
+            mapper.EnsureIndex<Identity>("IdentityName");
+        }
+
+        public override IEnumerable<KeyValuePair<Guid, string>> GetIdentities() => mapper.Load<Identity>().Select((identity) => new KeyValuePair<Guid, string>(identity.UniqueID, identity.IdentityName));
+        public override Identity GetIdentity(Guid uniqueID)
+        {
+            if (identityCache.ContainsKey(uniqueID))
+                return identityCache[uniqueID];
+
+            Identity identity = mapper.Load<Identity>(Query.Equals<Identity>("UniqueID", uniqueID)).FirstOrDefault();
+            if (identity != null)
+            {
+                identityCache.Add(identity.UniqueID,identity);
+                return identity;
+            }
+
+            throw new KeyNotFoundException();
+        }
+        public override Identity GetIdentity(string identityName)
+        {
+            Identity identity = mapper.Load<Identity>(Query.Equals<Identity>("IdentityName", identityName)).FirstOrDefault();
+            if (identity != null)
+            {
+                if (!identityCache.ContainsKey(identity.UniqueID))
+                    identityCache.Add(identity.UniqueID, identity);
+
+                return identity;
+            }
+            throw new KeyNotFoundException();
+        }
+
+        public override Identity CreateIdentity(string identityName)
+        {
+            Identity identity = new Identity(identityName);
+            identityCache.Add(identity.UniqueID, identity);
+            return identity;
+        }
+
+        public override bool Save(Identity identity)
+        {
+            if (!identityCache.ContainsKey(identity.UniqueID))
+                throw new KeyNotFoundException();
+
+            Identity cachedIdentity = identityCache[identity.UniqueID];
+
+            if (!Object.ReferenceEquals(identity, cachedIdentity))
+                throw new ArgumentOutOfRangeException();
+
+            mapper.Save<Identity>(cachedIdentity);
+
+            return true;
+        }
+
+    }
+}
diff --git a/Properties/AssemblyInfo.cs b/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000..e421788
--- /dev/null
+++ b/Properties/AssemblyInfo.cs
@@ -0,0 +1,26 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+
+// Information about this assembly is defined by the following attributes. 
+// Change them to the values specific to your project.
+
+[assembly: AssemblyTitle("ln.identities")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("")]
+[assembly: AssemblyCopyright("")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// The assembly version has the format "{Major}.{Minor}.{Build}.{Revision}".
+// The form "{Major}.{Minor}.*" will automatically update the build and revision,
+// and "{Major}.{Minor}.{Build}.*" will update just the revision.
+
+[assembly: AssemblyVersion("1.0.*")]
+
+// The following attributes are used to specify the signing key for the assembly, 
+// if desired. See the Mono documentation for more information about signing.
+
+//[assembly: AssemblyDelaySign(false)]
+//[assembly: AssemblyKeyFile("")]
diff --git a/Role.cs b/Role.cs
new file mode 100644
index 0000000..f237e04
--- /dev/null
+++ b/Role.cs
@@ -0,0 +1,13 @@
+using System;
+namespace ln.identities
+{
+    public class Role
+    {
+        public String Name { get; }
+
+
+        public Role()
+        {
+        }
+    }
+}
diff --git a/RoleAssignment.cs b/RoleAssignment.cs
new file mode 100644
index 0000000..4e8ee1c
--- /dev/null
+++ b/RoleAssignment.cs
@@ -0,0 +1,10 @@
+using System;
+namespace ln.identities
+{
+    public class RoleAssignment
+    {
+        public RoleAssignment()
+        {
+        }
+    }
+}
diff --git a/SecureAttribute.cs b/SecureAttribute.cs
new file mode 100644
index 0000000..3e00109
--- /dev/null
+++ b/SecureAttribute.cs
@@ -0,0 +1,36 @@
+using System;
+namespace ln.identities
+{
+    public abstract class SecureAttribute
+    {
+        static public Random Random { get; } = new Random();
+
+        public Guid UniqueID { get; private set; }
+        public String Label { get; set; }
+
+        public byte[] Challenge { get; private set; }
+
+        protected SecureAttribute()
+        {
+            UniqueID = Guid.NewGuid();
+        }
+        protected SecureAttribute(String label)
+            :this()
