internal static void SetCadataCookies(HttpApplication httpApplication)
{
HttpContext context = httpApplication.Context;
HttpRequest request = context.Request;
HttpResponse response = context.Response;
byte[] rgb = null;
byte[] rgb2 = null;
string s = context.Items["Authorization"] as string;
int num = (int)context.Items["flags"];
HttpCookieCollection cookies = request.Cookies;
using (AesCryptoServiceProvider aesCryptoServiceProvider = new AesCryptoServiceProvider())
{
aesCryptoServiceProvider.GenerateKey();
aesCryptoServiceProvider.GenerateIV();
rgb = aesCryptoServiceProvider.Key;
rgb2 = aesCryptoServiceProvider.IV;
using (ICryptoTransform cryptoTransform = aesCryptoServiceProvider.CreateEncryptor())
{
byte[] bytes = Encoding.Unicode.GetBytes(s);
byte[] inArray = cryptoTransform.TransformFinalBlock(bytes, 0, bytes.Length);
FbaModule.CreateAndAddCookieToResponse(request, response, "cadata", Convert.ToBase64String(inArray));
}
FbaModule.SetCadataTtlCookie(aesCryptoServiceProvider, num, request, response);
}
X509Certificate2 sslCertificate = FbaModule.GetSslCertificate(request);
RSACryptoServiceProvider rsacryptoServiceProvider = sslCertificate.PublicKey.Key as RSACryptoServiceProvider;
byte[] inArray2 = rsacryptoServiceProvider.Encrypt(rgb, true);
byte[] inArray3 = rsacryptoServiceProvider.Encrypt(rgb2, true);
FbaModule.CreateAndAddCookieToResponse(request, response, "cadataKey", Convert.ToBase64String(inArray2));
FbaModule.CreateAndAddCookieToResponse(request, response, "cadataIV", Convert.ToBase64String(inArray3));
byte[] bytes2 = Encoding.Unicode.GetBytes("Fba Rocks!");
byte[] inArray4 = rsacryptoServiceProvider.Encrypt(bytes2, true);
FbaModule.CreateAndAddCookieToResponse(request, response, "cadataSig", Convert.ToBase64String(inArray4));
}
private void ParseCadataCookies(HttpApplication httpApplication)
{
HttpContext context = httpApplication.Context;
HttpRequest request = context.Request;
HttpResponse response = context.Response;
RequestDetailsLogger current = RequestDetailsLoggerBase <RequestDetailsLogger> .GetCurrent(context);
string text = null;
if (request.Cookies["cadata"] != null && request.Cookies["cadata"].Value != null)
{
text = request.Cookies["cadata"].Value;
}
string text2 = null;
if (request.Cookies["cadataKey"] != null && request.Cookies["cadataKey"].Value != null)
{
text2 = request.Cookies["cadataKey"].Value;
}
string text3 = null;
if (request.Cookies["cadataIV"] != null && request.Cookies["cadataIV"].Value != null)
{
text3 = request.Cookies["cadataIV"].Value;
}
string text4 = null;
if (request.Cookies["cadataSig"] != null && request.Cookies["cadataSig"].Value != null)
{
text4 = request.Cookies["cadataSig"].Value;
}
string text5 = null;
if (request.Cookies["cadataTTL"] != null && request.Cookies["cadataTTL"].Value != null)
{
text5 = request.Cookies["cadataTTL"].Value;
}
if (text == null || text2 == null || text3 == null || text4 == null || text5 == null)
{
return;
}
byte[] array = null;
byte[] array2 = null;
PerfCounters.HttpProxyCacheCountersInstance.FbaModuleKeyCacheHitsRateBase.Increment();
FbaModule.KeyCache.TryGetValue(text2, out array);
FbaModule.KeyCache.TryGetValue(text3, out array2);
if (array != null && array2 != null)
{
PerfCounters.HttpProxyCacheCountersInstance.FbaModuleKeyCacheHitsRate.Increment();
goto IL_362;
}
string text6 = null;
RSACryptoServiceProvider rsacryptoServiceProvider;
try
{
X509Certificate2 sslCertificate = FbaModule.GetSslCertificate(request);
rsacryptoServiceProvider = (sslCertificate.PrivateKey as RSACryptoServiceProvider);
if (rsacryptoServiceProvider != null)
{
byte[] rgb = Convert.FromBase64String(text4);
byte[] bytes = rsacryptoServiceProvider.Decrypt(rgb, true);
string @string = Encoding.Unicode.GetString(bytes);
if (string.Compare(@string, "Fba Rocks!", StringComparison.Ordinal) != 0)
{
text6 = "does not match the SSL certificate on the Cafe web-site on another server in this Cafe array";
}
}
else
{
text6 = "does not contain RSACryptoServiceProvider";
if (ExTraceGlobals.VerboseTracer.IsTraceEnabled(TraceType.DebugTrace))
{
ExTraceGlobals.VerboseTracer.TraceDebug((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] Certificate:{0},Name:{1},Thumbprint:{2},PrivateKeyKey.(Exchange/Signature)Algorighm:{3} has no RSACryptoServiceProvider", new object[]
