Mary 275275f7ac
account: Rework LoadIdTokenCache to auto generate a random JWT token (#2991)
This improve correctness of that call while possibly spoofing possible recognizable patterns.
2022-01-11 09:22:20 +01:00

170 lines
6.7 KiB
C#

using Microsoft.IdentityModel.Tokens;
using Ryujinx.Common.Logging;
using Ryujinx.HLE.HOS.Kernel.Threading;
using Ryujinx.HLE.HOS.Services.Account.Acc.AsyncContext;
using System;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Cryptography;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
namespace Ryujinx.HLE.HOS.Services.Account.Acc.AccountService
{
class ManagerServer
{
// TODO: Determine where and how NetworkServiceAccountId is set.
private const long NetworkServiceAccountId = 0xcafe;
private UserId _userId;
public ManagerServer(UserId userId)
{
_userId = userId;
}
private static string GenerateIdToken()
{
using RSA provider = RSA.Create(2048);
RSAParameters parameters = provider.ExportParameters(true);
RsaSecurityKey secKey = new RsaSecurityKey(parameters);
SigningCredentials credentials = new SigningCredentials(secKey, "RS256");
credentials.Key.KeyId = parameters.ToString();
var header = new JwtHeader(credentials)
{
{ "jku", "https://e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com/1.0.0/certificates" }
};
byte[] rawUserId = new byte[0x10];
RandomNumberGenerator.Fill(rawUserId);
byte[] deviceId = new byte[0x10];
RandomNumberGenerator.Fill(deviceId);
byte[] deviceAccountId = new byte[0x10];
RandomNumberGenerator.Fill(deviceId);
var payload = new JwtPayload
{
{ "sub", BitConverter.ToString(rawUserId).Replace("-", "").ToLower() },
{ "aud", "ed9e2f05d286f7b8" },
{ "di", BitConverter.ToString(deviceId).Replace("-", "").ToLower() },
{ "sn", "XAW10000000000" },
{ "bs:did", BitConverter.ToString(deviceAccountId).Replace("-", "").ToLower() },
{ "iss", "https://e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com" },
{ "typ", "id_token" },
{ "iat", DateTimeOffset.UtcNow.ToUnixTimeSeconds() },
{ "jti", Guid.NewGuid().ToString() },
{ "exp", (DateTimeOffset.UtcNow + TimeSpan.FromHours(3)).ToUnixTimeSeconds() }
};
JwtSecurityToken securityToken = new JwtSecurityToken(header, payload);
return new JwtSecurityTokenHandler().WriteToken(securityToken);
}
public ResultCode CheckAvailability(ServiceCtx context)
{
// NOTE: This opens the file at "su/baas/USERID_IN_UUID_STRING.dat" where USERID_IN_UUID_STRING is formatted as "%08x-%04x-%04x-%02x%02x-%08x%04x".
// Then it searches the Availability of Online Services related to the UserId in this file and returns it.
Logger.Stub?.PrintStub(LogClass.ServiceAcc);
// NOTE: Even if we try to return different error codes here, the guest still needs other calls.
return ResultCode.Success;
}
public ResultCode GetAccountId(ServiceCtx context)
{
// NOTE: This opens the file at "su/baas/USERID_IN_UUID_STRING.dat" (where USERID_IN_UUID_STRING is formatted
// as "%08x-%04x-%04x-%02x%02x-%08x%04x") in the account:/ savedata.
// Then it searches the NetworkServiceAccountId related to the UserId in this file and returns it.
Logger.Stub?.PrintStub(LogClass.ServiceAcc, new { NetworkServiceAccountId });
context.ResponseData.Write(NetworkServiceAccountId);
return ResultCode.Success;
}
public ResultCode EnsureIdTokenCacheAsync(ServiceCtx context, out IAsyncContext asyncContext)
{
KEvent asyncEvent = new KEvent(context.Device.System.KernelContext);
AsyncExecution asyncExecution = new AsyncExecution(asyncEvent);
asyncExecution.Initialize(1000, EnsureIdTokenCacheAsyncImpl);
asyncContext = new IAsyncContext(asyncExecution);
// return ResultCode.NullObject if the IAsyncContext pointer is null. Doesn't occur in our case.
return ResultCode.Success;
}
private async Task EnsureIdTokenCacheAsyncImpl(CancellationToken token)
{
// NOTE: This open the file at "su/baas/USERID_IN_UUID_STRING.dat" (where USERID_IN_UUID_STRING is formatted as "%08x-%04x-%04x-%02x%02x-%08x%04x")
// in the "account:/" savedata.
// Then its read data, use dauth API with this data to get the Token Id and probably store the dauth response
// in "su/cache/USERID_IN_UUID_STRING.dat" (where USERID_IN_UUID_STRING is formatted as "%08x-%04x-%04x-%02x%02x-%08x%04x") in the "account:/" savedata.
// Since we don't support online services, we can stub it.
Logger.Stub?.PrintStub(LogClass.ServiceAcc);
// TODO: Use a real function instead, with the CancellationToken.
await Task.CompletedTask;
}
public ResultCode LoadIdTokenCache(ServiceCtx context)
{
ulong bufferPosition = context.Request.ReceiveBuff[0].Position;
ulong bufferSize = context.Request.ReceiveBuff[0].Size;
// NOTE: This opens the file at "su/cache/USERID_IN_UUID_STRING.dat" (where USERID_IN_UUID_STRING is formatted as "%08x-%04x-%04x-%02x%02x-%08x%04x")
// in the "account:/" savedata and writes some data in the buffer.
// Since we don't support online services, we can stub it.
Logger.Stub?.PrintStub(LogClass.ServiceAcc);
/*
if (internal_object != null)
{
if (bufferSize > 0xC00)
{
return ResultCode.InvalidIdTokenCacheBufferSize;
}
}
*/
byte[] tokenData = Encoding.ASCII.GetBytes(GenerateIdToken());
context.Memory.Write(bufferPosition, tokenData);
context.ResponseData.Write(tokenData.Length);
return ResultCode.Success;
}
public ResultCode GetNintendoAccountUserResourceCacheForApplication(ServiceCtx context)
{
Logger.Stub?.PrintStub(LogClass.ServiceAcc, new { NetworkServiceAccountId });
context.ResponseData.Write(NetworkServiceAccountId);
// TODO: determine and fill the output IPC buffer.
return ResultCode.Success;
}
public ResultCode StoreOpenContext(ServiceCtx context)
{
Logger.Stub?.PrintStub(LogClass.ServiceAcc);
return ResultCode.Success;
}
}
}