public void ShouldParseValidAuthHeaderWithSha256() { var credential = new HawkCredential { Id = "123", Algorithm = "hmacsha256", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var handler = new HawkMessageHandler(new DummyHttpMessageHandler(), (id) => { return(credential); }); var invoker = new HttpMessageInvoker(handler); var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000); var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "j4h3g2", credential, "header"); var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a"); request.Headers.Authorization = new AuthenticationHeaderValue("Hawk", string.Format("id = \"456\", ts = \"{0}\", nonce=\"j4h3g2\", mac = \"{1}\", ext = \"hello\"", ts, mac)); request.Headers.Host = "example.com"; var response = invoker.SendAsync(request, new CancellationToken()) .Result; Assert.AreEqual(HttpStatusCode.OK, response.StatusCode); Assert.AreEqual(Thread.CurrentPrincipal.GetType(), typeof(ClaimsPrincipal)); }
public void ShouldSignRequest() { var credential = new HawkCredential { Id = "456", Algorithm = "hmacsha256", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var date = DateTime.Now; var ts = (int)Math.Floor(Hawk.ConvertToUnixTimestamp(date)); var mac = Hawk.CalculateMac("example.com:8080", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "k3j4h2", credential, "header"); var authorization = string.Format("id=\"456\", ts=\"{0}\", nonce=\"k3j4h2\", mac=\"{1}\", ext=\"hello\"", ts, mac); var request = (HttpWebRequest)HttpWebRequest.Create("http://example.com:8080/resource/4?filter=a"); request.SignRequest(credential, "hello", date, "k3j4h2", null); Assert.IsNotNull(request.Headers[HttpRequestHeader.Authorization]); Assert.AreEqual(request.Headers[HttpRequestHeader.Authorization], "Hawk " + authorization); }
public void ShouldParseValidAuthHeaderWithSha256() { var credential = new HawkCredential { Id = "123", Algorithm = "hmacsha256", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var filter = new RequiresHawkAttribute((id) => { return(credential); }); var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000); var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "j4h3g2", credential, "header"); var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a"); request.Headers.Authorization = new AuthenticationHeaderValue("Hawk", string.Format("id = \"456\", ts = \"{0}\", nonce=\"j4h3g2\", mac = \"{1}\", ext = \"hello\"", ts, mac)); request.Headers.Host = "example.com"; var context = new HttpActionContext(); context.ControllerContext = new HttpControllerContext(); context.ControllerContext.Request = request; filter.OnAuthorization(context); Assert.AreEqual(Thread.CurrentPrincipal.GetType(), typeof(ClaimsPrincipal)); }
public void ShouldParseValidBewit() { var credential = new HawkCredential { Id = "123", Algorithm = "hmacsha256", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var filter = new RequiresHawkAttribute((id) => { return(credential); }); var bewit = Hawk.GetBewit("example.com", new Uri("http://example.com:8080/resource/4?filter=a"), credential, 1000); var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a&bewit=" + bewit); request.Headers.Host = "example.com"; var context = new HttpActionContext(); context.ControllerContext = new HttpControllerContext(); context.ControllerContext.Request = request; filter.OnAuthorization(context); Assert.AreEqual(Thread.CurrentPrincipal.GetType(), typeof(ClaimsPrincipal)); }
public void ShouldGenerateAuthHeader() { var credential = new HawkCredential { Id = "123", Algorithm = "sha256", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var nonce = "123456"; var date = DateTime.UtcNow; var ts = Hawk.ConvertToUnixTimestamp(date).ToString(); var handler = new HawkClientMessageHandler(new DummyHttpMessageHandler(), credential, "hello", date, nonce); var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a"); var invoker = new HttpMessageInvoker(handler); invoker.SendAsync(request, new CancellationToken()); var mac = Hawk.CalculateMac(request.Headers.Host, request.Method.ToString(), request.RequestUri, "hello", ts, nonce, credential, "header"); var parameter = string.Format("id=\"{0}\", ts=\"{1}\", nonce=\"{2}\", mac=\"{3}\", ext=\"{4}\"", credential.Id, ts, nonce, mac, "hello"); Assert.IsNotNull(request.Headers.Authorization); Assert.AreEqual("Hawk", request.Headers.Authorization.Scheme); Assert.AreEqual(parameter, request.Headers.Authorization.Parameter); }
public void ShouldAuthenticateRequest() { var credential = new HawkCredential { Id = "456", Algorithm = "hmacsha256", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var date = DateTime.Now; var ts = (int)Math.Floor(Hawk.ConvertToUnixTimestamp(date) / 1000); var mac = Hawk.CalculateMac("example.com:8080", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "k3j4h2", credential, "header"); var authorization = string.Format("id=\"456\", ts=\"{0}\", nonce=\"k3j4h2\", mac=\"{1}\", ext=\"hello\"", ts, mac); var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a"); request.Headers.Host = "example.com:8080"; request.Headers.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Hawk", authorization); var principal = request.Authenticate((id) => credential); Assert.IsNotNull(principal); }
