public GenerateSecureArmorToken(
ArmorTokenConstructor armorTokenConstructor,
SecureArmorTokenBuilder secureArmorTokenBuilder)
{
this.armorTokenConstructor = armorTokenConstructor;
this.secureArmorTokenBuilder = secureArmorTokenBuilder;
}
public bool TryFortify() {
var identityReader = identityReaderFactory.Create();
IEnumerable<Claim> identity;
var isAuthenticated = identityReader.TryRead(out identity);
if (!isAuthenticated) return false;
var claims = identity.ToList();
var userId = claims.Single(c => c.Type.Equals("UserId")).Value;
var platform = claims.Single(c => c.Type.Equals("Platform")).Value;
var encryptionKey = ArmorSettings.EncryptionKey;
var hashingKey = ArmorSettings.HashingKey;
var nonceGenerator = new NonceGenerator();
nonceGenerator.Execute();
var armorToken = new ArmorToken(userId, platform,
nonceGenerator.Nonce);
var armorTokenConstructor = new ArmorTokenConstructor();
var standardSecureArmorTokenBuilder =
new StandardSecureArmorTokenBuilder(armorToken, encryptionKey,
hashingKey);
var generateSecureArmorToken =
new GenerateSecureArmorToken(armorTokenConstructor,
standardSecureArmorTokenBuilder);
generateSecureArmorToken.Execute();
httpContext.Response.AppendHeader("ARMOR",
generateSecureArmorToken.SecureArmorToken);
return true;
}
protected override bool IsAuthorized(HttpActionContext actionContext)
{
#region Read logged-in user claims
var principal = (ClaimsIdentity)Thread.CurrentPrincipal.Identity;
var userId = principal.Claims.Single(c => c.Type.Equals("UserId")).Value;
var platform = principal.Claims.Single(c => c.Type.Equals("Platform")).Value;
#endregion
#region Ensure existence of ArmorToken in HTTP header
var armorHeaderParser = new ArmorHeaderParser(actionContext.Request.Headers);
armorHeaderParser.Execute();
if (!armorHeaderParser.ArmorTokenHeader.IsValid)
{
return(false);
}
#endregion
#region Validate ArmorToken
var encryptionKey = Convert.FromBase64String("0nA6gWIoNXeeFjJFo1qi1ZlL7NI/4a6YbL8RnqMTC1A=");
var hashingKey = Convert.FromBase64String("0nA6gWIoNXeeFjJFo1qi1ZlL7NI/4a6YbL8RnqMTC1A=");
var secureArmorTokenValidator = new SecureArmorTokenValidator(armorHeaderParser.ArmorTokenHeader.ArmorToken, encryptionKey, hashingKey, userId, 10000000000);
secureArmorTokenValidator.Execute();
if (!secureArmorTokenValidator.ArmorTokenValidationStepResult.IsValid)
{
return(false);
}
#endregion
#region Refresh ArmorToken and re-issue
var nonceGenerator = new NonceGenerator();
nonceGenerator.Execute();
var armorToken = new ArmorToken(userId, platform, nonceGenerator.Nonce, new[] { new Claim("Another", "Claim") });
var armorTokenConstructor = new ArmorTokenConstructor();
var standardSecureArmorTokenBuilder = new StandardSecureArmorTokenBuilder(armorToken, encryptionKey, hashingKey);
var generateSecureArmorToken = new GenerateSecureArmorToken(armorTokenConstructor, standardSecureArmorTokenBuilder);
generateSecureArmorToken.Execute();
#endregion
HttpContext.Current.Response.AppendHeader("ARMOR", generateSecureArmorToken.SecureArmorToken);
return(true);
}
public void GivenIHaveProvidedASecureArmorToken()
{
var armorToken = new ArmorToken("*****@*****.**", "myPlatform", 0, new[] { new Claim("Dummy", "Claim") });
encryptionKey = Convert.FromBase64String("0nA6gWIoNXeeFjJFo1qi1ZlL7NI/4a6YbL8RnqMTC1A=");
hashingKey = Convert.FromBase64String("0nA6gWIoNXeeFjJFo1qi1ZlL7NI/4a6YbL8RnqMTC1A=");
armorTokenConstructor = new ArmorTokenConstructor();
var builder = new StandardSecureArmorTokenBuilder(armorToken, encryptionKey, hashingKey);
armorTokenConstructor.Construct(builder);
secureArmorToken = builder.SecureArmorToken;
}
public bool TryFortify()
{
var identityReader = identityReaderFactory.Create();
IEnumerable <Claim> identity;
var isAuthenticated = identityReader.TryRead(out identity);
if (!isAuthenticated)
{
return(false);
}
var claims = identity.ToList();
var userId = claims.Single(c => c.Type.Equals("UserId")).Value;
var platform = claims.SingleOrDefault(c => c.Type.Equals("Platform"));
var encryptionKey = ArmorSettings.EncryptionKey;
var hashingKey = ArmorSettings.HashingKey;
var nonceGenerator = new NonceGenerator();
nonceGenerator.Execute();
var armorToken = new ArmorToken(userId,
platform == null ? "ARMOR" : platform.Value,
nonceGenerator.Nonce);
var armorTokenConstructor = new ArmorTokenConstructor();
var standardSecureArmorTokenBuilder =
new StandardSecureArmorTokenBuilder(armorToken, encryptionKey,
hashingKey);
var generateSecureArmorToken =
new GenerateSecureArmorToken(armorTokenConstructor,
standardSecureArmorTokenBuilder);
generateSecureArmorToken.Execute();
httpContext.Response.AppendHeader("ARMOR",
generateSecureArmorToken.SecureArmorToken);
return(true);
}
public void GivenIHaveSuppliedAStandardArmorTokenConstructor()
{
armorTokenConstructor = new ArmorTokenConstructor();
}
public GenerateSecureArmorToken(ArmorTokenConstructor armorTokenConstructor, SecureArmorTokenBuilder secureArmorTokenBuilder) {
this.armorTokenConstructor = armorTokenConstructor;
this.secureArmorTokenBuilder = secureArmorTokenBuilder;
}