public void ProcessRequest(HttpContextBase context)
        {
            try
            {
                string d = context.Request.QueryString["d"];
                int additionalChars;
                int.TryParse(d, out additionalChars);
                var msg = new SqrlMessage
                    {
                        SignatureBase64 = UrlSafeBase64Encoder.Decode(context.Request.Form["sqrlsig"]),
                        PublicKeyBase64 = UrlSafeBase64Encoder.Decode(context.Request.QueryString["sqrlkey"]),
                        ServerNonce = context.Request.QueryString["nut"],
                        Version = context.Request.QueryString["sqrlver"],
                        Options = context.Request.QueryString["sqrlopt"],
                        AdditionalDomainCharacters = additionalChars,
                        Uri = GetAdjustedUrl(context),
                        IpAddress = context.Request.GetClientIpAddress()
                    };

                var validator = new MessageValidator();
                validator.Validate(msg);

                context.Response.StatusCode = (int) HttpStatusCode.OK;
            }
            catch (SqrlAuthenticationException ex)
            {
                context.Response.StatusCode = (int) HttpStatusCode.Forbidden;
                context.Response.StatusDescription = ex.Message;
            }

            context.Response.End();
        }
        public void Validate(SqrlMessage msg)
        {
            ISqrlAuthenticationHandler handler = GetHandler();
            if (handler == null || msg.Uri == null || msg.PublicKeyBase64 == null || msg.SignatureBase64 == null)
            {
                string error = string.Empty;
                if (handler == null) error = "Handler";
                else if (msg.Uri == null) error = "URL";
                else if (msg.PublicKeyBase64 == null) error = "Public key";
                else if (msg.SignatureBase64 == null) error = "Signature";

                throw new SqrlAuthenticationException(string.Format("Invalid parameters.  {0} was not specified.", error));
            }

            if (msg.Version != SqrlVersion)
            {
                throw new SqrlAuthenticationException("Invalid version.  Expected version was: " + SqrlVersion);
            }

            if (!handler.VerifySession(msg.IpAddress, msg.ServerNonce))
            {
                throw new SqrlAuthenticationException("Session not found.");
            }

            VerifyMessage(msg);

            handler.AuthenticateSession(msg.PublicKeyBase64, msg.IpAddress, msg.ServerNonce);
        }
Beispiel #3
0
        public void ProcessRequest(HttpContextBase context)
        {
            try
            {
                string d = context.Request.QueryString["d"];
                int    additionalChars;
                int.TryParse(d, out additionalChars);
                var msg = new SqrlMessage
                {
                    SignatureBase64            = UrlSafeBase64Encoder.Decode(context.Request.Form["sqrlsig"]),
                    PublicKeyBase64            = UrlSafeBase64Encoder.Decode(context.Request.QueryString["sqrlkey"]),
                    ServerNonce                = context.Request.QueryString["nut"],
                    Version                    = context.Request.QueryString["sqrlver"],
                    Options                    = context.Request.QueryString["sqrlopt"],
                    AdditionalDomainCharacters = additionalChars,
                    Uri       = GetAdjustedUrl(context),
                    IpAddress = context.Request.GetClientIpAddress()
                };

                var validator = new MessageValidator();
                validator.Validate(msg);

                context.Response.StatusCode = (int)HttpStatusCode.OK;
            }
            catch (SqrlAuthenticationException ex)
            {
                context.Response.StatusCode        = (int)HttpStatusCode.Forbidden;
                context.Response.StatusDescription = ex.Message;
            }

            context.Response.End();
        }
        private static void VerifyMessage(SqrlMessage sqrl)
        {
            string url = sqrl.Uri.ToString()
                            .Replace("https://", "sqrl://")
                            .Replace("http://", "qrl://");

            var idn = new IdnMapping();
            var puny = idn.GetAscii(url);
            var punyBytes = Encoding.ASCII.GetBytes(puny);
            var signatureBytes = sqrl.SignatureBytes;

            var signature = new byte[punyBytes.Length + signatureBytes.Length];
            Buffer.BlockCopy(signatureBytes, 0, signature, 0, signatureBytes.Length);
            Buffer.BlockCopy(punyBytes, 0, signature, signatureBytes.Length, punyBytes.Length);

            if (!CryptoSign.Open(signature, sqrl.PublicKeyBytes))
            {
                throw new SqrlAuthenticationException("Signature verification failed.");
            }
        }
Beispiel #5
0
        public void Validate(SqrlMessage msg)
        {
            ISqrlAuthenticationHandler handler = GetHandler();

            if (handler == null || msg.Uri == null || msg.PublicKeyBase64 == null || msg.SignatureBase64 == null)
            {
                string error = string.Empty;
                if (handler == null)
                {
                    error = "Handler";
                }
                else if (msg.Uri == null)
                {
                    error = "URL";
                }
                else if (msg.PublicKeyBase64 == null)
                {
                    error = "Public key";
                }
                else if (msg.SignatureBase64 == null)
                {
                    error = "Signature";
                }

                throw new SqrlAuthenticationException(string.Format("Invalid parameters.  {0} was not specified.", error));
            }

            if (msg.Version != SqrlVersion)
            {
                throw new SqrlAuthenticationException("Invalid version.  Expected version was: " + SqrlVersion);
            }

            if (!handler.VerifySession(msg.IpAddress, msg.ServerNonce))
            {
                throw new SqrlAuthenticationException("Session not found.");
            }

            VerifyMessage(msg);

            handler.AuthenticateSession(msg.PublicKeyBase64, msg.IpAddress, msg.ServerNonce);
        }
Beispiel #6
0
        private static void VerifyMessage(SqrlMessage sqrl)
        {
            string url = sqrl.Uri.ToString()
                         .Replace("https://", "sqrl://")
                         .Replace("http://", "qrl://");

            var idn            = new IdnMapping();
            var puny           = idn.GetAscii(url);
            var punyBytes      = Encoding.ASCII.GetBytes(puny);
            var signatureBytes = sqrl.SignatureBytes;

            var signature = new byte[punyBytes.Length + signatureBytes.Length];

            Buffer.BlockCopy(signatureBytes, 0, signature, 0, signatureBytes.Length);
            Buffer.BlockCopy(punyBytes, 0, signature, signatureBytes.Length, punyBytes.Length);

            if (!CryptoSign.Open(signature, sqrl.PublicKeyBytes))
            {
                throw new SqrlAuthenticationException("Signature verification failed.");
            }
        }