public void ValidateNumberOfPins(IHpkpConfiguration hpkpConfig)
{
if (hpkpConfig.MaxAge > TimeSpan.Zero && hpkpConfig.Pins.Count() < 2)
{
throw new Exception("You must supply two or more HPKP pins. One should represent a certificate currently in use, you should also include a backup pin for a cert/key not (yet) in use.");
}
}
public void ValidateNumberOfPins(IHpkpConfiguration hpkpConfig)
{
if (hpkpConfig.MaxAge > TimeSpan.Zero && hpkpConfig.Pins.Count() < 2)
{
throw new Exception("You must supply two or more HPKP pins. One should represent a certificate currently in use, you should also include a backup pin for a cert/key not (yet) in use.");
}
}
public HpkpMiddleware(AppFunc next, HpkpOptions options, bool reportOnly)
: base(next)
{
_config = options.Config;
var headerGenerator = new HeaderGenerator();
_headerResult = headerGenerator.CreateHpkpResult(_config, reportOnly);
}
public HpkpMiddleware(RequestDelegate next, HpkpOptions options, bool reportOnly)
: base(next)
{
_config = options.Config;
var headerGenerator = new HeaderGenerator();
_headerResult = headerGenerator.CreateHpkpResult(_config, reportOnly);
}
public HeaderResult CreateHpkpResult(IHpkpConfiguration hpkpConfig, bool reportOnly)
{
if (hpkpConfig.MaxAge < TimeSpan.Zero || hpkpConfig.Pins == null || !hpkpConfig.Pins.Any())
{
return(null);
}
var headerName = reportOnly ? HeaderConstants.HpkpReportOnlyHeader : HeaderConstants.HpkpHeader;
var seconds = (int)hpkpConfig.MaxAge.TotalSeconds;
//Unpinning. Save a few bytes by ignoring other directives.
if (seconds == 0)
{
return(new HeaderResult(HeaderResult.ResponseAction.Set, headerName, "max-age=" + seconds));
}
var sb = new StringBuilder();
sb.Append("max-age=").Append(seconds).Append(";");
if (hpkpConfig.IncludeSubdomains)
{
sb.Append("includeSubdomains;");
}
foreach (var pin in hpkpConfig.Pins)
{
sb.Append("pin-").Append(pin).Append(";");
}
if (string.IsNullOrEmpty(hpkpConfig.ReportUri))
{
sb.Remove(sb.Length - 1, 1);
}
else
{
sb.Append("report-uri=\"").Append(hpkpConfig.ReportUri).Append("\"");
}
var value = sb.ToString();
return(new HeaderResult(HeaderResult.ResponseAction.Set, headerName, value));
}
public HeaderResult CreateHpkpResult(IHpkpConfiguration hpkpConfig, bool reportOnly)
{
if (hpkpConfig.MaxAge < TimeSpan.Zero || hpkpConfig.Pins == null || !hpkpConfig.Pins.Any()) return null;
var headerName = reportOnly ? HeaderConstants.HpkpReportOnlyHeader : HeaderConstants.HpkpHeader;
var seconds = (int)hpkpConfig.MaxAge.TotalSeconds;
//Unpinning. Save a few bytes by ignoring other directives.
if (seconds == 0)
{
return new HeaderResult(HeaderResult.ResponseAction.Set, headerName, "max-age=" + seconds);
}
var sb = new StringBuilder();
sb.Append("max-age=").Append(seconds).Append(";");
if (hpkpConfig.IncludeSubdomains)
{
sb.Append("includeSubdomains;");
}
foreach (var pin in hpkpConfig.Pins)
{
sb.Append("pin-").Append(pin).Append(";");
}
if (string.IsNullOrEmpty(hpkpConfig.ReportUri))
{
sb.Remove(sb.Length - 1, 1);
}
else
{
sb.Append("report-uri=\"").Append(hpkpConfig.ReportUri).Append("\"");
}
var value = sb.ToString();
return new HeaderResult(HeaderResult.ResponseAction.Set, headerName, value);
}