public void ShouldParseValidAuthHeaderWithSha256()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "hmacsha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var handler = new HawkMessageHandler(new DummyHttpMessageHandler(), (id) =>
{
return(credential);
});
var invoker = new HttpMessageInvoker(handler);
var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000);
var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "j4h3g2", credential, "header");
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a");
request.Headers.Authorization = new AuthenticationHeaderValue("Hawk", string.Format("id = \"456\", ts = \"{0}\", nonce=\"j4h3g2\", mac = \"{1}\", ext = \"hello\"",
ts, mac));
request.Headers.Host = "example.com";
var response = invoker.SendAsync(request, new CancellationToken())
.Result;
Assert.AreEqual(HttpStatusCode.OK, response.StatusCode);
Assert.AreEqual(Thread.CurrentPrincipal.GetType(), typeof(ClaimsPrincipal));
}
public void ShouldSignRequest()
{
var credential = new HawkCredential
{
Id = "456",
Algorithm = "hmacsha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var date = DateTime.Now;
var ts = (int)Math.Floor(Hawk.ConvertToUnixTimestamp(date));
var mac = Hawk.CalculateMac("example.com:8080", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "k3j4h2", credential, "header");
var authorization = string.Format("id=\"456\", ts=\"{0}\", nonce=\"k3j4h2\", mac=\"{1}\", ext=\"hello\"",
ts, mac);
var request = (HttpWebRequest)HttpWebRequest.Create("http://example.com:8080/resource/4?filter=a");
request.SignRequest(credential, "hello", date, "k3j4h2", null);
Assert.IsNotNull(request.Headers[HttpRequestHeader.Authorization]);
Assert.AreEqual(request.Headers[HttpRequestHeader.Authorization], "Hawk " + authorization);
}
public void ShouldParseValidAuthHeaderWithSha256()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "hmacsha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var filter = new RequiresHawkAttribute((id) =>
{
return(credential);
});
var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000);
var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "j4h3g2", credential, "header");
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a");
request.Headers.Authorization = new AuthenticationHeaderValue("Hawk", string.Format("id = \"456\", ts = \"{0}\", nonce=\"j4h3g2\", mac = \"{1}\", ext = \"hello\"",
ts, mac));
request.Headers.Host = "example.com";
var context = new HttpActionContext();
context.ControllerContext = new HttpControllerContext();
context.ControllerContext.Request = request;
filter.OnAuthorization(context);
Assert.AreEqual(Thread.CurrentPrincipal.GetType(), typeof(ClaimsPrincipal));
}
public void ShouldParseValidBewit()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "hmacsha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var filter = new RequiresHawkAttribute((id) =>
{
return(credential);
});
var bewit = Hawk.GetBewit("example.com", new Uri("http://example.com:8080/resource/4?filter=a"), credential, 1000);
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a&bewit=" + bewit);
request.Headers.Host = "example.com";
var context = new HttpActionContext();
context.ControllerContext = new HttpControllerContext();
context.ControllerContext.Request = request;
filter.OnAuthorization(context);
Assert.AreEqual(Thread.CurrentPrincipal.GetType(), typeof(ClaimsPrincipal));
}
public void ShouldGenerateAuthHeader()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "sha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var nonce = "123456";
var date = DateTime.UtcNow;
var ts = Hawk.ConvertToUnixTimestamp(date).ToString();
var handler = new HawkClientMessageHandler(new DummyHttpMessageHandler(),
credential, "hello", date, nonce);
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a");
var invoker = new HttpMessageInvoker(handler);
invoker.SendAsync(request, new CancellationToken());
var mac = Hawk.CalculateMac(request.Headers.Host, request.Method.ToString(), request.RequestUri,
"hello", ts, nonce, credential, "header");
var parameter = string.Format("id=\"{0}\", ts=\"{1}\", nonce=\"{2}\", mac=\"{3}\", ext=\"{4}\"",
credential.Id, ts, nonce, mac, "hello");
Assert.IsNotNull(request.Headers.Authorization);
Assert.AreEqual("Hawk", request.Headers.Authorization.Scheme);
Assert.AreEqual(parameter,
request.Headers.Authorization.Parameter);
}
public void ShouldAuthenticateRequest()
{
var credential = new HawkCredential
{
Id = "456",
Algorithm = "hmacsha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var date = DateTime.Now;
var ts = (int)Math.Floor(Hawk.ConvertToUnixTimestamp(date) / 1000);
var mac = Hawk.CalculateMac("example.com:8080", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "k3j4h2", credential, "header");
var authorization = string.Format("id=\"456\", ts=\"{0}\", nonce=\"k3j4h2\", mac=\"{1}\", ext=\"hello\"",
ts, mac);
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a");
request.Headers.Host = "example.com:8080";
request.Headers.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Hawk", authorization);
var principal = request.Authenticate((id) => credential);
Assert.IsNotNull(principal);
}
public void ShouldParseValidAuthHeaderAndPayloadWithSha256()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "sha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var body = "hello world";
