/// <summary>
/// Adds the WWW-Authenticate header in case of a 401 - Unauthorized response and
/// the Server-Authorization header in case of a successful request.
/// </summary>
public async Task CreateServerAuthorizationAsync(HttpResponseMessage response, Func <HttpResponseMessage, string> normalizationCallback)
{
if (response.StatusCode == HttpStatusCode.Unauthorized)
{
var header = new AuthenticationHeaderValue(HawkConstants.Scheme, request.GetChallengeParameter());
response.Headers.WwwAuthenticate.Add(header);
}
else
{
if (this.result != null && this.result.IsAuthentic && !this.isBewitRequest) // No Server-Authorization header for bewit requests
{
if (normalizationCallback != null)
{
this.result.Artifacts.ApplicationSpecificData = normalizationCallback(response);
}
// Sign the response
var normalizedRequest = new NormalizedRequest(request, this.result.Artifacts);
var crypto = new Cryptographer(normalizedRequest, this.result.Artifacts, this.result.Credential);
await crypto.SignAsync(response.Content);
string authorization = this.result.Artifacts.ToServerAuthorizationHeaderParameter();
if (!String.IsNullOrWhiteSpace(authorization))
{
response.Headers.Add(HawkConstants.ServerAuthorizationHeaderName,
HawkConstants.Scheme + " " + authorization);
}
}
}
}
/// <summary>
/// Returns the string representation of the bewit, which is a base64 URL encoded string of format
/// id\exp\mac\ext, where id is the user identifier, exp is the UNIX time until which bewit is
/// valid, mac is the HMAC of the bewit to protect integrity, and ext is the application specific data.
/// </summary>
public async Task<string> ToBewitStringAsync()
{
if (request.Method != HttpMethod.Get) // Not supporting HEAD
throw new InvalidOperationException("Bewit not allowed for methods other than GET");
ulong now = utcNow.ToUnixTime() +
UInt64.Parse(ConfigurationManager.AppSettings["LocalTimeOffsetMillis"]);
var artifacts = new ArtifactsContainer()
{
Id = credential.Id,
Timestamp = now + (ulong)lifeSeconds,
Nonce = String.Empty,
ApplicationSpecificData = this.applicationSpecificData ?? String.Empty
};
var normalizedRequest = new NormalizedRequest(request, artifacts) { IsBewit = true };
var crypto = new Cryptographer(normalizedRequest, artifacts, credential);
// Sign the request
await crypto.SignAsync(null);
// bewit: id\exp\mac\ext
string bewit = String.Format(@"{0}\{1}\{2}\{3}",
credential.Id,
artifacts.Timestamp,
artifacts.Mac.ToBase64String(),
artifacts.ApplicationSpecificData);
return bewit.ToBytesFromUtf8().ToBase64UrlString();
}
/// <summary>
/// Returns the string representation of the bewit, which is a base64 URL encoded string of format
/// id\exp\mac\ext, where id is the user identifier, exp is the UNIX time until which bewit is
/// valid, mac is the HMAC of the bewit to protect integrity, and ext is the application specific data.
/// </summary>
public async Task <string> ToBewitStringAsync()
{
if (request.Method != HttpMethod.Get) // Not supporting HEAD
{
throw new InvalidOperationException("Bewit not allowed for methods other than GET");
}
ulong now = utcNow.ToUnixTime() +
UInt64.Parse(ConfigurationManager.AppSettings["LocalTimeOffsetMillis"]);
var artifacts = new ArtifactsContainer()
{
Id = credential.Id,
Timestamp = now + (ulong)lifeSeconds,
Nonce = String.Empty,
ApplicationSpecificData = this.applicationSpecificData ?? String.Empty
};
var normalizedRequest = new NormalizedRequest(request, artifacts)
{
IsBewit = true
};
var crypto = new Cryptographer(normalizedRequest, artifacts, credential);
// Sign the request
await crypto.SignAsync(null);
// bewit: id\exp\mac\ext
string bewit = String.Format(@"{0}\{1}\{2}\{3}",
credential.Id,
artifacts.Timestamp,
artifacts.Mac.ToBase64String(),
artifacts.ApplicationSpecificData);
return(bewit.ToBytesFromUtf8().ToBase64UrlString());
}
/// <summary>
/// Adds the WWW-Authenticate header in case of a 401 - Unauthorized response and
/// the Server-Authorization header in case of a successful request.
/// </summary>
public async Task CreateServerAuthorizationAsync(HttpResponseMessage response, Func<HttpResponseMessage, string> normalizationCallback)
{
if (response.StatusCode == HttpStatusCode.Unauthorized)
{
var header = new AuthenticationHeaderValue(HawkConstants.Scheme, request.GetChallengeParameter());
response.Headers.WwwAuthenticate.Add(header);
}
else
{
if (this.result != null && this.result.IsAuthentic && !this.isBewitRequest) // No Server-Authorization header for bewit requests
{
if (normalizationCallback != null)
this.result.Artifacts.ApplicationSpecificData = normalizationCallback(response);
// Sign the response
var normalizedRequest = new NormalizedRequest(request, this.result.Artifacts);
var crypto = new Cryptographer(normalizedRequest, this.result.Artifacts, this.result.Credential);
await crypto.SignAsync(response.Content);
string authorization = this.result.Artifacts.ToServerAuthorizationHeaderParameter();
if (!String.IsNullOrWhiteSpace(authorization))
response.Headers.Add(HawkConstants.ServerAuthorizationHeaderName,
HawkConstants.Scheme + " " + authorization);
}
}
}
