private static void ValidateEncryptedToken(IHttpContext context, Decrypted input, List <ValidationFailures> failures, List <string> messages)
{
if (input != null)
{
try
{
EncryptedTokenValidationStatus tokenStatus = ApiEncryptionValidation.ValidateEncryptedToken(context, input.Value);
switch (tokenStatus)
{
case EncryptedTokenValidationStatus.Unkown:
failures.Add(ServiceProxy.ValidationFailures.UnknownTokenValidationResult);
messages.Add("ApiEncryptionValidation.ValidateToken failed");
break;
case EncryptedTokenValidationStatus.HashFailed:
failures.Add(ServiceProxy.ValidationFailures.TokenHashFailed);
messages.Add("ApiEncryptionValidation.ValidateToken failed: TokenHashFailed");
break;
case EncryptedTokenValidationStatus.NonceFailed:
failures.Add(ServiceProxy.ValidationFailures.TokenNonceFailed);
messages.Add("ApiEncryptionValidation.ValidateToken failed: TokenNonceFailed");
break;
case EncryptedTokenValidationStatus.Success:
break;
}
}
catch (Exception ex)
{
failures.Add(ServiceProxy.ValidationFailures.TokenValidationError);
messages.Add(ex.Message);
}
}
}
public void Validation_ValidateNonceShouldFailIfTooOld()
{
Prepare();
DateTime tenMinutesAgo = DateTime.UtcNow.Subtract(TimeSpan.FromMinutes(10));
Instant nonce = new Instant(tenMinutesAgo);
EncryptedTokenValidationStatus status = ApiEncryptionValidation.ValidateNonce(nonce.ToString(), 5);
Expect.IsFalse(status == EncryptedTokenValidationStatus.Success);
Expect.AreEqual(EncryptedTokenValidationStatus.NonceFailed, status);
}
public static EncryptedTokenValidationStatus ValidateHash(string nonce, string hash, string plainPost)
{
string kvpFormat = "{0}:{1}";
string checkHash = kvpFormat._Format(nonce, plainPost).Sha256();
EncryptedTokenValidationStatus result = EncryptedTokenValidationStatus.HashFailed;
if (checkHash.Equals(hash))
{
result = EncryptedTokenValidationStatus.Success;
}
return(result);
}
/// <summary>
/// Checks that the specified nonce is no more than
/// 3 minutes in the past or future
/// </summary>
/// <param name="nonce"></param>
/// <param name="offset"></param>
/// <returns></returns>
public static EncryptedTokenValidationStatus ValidateNonce(string nonce, int offset)
{
EncryptedTokenValidationStatus result = EncryptedTokenValidationStatus.Success;
Instant requestInstant = Instant.FromString(nonce);
Instant currentInstant = new Instant();
int difference = currentInstant.DiffInMilliseconds(requestInstant);
difference = difference - offset;
if (TimeSpan.FromMilliseconds(difference).TotalMinutes > 3)
{
result = EncryptedTokenValidationStatus.NonceFailed;
}
return(result);
}
public static EncryptedTokenValidationStatus ValidateEncrtypedToken(SecureSession session, string hashCipher, string nonceCipher, string plainPost, bool usePkcsPadding = false)
{
string hash = session.DecryptWithPrivateKey(hashCipher, usePkcsPadding);
string nonce = session.DecryptWithPrivateKey(nonceCipher, usePkcsPadding);
int offset = session.TimeOffset.Value;
EncryptedTokenValidationStatus result = ValidateNonce(nonce, offset);
if (result == EncryptedTokenValidationStatus.Success)
{
result = ValidateHash(nonce, hash, plainPost);
}
return(result);
}