var bodyBytes = Encoding.UTF8.GetBytes(body);
var ms = new MemoryStream();
ms.Write(bodyBytes, 0, bodyBytes.Length);
ms.Flush();
ms.Seek(0, SeekOrigin.Begin);
var logger = new Logger();
var builder = new AppBuilderFactory().Create();
builder.SetLoggerFactory(new LoggerFactory(logger));
var hash = Hawk.CalculatePayloadHash(body, "text/plain", credential);
var ts = Hawk.ConvertToUnixTimestamp(DateTime.Now);
var mac = Hawk.CalculateMac("example.com", "post", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "j4h3g2", credential, "header", hash);
var context = new OwinContext();
var request = (OwinRequest)context.Request;
request.Set <Action <Action <object>, object> >("server.OnSendingHeaders", RegisterForOnSendingHeaders);
request.Method = "post";
request.Body = ms;
request.SetHeader("Host", new string[] { "example.com" });
request.SetUri(new Uri("http://example.com:8080/resource/4?filter=a"));
request.ContentType = "text/plain";
request.SetHeader("Authorization", new string[] { "Hawk " +
string.Format("id = \"456\", ts = \"{0}\", nonce=\"j4h3g2\", mac = \"{1}\", ext = \"hello\", hash=\"{2}\"",
ts, mac, hash) });
var response = (OwinResponse)context.Response;
var middleware = new HawkAuthenticationMiddleware(
new AppFuncTransition((env) =>
{
response.StatusCode = 200;
return(Task.FromResult <object>(null));
}),
builder,
new HawkAuthenticationOptions
{
Credentials = (id) => Task.FromResult(credential)
}
);
middleware.Invoke(context);
Assert.AreEqual(200, response.StatusCode);
Assert.IsTrue(logger.Messages.Count == 0);
}
public void ShouldGenerateAuthHeader()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "sha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var nonce = "123456";
var date = DateTime.UtcNow;
var ts = Hawk.ConvertToUnixTimestamp(date).ToString();
var handler = new HawkClientMessageHandler(new DummyHttpMessageHandler(),
credential, "hello", date, nonce);
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a");
var invoker = new HttpMessageInvoker(handler);
invoker.SendAsync(request, new CancellationToken());
var mac = Hawk.CalculateMac(request.Headers.Host, request.Method.ToString(), request.RequestUri,
"hello", ts, nonce, credential, "header");
var parameter = string.Format("id=\"{0}\", ts=\"{1}\", nonce=\"{2}\", mac=\"{3}\", ext=\"{4}\"",
credential.Id, ts, nonce, mac, "hello");
Assert.IsNotNull(request.Headers.Authorization);
Assert.AreEqual("Hawk", request.Headers.Authorization.Scheme);
Assert.AreEqual(parameter,
request.Headers.Authorization.Parameter);
}
public void ShouldAuthenticateRequest()
{
var credential = new HawkCredential
{
Id = "456",
Algorithm = "hmacsha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var date = DateTime.Now;
var ts = Hawk.ConvertToUnixTimestamp(date);
var mac = Hawk.CalculateMac("example.com:8080", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "k3j4h2", credential, "header");
var authorization = string.Format("id=\"456\", ts=\"{0}\", nonce=\"k3j4h2\", mac=\"{1}\", ext=\"hello\"",
ts, mac);
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a");
request.Headers.Host = "example.com:8080";
request.Headers.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Hawk", authorization);
var principal = request.Authenticate((id) => credential);
Assert.IsNotNull(principal);
}
public void ShouldSignRequest()
{
var credential = new HawkCredential
{
Id = "456",
Algorithm = "hmacsha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var date = DateTime.Now;
var ts = Hawk.ConvertToUnixTimestamp(date);
var mac = Hawk.CalculateMac("example.com:8080", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "k3j4h2", credential, "header");
var authorization = string.Format("id=\"456\", ts=\"{0}\", nonce=\"k3j4h2\", mac=\"{1}\", ext=\"hello\"",
ts, mac);
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a");
request.SignRequest(credential, "hello", date, "k3j4h2", null);
Assert.IsNotNull(request.Headers.Authorization != null);
Assert.AreEqual(request.Headers.Authorization.Scheme, "Hawk");
Assert.AreEqual(request.Headers.Authorization.Parameter, authorization);
}
static void Main(string[] args)
{
var host = new WebServiceHost2(typeof(CustomerDataService),
true,
new Uri("http://localhost:8090/CustomerOData"));
var credential = new HawkCredential
{
Id = "id",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
Algorithm = "hmacsha256",
User = "******"
};
Func <string, HawkCredential> credentials = (id) => credential;
host.Interceptors.Add(new HawkRequestInterceptor(
credentials,
false,
(message) => !message.Properties.Via.AbsoluteUri.EndsWith("$metadata")));
host.Open();
foreach (ServiceEndpoint endpoint in host.Description.Endpoints)
{
Console.WriteLine("Listening at " + endpoint.Address.Uri.AbsoluteUri);
}
Thread.Sleep(1000);
MakeCall(credential);
Console.WriteLine("Press a key to exit");
Console.ReadLine();
}
public void ShouldParseValidAuthHeaderWithPayloadHashAndSha256()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "sha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var hmac = System.Security.Cryptography.HMAC.Create("hmac" + credential.Algorithm);
hmac.Key = Encoding.ASCII.GetBytes(credential.Key);
var hash = Hawk.CalculatePayloadHash("Thank you for flying Hawk", "text/plain", credential);
var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now));