public void ShouldParseValidAuthHeaderAndPayloadWithSha256() { var credential = new HawkCredential { Id = "123", Algorithm = "sha256", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var body = "hello world"; var bodyBytes = Encoding.UTF8.GetBytes(body); var ms = new MemoryStream(); ms.Write(bodyBytes, 0, bodyBytes.Length); ms.Flush(); ms.Seek(0, SeekOrigin.Begin); var logger = new Logger(); var builder = new AppBuilderFactory().Create(); builder.SetLoggerFactory(new LoggerFactory(logger)); var hash = Hawk.CalculatePayloadHash(body, "text/plain", credential); var ts = Hawk.ConvertToUnixTimestamp(DateTime.Now); var mac = Hawk.CalculateMac("example.com", "post", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "j4h3g2", credential, "header", hash); var context = new OwinContext(); var request = (OwinRequest)context.Request; request.Set <Action <Action <object>, object> >("server.OnSendingHeaders", RegisterForOnSendingHeaders); request.Method = "post"; request.Body = ms; request.SetHeader("Host", new string[] { "example.com" }); request.SetUri(new Uri("http://example.com:8080/resource/4?filter=a")); request.ContentType = "text/plain"; request.SetHeader("Authorization", new string[] { "Hawk " + string.Format("id = \"456\", ts = \"{0}\", nonce=\"j4h3g2\", mac = \"{1}\", ext = \"hello\", hash=\"{2}\"", ts, mac, hash) }); var response = (OwinResponse)context.Response; var middleware = new HawkAuthenticationMiddleware( new AppFuncTransition((env) => { response.StatusCode = 200; return(Task.FromResult <object>(null)); }), builder, new HawkAuthenticationOptions { Credentials = (id) => Task.FromResult(credential) } ); middleware.Invoke(context); Assert.AreEqual(200, response.StatusCode); Assert.IsTrue(logger.Messages.Count == 0); }
public void ShouldAuthenticateRequest() { var credential = new HawkCredential { Id = "456", Algorithm = "hmacsha256", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var date = DateTime.Now; var ts = Hawk.ConvertToUnixTimestamp(date); var mac = Hawk.CalculateMac("example.com:8080", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "k3j4h2", credential, "header"); var authorization = string.Format("id=\"456\", ts=\"{0}\", nonce=\"k3j4h2\", mac=\"{1}\", ext=\"hello\"", ts, mac); var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a"); request.Headers.Host = "example.com:8080"; request.Headers.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Hawk", authorization); var principal = request.Authenticate((id) => credential); Assert.IsNotNull(principal); }
public void ShouldSignRequest() { var credential = new HawkCredential { Id = "456", Algorithm = "hmacsha256", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var date = DateTime.Now; var ts = Hawk.ConvertToUnixTimestamp(date); var mac = Hawk.CalculateMac("example.com:8080", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "k3j4h2", credential, "header"); var authorization = string.Format("id=\"456\", ts=\"{0}\", nonce=\"k3j4h2\", mac=\"{1}\", ext=\"hello\"", ts, mac); var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a"); request.SignRequest(credential, "hello", date, "k3j4h2", null); Assert.IsNotNull(request.Headers.Authorization != null); Assert.AreEqual(request.Headers.Authorization.Scheme, "Hawk"); Assert.AreEqual(request.Headers.Authorization.Parameter, authorization); }
static void Main(string[] args) { var host = new WebServiceHost2(typeof(CustomerDataService), true, new Uri("http://localhost:8090/CustomerOData")); var credential = new HawkCredential { Id = "id", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", Algorithm = "hmacsha256", User = "******" }; Func <string, HawkCredential> credentials = (id) => credential; host.Interceptors.Add(new HawkRequestInterceptor( credentials, false, (message) => !message.Properties.Via.AbsoluteUri.EndsWith("$metadata"))); host.Open(); foreach (ServiceEndpoint endpoint in host.Description.Endpoints) { Console.WriteLine("Listening at " + endpoint.Address.Uri.AbsoluteUri); } Thread.Sleep(1000); MakeCall(credential); Console.WriteLine("Press a key to exit"); Console.ReadLine(); }
public void ShouldParseValidAuthHeaderWithPayloadHashAndSha256() { var credential = new HawkCredential { Id = "123", Algorithm = "sha256", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var hmac = System.Security.Cryptography.HMAC.Create("hmac" + credential.Algorithm); hmac.Key = Encoding.ASCII.GetBytes(credential.Key); var hash = Hawk.CalculatePayloadHash("Thank you for flying Hawk", "text/plain", credential); var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now)); var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "k3j4h2", credential, "header", hash); var authorization = string.Format("id=\"456\", ts=\"{0}\", nonce=\"k3j4h2\", mac=\"{1}\", ext=\"hello\", hash=\"{2}\"", ts, mac, hash); var principal = Hawk.Authenticate(authorization, "example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), (s) => credential, requestPayload: () => "Thank you for flying Hawk", mediaType: "text/plain"); Assert.IsNotNull(principal); }
