public async Task <IActionResult> CreateAuthSession([FromBody] AuthSessionRequest authSessionRequest)
{
var response = await _authService.CreateAuthSession(authSessionRequest);
if (response == null)
{
return(BadRequest());
}
return(Ok(response));
}
private Task SendAddonPacket(AuthSessionRequest authRequest)
{
const int StandardAddonCRC = 0x1c776d01;
var response = new AddonInfoResponse();
foreach (var block in authRequest.AddonBlocks)
{
response.IsAddonStandard.Add(block.Crc == StandardAddonCRC);
}
return(Send(response));
}
public Task Handshake(AuthSessionRequest authRequest)
{
if (AuthenticatedIdentity == authRequest.Identity)
{
return(Task.WhenAll(Send(new AuthSessionResponse()
{
Response = AuthResponseCode.Success
}), SendAddonPacket(authRequest)));
}
else
{
throw new SessionStateException($"received {nameof(Handshake)} request for identity {authRequest.Identity} but {nameof(AuthenticatedIdentity)} is {AuthenticatedIdentity}");
}
}
private async Task HandleAuthSession(AuthSessionRequest request)
{
try
{
// this handler is a little whacky. it can't just send its own response to the client, because the client
// expects the response to be encrypted with the session key. so we have a bit of call-and-response here
// to manage this
var sessionKey = await ShardSession.Authenticate(request);
packetCipher.Initialize(sessionKey);
await ShardSession.Handshake(request);
}
catch (SessionException ex)
{
// TODO: logging
Console.WriteLine(ex.Message);
authenticationFailed = true;
}
}
public async Task <BigInteger> Authenticate(AuthSessionRequest authRequest)
{
if (String.IsNullOrEmpty(authRequest.Identity))
{
throw new ArgumentNullException(nameof(authRequest.Identity));
}
if (seed == 0)
{
await Send(new AuthSessionResponse()
{
Response = AuthResponseCode.Failed
});
throw new AuthenticationFailedException("cannot authenticate with a server seed of 0");
}
var account = GrainFactory.GetGrain <IAccount>(authRequest.Identity);
if (await account.Exists())
{
try
{
var sessionKey = await account.GetSessionKey();
using (var sha1 = new Digester(SHA1.Create()))
{
var serverDigest = BigIntegers.FromUnsignedByteArray(
sha1.CalculateDigest(new byte[][]
{
Encoding.UTF8.GetBytes(authRequest.Identity),
new byte[4],
BitConverter.GetBytes(authRequest.ClientSeed),
BitConverter.GetBytes(seed),
sessionKey.ToByteArray(40),
})
);
if (serverDigest == authRequest.ClientDigest)
{
GetLogger().Info($"{authRequest.Identity} successfully authenticated to {ShardName} {nameof(ShardSession)} {this.GetPrimaryKey()}");
// we can't just Send the Success response here, since the client expects the packet cipher to be initialized at this point
AuthenticatedIdentity = authRequest.Identity;
return(sessionKey);
}
else
{
await Send(new AuthSessionResponse()
{
Response = AuthResponseCode.Failed
});
throw new AuthenticationFailedException($"account {authRequest.Identity} failed authentication proof");
}
}
}
catch (AccountDoesNotExistException)
{
await Send(new AuthSessionResponse()
{
Response = AuthResponseCode.UnknownAccount
});
throw new AuthenticationFailedException($"account {authRequest.Identity} does not exist");
}
catch (AccountStateException)
{
GetLogger().Warn($"received {nameof(AuthSessionRequest)} with unauthenticated identity {authRequest.Identity}");
await Send(new AuthSessionResponse()
{
Response = AuthResponseCode.Failed
});
throw new AuthenticationFailedException($"account {authRequest.Identity} is not authenticated");
}
}
else
{
await Send(new AuthSessionResponse()
{
Response = AuthResponseCode.UnknownAccount
});
throw new AuthenticationFailedException($"account {authRequest.Identity} does not exist");
}
}
private void BtnConnect_Click(object sender, RoutedEventArgs e)
{
var authSessionRequest = new AuthSessionRequest
{
Login = TxtLogin.Text
};
var json = JsonConvert.SerializeObject(authSessionRequest);
var request = new HttpRequestMessage
{
RequestUri = new Uri($"http://localhost:5000/api/session"),
Method = HttpMethod.Post,
Content = new StringContent(json, Encoding.UTF8, "application/json")
};
HttpResponseMessage response = _client.SendAsync(request).Result;
if (!response.IsSuccessStatusCode)
{
AuthStatus.Text = "not authorized";
AuthStatus.Foreground = new SolidColorBrush(Colors.Red);
return;
}
var authSessionResponse = JsonConvert.DeserializeObject <AuthSessionResponse>(
response.Content.ReadAsStringAsync().Result);
var authRequest = new AuthRequest
{
Login = TxtLogin.Text
};
var keyString = string.Empty;
var keyInputDialog = new KeyInputDialog();
if (keyInputDialog.ShowDialog() == true)
{
keyString = keyInputDialog.Key;
}
using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider())
{
RSA.ImportParameters(authSessionResponse.PublicRSAParameters.ToRSAParameters());
authRequest.EncryptedPassword = RSA.Encrypt(Encoding.Default.GetBytes(TxtPassword.Text), false);
authRequest.EncryptedTelegramKey = RSA.Encrypt(Encoding.Default.GetBytes(keyString), false);
}
using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider())
{
authRequest.ClientPublicRSAParameters = RSA.ExportParameters(false).ToPublicRSAParameters();
json = JsonConvert.SerializeObject(authRequest);
request = new HttpRequestMessage
{
RequestUri = new Uri($"http://localhost:5000/api/auth"),
Method = HttpMethod.Post,
Content = new StringContent(json, Encoding.UTF8, "application/json")
};
response = _client.SendAsync(request).Result;
if (!response.IsSuccessStatusCode)
{
AuthStatus.Text = "not authorized";
AuthStatus.Foreground = new SolidColorBrush(Colors.Red);
return;
}
var authResponse = JsonConvert.DeserializeObject <AuthResponse>(
response.Content.ReadAsStringAsync().Result);
_token = authResponse.Token;
_sessionKey = RSA.Decrypt(authResponse.EncryptedSessionKey, false);
_sessionIV = RSA.Decrypt(authResponse.EncryptedSessionIV, false);
AuthStatus.Text = "authorized";
AuthStatus.Foreground = new SolidColorBrush(Colors.Green);
}
_garbage = string.Empty;
}
