internal NormalizedTimestamp(ulong unixTime, Credential credential, int localOffset = 0)
{
this.unixTimeMillis = unixTime * 1000;
this.credential = credential;
fresh = Math.Floor((this.unixTimeMillis + Convert.ToUInt64(localOffset)) / 1000.0);
}
internal Cryptographer(NormalizedRequest request, ArtifactsContainer artifacts, Credential credential)
{
this.normalizedRequest = request;
this.artifacts = artifacts;
this.credential = credential;
this.hasher = new Hasher(credential.Algorithm);
}
/// <summary>
/// Represents the query parameter bewit used by Hawk for granting temporary access.
/// </summary>
/// <param name="request">Request object</param>
/// <param name="credential">Hawk credential to use for creating and validating bewit.</param>
/// <param name="utcNow">Current date and time in UTC.</param>
/// <param name="lifeSeconds">Bewit life time (time to live in seconds).</param>
/// <param name="applicationSpecificData">Application specific data to be sent in the bewit</param>
/// <param name="localOffset">Local offset in milliseconds.</param>
internal Bewit(IRequestMessage request, Credential credential,
DateTime utcNow, int lifeSeconds, string applicationSpecificData, int localOffset = 0)
{
this.credential = credential;
this.request = request;
this.utcNow = utcNow;
this.lifeSeconds = lifeSeconds;
this.applicationSpecificData = applicationSpecificData;
this.localOffset = localOffset;
}
static void Main(string[] args)
{
string uri = "http://localhost:12345/values";
var credential = new Credential()
{
Id = "dh37fgj492je",
Algorithm = SupportedAlgorithms.SHA256,
User = "******",
Key = Convert.FromBase64String("wBgvhp1lZTr4Tb6K6+5OQa1bL9fxK7j8wBsepjqVNiQ=")
};
// GET and POST using the Authorization header
var options = new ClientOptions()
{
CredentialsCallback = () => credential,
RequestPayloadHashabilityCallback = (r) => true,
NormalizationCallback = (req) =>
{
string name = "X-Request-Header-To-Protect";
return req.Headers.ContainsKey(name) ?
name + ":" + req.Headers[name].First() : null;
}
};
var handler = new HawkValidationHandler(options);
HttpClient client = HttpClientFactory.Create(handler);
client.DefaultRequestHeaders.Add("X-Request-Header-To-Protect", "secret");
var response = client.GetAsync(uri).Result;
Console.WriteLine(response.Content.ReadAsStringAsync().Result);
response = client.PostAsJsonAsync(uri, credential.User).Result;
Console.WriteLine(response.Content.ReadAsStringAsync().Result);
// GET using Bewit
var hawkClient = new HawkClient(options);
var request = new HttpRequestMessage() { RequestUri = new Uri(uri) };
string bewit = hawkClient.CreateBewit(new WebApiRequestMessage(request),
lifeSeconds: 60);
// Bewit is handed off to a client needing temporary access to the resource.
var clientNeedingTempAccess = new WebClient();
var resource = clientNeedingTempAccess.DownloadString(uri + "?bewit=" + bewit);
Console.WriteLine(resource);
Console.Read();
}
static void Main(string[] args)
{
string uri = "http://localhost:8089/hawk";
var credential = new Credential()
{
Id = "44363926-D61B-43C9-B743-34C58F04A356",
Algorithm = SupportedAlgorithms.SHA256,
User = "******",
Key = Guid.Parse("36579269-7A4D-4E83-81C0-F928BDD42B11").ToByteArray()
};
var options = new ClientOptions()
{
CredentialsCallback = () => credential,
RequestPayloadHashabilityCallback = (r) => true,
NormalizationCallback = (req) =>
{
string name = "X-Storage-Token";
return req.Headers.ContainsKey(name) ?
name + ":" + req.Headers[name].First()
: null;
}
};
var handler = new HawkValidationHandler(options);
HttpClient client = HttpClientFactory.Create(handler);
client.DefaultRequestHeaders.Add(
"X-Storage-Token", "secret");
var response = client.GetAsync(uri).Result;
Console.WriteLine(response.Content.ReadAsStringAsync().Result);
response = client.PostAsJsonAsync(uri, credential.User).Result;
Console.WriteLine(response.Content.ReadAsStringAsync().Result);
Console.Read();
}
internal NormalizedTimestamp(DateTime utcNow, Credential credential, int localOffset = 0) :
this(utcNow.ToUnixTime(), credential, localOffset) { }
public void Add(Credential credential)
{
_credentials.Add(credential);
}
/// <summary>
/// Returns an AuthenticationResult object corresponding to the result of authentication done
/// using the client supplied artifacts in the bewit query string parameter.
/// </summary>
/// <param name="bewit">Value of the query string parameter with the name of 'bewit'.</param>
/// <param name="now">Date and time in UTC to be used as the base for computing bewit life.</param>
/// <param name="request">Request object.</param>
/// <param name="options">Hawk authentication options</param>
internal static AuthenticationResult Authenticate(string bewit, ulong now, IRequestMessage request, Options options)
{
if (!String.IsNullOrWhiteSpace(bewit))
{
if (request.Method == HttpMethod.Get)
{
if (options != null && options.CredentialsCallback != null)
{
var parts = bewit.ToUtf8StringFromBase64Url().Split('\\');
if (parts.Length == 4)
{
ulong timestamp = 0;
if (UInt64.TryParse(parts[1], out timestamp) && timestamp * 1000 > now)
{
string id = parts[0];
string mac = parts[2];
string ext = parts[3];
if (!String.IsNullOrWhiteSpace(id) && !String.IsNullOrWhiteSpace(mac))
{
RemoveBewitFromUri(request);
Credential credential = options.CredentialsCallback(id);
if (credential != null && credential.IsValid)
{
var artifacts = new ArtifactsContainer()
{
Id = id,
Nonce = String.Empty,
Timestamp = timestamp,
Mac = mac.ToBytesFromBase64(),
ApplicationSpecificData = ext ?? String.Empty
};
var normalizedRequest = new NormalizedRequest(request, artifacts)
{
IsBewit = true
};
var crypto = new Cryptographer(normalizedRequest, artifacts, credential);
if (crypto.IsSignatureValid()) // Bewit is for GET and GET must have no request body
{
return(new AuthenticationResult()
{
IsAuthentic = true,
Credential = credential,
Artifacts = artifacts,
ApplicationSpecificData = ext
});
}
}
}
}
}
}
}
}
return(new AuthenticationResult()
{
IsAuthentic = false
});
}
