source: binary-improvements/MapRendering/Web/OpenID.cs@ 445

Last change on this file since 445 was 420, checked in by alloc, 20 months ago

A21 preparations.
NOT COMPATIBLE WITH A20 ANYMORE!

File size: 7.5 KB
Line 
1using System;
2using System.Collections.Generic;
3using System.Collections.Specialized;
4using System.IO;
5using System.Net;
6using System.Net.Security;
7using System.Reflection;
8using System.Security.Cryptography.X509Certificates;
9using System.Text;
10using System.Text.RegularExpressions;
11
12namespace AllocsFixes.NetConnections.Servers.Web {
13 public static class OpenID {
14 private const string STEAM_LOGIN = "https://steamcommunity.com/openid/login";
15
16 private static readonly Regex steamIdUrlMatcher =
17 new Regex (@"^https?:\/\/steamcommunity\.com\/openid\/id\/([0-9]{17,18})");
18
19 private static readonly X509Certificate2 caCert =
20 new X509Certificate2 (Path.GetDirectoryName (Assembly.GetExecutingAssembly ().Location) +
21 "/steam-rootca.cer");
22
23 private static readonly X509Certificate2 caIntermediateCert =
24 new X509Certificate2 (Path.GetDirectoryName (Assembly.GetExecutingAssembly ().Location) +
25 "/steam-intermediate.cer");
26
27 private const bool verboseSsl = false;
28 private static bool debugOpenId => Webserver.OpenID.debugOpenId;
29
30 static OpenID () {
31 ServicePointManager.ServerCertificateValidationCallback = (_srvPoint, _certificate, _chain, _errors) => {
32 if (_errors == SslPolicyErrors.None) {
33 if (verboseSsl) {
34 Log.Out ("Steam certificate: No error (1)");
35 }
36
37 return true;
38 }
39
40 X509Chain privateChain = new X509Chain ();
41 privateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
42
43 privateChain.ChainPolicy.ExtraStore.Add (caCert);
44 privateChain.ChainPolicy.ExtraStore.Add (caIntermediateCert);
45
46 if (privateChain.Build (new X509Certificate2 (_certificate))) {
47 // No errors, immediately return
48 privateChain.Reset ();
49 if (verboseSsl) {
50 Log.Out ("Steam certificate: No error (2)");
51 }
52
53 return true;
54 }
55
56 if (privateChain.ChainStatus.Length == 0) {
57 // No errors, immediately return
58 privateChain.Reset ();
59 if (verboseSsl) {
60 Log.Out ("Steam certificate: No error (3)");
61 }
62
63 return true;
64 }
65
66 // Iterate all chain elements
67 foreach (X509ChainElement chainEl in privateChain.ChainElements) {
68 if (verboseSsl) {
69 Log.Out ("Validating cert: " + chainEl.Certificate.Subject);
70 }
71
72 // Iterate all status flags of the current cert
73 foreach (X509ChainStatus chainStatus in chainEl.ChainElementStatus) {
74 if (verboseSsl) {
75 Log.Out (" Status: " + chainStatus.Status);
76 }
77
78 if (chainStatus.Status == X509ChainStatusFlags.NoError) {
79 // This status is not an error, skip
80 continue;
81 }
82
83 if (chainStatus.Status == X509ChainStatusFlags.UntrustedRoot && chainEl.Certificate.Equals (caCert)) {
84 // This status is about the cert being an untrusted root certificate but the certificate is one of those we added, ignore
85 continue;
86 }
87
88 // This status is an error, print information
89 Log.Warning ("Steam certificate error: " + chainEl.Certificate.Subject + " ### Error: " +
90 chainStatus.Status);
91 privateChain.Reset ();
92 return false;
93 }
94 }
95
96 foreach (X509ChainStatus chainStatus in privateChain.ChainStatus) {
97 if (chainStatus.Status != X509ChainStatusFlags.NoError &&
98 chainStatus.Status != X509ChainStatusFlags.UntrustedRoot) {
99 Log.Warning ("Steam certificate error: " + chainStatus.Status);
100 privateChain.Reset ();
101 return false;
102 }
103 }
104
105 // We didn't find any errors, chain is valid
106 privateChain.Reset ();
107 if (verboseSsl) {
108 Log.Out ("Steam certificate: No error (4)");
109 }
110
111 return true;
112 };
113 }
114
115 public static string GetOpenIdLoginUrl (string _returnHost, string _returnUrl) {
116 Dictionary<string, string> queryParams = new Dictionary<string, string> ();
117
118 queryParams.Add ("openid.ns", "http://specs.openid.net/auth/2.0");
