public void ProcessRequest(HttpContextBase context)
{
try
{
string d = context.Request.QueryString["d"];
int additionalChars;
int.TryParse(d, out additionalChars);
var msg = new SqrlMessage
{
SignatureBase64 = UrlSafeBase64Encoder.Decode(context.Request.Form["sqrlsig"]),
PublicKeyBase64 = UrlSafeBase64Encoder.Decode(context.Request.QueryString["sqrlkey"]),
ServerNonce = context.Request.QueryString["nut"],
Version = context.Request.QueryString["sqrlver"],
Options = context.Request.QueryString["sqrlopt"],
AdditionalDomainCharacters = additionalChars,
Uri = GetAdjustedUrl(context),
IpAddress = context.Request.GetClientIpAddress()
};
var validator = new MessageValidator();
validator.Validate(msg);
context.Response.StatusCode = (int) HttpStatusCode.OK;
}
catch (SqrlAuthenticationException ex)
{
context.Response.StatusCode = (int) HttpStatusCode.Forbidden;
context.Response.StatusDescription = ex.Message;
}
context.Response.End();
}
public void Validate(SqrlMessage msg)
{
ISqrlAuthenticationHandler handler = GetHandler();
if (handler == null || msg.Uri == null || msg.PublicKeyBase64 == null || msg.SignatureBase64 == null)
{
string error = string.Empty;
if (handler == null) error = "Handler";
else if (msg.Uri == null) error = "URL";
else if (msg.PublicKeyBase64 == null) error = "Public key";
else if (msg.SignatureBase64 == null) error = "Signature";
throw new SqrlAuthenticationException(string.Format("Invalid parameters. {0} was not specified.", error));
}
if (msg.Version != SqrlVersion)
{
throw new SqrlAuthenticationException("Invalid version. Expected version was: " + SqrlVersion);
}
if (!handler.VerifySession(msg.IpAddress, msg.ServerNonce))
{
throw new SqrlAuthenticationException("Session not found.");
}
VerifyMessage(msg);
handler.AuthenticateSession(msg.PublicKeyBase64, msg.IpAddress, msg.ServerNonce);
}
public void ProcessRequest(HttpContextBase context)
{
try
{
string d = context.Request.QueryString["d"];
int additionalChars;
int.TryParse(d, out additionalChars);
var msg = new SqrlMessage
{
SignatureBase64 = UrlSafeBase64Encoder.Decode(context.Request.Form["sqrlsig"]),
PublicKeyBase64 = UrlSafeBase64Encoder.Decode(context.Request.QueryString["sqrlkey"]),
ServerNonce = context.Request.QueryString["nut"],
Version = context.Request.QueryString["sqrlver"],
Options = context.Request.QueryString["sqrlopt"],
AdditionalDomainCharacters = additionalChars,
Uri = GetAdjustedUrl(context),
IpAddress = context.Request.GetClientIpAddress()
};
var validator = new MessageValidator();
validator.Validate(msg);
context.Response.StatusCode = (int)HttpStatusCode.OK;
}
catch (SqrlAuthenticationException ex)
{
context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
context.Response.StatusDescription = ex.Message;
}
context.Response.End();
}
private static void VerifyMessage(SqrlMessage sqrl)
{
string url = sqrl.Uri.ToString()
.Replace("https://", "sqrl://")
.Replace("http://", "qrl://");
var idn = new IdnMapping();
var puny = idn.GetAscii(url);
var punyBytes = Encoding.ASCII.GetBytes(puny);
var signatureBytes = sqrl.SignatureBytes;
var signature = new byte[punyBytes.Length + signatureBytes.Length];
Buffer.BlockCopy(signatureBytes, 0, signature, 0, signatureBytes.Length);
Buffer.BlockCopy(punyBytes, 0, signature, signatureBytes.Length, punyBytes.Length);
if (!CryptoSign.Open(signature, sqrl.PublicKeyBytes))
{
throw new SqrlAuthenticationException("Signature verification failed.");
}
}
public void Validate(SqrlMessage msg)
{
ISqrlAuthenticationHandler handler = GetHandler();
if (handler == null || msg.Uri == null || msg.PublicKeyBase64 == null || msg.SignatureBase64 == null)
{
string error = string.Empty;
if (handler == null)
{
error = "Handler";
}
else if (msg.Uri == null)
{
error = "URL";
}
else if (msg.PublicKeyBase64 == null)
{
error = "Public key";
}
else if (msg.SignatureBase64 == null)
{
error = "Signature";
}
throw new SqrlAuthenticationException(string.Format("Invalid parameters. {0} was not specified.", error));
}
if (msg.Version != SqrlVersion)
{
throw new SqrlAuthenticationException("Invalid version. Expected version was: " + SqrlVersion);
}
if (!handler.VerifySession(msg.IpAddress, msg.ServerNonce))
{
throw new SqrlAuthenticationException("Session not found.");
}
VerifyMessage(msg);
handler.AuthenticateSession(msg.PublicKeyBase64, msg.IpAddress, msg.ServerNonce);
}
private static void VerifyMessage(SqrlMessage sqrl)
{
string url = sqrl.Uri.ToString()
.Replace("https://", "sqrl://")
.Replace("http://", "qrl://");
var idn = new IdnMapping();
var puny = idn.GetAscii(url);
var punyBytes = Encoding.ASCII.GetBytes(puny);
var signatureBytes = sqrl.SignatureBytes;
var signature = new byte[punyBytes.Length + signatureBytes.Length];
Buffer.BlockCopy(signatureBytes, 0, signature, 0, signatureBytes.Length);
Buffer.BlockCopy(punyBytes, 0, signature, signatureBytes.Length, punyBytes.Length);
if (!CryptoSign.Open(signature, sqrl.PublicKeyBytes))
{
throw new SqrlAuthenticationException("Signature verification failed.");
}
}
