/// <summary>
/// Create a renewed Authentication Token on Master server - to be validated on GS
/// </summary>
/// <param name="userId"> </param>
/// <param name="authRequest"></param>
/// <returns></returns>
public AuthenticationToken CreateAuthenticationToken(string userId, IAuthenticateRequest authRequest)
{
var token = new AuthenticationToken
{
ValidToTicks = DateTime.UtcNow.Add(this.ExpirationTime).Ticks,
UserId = userId,
AuthCookie = new Dictionary<string, object>(),
SessionId = Guid.NewGuid().ToString(),
Flags = authRequest.Flags,
};
return token;
}
public virtual AuthenticationToken CreateAuthenticationToken(IAuthenticateRequest authRequest,
AuthSettings authSettings,
string userId,
Dictionary<string, object> authCookie)
{
var token = new AuthenticationToken
{
UserId = userId,
AuthCookie = authCookie,
Flags = authRequest.Flags,
};
this.SetupToken(token);
return token;
}
private void SetupPeer(AuthenticationToken authToken)
{
this.SetupPeer(authToken.UserId);
this.AuthCookie = authToken.AuthCookie != null && authToken.AuthCookie.Count > 0 ? authToken.AuthCookie : null;
this.AuthToken = authToken;
}
public static bool TryDeserialize(byte[] data, out AuthenticationToken token)
{
token = null;
EventData eventData;
if (!serializationProtocol.TryParseEventData(data, out eventData))
{
return false;
}
// code = version
switch (eventData.Code)
{
default:
return false;
case 1:
token = new AuthenticationToken(serializationProtocol, eventData.Parameters);
return true;
}
}
public static AuthenticationToken Deserialize(byte[] data)
{
EventData eventData;
if (!serializationProtocol.TryParseEventData(data, out eventData))
{
throw new SerializationException("Could not deserialize authentication token.");
}
var token = new AuthenticationToken(serializationProtocol, eventData.Parameters);
return token;
}
public virtual bool AreEqual(AuthenticationToken rhs)
{
return this.UserId == rhs.UserId && this.SessionId == rhs.SessionId;
}
private OperationResponse HandleAuthenticateTokenRequest(AuthenticateRequest request)
{
OperationResponse operationResponse;
var authToken = this.GetValidAuthToken(request, out operationResponse);
if (operationResponse != null || authToken == null)
{
return operationResponse;
}
this.UserId = authToken.UserId;
this.unencryptedAuthToken = authToken;
// publish operation response
operationResponse = new OperationResponse(request.OperationRequest.OperationCode, new AuthenticateResponse { QueuePosition = 0 });
operationResponse.Parameters.Add((byte)ParameterCode.Token, this.GetEncryptedAuthenticationToken(request));
//operationResponse.Parameters.Add((byte)ParameterCode.Nickname, authToken.Nickname);
//operationResponse.Parameters.Add((byte)ParameterCode.UserId, this.UserId);
return operationResponse;
}
protected virtual void CreateAuthTokenAndSendResponse(CustomAuthenticationResult customAuthResult, AuthenticateRequest authRequest,
SendParameters sendParameters, AuthSettings authSettings, OperationResponse operationResponse)
{
var app = (MasterApplication)ApplicationBase.Instance;
this.unencryptedAuthToken = app.TokenCreator.CreateAuthenticationToken(
authRequest,
authSettings,
this.UserId,
customAuthResult.AuthCookie);
operationResponse.Parameters.Add((byte) ParameterCode.Token, this.GetEncryptedAuthenticationToken(authRequest));
operationResponse.Parameters.Add((byte) ParameterCode.Data, customAuthResult.Data);
operationResponse.Parameters.Add((byte)ParameterCode.Nickname, customAuthResult.Nickname);
operationResponse.Parameters.Add((byte)ParameterCode.UserId, this.UserId);
this.SendOperationResponse(operationResponse, sendParameters);
}
public virtual string GetEncryptedAuthenticationToken(AuthenticateRequest request)
{
var app = (MasterApplication)ApplicationBase.Instance;
if (this.unencryptedAuthToken == null)
{
