public static bool VerifyBasicAuthorisationToken(string authorisationToken, GetSharedSecret getSharedSecret, out string sessionToken)
{
if (String.IsNullOrWhiteSpace(authorisationToken))
{
throw new ArgumentNullException("authorisationToken");
}
if (getSharedSecret == null)
{
throw new ArgumentNullException("getSharedSecret");
}
string[] tokens = authorisationToken.Split(' ');
if (tokens.Length != 2 || !AuthorisationMethod.Basic.ToString().Equals(tokens[0]) || String.IsNullOrWhiteSpace(tokens[1]))
{
throw new ArgumentException("Authorisation token not recognised.", "authorisationToken");
}
string base64EncodedString = tokens[1];
string combinedMessage = Encoding.ASCII.GetString(Convert.FromBase64String(base64EncodedString));
string[] nextTokens = combinedMessage.Split(':');
if (nextTokens.Length != 2 || String.IsNullOrWhiteSpace(nextTokens[0]) || String.IsNullOrWhiteSpace(nextTokens[1]))
{
throw new ArgumentException("Invalid authorisation token.", "authorisationToken");
}
string sharedSecret = nextTokens[1];
sessionToken = nextTokens[0];
return(sharedSecret.Equals(getSharedSecret(sessionToken)));
}
/// <summary>
/// <see cref="IAuthorisationTokenService.Verify(AuthorisationToken, GetSharedSecret, out string)"/>
/// </summary>
public bool Verify(AuthorisationToken authorisationToken, GetSharedSecret getSharedSecret, out string sessionToken)
{
if (authorisationToken == null)
{
throw new InvalidAuthorisationTokenException("Authorisation token is null.");
}
if (string.IsNullOrWhiteSpace(authorisationToken.Token))
{
throw new InvalidAuthorisationTokenException("The authorisation token value is null or empty.");
}
if (string.IsNullOrWhiteSpace(authorisationToken.Timestamp))
{
throw new InvalidAuthorisationTokenException("The authorisation token timestamp is null or empty.");
}
if (getSharedSecret == null)
{
throw new ArgumentNullException("getSharedSecret");
}
string[] tokens = authorisationToken.Token.Split(' ');
if (tokens.Length != 2 || !AuthenticationMethod.SIF_HMACSHA256.ToString().Equals(tokens[0]) || string.IsNullOrWhiteSpace(tokens[1]))
{
throw new InvalidAuthorisationTokenException("Authorisation token is not recognised.");
}
string base64EncodedString = tokens[1];
string combinedMessage = Encoding.ASCII.GetString(Convert.FromBase64String(base64EncodedString));
string[] nextTokens = combinedMessage.Split(':');
if (nextTokens.Length != 2 || string.IsNullOrWhiteSpace(nextTokens[0]) || string.IsNullOrWhiteSpace(nextTokens[1]))
{
throw new InvalidAuthorisationTokenException("Authorisation token is invalid.");
}
string hmacsha256EncodedString = nextTokens[1];
sessionToken = nextTokens[0];
string sharedSecret = getSharedSecret(sessionToken);
// Recalculate the encoded HMAC SHA256 string.
// NOTE: Currently there are no checks for the date to be in UTC ISO 8601 format.
byte[] messageBytes = Encoding.ASCII.GetBytes(sessionToken + ":" + authorisationToken.Timestamp);
byte[] keyBytes = Encoding.ASCII.GetBytes(sharedSecret);
string newHmacsha256EncodedString;
using (HMACSHA256 hmacsha256 = new HMACSHA256(keyBytes))
{
byte[] hashMessage = hmacsha256.ComputeHash(messageBytes);
newHmacsha256EncodedString = Convert.ToBase64String(hashMessage);
}
return(hmacsha256EncodedString.Equals(newHmacsha256EncodedString));
}
public void HMACSHA256AuthorisationTest()
{
IAuthorisationTokenService service = new HmacShaAuthorisationTokenService();
AuthorisationToken authorisationToken = service.Generate("new", "guest");
Console.WriteLine("Authorisation token is " + authorisationToken.Token + ".");
Console.WriteLine("Generated UTC ISO 8601 date is " + authorisationToken.Timestamp + ".");
GetSharedSecret sharedSecret = SharedSecret;
string sessionToken;
bool authorised = service.Verify(authorisationToken, sharedSecret, out sessionToken);
Assert.AreEqual(sessionToken, "new");
Assert.IsTrue(authorised);
}
public static bool VerifyHMACSHA256AuthorisationToken(string authorisationToken, string dateString, GetSharedSecret getSharedSecret, out string sessionToken)
{
if (String.IsNullOrWhiteSpace(authorisationToken))
{
throw new ArgumentNullException("authorisationToken");
}
if (String.IsNullOrWhiteSpace(dateString))
{
throw new ArgumentNullException("dateString");
}
string[] tokens = authorisationToken.Split(' ');
if (tokens.Length != 2 || !AuthorisationMethod.HMACSHA256.ToString().Equals(tokens[0]) || String.IsNullOrWhiteSpace(tokens[1]))
{
throw new ArgumentException("Authorisation token not recognised.", "authorisationToken");
}
string base64EncodedString = tokens[1];
string combinedMessage = Encoding.ASCII.GetString(Convert.FromBase64String(base64EncodedString));
string[] nextTokens = combinedMessage.Split(':');
if (nextTokens.Length != 2 || String.IsNullOrWhiteSpace(nextTokens[0]) || String.IsNullOrWhiteSpace(nextTokens[1]))
{
throw new ArgumentException("Invalid authorisation token.", "authorisationToken");
}
string hmacsha256EncodedString = nextTokens[1];
sessionToken = nextTokens[0];
string sharedSecret = getSharedSecret(sessionToken);
// Recalculate the encoded HMAC SHA256 string.
