public bool TryFortify() {
var identityReader = identityReaderFactory.Create();
IEnumerable<Claim> identity;
var isAuthenticated = identityReader.TryRead(out identity);
if (!isAuthenticated) return false;
var claims = identity.ToList();
var userId = claims.Single(c => c.Type.Equals("UserId")).Value;
var platform = claims.Single(c => c.Type.Equals("Platform")).Value;
var encryptionKey = ArmorSettings.EncryptionKey;
var hashingKey = ArmorSettings.HashingKey;
var nonceGenerator = new NonceGenerator();
nonceGenerator.Execute();
var armorToken = new ArmorToken(userId, platform,
nonceGenerator.Nonce);
var armorTokenConstructor = new ArmorTokenConstructor();
var standardSecureArmorTokenBuilder =
new StandardSecureArmorTokenBuilder(armorToken, encryptionKey,
hashingKey);
var generateSecureArmorToken =
new GenerateSecureArmorToken(armorTokenConstructor,
standardSecureArmorTokenBuilder);
generateSecureArmorToken.Execute();
httpContext.Response.AppendHeader("ARMOR",
generateSecureArmorToken.SecureArmorToken);
return true;
}
public string Get()
{
var stopwatch = new Stopwatch();
stopwatch.Start();
var hashingKey = new byte[32];
var encryptionKey = new byte[32];
using (var provider = new RNGCryptoServiceProvider()) {
provider.GetBytes(hashingKey);
provider.GetBytes(encryptionKey);
}
var nonceGenerator = new NonceGenerator();
nonceGenerator.Execute();
var armorToken = new ArmorToken("*****@*****.**", "HMH", nonceGenerator.Nonce);
var hash = new HashArmorTokenGenerationStep(new HMACSHA256HashingMechanismFactory(hashingKey), new EmptyArmorTokenGenerationStep());
var encrypt = new EncryptArmorTokenGenerationStep(new RijndaelEncryptionMechanismFactory(encryptionKey), hash);
var serialise = new SerialiseArmorTokenGenerationStep(new ArmorTokenSerialisor(), encrypt);
var armorTokenGenerator = new ArmorTokenGenerator(armorToken, serialise);
armorTokenGenerator.Execute();
stopwatch.Stop();
Trace.WriteLine(string.Concat("Time: ", stopwatch.ElapsedMilliseconds));
return(armorTokenGenerator.ArmorToken);
}
public void WhenIParseTheDecryptedToken()
{
var deserialisor = new ArmorTokenDeserialisor(decryptedArmorToken);
deserialisor.Execute();
deserialisedArmorToken = deserialisor.DeserialisedArmorToken;
}
public void GivenIHaveSuppliedASerialisedArmorToken()
{
armorToken = new ArmorToken("*****@*****.**", "myPlatform", 0, new[] { new Claim("Dummy", "Claim") });
var serialisor = new ArmorTokenSerialisor(armorToken);
serialisor.Execute();
serialisedArmorToken = serialisor.SerialisedArmorToken;
}
public void WhenIDeserialiseTheArmorToken()
{
var deserialisor = new ArmorTokenDeserialisor(serialisedArmorToken);
deserialisor.Execute();
deserialisedArmorToken = deserialisor.DeserialisedArmorToken;
}
protected override bool IsAuthorized(HttpActionContext actionContext)
{
#region Read logged-in user claims
var principal = (ClaimsIdentity)Thread.CurrentPrincipal.Identity;
var userId = principal.Claims.Single(c => c.Type.Equals("UserId")).Value;
var platform = principal.Claims.Single(c => c.Type.Equals("Platform")).Value;
#endregion
#region Ensure existence of ArmorToken in HTTP header
var armorHeaderParser = new ArmorHeaderParser(actionContext.Request.Headers);
armorHeaderParser.Execute();
if (!armorHeaderParser.ArmorTokenHeader.IsValid)
{
return(false);
}
#endregion