public void ShouldGenerateServerAuthHeader() { var credential = new HawkCredential { Id = "123", Algorithm = "sha1", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var handler = new HawkMessageHandler(new DummyHttpMessageHandler(), (id) => { return(Task.FromResult(credential)); }, 60, true); var invoker = new HttpMessageInvoker(handler); var ts = Hawk.ConvertToUnixTimestamp(DateTime.Now); var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "j4h3g2", credential, "header"); var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a"); request.Headers.Authorization = new AuthenticationHeaderValue("Hawk", string.Format("id = \"456\", ts = \"{0}\", nonce=\"j4h3g2\", mac = \"{1}\", ext = \"hello\"", ts, mac)); request.Headers.Host = "example.com"; var response = invoker.SendAsync(request, new CancellationToken()) .Result; Assert.AreEqual(HttpStatusCode.OK, response.StatusCode); Assert.IsTrue(response.Headers.Any(h => h.Key == "Server-Authorization")); }
static void Main(string[] args) { using (WebApp.Start <Startup>(new StartOptions { Port = 5000 })) { Console.WriteLine("Press Enter to quit."); var credentials = new HawkCredential { Id = "dh37fgj492je", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", Algorithm = "hmacsha256", User = "******" }; var request = (HttpWebRequest)HttpWebRequest.Create("http://localhost:5000/api/HelloWorld"); request.SignRequest(credentials); request.Method = "GET"; using (var response = (HttpWebResponse)request.GetResponse()) { Console.WriteLine("Call made. Status Code " + response.StatusCode); } Console.ReadKey(); } }
private static void Main() { const string address = "http://localhost:925/"; var config = new HttpSelfHostConfiguration(address); config.MapHttpAttributeRoutes(); var handler = new HawkMessageHandler( async id => new HawkCredential { Id = id, Key = "abcdefghijkl", Algorithm = "sha256", User = "******" }, 4, true); config.MessageHandlers.Add(handler); using (var server = new HttpSelfHostServer(config)) { server.OpenAsync().Wait(); var client = new HttpClient(); //this will fail var request = new HttpRequestMessage(HttpMethod.Get, address + "test"); var response = client.SendAsync(request).Result; Console.WriteLine(response.StatusCode); Console.WriteLine(); var credential = new HawkCredential { Id = "this-is-my-id", Key = "abcdefghijkl", Algorithm = "sha256", User = "******" }; var clientHandler = new HawkClientMessageHandler(new HttpClientHandler(), credential, ts: DateTime.Now); var client2 = new HttpClient(clientHandler); //this will succeed request = new HttpRequestMessage(HttpMethod.Get, address + "test"); var response2 = client2.SendAsync(request).Result; Console.WriteLine(response2.StatusCode); Console.WriteLine(response2.Content.ReadAsStringAsync().Result); Console.WriteLine(); Console.WriteLine("Sleeping to get outside of the timestamp window. Next request will fail - replay protection."); Thread.Sleep(5000); //this will fail request = new HttpRequestMessage(HttpMethod.Get, address + "test"); var response3 = client2.SendAsync(request).Result; Console.WriteLine(response3.StatusCode); Console.WriteLine(); Console.ReadLine(); } }
public void ShouldFailAuthenticationOnMissingCredentialAlgorithm() { var credential = new HawkCredential { Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; Hawk.Authenticate(ValidAuthorization, "example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), (s) => credential); }
public void ShouldFailAuthenticationOnMissingCredentialKey() { var credential = new HawkCredential { Algorithm = "sha1", User = "******" }; Hawk.Authenticate(ValidAuthorization, "example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), (s) => credential); }
public void ShouldNotThrowWhenIncludeServerAuthorizationIsTrueAndAuthorizationIsEmpty() { var credential = new HawkCredential { Id = "123", Algorithm = "sha256", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var body = "hello world"; var bodyBytes = Encoding.UTF8.GetBytes(body); var ms = new MemoryStream(); ms.Write(bodyBytes, 0, bodyBytes.Length); ms.Flush(); ms.Seek(0, SeekOrigin.Begin); var logger = new Logger(); var builder = new AppBuilderFactory().Create(); builder.SetLoggerFactory(new LoggerFactory(logger)); var context = new OwinContext(); var request = (OwinRequest)context.Request; request.SetHeader("Authorization", new[] { "" }); request.Set <Action <Action <object>, object> >("server.OnSendingHeaders", RegisterForOnSendingHeaders); request.Method = "post"; request.Body = ms; request.SetHeader("Host", new string[] { "example.com" }); request.SetUri(new Uri("http://example.com:8080/resource/4?filter=a")); request.ContentType = "text/plain"; var response = (OwinResponse)context.Response; var middleware = new HawkAuthenticationMiddleware( new AppFuncTransition((env) => { response.StatusCode = 200; return(Task.FromResult <object>(null)); }), builder, new HawkAuthenticationOptions { Credentials = (id) => Task.FromResult(credential), IncludeServerAuthorization = true } ); var task = middleware.Invoke(context); Assert.AreEqual(200, response.StatusCode); Assert.AreEqual(null, task.Exception); }
