/// <summary>
/// Returns true, if there is a WWW-Authenticate header containing ts and tsm but mac
/// computed for ts does not match tsm, indicating possible tampering. Otherwise, returns false.
/// This method also sets the compensation field so that the timestamp in the subsequent requests
/// are adjusted to reduce the clock skew.
/// </summary>
private bool IsTimestampResponseTampered(ArtifactsContainer artifacts, IResponseMessage response)
{
var wwwHeader = response.WwwAuthenticate;
if (wwwHeader != null)
{
string parameter = wwwHeader.Parameter;
ArtifactsContainer timestampArtifacts;
if (!String.IsNullOrWhiteSpace(parameter) &&
ArtifactsContainer.TryParse(parameter, out timestampArtifacts))
{
var ts = new NormalizedTimestamp(timestampArtifacts.Timestamp, options.CredentialsCallback(), options.LocalTimeOffsetMillis);
if (!ts.IsValid(timestampArtifacts.TimestampMac))
return true;
lock (myPrecious)
HawkClient.CompensatorySeconds = (int)(timestampArtifacts.Timestamp - DateTime.UtcNow.ToUnixTime());
Tracing.Information("HawkClient.CompensatorySeconds set to " + HawkClient.CompensatorySeconds);
}
}
return false;
}
