public string ExtractSignatureString(IRequest request, ISignatureSpecification signatureAuth)
{
var headerStrings = (from h in signatureAuth.Headers
select string.Format("{0}: {1}", h, GetHeaderValue(h, request))).ToList();
return(string.Join("\n", headerStrings));
}
public VerifiedSignature Signature(IRequest r, ISignatureSpecification spec, IKeyStore keyStore)
{
var authorization = r.GetHeader("authorization");
if (string.IsNullOrEmpty(authorization))
{
throw new SignatureMissingException("No authorization header present");
}
var signatureAuth = authorizationParser.Parse(authorization);
if (spec == null)
{
spec = signatureAuth;
}
else
{
if (spec.Algorithm != signatureAuth.Algorithm)
{
throw new InvalidSignatureException(string.Format("Algorith mismatch. Wanted: {0}, found: {1}", spec.Algorithm, signatureAuth.Algorithm));
}
var missingHeaders = spec.Headers.Where(h => !signatureAuth.Headers.Contains(h)).ToList();
if (missingHeaders.Any())
{
throw new InvalidSignatureException(string.Format("Missing headers in signature: {0}", string.Join(",", missingHeaders)));
}
}
var signature = CalculateSignature(r, spec, keyStore.Get(signatureAuth.KeyId));
return(new VerifiedSignature(signatureAuth, signature));
}
private string FormatAuthorization(ISignatureSpecification spec, string signature)
{
return(string.Format("Signature keyId=\"{0}\",algorithm=\"{1}\",headers=\"{2}\",signature=\"{3}\"",
spec.KeyId,
spec.Algorithm,
string.Join(" ", spec.Headers),
signature));
}
public string GenerateSignature(IRequest request, ISignatureSpecification signatureSpecification)
{
var signatureString = _httpSignatureStringExtractor.ExtractSignatureString(request, signatureSpecification);
var signedString = _stringSigner.Sign(signatureString);
string authorizationHeader = FormatAuthorization(signatureSpecification, signedString);
return(authorizationHeader);
}
public void Sign(IRequest r, ISignatureSpecification spec, string keyId, string base64Key)
{
//TODO: spec should not contain key id, currently keyId is taken from spec here
if (string.IsNullOrEmpty(spec.KeyId))
{
throw new NotImplementedException("For now, the spec must supply a keyId");
}
var signature = CalculateSignature(r, spec, base64Key);
var auth = FormatAuthorization(spec, signature);
r.SetHeader("Authorization", auth);
}
public string CalculateSignature(IRequest r, ISignatureSpecification spec, string key)
{
var algorithm = spec.Algorithm;
var signatureString = signatureStringExtractor.ExtractSignatureString(r, spec);
var hmac = HMAC.Create(algorithm.Replace("-", "").ToUpper());
hmac.Initialize();
hmac.Key = Convert.FromBase64String(key);
var bytes = hmac.ComputeHash(new MemoryStream(Encoding.UTF8.GetBytes(signatureString)));
var signature = Convert.ToBase64String(bytes);
return signature;
}
private string FormatAuthorization(ISignatureSpecification spec, string signature)
{
string listOfHeaders = string.Join(" ", spec.Headers);
if (!spec.IncludePseduoHeaderInSigantureString)
{
listOfHeaders = listOfHeaders.Replace("(request-target) ", "");
}
return
($"keyId=\"{spec.KeyId}\",algorithm=\"{spec.Algorithm}\",headers=\"{listOfHeaders}\",signature=\"{signature}\"");
}
public void Sign(IRequest r, ISignatureSpecification spec, string keyId, string base64Key)
{
//TODO: spec should not contain key id, currently keyId is taken from spec here
if (string.IsNullOrEmpty(spec.KeyId))
{
throw new NotImplementedException("For now, the spec must supply a keyId");
}
var signature = CalculateSignature(r, spec, base64Key);
var auth = FormatAuthorization(spec, signature);
r.SetHeader("Authorization", auth);
}
public string CalculateSignature(IRequest r, ISignatureSpecification spec, string key)
{
var algorithm = spec.Algorithm;
var signatureString = signatureStringExtractor.ExtractSignatureString(r, spec);
var hmac = HMAC.Create(algorithm.Replace("-", "").ToUpper());
hmac.Initialize();
hmac.Key = Convert.FromBase64String(key);
var bytes = hmac.ComputeHash(new MemoryStream(Encoding.UTF8.GetBytes(signatureString)));
var signature = Convert.ToBase64String(bytes);
return(signature);
}
public VerifiedSignature Signature(IRequest r, ISignatureSpecification spec, IKeyStore keyStore)
{
var authorization = r.GetHeader("authorization");
if (string.IsNullOrEmpty(authorization)) throw new SignatureMissingException("No authorization header present");
var signatureAuth = authorizationParser.Parse(authorization);
if (spec == null) {
spec = signatureAuth;
} else {
if (spec.Algorithm != signatureAuth.Algorithm) {
