public Concat3Response AssumeProducerActsForAlice(Concat3Response x) { // For testing. Wanted: a cleaner way to get this into the SymT! VProgram_API.AssumeActsFor(x.SVX_producer, Entity.Of("Carol")); VProgram_API.AssumeActsFor(Entity.Of("Carol"), Entity.Of("Alice")); return(x); }
public virtual TokenResponse SVX_MakeTokenResponse(AccessTokenRequest req, AuthorizationCodeParams codeParamsHint) { // We should only get here with req.grant_type == // "authorization_code", so we don't have to worry about modeling // what IdP does in any other case. if (req.grant_type != "authorization_code") { return(VProgram_API.Nondet <TokenResponse>()); } authorizationCodeGenerator.Verify(codeParamsHint, req.code); if (req.redirect_uri != codeParamsHint.redirect_uri) { throw new Exception("Authorization code RP mismatch"); } var JwtTokenBody = MakeJwtTokenBody(req.client_id, codeParamsHint.userID); SVX.PayloadSecret <JwtTokenBody> id_token1 = getTokenGenerator().Generate(JwtTokenBody, SVX_Principal); TokenResponse TokenResponse = new TokenResponse { id_token = id_token1, }; return(TokenResponse); }
public bool Predicate(Concat3Response resp) { VProgram_API.AssumeTrusted(Entity.Of("Alice")); var tmp = resp.first + resp.second; var expected = tmp + resp.third; return(expected == resp.output); }
public bool LoginXSRFPrevention(RPAuthenticationConclusion conc) { VProgram_API.AssumeTrustedServer(googlePrincipal); VProgram_API.AssumeTrustedServer(SVX_Principal); VProgram_API.AssumeTrustedBrowser(conc.authenticatedClient); var idp = VProgram_API.GetParticipant <Google_IdP>(googlePrincipal); return(idp.Ghost_CheckSignedIn(VProgram_API.Owner(conc.authenticatedClient), conc.googleUsername)); }
public bool LoginSafety(RPAuthenticationConclusion conc) { var googleUser = GoogleUserPrincipal(conc.googleUsername); VProgram_API.AssumeTrustedServer(googlePrincipal); VProgram_API.AssumeTrustedServer(SVX_Principal); VProgram_API.AssumeTrusted(googleUser); return(VProgram_API.ActsFor(conc.authenticatedClient, googleUser)); }
public IdPAuthenticationEntry SVX_ConcludeClientAuthentication(IdPAuthenticationEntry entry) { var d = new SignedInDeclarer { outer = this, entry = entry }; SVX_Ops.Ghost(d.Declare); VProgram_API.AssumeActsFor(entry.authenticatedClient, GoogleUserPrincipal(entry.googleUsername)); // Reuse the message... Should be able to get away with it. return(entry); }
public IdTokenResponse SVX_MakeIdTokenResponse(IdTokenRequest req, IdPAuthenticationEntry idpConc) { // In TokenEndpoint, we requested an IdPAuthenticationEntry for // req.SVX_sender, but SVX doesn't know that, so we have to do a // concrete check. VProgram_API.Assert(req.SVX_sender == idpConc.authenticatedClient); // Put this in a separate SVX method so "body" gets an active SymT. var body = SVX_Ops.Call(SVX_MakeIdTokenBody, req, idpConc); return(new IdTokenResponse { idToken = idTokenGenerator.Generate(body, SVX_Principal), // sign the token state = req.state }); }
public bool LoginSafety(AuthenticationConclusion conc) { var userPrincipal = IdPUserPrincipal(conc.idpUsername); VProgram_API.AssumeTrusted(idpPrincipal); VProgram_API.AssumeTrusted(rpPrincipal); VProgram_API.AssumeTrusted(userPrincipal); // BCT accepts this code but silently mistranslates it! //return VProgram_API.ActsForAny(conc.authenticatedClient, // new PrincipalHandle[] { idpPrincipal, rpPrincipal, IdPUserPrincipal(conc.idpUsername) }); var targets = new Principal[3]; targets[0] = idpPrincipal; targets[1] = rpPrincipal; targets[2] = userPrincipal; return(VProgram_API.ActsForAny(conc.authenticatedClient, targets)); }
public AuthorizationCodeResponse SVX_MakeAuthorizationCodeResponse(AuthorizationCodeRequest req, IdPAuthenticationEntry idpConc) { // In CodeEndpoint, we requested an IdPAuthenticationEntry for // req.SVX_sender, but SVX doesn't know that, so we have to do a // concrete check. VProgram_API.Assert(req.SVX_sender == idpConc.authenticatedClient); // With this expression inlined below, BCT silently mistranslated the code. var theParams = new AuthorizationCodeParams { rpPrincipal = req.rpPrincipal, googleUsername = idpConc.googleUsername }; var authorizationCode = authorizationCodeGenerator.Generate(theParams, googlePrincipal); return(new AuthorizationCodeResponse { authorizationCode = authorizationCode, state = req.state }); }
public SignInRPReq SignInIdP(SignInIdPReq req) { if (req.password != "password:" + req.username) { throw new ArgumentException(); } var userPrincipal = IdPUserPrincipal(req.username); // If this line is commented out, the check for whether it's OK // to send the secret to the client would fail, but this example // doesn't use export/import. VProgram_API.AssumeActsFor(req.SVX_sender, userPrincipal); var ssoSecretParams = new SSOSecretParams { username = req.username }; var resp = new SignInRPReq { username = req.username, ssoSecret = ssoSecretGenerator.Generate(ssoSecretParams, SVX_Principal) }; ssoSecretGenerator.Verify(ssoSecretParams, resp.ssoSecret); return(resp); }
internal void Declare() { outer.SignedInPredicate.Declare(VProgram_API.Owner(entry.authenticatedClient), entry.googleUsername); }