Example #1
0
        public static async Task <string> CreateDeviceAuthChallengeResponseAsync(IDictionary <string, string> challengeData)
        {
            string authHeaderTemplate = "PKeyAuth {0}, Context=\"{1}\", Version=\"{2}\"";

            X509Certificate2      certificate = FindCertificate(challengeData);
            DeviceAuthJWTResponse response    = new DeviceAuthJWTResponse(challengeData["SubmitUrl"],
                                                                          challengeData["nonce"], Convert.ToBase64String(certificate.GetRawCertData()));
            CngKey key = CryptographyHelper.GetCngPrivateKey(certificate);

            byte[] sig = null;
            using (RSACng rsa = new RSACng(key))
            {
                rsa.SignatureHashAlgorithm = CngAlgorithm.Sha256;
                sig = rsa.SignData(response.GetResponseToSign().ToByteArray());
            }

            string signedJwt = string.Format(CultureInfo.InvariantCulture, "{0}.{1}", response.GetResponseToSign(),
                                             Base64UrlEncoder.Encode(sig));
            string        authToken  = string.Format(CultureInfo.InvariantCulture, " AuthToken=\"{0}\"", signedJwt);
            Task <string> resultTask =
                Task.Factory.StartNew(
                    () =>
            {
                return(string.Format(CultureInfo.InvariantCulture, authHeaderTemplate, authToken,
                                     challengeData["Context"],
                                     challengeData["Version"]));
            });

            return(await resultTask.ConfigureAwait(false));
        }
Example #2
0
        private AuthenticationResultEx ResultFromBrokerResponse(IDictionary <string, string> responseDictionary)
        {
            TokenResponse response;

            if (responseDictionary.ContainsKey("error") || responseDictionary.ContainsKey("error_description"))
            {
                response = TokenResponse.CreateFromBrokerResponse(responseDictionary);
            }
            else
            {
                string expectedHash       = responseDictionary["hash"];
                string encryptedResponse  = responseDictionary["response"];
                string decryptedResponse  = BrokerKeyHelper.DecryptBrokerResponse(encryptedResponse);
                string responseActualHash = CryptographyHelper.CreateSha256Hash(decryptedResponse);
                byte[] rawHash            = Convert.FromBase64String(responseActualHash);
                string hash = BitConverter.ToString(rawHash);
                if (expectedHash.Equals(hash.Replace("-", "")))
                {
                    responseDictionary = EncodingHelper.ParseKeyValueList(decryptedResponse, '&', false, null);
                    response           = TokenResponse.CreateFromBrokerResponse(responseDictionary);
                }
                else
                {
                    response = new TokenResponse
                    {
                        Error            = AdalError.BrokerReponseHashMismatch,
                        ErrorDescription = AdalErrorMessage.BrokerReponseHashMismatch
                    };
                }
            }

            var dateTimeOffset = new DateTimeOffset(new DateTime(1970, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc));

            dateTimeOffset = dateTimeOffset.AddSeconds(response.ExpiresOn);
            return(response.GetResult(dateTimeOffset, dateTimeOffset));
        }