Beispiel #1
0
        public async Task <TwoFactorValidateResponse> ValidateTwoFactor(string accountSecretKey, string twoFactorCodeFromClient)
        {
            var response = new TwoFactorValidateResponse
            {
                IsValid = _twoFactorSetupRepository.ValidateTwoFactorPin(accountSecretKey, twoFactorCodeFromClient)
            };

            return(await Task.FromResult(response));
        }
        protected Task <byte[]> MockExecuteRest(string endpoint, ApiRequestPayload payload, IAuth auth)
        {
            if (auth.Endpoint.Server != DataVault.DefaultEnvironment)
            {
                return(Task.FromException <byte[]>(new KeeperRegionRedirect(DataVault.DefaultEnvironment)));
            }

            byte[] response = null;
            switch (endpoint)
            {
            case "authentication/register_device":
            {
                var device = new Device()
                {
                    EncryptedDeviceToken = ByteString.CopyFrom(CryptoUtils.GetRandomBytes(64)),
                };
                response = device.ToByteArray();
            }
            break;

            case "authentication/start_login":
            {
                var lrs = new LoginResponse
                {
                    EncryptedLoginToken = ByteString.CopyFrom(DataVault.EncryptedLoginToken),
                };
                if (StopAtDeviceApproval)
                {
                    lrs.LoginState = LoginState.DeviceApprovalRequired;
                }
                else if (StopAtTwoFactor)
                {
                    lrs.LoginState = LoginState.Requires2Fa;
                    lrs.Channels.Add(new TwoFactorChannelInfo
                        {
                            ChannelType = TwoFactorChannelType.TwoFaCtTotp,
                            ChannelUid  = ByteString.CopyFrom(CryptoUtils.GetRandomBytes(8)),
                            ChannelName = "Mock",
                        });
                }
                else if (StopAtPassword)
                {
                    lrs.LoginState = LoginState.RequiresAuthHash;
                    lrs.Salt.Add(new Salt
                        {
                            Iterations = DataVault.UserIterations,
                            Salt_      = ByteString.CopyFrom(DataVault.UserSalt),
                            Name       = "Mock",
                            Uid        = ByteString.CopyFrom(CryptoUtils.GetRandomBytes(8)),
                        });
                }
                else
                {
                    lrs.LoginState            = LoginState.LoggedIn;
                    lrs.AccountUid            = ByteString.CopyFrom(DataVault.AccountUid);
                    lrs.PrimaryUsername       = DataVault.UserName;
                    lrs.CloneCode             = ByteString.CopyFrom(CryptoUtils.GetRandomBytes(8));
                    lrs.EncryptedSessionToken = ByteString.CopyFrom(DataVault.SessionToken);
                    var device           = auth.Storage.Devices.List.FirstOrDefault();
                    var devicePrivateKey = CryptoUtils.LoadPrivateEcKey(device.DeviceKey);
                    var devicePublicKey  = CryptoUtils.GetPublicEcKey(devicePrivateKey);
                    lrs.EncryptedDataKey     = ByteString.CopyFrom(CryptoUtils.EncryptEc(DataVault.UserDataKey, devicePublicKey));
                    lrs.EncryptedDataKeyType = EncryptedDataKeyType.ByDevicePublicKey;
                }

                response = lrs.ToByteArray();
            }
            break;

            case "authentication/validate_auth_hash":
            {
                var request          = ValidateAuthHashRequest.Parser.ParseFrom(payload.Payload);
                var expectedPassword = CryptoUtils.DeriveV1KeyHash(DataVault.UserPassword, DataVault.UserSalt, DataVault.UserIterations);
                if (request.AuthResponse.SequenceEqual(expectedPassword))
                {
                    var lrs = new LoginResponse
                    {
                        LoginState            = LoginState.LoggedIn,
                        EncryptedLoginToken   = ByteString.CopyFrom(DataVault.EncryptedLoginToken),
                        AccountUid            = ByteString.CopyFrom(DataVault.AccountUid),
                        PrimaryUsername       = DataVault.UserName,
                        CloneCode             = ByteString.CopyFrom(CryptoUtils.GetRandomBytes(8)),
                        EncryptedSessionToken = ByteString.CopyFrom(DataVault.SessionToken),
                        EncryptedDataKey      = ByteString.CopyFrom(DataVault.EncryptionParams),
                        EncryptedDataKeyType  = EncryptedDataKeyType.ByPassword,
                    };
                    response = lrs.ToByteArray();
                }
                else
                {
                    return(Task.FromException <byte[]>(new KeeperAuthFailed()));
                }
            }
            break;

            case "authentication/request_device_verification":
                StopAtDeviceApproval = false;
                response             = new byte[0];
                break;

            case "authentication/2fa_send_push":
                if (StopAtDeviceApproval)
                {
                    StopAtDeviceApproval = false;
                }

                response = new byte[0];
                break;

            case "authentication/2fa_validate":
                var tfvr = TwoFactorValidateRequest.Parser.ParseFrom(payload.Payload);
                if (tfvr.Value == DataVault.TwoFactorOneTimeToken)
                {
                    StopAtTwoFactor = false;
                    var tfars = new TwoFactorValidateResponse
                    {
                        EncryptedLoginToken = tfvr.EncryptedLoginToken
                    };
                    response = tfars.ToByteArray();
                }
                else
                {
                    return(Task.FromException <byte[]>(new KeeperAuthFailed()));
                }

                break;

            case "vault/execute_v2_command":
                break;

            case "authentication/validate_device_verification_code":
                var vdvcr = ValidateDeviceVerificationCodeRequest.Parser.ParseFrom(payload.Payload);
                if (vdvcr.VerificationCode == DataVault.DeviceVerificationEmailCode)
                {
                    StopAtDeviceApproval = false;
                    response             = new byte[0];
                }
                else
                {
                    return(Task.FromException <byte[]>(new KeeperAuthFailed()));
                }

                break;

            case "login/account_summary":
            {
                response = auth.ProcessAccountSummary().ToByteArray();
            }
            break;
            }

            if (response != null)
            {
                return(Task.FromResult(response));
            }

            return(Task.FromException <byte[]>(new KeeperCanceled()));
        }