コード例 #1
0
 internal Cryptographer(NormalizedRequest request, ArtifactsContainer artifacts, Credential credential)
 {
     this.normalizedRequest = request;
     this.artifacts = artifacts;
     this.credential = credential;
     this.hasher = new Hasher(credential.Algorithm);
 }
        internal NormalizedTimestamp(ulong unixTime, Credential credential, int localOffset = 0)
        {
            this.unixTimeMillis = unixTime * 1000;
            this.credential = credential;

            fresh = Math.Floor((this.unixTimeMillis + Convert.ToUInt64(localOffset)) / 1000.0);
        }
コード例 #3
0
        internal NormalizedTimestamp(ulong unixTime, Credential credential)
        {
            this.unixTimeMillis = unixTime * 1000;
            this.credential = credential;

            var localOffset = UInt64.Parse(ConfigurationManager.AppSettings["LocalTimeOffsetMillis"]);
            fresh = Math.Floor((this.unixTimeMillis + localOffset) / 1000.0);
        }
コード例 #4
0
 /// <summary>
 /// Represents the query parameter bewit used by Hawk for granting temporary access.
 /// </summary>
 /// <param name="request">Request object</param>
 /// <param name="credential">Hawk credential to use for creating and validating bewit.</param>
 /// <param name="utcNow">Current date and time in UTC</param>
 /// <param name="lifeSeconds">Bewit life time (time to live in seconds)</param>
 /// <param name="applicationSpecificData">Application specific data to be sent in the bewit</param>
 internal Bewit(HttpRequestMessage request, Credential credential,
                     DateTime utcNow, int lifeSeconds, string applicationSpecificData)
 {
     this.credential = credential;
     this.request = request;
     this.utcNow = utcNow;
     this.lifeSeconds = lifeSeconds;
     this.applicationSpecificData = applicationSpecificData;
 }
コード例 #5
0
        static void Main(string[] args)
        {
            string uri = "http://localhost:12345/values";

            var credential = new Credential()
            {
                Id = "dh37fgj492je",
                Algorithm = SupportedAlgorithms.SHA256,
                User = "******",
                Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn"
            };

            // GET and POST using the Authorization header
            var options = new ClientOptions()
            {
                CredentialsCallback = () => credential,
                RequestPayloadHashabilityCallback = (r) => true,
                NormalizationCallback = (req) =>
                {
                    string name = "X-Request-Header-To-Protect";
                    return req.Headers.ContainsKey(name) ? 
                                name + ":" + req.Headers[name].First() : null;
                }
            };

            var handler = new HawkValidationHandler(options);

            HttpClient client = HttpClientFactory.Create(handler);
            client.DefaultRequestHeaders.Add("X-Request-Header-To-Protect", "secret");

            var response = client.GetAsync(uri).Result;
            Console.WriteLine(response.Content.ReadAsStringAsync().Result);

            response = client.PostAsJsonAsync(uri, credential.User).Result;
            Console.WriteLine(response.Content.ReadAsStringAsync().Result);

            // GET using Bewit
            var hawkClient = new HawkClient(options);
            var request = new HttpRequestMessage() { RequestUri = new Uri(uri) };

            string bewit = hawkClient.CreateBewit(new WebApiRequestMessage(request),
                                                        lifeSeconds: 60);

            // Bewit is handed off to a client needing temporary access to the resource.
            var clientNeedingTempAccess = new WebClient();
            var resource = clientNeedingTempAccess.DownloadString(uri + "?bewit=" + bewit);
            Console.WriteLine(resource);

            Console.Read();
        }
コード例 #6
0
        static void Main(string[] args)
        {
            var credential = new Credential()
            {
                Id = "dh37fgj492je",
                Algorithm = SupportedAlgorithms.SHA256,
                User = "******",
                Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn"
            };

            string uri = "http://localhost:12345/api/values";

            var client = new HttpClient();

            // GET using the Authorization header
            var request = new HttpRequestMessage(HttpMethod.Get, uri);
            request.Headers.Add("X-Request-Header-To-Protect", "Swoosh");

            var hawkClient = new HawkClient(() => credential);
            hawkClient.ApplicationSpecificData = "X-Request-Header-To-Protect:Swoosh"; // Normalized header
            hawkClient.CreateClientAuthorizationAsync(request).Wait();

            var response = client.SendAsync(request).Result;
            var isAuthentic = hawkClient.AuthenticateAsync(response).Result;
            Console.WriteLine(isAuthentic ? response.Content.ReadAsStringAsync().Result : "Response is Tampered");

            // GET using Bewit
            hawkClient = new HawkClient(() => credential);
            string bewit = hawkClient.CreateBewitAsync(new HttpRequestMessage() { RequestUri = new Uri(uri) },
                                                        lifeSeconds:60).Result;

