public static bool IsReplayRequest(IMemoryCache memoryCache, HmacAuthenticationOptions options, string nonce, string requestUnixTimeStamp) { var nonceInMemory = memoryCache.Get(nonce); if (nonceInMemory != null) { return(true); } var requestTime = DateTimeOffset.FromUnixTimeSeconds(Convert.ToInt64(requestUnixTimeStamp)); var now = DateTimeOffset.UtcNow; if (now - requestTime > options.MaxRequestAge) { return(true); } memoryCache.Set(nonce, default(bool), now + options.MaxRequestAge); return(false); }
static async Task <bool> ValidateContentAsync(HttpRequest request, string appId, string requestSignatureHash, string nonce, string requestTimeStamp, HmacAuthenticationOptions options, IMemoryCache memoryCache, Lazy <byte[]> secretKeyBytes) { if (options.AppId != appId) { return(false); } if (ReplayRequestBouncer.IsReplayRequest(memoryCache, options, nonce, requestTimeStamp)) { return(false); } var content = await GetRequestBodyMd5(request).ConfigureAwait(false); var data = HmacHasher.GetDataToHash(request, appId, nonce, requestTimeStamp, content); var signatureHash = data.ToUtf8Bytes() .ToBase64HmacSha256Hash(secretKeyBytes.Value); return(requestSignatureHash.Equals(signatureHash, StringComparison.Ordinal)); }
public static Task <bool> ValidateAsync(HttpRequest request, string authorization, HmacAuthenticationOptions options, IMemoryCache memoryCache, Lazy <byte[]> secretKeyBytes) { var authenticationHeader = AuthenticationHeaderValue.Parse(authorization); if (!authenticationHeader.Scheme.EqualsInsensitiveCase(HmacAuthenticationHandler.SchemeName)) { return(Task.FromResult(false)); } var parameters = authenticationHeader.Parameter.Split(':'); if (parameters.Length != 4) { return(Task.FromResult(false)); } var appId = parameters[0]; var signatureHash = parameters[1]; var nonce = parameters[2]; var requestTimeStamp = parameters[3]; return(ValidateContentAsync(request, appId, signatureHash, nonce, requestTimeStamp, options, memoryCache, secretKeyBytes)); }