private void SendSqrlData(SqrlData data) { var request = WebRequest.Create("http://" + data.Url); request.Method = "POST"; string postData = string.Format("publickey={0}&signature={1}&url={2}", HttpServerUtility.UrlTokenEncode(data.PublicKey), HttpServerUtility.UrlTokenEncode(data.Signature), data.Url); var byteArray = Encoding.UTF8.GetBytes(postData); request.ContentType = "application/x-www-form-urlencoded"; request.ContentLength = byteArray.Length; var dataStream = request.GetRequestStream(); dataStream.Write(byteArray, 0, byteArray.Length); dataStream.Close(); var response = request.GetResponse(); dataStream = response.GetResponseStream(); var reader = new StreamReader(dataStream); var responseFromServer = reader.ReadToEnd(); dataView.Buffer.Text = responseFromServer; reader.Close(); dataStream.Close(); response.Close(); }
/// <summary> /// Verifies the sqrl request. /// </summary> /// <returns> /// Whether the public key provided decrypts the signature provided. /// </returns> /// <param name='data'> /// The data contained in the SQRL request. /// </param> /// <param name='expectedUrl'> /// The URL that is expected from the request. /// </param> public bool VerifySqrlRequest(SqrlData data, string expectedUrl) { var decryptedSignatureData = _sqrlSigner.Verify(data.PublicKey, data.Signature); var decryptedUrl = Encoding.UTF8.GetString(decryptedSignatureData); return((decryptedUrl == data.Url) && (decryptedUrl == Utility.GetUrlWithoutProtocol(expectedUrl))); }
/// <summary> /// Gets the sqrl data for login. /// </summary> /// <returns> /// The sqrl data for login. /// </returns> /// <param name='masterKey'> /// Master key. /// </param> /// <param name='url'> /// The URL. /// </param> public SqrlData GetSqrlDataForLogin(byte[] masterKey, string url) { var domain = Utility.GetDomainFromUrl(url); var privateKey = _hmacGenerator.GeneratePrivateKey(masterKey, domain); var sqrlData = new SqrlData { Url = Utility.GetUrlWithoutProtocol(url), Signature = _signer.Sign(privateKey, Utility.GetUrlWithoutProtocol(url)), PublicKey = _signer.MakePublicKey(privateKey) }; Array.Clear(privateKey, 0, privateKey.Length); return(sqrlData); }
public ActionResult Sqrl(string id, string publickey, string signature, string url) { var data = new SqrlData { PublicKey = HttpServerUtility.UrlTokenDecode(publickey), Signature = HttpServerUtility.UrlTokenDecode(signature), Url = url }; var expected = string.Format("{0}/{1}", Url.Action("Sqrl", "Login", null, "sqrl", Request.Url.Host + ":" + Request.Url.Port), id); if (_sqrlServer.VerifySqrlRequest(data, expected) && _nutRepository.IsNutActive(id)) { var user = _userRepository.Retrieve(publickey); if (user == null) { // register user user = new SqrlUser { Id = publickey, Initialized = false }; _userRepository.Create(user); } _nutRepository.Validate(id, user.Id); return(Content("valid")); } return(Content("invalid")); }
/// <summary> /// Verifies the sqrl request. /// </summary> /// <returns> /// Whether the public key provided decrypts the signature provided. /// </returns> /// <param name='data'> /// The data contained in the SQRL request. /// </param> /// <param name='expectedUrl'> /// The URL that is expected from the request. /// </param> public bool VerifySqrlRequest(SqrlData data, string expectedUrl) { var decryptedSignatureData = _sqrlSigner.Verify(data.PublicKey, data.Signature); var decryptedUrl = Encoding.UTF8.GetString(decryptedSignatureData); return (decryptedUrl == data.Url) && (decryptedUrl == Utility.GetUrlWithoutProtocol(expectedUrl)); }