public bool TryFortify() { var identityReader = identityReaderFactory.Create(); IEnumerable<Claim> identity; var isAuthenticated = identityReader.TryRead(out identity); if (!isAuthenticated) return false; var claims = identity.ToList(); var userId = claims.Single(c => c.Type.Equals("UserId")).Value; var platform = claims.Single(c => c.Type.Equals("Platform")).Value; var encryptionKey = ArmorSettings.EncryptionKey; var hashingKey = ArmorSettings.HashingKey; var nonceGenerator = new NonceGenerator(); nonceGenerator.Execute(); var armorToken = new ArmorToken(userId, platform, nonceGenerator.Nonce); var armorTokenConstructor = new ArmorTokenConstructor(); var standardSecureArmorTokenBuilder = new StandardSecureArmorTokenBuilder(armorToken, encryptionKey, hashingKey); var generateSecureArmorToken = new GenerateSecureArmorToken(armorTokenConstructor, standardSecureArmorTokenBuilder); generateSecureArmorToken.Execute(); httpContext.Response.AppendHeader("ARMOR", generateSecureArmorToken.SecureArmorToken); return true; }
public string Get() { var stopwatch = new Stopwatch(); stopwatch.Start(); var hashingKey = new byte[32]; var encryptionKey = new byte[32]; using (var provider = new RNGCryptoServiceProvider()) { provider.GetBytes(hashingKey); provider.GetBytes(encryptionKey); } var nonceGenerator = new NonceGenerator(); nonceGenerator.Execute(); var armorToken = new ArmorToken("*****@*****.**", "HMH", nonceGenerator.Nonce); var hash = new HashArmorTokenGenerationStep(new HMACSHA256HashingMechanismFactory(hashingKey), new EmptyArmorTokenGenerationStep()); var encrypt = new EncryptArmorTokenGenerationStep(new RijndaelEncryptionMechanismFactory(encryptionKey), hash); var serialise = new SerialiseArmorTokenGenerationStep(new ArmorTokenSerialisor(), encrypt); var armorTokenGenerator = new ArmorTokenGenerator(armorToken, serialise); armorTokenGenerator.Execute(); stopwatch.Stop(); Trace.WriteLine(string.Concat("Time: ", stopwatch.ElapsedMilliseconds)); return(armorTokenGenerator.ArmorToken); }
public void WhenIParseTheDecryptedToken() { var deserialisor = new ArmorTokenDeserialisor(decryptedArmorToken); deserialisor.Execute(); deserialisedArmorToken = deserialisor.DeserialisedArmorToken; }
public void GivenIHaveSuppliedASerialisedArmorToken() { armorToken = new ArmorToken("*****@*****.**", "myPlatform", 0, new[] { new Claim("Dummy", "Claim") }); var serialisor = new ArmorTokenSerialisor(armorToken); serialisor.Execute(); serialisedArmorToken = serialisor.SerialisedArmorToken; }
public void WhenIDeserialiseTheArmorToken() { var deserialisor = new ArmorTokenDeserialisor(serialisedArmorToken); deserialisor.Execute(); deserialisedArmorToken = deserialisor.DeserialisedArmorToken; }
protected override bool IsAuthorized(HttpActionContext actionContext) { #region Read logged-in user claims var principal = (ClaimsIdentity)Thread.CurrentPrincipal.Identity; var userId = principal.Claims.Single(c => c.Type.Equals("UserId")).Value; var platform = principal.Claims.Single(c => c.Type.Equals("Platform")).Value; #endregion #region Ensure existence of ArmorToken in HTTP header var armorHeaderParser = new ArmorHeaderParser(actionContext.Request.Headers); armorHeaderParser.Execute(); if (!armorHeaderParser.ArmorTokenHeader.IsValid) { return(false); } #endregion #region