예제 #1
0
 protected virtual void HandleIdentityResponse(Packet3IdentityResponse response)
 {
     Disconnect(Packet255Disconnect.DisconnectReason.UnexpectedPacket);
 }
예제 #2
0
        protected override void HandleIdentityResponse(Packet3IdentityResponse response)
        {
            //Ensure the identity has not already been received, and this is not duplicate.
            if (receivedIdentity)
            {
                Disconnect(Packet255Disconnect.DisconnectReason.UnexpectedPacket);
                return;
            }

            //Set the identity received flag to true to prevent future identities from being read.
            receivedIdentity = true;

            //Ensure the signed data matches our salt, and we've sent a request.
            if (!requestedIdentity || salt == null || !response.Signature.Data.SequenceEqual(salt))
            {
                Disconnect(Packet255Disconnect.DisconnectReason.AuthenticationFailed);
                return;
            }

            //Ensure the identity is not ours, which would mean we're connecting to ourselves.
            if (response.SignatureAlgorithm.Identity.Equals(signatureAlgorithm.Identity))
            {
                Disconnect(Packet255Disconnect.DisconnectReason.AuthenticationFailed);
                return;
            }

            //Ensure the identity matches the expected identity.
            if (!identityVerifier.VerifyIdentity(response.SignatureAlgorithm.Identity))
            {
                Disconnect(Packet255Disconnect.DisconnectReason.AuthenticationFailed);
                return;
            }

            //Ensure the signature created by the remote party is valid.
            if (!response.SignatureAlgorithm.Verify(response.Signature))
            {
                Disconnect(Packet255Disconnect.DisconnectReason.AuthenticationFailed);
                return;
            }

            /*
             * ================== WARNING ==================
             *
             * Beyond this point, the peer is trusted to be
             * a valid recipient of data destined to his
             * identity (see: Identity class). The actual
             * authentication process occurs in the
             * implementation of the signature algorithm the
             * endpoint has chosen, which may be faulty or
             * have a vulnerability. It is up to the peer who
             * requests the identity to ensure the algorithm
             * chosen by the endpoint is safe to use for
             * identity authentication.
             *
             * Should an issue be discovered in a signature
             * algorithm, when used it should always throw a
             * SecurityException, detailing the vulnerability
             * present by using its standard for
             * authentication. This exception will be caught
             * by the PacketHandler processing the handshake
             * and by specification should disconnect.
             *
             * =============================================
             */

            //Initialize the new authorized handler.
            Stream.PacketHandler = new RimPacketHandlerAuthorized(Stream, new Contact.Contact(response.SignatureAlgorithm, null), signatureAlgorithm);
        }