var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "k3j4h2", credential, "header", hash);
var authorization = string.Format("id=\"456\", ts=\"{0}\", nonce=\"k3j4h2\", mac=\"{1}\", ext=\"hello\", hash=\"{2}\"",
ts, mac, hash);
var principal = Hawk.Authenticate(authorization, "example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), (s) => credential,
requestPayload: () => "Thank you for flying Hawk", mediaType: "text/plain");
Assert.IsNotNull(principal);
}
public void ShouldGenerateServerAuthHeader()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "sha1",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var handler = new HawkMessageHandler(new DummyHttpMessageHandler(), (id) =>
{
return(Task.FromResult(credential));
}, 60, true);
var invoker = new HttpMessageInvoker(handler);
var ts = Hawk.ConvertToUnixTimestamp(DateTime.Now);
var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "j4h3g2", credential, "header");
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a");
request.Headers.Authorization = new AuthenticationHeaderValue("Hawk", string.Format("id = \"456\", ts = \"{0}\", nonce=\"j4h3g2\", mac = \"{1}\", ext = \"hello\"",
ts, mac));
request.Headers.Host = "example.com";
var response = invoker.SendAsync(request, new CancellationToken())
.Result;
Assert.AreEqual(HttpStatusCode.OK, response.StatusCode);
Assert.IsTrue(response.Headers.Any(h => h.Key == "Server-Authorization"));
}
static void Main(string[] args)
{
using (WebApp.Start <Startup>(new StartOptions {
Port = 5000
}))
{
Console.WriteLine("Press Enter to quit.");
var credentials = new HawkCredential
{
Id = "dh37fgj492je",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
Algorithm = "hmacsha256",
User = "******"
};
var request = (HttpWebRequest)HttpWebRequest.Create("http://localhost:5000/api/HelloWorld");
request.SignRequest(credentials);
request.Method = "GET";
using (var response = (HttpWebResponse)request.GetResponse())
{
Console.WriteLine("Call made. Status Code " + response.StatusCode);
}
Console.ReadKey();
}
}
private static void Main()
{
const string address = "http://localhost:925/";
var config = new HttpSelfHostConfiguration(address);
config.MapHttpAttributeRoutes();
var handler = new HawkMessageHandler(
async id => new HawkCredential
{
Id = id,
Key = "abcdefghijkl",
Algorithm = "sha256",
User = "******"
}, 4, true);
config.MessageHandlers.Add(handler);
using (var server = new HttpSelfHostServer(config))
{
server.OpenAsync().Wait();
var client = new HttpClient();
//this will fail
var request = new HttpRequestMessage(HttpMethod.Get, address + "test");
var response = client.SendAsync(request).Result;
Console.WriteLine(response.StatusCode);
Console.WriteLine();
var credential = new HawkCredential
{
Id = "this-is-my-id",
Key = "abcdefghijkl",
Algorithm = "sha256",
User = "******"
};
var clientHandler = new HawkClientMessageHandler(new HttpClientHandler(), credential, ts: DateTime.Now);
var client2 = new HttpClient(clientHandler);
//this will succeed
request = new HttpRequestMessage(HttpMethod.Get, address + "test");
var response2 = client2.SendAsync(request).Result;
Console.WriteLine(response2.StatusCode);
Console.WriteLine(response2.Content.ReadAsStringAsync().Result);
Console.WriteLine();
Console.WriteLine("Sleeping to get outside of the timestamp window. Next request will fail - replay protection.");
Thread.Sleep(5000);
//this will fail
request = new HttpRequestMessage(HttpMethod.Get, address + "test");
var response3 = client2.SendAsync(request).Result;
Console.WriteLine(response3.StatusCode);
Console.WriteLine();
Console.ReadLine();
}
}
public void ShouldFailAuthenticationOnMissingCredentialAlgorithm()
{
var credential = new HawkCredential
{
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
Hawk.Authenticate(ValidAuthorization, "example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), (s) => credential);
}
public void ShouldFailAuthenticationOnMissingCredentialAlgorithm()
{
var credential = new HawkCredential
{
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
Hawk.Authenticate(ValidAuthorization, "example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), (s) => credential);
}
public void ShouldFailAuthenticationOnMissingCredentialKey()
{
var credential = new HawkCredential
{
Algorithm = "sha1",
User = "******"
};
Hawk.Authenticate(ValidAuthorization, "example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), (s) => credential);
}
public void ShouldNotThrowWhenIncludeServerAuthorizationIsTrueAndAuthorizationIsEmpty()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "sha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var body = "hello world";
var bodyBytes = Encoding.UTF8.GetBytes(body);
var ms = new MemoryStream();
ms.Write(bodyBytes, 0, bodyBytes.Length);
ms.Flush();
ms.Seek(0, SeekOrigin.Begin);
var logger = new Logger();
var builder = new AppBuilderFactory().Create();
builder.SetLoggerFactory(new LoggerFactory(logger));
var context = new OwinContext();
var request = (OwinRequest)context.Request;
request.SetHeader("Authorization", new[] { "" });
request.Set <Action <Action <object>, object> >("server.OnSendingHeaders", RegisterForOnSendingHeaders);
request.Method = "post";
request.Body = ms;
request.SetHeader("Host", new string[] { "example.com" });
