/// <summary> /// Detects attacks such as feed substitution or replay attacks. /// </summary> /// <param name="data">The content of the feed file as a byte array.</param> /// <param name="uri">The URI the feed originally came from.</param> /// <param name="signature">The first trusted signature for the feed.</param> /// <exception cref="ReplayAttackException">A replay attack was detected.</exception> /// <exception cref="UriFormatException"><see cref="Feed.Uri"/> is missing or does not match <paramref name="uri"/>.</exception> private void DetectAttacks(byte[] data, FeedUri uri, ValidSignature signature) { // Detect feed substitution var feed = XmlStorage.LoadXml <Feed>(new MemoryStream(data)); if (feed.Uri == null) { throw new UriFormatException(string.Format(Resources.FeedUriMissing, uri)); } if (feed.Uri != uri) { throw new UriFormatException(string.Format(Resources.FeedUriMismatch, feed.Uri, uri)); } // Detect replay attacks try { var oldSignature = _feedCache.GetSignatures(uri).OfType <ValidSignature>().FirstOrDefault(); if (oldSignature != null && signature.Timestamp < oldSignature.Timestamp) { throw new ReplayAttackException(uri, oldSignature.Timestamp, signature.Timestamp); } } catch (KeyNotFoundException) { // No existing feed to be replaced } }
private void CheckTrust(byte[] data, FeedUri feedUri, string localPath) { // Detect replay attacks var newSignature = _trustManager.CheckTrust(data, feedUri, localPath); try { var oldSignature = _feedCache.GetSignatures(feedUri).OfType <ValidSignature>().FirstOrDefault(); if (oldSignature != null && newSignature.Timestamp < oldSignature.Timestamp) { throw new ReplayAttackException(feedUri, oldSignature.Timestamp, newSignature.Timestamp); } } catch (KeyNotFoundException) { // No existing feed to be replaced } }
/// <inheritdoc/> public IEnumerable <OpenPgpSignature> GetSignatures(FeedUri feedUri) { return(_backingCache.GetSignatures(feedUri)); }