throw new InvalidSignatureException(string.Format("Algorith mismatch. Wanted: {0}, found: {1}", spec.Algorithm, signatureAuth.Algorithm));
}
var missingHeaders = spec.Headers.Where(h=> !signatureAuth.Headers.Contains(h)).ToList();
if (missingHeaders.Any()) {
throw new InvalidSignatureException(string.Format("Missing headers in signature: {0}", string.Join(",", missingHeaders)));
}
}
var signature = CalculateSignature(r, spec, keyStore.Get(signatureAuth.KeyId));
return new VerifiedSignature(signatureAuth, signature);
}
public static void Sign(IRequest request, ISignatureSpecification spec, string keyId, string key)
{
Signer.Sign(request, spec, keyId, key);
}
public static VerifiedSignature VerifiedSignature(HttpRequest request, ISignatureSpecification spec, IKeyStore keyStore)
{
return(Signer.Signature(request, spec, keyStore));
}
public VerifiedSignature Signature(HttpRequest r, ISignatureSpecification spec, IKeyStore keyStore)
{
return(Signature(Request.FromHttpRequest(r), spec, keyStore));
}
public string ExtractSignatureString(IRequest request, ISignatureSpecification signatureAuth)
{
var headerStrings = (from h in signatureAuth.Headers
select string.Format("{0}: {1}", h, GetHeaderValue (h, request))).ToList();
return string.Join("\n", headerStrings);
}
public SignatureAuthenticator(ISignatureSpecification signatureSpec, IKeyStore keyStore)
{
_signatureSpec = signatureSpec;
_keyStore = keyStore;
_log = LogManager.GetCurrentClassLogger();
}
public static string WwwAuthenticateChallenge(this ISignatureSpecification spec)
{
return(string.Format("Signature realm=\"{0}\",headers=\"{1}\"", spec.Realm, string.Join(" ", spec.Headers)));
}
public RSAStringSigner(ISignatureSpecification signatureSpecification, RSAParameters rsaParameters)
{
_signatureSpecification = signatureSpecification;
_rsaParameters = rsaParameters;
}
public DigestGenerator(ISignatureSpecification signatureSpecification) : this(signatureSpecification.HashAlgorithm)
{
}
public static void Sign(IRequest request, ISignatureSpecification spec, string keyId, string key)
{
Signer.Sign(request, spec, keyId, key);
}
public static VerifiedSignature VerifiedSignature(HttpRequest request, ISignatureSpecification spec, IKeyStore keyStore)
{
return Signer.Signature(request, spec, keyStore);
}
public VerifiedSignature Signature(HttpRequest r, ISignatureSpecification spec, IKeyStore keyStore)
{
return Signature(Request.FromHttpRequest(r), spec, keyStore);
}
public SignatureDelegatingHandler(ISignatureGenerator signatureGenerator, ISignatureSpecification signatureSpecification)
{
_signatureGenerator = signatureGenerator;
_signatureSpecification = signatureSpecification;
}
public void Sign(HttpRequestMessage r, ISignatureSpecification spec, string keyId, string base64Key)
{
var req = new HttpRequestMessageWrapper(r);
Sign(req, spec, keyId, base64Key);
}
public void Sign(HttpRequestMessage r, ISignatureSpecification spec, string keyId, string base64Key)
{
var req = new HttpRequestMessageWrapper(r);
Sign(req, spec, keyId, base64Key);
}
/// <summary>
/// Create the header field string by concatenating the **lowercased** header field name
/// followed with an ASCII colon `:`, an ASCII space ` `, and the header field value.
/// Leading and trailing optional whitespace (OWS) in the header field value MUST be omitted
/// (as specified in RFC7230, Section 3.2.4). If there are multiple instances of the same header field,
/// all header field values associated with the header field MUST be concatenated, separated by a ASCII comma
/// and an ASCII space `, `, and used in the order in which they will appear in the transmitted HTTP message.
/// Any other modification to the header field value MUST NOT be made.
/// </summary>
/// <param name="header"></param>
/// <returns></returns>
public string ExtractSignatureString(IRequest request, ISignatureSpecification signatureAuth)
{
var headerStrings = signatureAuth.Headers.Select(header => $"{CleanHeaderName(header)}: {string.Join(HeaderSeperationString, GetHeaderValue(header, request))}");
return(string.Join("\n", headerStrings));
}
public SignatureAuthenticator(ISignatureSpecification signatureSpec, IKeyStore keyStore)
{
_signatureSpec = signatureSpec;
_keyStore = keyStore;
_log = LogManager.GetCurrentClassLogger();
}
private string FormatAuthorization(ISignatureSpecification spec, string signature)
{
return string.Format("Signature keyId=\"{0}\",algorithm=\"{1}\",headers=\"{2}\",signature=\"{3}\"",
spec.KeyId,
spec.Algorithm,
string.Join(" ", spec.Headers),
signature);
}