request.SetUri(new Uri("http://example.com:8080/resource/4?filter=a"));
request.ContentType = "text/plain";
var response = (OwinResponse)context.Response;
var middleware = new HawkAuthenticationMiddleware(
new AppFuncTransition((env) =>
{
response.StatusCode = 200;
return(Task.FromResult <object>(null));
}),
builder,
new HawkAuthenticationOptions
{
Credentials = (id) => Task.FromResult(credential),
IncludeServerAuthorization = true
}
);
var task = middleware.Invoke(context);
Assert.AreEqual(200, response.StatusCode);
Assert.AreEqual(null, task.Exception);
}
static void Main(string[] args)
{
string baseAddress = "http://localhost:8091/";
//TODO: It looks like there is a bug in the OWIN implementation. The Request URL does not receive
// the port number
// Start OWIN host
using (WebApp.Start <Startup>(url: baseAddress))
{
Console.WriteLine("Press Enter to quit.");
var credential = new HawkCredential
{
Id = "dh37fgj492je",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
Algorithm = "sha256",
User = "******"
};
var clientHandler = new HawkClientMessageHandler(new HttpClientHandler(), credential, "some-app-data");
var client = new HttpClient(clientHandler);
var request = new HttpRequestMessage(HttpMethod.Get, "http://localhost:8091/Api/HelloWorld");
request.Headers.Host = "localhost:8091";
var response = client.SendAsync(request).Result;
string message = response.Content.ReadAsStringAsync().Result;
Console.WriteLine("Response {0} - Http Status Code {1}", message, response.StatusCode);
var client2 = new HttpClient();
request = new HttpRequestMessage(HttpMethod.Get, "http://localhost:8091/Api/HelloWorldAnonymous");
request.Headers.Host = "localhost:8091";
response = client2.SendAsync(request).Result;
message = response.Content.ReadAsStringAsync().Result;
Console.WriteLine("Response {0} - Http Status Code {1}", message, response.StatusCode);
var client3 = new HttpClient();
var bewit = Hawk.GetBewit("localhost", new Uri("http://localhost:8091/Api/HelloWorld"), credential, 60000);
request = new HttpRequestMessage(HttpMethod.Get, "http://localhost:8091/Api/HelloWorld?bewit=" + bewit);
request.Headers.Host = "localhost:8091";
response = client3.SendAsync(request).Result;
message = response.Content.ReadAsStringAsync().Result;
Console.WriteLine("Response {0} - Http Status Code {1}", message, response.StatusCode);
Console.WriteLine("Press a key to close the app");
Console.ReadLine();
}
}
public HawkCredential Get(string identifier)
{
var credential = new HawkCredential
{
Id = "dh37fgj492je",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
Algorithm = "hmacsha256",
User = "******"
};
return(credential);
}
public void ShouldFailOnMissingCredentialKey()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "sha256",
User = "******"
};
var handler = new HawkClientMessageHandler(new DummyHttpMessageHandler(),
credential);
}
public void ShouldFailOnMissingCredentialAlgorithm()
{
var credential = new HawkCredential
{
Id = "123",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var handler = new HawkClientMessageHandler(new DummyHttpMessageHandler(),
credential);
}
public void ShouldFailOnMissingCredentialAlgorithm()
{
var credential = new HawkCredential
{
Id = "123",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var handler = new HawkClientMessageHandler(new DummyHttpMessageHandler(),
credential);
}
public void ShouldFailOnMissingCredentialKey()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "sha256",
User = "******"
};
var handler = new HawkClientMessageHandler(new DummyHttpMessageHandler(),
credential);
}
public void ShouldCalculateMacWithMissingExt()
{
var credential = new HawkCredential
{
Algorithm = "sha1",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
};
var mac = Hawk.CalculateMac("example.com", "Get", new Uri("http://example.com:8080/resource/4?filter=a"),
null, "1353788437", "123456", credential, "header");
Assert.AreEqual("xzewml0eeTU60IbA45JAj/9GbuY=", mac);
}
public void ShouldCalculateMac()
{
var credential = new HawkCredential
{
Algorithm = "sha1",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
};
var mac = Hawk.CalculateMac("example.com", "Get",
new Uri("http://example.com:8080/resource/4?filter=a"), "hello", "1353788437", "abcde", credential, "header");
Assert.AreEqual("wA0+3ewq39fEvDl9+tm8PF8fpbM=", mac);
}
public void ShouldCalculateMacWithMissingExt()
{
var credential = new HawkCredential
{
Algorithm = "sha1",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
};
var mac = Hawk.CalculateMac("example.com", "Get", new Uri("http://example.com:8080/resource/4?filter=a"),
null, "1353788437", "123456", credential, "header");
Assert.AreEqual("xzewml0eeTU60IbA45JAj/9GbuY=", mac);
}
public void ShouldCalculateMac()
{
var credential = new HawkCredential
{
Algorithm = "sha1",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
};
var mac = Hawk.CalculateMac("example.com", "Get",
new Uri("http://example.com:8080/resource/4?filter=a"), "hello", "1353788437", "abcde", credential, "header");
Assert.AreEqual("wA0+3ewq39fEvDl9+tm8PF8fpbM=", mac);
}
public void ShouldCalculatePayloadHash()
{
var credential = new HawkCredential
{
Id = "1",
Algorithm = "sha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
};
var hash = Hawk.CalculatePayloadHash("", "application/json", credential);