static void Main(string[] args) { string baseAddress = "http://localhost:8091/"; //TODO: It looks like there is a bug in the OWIN implementation. The Request URL does not receive // the port number // Start OWIN host using (WebApp.Start <Startup>(url: baseAddress)) { Console.WriteLine("Press Enter to quit."); var credential = new HawkCredential { Id = "dh37fgj492je", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", Algorithm = "sha256", User = "******" }; var clientHandler = new HawkClientMessageHandler(new HttpClientHandler(), credential, "some-app-data"); var client = new HttpClient(clientHandler); var request = new HttpRequestMessage(HttpMethod.Get, "http://localhost:8091/Api/HelloWorld"); request.Headers.Host = "localhost:8091"; var response = client.SendAsync(request).Result; string message = response.Content.ReadAsStringAsync().Result; Console.WriteLine("Response {0} - Http Status Code {1}", message, response.StatusCode); var client2 = new HttpClient(); request = new HttpRequestMessage(HttpMethod.Get, "http://localhost:8091/Api/HelloWorldAnonymous"); request.Headers.Host = "localhost:8091"; response = client2.SendAsync(request).Result; message = response.Content.ReadAsStringAsync().Result; Console.WriteLine("Response {0} - Http Status Code {1}", message, response.StatusCode); var client3 = new HttpClient(); var bewit = Hawk.GetBewit("localhost", new Uri("http://localhost:8091/Api/HelloWorld"), credential, 60000); request = new HttpRequestMessage(HttpMethod.Get, "http://localhost:8091/Api/HelloWorld?bewit=" + bewit); request.Headers.Host = "localhost:8091"; response = client3.SendAsync(request).Result; message = response.Content.ReadAsStringAsync().Result; Console.WriteLine("Response {0} - Http Status Code {1}", message, response.StatusCode); Console.WriteLine("Press a key to close the app"); Console.ReadLine(); } }
public HawkCredential Get(string identifier) { var credential = new HawkCredential { Id = "dh37fgj492je", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", Algorithm = "hmacsha256", User = "******" }; return(credential); }
public void ShouldFailOnMissingCredentialKey() { var credential = new HawkCredential { Id = "123", Algorithm = "sha256", User = "******" }; var handler = new HawkClientMessageHandler(new DummyHttpMessageHandler(), credential); }
public void ShouldFailOnMissingCredentialAlgorithm() { var credential = new HawkCredential { Id = "123", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var handler = new HawkClientMessageHandler(new DummyHttpMessageHandler(), credential); }
public void ShouldCalculateMacWithMissingExt() { var credential = new HawkCredential { Algorithm = "sha1", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", }; var mac = Hawk.CalculateMac("example.com", "Get", new Uri("http://example.com:8080/resource/4?filter=a"), null, "1353788437", "123456", credential, "header"); Assert.AreEqual("xzewml0eeTU60IbA45JAj/9GbuY=", mac); }
public void ShouldCalculateMac() { var credential = new HawkCredential { Algorithm = "sha1", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", }; var mac = Hawk.CalculateMac("example.com", "Get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", "1353788437", "abcde", credential, "header"); Assert.AreEqual("wA0+3ewq39fEvDl9+tm8PF8fpbM=", mac); }
public void ShouldCalculatePayloadHash() { var credential = new HawkCredential { Id = "1", Algorithm = "sha256", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", }; var hash = Hawk.CalculatePayloadHash("", "application/json", credential); Assert.AreEqual("NVuBm+XMyya3Tq4EhpZ0cQWjVUyIA8sKnySkKDOIM4M=", hash); }
