Exemplo n.º 1
0
        private AccessToken GenerateAccessToken(string username, string password, DateTime?expiry = null)
        {
            if (!expiry.HasValue)
            {
                expiry = DateTime.Now.AddYears(99);
            }

            var    rng = new RNGCryptoServiceProvider();
            string access_token_secret = rng.Create256BitLowerCaseHexKey();
            string token_key           = rng.Create256BitLowerCaseHexKey();

            // the token is the master key encrypted with the token key
            string access_token_token;

            using (var db = connFactory.OpenDbConnection()) {
                DBUser user       = db.First <DBUser> (u => u.Username == username);
                string master_key = user.GetPlaintextMasterKey(password).ToHexString();
                access_token_token = master_key.EncryptWithKey(token_key, user.MasterKeySalt);
            }

            var access_token = new AccessToken()
            {
                ConsumerKey = "anyone",
                Realm       = "Rainy",
                Token       = access_token_token,
                TokenSecret = access_token_secret,
                UserName    = username,
                ExpiryDate  = expiry.Value
            };

            access_token.SetTokenKey(token_key);
            return(access_token);
        }
Exemplo n.º 2
0
        public IToken CreateRequestToken(IOAuthContext context)
        {
            if (context == null)
            {
                throw new ArgumentNullException("context");
            }

            // for request tokens, 128 bit entropy should be enough
            var rng          = new RNGCryptoServiceProvider();
            var key          = rng.Create256BitLowerCaseHexKey();
            var token_rnd    = key.Substring(0, 32);
            var token_secret = key.Substring(32, 32);

            var token = new RequestToken
            {
                ConsumerKey = context.ConsumerKey,
                Realm       = context.Realm,
                Token       = token_rnd,
                TokenSecret = token_secret,
                CallbackUrl = context.CallbackUrl
            };

            _requestTokenRepository.SaveToken(token);

            return(token);
        }
Exemplo n.º 3
0
        public object TokenExchangeAfterAuthentication(string username, string password, string token)
        {
            var response = new OAuthAuthenticateResponse();
            var rng      = new RNGCryptoServiceProvider();

            // TODO surround with try/catch and present 403 or 400 if token is unknown/invalid
            var request_token = oauthHandler.RequestTokens.GetToken(token);

            // the verifier is important, it is proof that the user successfully authorized
            // the verifier is later tested by the OAuth10aInspector to macht
            request_token.Verifier     = rng.Create256BitLowerCaseHexKey();
            request_token.AccessDenied = false;

            var access_token = GenerateAccessToken(username, password);

            request_token.AccessToken = access_token;

            oauthHandler.RequestTokens.SaveToken(request_token);
            Logger.DebugFormat("created an access token for user {0}: {1}", username, token);

            // redirect to the provded callback
            var redirect_url = request_token.CallbackUrl + "?oauth_verifier=" + request_token.Verifier
                               + "&oauth_token=" + request_token.Token;

            response.RedirectUrl = redirect_url;

            // the browser/gateway page should take the RedirectUrl and access it
            // note that the redirect url points to a tomboy listener, or tomdroid listener (tomdroid://...)
            return(response);
        }
Exemplo n.º 4
0
        public static void CreateCryptoFields(this DBUser db_user, string password)
        {
            if (string.IsNullOrEmpty(password))
            {
                throw new ArgumentNullException("password");
            }

            var rng = new RNGCryptoServiceProvider();

            var salt = rng.Create256BitLowerCaseHexKey();

            db_user.PasswordSalt  = salt.Substring(0, 32);
            db_user.MasterKeySalt = salt.Substring(32, 32);

            db_user.UpdatePassword(password);

            // generate master key - always fix and will sustain password changes
            string master_key = rng.Create256BitLowerCaseHexKey();
            var    pw_key     = db_user.DeriveKeyFromPassword(password);

            // now encrypt the cleartext masterkey with the password-derived key
            using (var aes = new AesManaged()) {
                ICryptoTransform encryptor = aes.CreateEncryptor(pw_key, db_user.MasterKeySalt.ToByteArray());
                // Create the streams used for encryption.
                using (MemoryStream msEncrypt = new MemoryStream())
                {
                    using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
                    {
                        using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
                        {
                            //Write all data to the stream.
                            swEncrypt.Write(master_key);
                        }
                        var encrypted = msEncrypt.ToArray();
                        db_user.EncryptedMasterKey = encrypted.ToHexString();
                    }
                }
            }
        }
Exemplo n.º 5
0
        private string GetEncryptedNoteKey(DBNote note)
        {
            // re-use the same key when saving a note
            string encrypted_per_note_key;

            var saved_note = db.FirstOrDefault <DBNote> (n => n.CompoundPrimaryKey == note.CompoundPrimaryKey);

            if (saved_note != null)
            {
                encrypted_per_note_key = saved_note.EncryptedKey;
            }
            else
            {
                // new note, generate a new key
                var rng = new RNGCryptoServiceProvider();
                encrypted_per_note_key = rng.Create256BitLowerCaseHexKey().EncryptWithKey(encryptionMasterKey, User.MasterKeySalt);
            }
            return(encrypted_per_note_key);
        }