Beispiel #1
0
        public static string DecryptSigned(
            IEncryptionProvider encryptionProvider,
            IHmacProvider signatureProvider,
            string input)
        {
            try
            {
                var signatureLength = Base64Helpers.GetBase64Length(signatureProvider.HmacLength);

                var encryptedInput = input.Substring(signatureLength);
                var signature = input.Substring(0, signatureLength);

                var signatureBytes = Convert.FromBase64String(signature);
                var newSignatureBytes = signatureProvider.GenerateHmac(encryptedInput);
                var signatureIsValid = HmacComparer.Compare(
                    signatureBytes,
                    newSignatureBytes,
                    signatureProvider.HmacLength);

                var decryptedId = encryptionProvider.Decrypt(encryptedInput);

                return signatureIsValid ? decryptedId : String.Empty;
            }
            catch
            {
                return String.Empty;
            }
        }
Beispiel #2
0
        public DefaultCsrfTokenValidatorFixture()
        {
            var cryptoConfig = CryptographyConfiguration.Default;

            this.hmacProvider = cryptoConfig.HmacProvider;
            this.validator    = new DefaultCsrfTokenValidator(cryptoConfig);
        }
Beispiel #3
0
 /// <summary>
 /// Initializes a new instance of the <see cref="CookieBasedSessions"/> class.
 /// </summary>
 /// <param name="encryptionProvider">The encryption provider.</param>
 /// <param name="hmacProvider">The hmac provider</param>
 /// <param name="objectSerializer">Session object serializer to use</param>
 public CookieBasedSessions(IEncryptionProvider encryptionProvider, IHmacProvider hmacProvider, IObjectSerializer objectSerializer)
 {
     this.currentConfiguration = new CookieBasedSessionsConfiguration
     {
         Serializer = objectSerializer,
         CryptographyConfiguration = new CryptographyConfiguration(encryptionProvider, hmacProvider)
     };
 }
Beispiel #4
0
 public SessionIdentificationDataProvider(IHmacProvider hmacProvider)
 {
     if (hmacProvider == null)
     {
         throw new ArgumentNullException("hmacProvider");
     }
     _hmacProvider = hmacProvider;
 }
Beispiel #5
0
 public HmacValidator(IHmacProvider hmacProvider)
 {
     if (hmacProvider == null)
     {
         throw new ArgumentNullException("hmacProvider");
     }
     _hmacProvider = hmacProvider;
 }
Beispiel #6
0
 /// <summary>
 /// Initializes a new instance of the <see cref="CookieBasedSessions"/> class.
 /// </summary>
 /// <param name="encryptionProvider">The encryption provider.</param>
 /// <param name="hmacProvider">The hmac provider</param>
 /// <param name="objectSerializer">Session object serializer to use</param>
 public CookieBasedSessions(IEncryptionProvider encryptionProvider, IHmacProvider hmacProvider, IObjectSerializer objectSerializer)
 {
     this.currentConfiguration = new CookieBasedSessionsConfiguration
     {
         Serializer = objectSerializer,
         CryptographyConfiguration = new CryptographyConfiguration(encryptionProvider, hmacProvider)
     };
 }
Beispiel #7
0
 public HmacValidatorFixture()
 {
     _fakeHmacProvider          = A.Fake <IHmacProvider>();
     _hmacValidator             = new HmacValidator(_fakeHmacProvider);
     _hmac                      = new byte[] { 1, 2, 3 };
     _sessionIdentificationData = new SessionIdentificationData {
         SessionId = "TheSessionId", Hmac = _hmac
     };
 }
Beispiel #8
0
 /// <summary>
 /// Initializes a new instance of the <see cref="CookieBasedSessions"/> class.
 /// </summary>
 /// <param name="encryptionProvider">The encryption provider.</param>
 /// <param name="hmacProvider">The hmac provider</param>
 /// <param name="passPhrase">The encryption pass phrase.</param>
 /// <param name="salt">The encryption salt.</param>
 /// <param name="hmacPassphrase">The hmac passphrase</param>
 /// <param name="sessionObjectFormatter">Session object formatter to use</param>
 public CookieBasedSessions(IEncryptionProvider encryptionProvider, IHmacProvider hmacProvider, string passPhrase, string salt, string hmacPassphrase, ISessionObjectFormatter sessionObjectFormatter)
 {
     this.encryptionProvider = encryptionProvider;
     this.hmacProvider = hmacProvider;
     this.passPhrase = passPhrase;
     this.salt = CreateSalt(salt);
     this.hmacPassphrase = hmacPassphrase;
     this.formatter = sessionObjectFormatter;
 }
Beispiel #9
0
        public CookieBasedSessionsFixture()
        {
            this.fakeEncryptionProvider = A.Fake<IEncryptionProvider>();
            this.fakeHmacProvider = A.Fake<IHmacProvider>();
            this.cookieStore = new CookieBasedSessions(this.fakeEncryptionProvider, this.fakeHmacProvider, new Fakes.FakeSessionObjectFormatter());