public void ShouldParseValidAuthHeaderWithSha1() { var credential = new HawkCredential { Id = "123", Algorithm = "sha1", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var logger = new Logger(); var builder = new AppBuilderFactory().Create(); builder.SetLoggerFactory(new LoggerFactory(logger)); var ts = Hawk.ConvertToUnixTimestamp(DateTime.Now); var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "j4h3g2", credential, "header"); var context = new OwinContext(); var request = (OwinRequest)context.Request; request.Set <Action <Action <object>, object> >("server.OnSendingHeaders", RegisterForOnSendingHeaders); request.Method = "get"; request.SetHeader("Host", new string[] { "example.com" }); request.SetUri(new Uri("http://example.com:8080/resource/4?filter=a")); request.SetHeader("Authorization", new string[] { "Hawk " + string.Format("id = \"456\", ts = \"{0}\", nonce=\"j4h3g2\", mac = \"{1}\", ext = \"hello\"", ts, mac) }); var response = (OwinResponse)context.Response; var middleware = new HawkAuthenticationMiddleware( new AppFuncTransition((env) => { response.StatusCode = 200; return(Task.FromResult <object>(null)); }), builder, new HawkAuthenticationOptions { Credentials = (id) => Task.FromResult(credential) } ); middleware.Invoke(context); Assert.AreEqual(200, response.StatusCode); Assert.IsTrue(logger.Messages.Count == 0); }
static void Main(string[] args) { var credential = new HawkCredential { Id = "id", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", Algorithm = "sha256", User = "******" }; MakeCall(credential); Console.WriteLine("Press a key to exit"); Console.ReadLine(); }
public HawkClientMessageHandler(HttpMessageHandler innerHandler, HawkCredential credential, string ext = "", DateTime? ts = null, string nonce = null, bool includePayloadHash = false) : base(innerHandler) { if (credential == null || string.IsNullOrEmpty(credential.Id) || string.IsNullOrEmpty(credential.Key) || string.IsNullOrEmpty(credential.Algorithm)) { throw new ArgumentException("Invalid Credential", "credential"); } this.credential = credential; this.ext = ext; this.ts = ts; this.nonce = nonce; this.includePayloadHash = includePayloadHash; }
private async Task AuthenticateResponse(string authorization, string host, string method, Uri uri, string mediaType, Func <string, Task <HawkCredential> > credentials, IOwinResponse response) { var attributes = Hawk.ParseAttributes(authorization); HawkCredential credential = null; try { credential = await credentials(attributes["id"]); } catch (SecurityException ex) // we can't sign the response if there was a security exception { this.logger.WriteWarning(ex.Message); return; } if (credential == null) { return; // we can't sign the response if there are no credentials } response.Body.Seek(0, SeekOrigin.Begin); var payload = Encoding.UTF8.GetString(((StreamWrapper)response.Body).ToArray()); var hash = Hawk.CalculatePayloadHash(payload, mediaType, credential); var mac = Hawk.CalculateMac(host, method, uri, null, attributes["ts"], attributes["nonce"], credential, "response", hash); var serverAuthorization = string.Format("mac=\"{0}\", hash=\"{1}\"", mac, hash); response.Headers.Add("Server-Authorization", new string[] { "Hawk " + serverAuthorization }); }
public void ShouldAuthenticateBewitWithBewitFirstInQueryString() { var credential = new HawkCredential { Id = "1", Algorithm = "sha1", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", }; var bewit = Hawk.GetBewit("example.com", new Uri("http://example.com:8080/resource/4?path=%2Fmovie%2Fcomedy%2F2014"), credential, 200, "hello"); var claims = Hawk.AuthenticateBewit(bewit, "example.com", new Uri("http://example.com:8080/resource/4?bewit=" + bewit + "&path=%2Fmovie%2Fcomedy%2F2014"), s => credential); Assert.IsNotNull(claims); }
public void ShouldAuthenticateBewitWithEncodedUrl() { var credential = new HawkCredential { Id = "1", Algorithm = "sha1", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", }; var bewit = Hawk.GetBewit("example.com", new Uri("http://example.com:8080/resource/4?path=%2Fmovie%2Fcomedy%2F2014"), credential, 200, "hello"); var claims = Hawk.AuthenticateBewit(bewit, "example.com", new Uri("http://example.com:8080/resource/4?path=%2Fmovie%2Fcomedy%2F2014&bewit=" + bewit), s => credential); Assert.IsNotNull(claims); }
public void ShouldAuthenticateBewitAsync() { var credential = new HawkCredential { Id = "1", Algorithm = "sha1", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", }; var bewit = Hawk.GetBewit("example.com", new Uri("http://example.com:8080/resource/4?filter=a"), credential, 200, "hello"); var claims = Hawk.AuthenticateBewitAsync(bewit, "example.com", new Uri("http://example.com:8080/resource/4?filter=a&bewit=" + bewit), s => Task.FromResult(credential)); Assert.IsNotNull(claims); }
public HawkClientMessageHandler(HttpMessageHandler innerHandler, HawkCredential credential, string ext = "", DateTime?ts = null, string nonce = null, bool includePayloadHash = false) : base(innerHandler) { if (credential == null || string.IsNullOrEmpty(credential.Id) || string.IsNullOrEmpty(credential.Key) || string.IsNullOrEmpty(credential.Algorithm)) { throw new ArgumentException("Invalid Credential", "credential"); } this.credential = credential; this.ext = ext; this.ts = ts; this.nonce = nonce; this.includePayloadHash = includePayloadHash; }
public void ShouldAuthenticateBewit() { var credential = new HawkCredential { Id = "1", Algorithm = "sha1", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", }; var bewit = Hawk.GetBewit("example.com", new Uri("http://example.com:8080/resource/4?filter=a"), credential, 200, "hello"); var claims = Hawk.AuthenticateBewit(bewit, "example.com", new Uri("http://example.com:8080/resource/4?filter=a&bewit=" + bewit), s => credential); Assert.IsNotNull(claims); }
