internal NormalizedTimestamp(ulong unixTime, Credential credential, int localOffset = 0) { this.unixTimeMillis = unixTime * 1000; this.credential = credential; fresh = Math.Floor((this.unixTimeMillis + Convert.ToUInt64(localOffset)) / 1000.0); }
internal Cryptographer(NormalizedRequest request, ArtifactsContainer artifacts, Credential credential) { this.normalizedRequest = request; this.artifacts = artifacts; this.credential = credential; this.hasher = new Hasher(credential.Algorithm); }
/// <summary> /// Represents the query parameter bewit used by Hawk for granting temporary access. /// </summary> /// <param name="request">Request object</param> /// <param name="credential">Hawk credential to use for creating and validating bewit.</param> /// <param name="utcNow">Current date and time in UTC.</param> /// <param name="lifeSeconds">Bewit life time (time to live in seconds).</param> /// <param name="applicationSpecificData">Application specific data to be sent in the bewit</param> /// <param name="localOffset">Local offset in milliseconds.</param> internal Bewit(IRequestMessage request, Credential credential, DateTime utcNow, int lifeSeconds, string applicationSpecificData, int localOffset = 0) { this.credential = credential; this.request = request; this.utcNow = utcNow; this.lifeSeconds = lifeSeconds; this.applicationSpecificData = applicationSpecificData; this.localOffset = localOffset; }
static void Main(string[] args) { string uri = "http://localhost:12345/values"; var credential = new Credential() { Id = "dh37fgj492je", Algorithm = SupportedAlgorithms.SHA256, User = "******", Key = Convert.FromBase64String("wBgvhp1lZTr4Tb6K6+5OQa1bL9fxK7j8wBsepjqVNiQ=") }; // GET and POST using the Authorization header var options = new ClientOptions() { CredentialsCallback = () => credential, RequestPayloadHashabilityCallback = (r) => true, NormalizationCallback = (req) => { string name = "X-Request-Header-To-Protect"; return req.Headers.ContainsKey(name) ? name + ":" + req.Headers[name].First() : null; } }; var handler = new HawkValidationHandler(options); HttpClient client = HttpClientFactory.Create(handler); client.DefaultRequestHeaders.Add("X-Request-Header-To-Protect", "secret"); var response = client.GetAsync(uri).Result; Console.WriteLine(response.Content.ReadAsStringAsync().Result); response = client.PostAsJsonAsync(uri, credential.User).Result; Console.WriteLine(response.Content.ReadAsStringAsync().Result); // GET using Bewit var hawkClient = new HawkClient(options); var request = new HttpRequestMessage() { RequestUri = new Uri(uri) }; string bewit = hawkClient.CreateBewit(new WebApiRequestMessage(request), lifeSeconds: 60); // Bewit is handed off to a client needing temporary access to the resource. var clientNeedingTempAccess = new WebClient(); var resource = clientNeedingTempAccess.DownloadString(uri + "?bewit=" + bewit); Console.WriteLine(resource); Console.Read(); }
static void Main(string[] args) { string uri = "http://localhost:8089/hawk"; var credential = new Credential() { Id = "44363926-D61B-43C9-B743-34C58F04A356", Algorithm = SupportedAlgorithms.SHA256, User = "******", Key = Guid.Parse("36579269-7A4D-4E83-81C0-F928BDD42B11").ToByteArray() }; var options = new ClientOptions() { CredentialsCallback = () => credential, RequestPayloadHashabilityCallback = (r) => true, NormalizationCallback = (req) => { string name = "X-Storage-Token"; return req.Headers.ContainsKey(name) ? name + ":" + req.Headers[name].First() : null; } }; var handler = new HawkValidationHandler(options); HttpClient client = HttpClientFactory.Create(handler); client.DefaultRequestHeaders.Add( "X-Storage-Token", "secret"); var response = client.GetAsync(uri).Result; Console.WriteLine(response.Content.ReadAsStringAsync().Result); response = client.PostAsJsonAsync(uri, credential.User).Result; Console.WriteLine(response.Content.ReadAsStringAsync().Result); Console.Read(); }
internal NormalizedTimestamp(DateTime utcNow, Credential credential, int localOffset = 0) : this(utcNow.ToUnixTime(), credential, localOffset) { }
public void Add(Credential credential) { _credentials.Add(credential); }
/// <summary> /// Returns an AuthenticationResult object corresponding to the result of authentication done /// using the client supplied artifacts in the bewit query string parameter. /// </summary> /// <param name="bewit">Value of the query string parameter with the name of 'bewit'.</param> /// <param name="now">Date and time in UTC to be used as the base for computing bewit life.</param> /// <param name="request">Request object.</param> /// <param name="options">Hawk authentication options</param> internal static AuthenticationResult Authenticate(string bewit, ulong now, IRequestMessage request, Options options) { if (!String.IsNullOrWhiteSpace(bewit)) { if (request.Method == HttpMethod.Get) { if (options != null && options.CredentialsCallback != null) { var parts = bewit.ToUtf8StringFromBase64Url().Split('\\'); if (parts.Length == 4) { ulong timestamp = 0; if (UInt64.TryParse(parts[1], out timestamp) && timestamp * 1000 > now) { string id = parts[0]; string mac = parts[2]; string ext = parts[3]; if (!String.IsNullOrWhiteSpace(id) && !String.IsNullOrWhiteSpace(mac)) { RemoveBewitFromUri(request); Credential credential = options.CredentialsCallback(id); if (credential != null && credential.IsValid) { var artifacts = new ArtifactsContainer() { Id = id, Nonce = String.Empty, Timestamp = timestamp, Mac = mac.ToBytesFromBase64(), ApplicationSpecificData = ext ?? String.Empty }; var normalizedRequest = new NormalizedRequest(request, artifacts) { IsBewit = true }; var crypto = new Cryptographer(normalizedRequest, artifacts, credential); if (crypto.IsSignatureValid()) // Bewit is for GET and GET must have no request body { return(new AuthenticationResult() { IsAuthentic = true, Credential = credential, Artifacts = artifacts, ApplicationSpecificData = ext }); } } } } } } } } return(new AuthenticationResult() { IsAuthentic = false }); }