{
sslCertificate.Subject,
sslCertificate.FriendlyName,
sslCertificate.Thumbprint,
(sslCertificate.PrivateKey == null) ? "NULL" : (sslCertificate.PrivateKey.KeyExchangeAlgorithm + "/" + sslCertificate.PrivateKey.SignatureAlgorithm)
});
}
}
}
catch (CryptographicException arg)
{
ExTraceGlobals.VerboseTracer.TraceDebug <CryptographicException>((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] Received CryptographicException {0} decrypting cadataSig", arg);
return;
}
if (text6 == null)
{
byte[] rgb2 = Convert.FromBase64String(text2);
byte[] rgb3 = Convert.FromBase64String(text3);
try
{
array = rsacryptoServiceProvider.Decrypt(rgb2, true);
array2 = rsacryptoServiceProvider.Decrypt(rgb3, true);
}
catch (CryptographicException arg2)
{
ExTraceGlobals.VerboseTracer.TraceDebug <CryptographicException>((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] Received CryptographicException {0} decrypting symKey/symIV", arg2);
return;
}
this.cadataKeyString = text2;
this.cadataIVString = text3;
this.symKey = array;
this.symIV = array2;
goto IL_362;
}
ExTraceGlobals.VerboseTracer.TraceError <string, string>((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] {0} {1}", "Error in validating Cadata signature. This most likely indicates that the SSL certifcate on the Cafe web-site on this server ", text6);
return;
IL_362:
using (AesCryptoServiceProvider aesCryptoServiceProvider = new AesCryptoServiceProvider())
{
aesCryptoServiceProvider.Key = array;
aesCryptoServiceProvider.IV = array2;
using (ICryptoTransform cryptoTransform = aesCryptoServiceProvider.CreateDecryptor())
{
byte[] array3 = Convert.FromBase64String(text5);
byte[] array4 = null;
try
{
array4 = cryptoTransform.TransformFinalBlock(array3, 0, array3.Length);
}
catch (CryptographicException arg3)
{
ExTraceGlobals.VerboseTracer.TraceDebug <CryptographicException>((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] Received CryptographicException {0} transforming TTL", arg3);
return;
}
if (array4.Length < 1)
{
ExTraceGlobals.VerboseTracer.TraceDebug((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] TTL length was less than 1.");
return;
}
long ticks = BitConverter.ToInt64(array4, 0);
int num = (int)array4[8];
bool flag = (num & 4) == 4;
context.Items["Flags"] = num;
ExDateTime t = new ExDateTime(ExTimeZone.UtcTimeZone, ticks);
ExDateTime utcNow = ExDateTime.UtcNow;
if (t < utcNow)
{
if (request.HttpMethod.Equals("GET", StringComparison.OrdinalIgnoreCase))
{
if (request.QueryString.ToString().StartsWith("oeh=1&", StringComparison.OrdinalIgnoreCase))
{
RequestDetailsLoggerBase <RequestDetailsLogger> .SafeAppendGenericInfo(current, "LoginTimeout", "440 - GET/OEH");
this.Send440Response(httpApplication, false);
}
else
{
RequestDetailsLoggerBase <RequestDetailsLogger> .SafeAppendGenericInfo(current, "LoginTimeout", "302 - GET/Timeout");
this.RedirectToFbaLogon(httpApplication, FbaModule.LogonReason.Timeout);
}
}
else if (request.HttpMethod.Equals("POST", StringComparison.OrdinalIgnoreCase))
{
RequestDetailsLoggerBase <RequestDetailsLogger> .SafeAppendGenericInfo(current, "LoginTimeout", "440 - POST");
this.Send440Response(httpApplication, true);
}
else
{
RequestDetailsLoggerBase <RequestDetailsLogger> .SafeAppendGenericInfo(current, "LoginTimeout", "440 - " + request.HttpMethod);
this.Send440Response(httpApplication, false);
}
return;
}
FbaModule.DetermineKeyIntervalsIfNecessary();
ExDateTime t2 = t.AddTicks(-2L * (flag ? FbaModule.fbaPrivateKeyReissueInterval.Ticks : FbaModule.fbaPublicKeyReissueInterval.Ticks));
if (t2 < utcNow && OwaAuthenticationHelper.IsOwaUserActivityRequest(request))
{
FbaModule.SetCadataTtlCookie(aesCryptoServiceProvider, num, request, response);
}
}
using (ICryptoTransform cryptoTransform2 = aesCryptoServiceProvider.CreateDecryptor())
{
byte[] array5 = Convert.FromBase64String(text);
byte[] bytes2 = null;
try
{
bytes2 = cryptoTransform2.TransformFinalBlock(array5, 0, array5.Length);
}
catch (CryptographicException arg4)
{
ExTraceGlobals.VerboseTracer.TraceDebug <CryptographicException>((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] Received CryptographicException {0} transforming auth", arg4);
return;
}
string string2 = Encoding.Unicode.GetString(bytes2);
request.Headers["Authorization"] = string2;
}
}
}