            this.rijndaelEncryptionProvider = new RijndaelEncryptionProvider(new PassphraseKeyGenerator("password"));
            this.defaultHmacProvider = new DefaultHmacProvider(new PassphraseKeyGenerator("anotherpassword"));
        }
Beispiel #10
0
 /// <summary>
 /// Initializes a new instance of the <see cref="CookieBasedSessions"/> class.
 /// </summary>
 /// <param name="encryptionProvider">The encryption provider.</param>
 /// <param name="hmacProvider">The hmac provider</param>
 /// <param name="passPhrase">The encryption pass phrase.</param>
 /// <param name="salt">The encryption salt.</param>
 /// <param name="hmacPassphrase">The hmac passphrase</param>
 /// <param name="sessionObjectFormatter">Session object formatter to use</param>
 public CookieBasedSessions(IEncryptionProvider encryptionProvider, IHmacProvider hmacProvider, string passPhrase, string salt, string hmacPassphrase, ISessionObjectFormatter sessionObjectFormatter)
 {
     this.encryptionProvider = encryptionProvider;
     this.hmacProvider       = hmacProvider;
     this.passPhrase         = passPhrase;
     this.salt           = CreateSalt(salt);
     this.hmacPassphrase = hmacPassphrase;
     this.formatter      = sessionObjectFormatter;
 }
Beispiel #11
0
        public CookieBasedSessionsFixture()
        {
            this.fakeEncryptionProvider = A.Fake <IEncryptionProvider>();
            this.fakeHmacProvider       = A.Fake <IHmacProvider>();
            this.cookieStore            = new CookieBasedSessions(this.fakeEncryptionProvider, this.fakeHmacProvider, new Fakes.FakeObjectSerializer());

            this.rijndaelEncryptionProvider = new RijndaelEncryptionProvider(new PassphraseKeyGenerator("password", new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 }, 1000));
            this.defaultHmacProvider        = new DefaultHmacProvider(new PassphraseKeyGenerator("anotherpassword", new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 }, 1000));
        }
Beispiel #12
0
        public CookieBasedSessionsFixture()
        {
            this.fakeEncryptionProvider = A.Fake<IEncryptionProvider>();
            this.fakeHmacProvider = A.Fake<IHmacProvider>();
            this.cookieStore = new CookieBasedSessions(this.fakeEncryptionProvider, this.fakeHmacProvider, new Fakes.FakeObjectSerializer());

            this.rijndaelEncryptionProvider = new RijndaelEncryptionProvider(new PassphraseKeyGenerator("password", new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 }, 1000));
            this.defaultHmacProvider = new DefaultHmacProvider(new PassphraseKeyGenerator("anotherpassword", new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 }, 1000));
        }
Beispiel #13
0
 /// <summary>
 ///   Initializes a new instance of the <see cref="ByQueryStringParamIdentificationMethod" /> class.
 /// </summary>
 public ByQueryStringParamIdentificationMethod(CryptographyConfiguration cryptoConfig) {
   if (cryptoConfig == null) throw new ArgumentNullException("cryptoConfig");
   _encryptionProvider = cryptoConfig.EncryptionProvider;
   _hmacProvider = cryptoConfig.HmacProvider;
   _sessionIdentificationDataProvider = new SessionIdentificationDataProvider(cryptoConfig.HmacProvider);
   _hmacValidator = new HmacValidator(cryptoConfig.HmacProvider);
   _sessionIdFactory = new SessionIdFactory();
   _responseManipulatorForSession = new ResponseManipulatorForSession();
   ParameterName = DefaultParameterName;
 }
Beispiel #14
0
 /// <summary>
 ///   Initializes a new instance of the <see cref="BySessionIdCookieIdentificationMethod" /> class.
 /// </summary>
 public BySessionIdCookieIdentificationMethod(CryptographyConfiguration cryptoConfig) {
   if (cryptoConfig == null) throw new ArgumentNullException("cryptoConfig");
   _encryptionProvider = cryptoConfig.EncryptionProvider;
   _hmacProvider = cryptoConfig.HmacProvider;
   _sessionIdentificationDataProvider = new SessionIdentificationDataProvider(cryptoConfig.HmacProvider);
   _hmacValidator = new HmacValidator(cryptoConfig.HmacProvider);
   _sessionIdFactory = new SessionIdFactory();
   _cookieFactory = new CookieFactory();
   CookieName = DefaultCookieName;
 }
Beispiel #15
0
    public SessionIdentificationDataProviderFixture() {
      _parameterName = "TheParamName";
      _hmacProvider = A.Fake<IHmacProvider>();
      _sessionIdentificationDataProvider = new SessionIdentificationDataProvider(_hmacProvider);

      _hmacString = "01HMAC98";
      _encryptedSessionIdString = "s%26%c2%a7%c2%a7ionId";
      _validRequest = new Request("GET", string.Format("http://www.google.be?{0}={1}{2}", _parameterName, _hmacString, _encryptedSessionIdString));

      _expectedResult = new SessionIdentificationData {SessionId = "s&§§ionId", Hmac = new byte[] {211, 81, 204, 0, 47, 124}};

