public string Escape(Uri requestTarget, RequestTargetEscaping escaping)
{
if (requestTarget == null)
{
throw new ArgumentNullException(nameof(requestTarget));
}
switch (escaping)
{
case RequestTargetEscaping.RFC3986:
return(_rfc3986Escaper.Escape(requestTarget, escaping));
case RequestTargetEscaping.RFC2396:
return(_rfc2396Escaper.Escape(requestTarget, escaping));
case RequestTargetEscaping.OriginalString:
return(_originalStringEscaper.Escape(requestTarget, escaping));
case RequestTargetEscaping.Unescaped:
return(_unescapedEscaper.Escape(requestTarget, escaping));
default:
throw new ArgumentOutOfRangeException(nameof(escaping), escaping, $"The specified {nameof(RequestTargetEscaping)} value is currently not supported.");
}
}
public void GivenUnsupportedEscapingOption_ThrowsArgumentException(RequestTargetEscaping escaping)
{
var requestTarget = new Uri("https://dalion.eu/api/create", UriKind.Absolute);
Action act = () => _sut.Escape(requestTarget, escaping);
act.Should().Throw <ArgumentException>();
}
public Create()
{
_timeOfComposing = new DateTimeOffset(2020, 2, 24, 11, 20, 14, TimeSpan.FromHours(1));
_expires = TimeSpan.FromMinutes(5);
_httpRequest = new HttpRequestForSignatureString {
Method = HttpMethod.Post,
RequestUri = "http://dalion.eu/api/resource/id1".ToUri()
};
_requestTargetEscaping = RequestTargetEscaping.RFC3986;
}
public RequestTargetHeaderAppenderTests()
{
FakeFactory.Create(out _requestTargetEscaper);
_httpRequest = new HttpRequestForSignatureString {
Method = HttpMethod.Post,
RequestUri = "/api/resource/id1".ToUri()
};
_requestTargetEscaping = RequestTargetEscaping.RFC3986;
_sut = new RequestTargetHeaderAppender(_httpRequest, _requestTargetEscaping, _requestTargetEscaper);
}
public IHeaderAppender Create(HttpRequestForSignatureString request, RequestTargetEscaping requestTargetEscaping, DateTimeOffset?timeOfComposing, TimeSpan?expires)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
return(new CompositeHeaderAppender(
new DefaultHeaderAppender(request),
new RequestTargetHeaderAppender(request, requestTargetEscaping, _requestTargetEscaper),
new CreatedHeaderAppender(timeOfComposing),
new ExpiresHeaderAppender(timeOfComposing, expires),
new DateHeaderAppender(request)));
}
public void CallsCorrectEscaperAndReturnsItsResult(RequestTargetEscaping escaping)
{
A.CallTo(() => _rfc3986Escaper.Escape(_requestTarget, escaping))
.Returns("escaped_rfc3986");
A.CallTo(() => _rfc2396Escaper.Escape(_requestTarget, escaping))
.Returns("escaped_rfc2396");
A.CallTo(() => _originalStringEscaper.Escape(_requestTarget, escaping))
.Returns("escaped_originalstring");
A.CallTo(() => _unescapedEscaper.Escape(_requestTarget, escaping))
.Returns("escaped_unescaped");
var actual = _sut.Escape(_requestTarget, escaping);
actual.Should().Be("escaped_" + escaping.ToString().ToLower());
}
/// <summary>
/// Create a new instance of the <see cref="Client" /> class.
