private string GetEncryptedNoteKey(DBNote note)
{
// re-use the same key when saving a note
string encrypted_per_note_key;
var saved_note = db.FirstOrDefault<DBNote> (n => n.CompoundPrimaryKey == note.CompoundPrimaryKey);
if (saved_note != null) {
encrypted_per_note_key = saved_note.EncryptedKey;
} else {
// new note, generate a new key
var rng = new RNGCryptoServiceProvider ();
encrypted_per_note_key = rng.Create256BitLowerCaseHexKey ().EncryptWithKey (encryptionMasterKey, User.MasterKeySalt);
}
return encrypted_per_note_key;
}
public static void CreateCryptoFields(this DBUser db_user, string password)
{
if (string.IsNullOrEmpty (password))
throw new ArgumentNullException ("password");
var rng = new RNGCryptoServiceProvider ();
var salt = rng.Create256BitLowerCaseHexKey ();
db_user.PasswordSalt = salt.Substring (0, 32);
db_user.MasterKeySalt = salt.Substring (32, 32);
db_user.UpdatePassword (password);
// generate master key - always fix and will sustain password changes
string master_key = rng.Create256BitLowerCaseHexKey ();
var pw_key = db_user.DeriveKeyFromPassword (password);
// now encrypt the cleartext masterkey with the password-derived key
using (var aes = new AesManaged ()) {
ICryptoTransform encryptor = aes.CreateEncryptor(pw_key, db_user.MasterKeySalt.ToByteArray ());
// Create the streams used for encryption.
using (MemoryStream msEncrypt = new MemoryStream())
{
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
{
using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
{
//Write all data to the stream.
swEncrypt.Write(master_key);
}
var encrypted = msEncrypt.ToArray();
db_user.EncryptedMasterKey = encrypted.ToHexString ();
}
}
}
}
public object TokenExchangeAfterAuthentication(string username, string password, string token)
{
var response = new OAuthAuthenticateResponse ();
var rng = new RNGCryptoServiceProvider ();
// TODO surround with try/catch and present 403 or 400 if token is unknown/invalid
var request_token = oauthHandler.RequestTokens.GetToken (token);
// the verifier is important, it is proof that the user successfully authorized
// the verifier is later tested by the OAuth10aInspector to macht
request_token.Verifier = rng.Create256BitLowerCaseHexKey ();
request_token.AccessDenied = false;
var access_token = GenerateAccessToken (username, password);
request_token.AccessToken = access_token;
oauthHandler.RequestTokens.SaveToken (request_token);
Logger.DebugFormat ("created an access token for user {0}: {1}", username, token);
// redirect to the provded callback
var redirect_url = request_token.CallbackUrl + "?oauth_verifier=" + request_token.Verifier
+ "&oauth_token=" + request_token.Token;
response.RedirectUrl = redirect_url;
// the browser/gateway page should take the RedirectUrl and access it
// note that the redirect url points to a tomboy listener, or tomdroid listener (tomdroid://...)
return response;
}
private AccessToken GenerateAccessToken(string username, string password, DateTime? expiry = null)
{
if (!expiry.HasValue)
expiry = DateTime.Now.AddYears (99);
var rng = new RNGCryptoServiceProvider ();
string access_token_secret = rng.Create256BitLowerCaseHexKey ();
string token_key = rng.Create256BitLowerCaseHexKey ();
// the token is the master key encrypted with the token key
string access_token_token;
using (var db = connFactory.OpenDbConnection ()) {
DBUser user = db.First<DBUser> (u => u.Username == username);
string master_key = user.GetPlaintextMasterKey (password).ToHexString ();
access_token_token = master_key.EncryptWithKey (token_key, user.MasterKeySalt);
}
var access_token = new AccessToken () {
ConsumerKey = "anyone",
Realm = "Rainy",
Token = access_token_token,
TokenSecret = access_token_secret,
UserName = username,
ExpiryDate = expiry.Value
};
access_token.SetTokenKey (token_key);
return access_token;
}
public IToken CreateRequestToken(IOAuthContext context)
{
if (context == null) throw new ArgumentNullException("context");
// for request tokens, 128 bit entropy should be enough
var rng = new RNGCryptoServiceProvider ();
var key = rng.Create256BitLowerCaseHexKey ();
var token_rnd = key.Substring(0, 32);
var token_secret = key.Substring(32, 32);
var token = new RequestToken
{
ConsumerKey = context.ConsumerKey,
Realm = context.Realm,
Token = token_rnd,
TokenSecret = token_secret,
CallbackUrl = context.CallbackUrl
};
_requestTokenRepository.SaveToken(token);
return token;
}
