From 245eb9d85d4a70cb86c46b50fb3f85dcd2f7a5c9 Mon Sep 17 00:00:00 2001 From: Michael Zanetti Date: Sat, 4 Aug 2018 15:01:49 +0200 Subject: [PATCH] can finally log in --- libnymea-app-core/awsclient.cpp | 115 +++++++------------------------- libnymea-app-core/awsclient.h | 2 +- 2 files changed, 26 insertions(+), 91 deletions(-) diff --git a/libnymea-app-core/awsclient.cpp b/libnymea-app-core/awsclient.cpp index e2f67263..48c50241 100644 --- a/libnymea-app-core/awsclient.cpp +++ b/libnymea-app-core/awsclient.cpp @@ -45,12 +45,12 @@ void AWSClient::login(const QString &username, const QString &password) request.setRawHeader("X-Amz-Target", "AWSCognitoIdentityProviderService.InitiateAuth"); QVariantMap params; - params.insert("AuthFlow", "USER_SRP_AUTH"); + params.insert("AuthFlow", "USER_PASSWORD_AUTH"); params.insert("ClientId", clientId); QVariantMap authParams; authParams.insert("USERNAME", username); - authParams.insert("SRP_A", QByteArray((char*)bytes_A, len_A).toHex()); + authParams.insert("PASSWORD", password); params.insert("AuthParameters", authParams); QJsonDocument jsonDoc = QJsonDocument::fromVariant(params); @@ -81,43 +81,37 @@ void AWSClient::initiateAuthReply() qWarning() << "Failed to parse AWS login response" << error.errorString(); return; } - QVariantMap srpChallenge = jsonDoc.toVariant().toMap(); - QByteArray challengeName = srpChallenge.value("ChallengeName").toByteArray(); - QVariantMap challengeParams = srpChallenge.value("ChallengeParameters").toMap(); - QByteArray secretBlock = challengeParams.value("SECRET_BLOCK").toByteArray(); - QByteArray srpB = challengeParams.value("SRP_B").toByteArray(); - QByteArray username = challengeParams.value("USERNAME").toByteArray(); - char *bytes_M; - int len_M; - srp_user_process_challenge(m_srpUser, (const unsigned char*)secretBlock.data(), secretBlock.length(), (const unsigned char*)srpB.data(), srpB.length(), (const unsigned char**)&bytes_M, &len_M); - QUrl url("https://cognito-idp.eu-west-1.amazonaws.com/"); + QVariantMap authenticationResult = jsonDoc.toVariant().toMap().value("AuthenticationResult").toMap(); + QByteArray accessToken = authenticationResult.value("AccessToken").toByteArray(); + QByteArray idToken = authenticationResult.value("IdToken").toByteArray(); + + qDebug() << "Have acess token:" << accessToken; + qDebug() << "have idToken:" << idToken; + + QUrl url("https://cognito-identity.eu-west-1.amazonaws.com/"); QUrlQuery query; - query.addQueryItem("Action", "RespondToAuthChallenge"); - query.addQueryItem("Version", "2016-04-18"); + query.addQueryItem("Action", "GetId"); + query.addQueryItem("Version", "2016-06-30"); url.setQuery(query); QNetworkRequest request(url); request.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-amz-json-1.0"); - request.setRawHeader("Host", "cognito-idp.eu-west-1.amazonaws.com"); - request.setRawHeader("X-Amz-Target", "AWSCognitoIdentityProviderService.RespondToAuthChallenge"); + request.setRawHeader("Host", "cognito-identity.eu-west-1.amazonaws.com"); + request.setRawHeader("X-Amz-Target", "AWSCognitoIdentityService.GetId"); + + QVariantMap logins; + logins.insert("cognito-idp.eu-west-1.amazonaws.com/eu-west-1_6eX6YjmXr", idToken); QVariantMap params; - params.insert("ChallengeName", challengeName.data()); - - QVariantMap challengeResponses; - challengeResponses.insert("PASSWORD_CLAIM_SIGNATURE", QByteArray(bytes_M, len_M).toHex()); - challengeResponses.insert("PASSWORD_CLAIM_SECRET_BLOCK", secretBlock.data()); - challengeResponses.insert("USERNAME", username); - challengeResponses.insert("TIMESTAMP", QLocale("en").toString(QDateTime::currentDateTime().toUTC(), "ddd