internal Cryptographer(NormalizedRequest request, ArtifactsContainer artifacts, Credential credential) { this.normalizedRequest = request; this.artifacts = artifacts; this.credential = credential; this.hasher = new Hasher(credential.Algorithm); }
internal NormalizedTimestamp(ulong unixTime, Credential credential, int localOffset = 0) { this.unixTimeMillis = unixTime * 1000; this.credential = credential; fresh = Math.Floor((this.unixTimeMillis + Convert.ToUInt64(localOffset)) / 1000.0); }
internal NormalizedTimestamp(ulong unixTime, Credential credential) { this.unixTimeMillis = unixTime * 1000; this.credential = credential; var localOffset = UInt64.Parse(ConfigurationManager.AppSettings["LocalTimeOffsetMillis"]); fresh = Math.Floor((this.unixTimeMillis + localOffset) / 1000.0); }
/// <summary> /// Represents the query parameter bewit used by Hawk for granting temporary access. /// </summary> /// <param name="request">Request object</param> /// <param name="credential">Hawk credential to use for creating and validating bewit.</param> /// <param name="utcNow">Current date and time in UTC</param> /// <param name="lifeSeconds">Bewit life time (time to live in seconds)</param> /// <param name="applicationSpecificData">Application specific data to be sent in the bewit</param> internal Bewit(HttpRequestMessage request, Credential credential, DateTime utcNow, int lifeSeconds, string applicationSpecificData) { this.credential = credential; this.request = request; this.utcNow = utcNow; this.lifeSeconds = lifeSeconds; this.applicationSpecificData = applicationSpecificData; }
static void Main(string[] args) { string uri = "http://localhost:12345/values"; var credential = new Credential() { Id = "dh37fgj492je", Algorithm = SupportedAlgorithms.SHA256, User = "******", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn" }; // GET and POST using the Authorization header var options = new ClientOptions() { CredentialsCallback = () => credential, RequestPayloadHashabilityCallback = (r) => true, NormalizationCallback = (req) => { string name = "X-Request-Header-To-Protect"; return req.Headers.ContainsKey(name) ? name + ":" + req.Headers[name].First() : null; } }; var handler = new HawkValidationHandler(options); HttpClient client = HttpClientFactory.Create(handler); client.DefaultRequestHeaders.Add("X-Request-Header-To-Protect", "secret"); var response = client.GetAsync(uri).Result; Console.WriteLine(response.Content.ReadAsStringAsync().Result); response = client.PostAsJsonAsync(uri, credential.User).Result; Console.WriteLine(response.Content.ReadAsStringAsync().Result); // GET using Bewit var hawkClient = new HawkClient(options); var request = new HttpRequestMessage() { RequestUri = new Uri(uri) }; string bewit = hawkClient.CreateBewit(new WebApiRequestMessage(request), lifeSeconds: 60); // Bewit is handed off to a client needing temporary access to the resource. var clientNeedingTempAccess = new WebClient(); var resource = clientNeedingTempAccess.DownloadString(uri + "?bewit=" + bewit); Console.WriteLine(resource); Console.Read(); }
static void Main(string[] args) { var credential = new Credential() { Id = "dh37fgj492je", Algorithm = SupportedAlgorithms.SHA256, User = "******", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn" }; string uri = "http://localhost:12345/api/values"; var client = new HttpClient(); // GET using the Authorization header var request = new HttpRequestMessage(HttpMethod.Get, uri); request.Headers.Add("X-Request-Header-To-Protect", "Swoosh"); var hawkClient = new HawkClient(() => credential); hawkClient.ApplicationSpecificData = "X-Request-Header-To-Protect:Swoosh"; // Normalized header hawkClient.CreateClientAuthorizationAsync(request).Wait(); var response = client.SendAsync(request).Result; var isAuthentic = hawkClient.AuthenticateAsync(response).Result; Console.WriteLine(isAuthentic ? response.Content.ReadAsStringAsync().Result : "Response is Tampered"); // GET using Bewit hawkClient = new HawkClient(() => credential); string bewit = hawkClient.CreateBewitAsync(new HttpRequestMessage() { RequestUri = new Uri(uri) }, lifeSeconds:60).Result; // Bewit is handed off to a client needing temporary access to the resource. var clientNeedingTempAccess = new WebClient(); var resource = clientNeedingTempAccess.DownloadString(uri + "?bewit=" + bewit); Console.WriteLine(resource); Console.Read(); }