public void ShouldGetBewit() { var credential = new HawkCredential { Id = "1", Algorithm = "sha1", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", }; var bewit = Hawk.GetBewit("example.com", new Uri("http://example.com:8080/resource/4?filter=a"), credential, 200, "hello"); var parts = Encoding.UTF8.GetString(Convert.FromBase64String(bewit)).Split('\\'); Assert.AreEqual(4, parts.Length); Assert.AreEqual(credential.Id, parts[0]); Assert.AreEqual("hello", parts[3]); }
public void ShouldCalculateMacWithPayloadHash() { var credential = new HawkCredential { Algorithm = "hmacsha1", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", }; var hmac = System.Security.Cryptography.HMAC.Create(credential.Algorithm); hmac.Key = Encoding.ASCII.GetBytes(credential.Key); var hash = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes("Thank you for flying Hawk"))); var mac = Hawk.CalculateMac("example.com", "Get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", "1353788437", "123456", credential, "header", hash); Assert.AreEqual("FLDcWaRlOYy9NF6KvAPq/OexkmI=", mac); }
public void ShouldCalculateMacWithPayloadHash() { var credential = new HawkCredential { Algorithm = "sha1", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", }; var hmac = System.Security.Cryptography.HMAC.Create("hmac" + credential.Algorithm); hmac.Key = Encoding.ASCII.GetBytes(credential.Key); var hash = Hawk.CalculatePayloadHash("Thank you for flying Hawk", "text/plain", credential); var mac = Hawk.CalculateMac("example.com", "Get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", "1353788437", "123456", credential, "header", hash); Assert.AreEqual("lQ38ztM8oE2G4DuAQxL+H/E4yaY=", mac); }
public void ShouldFailWithTimestampInTheFuture() { var credential = new HawkCredential { Id = "123", Algorithm = "sha1", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now.Add(TimeSpan.FromHours(1)))); var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "k3j4h2", credential, "header"); var authorization = string.Format("id=\"456\", ts=\"{0}\", nonce=\"k3j4h2\", mac=\"{1}\", ext=\"hello\"", ts, mac); Hawk.Authenticate(authorization, "example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), (s) => credential); }
public void ShouldCalculateMacWithMissingExt() { var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a"); var ts = "1353788437"; var nonce = "123456"; var credential = new HawkCredential { Id = "123", Algorithm = "hmacsha1", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", }; var mac = Hawk.CalculateMac("example.com", "Get", new Uri("http://example.com:8080/resource/4?filter=a"), null, ts, nonce, credential, "header"); Assert.AreEqual("xzewml0eeTU60IbA45JAj/9GbuY=", mac); }
public void ShouldCalculateMac() { var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a"); request.Headers.Host = "example.com"; var ts = "1353788437"; var ext = "hello"; var nonce = "123456"; var credential = new HawkCredential { Id = "123", Algorithm = "hmacsha1", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", }; var mac = Hawk.CalculateMac(request.Headers.Host, request.Method.ToString(), request.RequestUri, ext, ts, nonce, credential, "header"); Assert.AreEqual("AJhfGJR+mEVOISNMDUIeLr9ONgc=", mac); }
public void ShouldParseValidAuthHeaderWithSha256() { var credential = new HawkCredential { Id = "123", Algorithm = "hmacsha256", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var logger = new Logger(); var builder = new AppBuilderFactory().Create(); builder.SetLoggerFactory(new LoggerFactory(logger)); var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000); var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "j4h3g2", credential, "header"); var request = OwinRequest.Create(); request.Set<Action<Action<object>, object>>("server.OnSendingHeaders", RegisterForOnSendingHeaders); request.Method = "get"; request.SetHeader("Host", new string[] { "example.com" }); request.SetUri(new Uri("http://example.com:8080/resource/4?filter=a")); request.SetHeader("Authorization", new string[] { "Hawk " + string.Format("id = \"456\", ts = \"{0}\", nonce=\"j4h3g2\", mac = \"{1}\", ext = \"hello\"", ts, mac)}); var response = new OwinResponse(request); var middleware = new HawkAuthenticationMiddleware( new AppFuncTransition((env) => { response.StatusCode = 200; return Task.FromResult<object>(null); }), builder, new HawkAuthenticationOptions { Credentials = (id) => Task.FromResult(credential) } ); middleware.Invoke(request, response); Assert.AreEqual(200, response.StatusCode); Assert.IsTrue(logger.Messages.Count == 0); }
