public void AuthenticationProviderSetsAuthenticatedIdentity() { var accounts = new SampleAccountRepository(); var authProvider = new SrpAuthenticationProvider(accounts); var srpClient = new SrpClient(); var sessionId = Guid.NewGuid(); var clientEphemeral = srpClient.GenerateEphemeral(); var request = new Hashtable { { SrpProtocolConstants.SRP_STEP_NUMBER, 1 }, { SrpProtocolConstants.SRP_USERNAME, UserName }, { SrpProtocolConstants.SRP_CLIENT_PUBLIC_EPHEMERAL, clientEphemeral.Public }, }; var authRequest = new AuthRequestMessage { Credentials = request, ClientAddress = "localhost", SessionID = sessionId }; var response = authProvider.Authenticate(authRequest); Assert.IsNotNull(response); Assert.IsNotNull(response.Parameters); Assert.IsNotNull(response.Parameters[SrpProtocolConstants.SRP_SALT]); Assert.IsNotNull(response.Parameters[SrpProtocolConstants.SRP_SERVER_PUBLIC_EPHEMERAL]); // step1 is performed Assert.IsTrue(authProvider.PendingAuthentications.Any()); // server returns salt even for the unknown user name so we can't tell whether the user exists or not var salt = (string)response.Parameters[SrpProtocolConstants.SRP_SALT]; var serverPublicEphemeral = (string)response.Parameters[SrpProtocolConstants.SRP_SERVER_PUBLIC_EPHEMERAL]; var privateKey = srpClient.DerivePrivateKey(salt, UserName, Password); var clientSession = srpClient.DeriveSession(clientEphemeral.Secret, serverPublicEphemeral, salt, UserName, privateKey); // perform step2 authRequest.Credentials[SrpProtocolConstants.SRP_STEP_NUMBER] = 2; authRequest.Credentials[SrpProtocolConstants.SRP_CLIENT_SESSION_PROOF] = clientSession.Proof; // make sure that identity is set response = authProvider.Authenticate(authRequest); Assert.IsNotNull(response); Assert.IsNotNull(response.Parameters); Assert.IsNotNull(response.Parameters[SrpProtocolConstants.SRP_SERVER_SESSION_PROOF]); Assert.IsTrue(response.Completed); Assert.IsTrue(response.Success); Assert.IsNotNull(response.AuthenticatedIdentity); Assert.IsNotNull(response.AuthenticatedIdentity.IsAuthenticated); Assert.AreEqual(response.AuthenticatedIdentity.Name, UserName); var serverProof = (string)response.Parameters[SrpProtocolConstants.SRP_SERVER_SESSION_PROOF]; srpClient.VerifySession(clientEphemeral.Public, clientSession, serverProof); }
private TcpSimplexServerHostEnvironment() { // use custom SRP parameters var accounts = new SampleAccountRepository(CustomSrpParameters); var provider = new SrpAuthenticationProvider(accounts, CustomSrpParameters); var protocol = new TcpCustomServerProtocolSetup(8091, provider, true); _host = new ZyanComponentHost("CustomAuthenticationTestHost_TcpSimplex", protocol); _host.RegisterComponent <ISampleServer, SampleServer>("SampleServer", ActivationType.SingleCall); }
public void UnknownUsernameReturnsSameSaltAndNewEphemeralOnEachRequest() { var accounts = new SampleAccountRepository(); var authProvider = new SrpAuthenticationProvider(accounts); var srpClient = new SrpClient(); var sessionId = Guid.NewGuid(); var request = new Hashtable { { SrpProtocolConstants.SRP_STEP_NUMBER, 1 }, { SrpProtocolConstants.SRP_USERNAME, "UnknownUser" }, { SrpProtocolConstants.SRP_CLIENT_PUBLIC_EPHEMERAL, srpClient.GenerateEphemeral().Public }, }; var authRequest = new AuthRequestMessage { Credentials = request, ClientAddress = "localhost", SessionID = sessionId }; var response = authProvider.Authenticate(authRequest); Assert.IsNotNull(response); Assert.IsNotNull(response.Parameters); Assert.IsNotNull(response.Parameters[SrpProtocolConstants.SRP_SALT]); Assert.IsNotNull(response.Parameters[SrpProtocolConstants.SRP_SERVER_PUBLIC_EPHEMERAL]); // step1 is not performed because the user is unknown Assert.IsFalse(authProvider.PendingAuthentications.Any()); // server returns salt even for the unknown user name so we can't tell whether the user exists or not var salt1 = (string)response.Parameters[SrpProtocolConstants.SRP_SALT]; var ephemeral1 = (string)response.Parameters[SrpProtocolConstants.SRP_SERVER_PUBLIC_EPHEMERAL]; response = authProvider.Authenticate(authRequest); Assert.IsNotNull(response); Assert.IsNotNull(response.Parameters); Assert.IsNotNull(response.Parameters[SrpProtocolConstants.SRP_SALT]); Assert.IsNotNull(response.Parameters[SrpProtocolConstants.SRP_SERVER_PUBLIC_EPHEMERAL]); var salt2 = (string)response.Parameters[SrpProtocolConstants.SRP_SALT]; var ephemeral2 = (string)response.Parameters[SrpProtocolConstants.SRP_SERVER_PUBLIC_EPHEMERAL]; // server returns the same salt for every unknown username, but new ephemeral on each request Assert.AreEqual(salt1, salt2); Assert.AreNotEqual(ephemeral1, ephemeral2); }