public async Task <TwoFactorValidateResponse> ValidateTwoFactor(string accountSecretKey, string twoFactorCodeFromClient)
{
var response = new TwoFactorValidateResponse
{
IsValid = _twoFactorSetupRepository.ValidateTwoFactorPin(accountSecretKey, twoFactorCodeFromClient)
};
return(await Task.FromResult(response));
}
protected Task <byte[]> MockExecuteRest(string endpoint, ApiRequestPayload payload, IAuth auth)
{
if (auth.Endpoint.Server != DataVault.DefaultEnvironment)
{
return(Task.FromException <byte[]>(new KeeperRegionRedirect(DataVault.DefaultEnvironment)));
}
byte[] response = null;
switch (endpoint)
{
case "authentication/register_device":
{
var device = new Device()
{
EncryptedDeviceToken = ByteString.CopyFrom(CryptoUtils.GetRandomBytes(64)),
};
response = device.ToByteArray();
}
break;
case "authentication/start_login":
{
var lrs = new LoginResponse
{
EncryptedLoginToken = ByteString.CopyFrom(DataVault.EncryptedLoginToken),
};
if (StopAtDeviceApproval)
{
lrs.LoginState = LoginState.DeviceApprovalRequired;
}
else if (StopAtTwoFactor)
{
lrs.LoginState = LoginState.Requires2Fa;
lrs.Channels.Add(new TwoFactorChannelInfo
{
ChannelType = TwoFactorChannelType.TwoFaCtTotp,
ChannelUid = ByteString.CopyFrom(CryptoUtils.GetRandomBytes(8)),
ChannelName = "Mock",
});
}
else if (StopAtPassword)
{
lrs.LoginState = LoginState.RequiresAuthHash;
lrs.Salt.Add(new Salt
{
Iterations = DataVault.UserIterations,
Salt_ = ByteString.CopyFrom(DataVault.UserSalt),
Name = "Mock",
Uid = ByteString.CopyFrom(CryptoUtils.GetRandomBytes(8)),
});
}
else
{
lrs.LoginState = LoginState.LoggedIn;
lrs.AccountUid = ByteString.CopyFrom(DataVault.AccountUid);
lrs.PrimaryUsername = DataVault.UserName;
lrs.CloneCode = ByteString.CopyFrom(CryptoUtils.GetRandomBytes(8));
lrs.EncryptedSessionToken = ByteString.CopyFrom(DataVault.SessionToken);
var device = auth.Storage.Devices.List.FirstOrDefault();
var devicePrivateKey = CryptoUtils.LoadPrivateEcKey(device.DeviceKey);
var devicePublicKey = CryptoUtils.GetPublicEcKey(devicePrivateKey);
lrs.EncryptedDataKey = ByteString.CopyFrom(CryptoUtils.EncryptEc(DataVault.UserDataKey, devicePublicKey));
lrs.EncryptedDataKeyType = EncryptedDataKeyType.ByDevicePublicKey;
}
response = lrs.ToByteArray();
}
break;
case "authentication/validate_auth_hash":
{
var request = ValidateAuthHashRequest.Parser.ParseFrom(payload.Payload);
var expectedPassword = CryptoUtils.DeriveV1KeyHash(DataVault.UserPassword, DataVault.UserSalt, DataVault.UserIterations);
if (request.AuthResponse.SequenceEqual(expectedPassword))
{
var lrs = new LoginResponse
{
LoginState = LoginState.LoggedIn,
EncryptedLoginToken = ByteString.CopyFrom(DataVault.EncryptedLoginToken),
AccountUid = ByteString.CopyFrom(DataVault.AccountUid),
PrimaryUsername = DataVault.UserName,
CloneCode = ByteString.CopyFrom(CryptoUtils.GetRandomBytes(8)),
EncryptedSessionToken = ByteString.CopyFrom(DataVault.SessionToken),
EncryptedDataKey = ByteString.CopyFrom(DataVault.EncryptionParams),
EncryptedDataKeyType = EncryptedDataKeyType.ByPassword,
};
response = lrs.ToByteArray();
}
else
{
return(Task.FromException <byte[]>(new KeeperAuthFailed()));
}
}
break;
case "authentication/request_device_verification":
StopAtDeviceApproval = false;
response = new byte[0];
break;
case "authentication/2fa_send_push":
if (StopAtDeviceApproval)
{
StopAtDeviceApproval = false;
}
response = new byte[0];
break;
case "authentication/2fa_validate":
var tfvr = TwoFactorValidateRequest.Parser.ParseFrom(payload.Payload);
if (tfvr.Value == DataVault.TwoFactorOneTimeToken)
{
StopAtTwoFactor = false;
var tfars = new TwoFactorValidateResponse
{
EncryptedLoginToken = tfvr.EncryptedLoginToken
};
response = tfars.ToByteArray();
}
else
{
return(Task.FromException <byte[]>(new KeeperAuthFailed()));
}
break;
case "vault/execute_v2_command":
break;
case "authentication/validate_device_verification_code":
var vdvcr = ValidateDeviceVerificationCodeRequest.Parser.ParseFrom(payload.Payload);
if (vdvcr.VerificationCode == DataVault.DeviceVerificationEmailCode)
{
StopAtDeviceApproval = false;
response = new byte[0];
}
else
{
return(Task.FromException <byte[]>(new KeeperAuthFailed()));
}
break;
case "login/account_summary":
{
response = auth.ProcessAccountSummary().ToByteArray();
}
break;
}
if (response != null)
{
return(Task.FromResult(response));
}
return(Task.FromException <byte[]>(new KeeperCanceled()));
}
