public void ShouldGenerateAuthHeader()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "sha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var nonce = "123456";
var date = DateTime.UtcNow;
var ts = Hawk.ConvertToUnixTimestamp(date).ToString();
var handler = new HawkClientMessageHandler(new DummyHttpMessageHandler(),
credential, "hello", date, nonce);
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a");
var invoker = new HttpMessageInvoker(handler);
invoker.SendAsync(request, new CancellationToken());
var mac = Hawk.CalculateMac(request.Headers.Host, request.Method.ToString(), request.RequestUri,
"hello", ts, nonce, credential, "header");
var parameter = string.Format("id=\"{0}\", ts=\"{1}\", nonce=\"{2}\", mac=\"{3}\", ext=\"{4}\"",
credential.Id, ts, nonce, mac, "hello");
Assert.IsNotNull(request.Headers.Authorization);
Assert.AreEqual("Hawk", request.Headers.Authorization.Scheme);
Assert.AreEqual(parameter,
request.Headers.Authorization.Parameter);
}
private static void Main()
{
const string address = "http://localhost:925/";
var config = new HttpSelfHostConfiguration(address);
config.MapHttpAttributeRoutes();
var handler = new HawkMessageHandler(
async id => new HawkCredential
{
Id = id,
Key = "abcdefghijkl",
Algorithm = "sha256",
User = "******"
}, 4, true);
config.MessageHandlers.Add(handler);
using (var server = new HttpSelfHostServer(config))
{
server.OpenAsync().Wait();
var client = new HttpClient();
//this will fail
var request = new HttpRequestMessage(HttpMethod.Get, address + "test");
var response = client.SendAsync(request).Result;
Console.WriteLine(response.StatusCode);
Console.WriteLine();
var credential = new HawkCredential
{
Id = "this-is-my-id",
Key = "abcdefghijkl",
Algorithm = "sha256",
User = "******"
};
var clientHandler = new HawkClientMessageHandler(new HttpClientHandler(), credential, ts: DateTime.Now);
var client2 = new HttpClient(clientHandler);
//this will succeed
request = new HttpRequestMessage(HttpMethod.Get, address + "test");
var response2 = client2.SendAsync(request).Result;
Console.WriteLine(response2.StatusCode);
Console.WriteLine(response2.Content.ReadAsStringAsync().Result);
Console.WriteLine();
Console.WriteLine("Sleeping to get outside of the timestamp window. Next request will fail - replay protection.");
Thread.Sleep(5000);
//this will fail
request = new HttpRequestMessage(HttpMethod.Get, address + "test");
var response3 = client2.SendAsync(request).Result;
Console.WriteLine(response3.StatusCode);
Console.WriteLine();
Console.ReadLine();
}
}
static void Main(string[] args)
{
string baseAddress = "http://localhost:8091/";
//TODO: It looks like there is a bug in the OWIN implementation. The Request URL does not receive
// the port number
// Start OWIN host
using (WebApp.Start <Startup>(url: baseAddress))
{
Console.WriteLine("Press Enter to quit.");
var credential = new HawkCredential
{
Id = "dh37fgj492je",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
Algorithm = "sha256",
User = "******"
};
var clientHandler = new HawkClientMessageHandler(new HttpClientHandler(), credential, "some-app-data");
var client = new HttpClient(clientHandler);
var request = new HttpRequestMessage(HttpMethod.Get, "http://localhost:8091/Api/HelloWorld");
request.Headers.Host = "localhost:8091";
var response = client.SendAsync(request).Result;
string message = response.Content.ReadAsStringAsync().Result;
Console.WriteLine("Response {0} - Http Status Code {1}", message, response.StatusCode);
var client2 = new HttpClient();
request = new HttpRequestMessage(HttpMethod.Get, "http://localhost:8091/Api/HelloWorldAnonymous");
request.Headers.Host = "localhost:8091";
response = client2.SendAsync(request).Result;
message = response.Content.ReadAsStringAsync().Result;
Console.WriteLine("Response {0} - Http Status Code {1}", message, response.StatusCode);
var client3 = new HttpClient();
var bewit = Hawk.GetBewit("localhost", new Uri("http://localhost:8091/Api/HelloWorld"), credential, 60000);
request = new HttpRequestMessage(HttpMethod.Get, "http://localhost:8091/Api/HelloWorld?bewit=" + bewit);
request.Headers.Host = "localhost:8091";
response = client3.SendAsync(request).Result;
message = response.Content.ReadAsStringAsync().Result;
Console.WriteLine("Response {0} - Http Status Code {1}", message, response.StatusCode);
Console.WriteLine("Press a key to close the app");
Console.ReadLine();
}
}
public void ShouldFailOnMissingCredentialKey()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "sha256",
User = "******"
};
var handler = new HawkClientMessageHandler(new DummyHttpMessageHandler(),
credential);
}
public void ShouldFailOnMissingCredentialAlgorithm()
{
var credential = new HawkCredential
{
Id = "123",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var handler = new HawkClientMessageHandler(new DummyHttpMessageHandler(),
credential);
}
public void ShouldGenerateAuthHeaderWithPayloadHash()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "hmacsha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var payload = "foo";
var hmac = System.Security.Cryptography.HMAC.Create(credential.Algorithm);
hmac.Key = Encoding.ASCII.GetBytes(credential.Key);
