Пример #1
0
        public HttpResponseMessage RespondWithChallenge()
        {
            var challengeData = new Dictionary <string, string>
            {
                { OAuthHelper.Keys.ChallengeTimestamp, OAuthServerHelper.DateTimeToString(SystemTime.UtcNow) },
                { OAuthHelper.Keys.ChallengeSalt, OAuthHelper.BytesToString(OAuthServerHelper.RandomBytes(OAuthHelper.Keys.ChallengeSaltLength)) }
            };

            var responseData = new Dictionary <string, string>
            {
                { OAuthHelper.Keys.RSAExponent, OAuthServerHelper.RSAExponent },
                { OAuthHelper.Keys.RSAModulus, OAuthServerHelper.RSAModulus },
                { OAuthHelper.Keys.Challenge, OAuthServerHelper.EncryptSymmetric(OAuthHelper.DictionaryToString(challengeData)) }
            };

            var msg   = GetEmptyMessage(HttpStatusCode.PreconditionFailed);
            var value = OAuthHelper.Keys.WWWAuthenticateHeaderKey + " " + OAuthHelper.DictionaryToString(responseData);

            msg.Headers.TryAddWithoutValidation("WWW-Authenticate", value);

            return(msg);
        }
Пример #2
0
        public async Task <HttpResponseMessage> ApiKeyPost()
        {
            if (InnerRequest.Content.Headers.ContentLength > MaxOAuthContentLength)
            {
                return
                    (GetMessageWithObject(
                         new
                {
                    error = "invalid_request",
                    error_description = "Content length should not be over " + MaxOAuthContentLength + " bytes"
                },
                         HttpStatusCode.BadRequest));
            }

            if (InnerRequest.Content.Headers.ContentLength == 0)
            {
                return(RespondWithChallenge());
            }

            //using (var reader = new StreamReader(context.Request.InputStream))
            //	requestContents = reader.ReadToEnd();
            var requestContents = await ReadStringAsync().ConfigureAwait(false);

            var requestContentsDictionary = OAuthHelper.ParseDictionary(requestContents);
            var rsaExponent = requestContentsDictionary.GetOrDefault(OAuthHelper.Keys.RSAExponent);
            var rsaModulus  = requestContentsDictionary.GetOrDefault(OAuthHelper.Keys.RSAModulus);

            if (rsaExponent == null || rsaModulus == null ||
                !rsaExponent.SequenceEqual(OAuthServerHelper.RSAExponent) || !rsaModulus.SequenceEqual(OAuthServerHelper.RSAModulus))
            {
                return(RespondWithChallenge());
            }

            var encryptedData = requestContentsDictionary.GetOrDefault(OAuthHelper.Keys.EncryptedData);

            if (string.IsNullOrEmpty(encryptedData))
            {
                return(RespondWithChallenge());
            }

            var challengeDictionary = OAuthHelper.ParseDictionary(OAuthServerHelper.DecryptAsymmetric(encryptedData));
            var apiKeyName          = challengeDictionary.GetOrDefault(OAuthHelper.Keys.APIKeyName);
            var challenge           = challengeDictionary.GetOrDefault(OAuthHelper.Keys.Challenge);
            var response            = challengeDictionary.GetOrDefault(OAuthHelper.Keys.Response);

            if (string.IsNullOrEmpty(apiKeyName) || string.IsNullOrEmpty(challenge) || string.IsNullOrEmpty(response))
            {
                return(RespondWithChallenge());
            }

            var challengeData = OAuthHelper.ParseDictionary(OAuthServerHelper.DecryptSymmetric(challenge));
            var timestampStr  = challengeData.GetOrDefault(OAuthHelper.Keys.ChallengeTimestamp);

            if (string.IsNullOrEmpty(timestampStr))
            {
                return(RespondWithChallenge());
            }

            var challengeTimestamp = OAuthServerHelper.ParseDateTime(timestampStr);

            if (challengeTimestamp + MaxChallengeAge < SystemTime.UtcNow || challengeTimestamp > SystemTime.UtcNow)
            {
                // The challenge is either old or from the future
                return(RespondWithChallenge());
            }

            var apiKeyTuple = GetApiKeySecret(apiKeyName);

            if (apiKeyTuple == null)
            {
                return(GetMessageWithObject(new { error = "unauthorized_client", error_description = "Unknown API Key" },
                                            HttpStatusCode.Unauthorized));
            }

            var apiSecret = apiKeyTuple.Item1;

            if (string.IsNullOrEmpty(apiKeyName))
            {
                return(GetMessageWithObject(new { error = "unauthorized_client", error_description = "Invalid API Key" },
                                            HttpStatusCode.Unauthorized));
            }

            var expectedResponse = OAuthHelper.Hash(string.Format(OAuthHelper.Keys.ResponseFormat, challenge, apiSecret));

            if (response != expectedResponse)
            {
                return(GetMessageWithObject(new { error = "unauthorized_client", error_description = "Invalid challenge response" },
                                            HttpStatusCode.Unauthorized));
            }

            var token = apiKeyTuple.Item2;

            return(GetMessageWithObject(token));
        }