-
Notifications
You must be signed in to change notification settings - Fork 4.9k
/
AuthenticationPolicy.cs
98 lines (81 loc) · 3.74 KB
/
AuthenticationPolicy.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.
using System;
using System.Globalization;
using System.IO;
using System.Security.Cryptography;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Core.Pipeline;
namespace Azure.Data.AppConfiguration
{
internal class AuthenticationPolicy : HttpPipelinePolicy
{
private readonly string _credential;
private readonly byte[] _secret;
public AuthenticationPolicy(string credential, byte[] secret)
{
_credential = credential;
_secret = secret;
}
public override void Process(HttpMessage message, ReadOnlyMemory<HttpPipelinePolicy> pipeline)
{
string contentHash = CreateContentHash(message);
AddHeaders(message, contentHash);
ProcessNext(message, pipeline);
}
public override async ValueTask ProcessAsync(HttpMessage message, ReadOnlyMemory<HttpPipelinePolicy> pipeline)
{
string contentHash = await CreateContentHashAsync(message).ConfigureAwait(false);
AddHeaders(message, contentHash);
await ProcessNextAsync(message, pipeline).ConfigureAwait(false);
}
private static string CreateContentHash(HttpMessage message)
{
using var alg = SHA256.Create();
using (var memoryStream = new MemoryStream())
using (var contentHashStream = new CryptoStream(memoryStream, alg, CryptoStreamMode.Write))
{
message.Request.Content?.WriteTo(contentHashStream, message.CancellationToken);
}
return Convert.ToBase64String(alg.Hash);
}
private static async ValueTask<string> CreateContentHashAsync(HttpMessage message)
{
using var alg = SHA256.Create();
using (var memoryStream = new MemoryStream())
using (var contentHashStream = new CryptoStream(memoryStream, alg, CryptoStreamMode.Write))
{
if (message.Request.Content != null)
{
await message.Request.Content.WriteToAsync(contentHashStream, message.CancellationToken).ConfigureAwait(false);
}
}
return Convert.ToBase64String(alg.Hash);
}
private void AddHeaders(HttpMessage message, string contentHash)
{
var utcNowString = DateTimeOffset.UtcNow.ToString("r", CultureInfo.InvariantCulture);
var authorization = GetAuthorizationHeader(message.Request, contentHash, utcNowString);
message.Request.Headers.SetValue("x-ms-content-sha256", contentHash);
message.Request.Headers.SetValue(HttpHeader.Names.Date, utcNowString);
message.Request.Headers.SetValue(HttpHeader.Names.Authorization, authorization);
}
private string GetAuthorizationHeader(Request request, string contentHash, string date) {
const string signedHeaders = "date;host;x-ms-content-sha256"; // Semicolon separated header names
var uri = request.Uri.ToUri();
var host = uri.Host;
var pathAndQuery = uri.PathAndQuery;
var method = request.Method.Method;
var stringToSign = $"{method}\n{pathAndQuery}\n{date};{host};{contentHash}";
var signature = ComputeHash(stringToSign); // Calculate the signature
return $"HMAC-SHA256 Credential={_credential}&SignedHeaders={signedHeaders}&Signature={signature}";
}
private string ComputeHash(string value)
{
using var hmac = new HMACSHA256(_secret);
return Convert.ToBase64String(hmac.ComputeHash(Encoding.ASCII.GetBytes(value)));
}
}
}