var payloadHash = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(payload)));
var nonce = Hawk.GetRandomString(6);
var date = DateTime.UtcNow;
var ts = ((int)(Math.Floor(Hawk.ConvertToUnixTimestamp(date) / 1000))).ToString();
var handler = new HawkClientMessageHandler(new DummyHttpMessageHandler(),
credential, "hello", date, nonce, true);
var request = new HttpRequestMessage(HttpMethod.Post, "http://example.com:8080/resource/4?filter=a");
request.Content = new StringContent(payload);
var invoker = new HttpMessageInvoker(handler);
var response = invoker.SendAsync(request, new CancellationToken());
var mac = Hawk.CalculateMac(request.Headers.Host, request.Method.ToString(), request.RequestUri,
"hello", ts, nonce, credential, "header", payloadHash);
var parameter = string.Format("id=\"{0}\", ts=\"{1}\", nonce=\"{2}\", mac=\"{3}\", ext=\"{4}\", hash=\"{5}\"",
credential.Id, ts, nonce, mac, "hello", payloadHash);
Assert.IsNotNull(request.Headers.Authorization);
Assert.AreEqual("Hawk", request.Headers.Authorization.Scheme);
Assert.AreEqual(parameter,
request.Headers.Authorization.Parameter);
}
public void ShouldGenerateAuthHeaderWithPayloadHash()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "sha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var payload = "foo";
var payloadHash = Hawk.CalculatePayloadHash(payload, "text/plain", credential);
var nonce = Hawk.GetRandomString(6);
var date = DateTime.UtcNow;
var ts = Hawk.ConvertToUnixTimestamp(date).ToString();
var handler = new HawkClientMessageHandler(new DummyHttpMessageHandler(),
credential, "hello", date, nonce, true);
var request = new HttpRequestMessage(HttpMethod.Post, "http://example.com:8080/resource/4?filter=a");
request.Headers.Host = "example.com";
request.Content = new StringContent(payload);
request.Content.Headers.ContentType = new System.Net.Http.Headers.MediaTypeHeaderValue("text/plain");
var invoker = new HttpMessageInvoker(handler);
var response = invoker.SendAsync(request, new CancellationToken()).Result;
var mac = Hawk.CalculateMac(request.Headers.Host, request.Method.ToString(), request.RequestUri,
"hello", ts, nonce, credential, "header", payloadHash);
var parameter = string.Format("id=\"{0}\", ts=\"{1}\", nonce=\"{2}\", mac=\"{3}\", ext=\"{4}\", hash=\"{5}\"",
credential.Id, ts, nonce, mac, "hello", payloadHash);
Assert.IsNotNull(request.Headers.Authorization);
Assert.AreEqual("Hawk", request.Headers.Authorization.Scheme);
Assert.AreEqual(parameter,
request.Headers.Authorization.Parameter);
}
static void Main(string[] args)
{
var config = new HttpSelfHostConfiguration("http://localhost:8091");
//config.Filters.Add(new RequiresHawkAttribute(typeof(HawkRepository)));
var handler = new HawkMessageHandler(new HttpControllerDispatcher(config),
(id) =>
{
return(new HawkCredential
{
Id = id,
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
Algorithm = "hmacsha256",
User = "******"
});
});
config.Routes.MapHttpRoute(
"Filter", "api/filter",
new
{
controller = "HelloWorldWithFilter"
});
config.Routes.MapHttpRoute(
"API Default", "api/{controller}/{id}",
new
{
id = RouteParameter.Optional,
controller = "HelloWorld"
},
null,
handler
);
using (HttpSelfHostServer server = new HttpSelfHostServer(config))
{
server.OpenAsync().Wait();
Console.WriteLine("Press Enter to quit.");
var credential = new HawkCredential
{
Id = "dh37fgj492je",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
Algorithm = "hmacsha256",
User = "******"
};
var clientHandler = new HawkClientMessageHandler(new HttpClientHandler(), credential, "some-app-data");
var client = new HttpClient(clientHandler);
var request = new HttpRequestMessage(HttpMethod.Get, "http://localhost:8091/Api/HelloWorld");
request.Headers.Host = "localhost";
var response = client.SendAsync(request).Result;
string message = response.Content.ReadAsStringAsync().Result;
Console.WriteLine("Response {0} - Http Status Code {1}", message, response.StatusCode);
var client2 = new HttpClient();
request = new HttpRequestMessage(HttpMethod.Get, "http://localhost:8091/Api/HelloWorldAnonymous");
request.Headers.Host = "localhost";
response = client2.SendAsync(request).Result;
message = response.Content.ReadAsStringAsync().Result;
Console.WriteLine("Response {0} - Http Status Code {1}", message, response.StatusCode);
var client3 = new HttpClient();
var bewit = Hawk.GetBewit("localhost", new Uri("http://localhost:8091/Api/HelloWorld"), credential, 60000);
request = new HttpRequestMessage(HttpMethod.Get, "http://localhost:8091/Api/HelloWorld?bewit=" + bewit);
request.Headers.Host = "localhost";
response = client3.SendAsync(request).Result;
message = response.Content.ReadAsStringAsync().Result;
Console.WriteLine("Response {0} - Http Status Code {1}", message, response.StatusCode);
var client4 = new HttpClient(clientHandler);
var request4 = new HttpRequestMessage(HttpMethod.Get, "http://localhost:8091/api/filter");
request4.Headers.Host = "localhost";
var response4 = client4.SendAsync(request4).Result;
string message4 = response4.Content.ReadAsStringAsync().Result;
Console.WriteLine("Response {0} - Http Status Code {1}", message4, response4.StatusCode);
Console.WriteLine("Press a key to close the app");
Console.ReadLine();
}
}