/// </summary>
/// <param name="id">The identity of the client that can be looked up by the server.</param>
/// <param name="name">The descriptive name of the client</param>
/// <param name="signatureAlgorithm">The <see cref="Dalion.HttpMessageSigning.ISignatureAlgorithm" /> that is used to verify the signature.</param>
/// <param name="nonceLifetime">The time span after which repeated nonce values are allowed again.</param>
/// <param name="clockSkew">The clock skew to allow when validation a time.</param>
/// <param name="claims">The additional claims that the validated principal will have upon successful signature verification.</param>
/// <param name="requestTargetEscaping">The method of escaping the value of the (request-target) pseudo-header.</param>
public Client(
KeyId id,
string name,
ISignatureAlgorithm signatureAlgorithm,
TimeSpan nonceLifetime,
TimeSpan clockSkew,
RequestTargetEscaping requestTargetEscaping,
params Claim[] claims)
: this(id, name, signatureAlgorithm, new ClientOptions {
RequestTargetEscaping = requestTargetEscaping,
NonceLifetime = nonceLifetime,
ClockSkew = clockSkew,
Claims = claims
})
{
}
public string Escape(Uri requestTarget, RequestTargetEscaping escaping)
{
if (escaping != RequestTargetEscaping.Unescaped)
{
throw new ArgumentException($"This {GetType().Name} cannot escape adhering to the rules of option '{escaping}'.");
}
if (requestTarget == null)
{
throw new ArgumentNullException(nameof(requestTarget));
}
return(requestTarget.IsAbsoluteUri
? requestTarget.GetComponents(UriComponents.PathAndQuery, UriFormat.Unescaped)
: ("/" + requestTarget.OriginalString.Split('#')[0].TrimStart('/')).UriUnescape());
}
public string Escape(Uri requestTarget, RequestTargetEscaping escaping)
{
if (escaping != RequestTargetEscaping.OriginalString)
{
throw new ArgumentException($"This {GetType().Name} cannot escape adhering to the rules of option '{escaping}'.");
}
if (requestTarget == null)
{
throw new ArgumentNullException(nameof(requestTarget));
}
if (requestTarget.IsAbsoluteUri)
{
var segments = requestTarget.OriginalString.Split('#')[0].Split('/');
return("/" + string.Join("/", segments.Skip(3)));
}
return("/" + requestTarget.OriginalString.Split('#')[0].TrimStart('/'));
}
private static void ConfigureServices(IServiceCollection services, RequestTargetEscaping escapingForSigning, RequestTargetEscaping escapingForVerification)
{
services
.AddHttpMessageSigning()
.UseKeyId("e0e8dcd638334c409e1b88daf821d135")
.UseSignatureAlgorithm(SignatureAlgorithm.CreateForSigning("yumACY64r%hm"))
.UseDigestAlgorithm(HashAlgorithmName.SHA256)
.UseExpires(TimeSpan.FromMinutes(1))
.UseHeaders((HeaderName)"Dalion-App-Id")
.UseRequestTargetEscaping(escapingForSigning)
.Services
.AddHttpMessageSignatureVerification()
.UseAspNetCoreSignatureVerification()
.UseClient(Client.Create(
"e0e8dcd638334c409e1b88daf821d135",
"HttpMessageSigningSampleHMAC",
SignatureAlgorithm.CreateForVerification("yumACY64r%hm"),
options => {
options.RequestTargetEscaping = escapingForVerification;
options.Claims = new[] {
new Claim(SignedHttpRequestClaimTypes.Role, "users.read")
};
}));
}
public Escape()
{
_escaping = RequestTargetEscaping.OriginalString;
}
public async Task WhenRequestTargetEscapingSettingIsAMatch_VerificationSucceeds(RequestTargetEscaping escaping)
{
_serviceProvider = new ServiceCollection().Configure(services => ConfigureServices(services, escaping, escaping)).BuildServiceProvider();
_requestSignerFactory = _serviceProvider.GetRequiredService <IRequestSignerFactory>();
_verifier = _serviceProvider.GetRequiredService <IRequestSignatureVerifier>();
var request = new HttpRequestMessage {
RequestUri = new Uri("https://dalion.eu/api/%7BBrooks%7D%20was%20here/api/David%20%26%20Partners%20%2B%20Siebe%20at%20100%25%20%2A%20co.?query%2Bstring=%7BBrooks%7D"),
Method = HttpMethod.Post,
Content = new StringContent("{'id':42}", Encoding.UTF8, MediaTypeNames.Application.Json),
Headers =
{
{ "Dalion-App-Id", "ringor" }
}
};
var requestSigner = _requestSignerFactory.CreateFor("e0e8dcd638334c409e1b88daf821d135");
await requestSigner.Sign(request);
var receivedRequest = await request.ToServerSideHttpRequest();
var verificationResult = await _verifier.VerifySignature(receivedRequest, _authenticationOptions);
verificationResult.IsSuccess.Should().BeTrue();
if (verificationResult is RequestSignatureVerificationResultFailure failureResult)
{
_output.WriteLine("Request signature verification failed: {0}", failureResult.Failure);
throw new SignatureVerificationException(failureResult.Failure.ToString());
}
}
public Escape()
{
_escaping = RequestTargetEscaping.RFC2396;
}
public IHttpMessageSigningBuilder UseRequestTargetEscaping(RequestTargetEscaping requestTargetEscaping)
{
_signingSettings.RequestTargetEscaping = requestTargetEscaping;
return(this);
}
public Escape()
{
_escaping = RequestTargetEscaping.Unescaped;
}
public RequestTargetHeaderAppender(HttpRequestForSignatureString request, RequestTargetEscaping requestTargetEscaping, IRequestTargetEscaper requestTargetEscaper)
{
_request = request ?? throw new ArgumentNullException(nameof(request));
_requestTargetEscaping = requestTargetEscaping;
_requestTargetEscaper = requestTargetEscaper ?? throw new ArgumentNullException(nameof(requestTargetEscaper));
}
