public HmacAuthenticationOptions(ISigningAlgorithm algorithm, IAppSecretRepository appSecretRepository, string signInAsAuthenticationType = Schemas.HMAC)
: base(Schemas.HMAC)
{
Algorithm = algorithm;
AppSecretRepository = appSecretRepository;
SignInAsAuthenticationType = signInAsAuthenticationType;
}
public TokenService(
IAppSecretRepository appSecretRepository,
UserManager <ApplicationUser> userManager,
IdentityServerTools tools,
IOrganisationService organisationService)
{
this.appSecretRepository = appSecretRepository;
this.userManager = userManager;
this.tools = tools;
this.organisationService = organisationService;
}
public HmacAuthenticationService(
IAppSecretRepository appSecretProvider,
ISigningAlgorithm algorithm,
IHmacRequestDateValidator dateValidator,
IHmacSignatureContentResolver signatureContentResolver)
{
this.appSecretProvider = appSecretProvider;
this.algorithm = algorithm;
this.dateValidator = dateValidator;
this.signatureContentResolver = signatureContentResolver;
}
public HmacServerHandler(
IAppSecretRepository appSecretRepository,
ISigningAlgorithm signingAlgorithm,
bool mixedAuthMode = false,
TimeSpan?tolerance = null,
ITime time = null)
{
this.appSecretRepository = appSecretRepository;
this.signingAlgorithm = signingAlgorithm;
this.mixedAuthMode = mixedAuthMode;
this.tolerance = tolerance ?? Constants.DefaultTolerance;
this.time = time ?? SystemTime.Instance;
}
public HMACMiddleware(
OwinMiddleware next,
IAppSecretRepository appSecretRepository,
ISigningAlgorithm signingAlgorithm,
TimeSpan?tolerance = null,
ITime time = null)
: base(next)
{
this.appSecretRepository = appSecretRepository;
this.signingAlgorithm = signingAlgorithm;
this.tolerance = tolerance ?? Constants.DefaultTolerance;
this.time = time ?? SystemTime.Instance;
}
public HMACServerHandler(
HttpMessageHandler innerHandler,
IAppSecretRepository appSecretRepository,
ISigningAlgorithm signingAlgorithm,
TimeSpan?tolerance = null,
ITime time = null)
: base(innerHandler)
{
this.appSecretRepository = appSecretRepository;
this.signingAlgorithm = signingAlgorithm;
this.tolerance = tolerance ?? Constants.DefaultTolerance;
this.time = time ?? SystemTime.Instance;
}
internal static bool Validate(IOwinRequest req, ISigningAlgorithm algorithm, IAppSecretRepository appSecretRepository, ITime time, TimeSpan tolerance)
{
var h = req.Headers;
var appId = GetAppId(req);
var nonce = GetNonce(req);
var auth = h.Get(Headers.Authorization)?.Split(' ');
var authSchema = auth?.Length == 2 ? auth[0] : null;
var authValue = auth?.Length == 2 ? auth[1] : null;
DateTimeOffset date =
DateTimeOffset.TryParse(h.Get(Headers.Date), out date)
? date
: DateTimeOffset.MinValue;
if (appId != null &&
authSchema == Schemas.HMAC &&
authValue != null &&
time.UtcNow - date <= tolerance)
{
var contentMd5 = h.Get(Headers.ContentMD5);
var builder = new CannonicalRepresentationBuilder();
var content = builder.BuildRepresentation(
nonce,
appId,
req.Method,
req.ContentType,
req.Accept,
contentMd5 == null ? null : Convert.FromBase64String(contentMd5),
date,
req.Uri);
SecureString secret;
if (content != null && (secret = appSecretRepository.GetSecret(appId)) != null)
{
var signature = algorithm.Sign(secret, content);
if (authValue == signature)
{
return(true);
}
}
}
return(false);
}
public HmacOptions(IAppSecretRepository appSecretRepository)
{
AppSecretRepository = appSecretRepository;
}
public HMACMiddlewareSettings(IAppSecretRepository appSecretRepository, ISigningAlgorithm signingAlgorithm)
{
AppSecretRepository = appSecretRepository;
SigningAlgorithm = signingAlgorithm;
}
public HmacMiddlewareOptions(IAppSecretRepository appSecretRepository, ISigningAlgorithm algorithm)
{
AppSecretRepository = appSecretRepository;
Algorithm = algorithm;
}
