private bool CheckIfRoundKeyExpired(KeysInfoModel keys)
{
if (this.KeyExpirationSettings == null)
{
return(false);
}
return(keys.RoundKeySentTimes > this.KeyExpirationSettings.Requests || DateTime.UtcNow - keys.GeneratedTimeUtc > this.KeyExpirationSettings.Time);
}
public async Task <AuthenticationResult> AuthenticateAsync(string authenticationToken)
{
try
{
if (authenticationToken == null)
{
throw new ArgumentException("Auth header is not set");
}
string serializedModel = Encoding.UTF8.GetString(Convert.FromBase64String(authenticationToken));
AuthHeaderModel model = JsonConvert.DeserializeObject <AuthHeaderModel>(serializedModel);
string clientSecret = await this.GadgetKeysService.GetGadgetClientSecretAsync(model.Indentifier);
KeysInfoModel keys = await this.GadgetKeysService.GetGadgetKeysInfoAsync(model.Indentifier, clientSecret);
byte[] roundKey = keys.RoundKey;
string login = await this.SymmetricCryptoService.DecryptBase64ToUtf8Async(model.Login, roundKey, model.Iv);
string password = await this.SymmetricCryptoService.DecryptBase64ToUtf8Async(model.Password, roundKey, model.Iv);
string decryptedClientSecret = await this.SymmetricCryptoService.DecryptBase64ToBase64Async(model.ClientSecret, roundKey, model.Iv);
if (clientSecret != decryptedClientSecret)
{
throw new ArgumentException("Invalid client secret");
}
bool isRoundKeyExpired = this.CheckIfRoundKeyExpired(keys);
await this.GadgetKeysService.IncrementGadgetRoundKeySentTimesAsync(model.Indentifier, clientSecret);
PrincipalModel principal = null;
if (await this.UserService.CheckCredentialsAsync(login, password))
{
await this.UserSessionService.AddEntryAsync(login, model.Indentifier);
principal = new PrincipalModel {
Login = login
};
}
return(new AuthenticationResult
{
IsAuthenticated = true,
IsRoundKeyExpired = isRoundKeyExpired,
RoundKey = roundKey,
Principal = principal
});
}
catch (Exception e)
{
string failureReason = e is SqlException ? null : e.Message;
return(new AuthenticationResult
{
FailureReason = failureReason,
IsAuthenticated = false
});
}
}