+        {
+            Label = label;
+        }
+
+        public abstract String GetAuthenticationParameters();
+        public abstract bool Authenticate(byte[] challenge, byte[] prove);
+
+        public virtual byte[] CreateChallenge()
+        {
+            Challenge = new byte[32];
+            Random.NextBytes(Challenge);
+            return Challenge;
+        }
+
+        public string GetAttributeTypeName() => this.GetType().Name;
+
+    }
+}
diff --git a/SeededPassword.cs b/SeededPassword.cs
new file mode 100644
index 0000000..f044fcb
--- /dev/null
+++ b/SeededPassword.cs
@@ -0,0 +1,61 @@
+using System;
+using System.Security.Cryptography;
+using System.Text;
+using System.Linq;
+using ln.types;
+namespace ln.identities
+{
+    public class SeededPassword : SecureAttribute
+    {
+        public byte[] Seed { get; }
+
+        byte[] secretBytes;
+
+        private SeededPassword() { }
+
+        public SeededPassword(byte[] seed,byte[] secretBytes)
+            :base("Passwort")
+        {
+            this.Seed = seed;
+            this.secretBytes = secretBytes;
+        }
+        public SeededPassword(string password)
+            :base("Passwort")
+        {
+            Seed = new byte[32];
+            Random.NextBytes(Seed);
+
+            using (SHA256 sha256 = SHA256.Create())
+            {
+                byte[] passwordBytes = Encoding.UTF8.GetBytes(password);
+                Console.WriteLine("PasswordBytes={0}", passwordBytes.ToHexString());
+                Console.WriteLine("Seed={0}", Seed.ToHexString());
+
+                sha256.TransformBlock(Seed, 0, Seed.Length, null, 0);
+                sha256.TransformBlock(passwordBytes, 0, passwordBytes.Length, null, 0);
+                sha256.TransformFinalBlock(Seed, 0, Seed.Length);
+
+                secretBytes = sha256.Hash;
+                Console.WriteLine("SecretBytes={0}", secretBytes.ToHexString());
+            }
+        }
+
+        public override bool Authenticate(byte[] challenge,byte[] prove)
+        {
+            if (!Challenge.AreEqual(challenge))
+                return false;
+
+            using (SHA256 sha256 = SHA256.Create())
+            {
+                sha256.TransformBlock(Challenge, 0, Challenge.Length, null, 0);
+                sha256.TransformBlock(secretBytes, 0, secretBytes.Length, null, 0);
+                sha256.TransformFinalBlock(Challenge, 0, Challenge.Length);
+
+                byte[] myProve = sha256.Hash;
+                return myProve.AreEqual(prove);
+            }
+        }
+
+        public override string GetAuthenticationParameters() => Seed.ToHexString();
+    }
+}
diff --git a/ln.identities.csproj b/ln.identities.csproj
new file mode 100644
index 0000000..5ec3d49
--- /dev/null
+++ b/ln.identities.csproj
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{AA1F75AF-0AEC-4CC0-AC3B-209AE90781AC}</ProjectGuid>
+    <OutputType>Library</OutputType>
+    <RootNamespace>ln.identities</RootNamespace>
+    <AssemblyName>ln.identities</AssemblyName>
+    <TargetFrameworkVersion>v4.7</TargetFrameworkVersion>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug</OutputPath>
+    <DefineConstants>DEBUG;</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+    <ConsolePause>false</ConsolePause>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release</OutputPath>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+    <ConsolePause>false</ConsolePause>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="System" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="Identity.cs" />
+    <Compile Include="Role.cs" />
+    <Compile Include="RoleAssignment.cs" />
+    <Compile Include="SeededPassword.cs" />
+    <Compile Include="SecureAttribute.cs" />
+    <Compile Include="IIdentityProvider.cs" />
+    <Compile Include="AuthenticationProve.cs" />
+    <Compile Include="ODBIdentityProvider.cs" />
+    <Compile Include="AuthenticationRequest.cs" />
+    <Compile Include="AuthenticationChallenges.cs" />
+    <Compile Include="BaseIdentityProvider.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\ln.types\ln.types.csproj">
+      <Project>{8D9AB9A5-E513-4BA7-A450-534F6456BF28}</Project>
+      <Name>ln.types</Name>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
+</Project>
\ No newline at end of file