public void ShouldAuthenticateBewitWithEncodedUrlWithPercentSpaces() { var credential = new HawkCredential { Id = "1", Algorithm = "sha1", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", }; var bewit = Hawk.GetBewit("example.com", new Uri("http://example.com:8080/resource/4?path=%2Fmovie%2Fcomedy%20club%2F2014"), credential, 200); var claims = Hawk.AuthenticateBewit(bewit, "example.com", new Uri("http://example.com:8080/resource/4?path=%2Fmovie%2Fcomedy%20club%2F2014&bewit=" + bewit), s => credential); Assert.IsNotNull(claims); }
public void ShouldParseValidAuthHeaderAndPayloadWithSha256() { var credential = new HawkCredential { Id = "123", Algorithm = "sha256", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var body = "hello world"; var bodyBytes = Encoding.UTF8.GetBytes(body); var ms = new MemoryStream(); ms.Write(bodyBytes, 0, bodyBytes.Length); ms.Flush(); ms.Seek(0, SeekOrigin.Begin); var logger = new Logger(); var builder = new AppBuilderFactory().Create(); builder.SetLoggerFactory(new LoggerFactory(logger)); var hash = Hawk.CalculatePayloadHash(body, "text/plain", credential); var ts = Hawk.ConvertToUnixTimestamp(DateTime.Now); var mac = Hawk.CalculateMac("example.com", "post", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "j4h3g2", credential, "header", hash); var context = new OwinContext(); var request = (OwinRequest)context.Request; request.Set<Action<Action<object>, object>>("server.OnSendingHeaders", RegisterForOnSendingHeaders); request.Method = "post"; request.Body = ms; request.SetHeader("Host", new string[] { "example.com" }); request.SetUri(new Uri("http://example.com:8080/resource/4?filter=a")); request.ContentType = "text/plain"; request.SetHeader("Authorization", new string[] { "Hawk " + string.Format("id = \"456\", ts = \"{0}\", nonce=\"j4h3g2\", mac = \"{1}\", ext = \"hello\", hash=\"{2}\"", ts, mac, hash)}); var response = (OwinResponse)context.Response; var middleware = new HawkAuthenticationMiddleware( new AppFuncTransition((env) => { response.StatusCode = 200; return Task.FromResult<object>(null); }), builder, new HawkAuthenticationOptions { Credentials = (id) => Task.FromResult(credential) } ); middleware.Invoke(context); Assert.AreEqual(200, response.StatusCode); Assert.IsTrue(logger.Messages.Count == 0); }
public void ShouldParseValidAuthHeaderWithSha1Async() { var credential = new HawkCredential { Id = "123", Algorithm = "sha1", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000); var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "k3j4h2", credential, "header"); var authorization = string.Format("id=\"456\", ts=\"{0}\", nonce=\"k3j4h2\", mac=\"{1}\", ext=\"hello\"", ts, mac); var principal = Hawk.AuthenticateAsync(authorization, "example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), (s) => Task.FromResult(credential)); Assert.IsNotNull(principal); }
public void ShouldParseValidBewit() { var credential = new HawkCredential { Id = "123", Algorithm = "hmacsha256", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var filter = new RequiresHawkAttribute((id) => { return credential; }); var bewit = Hawk.GetBewit("example.com", new Uri("http://example.com:8080/resource/4?filter=a"), credential, 1000); var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a&bewit=" + bewit); request.Headers.Host = "example.com"; var context = new HttpActionContext(); context.ControllerContext = new HttpControllerContext(); context.ControllerContext.Request = request; filter.OnAuthorization(context); Assert.AreEqual(Thread.CurrentPrincipal.GetType(), typeof(ClaimsPrincipal)); }
public void ShouldParseValidAuthHeaderWithPayloadHashAndSha256() { var credential = new HawkCredential { Id = "123", Algorithm = "sha256", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var hmac = System.Security.Cryptography.HMAC.Create("hmac" + credential.Algorithm); hmac.Key = Encoding.ASCII.GetBytes(credential.Key); var hash = Hawk.CalculatePayloadHash("Thank you for flying Hawk", "text/plain", credential); var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now)); var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "k3j4h2", credential, "header", hash); var authorization = string.Format("id=\"456\", ts=\"{0}\", nonce=\"k3j4h2\", mac=\"{1}\", ext=\"hello\", hash=\"{2}\"", ts, mac, hash); var principal = Hawk.Authenticate(authorization, "example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), (s) => credential, requestPayload:() => "Thank you for flying Hawk", mediaType: "text/plain"); Assert.IsNotNull(principal); }
public void ShouldFailWithTimestampInThePast() { var credential = new HawkCredential { Id = "123", Algorithm = "sha1", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now.Subtract(TimeSpan.FromHours(1)))); var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "k3j4h2", credential, "header"); var authorization = string.Format("id=\"456\", ts=\"{0}\", nonce=\"k3j4h2\", mac=\"{1}\", ext=\"hello\"", ts, mac); Hawk.Authenticate(authorization, "example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), (s) => credential); }