// NOTE: Currently there are no checks for the date to be in UTC ISO 8601 format. I don't see how date
// can be relevant for verification purposes.
byte[] messageBytes = Encoding.ASCII.GetBytes(sessionToken + ":" + dateString);
byte[] keyBytes = Encoding.ASCII.GetBytes(sharedSecret);
string newHmacsha256EncodedString;
using (HMACSHA256 hmacsha256 = new HMACSHA256(keyBytes))
{
byte[] hashMessage = hmacsha256.ComputeHash(messageBytes);
newHmacsha256EncodedString = Convert.ToBase64String(hashMessage);
}
return hmacsha256EncodedString.Equals(newHmacsha256EncodedString);
}
public static bool VerifyBasicAuthorisationToken(string authorisationToken, GetSharedSecret getSharedSecret, out string sessionToken)
{
if (String.IsNullOrWhiteSpace(authorisationToken))
{
throw new ArgumentNullException("authorisationToken");
}
if (getSharedSecret == null)
{
throw new ArgumentNullException("getSharedSecret");
}
string[] tokens = authorisationToken.Split(' ');
if (tokens.Length != 2 || !AuthorisationMethod.Basic.ToString().Equals(tokens[0]) || String.IsNullOrWhiteSpace(tokens[1]))
{
throw new ArgumentException("Authorisation token not recognised.", "authorisationToken");
}
string base64EncodedString = tokens[1];
string combinedMessage = Encoding.ASCII.GetString(Convert.FromBase64String(base64EncodedString));
string[] nextTokens = combinedMessage.Split(':');
if (nextTokens.Length != 2 || String.IsNullOrWhiteSpace(nextTokens[0]) || String.IsNullOrWhiteSpace(nextTokens[1]))
{
throw new ArgumentException("Invalid authorisation token.", "authorisationToken");
}
string sharedSecret = nextTokens[1];
sessionToken = nextTokens[0];
return sharedSecret.Equals(getSharedSecret(sessionToken));
}
public static bool VerifyHMACSHA256AuthorisationToken(string authorisationToken, string dateString, GetSharedSecret getSharedSecret, out string sessionToken)
{
if (String.IsNullOrWhiteSpace(authorisationToken))
{
throw new ArgumentNullException("authorisationToken");
}
if (String.IsNullOrWhiteSpace(dateString))
{
throw new ArgumentNullException("dateString");
}
string[] tokens = authorisationToken.Split(' ');
if (tokens.Length != 2 || !AuthorisationMethod.HMACSHA256.ToString().Equals(tokens[0]) || String.IsNullOrWhiteSpace(tokens[1]))
{
throw new ArgumentException("Authorisation token not recognised.", "authorisationToken");
}
string base64EncodedString = tokens[1];
string combinedMessage = Encoding.ASCII.GetString(Convert.FromBase64String(base64EncodedString));
string[] nextTokens = combinedMessage.Split(':');
if (nextTokens.Length != 2 || String.IsNullOrWhiteSpace(nextTokens[0]) || String.IsNullOrWhiteSpace(nextTokens[1]))
{
throw new ArgumentException("Invalid authorisation token.", "authorisationToken");
}
string hmacsha256EncodedString = nextTokens[1];
sessionToken = nextTokens[0];
string sharedSecret = getSharedSecret(sessionToken);
// Recalculate the encoded HMAC SHA256 string.
// NOTE: Currently there are no checks for the date to be in UTC ISO 8601 format. I don't see how date
// can be relevant for verification purposes.
byte[] messageBytes = Encoding.ASCII.GetBytes(sessionToken + ":" + dateString);
byte[] keyBytes = Encoding.ASCII.GetBytes(sharedSecret);
string newHmacsha256EncodedString;
using (HMACSHA256 hmacsha256 = new HMACSHA256(keyBytes))
{
byte[] hashMessage = hmacsha256.ComputeHash(messageBytes);
newHmacsha256EncodedString = Convert.ToBase64String(hashMessage);
}
return(hmacsha256EncodedString.Equals(newHmacsha256EncodedString));
}
