Exemplo n.º 1
0
        /// <summary>
        /// Returns true, if there is a WWW-Authenticate header containing ts and tsm but mac
        /// computed for ts does not match tsm, indicating possible tampering. Otherwise, returns false.
        /// This method also sets the compensation field so that the timestamp in the subsequent requests
        /// are adjusted to reduce the clock skew.
        /// </summary>
        private bool IsTimestampResponseTampered(ArtifactsContainer artifacts, HttpResponseMessage response)
        {
            if (response.Headers.WwwAuthenticate != null)
            {
                var wwwHeader = response.Headers.WwwAuthenticate.FirstOrDefault();

                if (wwwHeader != null && wwwHeader.Scheme.ToLower() == HawkConstants.Scheme)
                {
                    string parameter = wwwHeader.Parameter;

                    ArtifactsContainer timestampArtifacts;
                    if (!String.IsNullOrWhiteSpace(parameter) &&
                        ArtifactsContainer.TryParse(parameter, out timestampArtifacts))
                    {
                        var ts = new NormalizedTimestamp(timestampArtifacts.Timestamp, credentialFunc());

                        if (!ts.IsValid(timestampArtifacts.TimestampMac))
                        {
                            return(true);
                        }

                        lock (myPrecious)
                            HawkClient.CompensatorySeconds = (int)(timestampArtifacts.Timestamp - DateTime.UtcNow.ToUnixTime());

                        Tracing.Information("HawkClient.CompensatorySeconds set to " + HawkClient.CompensatorySeconds);
                    }
                }
            }

            return(false);
        }
        /// <summary>
        /// Returns true, if there is a WWW-Authenticate header containing ts and tsm but mac
        /// computed for ts does not match tsm, indicating possible tampering. Otherwise, returns false.
        /// This method also sets the compensation field so that the timestamp in the subsequent requests
        /// are adjusted to reduce the clock skew.
        /// </summary>
        private bool IsTimestampResponseTampered(ArtifactsContainer artifacts, IResponseMessage response)
        {
            var wwwHeader = response.WwwAuthenticate;

            if (wwwHeader != null)
            {
                string parameter = wwwHeader.Parameter;

                ArtifactsContainer timestampArtifacts;
                if (!String.IsNullOrWhiteSpace(parameter) &&
                    ArtifactsContainer.TryParse(parameter, out timestampArtifacts))
                {
                    var ts = new NormalizedTimestamp(timestampArtifacts.Timestamp, options.CredentialsCallback(), options.LocalTimeOffsetMillis);

                    if (!ts.IsValid(timestampArtifacts.TimestampMac))
                    {
                        return(true);
                    }

                    lock (myPrecious)
                        HawkClient.CompensatorySeconds = (int)(timestampArtifacts.Timestamp - DateTime.UtcNow.ToUnixTime());

                    Tracing.Information("HawkClient.CompensatorySeconds set to " + HawkClient.CompensatorySeconds);
                }
            }

            return(false);
        }
        /// <summary>
        /// Returns true, if there is a WWW-Authenticate header containing ts and tsm but mac
        /// computed for ts does not match tsm, indicating possible tampering. Otherwise, returns false.
        /// This method also sets the compensation field so that the timestamp in the subsequent requests
        /// are adjusted to reduce the clock skew.
        /// </summary>
        private bool IsTimestampResponseTampered(ArtifactsContainer artifacts, HttpResponseMessage response)
        {
            if (response.Headers.WwwAuthenticate != null)
            {
                var wwwHeader = response.Headers.WwwAuthenticate.FirstOrDefault();

                if (wwwHeader != null && wwwHeader.Scheme.ToLower() == HawkConstants.Scheme)
                {
                    string parameter = wwwHeader.Parameter;

                    ArtifactsContainer timestampArtifacts;
                    if (!String.IsNullOrWhiteSpace(parameter) &&
                                    ArtifactsContainer.TryParse(parameter, out timestampArtifacts))
                    {
                        var ts = new NormalizedTimestamp(timestampArtifacts.Timestamp, credentialFunc());

                        if (!ts.IsValid(timestampArtifacts.TimestampMac))
                            return true;

                        lock (myPrecious)
                            HawkClient.CompensatorySeconds = (int)(timestampArtifacts.Timestamp - DateTime.UtcNow.ToUnixTime());
                    }
                }
            }

            return false;
        }