this.unencryptedAuthToken = app.TokenCreator.CreateAuthenticationToken(this.UserId, request);
}
return app.TokenCreator.EncryptAuthenticationToken(this.unencryptedAuthToken, true);
}
private static ErrorCode SetupEncryption(AuthenticationToken token, out string errorMsg, ClientPeer peer, InitRequest initRequest)
{
if (log.IsDebugEnabled)
{
log.DebugFormat("setting up encryption. p:{0}", peer);
}
var encryptionDataDict = token.EncryptionData;
errorMsg = string.Empty;
if (encryptionDataDict == null)
{
if (log.IsWarnEnabled)
{
log.WarnFormat(logSetupCountGuard, "AuthOnInitHandler: expected encryption data not provided. appId:{0}/{1}, p:{2}",
token.ApplicationId, token.ApplicationVersion, peer);
}
errorMsg = string.Format(ErrorMessages.InvalidEncryptionData, "expected encryption data not provided");
return(ErrorCode.InvalidEncryptionParameters);
}
var encryptionData = new EncryptionData(peer.Protocol, encryptionDataDict);
if (!encryptionData.IsValid)
{
if (log.IsWarnEnabled)
{
log.WarnFormat(logSetupCountGuard,
"AuthOnInitHandler: Invalid encryption data. ErrorMsg:{4}. appId:{0}/{1}, data:{2}, p:{3}",
token.ApplicationId, token.ApplicationVersion, JsonConvert.SerializeObject(encryptionDataDict), peer, encryptionData.GetErrorMessage());
}
errorMsg = string.Format(ErrorMessages.InvalidEncryptionData, encryptionData.GetErrorMessage());
return(ErrorCode.InvalidEncryptionParameters);
}
var mode = (EncryptionModes)encryptionData.EncryptionMode;
try
{
switch (mode)
{
case EncryptionModes.PayloadEncryption:
case EncryptionModes.PayloadEncryptionWithIV:
case EncryptionModes.PayloadEncryptionWithIVHMAC:
SetupUserDataEncryptionWithoutDH(encryptionData, peer);
break;
case EncryptionModes.DatagramEncyption:
case EncryptionModes.DatagramEncyptionWithRandomInitialNumbers:
case EncryptionModes.DatagramEncyptionGCMWithRandomInitialNumbers:
if (peer.NetworkProtocol != NetworkProtocolType.Udp)
{
errorMsg = ErrorMessages.EncryptionModeMismatch;
return(ErrorCode.InvalidEncryptionParameters);
}
SetupUdpEncryption(encryptionData, peer, initRequest);
break;
default:
{
if (log.IsWarnEnabled)
{
log.WarnFormat(logSetupCountGuard,
$"AuthOnInitHandler: Unknown encryption mode: '{mode}'. appId:{0}/{1}, data:{2}, p:{3}",
token.ApplicationId, token.ApplicationVersion, JsonConvert.SerializeObject(encryptionDataDict), peer);
}
errorMsg = string.Format(ErrorMessages.InvalidEncryptionData, $"Unknown Encryption mode {mode}");
return(ErrorCode.InvalidEncryptionParameters);
}
}
}
catch (Exception e)
{
errorMsg = e.ToString();
var msg = string.Format("AuthOnInitHandler: Exception during encryption setup. appId:{0}/{1}, Data: {2}, p:{3}",
token.ApplicationId, token.ApplicationVersion, JsonConvert.SerializeObject(encryptionDataDict), peer);
log.Error(logExceptionCountGuard, msg, e);
return(ErrorCode.InvalidEncryptionParameters);
}
return(ErrorCode.Ok);
}
public virtual bool DecryptAuthenticationToken(string authTokenEncrypted, out AuthenticationToken authToken)
{
try
{
var tokenData = Convert.FromBase64String(authTokenEncrypted);
tokenData = this.CryptoProvider.Decrypt(tokenData);
return AuthenticationToken.TryDeserialize(tokenData, out authToken);
}
catch (Exception ex)
{
if (log.IsDebugEnabled)
{
log.DebugFormat("DecryptAuthenticationToken failed: {0}", ex);
}
authToken = null;
return false;
}
}
protected virtual void SetupToken(AuthenticationToken token)
{
token.ValidToTicks = DateTime.UtcNow.Add(this.ExpirationTime).Ticks;
token.SessionId = DateTime.UtcNow.ToString(CultureInfo.InvariantCulture);
}
public virtual string EncryptAuthenticationToken(AuthenticationToken token, bool renew)
{
if (renew)
{
token.ValidToTicks = DateTime.UtcNow.Add(this.ExpirationTime).Ticks;
}
var tokenData = token.Serialize();
tokenData = this.CryptoProvider.Encrypt(tokenData);
return Convert.ToBase64String(tokenData);
}
