internal Cryptographer(NormalizedRequest request, ArtifactsContainer artifacts, Credential credential)
{
this.normalizedRequest = request;
this.artifacts = artifacts;
this.credential = credential;
this.hasher = new Hasher(credential.Algorithm);
}
/// <summary>
/// Returns true, if the HMAC calculated for the normalized representation of the timestamp data that
/// this instance represents matches the passed in HMAC.
/// </summary>
internal bool IsValid(byte[] hmacToValidateAgainst)
{
Hasher hasher = new Hasher(credential.Algorithm);
byte[] computedMac = hasher.ComputeHmac(this.ToString().ToBytesFromUtf8(), credential.Key);
// Okay not to use the constant-time comparison, since the timestamp
// HMAC validation is done in the client side
return computedMac.SequenceEqual(hmacToValidateAgainst);
}
/// <summary>
/// Returns the header parameter to be put into the HTTP WWW-Authenticate header. The field ts has the timestamp
/// in UNIX time corresponding to the server clock and the field tsm is the MAC calculated for the normalized
/// timestamp data using the shared symmetric key and the algorithm agreed upon.
/// </summary>
/// <returns></returns>
internal string ToWwwAuthenticateHeaderParameter()
{
Hasher hasher = new Hasher(credential.Algorithm);
byte[] data = this.ToString().ToBytesFromUtf8();
string tsm = hasher.ComputeHmac(data, credential.Key).ToBase64String();
char trailer = ',';
StringBuilder result = new StringBuilder();
result.AppendIfNotEmpty(TS, fresh.ToString(), trailer)
.AppendIfNotEmpty(TSM, tsm, trailer);
return result.ToString().Trim().Trim(trailer);
}
