public void TestCreateTupleAa()
{
Tuple <BigInteger, BigInteger> tuple = AuthenticationHelper.CreateAaTuple();
BigInteger A = tuple.Item1;
BigInteger a = tuple.Item2;
BigInteger g = AuthenticationHelper.g;
Assert.Equal(A, BigInteger.ModPow(g, a, AuthenticationHelper.N));
Assert.NotEqual(A.TrueMod(AuthenticationHelper.N), BigInteger.Zero);
}
public void TestCreateTupleAa()
{
Tuple <BigInteger, BigInteger> tuple = AuthenticationHelper.CreateAaTuple();
BigInteger A = tuple.Item1;
BigInteger a = tuple.Item2;
BigInteger g = BigInteger.ValueOf(2); //NOTE: this should match the PRIVATE variable g from the AuthenticationHelper class
Assert.Equal(A, g.ModPow(a, AuthenticationHelper.N));
Assert.NotEqual(A.Mod(AuthenticationHelper.N), BigInteger.Zero);
}
/// <summary>
/// Try to sign in with email and password
/// </summary>
public void TrySignInRequest(string username, string password,
Action OnFailureF = null, Action <string> OnSuccessF = null)
{
//Get the SRP variables A and a
var TupleAa = AuthenticationHelper.CreateAaTuple();
InitiateAuthRequest authRequest = new InitiateAuthRequest()
{
ClientId = AppClientID,
AuthFlow = AuthFlowType.USER_SRP_AUTH,
AuthParameters = new Dictionary <string, string>()
{
{ "USERNAME", username },
{ "SRP_A", TupleAa.Item1.ToString(16) }
}
};
//
// This is a nested request / response / request. First we send the
// InitiateAuthRequest, with some crypto things. AWS sends back
// some of its own crypto things, in the authResponse object (this is the "challenge").
// We combine that with the actual password, using math, and send it back (the "challenge response").
// If AWS is happy with our answer, then it is convinced we know the password,
// and it sends us some tokens!
CognitoIDPClient.InitiateAuthAsync(authRequest, (authResponse) => {
if (authResponse.Exception != null)
{
Debug.Log("[TrySignInRequest] exception : " + authResponse.Exception.ToString());
if (OnFailureF != null)
{
OnFailureF();
}
return;
}
//The timestamp format returned to AWS _needs_ to be in US Culture
DateTime timestamp = TimeZoneInfo.ConvertTimeToUtc(DateTime.Now);
CultureInfo usCulture = new CultureInfo("en-US");
String timeStr = timestamp.ToString("ddd MMM d HH:mm:ss \"UTC\" yyyy", usCulture);
//Do the hard work to generate the claim we return to AWS
var challegeParams = authResponse.Response.ChallengeParameters;
byte[] claim = AuthenticationHelper.authenticateUser(
challegeParams["USERNAME"],
password, UserPoolName, TupleAa,
challegeParams["SALT"], challegeParams["SRP_B"],
challegeParams["SECRET_BLOCK"], timeStr);
String claimBase64 = System.Convert.ToBase64String(claim);
// construct the second request
RespondToAuthChallengeRequest respondRequest = new RespondToAuthChallengeRequest()
{
ChallengeName = authResponse.Response.ChallengeName,
ClientId = AppClientID,
ChallengeResponses = new Dictionary <string, string>()
{
{ "PASSWORD_CLAIM_SECRET_BLOCK", challegeParams["SECRET_BLOCK"] },
{ "PASSWORD_CLAIM_SIGNATURE", claimBase64 },
{ "USERNAME", username },
{ "TIMESTAMP", timeStr }
}
};
// send the second request
CognitoIDPClient.RespondToAuthChallengeAsync(respondRequest, (finalResponse) => {
if (finalResponse.Exception != null)
{
// Note: if you have the wrong username/password, you will get an exception.
// It's up to you to differentiate that from other errors / etc.
Debug.Log("[TrySignInRequest] exception : " + finalResponse.Exception.ToString());
if (OnFailureF != null)
{
OnFailureF();
}
return;
}
// Ok, if we got here, we logged in, and here are some tokens
AuthenticationResultType authResult = finalResponse.Response.AuthenticationResult;
string idToken = authResult.IdToken;
string accessToken = authResult.AccessToken;
string refreshToken = authResult.RefreshToken;
Debug.Log("[TrySignInRequest] success!");
if (OnSuccessF != null)
{
OnSuccessF(idToken);
}
});
}); // end of CognitoIDPClient.InitiateAuthAsync
}
