private MsalTokenResponse ResultFromBrokerResponse(Dictionary <string, string> responseDictionary)
{
MsalTokenResponse brokerTokenResponse;
if (responseDictionary.ContainsKey(iOSBrokerConstants.Error) || responseDictionary.ContainsKey(iOSBrokerConstants.ErrorDescription))
{
return(MsalTokenResponse.CreateFromBrokerResponse(responseDictionary));
}
string expectedHash = responseDictionary[iOSBrokerConstants.ExpectedHash];
string encryptedResponse = responseDictionary[iOSBrokerConstants.EncryptedResponsed];
string decryptedResponse = BrokerKeyHelper.DecryptBrokerResponse(encryptedResponse, _serviceBundle.DefaultLogger);
string responseActualHash = _serviceBundle.PlatformProxy.CryptographyManager.CreateSha256Hash(decryptedResponse);
byte[] rawHash = Convert.FromBase64String(responseActualHash);
string hash = BitConverter.ToString(rawHash);
if (expectedHash.Equals(hash.Replace("-", ""), StringComparison.OrdinalIgnoreCase))
{
responseDictionary = CoreHelpers.ParseKeyValueList(decryptedResponse, '&', false, null);
brokerTokenResponse = MsalTokenResponse.CreateFromBrokerResponse(responseDictionary);
}
else
{
brokerTokenResponse = new MsalTokenResponse
{
Error = MsalError.BrokerResponseHashMismatch,
ErrorDescription = MsalErrorMessage.BrokerResponseHashMismatch
};
}
return(brokerTokenResponse);
}
private void AddIosSpecificParametersToPayload(Dictionary <string, string> brokerPayload)
{
string encodedBrokerKey = Base64UrlHelpers.Encode(BrokerKeyHelper.GetRawBrokerKey(_logger));
brokerPayload[iOSBrokerConstants.BrokerKey] = encodedBrokerKey;
brokerPayload[iOSBrokerConstants.MsgProtocolVer] = BrokerParameter.MsgProtocolVersion3;
if (_brokerV3Installed)
{
_brokerRequestNonce = Guid.NewGuid().ToString();
brokerPayload[iOSBrokerConstants.BrokerNonce] = _brokerRequestNonce;
string applicationToken = TryReadBrokerApplicationTokenFromKeychain(brokerPayload);
if (!string.IsNullOrEmpty(applicationToken))
{
brokerPayload[iOSBrokerConstants.ApplicationToken] = applicationToken;
}
}
if (brokerPayload.ContainsKey(iOSBrokerConstants.Claims))
{
brokerPayload[iOSBrokerConstants.SkipCache] = BrokerParameter.SkipCache;
string claims = Base64UrlHelpers.Encode(brokerPayload[BrokerParameter.Claims]);
brokerPayload[BrokerParameter.Claims] = claims;
}
}
private MsalTokenResponse ResultFromBrokerResponse(Dictionary <string, string> responseDictionary)
{
MsalTokenResponse brokerTokenResponse;
string expectedHash = responseDictionary[iOSBrokerConstants.ExpectedHash];
string encryptedResponse = responseDictionary[iOSBrokerConstants.EncryptedResponsed];
string decryptedResponse = BrokerKeyHelper.DecryptBrokerResponse(encryptedResponse, _logger);
string responseActualHash = _cryptoManager.CreateSha256Hash(decryptedResponse);
byte[] rawHash = Convert.FromBase64String(responseActualHash);
string hash = BitConverter.ToString(rawHash);
if (expectedHash.Equals(hash.Replace("-", ""), StringComparison.OrdinalIgnoreCase))
{
responseDictionary = CoreHelpers.ParseKeyValueList(decryptedResponse, '&', false, null);
if (!ValidateBrokerResponseNonceWithRequestNonce(responseDictionary))
{
return(new MsalTokenResponse
{
Error = MsalError.BrokerNonceMismatch,
ErrorDescription = MsalErrorMessage.BrokerNonceMismatch
});
}
if (responseDictionary.ContainsKey(iOSBrokerConstants.ApplicationToken))
{
TryWriteBrokerApplicationTokenToKeychain(
responseDictionary[BrokerResponseConst.ClientId],
responseDictionary[iOSBrokerConstants.ApplicationToken]);
}
brokerTokenResponse = MsalTokenResponse.CreateFromiOSBrokerResponse(responseDictionary);
if (responseDictionary.TryGetValue(BrokerResponseConst.BrokerErrorCode, out string errCode))
{
if (errCode == BrokerResponseConst.iOSBrokerUserCancellationErrorCode)
{
