internal Cryptographer(NormalizedRequest request, ArtifactsContainer artifacts, Credential credential) { this.normalizedRequest = request; this.artifacts = artifacts; this.credential = credential; this.hasher = new Hasher(credential.Algorithm); }
/// <summary> /// Returns true, if the HMAC calculated for the normalized representation of the timestamp data that /// this instance represents matches the passed in HMAC. /// </summary> internal bool IsValid(byte[] hmacToValidateAgainst) { Hasher hasher = new Hasher(credential.Algorithm); byte[] computedMac = hasher.ComputeHmac(this.ToString().ToBytesFromUtf8(), credential.Key); // Okay not to use the constant-time comparison, since the timestamp // HMAC validation is done in the client side return computedMac.SequenceEqual(hmacToValidateAgainst); }
/// <summary> /// Returns the header parameter to be put into the HTTP WWW-Authenticate header. The field ts has the timestamp /// in UNIX time corresponding to the server clock and the field tsm is the MAC calculated for the normalized /// timestamp data using the shared symmetric key and the algorithm agreed upon. /// </summary> /// <returns></returns> internal string ToWwwAuthenticateHeaderParameter() { Hasher hasher = new Hasher(credential.Algorithm); byte[] data = this.ToString().ToBytesFromUtf8(); string tsm = hasher.ComputeHmac(data, credential.Key).ToBase64String(); char trailer = ','; StringBuilder result = new StringBuilder(); result.AppendIfNotEmpty(TS, fresh.ToString(), trailer) .AppendIfNotEmpty(TSM, tsm, trailer); return result.ToString().Trim().Trim(trailer); }