Beispiel #1
0
        /// <summary>
        /// Used by the client to autenticate using Private Key Authentication.
        /// </summary>
        /// <param name="domainId"></param>
        /// <param name="memberId"></param>
        /// <param name="baseUrl"></param>
        /// <returns></returns>
        public static bool AuthenticateWithPPK(string domainId, string memberId, string baseUrl)
        {
            try
            {
                Store    store    = Store.GetStore();
                Domain   domain   = store.GetDomain(domainId);
                Member   member   = domain.GetMemberByID(memberId);
                WebState webState = new WebState(domainId);
                // Get the challenge and sign it with the Private Key to use as a one time password.
                string         url     = baseUrl + "/Login.ashx?" + NonceKey + "=Get";
                HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
                webState.InitializeWebRequest(request, domain.ID);
                request.ContentType = "application/octet-stream";
                request.Method      = "GET";
                HttpWebResponse response = (HttpWebResponse)request.GetResponse();
                request.CookieContainer.Add(response.Cookies);

                if (response.StatusCode != HttpStatusCode.OK)
                {
                    CookieCollection cc = request.CookieContainer.GetCookies(new Uri(url));
                    foreach (Cookie cookie in cc)
                    {
                        cookie.Expired = true;
                    }
                    return(false);
                }

                string nonce = response.Headers.Get(NonceKey);
                if (nonce != null)
                {
                    byte[] bChallenge = Nonce.GetBytes(nonce);
                    byte[] signed     = store.CurrentUser.GetDomainCredential(domain.ID).SignData(bChallenge, new SHA1CryptoServiceProvider());
                    // Now authenticate using signed data
                    url     = baseUrl + "/Login.ashx?" + PpkAuthKey + "=" + member.UserID;
                    request = (HttpWebRequest)WebRequest.Create(url);
                    webState.InitializeWebRequest(request, domain.ID);
                    request.ContentType = "application/octet-stream";
                    request.Method      = "POST";
                    request.Headers.Add(Simias.Security.Web.AuthenticationService.Login.DomainIDHeader, domain.ID);
                    Stream rStream = request.GetRequestStream();
                    rStream.Write(signed, 0, signed.Length);
                    rStream.Close();
                    response = (HttpWebResponse)request.GetResponse();
                }
            }
            catch { return(false); }
            return(true);
        }
Beispiel #2
0
        public void EncryptWithADTestWithPlainText()
        {
            String key                  = "908b166535c01a935cf1e130a5fe895ab4e6f3ef8855d87e9b7581c4ab663ddc";
            String additionalData       = "90578e247e98674e661013da3c5c1ca6a8c8f48c90b485c0dfa1494e23d56d72";
            String plaintext            = "034f355bdcb7cc0af728ef3cceb9615d90684bb5b2ca5f859ab0f0b704075871aa";
            String expectedCipherResult = "b9e3a702e93e3a9948c2ed6e5fd7590a6e1c3a0344cfc9d5b57357049aa22355361aa02e55a8fc28fef5bd6d71ad0c3822";

            Nonce nonce = new Nonce();

            nonce.Increment();

            (byte[] actualCipherText, byte[] mac) = ChaCha20Poly1305.EncryptWithAdditionalData(key.HexToByteArray(), nonce.GetBytes(), additionalData.HexToByteArray(), plaintext.HexToByteArray());

            Assert.Equal(expectedCipherResult, actualCipherText.ToHex() + mac.ToHex());
        }
Beispiel #3
0
        public void EncryptWithADTestWithoutPlainTextMacTest()
        {
            String key                  = "e68f69b7f096d7917245f5e5cf8ae1595febe4d4644333c99f9c4a1282031c9f";
            String additionalData       = "9e0e7de8bb75554f21db034633de04be41a2b8a18da7a319a03c803bf02b396c";
            String expectedCipherResult = "0df6086551151f58b8afe6c195782c6a";

            Nonce nonce = new Nonce();

            (byte[] actualCipherText, byte[] mac) = ChaCha20Poly1305.EncryptWithAdditionalData(key.HexToByteArray(), nonce.GetBytes(), additionalData.HexToByteArray(), new byte[0]);
            Assert.Equal(new byte[0], actualCipherText);
            Assert.Equal(expectedCipherResult, mac.ToHex());
        }
Beispiel #4
0
        /// <summary>
        /// Used by server to validate the signature using PPK.
        /// </summary>
        /// <param name="domainId"></param>
        /// <param name="memberId"></param>
        /// <param name="signed"></param>
        /// <param name="ctx"></param>
        static public void VerifyWithPPK(string domainId, string memberId, byte[] signed, HttpContext ctx)
        {
            Simias.Authentication.Session simiasSession;
            Simias.Storage.Domain         domain = null;
            Simias.Storage.Member         member = null;
            Store store = Store.GetStore();

            ctx.Response.Cache.SetCacheability(HttpCacheability.NoCache);

            domain = store.GetDomain(domainId);
            if (domain == null)
            {
                ctx.Response.StatusCode        = 500;
                ctx.Response.StatusDescription = "Invalid Domain";
                ctx.ApplicationInstance.CompleteRequest();
                return;
            }

            member = domain.GetMemberByID(memberId);
            if (member == null)
            {
                ctx.Response.StatusCode        = 500;
                ctx.Response.StatusDescription = "Invalid Member";
                ctx.ApplicationInstance.CompleteRequest();
                return;
            }

            if (ctx.Session == null)
            {
                // Must have a session.
                ctx.Response.StatusCode = 401;
                ctx.Response.AddHeader(
                    "WWW-Authenticate",
                    String.Concat("Basic realm=\"", domain.Name, "\""));

                ctx.ApplicationInstance.CompleteRequest();
                return;
            }

            simiasSession = ctx.Session[sessionTag] as Simias.Authentication.Session;
            if (simiasSession != null)
            {
                ctx.User = simiasSession.User;
            }

            if (ctx.User.Identity.IsAuthenticated == false)
            {
                // Validate signature.
                string nonce      = (string)ctx.Session[NonceKey];
                byte[] nonceBytes = Nonce.GetBytes(nonce);
                if (member.PublicKey.VerifyData(nonceBytes, new SHA1CryptoServiceProvider(), signed))
                {
                    simiasSession          = new Simias.Authentication.Session();
                    simiasSession.MemberID = member.UserID;
                    simiasSession.Requests++;
                    ctx.Session[sessionTag] = simiasSession;

                    // Setup a principal
                    simiasSession.User =
                        new GenericPrincipal(
                            new GenericIdentity(
                                member.UserID,
                                PpkType),
                            hostRoles);

                    ctx.User = simiasSession.User;
                    Thread.CurrentPrincipal = ctx.User;

                    // Set the last login time for the user.
                    SetLastLoginTime(domain, member);
                }
                else
                {
                    // Failed
                    ctx.Response.StatusCode = 401;
                    ctx.Response.AddHeader(
                        "WWW-Authenticate",
                        String.Concat("Basic realm=\"", domain.Name, "\""));
                    ctx.ApplicationInstance.CompleteRequest();
                    return;
                }
            }
            else
            {
                simiasSession.Requests++;
                Thread.CurrentPrincipal = ctx.User;
                member = domain.GetMemberByID(simiasSession.MemberID);
            }
        }