            // Bewit is handed off to a client needing temporary access to the resource.
            var clientNeedingTempAccess = new WebClient();
            var resource = clientNeedingTempAccess.DownloadString(uri + "?bewit=" + bewit);
            Console.WriteLine(resource);

            Console.Read();
        }
コード例 #7
0
        static void Main(string[] args)
        {
            string uri = "http://localhost:12345/api/values";
            string headerName = "X-Response-Header-To-Protect";

            var credential = new Credential()
            {
                Id = "dh37fgj492je",
                Algorithm = SupportedAlgorithms.SHA256,
                User = "******",
                Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn"
            };
            
            // GET and POST using the Authorization header
            var handler = new HawkValidationHandler(credentialsCallback: () => credential,
                                                        verificationCallback: (r, ext) =>
                                                            ext.Equals(headerName + ":" + r.Headers.GetValues(headerName).First()));
            HttpClient client = HttpClientFactory.Create(handler);
            
            var response = client.GetAsync(uri).Result;
            Console.WriteLine(response.Content.ReadAsStringAsync().Result);

            response = client.PostAsJsonAsync(uri, credential.User).Result;
            Console.WriteLine(response.Content.ReadAsStringAsync().Result);

            // GET using Bewit
            var hawkClient = new HawkClient(() => credential);
            string bewit = hawkClient.CreateBewitAsync(new HttpRequestMessage() { RequestUri = new Uri(uri) },
                                                        lifeSeconds:60).Result;

            // Bewit is handed off to a client needing temporary access to the resource.
            var clientNeedingTempAccess = new WebClient();
            var resource = clientNeedingTempAccess.DownloadString(uri + "?bewit=" + bewit);
            Console.WriteLine(resource);

            Console.Read();
        }
コード例 #8
0
 internal NormalizedTimestamp(DateTime utcNow, Credential credential) : this(utcNow.ToUnixTime(), credential) { }
コード例 #9
0
 internal NormalizedTimestamp(DateTime utcNow, Credential credential, int localOffset = 0) :
     this(utcNow.ToUnixTime(), credential, localOffset)
 {
 }
コード例 #10
0
 internal NormalizedTimestamp(DateTime utcNow, Credential credential, int localOffset = 0) :
     this(utcNow.ToUnixTime(), credential, localOffset) { }
コード例 #11
0
        /// <summary>
        /// Returns an AuthenticationResult object corresponding to the result of authentication done
        /// using the client supplied artifacts in the bewit query string parameter.
        /// </summary>
        /// <param name="bewit">Value of the query string parameter with the name of 'bewit'.</param>
        /// <param name="now">Date and time in UTC to be used as the base for computing bewit life.</param>
        /// <param name="request">Request object.</param>
        /// <param name="options">Hawk authentication options</param>
        internal static AuthenticationResult Authenticate(string bewit, ulong now, IRequestMessage request, Options options)
        {
            if (!String.IsNullOrWhiteSpace(bewit))
            {
                if (request.Method == HttpMethod.Get)
                {
                    if (options != null && options.CredentialsCallback != null)
                    {
                        var parts = bewit.ToUtf8StringFromBase64Url().Split('\\');

                        if (parts.Length == 4)
                        {
                            ulong timestamp = 0;
                            if (UInt64.TryParse(parts[1], out timestamp) && timestamp * 1000 > now)
                            {
                                string id  = parts[0];
                                string mac = parts[2];
                                string ext = parts[3];

                                if (!String.IsNullOrWhiteSpace(id) && !String.IsNullOrWhiteSpace(mac))
                                {
                                    RemoveBewitFromUri(request);

                                    Credential credential = options.CredentialsCallback(id);
                                    if (credential != null && credential.IsValid)
                                    {
                                        var artifacts = new ArtifactsContainer()
                                        {
                                            Id        = id,
                                            Nonce     = String.Empty,
                                            Timestamp = timestamp,
                                            Mac       = mac.ToBytesFromBase64(),
                                            ApplicationSpecificData = ext ?? String.Empty
                                        };

                                        var normalizedRequest = new NormalizedRequest(request, artifacts)
                                        {
                                            IsBewit = true
                                        };
                                        var crypto = new Cryptographer(normalizedRequest, artifacts, credential);

                                        if (crypto.IsSignatureValid()) // Bewit is for GET and GET must have no request body
                                        {
                                            return(new AuthenticationResult()
                                            {
                                                IsAuthentic = true,
                                                Credential = credential,
                                                Artifacts = artifacts,
                                                ApplicationSpecificData = ext
                                            });
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }

            return(new AuthenticationResult()
            {
                IsAuthentic = false
            });
        }
コード例 #12
0
 internal Cryptographer(NormalizedRequest request, ArtifactsContainer artifacts, Credential credential)
 {
     this.normalizedRequest = request;
     this.artifacts         = artifacts;
     this.credential        = credential;
     this.hasher            = new Hasher(credential.Algorithm);
 }