private static void SetCadataTtlCookie(AesCryptoServiceProvider aes, int flags, HttpRequest httpRequest, HttpResponse httpResponse)
{
using (ICryptoTransform cryptoTransform = aes.CreateEncryptor())
{
FbaModule.DetermineKeyIntervalsIfNecessary();
bool flag = (flags & 4) == 4;
bool flag2 = FbaModule.IsMowa(httpRequest, flag);
ExDateTime exDateTime = ExDateTime.UtcNow.AddTicks(flag2 ? FbaModule.fbaMowaKeyTTL.Ticks : (flag ? FbaModule.fbaPrivateKeyTTL.Ticks : FbaModule.fbaPublicKeyTTL.Ticks));
byte[] array = new byte[9];
ExBitConverter.Write(exDateTime.UtcTicks, array, 0);
array[8] = (byte)flags;
byte[] inArray = cryptoTransform.TransformFinalBlock(array, 0, array.Length);
FbaModule.CreateAndAddCookieToResponse(httpRequest, httpResponse, "cadataTTL", Convert.ToBase64String(inArray));
}
}
private void ParseCadataCookies(HttpApplication httpApplication)
{
HttpContext context = httpApplication.Context;
HttpRequest request = context.Request;
HttpResponse response = context.Response;
RequestDetailsLogger current = RequestDetailsLoggerBase <RequestDetailsLogger> .GetCurrent(context);
string text = null;
if (request.Cookies["cadata"] != null && request.Cookies["cadata"].Value != null)
{
text = request.Cookies["cadata"].Value;
}
string text2 = null;
if (request.Cookies["cadataKey"] != null && request.Cookies["cadataKey"].Value != null)
{
text2 = request.Cookies["cadataKey"].Value;
}
string text3 = null;
if (request.Cookies["cadataIV"] != null && request.Cookies["cadataIV"].Value != null)
{
text3 = request.Cookies["cadataIV"].Value;
}
string text4 = null;
if (request.Cookies["cadataSig"] != null && request.Cookies["cadataSig"].Value != null)
{
text4 = request.Cookies["cadataSig"].Value;
}
string text5 = null;
if (request.Cookies["cadataTTL"] != null && request.Cookies["cadataTTL"].Value != null)
{
text5 = request.Cookies["cadataTTL"].Value;
}
if (text == null || text2 == null || text3 == null || text4 == null || text5 == null)
{
return;
}
byte[] array = null;
byte[] array2 = null;
PerfCounters.HttpProxyCacheCountersInstance.FbaModuleKeyCacheHitsRateBase.Increment();
FbaModule.KeyCache.TryGetValue(text2, out array);
FbaModule.KeyCache.TryGetValue(text3, out array2);
if (array != null && array2 != null)
{
PerfCounters.HttpProxyCacheCountersInstance.FbaModuleKeyCacheHitsRate.Increment();
goto IL_362;
}
string text6 = null;
RSACryptoServiceProvider rsacryptoServiceProvider;
try
{
X509Certificate2 sslCertificate = FbaModule.GetSslCertificate(request);
rsacryptoServiceProvider = (sslCertificate.PrivateKey as RSACryptoServiceProvider);
if (rsacryptoServiceProvider != null)
{
byte[] rgb = Convert.FromBase64String(text4);
byte[] bytes = rsacryptoServiceProvider.Decrypt(rgb, true);
string @string = Encoding.Unicode.GetString(bytes);
if (string.Compare(@string, "Fba Rocks!", StringComparison.Ordinal) != 0)
{
text6 = "does not match the SSL certificate on the Cafe web-site on another server in this Cafe array";
}
}
else
{
text6 = "does not contain RSACryptoServiceProvider";
if (ExTraceGlobals.VerboseTracer.IsTraceEnabled(TraceType.DebugTrace))
{
ExTraceGlobals.VerboseTracer.TraceDebug((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] Certificate:{0},Name:{1},Thumbprint:{2},PrivateKeyKey.(Exchange/Signature)Algorighm:{3} has no RSACryptoServiceProvider", new object[]
{
sslCertificate.Subject,
sslCertificate.FriendlyName,
sslCertificate.Thumbprint,
(sslCertificate.PrivateKey == null) ? "NULL" : (sslCertificate.PrivateKey.KeyExchangeAlgorithm + "/" + sslCertificate.PrivateKey.SignatureAlgorithm)
});
}
}
}
catch (CryptographicException arg)
{
ExTraceGlobals.VerboseTracer.TraceDebug <CryptographicException>((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] Received CryptographicException {0} decrypting cadataSig", arg);
return;
}
