public void ShouldGenerateAuthHeader() { var credential = new HawkCredential { Id = "123", Algorithm = "sha256", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var nonce = "123456"; var date = DateTime.UtcNow; var ts = Hawk.ConvertToUnixTimestamp(date).ToString(); var handler = new HawkClientMessageHandler(new DummyHttpMessageHandler(), credential, "hello", date, nonce); var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a"); var invoker = new HttpMessageInvoker(handler); invoker.SendAsync(request, new CancellationToken()); var mac = Hawk.CalculateMac(request.Headers.Host, request.Method.ToString(), request.RequestUri, "hello", ts, nonce, credential, "header"); var parameter = string.Format("id=\"{0}\", ts=\"{1}\", nonce=\"{2}\", mac=\"{3}\", ext=\"{4}\"", credential.Id, ts, nonce, mac, "hello"); Assert.IsNotNull(request.Headers.Authorization); Assert.AreEqual("Hawk", request.Headers.Authorization.Scheme); Assert.AreEqual(parameter, request.Headers.Authorization.Parameter); }
private static void Main() { const string address = "http://localhost:925/"; var config = new HttpSelfHostConfiguration(address); config.MapHttpAttributeRoutes(); var handler = new HawkMessageHandler( async id => new HawkCredential { Id = id, Key = "abcdefghijkl", Algorithm = "sha256", User = "******" }, 4, true); config.MessageHandlers.Add(handler); using (var server = new HttpSelfHostServer(config)) { server.OpenAsync().Wait(); var client = new HttpClient(); //this will fail var request = new HttpRequestMessage(HttpMethod.Get, address + "test"); var response = client.SendAsync(request).Result; Console.WriteLine(response.StatusCode); Console.WriteLine(); var credential = new HawkCredential { Id = "this-is-my-id", Key = "abcdefghijkl", Algorithm = "sha256", User = "******" }; var clientHandler = new HawkClientMessageHandler(new HttpClientHandler(), credential, ts: DateTime.Now); var client2 = new HttpClient(clientHandler); //this will succeed request = new HttpRequestMessage(HttpMethod.Get, address + "test"); var response2 = client2.SendAsync(request).Result; Console.WriteLine(response2.StatusCode); Console.WriteLine(response2.Content.ReadAsStringAsync().Result); Console.WriteLine(); Console.WriteLine("Sleeping to get outside of the timestamp window. Next request will fail - replay protection."); Thread.Sleep(5000); //this will fail request = new HttpRequestMessage(HttpMethod.Get, address + "test"); var response3 = client2.SendAsync(request).Result; Console.WriteLine(response3.StatusCode); Console.WriteLine(); Console.ReadLine(); } }
static void Main(string[] args) { string baseAddress = "http://localhost:8091/"; //TODO: It looks like there is a bug in the OWIN implementation. The Request URL does not receive // the port number // Start OWIN host using (WebApp.Start <Startup>(url: baseAddress)) { Console.WriteLine("Press Enter to quit."); var credential = new HawkCredential { Id = "dh37fgj492je", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", Algorithm = "sha256", User = "******" }; var clientHandler = new HawkClientMessageHandler(new HttpClientHandler(), credential, "some-app-data"); var client = new HttpClient(clientHandler); var request = new HttpRequestMessage(HttpMethod.Get, "http://localhost:8091/Api/HelloWorld"); request.Headers.Host = "localhost:8091"; var response = client.SendAsync(request).Result; string message = response.Content.ReadAsStringAsync().Result; Console.WriteLine("Response {0} - Http Status Code {1}", message, response.StatusCode); var client2 = new HttpClient(); request = new HttpRequestMessage(HttpMethod.Get, "http://localhost:8091/Api/HelloWorldAnonymous"); request.Headers.Host = "localhost:8091"; response = client2.SendAsync(request).Result; message = response.Content.ReadAsStringAsync().Result; Console.WriteLine("Response {0} - Http Status Code {1}", message, response.StatusCode); var client3 = new HttpClient(); var bewit = Hawk.GetBewit("localhost", new Uri("http://localhost:8091/Api/HelloWorld"), credential, 60000); request = new HttpRequestMessage(HttpMethod.Get, "http://localhost:8091/Api/HelloWorld?bewit=" + bewit); request.Headers.Host = "localhost:8091"; response = client3.SendAsync(request).Result; message = response.Content.ReadAsStringAsync().Result; Console.WriteLine("Response {0} - Http Status Code {1}", message, response.StatusCode); Console.WriteLine("Press a key to close the app"); Console.ReadLine(); } }
public void ShouldFailOnMissingCredentialKey() { var credential = new HawkCredential { Id = "123", Algorithm = "sha256", User = "******" }; var handler = new HawkClientMessageHandler(new DummyHttpMessageHandler(), credential); }
public void ShouldFailOnMissingCredentialAlgorithm() { var credential = new HawkCredential { Id = "123", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var handler = new HawkClientMessageHandler(new DummyHttpMessageHandler(), credential); }