Validate ArmorToken var encryptionKey = Convert.FromBase64String("0nA6gWIoNXeeFjJFo1qi1ZlL7NI/4a6YbL8RnqMTC1A="); var hashingKey = Convert.FromBase64String("0nA6gWIoNXeeFjJFo1qi1ZlL7NI/4a6YbL8RnqMTC1A="); var secureArmorTokenValidator = new SecureArmorTokenValidator(armorHeaderParser.ArmorTokenHeader.ArmorToken, encryptionKey, hashingKey, userId, 10000000000); secureArmorTokenValidator.Execute(); if (!secureArmorTokenValidator.ArmorTokenValidationStepResult.IsValid) { return(false); } #endregion #region Refresh ArmorToken and re-issue var nonceGenerator = new NonceGenerator(); nonceGenerator.Execute(); var armorToken = new ArmorToken(userId, platform, nonceGenerator.Nonce, new[] { new Claim("Another", "Claim") }); var armorTokenConstructor = new ArmorTokenConstructor(); var standardSecureArmorTokenBuilder = new StandardSecureArmorTokenBuilder(armorToken, encryptionKey, hashingKey); var generateSecureArmorToken = new GenerateSecureArmorToken(armorTokenConstructor, standardSecureArmorTokenBuilder); generateSecureArmorToken.Execute(); #endregion HttpContext.Current.Response.AppendHeader("ARMOR", generateSecureArmorToken.SecureArmorToken); return(true); }
public void WhenIInvokeTheStandardArmorTokenConstructor() { var armorToken = new ArmorToken("*****@*****.**", "myPlatform", 0, new[] { new Claim("Dummy", "Claim") }); encryptionKey = Convert.FromBase64String("0nA6gWIoNXeeFjJFo1qi1ZlL7NI/4a6YbL8RnqMTC1A="); hashingKey = Convert.FromBase64String("0nA6gWIoNXeeFjJFo1qi1ZlL7NI/4a6YbL8RnqMTC1A="); var builder = new StandardSecureArmorTokenBuilder(armorToken, encryptionKey, hashingKey); armorTokenConstructor.Construct(builder); secureArmorToken = builder.SecureArmorToken; }
public void WhenIVerifyTheHashedArmorTokenSHMACSHASignature(int p0) { switch (p0) { case 256: hashingMode = HashingMode.HMACSHA256; break; case 512: hashingMode = HashingMode.HMACSHA512; break; default: throw new NotImplementedException("Invalid Hashing Mode."); } var hashedArmorTokenParser = new HashedArmorTokenParser(hashingMode, Convert.FromBase64String(hashedArmorToken)); hashedArmorTokenParser.Execute(); byte[] hash; switch (p0) { case 256: using (var hmac = new HMACSHA256(hashingKey)) hash = hmac.ComputeHash(hashedArmorTokenParser.ParsedArmorToken.ArmorToken); break; case 512: using (var hmac = new HMACSHA512(hashingKey)) hash = hmac.ComputeHash(hashedArmorTokenParser.ParsedArmorToken.ArmorToken); break; default: throw new NotImplementedException("Invalid Hashing Mode."); } Assert.AreEqual(hashedArmorTokenParser.ParsedArmorToken.Hash, hash); var encryptionMechanismFactory = new RijndaelDecryptionMechanismFactory(encryptionKey, hashedArmorTokenParser.ParsedArmorToken.ArmorToken); var armorTokenDecryptor = new ArmorTokenEncryptor(encryptionMechanismFactory); armorTokenDecryptor.Execute(); var decrypted = armorTokenDecryptor.Output; var armorTokenDeserialisor = new ArmorTokenDeserialisor(decrypted); armorTokenDeserialisor.Execute(); deserialisedArmorToken = armorTokenDeserialisor.DeserialisedArmorToken; }