public void ShouldParseValidAuthHeaderWithSha256() { var credential = new HawkCredential { Id = "123", Algorithm = "hmacsha256", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var filter = new HawkRequestFilter((id) => { return credential; }); var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000); var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "j4h3g2", credential, "header"); var headers = new NameValueCollection(); var request = new Mock<IHttpRequest>(); request.SetupGet(r => r.AbsoluteUri).Returns("http://example.com:8080/resource/4?filter=a"); request.SetupGet(r => r.HttpMethod).Returns("GET"); request.SetupGet(r => r.Headers).Returns(headers); headers.Add("Host", "example.com"); headers.Add("Authorization", "Hawk " + string.Format("id = \"456\", ts = \"{0}\", nonce=\"j4h3g2\", mac = \"{1}\", ext = \"hello\"", ts, mac)); var response = new Mock<IHttpResponse>(); response.Setup(r => r.StatusCode).Throws(new Exception("StatusCode should not be set")); filter.Execute(request.Object, response.Object, new object()); }
public void ShouldAuthenticateBewitWithEncodedUrlWithForeignChars() { var credential = new HawkCredential { Id = "1", Algorithm = "sha1", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", }; var bewit = Hawk.GetBewit("example.com", new Uri("http://example.com:8080/resource/4?path=Soluci%C3%B3n.docx"), credential, 200, "hello"); var claims = Hawk.AuthenticateBewit(bewit, "example.com", new Uri("http://example.com:8080/resource/4?path=Soluci%C3%B3n.docx&bewit=" + bewit), s => credential); Assert.IsNotNull(claims); }
public void ShouldParseValidAuthHeaderWithSha256() { var credential = new HawkCredential { Id = "123", Algorithm = "hmacsha256", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var filter = new RequiresHawkAttribute((id) => { return credential; }); var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000); var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "j4h3g2", credential, "header"); var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a"); request.Headers.Authorization = new AuthenticationHeaderValue("Hawk", string.Format("id = \"456\", ts = \"{0}\", nonce=\"j4h3g2\", mac = \"{1}\", ext = \"hello\"", ts, mac)); request.Headers.Host = "example.com"; var context = new HttpActionContext(); context.ControllerContext = new HttpControllerContext(); context.ControllerContext.Request = request; filter.OnAuthorization(context); Assert.AreEqual(Thread.CurrentPrincipal.GetType(), typeof(ClaimsPrincipal)); }
public void ShouldGenerateAuthHeaderWithPayloadHash() { var credential = new HawkCredential { Id = "123", Algorithm = "hmacsha256", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var payload = "foo"; var hmac = System.Security.Cryptography.HMAC.Create(credential.Algorithm); hmac.Key = Encoding.ASCII.GetBytes(credential.Key); var payloadHash = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(payload))); var nonce = Hawk.GetRandomString(6); var date = DateTime.UtcNow; var ts = Hawk.ConvertToUnixTimestamp(date).ToString(); var handler = new HawkClientMessageHandler(new DummyHttpMessageHandler(), credential, "hello", date, nonce, true); var request = new HttpRequestMessage(HttpMethod.Post, "http://example.com:8080/resource/4?filter=a"); request.Content = new StringContent(payload); var invoker = new HttpMessageInvoker(handler); var response = invoker.SendAsync(request, new CancellationToken()); var mac = Hawk.CalculateMac(request.Headers.Host, request.Method.ToString(), request.RequestUri, "hello", ts, nonce, credential, "header", payloadHash); var parameter = string.Format("id=\"{0}\", ts=\"{1}\", nonce=\"{2}\", mac=\"{3}\", ext=\"{4}\", hash=\"{5}\"", credential.Id, ts, nonce, mac, "hello", payloadHash); Assert.IsNotNull(request.Headers.Authorization); Assert.AreEqual("Hawk", request.Headers.Authorization.Scheme); Assert.AreEqual(parameter, request.Headers.Authorization.Parameter); }
public void ShouldParseValidAuthHeaderWithSha256() { var credential = new HawkCredential { Id = "123", Algorithm = "hmacsha256", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var handler = new HawkMessageHandler(new DummyHttpMessageHandler(), (id) => { return credential; }); var invoker = new HttpMessageInvoker(handler); var ts = Hawk.ConvertToUnixTimestamp(DateTime.Now).ToString(); var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "j4h3g2", credential, "header"); var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a"); request.Headers.Authorization = new AuthenticationHeaderValue("Hawk", string.Format("id = \"456\", ts = \"{0}\", nonce=\"j4h3g2\", mac = \"{1}\", ext = \"hello\"", ts, mac)); request.Headers.Host = "example.com"; var response = invoker.SendAsync(request, new CancellationToken()) .Result; Assert.AreEqual(HttpStatusCode.OK, response.StatusCode); Assert.AreEqual(Thread.CurrentPrincipal.GetType(), typeof(ClaimsPrincipal)); }