protected override HttpRequestMessage ProcessRequest(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            var nonce     = nonceGenerator.NextNonce();
            var timestamp = time.UtcNow;

            var builder = new CannonicalRepresentationBuilder();
            var content = builder.BuildRepresentation(
                nonce,
                client,
                request.Method.Method,
                request.Content?.Headers?.ContentType?.ToString(),
                request.Headers.Accept.Select(x => x.ToString()).ToArray(),
                request.Content?.Headers?.ContentMD5,
                timestamp,
                request.RequestUri);

            var signature = signingAlgorithm.Sign(secret, Encoding.UTF8.GetBytes(content));

            request.Headers.Authorization = new AuthenticationHeaderValue(Schemas.Bearer, Convert.ToBase64String(signature));
            request.Headers.Add(Headers.XClient, client);
            request.Headers.Add(Headers.XNonce, nonce);
            request.Headers.Date = timestamp;

            return(request);
        }
        protected override HttpRequestMessage ProcessRequest(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            var nonce = nonceGenerator.NextNonce;
            var timestamp = time.UtcNow;

            var builder = new CannonicalRepresentationBuilder();
            var content = builder.BuildRepresentation(
                nonce,
                appId,
                request.Method.Method,
                request.Content?.Headers?.ContentType?.ToString(),
                string.Join(", ", request.Headers.Accept),
                request.Content?.Headers?.ContentMD5,
                timestamp,
                request.RequestUri);

            var signature = signingAlgorithm.Sign(secret, content);

            request.Headers.Authorization = new AuthenticationHeaderValue(Schemas.HMAC, signature);
            request.Headers.Add(Headers.XAppId, appId);
            request.Headers.Add(Headers.XNonce, nonce);
            request.Headers.Date = timestamp;

            return request;
        }
        protected override async Task <HttpResponseMessage> SendAsync(
            HttpRequestMessage request,
            CancellationToken cancellationToken)
        {
            var req = request;
            var h   = req.Headers;

            var client = h.Contains(Headers.XClient)
                ? h.GetValues(Headers.XClient).FirstOrDefault()
                : null;
            var nonce = h.Contains(Headers.XNonce)
                ? h.GetValues(Headers.XNonce).FirstOrDefault()
                : null;
            var scheme = h.Authorization?.Scheme;
            var token  = h.Authorization?.Parameter;
            var date   = h.Date ?? DateTimeOffset.MinValue;

            if (
                client != null &&
                nonce != null &&
                scheme == Schemas.Bearer &&
                token != null &&
                time.UtcNow - date <= clockSkew)
            {
                var builder = new CannonicalRepresentationBuilder();
                var content = builder.BuildRepresentation(
                    nonce,
                    client,
                    req.Method.Method,
                    req.Content.Headers.ContentType?.ToString(),
                    req.Headers.Accept.Select(x => x.ToString()).ToArray(),
                    req.Content.Headers.ContentMD5,
                    date,
                    req.RequestUri);

                SecureString secret = secretRepository.GetSecret(client);
                if (secret != null)
                {
                    var isTokenValid = signingAlgorithm.Verify(
                        secret,
                        Encoding.UTF8.GetBytes(content),
                        Convert.FromBase64String(token));

                    if (isTokenValid)
                    {
                        return(await base.SendAsync(request, cancellationToken));
                    }
                }
            }

            return(new HttpResponseMessage(HttpStatusCode.Unauthorized)
            {
                Headers =
                {
                    { Headers.WWWAuthenticate, Schemas.Bearer }
                }
            });
        }
Example #4
0
        protected override async Task <HttpResponseMessage> SendAsync(
            HttpRequestMessage request,
            CancellationToken cancellationToken)
        {
            var req = request;
            var h   = req.Headers;

            if (mixedAuthMode && h.Authorization?.Scheme != Schemas.HMAC)
            {
                return(await base.SendAsync(request, cancellationToken));
            }

            var appId = h.Contains(Headers.XAppId)
                ? h.GetValues(Headers.XAppId).FirstOrDefault()
                : null;
            var authValue = h.Authorization?.Parameter;
            var date      = h.Date ?? DateTimeOffset.MinValue;

            if (appId != null &&
                authValue != null &&
                time.UtcNow - date <= tolerance)
            {
                var builder = new CannonicalRepresentationBuilder();
                var content = builder.BuildRepresentation(
                    h.GetValues(Headers.XNonce).FirstOrDefault(),
                    appId,
                    req.Method.Method,
                    req.Content.Headers.ContentType?.ToString(),
                    string.Join(", ", req.Headers.Accept),
                    req.Content.Headers.ContentMD5,
                    date,
                    req.RequestUri);