public void GivenIHaveSuppliedAnEncryptedArmorTokenForHashUsingHMACSHA(int p0) { originalArmorToken = new ArmorToken("*****@*****.**", "myPlatform", 0, new[] { new Claim("Dummy", "Claim") }); var armorTokenSerialisor = new ArmorTokenSerialisor(originalArmorToken); armorTokenSerialisor.Execute(); using (var provider = new RNGCryptoServiceProvider()) provider.GetBytes(encryptionKey); var encryptionMechanismFactory = new RijndaelEncryptionMechanismFactory(encryptionKey, Encoding.UTF8.GetBytes(armorTokenSerialisor.SerialisedArmorToken)); var armorTokenEncryptor = new ArmorTokenEncryptor(encryptionMechanismFactory); armorTokenEncryptor.Execute(); encryptedArmorToken = armorTokenEncryptor.Output; }
public bool TryFortify() { var identityReader = identityReaderFactory.Create(); IEnumerable <Claim> identity; var isAuthenticated = identityReader.TryRead(out identity); if (!isAuthenticated) { return(false); } var claims = identity.ToList(); var userId = claims.Single(c => c.Type.Equals("UserId")).Value; var platform = claims.SingleOrDefault(c => c.Type.Equals("Platform")); var encryptionKey = ArmorSettings.EncryptionKey; var hashingKey = ArmorSettings.HashingKey; var nonceGenerator = new NonceGenerator(); nonceGenerator.Execute(); var armorToken = new ArmorToken(userId, platform == null ? "ARMOR" : platform.Value, nonceGenerator.Nonce); var armorTokenConstructor = new ArmorTokenConstructor(); var standardSecureArmorTokenBuilder = new StandardSecureArmorTokenBuilder(armorToken, encryptionKey, hashingKey); var generateSecureArmorToken = new GenerateSecureArmorToken(armorTokenConstructor, standardSecureArmorTokenBuilder); generateSecureArmorToken.Execute(); httpContext.Response.AppendHeader("ARMOR", generateSecureArmorToken.SecureArmorToken); return(true); }
public void ArmorTokenJsonParserParsesSerialisedArmorToken() { var expectedArmorToken = new ArmorToken("*****@*****.**", "myPlatform", 0, new[] { new Claim("Dummy", "Claim"), }); var raw = Encoding.UTF8.GetBytes(Resources.SerialisedArmorToken); ArmorToken armorToken; using (Stream stream = new MemoryStream(raw)) { var parser = new ArmorTokenJsonParser(stream, "claims"); Assert.DoesNotThrow(parser.Parse); armorToken = parser.Result.FirstOrDefault(); } Assert.NotNull(armorToken); foreach (var expectedClaim in expectedArmorToken.Claims.Where(c => !c.Type.Equals("TimeStamp"))) { Claim claim; Assert.NotNull(claim = armorToken.Claims.SingleOrDefault(c => c.Type.Equals(expectedClaim.Type))); Assert.AreEqual(expectedClaim.Value, claim.Value); } }
public void GivenIHaveSuppliedARawArmorTokenForGeneration() { armorToken = new ArmorToken("*****@*****.**", "myPlatform", 0, new[] { new Claim("Dummy", "Claim") }); }
public override void Generate(object armorToken) { this.armorToken = (ArmorToken)armorToken; base.Generate(armorToken); }
public override void Validate(object armorToken) { this.armorToken = (ArmorToken)armorToken; Execute(); }
public StandardSecureArmorTokenBuilder(ArmorToken armorToken, byte[] encryptionKey, byte[] hashingKey) : base(armorToken, encryptionKey, hashingKey) { }
public void GivenIHaveSuppliedAnArmorTokenForEncryption() { originalArmorToken = new ArmorToken("*****@*****.**", "myPlatform", 0, new[] { new Claim("Dummy", "Claim") }); }
protected SecureArmorTokenBuilder(ArmorToken armorToken, byte[] encryptionKey, byte[] hashingKey) { this.armorToken = armorToken; this.encryptionKey = encryptionKey; this.hashingKey = hashingKey; }
public override void Validate(object armorToken) { this.armorToken = (ArmorToken)armorToken; base.Validate(armorToken); }