internal NormalizedTimestamp(ulong unixTime, Credential credential, int localOffset = 0)
        {
            this.unixTimeMillis = unixTime * 1000;
            this.credential = credential;

            fresh = Math.Floor((this.unixTimeMillis + Convert.ToUInt64(localOffset)) / 1000.0);
        }
 internal Cryptographer(NormalizedRequest request, ArtifactsContainer artifacts, Credential credential)
 {
     this.normalizedRequest = request;
     this.artifacts = artifacts;
     this.credential = credential;
     this.hasher = new Hasher(credential.Algorithm);
 }
 /// <summary>
 /// Represents the query parameter bewit used by Hawk for granting temporary access.
 /// </summary>
 /// <param name="request">Request object</param>
 /// <param name="credential">Hawk credential to use for creating and validating bewit.</param>
 /// <param name="utcNow">Current date and time in UTC.</param>
 /// <param name="lifeSeconds">Bewit life time (time to live in seconds).</param>
 /// <param name="applicationSpecificData">Application specific data to be sent in the bewit</param>
 /// <param name="localOffset">Local offset in milliseconds.</param>
 internal Bewit(IRequestMessage request, Credential credential,
                     DateTime utcNow, int lifeSeconds, string applicationSpecificData, int localOffset = 0)
 {
     this.credential = credential;
     this.request = request;
     this.utcNow = utcNow;
     this.lifeSeconds = lifeSeconds;
     this.applicationSpecificData = applicationSpecificData;
     this.localOffset = localOffset;
 }
        static void Main(string[] args)
        {
            string uri = "http://localhost:12345/values";

            var credential = new Credential()
            {
                Id = "dh37fgj492je",
                Algorithm = SupportedAlgorithms.SHA256,
                User = "******",
                Key = Convert.FromBase64String("wBgvhp1lZTr4Tb6K6+5OQa1bL9fxK7j8wBsepjqVNiQ=")
            };

            // GET and POST using the Authorization header
            var options = new ClientOptions()
            {
                CredentialsCallback = () => credential,
                RequestPayloadHashabilityCallback = (r) => true,
                NormalizationCallback = (req) =>
                {
                    string name = "X-Request-Header-To-Protect";
                    return req.Headers.ContainsKey(name) ?
                                name + ":" + req.Headers[name].First() : null;
                }
            };

            var handler = new HawkValidationHandler(options);

            HttpClient client = HttpClientFactory.Create(handler);
            client.DefaultRequestHeaders.Add("X-Request-Header-To-Protect", "secret");

            var response = client.GetAsync(uri).Result;
            Console.WriteLine(response.Content.ReadAsStringAsync().Result);

            response = client.PostAsJsonAsync(uri, credential.User).Result;
            Console.WriteLine(response.Content.ReadAsStringAsync().Result);

            // GET using Bewit
            var hawkClient = new HawkClient(options);
            var request = new HttpRequestMessage() { RequestUri = new Uri(uri) };

            string bewit = hawkClient.CreateBewit(new WebApiRequestMessage(request),
                                                        lifeSeconds: 60);

            // Bewit is handed off to a client needing temporary access to the resource.
            var clientNeedingTempAccess = new WebClient();
            var resource = clientNeedingTempAccess.DownloadString(uri + "?bewit=" + bewit);
            Console.WriteLine(resource);

            Console.Read();
        }
        static void Main(string[] args)
        {
            string uri = "http://localhost:8089/hawk";

            var credential = new Credential()
            {
                    Id = "44363926-D61B-43C9-B743-34C58F04A356",
                    Algorithm = SupportedAlgorithms.SHA256,
                    User = "******",
                    Key = Guid.Parse("36579269-7A4D-4E83-81C0-F928BDD42B11").ToByteArray()
                };

            var options = new ClientOptions()
            {
                CredentialsCallback = () => credential,
                RequestPayloadHashabilityCallback = (r) => true,
                NormalizationCallback = (req) =>
                {
                    string name = "X-Storage-Token";
                    return req.Headers.ContainsKey(name) ?
                                name + ":" + req.Headers[name].First()
                                                              : null;
                }
            };

            var handler = new HawkValidationHandler(options);

            HttpClient client = HttpClientFactory.Create(handler);
            client.DefaultRequestHeaders.Add(
                                   "X-Storage-Token", "secret");

            var response = client.GetAsync(uri).Result;
            Console.WriteLine(response.Content.ReadAsStringAsync().Result);

            response = client.PostAsJsonAsync(uri, credential.User).Result;
            Console.WriteLine(response.Content.ReadAsStringAsync().Result);

            Console.Read();
        }
 internal NormalizedTimestamp(DateTime utcNow, Credential credential, int localOffset = 0) :
     this(utcNow.ToUnixTime(), credential, localOffset) { }
 public void Add(Credential credential)
 {
     _credentials.Add(credential);
 }
Exemple #8
0
        /// <summary>
        /// Returns an AuthenticationResult object corresponding to the result of authentication done
        /// using the client supplied artifacts in the bewit query string parameter.
        /// </summary>
        /// <param name="bewit">Value of the query string parameter with the name of 'bewit'.</param>
        /// <param name="now">Date and time in UTC to be used as the base for computing bewit life.</param>
        /// <param name="request">Request object.</param>
        /// <param name="options">Hawk authentication options</param>
        internal static AuthenticationResult Authenticate(string bewit, ulong now, IRequestMessage request, Options options)
        {
            if (!String.IsNullOrWhiteSpace(bewit))
            {
                if (request.Method == HttpMethod.Get)
                {
                    if (options != null && options.CredentialsCallback != null)
                    {
                        var parts = bewit.ToUtf8StringFromBase64Url().Split('\\');

                        if (parts.Length == 4)
                        {
                            ulong timestamp = 0;
                            if (UInt64.TryParse(parts[1], out timestamp) && timestamp * 1000 > now)
                            {
                                string id  = parts[0];
                                string mac = parts[2];
                                string ext = parts[3];

                                if (!String.IsNullOrWhiteSpace(id) && !String.IsNullOrWhiteSpace(mac))
                                {
                                    RemoveBewitFromUri(request);

                                    Credential credential = options.CredentialsCallback(id);
                                    if (credential != null && credential.IsValid)
                                    {
                                        var artifacts = new ArtifactsContainer()
                                        {
                                            Id        = id,
                                            Nonce     = String.Empty,
                                            Timestamp = timestamp,
                                            Mac       = mac.ToBytesFromBase64(),
                                            ApplicationSpecificData = ext ?? String.Empty
                                        };

                                        var normalizedRequest = new NormalizedRequest(request, artifacts)
                                        {
                                            IsBewit = true
                                        };
                                        var crypto = new Cryptographer(normalizedRequest, artifacts, credential);

                                        if (crypto.IsSignatureValid()) // Bewit is for GET and GET must have no request body
                                        {
                                            return(new AuthenticationResult()
                                            {
                                                IsAuthentic = true,
                                                Credential = credential,
                                                Artifacts = artifacts,
                                                ApplicationSpecificData = ext
                                            });
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }

            return(new AuthenticationResult()
            {
                IsAuthentic = false
            });
        }