internal static void SetCadataCookies(HttpApplication httpApplication) { HttpContext context = httpApplication.Context; HttpRequest request = context.Request; HttpResponse response = context.Response; byte[] rgb = null; byte[] rgb2 = null; string s = context.Items["Authorization"] as string; int num = (int)context.Items["flags"]; HttpCookieCollection cookies = request.Cookies; using (AesCryptoServiceProvider aesCryptoServiceProvider = new AesCryptoServiceProvider()) { aesCryptoServiceProvider.GenerateKey(); aesCryptoServiceProvider.GenerateIV(); rgb = aesCryptoServiceProvider.Key; rgb2 = aesCryptoServiceProvider.IV; using (ICryptoTransform cryptoTransform = aesCryptoServiceProvider.CreateEncryptor()) { byte[] bytes = Encoding.Unicode.GetBytes(s); byte[] inArray = cryptoTransform.TransformFinalBlock(bytes, 0, bytes.Length); FbaModule.CreateAndAddCookieToResponse(request, response, "cadata", Convert.ToBase64String(inArray)); } FbaModule.SetCadataTtlCookie(aesCryptoServiceProvider, num, request, response); } X509Certificate2 sslCertificate = FbaModule.GetSslCertificate(request); RSACryptoServiceProvider rsacryptoServiceProvider = sslCertificate.PublicKey.Key as RSACryptoServiceProvider; byte[] inArray2 = rsacryptoServiceProvider.Encrypt(rgb, true); byte[] inArray3 = rsacryptoServiceProvider.Encrypt(rgb2, true); FbaModule.CreateAndAddCookieToResponse(request, response, "cadataKey", Convert.ToBase64String(inArray2)); FbaModule.CreateAndAddCookieToResponse(request, response, "cadataIV", Convert.ToBase64String(inArray3)); byte[] bytes2 = Encoding.Unicode.GetBytes("Fba Rocks!"); byte[] inArray4 = rsacryptoServiceProvider.Encrypt(bytes2, true); FbaModule.CreateAndAddCookieToResponse(request, response, "cadataSig", Convert.ToBase64String(inArray4)); }
private void ParseCadataCookies(HttpApplication httpApplication) { HttpContext context = httpApplication.Context; HttpRequest request = context.Request; HttpResponse response = context.Response; RequestDetailsLogger current = RequestDetailsLoggerBase <RequestDetailsLogger> .GetCurrent(context); string text = null; if (request.Cookies["cadata"] != null && request.Cookies["cadata"].Value != null) { text = request.Cookies["cadata"].Value; } string text2 = null; if (request.Cookies["cadataKey"] != null && request.Cookies["cadataKey"].Value != null) { text2 = request.Cookies["cadataKey"].Value; } string text3 = null; if (request.Cookies["cadataIV"] != null && request.Cookies["cadataIV"].Value != null) { text3 = request.Cookies["cadataIV"].Value; } string text4 = null; if (request.Cookies["cadataSig"] != null && request.Cookies["cadataSig"].Value != null) { text4 = request.Cookies["cadataSig"].Value; } string text5 = null; if (request.Cookies["cadataTTL"] != null && request.Cookies["cadataTTL"].Value != null) { text5 = request.Cookies["cadataTTL"].Value; } if (text == null || text2 == null || text3 == null || text4 == null || text5 == null) { return; } byte[] array = null; byte[] array2 = null; PerfCounters.HttpProxyCacheCountersInstance.FbaModuleKeyCacheHitsRateBase.Increment(); FbaModule.KeyCache.TryGetValue(text2, out array); FbaModule.KeyCache.TryGetValue(text3, out array2); if (array != null && array2 != null) { PerfCounters.HttpProxyCacheCountersInstance.FbaModuleKeyCacheHitsRate.Increment(); goto IL_362; } string text6 = null; RSACryptoServiceProvider rsacryptoServiceProvider; try { X509Certificate2 sslCertificate = FbaModule.GetSslCertificate(request); rsacryptoServiceProvider = (sslCertificate.PrivateKey as RSACryptoServiceProvider); if (rsacryptoServiceProvider != null) { byte[] rgb = Convert.FromBase64String(text4); byte[] bytes = rsacryptoServiceProvider.Decrypt(rgb, true); string @string = Encoding.Unicode.GetString(bytes); if (string.Compare(@string, "Fba Rocks!", StringComparison.Ordinal) != 0) { text6 = "does not match the SSL certificate on the Cafe web-site on another server in this Cafe array"; } } else { text6 = "does not contain RSACryptoServiceProvider"; if (ExTraceGlobals.VerboseTracer.IsTraceEnabled(TraceType.DebugTrace)) { ExTraceGlobals.VerboseTracer.TraceDebug((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] Certificate:{0},Name:{1},Thumbprint:{2},PrivateKeyKey.