Assert.AreEqual("NVuBm+XMyya3Tq4EhpZ0cQWjVUyIA8sKnySkKDOIM4M=", hash);
}
public void ShouldParseValidAuthHeaderWithSha1()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "sha1",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var logger = new Logger();
var builder = new AppBuilderFactory().Create();
builder.SetLoggerFactory(new LoggerFactory(logger));
var ts = Hawk.ConvertToUnixTimestamp(DateTime.Now);
var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "j4h3g2", credential, "header");
var context = new OwinContext();
var request = (OwinRequest)context.Request;
request.Set <Action <Action <object>, object> >("server.OnSendingHeaders", RegisterForOnSendingHeaders);
request.Method = "get";
request.SetHeader("Host", new string[] { "example.com" });
request.SetUri(new Uri("http://example.com:8080/resource/4?filter=a"));
request.SetHeader("Authorization", new string[] { "Hawk " +
string.Format("id = \"456\", ts = \"{0}\", nonce=\"j4h3g2\", mac = \"{1}\", ext = \"hello\"",
ts, mac) });
var response = (OwinResponse)context.Response;
var middleware = new HawkAuthenticationMiddleware(
new AppFuncTransition((env) =>
{
response.StatusCode = 200;
return(Task.FromResult <object>(null));
}),
builder,
new HawkAuthenticationOptions
{
Credentials = (id) => Task.FromResult(credential)
}
);
middleware.Invoke(context);
Assert.AreEqual(200, response.StatusCode);
Assert.IsTrue(logger.Messages.Count == 0);
}
static void Main(string[] args)
{
var credential = new HawkCredential
{
Id = "id",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
Algorithm = "sha256",
User = "******"
};
MakeCall(credential);
Console.WriteLine("Press a key to exit");
Console.ReadLine();
}
public HawkClientMessageHandler(HttpMessageHandler innerHandler, HawkCredential credential, string ext = "", DateTime? ts = null, string nonce = null, bool includePayloadHash = false)
: base(innerHandler)
{
if (credential == null ||
string.IsNullOrEmpty(credential.Id) ||
string.IsNullOrEmpty(credential.Key) ||
string.IsNullOrEmpty(credential.Algorithm))
{
throw new ArgumentException("Invalid Credential", "credential");
}
this.credential = credential;
this.ext = ext;
this.ts = ts;
this.nonce = nonce;
this.includePayloadHash = includePayloadHash;
}
private async Task AuthenticateResponse(string authorization,
string host,
string method,
Uri uri,
string mediaType,
Func <string, Task <HawkCredential> > credentials,
IOwinResponse response)
{
var attributes = Hawk.ParseAttributes(authorization);
HawkCredential credential = null;
try
{
credential = await credentials(attributes["id"]);
}
catch (SecurityException ex) // we can't sign the response if there was a security exception
{
this.logger.WriteWarning(ex.Message);
return;
}
if (credential == null)
{
return; // we can't sign the response if there are no credentials
}
response.Body.Seek(0, SeekOrigin.Begin);
var payload = Encoding.UTF8.GetString(((StreamWrapper)response.Body).ToArray());
var hash = Hawk.CalculatePayloadHash(payload, mediaType, credential);
var mac = Hawk.CalculateMac(host,
method,
uri,
null,
attributes["ts"],
attributes["nonce"],
credential,
"response",
hash);
var serverAuthorization = string.Format("mac=\"{0}\", hash=\"{1}\"",
mac, hash);
response.Headers.Add("Server-Authorization", new string[] { "Hawk " + serverAuthorization });
}
public void ShouldAuthenticateBewitWithBewitFirstInQueryString()
{
var credential = new HawkCredential
{
Id = "1",
Algorithm = "sha1",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
};
var bewit = Hawk.GetBewit("example.com", new Uri("http://example.com:8080/resource/4?path=%2Fmovie%2Fcomedy%2F2014"), credential,
200, "hello");
var claims = Hawk.AuthenticateBewit(bewit, "example.com", new Uri("http://example.com:8080/resource/4?bewit=" + bewit + "&path=%2Fmovie%2Fcomedy%2F2014"),
s => credential);
Assert.IsNotNull(claims);
}
public void ShouldAuthenticateBewitWithEncodedUrl()
{
var credential = new HawkCredential
{
Id = "1",
Algorithm = "sha1",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
};
var bewit = Hawk.GetBewit("example.com", new Uri("http://example.com:8080/resource/4?path=%2Fmovie%2Fcomedy%2F2014"), credential,
200, "hello");
var claims = Hawk.AuthenticateBewit(bewit, "example.com", new Uri("http://example.com:8080/resource/4?path=%2Fmovie%2Fcomedy%2F2014&bewit=" + bewit),
s => credential);
Assert.IsNotNull(claims);
}
public void ShouldAuthenticateBewitAsync()
{
var credential = new HawkCredential
{
Id = "1",
Algorithm = "sha1",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
};
var bewit = Hawk.GetBewit("example.com", new Uri("http://example.com:8080/resource/4?filter=a"), credential,
200, "hello");
var claims = Hawk.AuthenticateBewitAsync(bewit, "example.com", new Uri("http://example.com:8080/resource/4?filter=a&bewit=" + bewit),
s => Task.FromResult(credential));
Assert.IsNotNull(claims);
}
public HawkClientMessageHandler(HttpMessageHandler innerHandler, HawkCredential credential, string ext = "", DateTime?ts = null, string nonce = null, bool includePayloadHash = false)
: base(innerHandler)
{
if (credential == null ||
string.IsNullOrEmpty(credential.Id) ||
string.IsNullOrEmpty(credential.Key) ||
string.IsNullOrEmpty(credential.Algorithm))
{
throw new ArgumentException("Invalid Credential", "credential");
}
this.credential = credential;
this.ext = ext;
this.ts = ts;
