/// <summary> /// Returns true, if there is a WWW-Authenticate header containing ts and tsm but mac /// computed for ts does not match tsm, indicating possible tampering. Otherwise, returns false. /// This method also sets the compensation field so that the timestamp in the subsequent requests /// are adjusted to reduce the clock skew. /// </summary> private bool IsTimestampResponseTampered(ArtifactsContainer artifacts, HttpResponseMessage response) { if (response.Headers.WwwAuthenticate != null) { var wwwHeader = response.Headers.WwwAuthenticate.FirstOrDefault(); if (wwwHeader != null && wwwHeader.Scheme.ToLower() == HawkConstants.Scheme) { string parameter = wwwHeader.Parameter; ArtifactsContainer timestampArtifacts; if (!String.IsNullOrWhiteSpace(parameter) && ArtifactsContainer.TryParse(parameter, out timestampArtifacts)) { var ts = new NormalizedTimestamp(timestampArtifacts.Timestamp, credentialFunc()); if (!ts.IsValid(timestampArtifacts.TimestampMac)) { return(true); } lock (myPrecious) HawkClient.CompensatorySeconds = (int)(timestampArtifacts.Timestamp - DateTime.UtcNow.ToUnixTime()); Tracing.Information("HawkClient.CompensatorySeconds set to " + HawkClient.CompensatorySeconds); } } } return(false); }
/// <summary> /// Returns true, if there is a WWW-Authenticate header containing ts and tsm but mac /// computed for ts does not match tsm, indicating possible tampering. Otherwise, returns false. /// This method also sets the compensation field so that the timestamp in the subsequent requests /// are adjusted to reduce the clock skew. /// </summary> private bool IsTimestampResponseTampered(ArtifactsContainer artifacts, IResponseMessage response) { var wwwHeader = response.WwwAuthenticate; if (wwwHeader != null) { string parameter = wwwHeader.Parameter; ArtifactsContainer timestampArtifacts; if (!String.IsNullOrWhiteSpace(parameter) && ArtifactsContainer.TryParse(parameter, out timestampArtifacts)) { var ts = new NormalizedTimestamp(timestampArtifacts.Timestamp, options.CredentialsCallback(), options.LocalTimeOffsetMillis); if (!ts.IsValid(timestampArtifacts.TimestampMac)) { return(true); } lock (myPrecious) HawkClient.CompensatorySeconds = (int)(timestampArtifacts.Timestamp - DateTime.UtcNow.ToUnixTime()); Tracing.Information("HawkClient.CompensatorySeconds set to " + HawkClient.CompensatorySeconds); } } return(false); }
/// <summary> /// Returns true, if there is a WWW-Authenticate header containing ts and tsm but mac /// computed for ts does not match tsm, indicating possible tampering. Otherwise, returns false. /// This method also sets the compensation field so that the timestamp in the subsequent requests /// are adjusted to reduce the clock skew. /// </summary> private bool IsTimestampResponseTampered(ArtifactsContainer artifacts, HttpResponseMessage response) { if (response.Headers.WwwAuthenticate != null) { var wwwHeader = response.Headers.WwwAuthenticate.FirstOrDefault(); if (wwwHeader != null && wwwHeader.Scheme.ToLower() == HawkConstants.Scheme) { string parameter = wwwHeader.Parameter; ArtifactsContainer timestampArtifacts; if (!String.IsNullOrWhiteSpace(parameter) && ArtifactsContainer.TryParse(parameter, out timestampArtifacts)) { var ts = new NormalizedTimestamp(timestampArtifacts.Timestamp, credentialFunc()); if (!ts.IsValid(timestampArtifacts.TimestampMac)) return true; lock (myPrecious) HawkClient.CompensatorySeconds = (int)(timestampArtifacts.Timestamp - DateTime.UtcNow.ToUnixTime()); } } } return false; }