119 queryParams.Add ("openid.mode", "checkid_setup");
120 queryParams.Add ("openid.return_to", _returnUrl);
121 queryParams.Add ("openid.realm", _returnHost);
122 queryParams.Add ("openid.identity", "http://specs.openid.net/auth/2.0/identifier_select");
123 queryParams.Add ("openid.claimed_id", "http://specs.openid.net/auth/2.0/identifier_select");
124
125 return STEAM_LOGIN + '?' + buildUrlParams (queryParams);
126 }
127
128 public static ulong Validate (HttpListenerRequest _req) {
129 string mode = getValue (_req, "openid.mode");
130 if (mode == "cancel") {
131 Log.Warning ("Steam OpenID login canceled");
132 return 0;
133 }
134
135 if (mode == "error") {
136 Log.Warning ("Steam OpenID login error: " + getValue (_req, "openid.error"));
137 if (debugOpenId) {
138 PrintOpenIdResponse (_req);
139 }
140
141 return 0;
142 }
143
144 string steamIdString = getValue (_req, "openid.claimed_id");
145 ulong steamId;
146 Match steamIdMatch = steamIdUrlMatcher.Match (steamIdString);
147 if (steamIdMatch.Success) {
148 steamId = ulong.Parse (steamIdMatch.Groups [1].Value);
149 } else {
150 Log.Warning ("Steam OpenID login result did not give a valid SteamID");
151 if (debugOpenId) {
152 PrintOpenIdResponse (_req);
153 }
154
155 return 0;
156 }
157
158 Dictionary<string, string> queryParams = new Dictionary<string, string> ();
159
160 queryParams.Add ("openid.ns", "http://specs.openid.net/auth/2.0");
161
162 queryParams.Add ("openid.assoc_handle", getValue (_req, "openid.assoc_handle"));
163 queryParams.Add ("openid.signed", getValue (_req, "openid.signed"));
164 queryParams.Add ("openid.sig", getValue (_req, "openid.sig"));
165 queryParams.Add ("openid.identity", "http://specs.openid.net/auth/2.0/identifier_select");
166 queryParams.Add ("openid.claimed_id", "http://specs.openid.net/auth/2.0/identifier_select");
167
168 string[] signeds = getValue (_req, "openid.signed").Split (',');
169 foreach (string s in signeds) {
170 queryParams ["openid." + s] = getValue (_req, "openid." + s);
171 }
172
173 queryParams.Add ("openid.mode", "check_authentication");
174
175 byte[] postData = Encoding.ASCII.GetBytes (buildUrlParams (queryParams));
176 HttpWebRequest request = (HttpWebRequest) WebRequest.Create (STEAM_LOGIN);
177 request.Method = "POST";
178 request.ContentType = "application/x-www-form-urlencoded";
179 request.ContentLength = postData.Length;
180 request.Headers.Add (HttpRequestHeader.AcceptLanguage, "en");
181 using (Stream st = request.GetRequestStream ()) {
182 st.Write (postData, 0, postData.Length);
183 }
184
185 HttpWebResponse response = (HttpWebResponse) request.GetResponse ();
186 string responseString;
187 using (Stream st = response.GetResponseStream ()) {
188 using (StreamReader str = new StreamReader (st)) {
189 responseString = str.ReadToEnd ();
190 }
191 }
192
193 if (responseString.ContainsCaseInsensitive ("is_valid:true")) {
194 return steamId;
195 }
196
197 Log.Warning ("Steam OpenID login failed: {0}", responseString);
198 return 0;
199 }
200
201 private static string buildUrlParams (Dictionary<string, string> _queryParams) {
202 string[] paramsArr = new string[_queryParams.Count];
203 int i = 0;
204 foreach (KeyValuePair<string, string> kvp in _queryParams) {
205 paramsArr [i++] = kvp.Key + "=" + Uri.EscapeDataString (kvp.Value);
206 }
207
208 return string.Join ("&", paramsArr);
209 }
210
211 private static string getValue (HttpListenerRequest _req, string _name) {
212 NameValueCollection nvc = _req.QueryString;
213 if (nvc [_name] == null) {
214 throw new MissingMemberException ("OpenID parameter \"" + _name + "\" missing");
215 }
216
217 return nvc [_name];
218 }
219
220 private static void PrintOpenIdResponse (HttpListenerRequest _req) {
221 NameValueCollection nvc = _req.QueryString;
222 for (int i = 0; i < nvc.Count; i++) {
223 Log.Out (" " + nvc.GetKey (i) + " = " + nvc [i]);
224 }
225 }
226 }
227}
Note: See TracBrowser for help on using the repository browser.