this.nonce = nonce;
this.includePayloadHash = includePayloadHash;
}
public void ShouldAuthenticateBewit()
{
var credential = new HawkCredential
{
Id = "1",
Algorithm = "sha1",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
};
var bewit = Hawk.GetBewit("example.com", new Uri("http://example.com:8080/resource/4?filter=a"), credential,
200, "hello");
var claims = Hawk.AuthenticateBewit(bewit, "example.com", new Uri("http://example.com:8080/resource/4?filter=a&bewit=" + bewit),
s => credential);
Assert.IsNotNull(claims);
}
public void ShouldGetBewit()
{
var credential = new HawkCredential
{
Id = "1",
Algorithm = "sha1",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
};
var bewit = Hawk.GetBewit("example.com", new Uri("http://example.com:8080/resource/4?filter=a"), credential,
200, "hello");
var parts = Encoding.UTF8.GetString(Convert.FromBase64String(bewit)).Split('\\');
Assert.AreEqual(4, parts.Length);
Assert.AreEqual(credential.Id, parts[0]);
Assert.AreEqual("hello", parts[3]);
}
public void ShouldCalculateMacWithPayloadHash()
{
var credential = new HawkCredential
{
Algorithm = "hmacsha1",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
};
var hmac = System.Security.Cryptography.HMAC.Create(credential.Algorithm);
hmac.Key = Encoding.ASCII.GetBytes(credential.Key);
var hash = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes("Thank you for flying Hawk")));
var mac = Hawk.CalculateMac("example.com", "Get",
new Uri("http://example.com:8080/resource/4?filter=a"), "hello", "1353788437", "123456", credential, "header", hash);
Assert.AreEqual("FLDcWaRlOYy9NF6KvAPq/OexkmI=", mac);
}
public void ShouldCalculateMacWithPayloadHash()
{
var credential = new HawkCredential
{
Algorithm = "sha1",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
};
var hmac = System.Security.Cryptography.HMAC.Create("hmac" + credential.Algorithm);
hmac.Key = Encoding.ASCII.GetBytes(credential.Key);
var hash = Hawk.CalculatePayloadHash("Thank you for flying Hawk", "text/plain", credential);
var mac = Hawk.CalculateMac("example.com", "Get",
new Uri("http://example.com:8080/resource/4?filter=a"), "hello", "1353788437", "123456", credential, "header", hash);
Assert.AreEqual("lQ38ztM8oE2G4DuAQxL+H/E4yaY=", mac);
}
public void ShouldFailWithTimestampInTheFuture()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "sha1",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now.Add(TimeSpan.FromHours(1))));
var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "k3j4h2", credential, "header");
var authorization = string.Format("id=\"456\", ts=\"{0}\", nonce=\"k3j4h2\", mac=\"{1}\", ext=\"hello\"",
ts, mac);
Hawk.Authenticate(authorization, "example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), (s) => credential);
}
public void ShouldCalculateMacWithMissingExt()
{
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a");
var ts = "1353788437";
var nonce = "123456";
var credential = new HawkCredential
{
Id = "123",
Algorithm = "hmacsha1",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
};
var mac = Hawk.CalculateMac("example.com", "Get", new Uri("http://example.com:8080/resource/4?filter=a"),
null, ts, nonce, credential, "header");
Assert.AreEqual("xzewml0eeTU60IbA45JAj/9GbuY=", mac);
}
public void ShouldCalculateMac()
{
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a");
request.Headers.Host = "example.com";
var ts = "1353788437";
var ext = "hello";
var nonce = "123456";
var credential = new HawkCredential
{
Id = "123",
Algorithm = "hmacsha1",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
};
var mac = Hawk.CalculateMac(request.Headers.Host, request.Method.ToString(), request.RequestUri,
ext, ts, nonce, credential, "header");
Assert.AreEqual("AJhfGJR+mEVOISNMDUIeLr9ONgc=", mac);
}
public void ShouldParseValidAuthHeaderWithSha256()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "hmacsha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var logger = new Logger();
var builder = new AppBuilderFactory().Create();
builder.SetLoggerFactory(new LoggerFactory(logger));
var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000);
var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "j4h3g2", credential, "header");
var request = OwinRequest.Create();
request.Set<Action<Action<object>, object>>("server.OnSendingHeaders", RegisterForOnSendingHeaders);
request.Method = "get";
request.SetHeader("Host", new string[] { "example.com" });
request.SetUri(new Uri("http://example.com:8080/resource/4?filter=a"));
request.SetHeader("Authorization", new string[] { "Hawk " +
string.Format("id = \"456\", ts = \"{0}\", nonce=\"j4h3g2\", mac = \"{1}\", ext = \"hello\"",
ts, mac)});
var response = new OwinResponse(request);
var middleware = new HawkAuthenticationMiddleware(
new AppFuncTransition((env) =>
{
response.StatusCode = 200;
return Task.FromResult<object>(null);
}),
builder,
new HawkAuthenticationOptions
{
Credentials = (id) => Task.FromResult(credential)
}
);
middleware.Invoke(request, response);
Assert.AreEqual(200, response.StatusCode);
Assert.IsTrue(logger.Messages.Count == 0);
}
public void ShouldAuthenticateBewitWithEncodedUrlWithPercentSpaces()
{
var credential = new HawkCredential
{
Id = "1",
Algorithm = "sha1",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
};