      A.CallTo(() => _hmacProvider.HmacLength).Returns(6);
    }
Beispiel #16
0
        /// <summary>
        /// Initializes a new instance of the <see cref="RedisBasedSessions"/> class.
        /// </summary>
        /// <param name="encryptionProvider">The encryption provider.</param>
        /// <param name="hmacProvider">The hmac provider</param>
        /// <param name="objectSerializer">Session object serializer to use</param>
        public RedisBasedSessions(IEncryptionProvider encryptionProvider, IHmacProvider hmacProvider, IObjectSerializer objectSerializer)
        {
            _currentConfiguration = new RedisBasedSessionsConfiguration
            {
                Serializer = objectSerializer,
                CryptographyConfiguration = new CryptographyConfiguration(encryptionProvider, hmacProvider)
            };

            if (_redis == null)
                _redis = ConnectionMultiplexer.Connect(_currentConfiguration.ConnectionString);

            _db = _redis.GetDatabase();
        }
Beispiel #17
0
 /// <summary>
 ///   Initializes a new instance of the <see cref="ByQueryStringParamIdentificationMethod" /> class.
 /// </summary>
 public ByQueryStringParamIdentificationMethod(CryptographyConfiguration cryptoConfig)
 {
     if (cryptoConfig == null)
     {
         throw new ArgumentNullException("cryptoConfig");
     }
     _encryptionProvider = cryptoConfig.EncryptionProvider;
     _hmacProvider       = cryptoConfig.HmacProvider;
     _sessionIdentificationDataProvider = new SessionIdentificationDataProvider(cryptoConfig.HmacProvider);
     _hmacValidator    = new HmacValidator(cryptoConfig.HmacProvider);
     _sessionIdFactory = new SessionIdFactory();
     _responseManipulatorForSession = new ResponseManipulatorForSession();
     ParameterName = DefaultParameterName;
 }
Beispiel #18
0
    public SessionIdentificationDataProviderFixture() {
      _cookieName = "TheCookieName";
      _hmacProvider = A.Fake<IHmacProvider>();
      _sessionIdentificationDataProvider = new SessionIdentificationDataProvider(_hmacProvider);

      _validRequest = new Request("GET", "http://www.google.be");
      _hmacString = "01HMAC98";
      _encryptedSessionIdString = "%02Session+Id";
      _validRequest.Cookies.Add(_cookieName, _hmacString + _encryptedSessionIdString);

      _expectedResult = new SessionIdentificationData {SessionId = "%02Session+Id", Hmac = new byte[] {211, 81, 204, 0, 47, 124}};

      A.CallTo(() => _hmacProvider.HmacLength).Returns(6);
    }
Beispiel #19
0
 /// <summary>
 ///   Initializes a new instance of the <see cref="BySessionIdCookieIdentificationMethod" /> class.
 /// </summary>
 public BySessionIdCookieIdentificationMethod(CryptographyConfiguration cryptoConfig)
 {
     if (cryptoConfig == null)
     {
         throw new ArgumentNullException("cryptoConfig");
     }
     _encryptionProvider = cryptoConfig.EncryptionProvider;
     _hmacProvider       = cryptoConfig.HmacProvider;
     _sessionIdentificationDataProvider = new SessionIdentificationDataProvider(cryptoConfig.HmacProvider);
     _hmacValidator    = new HmacValidator(cryptoConfig.HmacProvider);
     _sessionIdFactory = new SessionIdFactory();
     _cookieFactory    = new CookieFactory();
     CookieName        = DefaultCookieName;
 }
Beispiel #20
0
        /// <summary>
        /// Initializes a new instance of the <see cref="RedisBasedSessions"/> class.
        /// </summary>
        /// <param name="encryptionProvider">The encryption provider.</param>
        /// <param name="hmacProvider">The hmac provider</param>
        /// <param name="objectSerializer">Session object serializer to use</param>
        public RedisBasedSessions(IEncryptionProvider encryptionProvider, IHmacProvider hmacProvider, IObjectSerializer objectSerializer)
        {
            _currentConfiguration = new RedisBasedSessionsConfiguration
            {
                Serializer = objectSerializer,
                CryptographyConfiguration = new CryptographyConfiguration(encryptionProvider, hmacProvider)
            };

            if (_redis == null)
            {
                _redis = ConnectionMultiplexer.Connect(_currentConfiguration.ConnectionString);
            }

            _db = _redis.GetDatabase();
        }
Beispiel #21
0
        public SessionIdentificationDataProviderFixture()
        {
            _parameterName = "TheParamName";
            _hmacProvider  = A.Fake <IHmacProvider>();
            _sessionIdentificationDataProvider = new SessionIdentificationDataProvider(_hmacProvider);

            _hmacString = "01HMAC98";
            _encryptedSessionIdString = "s%26%c2%a7%c2%a7ionId";
            _validRequest             = new Request("GET", string.Format("http://www.google.be?{0}={1}{2}", _parameterName, _hmacString, _encryptedSessionIdString));

            _expectedResult = new SessionIdentificationData {
                SessionId = "s&§§ionId", Hmac = new byte[] { 211, 81, 204, 0, 47, 124 }
            };

            A.CallTo(() => _hmacProvider.HmacLength).Returns(6);
        }
Beispiel #22
0
        public SessionIdentificationDataProviderFixture()
        {
            _cookieName   = "TheCookieName";
            _hmacProvider = A.Fake <IHmacProvider>();
            _sessionIdentificationDataProvider = new SessionIdentificationDataProvider(_hmacProvider);

            _validRequest             = new Request("GET", "http://www.google.be");
            _hmacString               = "01HMAC98";
            _encryptedSessionIdString = "%02Session+Id";
            _validRequest.Cookies.Add(_cookieName, _hmacString + _encryptedSessionIdString);

            _expectedResult = new SessionIdentificationData {
                SessionId = "%02Session+Id", Hmac = new byte[] { 211, 81, 204, 0, 47, 124 }
            };

            A.CallTo(() => _hmacProvider.HmacLength).Returns(6);
        }
Beispiel #23
0
 public BySessionIdCookieIdentificationMethodFixture() {
   _fakeEncryptionProvider = A.Fake<IEncryptionProvider>();
   _fakeHmacProvider = A.Fake<IHmacProvider>();
   _validConfiguration = new InProcSessionsConfiguration();
   _fakeSessionIdentificationDataProvider = A.Fake<ISessionIdentificationDataProvider>();
   _fakeHmacValidator = A.Fake<IHmacValidator>();
   _fakeSessionIdFactory = A.Fake<ISessionIdFactory>();
   _fakeCookieFactory = A.Fake<ICookieFactory>();
   _bySessionIdCookieIdentificationMethod = new BySessionIdCookieIdentificationMethod(
     _fakeEncryptionProvider,
     _fakeHmacProvider,
     _fakeSessionIdentificationDataProvider,
     _fakeHmacValidator,
     _fakeSessionIdFactory,
     _fakeCookieFactory);
   _cookieName = "TheNameOfTheCookie";
   _bySessionIdCookieIdentificationMethod.CookieName = _cookieName;
 }
Beispiel #24
0
 public ByQueryStringParamIdentificationMethodFixture() {
   _fakeEncryptionProvider = A.Fake<IEncryptionProvider>();
   _fakeHmacProvider = A.Fake<IHmacProvider>();
   _validConfiguration = new InProcSessionsConfiguration();
   _fakeSessionIdentificationDataProvider = A.Fake<ISessionIdentificationDataProvider>();
   _fakeHmacValidator = A.Fake<IHmacValidator>();
   _fakeSessionIdFactory = A.Fake<ISessionIdFactory>();
   _fakeResponseManipulatorForSession = A.Fake<IResponseManipulatorForSession>();
   _byQueryStringParamIdentificationMethod = new ByQueryStringParamIdentificationMethod(
     _fakeEncryptionProvider,
     _fakeHmacProvider,
     _fakeSessionIdentificationDataProvider,
     _fakeHmacValidator,
     _fakeSessionIdFactory,
     _fakeResponseManipulatorForSession);
   _parameterName = "TheNameOfTheParameter";
   _byQueryStringParamIdentificationMethod.ParameterName = _parameterName;
 }
Beispiel #25
0
 public BySessionIdCookieIdentificationMethodFixture()
 {
     _fakeEncryptionProvider = A.Fake <IEncryptionProvider>();
     _fakeHmacProvider       = A.Fake <IHmacProvider>();
     _validConfiguration     = new InProcSessionsConfiguration();
     _fakeSessionIdentificationDataProvider = A.Fake <ISessionIdentificationDataProvider>();
     _fakeHmacValidator    = A.Fake <IHmacValidator>();
     _fakeSessionIdFactory = A.Fake <ISessionIdFactory>();
     _fakeCookieFactory    = A.Fake <ICookieFactory>();
     _bySessionIdCookieIdentificationMethod = new BySessionIdCookieIdentificationMethod(
         _fakeEncryptionProvider,
         _fakeHmacProvider,
         _fakeSessionIdentificationDataProvider,
         _fakeHmacValidator,
         _fakeSessionIdFactory,
         _fakeCookieFactory);
     _cookieName = "TheNameOfTheCookie";
     _bySessionIdCookieIdentificationMethod.CookieName = _cookieName;
 }
Beispiel #26
0
 public ByQueryStringParamIdentificationMethodFixture()
 {
     _fakeEncryptionProvider = A.Fake <IEncryptionProvider>();
     _fakeHmacProvider       = A.Fake <IHmacProvider>();
     _validConfiguration     = new InProcSessionsConfiguration();
     _fakeSessionIdentificationDataProvider = A.Fake <ISessionIdentificationDataProvider>();
     _fakeHmacValidator    = A.Fake <IHmacValidator>();
     _fakeSessionIdFactory = A.Fake <ISessionIdFactory>();
     _fakeResponseManipulatorForSession      = A.Fake <IResponseManipulatorForSession>();
     _byQueryStringParamIdentificationMethod = new ByQueryStringParamIdentificationMethod(
         _fakeEncryptionProvider,
         _fakeHmacProvider,
         _fakeSessionIdentificationDataProvider,
         _fakeHmacValidator,
         _fakeSessionIdFactory,
         _fakeResponseManipulatorForSession);
     _parameterName = "TheNameOfTheParameter";
     _byQueryStringParamIdentificationMethod.ParameterName = _parameterName;
 }
Beispiel #27
0
 /// <summary>
 ///   Initializes a new instance of the <see cref="BySessionIdCookieIdentificationMethod" /> class.
 /// </summary>
 internal BySessionIdCookieIdentificationMethod(
   IEncryptionProvider encryptionProvider,
   IHmacProvider hmacProvider,
   ISessionIdentificationDataProvider sessionIdentificationDataProvider,
   IHmacValidator hmacValidator,
   ISessionIdFactory sessionIdFactory,
   ICookieFactory cookieFactory) {
   if (encryptionProvider == null) throw new ArgumentNullException("encryptionProvider");
   if (hmacProvider == null) throw new ArgumentNullException("hmacProvider");
   if (sessionIdentificationDataProvider == null) throw new ArgumentNullException("sessionIdentificationDataProvider");
   if (hmacValidator == null) throw new ArgumentNullException("hmacValidator");
   if (sessionIdFactory == null) throw new ArgumentNullException("sessionIdFactory");
   if (cookieFactory == null) throw new ArgumentNullException("cookieFactory");
   _encryptionProvider = encryptionProvider;
   _hmacProvider = hmacProvider;
   _sessionIdentificationDataProvider = sessionIdentificationDataProvider;
   _hmacValidator = hmacValidator;
   _sessionIdFactory = sessionIdFactory;
   _cookieFactory = cookieFactory;
   CookieName = DefaultCookieName;
 }
Beispiel #28
0
 /// <summary>
 ///   Initializes a new instance of the <see cref="ByQueryStringParamIdentificationMethod" /> class.
 /// </summary>
 internal ByQueryStringParamIdentificationMethod(
   IEncryptionProvider encryptionProvider,
   IHmacProvider hmacProvider,
   ISessionIdentificationDataProvider sessionIdentificationDataProvider,
   IHmacValidator hmacValidator,
   ISessionIdFactory sessionIdFactory,
   IResponseManipulatorForSession responseManipulatorForSession) {
   if (encryptionProvider == null) throw new ArgumentNullException("encryptionProvider");
   if (hmacProvider == null) throw new ArgumentNullException("hmacProvider");
   if (sessionIdentificationDataProvider == null) throw new ArgumentNullException("configuration");
   if (hmacValidator == null) throw new ArgumentNullException("configuration");
   if (sessionIdFactory == null) throw new ArgumentNullException("configuration");
   if (responseManipulatorForSession == null) throw new ArgumentNullException("responseManipulatorForSession");
   _encryptionProvider = encryptionProvider;
   _hmacProvider = hmacProvider;
   _sessionIdentificationDataProvider = sessionIdentificationDataProvider;
   _hmacValidator = hmacValidator;
   _sessionIdFactory = sessionIdFactory;
   _responseManipulatorForSession = responseManipulatorForSession;
   ParameterName = DefaultParameterName;
 }
Beispiel #29
0
 /// <summary>
 ///   Initializes a new instance of the <see cref="BySessionIdCookieIdentificationMethod" /> class.
 /// </summary>
 internal BySessionIdCookieIdentificationMethod(
     IEncryptionProvider encryptionProvider,
     IHmacProvider hmacProvider,
     ISessionIdentificationDataProvider sessionIdentificationDataProvider,
     IHmacValidator hmacValidator,
     ISessionIdFactory sessionIdFactory,
     ICookieFactory cookieFactory)
 {
     if (encryptionProvider == null)
     {
         throw new ArgumentNullException("encryptionProvider");
     }
     if (hmacProvider == null)
     {
         throw new ArgumentNullException("hmacProvider");
     }
     if (sessionIdentificationDataProvider == null)
     {
         throw new ArgumentNullException("sessionIdentificationDataProvider");
     }
     if (hmacValidator == null)
     {
         throw new ArgumentNullException("hmacValidator");
     }
     if (sessionIdFactory == null)
     {
         throw new ArgumentNullException("sessionIdFactory");
     }
     if (cookieFactory == null)
     {
         throw new ArgumentNullException("cookieFactory");
     }
     _encryptionProvider = encryptionProvider;
     _hmacProvider       = hmacProvider;
     _sessionIdentificationDataProvider = sessionIdentificationDataProvider;
     _hmacValidator    = hmacValidator;
     _sessionIdFactory = sessionIdFactory;
     _cookieFactory    = cookieFactory;
     CookieName        = DefaultCookieName;
 }
Beispiel #30
0
 /// <summary>
 ///   Initializes a new instance of the <see cref="ByQueryStringParamIdentificationMethod" /> class.
 /// </summary>
 internal ByQueryStringParamIdentificationMethod(
     IEncryptionProvider encryptionProvider,
     IHmacProvider hmacProvider,
     ISessionIdentificationDataProvider sessionIdentificationDataProvider,
     IHmacValidator hmacValidator,
     ISessionIdFactory sessionIdFactory,
     IResponseManipulatorForSession responseManipulatorForSession)
 {
     if (encryptionProvider == null)
     {
         throw new ArgumentNullException("encryptionProvider");
     }
     if (hmacProvider == null)
     {
         throw new ArgumentNullException("hmacProvider");
     }
     if (sessionIdentificationDataProvider == null)
     {
         throw new ArgumentNullException("configuration");
     }
     if (hmacValidator == null)
     {
         throw new ArgumentNullException("configuration");
     }
     if (sessionIdFactory == null)
     {
         throw new ArgumentNullException("configuration");
     }
     if (responseManipulatorForSession == null)
     {
         throw new ArgumentNullException("responseManipulatorForSession");
     }
     _encryptionProvider = encryptionProvider;
     _hmacProvider       = hmacProvider;
     _sessionIdentificationDataProvider = sessionIdentificationDataProvider;
     _hmacValidator    = hmacValidator;
     _sessionIdFactory = sessionIdFactory;
     _responseManipulatorForSession = responseManipulatorForSession;
     ParameterName = DefaultParameterName;
 }
Beispiel #31
0
        public static void SetSignatureProvider(IHmacProvider signatureProvider)
        {
            signatureProvider.Ensure("signatureProvider");

            _signatureProvider = signatureProvider;
        }
Beispiel #32
0
 /// <summary>
 /// Initializes a new instance of the <see cref="CookieBasedSessions"/> class.
 /// </summary>
 /// <param name="encryptionProvider">The encryption provider.</param>
 /// <param name="hmacProvider">The hmac provider</param>
 /// <param name="objectSerializer">Session object serializer to use</param>
 public CookieBasedSessions(IEncryptionProvider encryptionProvider, IHmacProvider hmacProvider, IObjectSerializer objectSerializer)
 {
     this.encryptionProvider = encryptionProvider;
     this.hmacProvider = hmacProvider;
     this.serializer = objectSerializer;
 }
Beispiel #33
0
 public DefaultCsrfTokenValidatorFixture()
 {
     var cryptoConfig = CryptographyConfiguration.Default;
     this.hmacProvider = cryptoConfig.HmacProvider;
     this.validator = new DefaultCsrfTokenValidator(cryptoConfig);            
 }
Beispiel #34
0
        /// <summary>
        /// Initialise and add cookie based session hooks to the application pipeine
        /// </summary>
        /// <param name="applicationPipelines">Application pipelines</param>
        /// <param name="encryptionProvider">Encryption provider for encrypting cookies</param>
        /// <param name="hmacProvider">The hmac provider</param>
        /// <param name="passPhrase">Encryption pass phrase</param>
        /// <param name="salt">Encryption salt</param>
        /// <param name="hmacPassphrase">The hmac passphrase</param>
        /// <returns>Formatter selector for choosing a non-default formatter</returns>
        public static IFormatterSelector Enable(IApplicationPipelines applicationPipelines, IEncryptionProvider encryptionProvider, IHmacProvider hmacProvider, string passPhrase, string salt, string hmacPassphrase)
        {
            var sessionStore = new CookieBasedSessions(encryptionProvider, hmacProvider, passPhrase, salt, hmacPassphrase, new DefaultSessionObjectFormatter());

            applicationPipelines.BeforeRequest.AddItemToEndOfPipeline(ctx => LoadSession(ctx, sessionStore));
            applicationPipelines.AfterRequest.AddItemToEndOfPipeline(ctx => SaveSession(ctx, sessionStore));

            return sessionStore;
        }
Beispiel #35
0
 /// <summary>
 /// Calculates and sets the Hmac property on a given token
 /// </summary>
 /// <param name="token">Token</param>
 /// <param name="hmacProvider">Hmac provider to use</param>
 /// <returns>Hmac bytes</returns>
 public static void CreateHmac(this CsrfToken token, IHmacProvider hmacProvider)
 {
     token.Hmac = hmacProvider.GenerateHmac(token.GetCsrfTokenBytes());
 }
Beispiel #36
0
 /// <summary>
 /// Creates a new instance of the CryptographyConfiguration class
 /// </summary>
 /// <param name="encryptionProvider">Encryption provider</param>
 /// <param name="hmacProvider">HMAC provider</param>
 public CryptographyConfiguration(IEncryptionProvider encryptionProvider, IHmacProvider hmacProvider)
 {
     this.EncryptionProvider = encryptionProvider;
     this.HmacProvider       = hmacProvider;
 }
Beispiel #37
0
 public HmacValidatorFixture() {
   _fakeHmacProvider = A.Fake<IHmacProvider>();
   _hmacValidator = new HmacValidator(_fakeHmacProvider);
   _hmac = new byte[] {1, 2, 3};
   _sessionIdentificationData = new SessionIdentificationData {SessionId = "TheSessionId", Hmac = _hmac};
 }
Beispiel #38
0
 /// <summary>
 /// Calculates and sets the Hmac property on a given token
 /// </summary>
 /// <param name="token">Token</param>
 /// <param name="hmacProvider">Hmac provider to use</param>
 /// <returns>Hmac bytes</returns>
 public static void CreateHmac(this CsrfToken token, IHmacProvider hmacProvider)
 {
     token.Hmac = hmacProvider.GenerateHmac(token.GetCsrfTokenBytes());
 }
Beispiel #39
0
 public AdminUserValidator(IHmacProvider hmacProvider, IAdminRepository adminRepository, Environment environment)
 {
     _hmacProvider    = hmacProvider;
     _adminRepository = adminRepository;
     _environment     = environment;
 }
Beispiel #40
0
 /// <summary>
 /// Initializes a new instance of the <see cref="RethinkDbSessions"/> class.
 /// </summary>
 /// <param name="connection">The RethinkDb connection to use for session storage</param>
 /// <param name="encryptionProvider">The encryption provider.</param>
 /// <param name="hmacProvider">The hmac provider</param>
 public RethinkDbSessions(IConnection connection, IEncryptionProvider encryptionProvider, IHmacProvider hmacProvider)
     : this(new RethinkDbSessionConfiguration
 {
     Connection = connection,
     Serializer = new DefaultObjectSerializer(),
     CryptographyConfiguration = new CryptographyConfiguration(encryptionProvider, hmacProvider)
 })
 {
 }
Beispiel #41
0
 public HmacProvider(IHmacProvider hmacProvider)
 {
     Provider = hmacProvider;
 }
Beispiel #42
0
 public HmacValidator(IHmacProvider hmacProvider) {
   if (hmacProvider == null) throw new ArgumentNullException("hmacProvider");
   _hmacProvider = hmacProvider;
 }
Beispiel #43
0
 public CookieBasedSessionsFixture()
 {
     this.encryptionProvider = A.Fake <IEncryptionProvider>();
     this.hmacProvider       = A.Fake <IHmacProvider>();
     this.cookieStore        = new Nancy.Session.CookieBasedSessions(this.encryptionProvider, this.hmacProvider, "the passphrase", "the salt", "hmac passphrase", new Fakes.FakeSessionObjectFormatter());
 }
Beispiel #44
0
 /// <summary>
 /// Creates a new instance of the CryptographyConfiguration class
 /// </summary>
 /// <param name="encryptionProvider">Encryption provider</param>
 /// <param name="hmacProvider">HMAC provider</param>
 public CryptographyConfiguration(IEncryptionProvider encryptionProvider, IHmacProvider hmacProvider)
 {
     this.EncryptionProvider = encryptionProvider;
     this.HmacProvider = hmacProvider;
 }
Beispiel #45
0
 public CookieBasedSessionsFixture()
 {
     this.encryptionProvider = A.Fake<IEncryptionProvider>();
     this.hmacProvider = A.Fake<IHmacProvider>();
     this.cookieStore = new Nancy.Session.CookieBasedSessions(this.encryptionProvider, this.hmacProvider, "the passphrase", "the salt", "hmac passphrase", new Fakes.FakeSessionObjectFormatter());
 }
Beispiel #46
0
 public static string GetSignature(IHmacProvider signatureProvider, string input)
 {
     return Convert.ToBase64String(signatureProvider.GenerateHmac(input));
 }
Beispiel #47
0
        /// <summary>
        /// Initialise and add cookie based session hooks to the application pipeine
        /// </summary>
        /// <param name="applicationPipelines">Application pipelines</param>
        /// <param name="encryptionProvider">Encryption provider for encrypting cookies</param>
        /// <param name="hmacProvider">The hmac provider</param>
        /// <param name="passPhrase">Encryption pass phrase</param>
        /// <param name="salt">Encryption salt</param>
        /// <param name="hmacPassphrase">The hmac passphrase</param>
        /// <returns>Formatter selector for choosing a non-default formatter</returns>
        public static IFormatterSelector Enable(IApplicationPipelines applicationPipelines, IEncryptionProvider encryptionProvider, IHmacProvider hmacProvider, string passPhrase, string salt, string hmacPassphrase)
        {
            var sessionStore = new CookieBasedSessions(encryptionProvider, hmacProvider, passPhrase, salt, hmacPassphrase, new DefaultSessionObjectFormatter());

            applicationPipelines.BeforeRequest.AddItemToEndOfPipeline(ctx => LoadSession(ctx, sessionStore));
            applicationPipelines.AfterRequest.AddItemToEndOfPipeline(ctx => SaveSession(ctx, sessionStore));

            return(sessionStore);
        }
Beispiel #48
0
 /// <summary>
 /// Initializes a new instance of the <see cref="DefaultCsrfTokenValidator"/> class,
 /// using the provided <paramref name="cryptoConfig"/>.
 /// </summary>
 /// <param name="cryptoConfig">The <see cref="CryptographyConfiguration"/> that should be used.</param>
 public DefaultCsrfTokenValidator(CryptographyConfiguration cryptoConfig)
 {
     this.hmacProvider = cryptoConfig.HmacProvider;
 }
Beispiel #49
0
        public AdminModule(IAdminRepository adminRepository,
                           IHmacProvider hmacProvider, IRequest request,
                           DatabaseSong dbsong, DatabaseDomain dbDomain,
                           IDeezerApi deezerApi, IRadioSongRepository radioSongRepository) : base("admin")
        {
            this.RequiresAuthentication();

            Get["/"] = _ => View["index"];

            Get["/AddUser"] = _ => View["addUser"];

            Post["/addUser"] = parameter =>
            {
                var model = this.Bind <AddUserViewModel>();

                if (!adminRepository.Exists(model.Login))
                {
                    adminRepository
                    .Add(
                        model.Login,
                        hmacProvider.GenerateHmac(model.Password));
                }

                return(Response.AsRedirect("/admin"));
            };

            Get["/GetCoordinate"] = _ =>
            {
                var hackManager = new HackManager(request);

                var flattenAsDateIp = File.ReadAllLines("/var/log/auth.log").Select(x =>
                {
                    var dateIp = DateIpParsor.Line(x);
                    return(dateIp);
                })
                                      .Where(x => !x.IsEmpty)
                                      .GroupBy(x => new { x.Date, x.Ip })
                                      .Select(x => DateIp.Create(x.Key.Date, x.Key.Ip))
                                      .ToList();

                var localizations = hackManager.GetLocalization(flattenAsDateIp);

                return(Response.AsJson(localizations));
            };

            Get["GenerateSong"] = _ =>
            {
                dbsong.Create();
                var playlistIds = deezerApi
                                  .GetPlaylistIdsByUserId(
                    "frKtbRGI9G18kljXooH4oQ0XbmntBD7oXeKBVBcVKIyjMMSDle0",
                    UserId.Parse("4934039"), s => s.ToLower().Contains("djam"));


                foreach (var playlistId in playlistIds)
                {
                    var songs = deezerApi.GetSongsByPlaylistId("frKtbRGI9G18kljXooH4oQ0XbmntBD7oXeKBVBcVKIyjMMSDle0", playlistId);

                    foreach (var deezerSong in songs)
                    {
                        if (!radioSongRepository.SongExists(deezerSong.Id))
                        {
                            Console.WriteLine(deezerSong.Id);
                            radioSongRepository.Add(deezerSong.Id, "NUSED", deezerSong.Title, deezerSong.Artist);
                        }
                    }
                }

                return("ok");
            };

            Get["GenerateDomain"] = _ =>
            {
                dbDomain.Create();

                dbsong.Create();
                return("ok");
            };
        }
Beispiel #50
0
 public CryptoService(IKeyGenerator keyGenerator, Func <IKeyGenerator, IHmacProvider> hmacProvider)
 {
     _keyGenerator = keyGenerator;
     _hmacProvider = hmacProvider(_keyGenerator);
 }
Beispiel #51
0
 /// <summary>
 /// Initializes a new instance of the <see cref="DefaultCsrfTokenValidator"/> class,
 /// using the provided <paramref name="cryptoConfig"/>.
 /// </summary>
 /// <param name="cryptoConfig">The <see cref="CryptographyConfiguration"/> that should be used.</param>
 public DefaultCsrfTokenValidator(CryptographyConfiguration cryptoConfig)
 {
     this.hmacProvider = cryptoConfig.HmacProvider;
 }
Beispiel #52
0
 public SessionIdentificationDataProvider(IHmacProvider hmacProvider) {
   if (hmacProvider == null) throw new ArgumentNullException("hmacProvider");
   _hmacProvider = hmacProvider;
 }
Beispiel #53
0
 /// <summary>
 /// Initializes a new instance of the <see cref="CookieBasedSessions"/> class.
 /// </summary>
 /// <param name="encryptionProvider">The encryption provider.</param>
 /// <param name="hmacProvider">The hmac provider</param>
 /// <param name="objectSerializer">Session object serializer to use</param>
 public CookieBasedSessions(IEncryptionProvider encryptionProvider, IHmacProvider hmacProvider, IObjectSerializer objectSerializer)
 {
     this.encryptionProvider = encryptionProvider;
     this.hmacProvider       = hmacProvider;
     this.serializer         = objectSerializer;
 }
Beispiel #54
0
 public GoliathHmacProvider(IHmacProvider provider, int length, string secret)
 {
     this.provider = provider;
     HmacLength    = length;
     secretByte    = secret.ConvertToByteArray();
 }
Beispiel #55
0
 /// <summary>
 /// Initializes a new instance of the <see cref="CookieBasedSessions"/> class.
 /// </summary>
 /// <param name="encryptionProvider">The encryption provider.</param>
 /// <param name="hmacProvider">The hmac provider</param>
 /// <param name="sessionObjectFormatter">Session object formatter to use</param>
 public CookieBasedSessions(IEncryptionProvider encryptionProvider, IHmacProvider hmacProvider, ISessionObjectFormatter sessionObjectFormatter)
 {
     this.encryptionProvider = encryptionProvider;
     this.hmacProvider = hmacProvider;
     this.formatter = sessionObjectFormatter;
 }