source: binary-improvements/MapRendering/Web/OpenID.cs@ 420

Last change on this file since 420 was 420, checked in by alloc, 20 months ago

A21 preparations.
NOT COMPATIBLE WITH A20 ANYMORE!
File size: 7.5 KB
RevLine 
[244]1using System;
2using System.Collections.Generic;
3using System.Collections.Specialized;
4using System.IO;
5using System.Net;
6using System.Net.Security;
[325]7using System.Reflection;
8using System.Security.Cryptography.X509Certificates;
[244]9using System.Text;
10using System.Text.RegularExpressions;
11
[325]12namespace AllocsFixes.NetConnections.Servers.Web {
[244]13 public static class OpenID {
14 private const string STEAM_LOGIN = "https://steamcommunity.com/openid/login";
15
[325]16 private static readonly Regex steamIdUrlMatcher =
17 new Regex (@"^https?:\/\/steamcommunity\.com\/openid\/id\/([0-9]{17,18})");
[314]18
[325]19 private static readonly X509Certificate2 caCert =
20 new X509Certificate2 (Path.GetDirectoryName (Assembly.GetExecutingAssembly ().Location) +
21 "/steam-rootca.cer");
22
23 private static readonly X509Certificate2 caIntermediateCert =
24 new X509Certificate2 (Path.GetDirectoryName (Assembly.GetExecutingAssembly ().Location) +
25 "/steam-intermediate.cer");
26
[351]27 private const bool verboseSsl = false;
[420]28 private static bool debugOpenId => Webserver.OpenID.debugOpenId;
[314]29
[244]30 static OpenID () {
[351]31 ServicePointManager.ServerCertificateValidationCallback = (_srvPoint, _certificate, _chain, _errors) => {
32 if (_errors == SslPolicyErrors.None) {
[314]33 if (verboseSsl) {
34 Log.Out ("Steam certificate: No error (1)");
35 }
[325]36
[244]37 return true;
[314]38 }
[244]39
[314]40 X509Chain privateChain = new X509Chain ();
41 privateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
[244]42
[314]43 privateChain.ChainPolicy.ExtraStore.Add (caCert);
44 privateChain.ChainPolicy.ExtraStore.Add (caIntermediateCert);
45
[351]46 if (privateChain.Build (new X509Certificate2 (_certificate))) {
[314]47 // No errors, immediately return
48 privateChain.Reset ();
49 if (verboseSsl) {
50 Log.Out ("Steam certificate: No error (2)");
51 }
[325]52
[314]53 return true;
54 }
55
56 if (privateChain.ChainStatus.Length == 0) {
57 // No errors, immediately return
58 privateChain.Reset ();
59 if (verboseSsl) {
60 Log.Out ("Steam certificate: No error (3)");
61 }
[325]62
[314]63 return true;
64 }
65
66 // Iterate all chain elements
67 foreach (X509ChainElement chainEl in privateChain.ChainElements) {
68 if (verboseSsl) {
69 Log.Out ("Validating cert: " + chainEl.Certificate.Subject);
70 }
[325]71
[314]72 // Iterate all status flags of the current cert
73 foreach (X509ChainStatus chainStatus in chainEl.ChainElementStatus) {
74 if (verboseSsl) {
75 Log.Out (" Status: " + chainStatus.Status);
76 }
[325]77
[314]78 if (chainStatus.Status == X509ChainStatusFlags.NoError) {
79 // This status is not an error, skip
80 continue;
81 }
[325]82
[326]83 if (chainStatus.Status == X509ChainStatusFlags.UntrustedRoot && chainEl.Certificate.Equals (caCert)) {
[314]84 // This status is about the cert being an untrusted root certificate but the certificate is one of those we added, ignore
85 continue;
86 }
[325]87
[314]88 // This status is an error, print information
[325]89 Log.Warning ("Steam certificate error: " + chainEl.Certificate.Subject + " ### Error: " +
90 chainStatus.Status);
[314]91 privateChain.Reset ();
92 return false;
93 }
94 }
95
96 foreach (X509ChainStatus chainStatus in privateChain.ChainStatus) {
[325]97 if (chainStatus.Status != X509ChainStatusFlags.NoError &&
98 chainStatus.Status != X509ChainStatusFlags.UntrustedRoot) {
[314]99 Log.Warning ("Steam certificate error: " + chainStatus.Status);
100 privateChain.Reset ();
101 return false;
102 }
103 }
104
105 // We didn't find any errors, chain is valid
106 privateChain.Reset ();
107 if (verboseSsl) {
108 Log.Out ("Steam certificate: No error (4)");
109 }
[325]110
[244]111 return true;
112 };
113 }
114
115 public static string GetOpenIdLoginUrl (string _returnHost, string _returnUrl) {
116 Dictionary<string, string> queryParams = new Dictionary<string, string> ();
117