var bewit = Hawk.GetBewit("example.com", new Uri("http://example.com:8080/resource/4?path=%2Fmovie%2Fcomedy%20club%2F2014"), credential,
200);
var claims = Hawk.AuthenticateBewit(bewit, "example.com", new Uri("http://example.com:8080/resource/4?path=%2Fmovie%2Fcomedy%20club%2F2014&bewit=" + bewit),
s => credential);
Assert.IsNotNull(claims);
}
public void ShouldParseValidAuthHeaderAndPayloadWithSha256()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "sha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var body = "hello world";
var bodyBytes = Encoding.UTF8.GetBytes(body);
var ms = new MemoryStream();
ms.Write(bodyBytes, 0, bodyBytes.Length);
ms.Flush();
ms.Seek(0, SeekOrigin.Begin);
var logger = new Logger();
var builder = new AppBuilderFactory().Create();
builder.SetLoggerFactory(new LoggerFactory(logger));
var hash = Hawk.CalculatePayloadHash(body, "text/plain", credential);
var ts = Hawk.ConvertToUnixTimestamp(DateTime.Now);
var mac = Hawk.CalculateMac("example.com", "post", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "j4h3g2", credential, "header", hash);
var context = new OwinContext();
var request = (OwinRequest)context.Request;
request.Set<Action<Action<object>, object>>("server.OnSendingHeaders", RegisterForOnSendingHeaders);
request.Method = "post";
request.Body = ms;
request.SetHeader("Host", new string[] { "example.com" });
request.SetUri(new Uri("http://example.com:8080/resource/4?filter=a"));
request.ContentType = "text/plain";
request.SetHeader("Authorization", new string[] { "Hawk " +
string.Format("id = \"456\", ts = \"{0}\", nonce=\"j4h3g2\", mac = \"{1}\", ext = \"hello\", hash=\"{2}\"",
ts, mac, hash)});
var response = (OwinResponse)context.Response;
var middleware = new HawkAuthenticationMiddleware(
new AppFuncTransition((env) =>
{
response.StatusCode = 200;
return Task.FromResult<object>(null);
}),
builder,
new HawkAuthenticationOptions
{
Credentials = (id) => Task.FromResult(credential)
}
);
middleware.Invoke(context);
Assert.AreEqual(200, response.StatusCode);
Assert.IsTrue(logger.Messages.Count == 0);
}
public void ShouldParseValidAuthHeaderWithSha1Async()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "sha1",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000);
var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "k3j4h2", credential, "header");
var authorization = string.Format("id=\"456\", ts=\"{0}\", nonce=\"k3j4h2\", mac=\"{1}\", ext=\"hello\"",
ts, mac);
var principal = Hawk.AuthenticateAsync(authorization, "example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"),
(s) => Task.FromResult(credential));
Assert.IsNotNull(principal);
}
public void ShouldParseValidBewit()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "hmacsha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var filter = new RequiresHawkAttribute((id) =>
{
return credential;
});
var bewit = Hawk.GetBewit("example.com", new Uri("http://example.com:8080/resource/4?filter=a"), credential, 1000);
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a&bewit=" + bewit);
request.Headers.Host = "example.com";
var context = new HttpActionContext();
context.ControllerContext = new HttpControllerContext();
context.ControllerContext.Request = request;
filter.OnAuthorization(context);
Assert.AreEqual(Thread.CurrentPrincipal.GetType(), typeof(ClaimsPrincipal));
}
public void ShouldParseValidAuthHeaderWithPayloadHashAndSha256()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "sha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var hmac = System.Security.Cryptography.HMAC.Create("hmac" + credential.Algorithm);
hmac.Key = Encoding.ASCII.GetBytes(credential.Key);
var hash = Hawk.CalculatePayloadHash("Thank you for flying Hawk", "text/plain", credential);
var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now));
var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "k3j4h2", credential, "header", hash);
var authorization = string.Format("id=\"456\", ts=\"{0}\", nonce=\"k3j4h2\", mac=\"{1}\", ext=\"hello\", hash=\"{2}\"",
ts, mac, hash);
var principal = Hawk.Authenticate(authorization, "example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), (s) => credential,
requestPayload:() => "Thank you for flying Hawk", mediaType: "text/plain");
Assert.IsNotNull(principal);
}
public void ShouldGetBewit()
{
var credential = new HawkCredential
{
Id = "1",
Algorithm = "sha1",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
};
var bewit = Hawk.GetBewit("example.com", new Uri("http://example.com:8080/resource/4?filter=a"), credential,
200, "hello");
var parts = Encoding.UTF8.GetString(Convert.FromBase64String(bewit)).Split('\\');
Assert.AreEqual(4, parts.Length);
Assert.AreEqual(credential.Id, parts[0]);
Assert.AreEqual("hello", parts[3]);
}
public void ShouldFailWithTimestampInThePast()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "sha1",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now.Subtract(TimeSpan.FromHours(1))));
var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "k3j4h2", credential, "header");
var authorization = string.Format("id=\"456\", ts=\"{0}\", nonce=\"k3j4h2\", mac=\"{1}\", ext=\"hello\"",
ts, mac);
Hawk.Authenticate(authorization, "example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), (s) => credential);
}
public void ShouldCalculatePayloadHash()
{
var credential = new HawkCredential
{
Id = "1",
Algorithm = "sha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
};
var hash = Hawk.CalculatePayloadHash("", "application/json", credential);
Assert.AreEqual("NVuBm+XMyya3Tq4EhpZ0cQWjVUyIA8sKnySkKDOIM4M=", hash);
}
public void ShouldParseValidAuthHeaderWithSha256()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "hmacsha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var filter = new HawkRequestFilter((id) =>
{
return credential;
});
var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000);
var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "j4h3g2", credential, "header");
var headers = new NameValueCollection();
var request = new Mock<IHttpRequest>();
request.SetupGet(r => r.AbsoluteUri).Returns("http://example.com:8080/resource/4?filter=a");
request.SetupGet(r => r.HttpMethod).Returns("GET");
request.SetupGet(r => r.Headers).Returns(headers);
headers.Add("Host", "example.com");
headers.Add("Authorization", "Hawk " + string.Format("id = \"456\", ts = \"{0}\", nonce=\"j4h3g2\", mac = \"{1}\", ext = \"hello\"",
ts, mac));
var response = new Mock<IHttpResponse>();
response.Setup(r => r.StatusCode).Throws(new Exception("StatusCode should not be set"));
filter.Execute(request.Object, response.Object, new object());
}
public void ShouldAuthenticateBewitWithEncodedUrlWithForeignChars()
{
var credential = new HawkCredential
{
Id = "1",
Algorithm = "sha1",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
};
var bewit = Hawk.GetBewit("example.com", new Uri("http://example.com:8080/resource/4?path=Soluci%C3%B3n.docx"), credential,
200, "hello");
var claims = Hawk.AuthenticateBewit(bewit, "example.com", new Uri("http://example.com:8080/resource/4?path=Soluci%C3%B3n.docx&bewit=" + bewit),
s => credential);
Assert.IsNotNull(claims);
}
public void ShouldParseValidAuthHeaderWithSha256()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "hmacsha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var filter = new RequiresHawkAttribute((id) =>
{
return credential;
});
var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000);
var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "j4h3g2", credential, "header");
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a");
request.Headers.Authorization = new AuthenticationHeaderValue("Hawk", string.Format("id = \"456\", ts = \"{0}\", nonce=\"j4h3g2\", mac = \"{1}\", ext = \"hello\"",
ts, mac));
request.Headers.Host = "example.com";
var context = new HttpActionContext();
context.ControllerContext = new HttpControllerContext();
context.ControllerContext.Request = request;
filter.OnAuthorization(context);
Assert.AreEqual(Thread.CurrentPrincipal.GetType(), typeof(ClaimsPrincipal));
}
public void ShouldFailAuthenticationOnMissingCredentialKey()
{
var credential = new HawkCredential
{
Algorithm = "sha1",
User = "******"
};
Hawk.Authenticate(ValidAuthorization, "example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), (s) => credential);
}
public void ShouldGenerateAuthHeaderWithPayloadHash()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "hmacsha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var payload = "foo";
var hmac = System.Security.Cryptography.HMAC.Create(credential.Algorithm);
hmac.Key = Encoding.ASCII.GetBytes(credential.Key);
var payloadHash = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(payload)));
var nonce = Hawk.GetRandomString(6);
var date = DateTime.UtcNow;
var ts = Hawk.ConvertToUnixTimestamp(date).ToString();
var handler = new HawkClientMessageHandler(new DummyHttpMessageHandler(),
credential, "hello", date, nonce, true);
var request = new HttpRequestMessage(HttpMethod.Post, "http://example.com:8080/resource/4?filter=a");
request.Content = new StringContent(payload);
var invoker = new HttpMessageInvoker(handler);
var response = invoker.SendAsync(request, new CancellationToken());
var mac = Hawk.CalculateMac(request.Headers.Host, request.Method.ToString(), request.RequestUri,
"hello", ts, nonce, credential, "header", payloadHash);
var parameter = string.Format("id=\"{0}\", ts=\"{1}\", nonce=\"{2}\", mac=\"{3}\", ext=\"{4}\", hash=\"{5}\"",
credential.Id, ts, nonce, mac, "hello", payloadHash);
Assert.IsNotNull(request.Headers.Authorization);
Assert.AreEqual("Hawk", request.Headers.Authorization.Scheme);
Assert.AreEqual(parameter,
request.Headers.Authorization.Parameter);
}
public void ShouldParseValidAuthHeaderWithSha256()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "hmacsha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var handler = new HawkMessageHandler(new DummyHttpMessageHandler(), (id) =>
{
return credential;
});
var invoker = new HttpMessageInvoker(handler);
var ts = Hawk.ConvertToUnixTimestamp(DateTime.Now).ToString();
var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "j4h3g2", credential, "header");
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a");
request.Headers.Authorization = new AuthenticationHeaderValue("Hawk", string.Format("id = \"456\", ts = \"{0}\", nonce=\"j4h3g2\", mac = \"{1}\", ext = \"hello\"",
ts, mac));
request.Headers.Host = "example.com";
var response = invoker.SendAsync(request, new CancellationToken())
.Result;
Assert.AreEqual(HttpStatusCode.OK, response.StatusCode);
Assert.AreEqual(Thread.CurrentPrincipal.GetType(), typeof(ClaimsPrincipal));
}
