Esempio n. 1
0
        public static bool IsRiskCookieExpired(RiskCookie riskCookie)
        {
            if (riskCookie == null)
            {
                throw new ArgumentNullException("riskCookie");
            }
            double now = DateTime.UtcNow
                         .Subtract(new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc))
                         .TotalMilliseconds;

            return(riskCookie.Time < now);
        }
Esempio n. 2
0
        private RiskRequestReasonEnum CheckValidCookie(HttpContext context, out RiskCookie riskCookie)
        {
            riskCookie = null;
            try
            {
                if (string.IsNullOrEmpty(rawRiskCookie))
                {
                    Debug.WriteLine("Request without risk cookie - " + context.Request.Url.AbsoluteUri, LOG_CATEGORY);
                    return(RiskRequestReasonEnum.NO_COOKIE);
                }

                // parse cookie and check if cookie valid
                riskCookie = ParseRiskCookie(rawRiskCookie);
                if (IsRiskCookieExpired(riskCookie))
                {
                    Debug.WriteLine("Request with expired cookie - " + context.Request.Url.AbsoluteUri, LOG_CATEGORY);
                    return(RiskRequestReasonEnum.EXPIRED_COOKIE);
                }

                if (string.IsNullOrEmpty(riskCookie.Hash))
                {
                    Debug.WriteLine("Request with invalid cookie (missing signature) - " + context.Request.Url.AbsoluteUri, LOG_CATEGORY);
                    return(RiskRequestReasonEnum.INVALID_COOKIE);
                }

                string expectedHash = CalcCookieHash(context, riskCookie);
                if (expectedHash != riskCookie.Hash)
                {
                    Debug.WriteLine(string.Format("Request with invalid cookie (hash mismatch) {0}, expected {1} - {2}", riskCookie.Hash, expectedHash, context.Request.Url.AbsoluteUri), LOG_CATEGORY);
                    return(RiskRequestReasonEnum.INVALID_COOKIE);
                }

                return(RiskRequestReasonEnum.NONE);
            }
            catch (Exception ex)
            {
                Debug.WriteLine("Request with invalid cookie (exception: " + ex.Message + ") - " + context.Request.Url.AbsoluteUri, LOG_CATEGORY);
            }
            return(RiskRequestReasonEnum.INVALID_COOKIE);
        }
Esempio n. 3
0
        private string CalcCookieHash(HttpContext context, RiskCookie riskCookie)
        {
            // build string with data to validate
            var sb = new StringBuilder();

            // timestamp
            sb.Append(riskCookie.Time);
            // scores
            if (riskCookie.Scores != null)
            {
                sb.Append(riskCookie.Scores.Application);
                sb.Append(riskCookie.Scores.Bot);
            }
            // uuid
            if (!string.IsNullOrEmpty(riskCookie.Uuid))
            {
                sb.Append(riskCookie.Uuid);
            }
            // vid
            if (!string.IsNullOrEmpty(riskCookie.Vid))
            {
                sb.Append(riskCookie.Vid);
            }
            // socket ip
            if (signedWithIP && !string.IsNullOrEmpty(this.requestSocketIP))
            {
                sb.Append(this.requestSocketIP);
            }
            // user-agent
            sb.Append(GetSignUserAgent(context));
            string dataToValidate = sb.ToString();

            // calc hmac sha256 as hex string
            var hash = new HMACSHA256(cookieKeyBytes);
            var expectedHashBytes = hash.ComputeHash(Encoding.UTF8.GetBytes(dataToValidate));

            return(ByteArrayToHexString(expectedHashBytes));
        }