public IIdentity Logon(string username, SecureLogonInfo info, IScope context = null) {
if (null == UserService) {
return null;
}
var user = UserService.GetUser(username);
if (!StateChecker.IsSecureLogable(user)) {
return null;
}
var result = new Identity {
Name = username,
AuthenticationType = "secure"
};
var state = StateChecker.GetActivityState(user);
if (state != UserActivityState.Ok) {
result.IsError = true;
result.Error = new SecurityException(state.ToStr());
}
else {
try {
SecureLogonService.CheckSecureInfo(info, user, context);
result.IsAuthenticated = true;
result.User = user;
result.IsAdmin = user.IsAdmin;
}
catch (Exception e) {
result.IsError = true;
result.Error = e;
}
}
return result;
}
public void CheckSecureInfo(SecureLogonInfo info, IUser record, IScope context = null)
{
var resalt = "";
try {
//it means that it was encrypted with our private key
resalt = Encryptor.Decrypt(info.Salt);
}
catch (Exception e) {
throw new SecurityException("salt was forbidden");
}
var saltparts = resalt.Split(':');
if (3 != saltparts.Length)
{
throw new Exception("invalid salt");
}
if (saltparts[0] != record.Login)
{
throw new Exception("invalid salt");
}
var dbl = Convert.ToDouble(saltparts[1]);
var basetime = DateTime.FromOADate(dbl);
var timeout = Convert.ToInt32(saltparts[2]);
var expire = basetime.AddMilliseconds(timeout);
if (expire < DateTime.Now)
{
throw new Exception("timeouted");
}
var opencert = Convert.FromBase64String(record.PublicKey);
var hashbytes = Convert.FromBase64String(info.Sign);
try {
if (!Encryptor.CheckSign(Encoding.UTF8.GetBytes(info.Salt), hashbytes, opencert))
{
throw new SecurityException("invalid sign");
}
}
catch {
throw new SecurityException("invalid sign");
}
}