MMM d HH:mm:ss UTC yyyy")); - params.insert("ChallengeResponses", challengeResponses); - - params.insert("ClientId", clientId); + params.insert("IdentityPoolId", "eu-west-1:108a174c-5786-40f9-966a-1a0cd33d6801"); + params.insert("Logins", logins); jsonDoc = QJsonDocument::fromVariant(params); QByteArray payload = jsonDoc.toJson(QJsonDocument::Compact); + qDebug() << "Posting:\nURL:" << request.url().toString(); qDebug() << "HEADERS:"; foreach (const QByteArray &headerName, request.rawHeaderList()) { @@ -126,75 +120,16 @@ void AWSClient::initiateAuthReply() qDebug().noquote() << "Payload:" << payload; reply = m_nam->post(request, payload); - connect(reply, &QNetworkReply::finished, this, &AWSClient::respondToAuthChallengeReply); + connect(reply, &QNetworkReply::finished, this, &AWSClient::getIdReply); } -void AWSClient::respondToAuthChallengeReply() +void AWSClient::getIdReply() { QNetworkReply* reply = static_cast(sender()); reply->deleteLater(); QByteArray data = reply->readAll(); qDebug() << "RespondToAuthChallenge reply" << reply->error() << reply->errorString() << qUtf8Printable(data); + + +// QM } - -QByteArray AWSClient::createClaim(const QByteArray &secretBlock, const QByteArray &srpB, const QByteArray &salt) -{ -// byte[] authSecretBlock = System.Convert.FromBase64String(secretBlock); - QByteArray authSecretBlock = QByteArray::fromBase64(secretBlock); - -// BigInteger B = new BigInteger(srp_b, 16); -// if (B.Mod(AuthenticationHelper.N).Equals(BigInteger.Zero)) -// { -// throw new Exception("B cannot be zero"); -// } - bool ok; - qlonglong b = srpB.toLongLong(&ok, 16); - if (!ok) { - qWarning() << "Error converting srpB to number"; - return QByteArray(); - } - -// BigInteger salt = new BigInteger(saltString, 16); - qlonglong saltNumber = salt.toLongLong(&ok, 16); - if (!ok) { - qWarning() << "Error converting salt to number"; - return QByteArray(); - } - - // We need to generate the key to hash the response based on our A and what AWS sent back - byte[] key = getPasswordAuthenticationKey(username, password, poolName, TupleAa, B, salt); - - // HMAC our data with key (HKDF(S)) (the shared secret) - byte[] hmac; - try - { - HMAC mac = HMAC.Create("HMACSHA256"); - mac.Key = key; - - //bytes bytes bytes.... - byte[] poolNameByte = Encoding.UTF8.GetBytes(poolName); - byte[] name = Encoding.UTF8.GetBytes(username); - //secretBlock here - byte[] timeByte = Encoding.UTF8.GetBytes(formattedTimestamp); - byte[] content = new byte[poolNameByte.Length + name.Length + authSecretBlock.Length + timeByte.Length]; - - Buffer.BlockCopy(poolNameByte, 0, content, 0, poolNameByte.Length); - Buffer.BlockCopy(name, 0, content, poolNameByte.Length, name.Length); - Buffer.BlockCopy(authSecretBlock, 0, content, poolNameByte.Length + name.Length, authSecretBlock.Length); - Buffer.BlockCopy(timeByte, 0, content, poolNameByte.Length + name.Length + authSecretBlock.Length, timeByte.Length); - - hmac = mac.ComputeHash(content); - } - catch (Exception e) - { - throw new Exception("Exception in authentication", e); - } - - return hmac; -} - -QByteArray AWSClient::getPasswordAuthenticationKey(const QByteArray &username, const QByteArray &password) -{ - -} - diff --git a/libnymea-app-core/awsclient.h b/libnymea-app-core/awsclient.h index a5da5396..cf3f3d3e 100644 --- a/libnymea-app-core/awsclient.h +++ b/libnymea-app-core/awsclient.h @@ -17,7 +17,7 @@ public: private slots: void initiateAuthReply(); - void respondToAuthChallengeReply(); + void getIdReply(); private: QByteArray createClaim(const QByteArray &secretBlock, const QByteArray &srpB, const QByteArray &salt);