(Exchange/Signature)Algorighm:{3} has no RSACryptoServiceProvider", new object[] { sslCertificate.Subject, sslCertificate.FriendlyName, sslCertificate.Thumbprint, (sslCertificate.PrivateKey == null) ? "NULL" : (sslCertificate.PrivateKey.KeyExchangeAlgorithm + "/" + sslCertificate.PrivateKey.SignatureAlgorithm) }); } } } catch (CryptographicException arg) { ExTraceGlobals.VerboseTracer.TraceDebug <CryptographicException>((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] Received CryptographicException {0} decrypting cadataSig", arg); return; } if (text6 == null) { byte[] rgb2 = Convert.FromBase64String(text2); byte[] rgb3 = Convert.FromBase64String(text3); try { array = rsacryptoServiceProvider.Decrypt(rgb2, true); array2 = rsacryptoServiceProvider.Decrypt(rgb3, true); } catch (CryptographicException arg2) { ExTraceGlobals.VerboseTracer.TraceDebug <CryptographicException>((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] Received CryptographicException {0} decrypting symKey/symIV", arg2); return; } this.cadataKeyString = text2; this.cadataIVString = text3; this.symKey = array; this.symIV = array2; goto IL_362; } ExTraceGlobals.VerboseTracer.TraceError <string, string>((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] {0} {1}", "Error in validating Cadata signature. This most likely indicates that the SSL certifcate on the Cafe web-site on this server ", text6); return; IL_362: using (AesCryptoServiceProvider aesCryptoServiceProvider = new AesCryptoServiceProvider()) { aesCryptoServiceProvider.Key = array; aesCryptoServiceProvider.IV = array2; using (ICryptoTransform cryptoTransform = aesCryptoServiceProvider.CreateDecryptor()) { byte[] array3 = Convert.FromBase64String(text5); byte[] array4 = null; try { array4 = cryptoTransform.TransformFinalBlock(array3, 0, array3.Length); } catch (CryptographicException arg3) { ExTraceGlobals.VerboseTracer.TraceDebug <CryptographicException>((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] Received CryptographicException {0} transforming TTL", arg3); return; } if (array4.Length < 1) { ExTraceGlobals.VerboseTracer.TraceDebug((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] TTL length was less than 1."); return; } long ticks = BitConverter.ToInt64(array4, 0); int num = (int)array4[8]; bool flag = (num & 4) == 4; context.Items["Flags"] = num; ExDateTime t = new ExDateTime(ExTimeZone.UtcTimeZone, ticks); ExDateTime utcNow = ExDateTime.UtcNow; if (t < utcNow) { if (request.HttpMethod.Equals("GET", StringComparison.OrdinalIgnoreCase)) { if (request.QueryString.ToString().StartsWith("oeh=1&", StringComparison.OrdinalIgnoreCase)) { RequestDetailsLoggerBase <RequestDetailsLogger> .SafeAppendGenericInfo(current, "LoginTimeout", "440 - GET/OEH"); this.Send440Response(httpApplication, false); } else { RequestDetailsLoggerBase <RequestDetailsLogger> .SafeAppendGenericInfo(current, "LoginTimeout", "302 - GET/Timeout"); this.RedirectToFbaLogon(httpApplication, FbaModule.LogonReason.Timeout); } } else if (request.HttpMethod.Equals("POST", StringComparison.OrdinalIgnoreCase)) { RequestDetailsLoggerBase <RequestDetailsLogger> .SafeAppendGenericInfo(current, "LoginTimeout", "440 - POST"); this.Send440Response(httpApplication, true); } else { RequestDetailsLoggerBase <RequestDetailsLogger> .SafeAppendGenericInfo(current, "LoginTimeout", "440 - " + request.HttpMethod); this.Send440Response(httpApplication, false); } return; } FbaModule.DetermineKeyIntervalsIfNecessary(); ExDateTime t2 = t.AddTicks(-2L * (flag ? FbaModule.fbaPrivateKeyReissueInterval.Ticks : FbaModule.fbaPublicKeyReissueInterval.Ticks)); if (t2 < utcNow && OwaAuthenticationHelper.IsOwaUserActivityRequest(request)) { FbaModule.SetCadataTtlCookie(aesCryptoServiceProvider, num, request, response); } } using (ICryptoTransform cryptoTransform2 = aesCryptoServiceProvider.CreateDecryptor()) { byte[] array5 = Convert.FromBase64String(text); byte[] bytes2 = null; try { bytes2 = cryptoTransform2.TransformFinalBlock(array5, 0, array5.Length); } catch (CryptographicException arg4) { ExTraceGlobals.VerboseTracer.TraceDebug <CryptographicException>((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] Received CryptographicException {0} transforming auth", arg4); return; } string string2 = Encoding.Unicode.GetString(bytes2); request.Headers["Authorization"] = string2; } } }