static void Main(string[] args) { string uri = "http://localhost:12345/api/values"; string headerName = "X-Response-Header-To-Protect"; var credential = new Credential() { Id = "dh37fgj492je", Algorithm = SupportedAlgorithms.SHA256, User = "******", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn" }; // GET and POST using the Authorization header var handler = new HawkValidationHandler(credentialsCallback: () => credential, verificationCallback: (r, ext) => ext.Equals(headerName + ":" + r.Headers.GetValues(headerName).First())); HttpClient client = HttpClientFactory.Create(handler); var response = client.GetAsync(uri).Result; Console.WriteLine(response.Content.ReadAsStringAsync().Result); response = client.PostAsJsonAsync(uri, credential.User).Result; Console.WriteLine(response.Content.ReadAsStringAsync().Result); // GET using Bewit var hawkClient = new HawkClient(() => credential); string bewit = hawkClient.CreateBewitAsync(new HttpRequestMessage() { RequestUri = new Uri(uri) }, lifeSeconds:60).Result; // Bewit is handed off to a client needing temporary access to the resource. var clientNeedingTempAccess = new WebClient(); var resource = clientNeedingTempAccess.DownloadString(uri + "?bewit=" + bewit); Console.WriteLine(resource); Console.Read(); }
internal NormalizedTimestamp(DateTime utcNow, Credential credential) : this(utcNow.ToUnixTime(), credential) { }
internal NormalizedTimestamp(DateTime utcNow, Credential credential, int localOffset = 0) : this(utcNow.ToUnixTime(), credential, localOffset) { }
/// <summary> /// Returns an AuthenticationResult object corresponding to the result of authentication done /// using the client supplied artifacts in the bewit query string parameter. /// </summary> /// <param name="bewit">Value of the query string parameter with the name of 'bewit'.</param> /// <param name="now">Date and time in UTC to be used as the base for computing bewit life.</param> /// <param name="request">Request object.</param> /// <param name="options">Hawk authentication options</param> internal static AuthenticationResult Authenticate(string bewit, ulong now, IRequestMessage request, Options options) { if (!String.IsNullOrWhiteSpace(bewit)) { if (request.Method == HttpMethod.Get) { if (options != null && options.CredentialsCallback != null) { var parts = bewit.ToUtf8StringFromBase64Url().Split('\\'); if (parts.Length == 4) { ulong timestamp = 0; if (UInt64.TryParse(parts[1], out timestamp) && timestamp * 1000 > now) { string id = parts[0]; string mac = parts[2]; string ext = parts[3]; if (!String.IsNullOrWhiteSpace(id) && !String.IsNullOrWhiteSpace(mac)) { RemoveBewitFromUri(request); Credential credential = options.CredentialsCallback(id); if (credential != null && credential.IsValid) { var artifacts = new ArtifactsContainer() { Id = id, Nonce = String.Empty, Timestamp = timestamp, Mac = mac.ToBytesFromBase64(), ApplicationSpecificData = ext ?? String.Empty }; var normalizedRequest = new NormalizedRequest(request, artifacts) { IsBewit = true }; var crypto = new Cryptographer(normalizedRequest, artifacts, credential); if (crypto.IsSignatureValid()) // Bewit is for GET and GET must have no request body { return(new AuthenticationResult() { IsAuthentic = true, Credential = credential, Artifacts = artifacts, ApplicationSpecificData = ext }); } } } } } } } } return(new AuthenticationResult() { IsAuthentic = false }); }