private static void SetCadataTtlCookie(AesCryptoServiceProvider aes, int flags, HttpRequest httpRequest, HttpResponse httpResponse) { using (ICryptoTransform cryptoTransform = aes.CreateEncryptor()) { FbaModule.DetermineKeyIntervalsIfNecessary(); bool flag = (flags & 4) == 4; bool flag2 = FbaModule.IsMowa(httpRequest, flag); ExDateTime exDateTime = ExDateTime.UtcNow.AddTicks(flag2 ? FbaModule.fbaMowaKeyTTL.Ticks : (flag ? FbaModule.fbaPrivateKeyTTL.Ticks : FbaModule.fbaPublicKeyTTL.Ticks)); byte[] array = new byte[9]; ExBitConverter.Write(exDateTime.UtcTicks, array, 0); array[8] = (byte)flags; byte[] inArray = cryptoTransform.TransformFinalBlock(array, 0, array.Length); FbaModule.CreateAndAddCookieToResponse(httpRequest, httpResponse, "cadataTTL", Convert.ToBase64String(inArray)); } }
private void ParseCadataCookies(HttpApplication httpApplication) { HttpContext context = httpApplication.Context; HttpRequest request = context.Request; HttpResponse response = context.Response; RequestDetailsLogger current = RequestDetailsLoggerBase <RequestDetailsLogger> .GetCurrent(context); string text = null; if (request.Cookies["cadata"] != null && request.Cookies["cadata"].Value != null) { text = request.Cookies["cadata"].Value; } string text2 = null; if (request.Cookies["cadataKey"] != null && request.Cookies["cadataKey"].Value != null) { text2 = request.Cookies["cadataKey"].Value; } string text3 = null; if (request.Cookies["cadataIV"] != null && request.Cookies["cadataIV"].Value != null) { text3 = request.Cookies["cadataIV"].Value; } string text4 = null; if (request.Cookies["cadataSig"] != null && request.Cookies["cadataSig"].Value != null) { text4 = request.Cookies["cadataSig"].Value; } string text5 = null; if (request.Cookies["cadataTTL"] != null && request.Cookies["cadataTTL"].Value != null) { text5 = request.Cookies["cadataTTL"].Value; } if (text == null || text2 == null || text3 == null || text4 == null || text5 == null) { return; } byte[] array = null; byte[] array2 = null; PerfCounters.HttpProxyCacheCountersInstance.FbaModuleKeyCacheHitsRateBase.Increment(); FbaModule.KeyCache.TryGetValue(text2, out array); FbaModule.KeyCache.TryGetValue(text3, out array2); if (array != null && array2 != null) { PerfCounters.HttpProxyCacheCountersInstance.FbaModuleKeyCacheHitsRate.Increment(); goto IL_362; } string text6 = null; RSACryptoServiceProvider rsacryptoServiceProvider; try { X509Certificate2 sslCertificate = FbaModule.GetSslCertificate(request); rsacryptoServiceProvider = (sslCertificate.PrivateKey as RSACryptoServiceProvider); if (rsacryptoServiceProvider != null) { byte[] rgb = Convert.FromBase64String(text4); byte[] bytes = rsacryptoServiceProvider.Decrypt(rgb, true); string @string = Encoding.Unicode.GetString(bytes); if (string.Compare(@string, "Fba Rocks!", StringComparison.Ordinal) != 0) { text6 = "does not match the SSL certificate on the Cafe web-site on another server in this Cafe array"; } } else { text6 = "does not contain RSACryptoServiceProvider"; if (ExTraceGlobals.VerboseTracer.IsTraceEnabled(TraceType.DebugTrace)) { ExTraceGlobals.VerboseTracer.TraceDebug((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] Certificate:{0},Name:{1},Thumbprint:{2},PrivateKeyKey.