/// <summary>
/// Returns true, if there is a WWW-Authenticate header containing ts and tsm but mac
/// computed for ts does not match tsm, indicating possible tampering. Otherwise, returns false.
/// This method also sets the compensation field so that the timestamp in the subsequent requests
/// are adjusted to reduce the clock skew.
/// </summary>
private bool IsTimestampResponseTampered(ArtifactsContainer artifacts, HttpResponseMessage response)
{
if (response.Headers.WwwAuthenticate != null)
{
var wwwHeader = response.Headers.WwwAuthenticate.FirstOrDefault();
if (wwwHeader != null && wwwHeader.Scheme.ToLower() == HawkConstants.Scheme)
{
string parameter = wwwHeader.Parameter;
ArtifactsContainer timestampArtifacts;
if (!String.IsNullOrWhiteSpace(parameter) &&
ArtifactsContainer.TryParse(parameter, out timestampArtifacts))
{
var ts = new NormalizedTimestamp(timestampArtifacts.Timestamp, credentialFunc());
if (!ts.IsValid(timestampArtifacts.TimestampMac))
{
return(true);
}
lock (myPrecious)
HawkClient.CompensatorySeconds = (int)(timestampArtifacts.Timestamp - DateTime.UtcNow.ToUnixTime());
Tracing.Information("HawkClient.CompensatorySeconds set to " + HawkClient.CompensatorySeconds);
}
}
}
return(false);
}
/// <summary>
/// Returns true, if there is a WWW-Authenticate header containing ts and tsm but mac
/// computed for ts does not match tsm, indicating possible tampering. Otherwise, returns false.
/// This method also sets the compensation field so that the timestamp in the subsequent requests
/// are adjusted to reduce the clock skew.
/// </summary>
private bool IsTimestampResponseTampered(ArtifactsContainer artifacts, IResponseMessage response)
{
var wwwHeader = response.WwwAuthenticate;
if (wwwHeader != null)
{
string parameter = wwwHeader.Parameter;
ArtifactsContainer timestampArtifacts;
if (!String.IsNullOrWhiteSpace(parameter) &&
ArtifactsContainer.TryParse(parameter, out timestampArtifacts))
{
var ts = new NormalizedTimestamp(timestampArtifacts.Timestamp, options.CredentialsCallback(), options.LocalTimeOffsetMillis);
if (!ts.IsValid(timestampArtifacts.TimestampMac))
{
return(true);
}
lock (myPrecious)
HawkClient.CompensatorySeconds = (int)(timestampArtifacts.Timestamp - DateTime.UtcNow.ToUnixTime());
Tracing.Information("HawkClient.CompensatorySeconds set to " + HawkClient.CompensatorySeconds);
}
}
return(false);
}
/// <summary>
/// Returns true, if there is a WWW-Authenticate header containing ts and tsm but mac
/// computed for ts does not match tsm, indicating possible tampering. Otherwise, returns false.
/// This method also sets the compensation field so that the timestamp in the subsequent requests
/// are adjusted to reduce the clock skew.
/// </summary>
private bool IsTimestampResponseTampered(ArtifactsContainer artifacts, HttpResponseMessage response)
{
if (response.Headers.WwwAuthenticate != null)
{
var wwwHeader = response.Headers.WwwAuthenticate.FirstOrDefault();
if (wwwHeader != null && wwwHeader.Scheme.ToLower() == HawkConstants.Scheme)
{
string parameter = wwwHeader.Parameter;
ArtifactsContainer timestampArtifacts;
if (!String.IsNullOrWhiteSpace(parameter) &&
ArtifactsContainer.TryParse(parameter, out timestampArtifacts))
{
var ts = new NormalizedTimestamp(timestampArtifacts.Timestamp, credentialFunc());
if (!ts.IsValid(timestampArtifacts.TimestampMac))
return true;
lock (myPrecious)
HawkClient.CompensatorySeconds = (int)(timestampArtifacts.Timestamp - DateTime.UtcNow.ToUnixTime());
}
}
}
return false;
}
