Context Navigation

source: binary-improvements/MapRendering/Web/OpenID.cs@ 433

Last change on this file since 433 was 420, checked in by alloc, 3 years ago
A21 preparations. NOT COMPATIBLE WITH A20 ANYMORE!
File size: 7.5 KB

Line
1	using System;
2	using System.Collections.Generic;
3	using System.Collections.Specialized;
4	using System.IO;
5	using System.Net;
6	using System.Net.Security;
7	using System.Reflection;
8	using System.Security.Cryptography.X509Certificates;
9	using System.Text;
10	using System.Text.RegularExpressions;
11
12	namespace AllocsFixes.NetConnections.Servers.Web {
13	public static class OpenID {
14	private const string STEAM_LOGIN = "https://steamcommunity.com/openid/login";
15
16	private static readonly Regex steamIdUrlMatcher =
17	new Regex (@"^https?:\/\/steamcommunity\.com\/openid\/id\/([0-9]{17,18})");
18
19	private static readonly X509Certificate2 caCert =
20	new X509Certificate2 (Path.GetDirectoryName (Assembly.GetExecutingAssembly ().Location) +
21	"/steam-rootca.cer");
22
23	private static readonly X509Certificate2 caIntermediateCert =
24	new X509Certificate2 (Path.GetDirectoryName (Assembly.GetExecutingAssembly ().Location) +
25	"/steam-intermediate.cer");
26
27	private const bool verboseSsl = false;
28	private static bool debugOpenId => Webserver.OpenID.debugOpenId;
29
30	static OpenID () {
31	ServicePointManager.ServerCertificateValidationCallback = (_srvPoint, _certificate, _chain, _errors) => {
32	if (_errors == SslPolicyErrors.None) {
33	if (verboseSsl) {
34	Log.Out ("Steam certificate: No error (1)");
35	}
36
37	return true;
38	}
39
40	X509Chain privateChain = new X509Chain ();
41	privateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
42
43	privateChain.ChainPolicy.ExtraStore.Add (caCert);
44	privateChain.ChainPolicy.ExtraStore.Add (caIntermediateCert);
45
46	if (privateChain.Build (new X509Certificate2 (_certificate))) {
47	// No errors, immediately return
48	privateChain.Reset ();
49	if (verboseSsl) {
50	Log.Out ("Steam certificate: No error (2)");
51	}
52
53	return true;
54	}
55
56	if (privateChain.ChainStatus.Length == 0) {
57	// No errors, immediately return
58	privateChain.Reset ();
59	if (verboseSsl) {
60	Log.Out ("Steam certificate: No error (3)");
61	}
62
63	return true;
64	}
65
66	// Iterate all chain elements
67	foreach (X509ChainElement chainEl in privateChain.ChainElements) {
68	if (verboseSsl) {
69	Log.Out ("Validating cert: " + chainEl.Certificate.Subject);
70	}
71
72	// Iterate all status flags of the current cert
73	foreach (X509ChainStatus chainStatus in chainEl.ChainElementStatus) {
74	if (verboseSsl) {
75	Log.Out (" Status: " + chainStatus.Status);
76	}
77
78	if (chainStatus.Status == X509ChainStatusFlags.NoError) {
79	// This status is not an error, skip
80	continue;
81	}
82
83	if (chainStatus.Status == X509ChainStatusFlags.UntrustedRoot && chainEl.Certificate.Equals (caCert)) {
84	// This status is about the cert being an untrusted root certificate but the certificate is one of those we added, ignore
85	continue;
86	}
87
88	// This status is an error, print information
89	Log.Warning ("Steam certificate error: " + chainEl.Certificate.Subject + " ### Error: " +
90	chainStatus.Status);
91	privateChain.Reset ();
92	return false;
93	}
94	}
95
96	foreach (X509ChainStatus chainStatus in privateChain.ChainStatus) {
97	if (chainStatus.Status != X509ChainStatusFlags.NoError &&
98	chainStatus.Status != X509ChainStatusFlags.UntrustedRoot) {
99	Log.Warning ("Steam certificate error: " + chainStatus.Status);
100	privateChain.Reset ();
101	return false;
102	}
103	}
104
105	// We didn't find any errors, chain is valid
106	privateChain.Reset ();
107	if (verboseSsl) {
108	Log.Out ("Steam certificate: No error (4)");
109	}
110
111	return true;
112	};
113	}
114
115	public static string GetOpenIdLoginUrl (string _returnHost, string _returnUrl) {
116	Dictionary<string, string> queryParams = new Dictionary<string, string> ();
117
