Tools/dotnetcli/sdk/NuGetFallbackFolder/microsoft.identitymodel.clients.activedirectory/3.14.1/src/src/ADAL.PCL.WinRT/DeviceAuthHelper.cs

   1 //----------------------------------------------------------------------
   2 //
   3 // Copyright (c) Microsoft Corporation.
   4 // All rights reserved.
   5 //
   6 // This code is licensed under the MIT License.
   7 //
   8 // Permission is hereby granted, free of charge, to any person obtaining a copy
   9 // of this software and associated documentation files(the "Software"), to deal
  10 // in the Software without restriction, including without limitation the rights
  11 // to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
  12 // copies of the Software, and to permit persons to whom the Software is
  13 // furnished to do so, subject to the following conditions :
  14 //
  15 // The above copyright notice and this permission notice shall be included in
  16 // all copies or substantial portions of the Software.
  17 //
  18 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  19 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  20 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
  21 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  22 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  23 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  24 // THE SOFTWARE.
  25 //
  26 //------------------------------------------------------------------------------
  27
  28 using System;
  29 using System.Collections.Generic;
  30 using System.Globalization;
  31 using System.IO;
  32 using System.Linq;
  33 using System.Runtime.InteropServices.WindowsRuntime;
  34 using System.Text;
  35 using System.Threading.Tasks;
  36 using Windows.Security.Cryptography;
  37 using Windows.Security.Cryptography.Certificates;
  38 using Windows.Security.Cryptography.Core;
  39 using Windows.Storage.Streams;
  40
  41 namespace Microsoft.IdentityModel.Clients.ActiveDirectory
  42 {
  43     internal class DeviceAuthHelper : IDeviceAuthHelper
  44     {
  45         public bool CanHandleDeviceAuthChallenge
  46         {
  47             get { return true; }
  48         }
  49
  50         public async Task<string> CreateDeviceAuthChallengeResponse(IDictionary<string, string> challengeData)
  51         {
  52             string authHeaderTemplate = "PKeyAuth {0}, Context=\"{1}\", Version=\"{2}\"";
  53
  54             Certificate certificate = await FindCertificate(challengeData).ConfigureAwait(false);
  55             DeviceAuthJWTResponse response = new DeviceAuthJWTResponse(challengeData["SubmitUrl"],
  56                 challengeData["nonce"], Convert.ToBase64String(certificate.GetCertificateBlob().ToArray()));
  57             IBuffer input = CryptographicBuffer.ConvertStringToBinary(response.GetResponseToSign(),
  58                 BinaryStringEncoding.Utf8);
  59             CryptographicKey keyPair = await
  60                 PersistedKeyProvider.OpenKeyPairFromCertificateAsync(certificate, HashAlgorithmNames.Sha256,
  61                     CryptographicPadding.RsaPkcs1V15).AsTask().ConfigureAwait(false);
  62
  63             IBuffer signed = await CryptographicEngine.SignAsync(keyPair, input).AsTask().ConfigureAwait(false);
  64
  65             string signedJwt = string.Format(CultureInfo.CurrentCulture, "{0}.{1}", response.GetResponseToSign(),
  66                 Base64UrlEncoder.Encode(signed.ToArray()));
  67             string authToken = string.Format(CultureInfo.CurrentCulture, " AuthToken=\"{0}\"", signedJwt);
  68             return string.Format(authHeaderTemplate, authToken, challengeData["Context"], challengeData["Version"]);
  69         }
  70
  71         private async Task<Certificate> FindCertificate(IDictionary<string, string> challengeData)
  72         {
  73             CertificateQuery query = new CertificateQuery();
  74             IReadOnlyList<Certificate> certificates = null;
  75             string errMessage = null;
  76
  77             if (challengeData.ContainsKey("CertAuthorities"))
  78             {
  79                 errMessage = "Cert Authorities:" + challengeData["CertAuthorities"];
  80                 PlatformPlugin.Logger.Verbose(null, "Looking up certificate matching authorities:" + challengeData["CertAuthorities"]);
  81                 string[] certAuthorities = challengeData["CertAuthorities"].Split(';');
  82                 foreach (var certAuthority in certAuthorities)
  83                 {
  84                     //reverse the tokenized string and replace "," with " + "
  85                     string[] dNames = certAuthority.Split(new[] { "," }, StringSplitOptions.None);
  86                     string distinguishedIssuerName = dNames[dNames.Length - 1];
  87                     for (int i = dNames.Length - 2; i >= 0; i--)
  88                     {
  89                         distinguishedIssuerName += " + " + dNames[i].Trim();
  90                     }
  91
  92                     query.IssuerName = distinguishedIssuerName;
  93                     certificates = await CertificateStores.FindAllAsync(query).AsTask().ConfigureAwait(false);
  94                     if (certificates.Count > 0)
  95                     {
  96                         break;
  97                     }
  98                 }
  99             }
 100             else
 101             {
 102                 errMessage = "Cert Thumbprint:" + challengeData["CertThumbprint"];
 103                 PlatformPlugin.Logger.Verbose(null, "Looking up certificate matching thumbprint:" + challengeData["CertThumbprint"]);
 104                 query.Thumbprint = HexStringToByteArray(challengeData["CertThumbprint"]);
 105                 certificates = await CertificateStores.FindAllAsync(query).AsTask().ConfigureAwait(false);
 106             }
 107
 108             if (certificates == null || certificates.Count == 0)
 109             {
 110                 throw new AdalException(AdalError.DeviceCertificateNotFound,
 111                     string.Format(AdalErrorMessage.DeviceCertificateNotFoundTemplate, errMessage));
 112             }
 113
 114             return certificates[0];
 115         }
 116
 117         private byte[] HexStringToByteArray(string hex)
 118         {
 119             if (hex.Length % 2 == 1)
 120                 throw new Exception("The binary key cannot have an odd number of digits");
 121
 122             byte[] arr = new byte[hex.Length >> 1];
 123
 124             for (int i = 0; i < (hex.Length >> 1); ++i)
 125             {
 126                 arr[i] = (byte)((GetHexVal(hex[i << 1]) << 4) + (GetHexVal(hex[(i << 1) + 1])));
 127             }
 128
 129             return arr;
 130         }
 131
 132         private int GetHexVal(char hex)
 133         {
 134             int val = (int)hex;
 135             return val - (val < 58 ? 48 : 55);
 136         }
 137     }
 138 }