#region Validate ArmorToken
var encryptionKey = Convert.FromBase64String("0nA6gWIoNXeeFjJFo1qi1ZlL7NI/4a6YbL8RnqMTC1A=");
var hashingKey = Convert.FromBase64String("0nA6gWIoNXeeFjJFo1qi1ZlL7NI/4a6YbL8RnqMTC1A=");
var secureArmorTokenValidator = new SecureArmorTokenValidator(armorHeaderParser.ArmorTokenHeader.ArmorToken, encryptionKey, hashingKey, userId, 10000000000);
secureArmorTokenValidator.Execute();
if (!secureArmorTokenValidator.ArmorTokenValidationStepResult.IsValid)
{
return(false);
}
#endregion
#region Refresh ArmorToken and re-issue
var nonceGenerator = new NonceGenerator();
nonceGenerator.Execute();
var armorToken = new ArmorToken(userId, platform, nonceGenerator.Nonce, new[] { new Claim("Another", "Claim") });
var armorTokenConstructor = new ArmorTokenConstructor();
var standardSecureArmorTokenBuilder = new StandardSecureArmorTokenBuilder(armorToken, encryptionKey, hashingKey);
var generateSecureArmorToken = new GenerateSecureArmorToken(armorTokenConstructor, standardSecureArmorTokenBuilder);
generateSecureArmorToken.Execute();
#endregion
HttpContext.Current.Response.AppendHeader("ARMOR", generateSecureArmorToken.SecureArmorToken);
return(true);
}
public void WhenIInvokeTheStandardArmorTokenConstructor()
{
var armorToken = new ArmorToken("*****@*****.**", "myPlatform", 0, new[] { new Claim("Dummy", "Claim") });
encryptionKey = Convert.FromBase64String("0nA6gWIoNXeeFjJFo1qi1ZlL7NI/4a6YbL8RnqMTC1A=");
hashingKey = Convert.FromBase64String("0nA6gWIoNXeeFjJFo1qi1ZlL7NI/4a6YbL8RnqMTC1A=");
var builder = new StandardSecureArmorTokenBuilder(armorToken, encryptionKey, hashingKey);
armorTokenConstructor.Construct(builder);
secureArmorToken = builder.SecureArmorToken;
}
public void WhenIVerifyTheHashedArmorTokenSHMACSHASignature(int p0)
{
switch (p0)
{
case 256:
hashingMode = HashingMode.HMACSHA256;
break;
case 512:
hashingMode = HashingMode.HMACSHA512;
break;
default:
throw new NotImplementedException("Invalid Hashing Mode.");
}
var hashedArmorTokenParser = new HashedArmorTokenParser(hashingMode, Convert.FromBase64String(hashedArmorToken));
hashedArmorTokenParser.Execute();
byte[] hash;
switch (p0)
{
case 256:
using (var hmac = new HMACSHA256(hashingKey)) hash = hmac.ComputeHash(hashedArmorTokenParser.ParsedArmorToken.ArmorToken);
break;
case 512:
using (var hmac = new HMACSHA512(hashingKey)) hash = hmac.ComputeHash(hashedArmorTokenParser.ParsedArmorToken.ArmorToken);
break;
default:
throw new NotImplementedException("Invalid Hashing Mode.");
}
Assert.AreEqual(hashedArmorTokenParser.ParsedArmorToken.Hash, hash);
var encryptionMechanismFactory = new RijndaelDecryptionMechanismFactory(encryptionKey, hashedArmorTokenParser.ParsedArmorToken.ArmorToken);
var armorTokenDecryptor = new ArmorTokenEncryptor(encryptionMechanismFactory);
armorTokenDecryptor.Execute();
var decrypted = armorTokenDecryptor.Output;
var armorTokenDeserialisor = new ArmorTokenDeserialisor(decrypted);
armorTokenDeserialisor.Execute();
deserialisedArmorToken = armorTokenDeserialisor.DeserialisedArmorToken;
}
public void GivenIHaveSuppliedAnEncryptedArmorTokenForHashUsingHMACSHA(int p0)
{
originalArmorToken = new ArmorToken("*****@*****.**", "myPlatform", 0, new[] { new Claim("Dummy", "Claim") });
var armorTokenSerialisor = new ArmorTokenSerialisor(originalArmorToken);