(Exchange/Signature)Algorighm:{3} has no RSACryptoServiceProvider", new object[] { sslCertificate.Subject, sslCertificate.FriendlyName, sslCertificate.Thumbprint, (sslCertificate.PrivateKey == null) ? "NULL" : (sslCertificate.PrivateKey.KeyExchangeAlgorithm + "/" + sslCertificate.PrivateKey.SignatureAlgorithm) }); } } } catch (CryptographicException arg) { ExTraceGlobals.VerboseTracer.TraceDebug <CryptographicException>((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] Received CryptographicException {0} decrypting cadataSig", arg); return; } if (text6 == null) { byte[] rgb2 = Convert.FromBase64String(text2); byte[] rgb3 = Convert.FromBase64String(text3); try { array = rsacryptoServiceProvider.Decrypt(rgb2, true); array2 = rsacryptoServiceProvider.Decrypt(rgb3, true); } catch (CryptographicException arg2) { ExTraceGlobals.VerboseTracer.TraceDebug <CryptographicException>((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] Received CryptographicException {0} decrypting symKey/symIV", arg2); return; } this.cadataKeyString = text2; this.cadataIVString = text3; this.symKey = array; this.symIV = array2; goto IL_362; } ExTraceGlobals.VerboseTracer.TraceError <string, string>((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] {0} {1}", "Error in validating Cadata signature. This most likely indicates that the SSL certifcate on the Cafe web-site on this server ", text6); return; IL_362: using (AesCryptoServiceProvider aesCryptoServiceProvider = new AesCryptoServiceProvider()) { aesCryptoServiceProvider.Key = array; aesCryptoServiceProvider.IV = array2; using (ICryptoTransform cryptoTransform = aesCryptoServiceProvider.CreateDecryptor()) { byte[] array3 = Convert.FromBase64String(text5); byte[] array4 = null; try { array4 = cryptoTransform.TransformFinalBlock(array3, 0, array3.Length); } catch (CryptographicException arg3) { ExTraceGlobals.VerboseTracer.TraceDebug <CryptographicException>((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] Received CryptographicException {0} transforming TTL", arg3); return; } if (array4.Length < 1) { ExTraceGlobals.VerboseTracer.TraceDebug((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] TTL length was less than 1."); return; } long ticks = BitConverter.ToInt64(array4, 0); int num = (int)array4[8]; bool flag = (num & 4) == 4; context.Items["Flags"] = num; ExDateTime t = new ExDateTime(ExTimeZone.UtcTimeZone, ticks); ExDateTime utcNow = ExDateTime.UtcNow; if (t < utcNow) { if (request.HttpMethod.Equals("GET", StringComparison.OrdinalIgnoreCase)) { if (request.QueryString.ToString().StartsWith("oeh=1&", StringComparison.OrdinalIgnoreCase)) { RequestDetailsLoggerBase <RequestDetailsLogger> .SafeAppendGenericInfo(current, "LoginTimeout", "440 - GET/OEH"); this.Send440Response(httpApplication, false); } else { RequestDetailsLoggerBase <RequestDetailsLogger> .SafeAppendGenericInfo(current, "LoginTimeout", "302 - GET/Timeout"); this.RedirectToFbaLogon(httpApplication, FbaModule.LogonReason.Timeout); } } else if (request.HttpMethod.Equals("POST", StringComparison.OrdinalIgnoreCase)) { RequestDetailsLoggerBase <RequestDetailsLogger> .SafeAppendGenericInfo(current, "LoginTimeout", "440 - POST"); this.Send440Response(httpApplication, true); } else { RequestDetailsLoggerBase <RequestDetailsLogger> .SafeAppendGenericInfo(current, "LoginTimeout", "440 - " + request.HttpMethod); this.Send440Response(httpApplication, false); } return; } FbaModule.DetermineKeyIntervalsIfNecessary(); ExDateTime t2 = t.AddTicks(-2L * (flag ? FbaModule.fbaPrivateKeyReissueInterval.Ticks : FbaModule.fbaPublicKeyReissueInterval.Ticks)); if (t2 < utcNow && OwaAuthenticationHelper.IsOwaUserActivityRequest(request)) { FbaModule.SetCadataTtlCookie(aesCryptoServiceProvider, num, request, response); } } using (ICryptoTransform cryptoTransform2 = aesCryptoServiceProvider.CreateDecryptor()) { byte[] array5 = Convert.FromBase64String(text); byte[] bytes2 = null; try { bytes2 = cryptoTransform2.TransformFinalBlock(array5, 0, array5.Length); } catch (CryptographicException arg4) { ExTraceGlobals.VerboseTracer.TraceDebug <CryptographicException>((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] Received CryptographicException {0} transforming auth", arg4); return; } string string2 = Encoding.Unicode.GetString(bytes2); request.Headers["Authorization"] = string2; } } }