118	queryParams.Add ("openid.ns", "http://specs.openid.net/auth/2.0");
119	queryParams.Add ("openid.mode", "checkid_setup");
120	queryParams.Add ("openid.return_to", _returnUrl);
121	queryParams.Add ("openid.realm", _returnHost);
122	queryParams.Add ("openid.identity", "http://specs.openid.net/auth/2.0/identifier_select");
123	queryParams.Add ("openid.claimed_id", "http://specs.openid.net/auth/2.0/identifier_select");
124
125	return STEAM_LOGIN + '?' + buildUrlParams (queryParams);
126	}
127
128	public static ulong Validate (HttpListenerRequest _req) {
129	string mode = getValue (_req, "openid.mode");
130	if (mode == "cancel") {
131	Log.Warning ("Steam OpenID login canceled");
132	return 0;
133	}
134
135	if (mode == "error") {
136	Log.Warning ("Steam OpenID login error: " + getValue (_req, "openid.error"));
137	if (debugOpenId) {
138	PrintOpenIdResponse (_req);
139	}
140
141	return 0;
142	}
143
144	string steamIdString = getValue (_req, "openid.claimed_id");
145	ulong steamId;
146	Match steamIdMatch = steamIdUrlMatcher.Match (steamIdString);
147	if (steamIdMatch.Success) {
148	steamId = ulong.Parse (steamIdMatch.Groups [1].Value);
149	} else {
150	Log.Warning ("Steam OpenID login result did not give a valid SteamID");
151	if (debugOpenId) {
152	PrintOpenIdResponse (_req);
153	}
154
155	return 0;
156	}
157
158	Dictionary<string, string> queryParams = new Dictionary<string, string> ();
159
160	queryParams.Add ("openid.ns", "http://specs.openid.net/auth/2.0");
161
162	queryParams.Add ("openid.assoc_handle", getValue (_req, "openid.assoc_handle"));
163	queryParams.Add ("openid.signed", getValue (_req, "openid.signed"));
164	queryParams.Add ("openid.sig", getValue (_req, "openid.sig"));
165	queryParams.Add ("openid.identity", "http://specs.openid.net/auth/2.0/identifier_select");
166	queryParams.Add ("openid.claimed_id", "http://specs.openid.net/auth/2.0/identifier_select");
167
168	string[] signeds = getValue (_req, "openid.signed").Split (',');
169	foreach (string s in signeds) {
170	queryParams ["openid." + s] = getValue (_req, "openid." + s);
171	}
172
173	queryParams.Add ("openid.mode", "check_authentication");
174
175	byte[] postData = Encoding.ASCII.GetBytes (buildUrlParams (queryParams));
176	HttpWebRequest request = (HttpWebRequest) WebRequest.Create (STEAM_LOGIN);
177	request.Method = "POST";
178	request.ContentType = "application/x-www-form-urlencoded";
179	request.ContentLength = postData.Length;
180	request.Headers.Add (HttpRequestHeader.AcceptLanguage, "en");
181	using (Stream st = request.GetRequestStream ()) {
182	st.Write (postData, 0, postData.Length);
183	}
184
185	HttpWebResponse response = (HttpWebResponse) request.GetResponse ();
186	string responseString;
187	using (Stream st = response.GetResponseStream ()) {
188	using (StreamReader str = new StreamReader (st)) {
189	responseString = str.ReadToEnd ();
190	}
191	}
192
193	if (responseString.ContainsCaseInsensitive ("is_valid:true")) {
194	return steamId;
195	}
196
197	Log.Warning ("Steam OpenID login failed: {0}", responseString);
198	return 0;
199	}
200
201	private static string buildUrlParams (Dictionary<string, string> _queryParams) {
202	string[] paramsArr = new string[_queryParams.Count];
203	int i = 0;
204	foreach (KeyValuePair<string, string> kvp in _queryParams) {
205	paramsArr [i++] = kvp.Key + "=" + Uri.EscapeDataString (kvp.Value);
206	}
207
208	return string.Join ("&", paramsArr);
209	}
210
211	private static string getValue (HttpListenerRequest _req, string _name) {
212	NameValueCollection nvc = _req.QueryString;
213	if (nvc [_name] == null) {
214	throw new MissingMemberException ("OpenID parameter \"" + _name + "\" missing");
215	}
216
217	return nvc [_name];
218	}
219
220	private static void PrintOpenIdResponse (HttpListenerRequest _req) {
221	NameValueCollection nvc = _req.QueryString;
222	for (int i = 0; i < nvc.Count; i++) {
223	Log.Out (" " + nvc.GetKey (i) + " = " + nvc [i]);
224	}
225	}
226	}
227	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: