/// <summary>
/// Creates the HTTP Authorization header in hawk scheme.
/// </summary>
internal async Task CreateClientAuthorizationInternalAsync(HttpRequestMessage request, DateTime utcNow)
{
var credential = credentialFunc();
this.artifacts = new ArtifactsContainer()
{
Id = credential.Id,
Timestamp = utcNow.AddSeconds(HawkClient.CompensatorySeconds).ToUnixTime(),
Nonce = NonceGenerator.Generate()
};
if (!String.IsNullOrWhiteSpace(this.ApplicationSpecificData))
{
this.artifacts.ApplicationSpecificData = this.ApplicationSpecificData;
}
var normalizedRequest = new NormalizedRequest(request, this.artifacts);
this.crypto = new Cryptographer(normalizedRequest, this.artifacts, credential);
// Sign the request
await crypto.SignAsync(request.Content);
request.Headers.Authorization = new AuthenticationHeaderValue(
HawkConstants.Scheme,
this.artifacts.ToAuthorizationHeaderParameter());
}
/// <summary>
/// Creates the HTTP Authorization header in hawk scheme.
/// </summary>
internal async Task CreateClientAuthorizationInternalAsync(IRequestMessage request, DateTime utcNow)
{
var credential = options.CredentialsCallback();
this.artifacts = new ArtifactsContainer()
{
Id = credential.Id,
Timestamp = utcNow.AddSeconds(HawkClient.CompensatorySeconds).ToUnixTime(),
Nonce = NonceGenerator.Generate()
};
if (options.NormalizationCallback != null)
{
this.artifacts.ApplicationSpecificData = options.NormalizationCallback(request);
}
var normalizedRequest = new NormalizedRequest(request, this.artifacts, options.HostNameSource);
this.crypto = new Cryptographer(normalizedRequest, this.artifacts, credential);
// Sign the request
bool includePayloadHash = options.RequestPayloadHashabilityCallback != null &&
options.RequestPayloadHashabilityCallback(request);
string payload = includePayloadHash ? await request.ReadBodyAsStringAsync() : null;
crypto.Sign(payload, request.ContentType);
request.Authorization = new AuthenticationHeaderValue(HawkConstants.Scheme,
this.artifacts.ToAuthorizationHeaderParameter());
}
public void HttpsMustSetPortTo443()
{
var request = new HttpRequestMessage();
request.RequestUri = new Uri("https://server/api/values");
var normalizedRequest = new NormalizedRequest(new WebApiRequestMessage(request), null);
PrivateObject po = new PrivateObject(normalizedRequest);
var port = (string)po.GetField("port");
Assert.AreEqual("443", port);
}
public void PortMustDefaultTo443ForHttpsWhenHostHeaderDoesNotContainPort()
{
var request = new HttpRequestMessage();
request.RequestUri = new Uri("https://server/api/values");
request.Headers.Host = "myhost";
var normalizedRequest = new NormalizedRequest(new WebApiRequestMessage(request), null);
PrivateObject po = new PrivateObject(normalizedRequest);
var port = (string)po.GetField("port");
Assert.AreEqual("443", port);
}
public void HostAndPortMustMatchWhatIsInRequestWhenHostAndXffHeadersAreAbsent()
{
var request = new HttpRequestMessage();
request.RequestUri = new Uri("http://server/api/values");
var normalizedRequest = new NormalizedRequest(new WebApiRequestMessage(request), null);
PrivateObject po = new PrivateObject(normalizedRequest);
var hostName = (string)po.GetField("hostName");
var port = (string)po.GetField("port");
Assert.AreEqual("server", hostName);
Assert.AreEqual("80", port);
}
public void HostAndPortMustMatchWhatIsInHostHeaderWhenPresent()
{
var request = new HttpRequestMessage();
request.RequestUri = new Uri("http://server/api/values");
request.Headers.Host = "myhost:899";
var normalizedRequest = new NormalizedRequest(request, null);
PrivateObject po = new PrivateObject(normalizedRequest);
var hostName = (string)po.GetField("hostName");
var port = (string)po.GetField("port");
Assert.AreEqual("myhost", hostName);
Assert.AreEqual("899", port);
}
public void HostAndPortMustMatchWhatIsInXffHeaderWhenPresentContainingIpv6()
{
var request = new HttpRequestMessage();
request.RequestUri = new Uri("http://server/api/values");
request.Headers.Host = "myhost:899";
request.Headers.Add("X-Forwarded-For", "[111:111:111]:4444");
var normalizedRequest = new NormalizedRequest(new WebApiRequestMessage(request), null);
PrivateObject po = new PrivateObject(normalizedRequest);
var hostName = (string)po.GetField("hostName");
var port = (string)po.GetField("port");
Assert.AreEqual("[111:111:111]", hostName);
Assert.AreEqual("4444", port);
}
public void HostAndPortMustMatchWhatIsInTheFirstXffHeaderWhenMultipleXffHeadersArePresentWithIpv6Address()
{
var request = new HttpRequestMessage();
request.RequestUri = new Uri("http://server/api/values");
request.Headers.Host = "myhost:899";
request.Headers.Add("X-Forwarded-For", "[111:111:111]:1111");
request.Headers.Add("X-Forwarded-For", "[222:222:222]:2222"); // Same as "[111:111:111]:1111, [222:222:222]:2222"
var normalizedRequest = new NormalizedRequest(new WebApiRequestMessage(request), null);
PrivateObject po = new PrivateObject(normalizedRequest);
var hostName = (string)po.GetField("hostName");
var port = (string)po.GetField("port");
Assert.AreEqual("[111:111:111]", hostName);
Assert.AreEqual("1111", port);
}
/// <summary>
/// Creates the HTTP Authorization header in hawk scheme.
/// </summary>
internal async Task CreateClientAuthorizationInternalAsync(HttpRequestMessage request, DateTime utcNow)
{
var credential = credentialFunc();
this.artifacts = new ArtifactsContainer()
{
Id = credential.Id,
Timestamp = utcNow.AddSeconds(HawkClient.CompensatorySeconds).ToUnixTime(),
Nonce = NonceGenerator.Generate()
};
if (!String.IsNullOrWhiteSpace(this.ApplicationSpecificData))
this.artifacts.ApplicationSpecificData = this.ApplicationSpecificData;
var normalizedRequest = new NormalizedRequest(request, this.artifacts);
this.crypto = new Cryptographer(normalizedRequest, this.artifacts, credential);
// Sign the request
await crypto.SignAsync(request.Content);
request.Headers.Authorization = new AuthenticationHeaderValue(
HawkConstants.Scheme,
this.artifacts.ToAuthorizationHeaderParameter());
}