118 queryParams.Add ("openid.ns", "http://specs.openid.net/auth/2.0");
119 queryParams.Add ("openid.mode", "checkid_setup");
120 queryParams.Add ("openid.return_to", _returnUrl);
121 queryParams.Add ("openid.realm", _returnHost);
122 queryParams.Add ("openid.identity", "http://specs.openid.net/auth/2.0/identifier_select");
123 queryParams.Add ("openid.claimed_id", "http://specs.openid.net/auth/2.0/identifier_select");
124
125 return STEAM_LOGIN + '?' + buildUrlParams (queryParams);
126 }
127
128 public static ulong Validate (HttpListenerRequest _req) {
[316]129 string mode = getValue (_req, "openid.mode");
130 if (mode == "cancel") {
[244]131 Log.Warning ("Steam OpenID login canceled");
132 return 0;
133 }
[325]134
[316]135 if (mode == "error") {
136 Log.Warning ("Steam OpenID login error: " + getValue (_req, "openid.error"));
[317]137 if (debugOpenId) {
138 PrintOpenIdResponse (_req);
139 }
[325]140
[316]141 return 0;
142 }
[325]143
[244]144 string steamIdString = getValue (_req, "openid.claimed_id");
[326]145 ulong steamId;
[244]146 Match steamIdMatch = steamIdUrlMatcher.Match (steamIdString);
147 if (steamIdMatch.Success) {
148 steamId = ulong.Parse (steamIdMatch.Groups [1].Value);
149 } else {
150 Log.Warning ("Steam OpenID login result did not give a valid SteamID");
[317]151 if (debugOpenId) {
152 PrintOpenIdResponse (_req);
153 }
[325]154
[244]155 return 0;
156 }
157
158 Dictionary<string, string> queryParams = new Dictionary<string, string> ();
159
160 queryParams.Add ("openid.ns", "http://specs.openid.net/auth/2.0");
161
162 queryParams.Add ("openid.assoc_handle", getValue (_req, "openid.assoc_handle"));
163 queryParams.Add ("openid.signed", getValue (_req, "openid.signed"));
164 queryParams.Add ("openid.sig", getValue (_req, "openid.sig"));
165 queryParams.Add ("openid.identity", "http://specs.openid.net/auth/2.0/identifier_select");
166 queryParams.Add ("openid.claimed_id", "http://specs.openid.net/auth/2.0/identifier_select");
167
168 string[] signeds = getValue (_req, "openid.signed").Split (',');
169 foreach (string s in signeds) {
170 queryParams ["openid." + s] = getValue (_req, "openid." + s);
171 }
172
173 queryParams.Add ("openid.mode", "check_authentication");
174
175 byte[] postData = Encoding.ASCII.GetBytes (buildUrlParams (queryParams));
[325]176 HttpWebRequest request = (HttpWebRequest) WebRequest.Create (STEAM_LOGIN);
[244]177 request.Method = "POST";
178 request.ContentType = "application/x-www-form-urlencoded";
179 request.ContentLength = postData.Length;
180 request.Headers.Add (HttpRequestHeader.AcceptLanguage, "en");
181 using (Stream st = request.GetRequestStream ()) {
182 st.Write (postData, 0, postData.Length);
183 }
184
[325]185 HttpWebResponse response = (HttpWebResponse) request.GetResponse ();
[326]186 string responseString;
[244]187 using (Stream st = response.GetResponseStream ()) {
188 using (StreamReader str = new StreamReader (st)) {
189 responseString = str.ReadToEnd ();
190 }
191 }
192
[326]193 if (responseString.ContainsCaseInsensitive ("is_valid:true")) {
[244]194 return steamId;
195 }
[325]196
197 Log.Warning ("Steam OpenID login failed: {0}", responseString);
198 return 0;
[244]199 }
200
201 private static string buildUrlParams (Dictionary<string, string> _queryParams) {
202 string[] paramsArr = new string[_queryParams.Count];
203 int i = 0;
204 foreach (KeyValuePair<string, string> kvp in _queryParams) {
205 paramsArr [i++] = kvp.Key + "=" + Uri.EscapeDataString (kvp.Value);
206 }
[325]207
[244]208 return string.Join ("&", paramsArr);
209 }
210
211 private static string getValue (HttpListenerRequest _req, string _name) {
212 NameValueCollection nvc = _req.QueryString;
213 if (nvc [_name] == null) {
214 throw new MissingMemberException ("OpenID parameter \"" + _name + "\" missing");
215 }
[325]216
[244]217 return nvc [_name];
218 }
219
[317]220 private static void PrintOpenIdResponse (HttpListenerRequest _req) {
221 NameValueCollection nvc = _req.QueryString;
222 for (int i = 0; i < nvc.Count; i++) {
223 Log.Out (" " + nvc.GetKey (i) + " = " + nvc [i]);
224 }
225 }
[244]226 }
[325]227}
Note: See TracBrowser for help on using the repository browser.