void KPRPCReceiveSetup(KPRPCMessage kprpcm)
{
if (Authorised)
{
KPRPCMessage data2client = new KPRPCMessage();
data2client.protocol = "setup";
data2client.srp = new SRPParams();
data2client.version = ProtocolVersion;
data2client.error = new Error(ErrorCode.AUTH_RESTART, new string[] { "Already authorised" });
AbortWithMessageToClient(data2client);
return;
}
if (kprpcm.srp != null)
{
KPRPCMessage data2client = new KPRPCMessage();
data2client.protocol = "setup";
data2client.version = ProtocolVersion;
int clientSecurityLevel = kprpcm.srp.securityLevel;
if (clientSecurityLevel < securityLevelClientMinimum)
{
data2client.error = new Error(ErrorCode.AUTH_CLIENT_SECURITY_LEVEL_TOO_LOW, new string[] { securityLevelClientMinimum.ToString() });
/* TODO1.3: need to disconnect/delete/reset this connection once we've decided we are not interested in letting the client connect. Maybe
* tie in to finding a way to abort if user clicks a "cancel" button on the auth form.
*/
this.WebSocketConnection.Send(Jayrock.Json.Conversion.JsonConvert.ExportToString(data2client));
}
else
{
switch (kprpcm.srp.stage)
{
case "identifyToServer": this.WebSocketConnection.Send(SRPIdentifyToServer(kprpcm)); break;
case "proofToServer": this.WebSocketConnection.Send(SRPProofToServer(kprpcm)); break;
default: return;
}
}
}
else
{
KPRPCMessage data2client = new KPRPCMessage();
data2client.protocol = "setup";
data2client.version = ProtocolVersion;
int clientSecurityLevel = kprpcm.key.securityLevel;
if (clientSecurityLevel < securityLevelClientMinimum)
{
data2client.error = new Error(ErrorCode.AUTH_CLIENT_SECURITY_LEVEL_TOO_LOW, new string[] { securityLevelClientMinimum.ToString() });
/* TODO1.3: need to disconnect/delete/reset this connection once we've decided we are not interested in letting the client connect. Maybe
* tie in to finding a way to abort if user clicks a "cancel" button on the auth form.
*/
this.WebSocketConnection.Send(Jayrock.Json.Conversion.JsonConvert.ExportToString(data2client));
}
else
{
if (!string.IsNullOrEmpty(kprpcm.key.username))
{
// confirm username
this.userName = kprpcm.key.username;
KeyContainerClass kc = this.KeyContainer;
if (kc == null)
{
this.userName = null;
data2client.error = new Error(ErrorCode.AUTH_FAILED, new string[] { "Stored key not found - Caused by changed Firefox profile or KeePass instance; changed OS user credentials; or KeePass config file may be corrupt" });
/* TODO1.3: need to disconnect/delete/reset this connection once we've decided we are not interested in letting the client connect. Maybe
* tie in to finding a way to abort if user clicks a "cancel" button on the auth form.
*/
this.WebSocketConnection.Send(Jayrock.Json.Conversion.JsonConvert.ExportToString(data2client));
return;
}
if (kc.Username != this.userName)
{
this.userName = null;
data2client.error = new Error(ErrorCode.AUTH_FAILED, new string[] { "Username mismatch - KeePass config file is probably corrupt" });
/* TODO1.3: need to disconnect/delete/reset this connection once we've decided we are not interested in letting the client connect. Maybe
* tie in to finding a way to abort if user clicks a "cancel" button on the auth form.
*/
this.WebSocketConnection.Send(Jayrock.Json.Conversion.JsonConvert.ExportToString(data2client));
return;
}
if (kc.AuthExpires < DateTime.UtcNow)
{
this.userName = null;
data2client.error = new Error(ErrorCode.AUTH_EXPIRED);
/* TODO1.3: need to disconnect/delete/reset this connection once we've decided we are not interested in letting the client connect. Maybe
* tie in to finding a way to abort if user clicks a "cancel" button on the auth form.
*/
this.WebSocketConnection.Send(Jayrock.Json.Conversion.JsonConvert.ExportToString(data2client));
return;
}
this.WebSocketConnection.Send(Kcp.KeyChallengeResponse1(this.userName, securityLevel));
}
else if (!string.IsNullOrEmpty(kprpcm.key.cc) && !string.IsNullOrEmpty(kprpcm.key.cr))
{
bool authorised = false;
this.WebSocketConnection.Send(Kcp.KeyChallengeResponse2(kprpcm.key.cc, kprpcm.key.cr, KeyContainer, securityLevel, out authorised));
Authorised = authorised;
if (authorised)
{
// We assume the user has manually verified the client name as part of the initial SRP setup so it's fairly safe to use it to determine the type of client connection to which we want to promote our null connection
KPRPC.PromoteGeneralRPCClient(this, KeyContainer.ClientName);
}
}
}
}
}