                SecureString secret;
                if (content != null && (secret = appSecretRepository.GetSecret(appId)) != null)
                {
                    var signature = signingAlgorithm.Sign(secret, content);
                    if (authValue == signature)
                    {
                        return(await base.SendAsync(request, cancellationToken));
                    }
                }
            }

            return(new HttpResponseMessage(HttpStatusCode.Unauthorized)
            {
                Headers =
                {
                    { Headers.WWWAuthenticate, Schemas.HMAC }
                }
            });
        }
Example #5
0
        internal static bool Validate(IOwinRequest req, ISigningAlgorithm algorithm, ISecretRepository secretRepository, ITime time, TimeSpan clockSkew)
        {
            var h = req.Headers;

            var client = GetClient(req);
            var nonce  = GetNonce(req);

            var            auth   = h.Get(Headers.Authorization)?.Split(' ');
            var            scheme = auth?.Length == 2 ? auth[0] : null;
            var            token  = auth?.Length == 2 ? auth[1] : null;
            DateTimeOffset date   =
                DateTimeOffset.TryParse(h.Get(Headers.Date), out date)
                    ? date
                    : DateTimeOffset.MinValue;

            if (client != null &&
                nonce != null &&
                scheme == Schemas.Bearer &&
                token != null &&
                time.UtcNow - date <= clockSkew)
            {
                var contentMd5 = h.Get(Headers.ContentMD5);
                var builder    = new CannonicalRepresentationBuilder();
                var content    = builder.BuildRepresentation(
                    nonce,
                    client,
                    req.Method,
                    req.ContentType,
                    req.Accept.Split(','),
                    contentMd5 == null ? null : Convert.FromBase64String(contentMd5),
                    date,
                    req.Uri);


                SecureString secret = secretRepository.GetSecret(client);
                if (secret != null)
                {
                    var isTokenValid = algorithm.Verify(
                        secret,
                        Encoding.UTF8.GetBytes(content),
                        Convert.FromBase64String(token));

                    if (isTokenValid)
                    {
                        return(true);
                    }
                }
            }

            return(false);
        }
Example #6
0
        public override async Task Invoke(IOwinContext context)
        {
            var req = context.Request;
            var res = context.Response;
            var h   = req.Headers;

            var            appId      = h.Get(Headers.XAppId);
            var            auth       = h.Get(Headers.Authorization)?.Split(' ');
            var            authSchema = auth?.Length == 2 ? auth[0] : null;
            var            authValue  = auth?.Length == 2 ? auth[1] : null;
            DateTimeOffset date       =
                DateTimeOffset.TryParse(h.Get(Headers.Date), out date)
                    ? date
                    : DateTimeOffset.MinValue;

            if (appId != null &&
                authSchema == Schemas.HMAC &&
                authValue != null &&
                time.UtcNow - date <= tolerance)
            {
                var builder = new CannonicalRepresentationBuilder();
                var content = builder.BuildRepresentation(
                    h.Get(Headers.XNonce),
                    appId,
                    req.Method,
                    req.ContentType,
                    req.Accept,
                    Convert.FromBase64String(h.Get(Headers.ContentMD5)),
                    date,
                    req.Uri);

                SecureString secret;
                if (content != null && (secret = appSecretRepository.GetSecret(appId)) != null)
                {
                    var signature = signingAlgorithm.Sign(secret, content);
                    if (authValue == signature)
                    {
                        await Next.Invoke(context);

                        return;
                    }
                }
            }

            res.StatusCode = 401;
            res.Headers.Append(Headers.WWWAuthenticate, Schemas.HMAC);
        }
Example #7
0
        internal static bool Validate(IOwinRequest req, ISigningAlgorithm algorithm, IAppSecretRepository appSecretRepository, ITime time, TimeSpan tolerance)
        {
            var h = req.Headers;

            var appId = GetAppId(req);
            var nonce = GetNonce(req);

            var            auth       = h.Get(Headers.Authorization)?.Split(' ');
            var            authSchema = auth?.Length == 2 ? auth[0] : null;
            var            authValue  = auth?.Length == 2 ? auth[1] : null;
            DateTimeOffset date       =
                DateTimeOffset.TryParse(h.Get(Headers.Date), out date)
                    ? date
                    : DateTimeOffset.MinValue;

            if (appId != null &&
                authSchema == Schemas.HMAC &&
                authValue != null &&
                time.UtcNow - date <= tolerance)
            {
                var contentMd5 = h.Get(Headers.ContentMD5);
                var builder    = new CannonicalRepresentationBuilder();
                var content    = builder.BuildRepresentation(
                    nonce,
                    appId,
                    req.Method,
                    req.ContentType,
                    req.Accept,
                    contentMd5 == null ? null : Convert.FromBase64String(contentMd5),
                    date,
                    req.Uri);

                SecureString secret;
                if (content != null && (secret = appSecretRepository.GetSecret(appId)) != null)
                {
                    var signature = algorithm.Sign(secret, content);
                    if (authValue == signature)
                    {
                        return(true);
                    }
                }
            }

            return(false);
        }