responseDictionary[BrokerResponseConst.BrokerErrorCode] = MsalError.AuthenticationCanceledError;
}
else if (errCode == BrokerResponseConst.iOSBrokerProtectionPoliciesRequiredErrorCode)
{
responseDictionary[BrokerResponseConst.BrokerErrorCode] = MsalError.ProtectionPolicyRequired;
}
}
}
else
{
brokerTokenResponse = new MsalTokenResponse
{
Error = MsalError.BrokerResponseHashMismatch,
ErrorDescription = MsalErrorMessage.BrokerResponseHashMismatch
};
}
return(brokerTokenResponse);
}
private void AddIosSpecificParametersToPayload(Dictionary <string, string> brokerPayload)
{
string encodedBrokerKey = Base64UrlHelpers.Encode(BrokerKeyHelper.GetRawBrokerKey(_serviceBundle.DefaultLogger));
brokerPayload[iOSBrokerConstants.BrokerKey] = encodedBrokerKey;
brokerPayload[iOSBrokerConstants.MsgProtocolVer] = BrokerParameter.MsgProtocolVersion3;
if (brokerPayload.ContainsKey(iOSBrokerConstants.Claims))
{
brokerPayload.Add(iOSBrokerConstants.SkipCache, BrokerParameter.SkipCache);
string claims = Base64UrlHelpers.Encode(brokerPayload[BrokerParameter.Claims]);
brokerPayload[BrokerParameter.Claims] = claims;
}
}
private void AddCommunicationParams(Dictionary <string, string> brokerRequest)
{
string encodedBrokerKey = Base64UrlHelpers.Encode(BrokerKeyHelper.GetRawBrokerKey(_logger));
brokerRequest[iOSBrokerConstants.BrokerKey] = encodedBrokerKey;
brokerRequest[iOSBrokerConstants.MsgProtocolVer] = BrokerParameter.MsgProtocolVersion3;
if (_brokerV3Installed)
{
_brokerRequestNonce = Guid.NewGuid().ToString();
brokerRequest[iOSBrokerConstants.BrokerNonce] = _brokerRequestNonce;
string applicationToken = TryReadBrokerApplicationTokenFromKeychain(brokerRequest);
if (!string.IsNullOrEmpty(applicationToken))
{
brokerRequest[iOSBrokerConstants.ApplicationToken] = applicationToken;
}
}
}
private void AddIosSpecificParametersToPayload(Dictionary <string, string> brokerPayload)
{
string encodedBrokerKey = Base64UrlHelpers.Encode(BrokerKeyHelper.GetRawBrokerKey(_logger));
brokerPayload[iOSBrokerConstants.BrokerKey] = encodedBrokerKey;
brokerPayload[iOSBrokerConstants.MsgProtocolVer] = BrokerParameter.MsgProtocolVersion3;
if (_brokerV3Installed)
{
_brokerRequestNonce = Guid.NewGuid().ToString();
brokerPayload[iOSBrokerConstants.BrokerNonce] = _brokerRequestNonce;
}
if (brokerPayload.ContainsKey(iOSBrokerConstants.Claims))
{
brokerPayload.Add(iOSBrokerConstants.SkipCache, BrokerParameter.SkipCache);
string claims = Base64UrlHelpers.Encode(brokerPayload[BrokerParameter.Claims]);
brokerPayload[BrokerParameter.Claims] = claims;
}
}
private MsalTokenResponse ResultFromBrokerResponse(Dictionary <string, string> responseDictionary)
{
MsalTokenResponse brokerTokenResponse;
string expectedHash = responseDictionary[iOSBrokerConstants.ExpectedHash];
string encryptedResponse = responseDictionary[iOSBrokerConstants.EncryptedResponsed];
string decryptedResponse = BrokerKeyHelper.DecryptBrokerResponse(encryptedResponse, _logger);
string responseActualHash = _cryptoManager.CreateSha256Hash(decryptedResponse);
byte[] rawHash = Convert.FromBase64String(responseActualHash);
string hash = BitConverter.ToString(rawHash);
if (!ValidateBrokerResponseNonceWithRequestNonce(responseDictionary))
{
return(new MsalTokenResponse
{
Error = MsalError.BrokerNonceMismatch,
ErrorDescription = MsalErrorMessage.BrokerNonceMismatch
});
}
if (expectedHash.Equals(hash.Replace("-", ""), StringComparison.OrdinalIgnoreCase))
{
responseDictionary = CoreHelpers.ParseKeyValueList(decryptedResponse, '&', false, null);
brokerTokenResponse = MsalTokenResponse.CreateFromBrokerResponse(responseDictionary);
}
else
{
brokerTokenResponse = new MsalTokenResponse
{
Error = MsalError.BrokerResponseHashMismatch,
ErrorDescription = MsalErrorMessage.BrokerResponseHashMismatch
};
}
return(brokerTokenResponse);
}