armorTokenSerialisor.Execute();
using (var provider = new RNGCryptoServiceProvider()) provider.GetBytes(encryptionKey);
var encryptionMechanismFactory = new RijndaelEncryptionMechanismFactory(encryptionKey, Encoding.UTF8.GetBytes(armorTokenSerialisor.SerialisedArmorToken));
var armorTokenEncryptor = new ArmorTokenEncryptor(encryptionMechanismFactory);
armorTokenEncryptor.Execute();
encryptedArmorToken = armorTokenEncryptor.Output;
}
public bool TryFortify()
{
var identityReader = identityReaderFactory.Create();
IEnumerable <Claim> identity;
var isAuthenticated = identityReader.TryRead(out identity);
if (!isAuthenticated)
{
return(false);
}
var claims = identity.ToList();
var userId = claims.Single(c => c.Type.Equals("UserId")).Value;
var platform = claims.SingleOrDefault(c => c.Type.Equals("Platform"));
var encryptionKey = ArmorSettings.EncryptionKey;
var hashingKey = ArmorSettings.HashingKey;
var nonceGenerator = new NonceGenerator();
nonceGenerator.Execute();
var armorToken = new ArmorToken(userId,
platform == null ? "ARMOR" : platform.Value,
nonceGenerator.Nonce);
var armorTokenConstructor = new ArmorTokenConstructor();
var standardSecureArmorTokenBuilder =
new StandardSecureArmorTokenBuilder(armorToken, encryptionKey,
hashingKey);
var generateSecureArmorToken =
new GenerateSecureArmorToken(armorTokenConstructor,
standardSecureArmorTokenBuilder);
generateSecureArmorToken.Execute();
httpContext.Response.AppendHeader("ARMOR",
generateSecureArmorToken.SecureArmorToken);
return(true);
}
public void ArmorTokenJsonParserParsesSerialisedArmorToken()
{
var expectedArmorToken = new ArmorToken("*****@*****.**", "myPlatform", 0, new[] { new Claim("Dummy", "Claim"), });
var raw = Encoding.UTF8.GetBytes(Resources.SerialisedArmorToken);
ArmorToken armorToken;
using (Stream stream = new MemoryStream(raw)) {
var parser = new ArmorTokenJsonParser(stream, "claims");
Assert.DoesNotThrow(parser.Parse);
armorToken = parser.Result.FirstOrDefault();
}
Assert.NotNull(armorToken);
foreach (var expectedClaim in expectedArmorToken.Claims.Where(c => !c.Type.Equals("TimeStamp")))
{
Claim claim;
Assert.NotNull(claim = armorToken.Claims.SingleOrDefault(c => c.Type.Equals(expectedClaim.Type)));
Assert.AreEqual(expectedClaim.Value, claim.Value);
}
}
public void GivenIHaveSuppliedARawArmorTokenForGeneration()
{
armorToken = new ArmorToken("*****@*****.**", "myPlatform", 0, new[] { new Claim("Dummy", "Claim") });
}
public override void Generate(object armorToken)
{
this.armorToken = (ArmorToken)armorToken;
base.Generate(armorToken);
}
public override void Validate(object armorToken)
{
this.armorToken = (ArmorToken)armorToken;
Execute();
}
public StandardSecureArmorTokenBuilder(ArmorToken armorToken, byte[] encryptionKey, byte[] hashingKey) : base(armorToken, encryptionKey, hashingKey)
{
}
public void GivenIHaveSuppliedAnArmorTokenForEncryption()
{
originalArmorToken = new ArmorToken("*****@*****.**", "myPlatform", 0, new[] { new Claim("Dummy", "Claim") });
}
protected SecureArmorTokenBuilder(ArmorToken armorToken, byte[] encryptionKey, byte[] hashingKey)
{
this.armorToken = armorToken;
this.encryptionKey = encryptionKey;
this.hashingKey = hashingKey;
}
public override void Validate(object armorToken)
{
this.armorToken = (ArmorToken)armorToken;
base.Validate(armorToken);
}
