/// <summary>
/// Detects attacks such as feed substitution or replay attacks.
/// </summary>
/// <param name="data">The content of the feed file as a byte array.</param>
/// <param name="uri">The URI the feed originally came from.</param>
/// <param name="signature">The first trusted signature for the feed.</param>
/// <exception cref="ReplayAttackException">A replay attack was detected.</exception>
/// <exception cref="UriFormatException"><see cref="Feed.Uri"/> is missing or does not match <paramref name="uri"/>.</exception>
private void DetectAttacks(byte[] data, FeedUri uri, ValidSignature signature)
{
// Detect feed substitution
var feed = XmlStorage.LoadXml <Feed>(new MemoryStream(data));
if (feed.Uri == null)
{
throw new UriFormatException(string.Format(Resources.FeedUriMissing, uri));
}
if (feed.Uri != uri)
{
throw new UriFormatException(string.Format(Resources.FeedUriMismatch, feed.Uri, uri));
}
// Detect replay attacks
try
{
var oldSignature = _feedCache.GetSignatures(uri).OfType <ValidSignature>().FirstOrDefault();
if (oldSignature != null && signature.Timestamp < oldSignature.Timestamp)
{
throw new ReplayAttackException(uri, oldSignature.Timestamp, signature.Timestamp);
}
}
catch (KeyNotFoundException)
{
// No existing feed to be replaced
}
}
private void CheckTrust(byte[] data, FeedUri feedUri, string localPath)
{
// Detect replay attacks
var newSignature = _trustManager.CheckTrust(data, feedUri, localPath);
try
{
var oldSignature = _feedCache.GetSignatures(feedUri).OfType <ValidSignature>().FirstOrDefault();
if (oldSignature != null && newSignature.Timestamp < oldSignature.Timestamp)
{
throw new ReplayAttackException(feedUri, oldSignature.Timestamp, newSignature.Timestamp);
}
}
catch (KeyNotFoundException)
{
// No existing feed to be replaced
}
}
/// <inheritdoc/>
public IEnumerable <OpenPgpSignature> GetSignatures(FeedUri feedUri)
{
return(_backingCache.GetSignatures(feedUri));
}