public void ShouldGenerateAuthHeaderWithPayloadHash() { var credential = new HawkCredential { Id = "123", Algorithm = "hmacsha256", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var payload = "foo"; var hmac = System.Security.Cryptography.HMAC.Create(credential.Algorithm); hmac.Key = Encoding.ASCII.GetBytes(credential.Key); var payloadHash = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(payload))); var nonce = Hawk.GetRandomString(6); var date = DateTime.UtcNow; var ts = ((int)(Math.Floor(Hawk.ConvertToUnixTimestamp(date) / 1000))).ToString(); var handler = new HawkClientMessageHandler(new DummyHttpMessageHandler(), credential, "hello", date, nonce, true); var request = new HttpRequestMessage(HttpMethod.Post, "http://example.com:8080/resource/4?filter=a"); request.Content = new StringContent(payload); var invoker = new HttpMessageInvoker(handler); var response = invoker.SendAsync(request, new CancellationToken()); var mac = Hawk.CalculateMac(request.Headers.Host, request.Method.ToString(), request.RequestUri, "hello", ts, nonce, credential, "header", payloadHash); var parameter = string.Format("id=\"{0}\", ts=\"{1}\", nonce=\"{2}\", mac=\"{3}\", ext=\"{4}\", hash=\"{5}\"", credential.Id, ts, nonce, mac, "hello", payloadHash); Assert.IsNotNull(request.Headers.Authorization); Assert.AreEqual("Hawk", request.Headers.Authorization.Scheme); Assert.AreEqual(parameter, request.Headers.Authorization.Parameter); }
public void ShouldGenerateAuthHeaderWithPayloadHash() { var credential = new HawkCredential { Id = "123", Algorithm = "sha256", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var payload = "foo"; var payloadHash = Hawk.CalculatePayloadHash(payload, "text/plain", credential); var nonce = Hawk.GetRandomString(6); var date = DateTime.UtcNow; var ts = Hawk.ConvertToUnixTimestamp(date).ToString(); var handler = new HawkClientMessageHandler(new DummyHttpMessageHandler(), credential, "hello", date, nonce, true); var request = new HttpRequestMessage(HttpMethod.Post, "http://example.com:8080/resource/4?filter=a"); request.Headers.Host = "example.com"; request.Content = new StringContent(payload); request.Content.Headers.ContentType = new System.Net.Http.Headers.MediaTypeHeaderValue("text/plain"); var invoker = new HttpMessageInvoker(handler); var response = invoker.SendAsync(request, new CancellationToken()).Result; var mac = Hawk.CalculateMac(request.Headers.Host, request.Method.ToString(), request.RequestUri, "hello", ts, nonce, credential, "header", payloadHash); var parameter = string.Format("id=\"{0}\", ts=\"{1}\", nonce=\"{2}\", mac=\"{3}\", ext=\"{4}\", hash=\"{5}\"", credential.Id, ts, nonce, mac, "hello", payloadHash); Assert.IsNotNull(request.Headers.Authorization); Assert.AreEqual("Hawk", request.Headers.Authorization.Scheme); Assert.AreEqual(parameter, request.Headers.Authorization.Parameter); }
static void Main(string[] args) { var config = new HttpSelfHostConfiguration("http://localhost:8091"); //config.Filters.Add(new RequiresHawkAttribute(typeof(HawkRepository))); var handler = new HawkMessageHandler(new HttpControllerDispatcher(config), (id) => { return(new HawkCredential { Id = id, Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", Algorithm = "hmacsha256", User = "******" }); }); config.Routes.MapHttpRoute( "Filter", "api/filter", new { controller = "HelloWorldWithFilter" }); config.Routes.MapHttpRoute( "API Default", "api/{controller}/{id}", new { id = RouteParameter.Optional, controller = "HelloWorld" }, null, handler ); using (HttpSelfHostServer server = new HttpSelfHostServer(config)) { server.OpenAsync().Wait(); Console.WriteLine("Press Enter to quit."); var credential = new HawkCredential { Id = "dh37fgj492je", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", Algorithm = "hmacsha256", User = "******" }; var clientHandler = new HawkClientMessageHandler(new HttpClientHandler(), credential, "some-app-data"); var client = new HttpClient(clientHandler); var request = new HttpRequestMessage(HttpMethod.Get, "http://localhost:8091/Api/HelloWorld"); request.Headers.Host = "localhost"; var response = client.SendAsync(request).Result; string message = response.Content.ReadAsStringAsync().Result; Console.WriteLine("Response {0} - Http Status Code {1}", message, response.StatusCode); var client2 = new HttpClient(); request = new HttpRequestMessage(HttpMethod.Get, "http://localhost:8091/Api/HelloWorldAnonymous"); request.Headers.Host = "localhost"; response = client2.SendAsync(request).Result; message = response.Content.ReadAsStringAsync().Result; Console.WriteLine("Response {0} - Http Status Code {1}", message, response.StatusCode); var client3 = new HttpClient(); var bewit = Hawk.GetBewit("localhost", new Uri("http://localhost:8091/Api/HelloWorld"), credential, 60000); request = new HttpRequestMessage(HttpMethod.Get, "http://localhost:8091/Api/HelloWorld?bewit=" + bewit); request.Headers.Host = "localhost"; response = client3.SendAsync(request).Result; message = response.Content.ReadAsStringAsync().Result; Console.WriteLine("Response {0} - Http Status Code {1}", message, response.StatusCode); var client4 = new HttpClient(clientHandler); var request4 = new HttpRequestMessage(HttpMethod.Get, "http://localhost:8091/api/filter"); request4.Headers.Host = "localhost"; var response4 = client4.SendAsync(request4).Result; string message4 = response4.Content.ReadAsStringAsync().Result; Console.WriteLine("Response {0} - Http Status Code {1}", message4, response4.StatusCode); Console.WriteLine("Press a key to close the app"); Console.ReadLine(); } }