private void authService_AuthenticateUserPublicKey(object sender, AuthUserPublicKeyEventArgs e)
{
var authService = (SshAuthenticationService)sender;
e.Result = AuthenticationResult.Success;
// Write to event log.
LogClientAuthEvent(authService.Client, AuthenticationMethod.PublicKey, e);
}
protected void ProcessMsgUserAuthRequestPublicKey(SshStreamReader msgReader)
{
if (_isDisposed) throw new ObjectDisposedException(this.GetType().FullName);
// Raise event to specify requested auth method.
if (AuthenticationMethodRequested != null) AuthenticationMethodRequested(this,
new AuthMethodRequestedEventArgs(AuthenticationMethod.PublicKey));
// Read request information.
bool isAuthRequest = msgReader.ReadBoolean();
string keyAlgName = msgReader.ReadString();
byte[] keyAndCertsData = msgReader.ReadByteString();
// Try to find public key algorithm.
PublicKeyAlgorithm keyAlg = null;
try
{
keyAlg = (PublicKeyAlgorithm)_client.PublicKeyAlgorithms.Single(item =>
item.Name == keyAlgName).Clone();
}
catch (InvalidOperationException)
{
// Public key algorithm is not supported.
SendMsgUserAuthFailure(false);
}
// Load key and certificats data for algorithm.
keyAlg.LoadKeyAndCertificatesData(keyAndCertsData);
// Check if request is actual auth request or query of whether specified public key is
// acceptable.
if (isAuthRequest)
{
// Read client signature.
var signatureData = msgReader.ReadByteString();
var signature = keyAlg.GetSignature(signatureData);
// Verify signature.
var payloadData = ((MemoryStream)msgReader.BaseStream).ToArray();
if (VerifyPublicKeySignature(keyAlg, payloadData, 0, payloadData.Length -
signatureData.Length - 4, signature))
{
// Raise event to get result of auth attempt.
var authUserEventArgs = new AuthUserPublicKeyEventArgs(_lastUserName,
keyAlg.ExportPublicKey());
AuthenticateUserPublicKey(this, authUserEventArgs);
// Check result of auth attempt.
switch (authUserEventArgs.Result)
{
case AuthenticationResult.Success:
// Auth has succeeded.
AuthenticateUser(_lastServiceName);
break;
case AuthenticationResult.FurtherAuthRequired:
// Auth has succeeded, but further auth is required.
SendMsgUserAuthFailure(true);
break;
case AuthenticationResult.Failure:
// Auth has failed.
SendMsgUserAuthFailure(false);
break;
}
}
else
{
// Signature is invalid.
SendMsgUserAuthFailure(false);
}
}
else
{
// Public key is acceptable.
SendMsgUserAuthPkOk(keyAlgName, keyAndCertsData);
}
}
protected void ProcessMsgUserAuthRequestPublicKey(SshStreamReader msgReader)
{
if (_isDisposed)
{
throw new ObjectDisposedException(this.GetType().FullName);
}
// Raise event to specify requested auth method.
if (AuthenticationMethodRequested != null)
{
AuthenticationMethodRequested(this,
new AuthMethodRequestedEventArgs(AuthenticationMethod.PublicKey));
}
// Read request information.
bool isAuthRequest = msgReader.ReadBoolean();
string keyAlgName = msgReader.ReadString();
byte[] keyAndCertsData = msgReader.ReadByteString();
// Try to find public key algorithm.
PublicKeyAlgorithm keyAlg = null;
try
{
keyAlg = (PublicKeyAlgorithm)_client.PublicKeyAlgorithms.Single(item =>
item.Name == keyAlgName).Clone();
}
catch (InvalidOperationException)
{
// Public key algorithm is not supported.
SendMsgUserAuthFailure(false);
}
// Load key and certificats data for algorithm.
keyAlg.LoadKeyAndCertificatesData(keyAndCertsData);
// Check if request is actual auth request or query of whether specified public key is
// acceptable.
if (isAuthRequest)
{
// Read client signature.
var signatureData = msgReader.ReadByteString();
var signature = keyAlg.GetSignature(signatureData);
// Verify signature.
var payloadData = ((MemoryStream)msgReader.BaseStream).ToArray();
if (VerifyPublicKeySignature(keyAlg, payloadData, 0, payloadData.Length -
signatureData.Length - 4, signature))
{
// Raise event to get result of auth attempt.
var authUserEventArgs = new AuthUserPublicKeyEventArgs(_lastUserName,
keyAlg.ExportPublicKey());
AuthenticateUserPublicKey(this, authUserEventArgs);
// Check result of auth attempt.
switch (authUserEventArgs.Result)
{
case AuthenticationResult.Success:
// Auth has succeeded.
AuthenticateUser(_lastServiceName);
break;
case AuthenticationResult.FurtherAuthRequired:
// Auth has succeeded, but further auth is required.
SendMsgUserAuthFailure(true);
break;
case AuthenticationResult.Failure:
// Auth has failed.
SendMsgUserAuthFailure(false);
break;
}
}
else
{
// Signature is invalid.
SendMsgUserAuthFailure(false);
}
}
else
{
// Public key is acceptable.
SendMsgUserAuthPkOk(keyAlgName, keyAndCertsData);
}
}