if (text6 == null)
{
byte[] rgb2 = Convert.FromBase64String(text2);
byte[] rgb3 = Convert.FromBase64String(text3);
try
{
array = rsacryptoServiceProvider.Decrypt(rgb2, true);
array2 = rsacryptoServiceProvider.Decrypt(rgb3, true);
}
catch (CryptographicException arg2)
{
ExTraceGlobals.VerboseTracer.TraceDebug <CryptographicException>((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] Received CryptographicException {0} decrypting symKey/symIV", arg2);
return;
}
this.cadataKeyString = text2;
this.cadataIVString = text3;
this.symKey = array;
this.symIV = array2;
goto IL_362;
}
ExTraceGlobals.VerboseTracer.TraceError <string, string>((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] {0} {1}", "Error in validating Cadata signature. This most likely indicates that the SSL certifcate on the Cafe web-site on this server ", text6);
return;
IL_362:
using (AesCryptoServiceProvider aesCryptoServiceProvider = new AesCryptoServiceProvider())
{
aesCryptoServiceProvider.Key = array;
aesCryptoServiceProvider.IV = array2;
using (ICryptoTransform cryptoTransform = aesCryptoServiceProvider.CreateDecryptor())
{
byte[] array3 = Convert.FromBase64String(text5);
byte[] array4 = null;
try
{
array4 = cryptoTransform.TransformFinalBlock(array3, 0, array3.Length);
}
catch (CryptographicException arg3)
{
ExTraceGlobals.VerboseTracer.TraceDebug <CryptographicException>((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] Received CryptographicException {0} transforming TTL", arg3);
return;
}
if (array4.Length < 1)
{
ExTraceGlobals.VerboseTracer.TraceDebug((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] TTL length was less than 1.");
return;
}
long ticks = BitConverter.ToInt64(array4, 0);
int num = (int)array4[8];
bool flag = (num & 4) == 4;
context.Items["Flags"] = num;
ExDateTime t = new ExDateTime(ExTimeZone.UtcTimeZone, ticks);
ExDateTime utcNow = ExDateTime.UtcNow;
if (t < utcNow)
{
if (request.HttpMethod.Equals("GET", StringComparison.OrdinalIgnoreCase))
{
if (request.QueryString.ToString().StartsWith("oeh=1&", StringComparison.OrdinalIgnoreCase))
{
RequestDetailsLoggerBase <RequestDetailsLogger> .SafeAppendGenericInfo(current, "LoginTimeout", "440 - GET/OEH");
this.Send440Response(httpApplication, false);
}
else
{
RequestDetailsLoggerBase <RequestDetailsLogger> .SafeAppendGenericInfo(current, "LoginTimeout", "302 - GET/Timeout");
this.RedirectToFbaLogon(httpApplication, FbaModule.LogonReason.Timeout);
}
}
else if (request.HttpMethod.Equals("POST", StringComparison.OrdinalIgnoreCase))
{
RequestDetailsLoggerBase <RequestDetailsLogger> .SafeAppendGenericInfo(current, "LoginTimeout", "440 - POST");
this.Send440Response(httpApplication, true);
}
else
{
RequestDetailsLoggerBase <RequestDetailsLogger> .SafeAppendGenericInfo(current, "LoginTimeout", "440 - " + request.HttpMethod);
this.Send440Response(httpApplication, false);
}
return;
}
FbaModule.DetermineKeyIntervalsIfNecessary();
ExDateTime t2 = t.AddTicks(-2L * (flag ? FbaModule.fbaPrivateKeyReissueInterval.Ticks : FbaModule.fbaPublicKeyReissueInterval.Ticks));
if (t2 < utcNow && OwaAuthenticationHelper.IsOwaUserActivityRequest(request))
{
FbaModule.SetCadataTtlCookie(aesCryptoServiceProvider, num, request, response);
}
}
using (ICryptoTransform cryptoTransform2 = aesCryptoServiceProvider.CreateDecryptor())
{
byte[] array5 = Convert.FromBase64String(text);
byte[] bytes2 = null;
try
{
bytes2 = cryptoTransform2.TransformFinalBlock(array5, 0, array5.Length);
}
catch (CryptographicException arg4)
{
ExTraceGlobals.VerboseTracer.TraceDebug <CryptographicException>((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] Received CryptographicException {0} transforming auth", arg4);
return;
}
string string2 = Encoding.Unicode.GetString(bytes2);
request.Headers["Authorization"] = string2;
}
}
}
