public void TestCreateTupleAa() { Tuple <BigInteger, BigInteger> tuple = AuthenticationHelper.CreateAaTuple(); BigInteger A = tuple.Item1; BigInteger a = tuple.Item2; BigInteger g = AuthenticationHelper.g; Assert.Equal(A, BigInteger.ModPow(g, a, AuthenticationHelper.N)); Assert.NotEqual(A.TrueMod(AuthenticationHelper.N), BigInteger.Zero); }
public void TestCreateTupleAa() { Tuple <BigInteger, BigInteger> tuple = AuthenticationHelper.CreateAaTuple(); BigInteger A = tuple.Item1; BigInteger a = tuple.Item2; BigInteger g = BigInteger.ValueOf(2); //NOTE: this should match the PRIVATE variable g from the AuthenticationHelper class Assert.Equal(A, g.ModPow(a, AuthenticationHelper.N)); Assert.NotEqual(A.Mod(AuthenticationHelper.N), BigInteger.Zero); }
/// <summary> /// Try to sign in with email and password /// </summary> public void TrySignInRequest(string username, string password, Action OnFailureF = null, Action <string> OnSuccessF = null) { //Get the SRP variables A and a var TupleAa = AuthenticationHelper.CreateAaTuple(); InitiateAuthRequest authRequest = new InitiateAuthRequest() { ClientId = AppClientID, AuthFlow = AuthFlowType.USER_SRP_AUTH, AuthParameters = new Dictionary <string, string>() { { "USERNAME", username }, { "SRP_A", TupleAa.Item1.ToString(16) } } }; // // This is a nested request / response / request. First we send the // InitiateAuthRequest, with some crypto things. AWS sends back // some of its own crypto things, in the authResponse object (this is the "challenge"). // We combine that with the actual password, using math, and send it back (the "challenge response"). // If AWS is happy with our answer, then it is convinced we know the password, // and it sends us some tokens! CognitoIDPClient.InitiateAuthAsync(authRequest, (authResponse) => { if (authResponse.Exception != null) { Debug.Log("[TrySignInRequest] exception : " + authResponse.Exception.ToString()); if (OnFailureF != null) { OnFailureF(); } return; } //The timestamp format returned to AWS _needs_ to be in US Culture DateTime timestamp = TimeZoneInfo.ConvertTimeToUtc(DateTime.Now); CultureInfo usCulture = new CultureInfo("en-US"); String timeStr = timestamp.ToString("ddd MMM d HH:mm:ss \"UTC\" yyyy", usCulture); //Do the hard work to generate the claim we return to AWS var challegeParams = authResponse.Response.ChallengeParameters; byte[] claim = AuthenticationHelper.authenticateUser( challegeParams["USERNAME"], password, UserPoolName, TupleAa, challegeParams["SALT"], challegeParams["SRP_B"], challegeParams["SECRET_BLOCK"], timeStr); String claimBase64 = System.Convert.ToBase64String(claim); // construct the second request RespondToAuthChallengeRequest respondRequest = new RespondToAuthChallengeRequest() { ChallengeName = authResponse.Response.ChallengeName, ClientId = AppClientID, ChallengeResponses = new Dictionary <string, string>() { { "PASSWORD_CLAIM_SECRET_BLOCK", challegeParams["SECRET_BLOCK"] }, { "PASSWORD_CLAIM_SIGNATURE", claimBase64 }, { "USERNAME", username }, { "TIMESTAMP", timeStr } } }; // send the second request CognitoIDPClient.RespondToAuthChallengeAsync(respondRequest, (finalResponse) => { if (finalResponse.Exception != null) { // Note: if you have the wrong username/password, you will get an exception. // It's up to you to differentiate that from other errors / etc. Debug.Log("[TrySignInRequest] exception : " + finalResponse.Exception.ToString()); if (OnFailureF != null) { OnFailureF(); } return; } // Ok, if we got here, we logged in, and here are some tokens AuthenticationResultType authResult = finalResponse.Response.AuthenticationResult; string idToken = authResult.IdToken; string accessToken = authResult.AccessToken; string refreshToken = authResult.RefreshToken; Debug.Log("[TrySignInRequest] success!"); if (OnSuccessF != null) { OnSuccessF(idToken); } }); }); // end of CognitoIDPClient.InitiateAuthAsync }