public void ShouldReturnValidKey() { var algorithmMapper = new SignatureAlgorithmIdentifierMapper(); var secureRandom = new SecureRandomGenerator(); var signatureProvider = new SignatureProvider(algorithmMapper, secureRandom, new SignerUtilitiesWrapper()); byte[] data = secureRandom.NextBytes(100); IAsymmetricKey result = keyProvider.GetPrivateKey(rsaKeyPair.PrivateKey.Content); Signature signature = signatureProvider.CreateSignature(result, data); Assert.IsTrue(signatureProvider.VerifySignature(rsaKeyPair.PublicKey, signature)); }
public Task AuthenticateAsync(HttpAuthenticationContext context, System.Threading.CancellationToken cancellationToken) { if (!IsHmacEnabled) { var claims = new List <Claim>() { new Claim(ClaimTypes.Name, "0") }; context.Principal = new ClaimsPrincipal( new[] { new ClaimsIdentity(claims, SignatureProvider.SignatureScheme) }); return(Task.FromResult(0)); } var request = context.Request; var authorization = request.Headers.Authorization; if (authorization == null || authorization.Scheme != SignatureProvider.SignatureScheme) { return(Task.FromResult(0)); } if (string.IsNullOrWhiteSpace(authorization.Parameter)) { context.ErrorResult = new AuthenticationFailureResult("Authorization token missing from header", request); return(Task.FromResult(0)); } if (!request.Headers.Contains(SignatureProvider.UserIDHeader)) { context.ErrorResult = new AuthenticationFailureResult(string.Format("User ID header {0} missing", SignatureProvider.UserIDHeader), request); return(Task.FromResult(0)); } var userId = request.Headers.GetValues(SignatureProvider.UserIDHeader).FirstOrDefault(); if (string.IsNullOrEmpty(userId)) { context.ErrorResult = new AuthenticationFailureResult(string.Format("User ID missing from header value {0}", SignatureProvider.UserIDHeader), request); return(Task.FromResult(0)); } var key = SecretProvider.GetSignatureSecretKey(userId); if (string.IsNullOrEmpty(key)) { context.ErrorResult = new AuthenticationFailureResult("Unknown User ID", request); return(Task.FromResult(0)); } var uri = request.RequestUri.ToString().ToLowerInvariant(); var stripProtocol = SecretProvider.GetProtocolStripList().Any(site => uri.Contains(site)); var success = SignatureProvider.HasValidSignature(request, userId, key, TimeOutPeriod, stripProtocol); //success = true; if (!success) { var sig = SignatureProvider.CreateSignature(request, key, stripProtocol); var diagnostic = string.Format("Diagnostic info follows. Signature: {0}, attached sig: {1}, method: {2}, URI: {3}, content: {4}, Request time stamp:{5}, Server time stamp:{6}, User: {7}, Auth: {8}", sig, request.Headers.Authorization.Parameter, request.Method, request.RequestUri, request.Content != null ? request.Content.ReadAsStringAsync().Result : "", request.Headers.Date == null ? "" : request.Headers.Date.Value.ToUniversalTime().ToString("r"), DateTime.Now.ToUniversalTime().ToString("r"), request.Headers.GetValues(SignatureProvider.UserIDHeader).FirstOrDefault(), request.Headers.Authorization.Scheme); context.ErrorResult = new AuthenticationFailureResult("Invalid or expired signature. " + diagnostic, request); } else { var claims = new List <Claim>() { new Claim(ClaimTypes.Name, userId) }; context.Principal = new ClaimsPrincipal( new[] { new ClaimsIdentity(claims, SignatureProvider.SignatureScheme) }); } //Place user id in context for later use context.ActionContext.Request.Properties.Add(UserIdField, userId); return(Task.FromResult(0)); }