in src/AWS.Deploy.CLI/ServerMode/AwsCredentialsAuthenticationHandler.cs [82:145]
public static AuthenticateResult ProcessAuthorizationHeader(string authorizationHeaderValue, IEncryptionProvider encryptionProvider)
{
var tokens = authorizationHeaderValue.Split(' ');
if (tokens.Length != 2 && tokens.Length != 3)
{
var ivPlaceholder = "";
if (encryptionProvider is AesEncryptionProvider)
{
ivPlaceholder = "<iv> ";
}
return AuthenticateResult.Fail($"Incorrect format Authorization header. Format should be \"{SchemaName} {ivPlaceholder}<base-64-auth-parameters>\"");
}
if (tokens.Length == 2 && encryptionProvider is AesEncryptionProvider)
{
return AuthenticateResult.Fail($"Incorrect format Authorization header. Format should be \"{SchemaName} <iv> <base-64-auth-parameters>\"");
}
if (!string.Equals(SchemaName, tokens[0]))
{
return AuthenticateResult.Fail($"Unsupported authorization schema. Supported schema: {SchemaName}");
}
try
{
byte[]? base64IV;
byte[] base64Bytes;
if (tokens.Length == 2)
{
base64IV = null;
base64Bytes = Convert.FromBase64String(tokens[1]);
}
else
{
base64IV = Convert.FromBase64String(tokens[1]);
base64Bytes = Convert.FromBase64String(tokens[2]);
}
var decryptedBytes = encryptionProvider.Decrypt(base64Bytes, base64IV);
var json = Encoding.UTF8.GetString(decryptedBytes);
var authParameters = JsonConvert.DeserializeObject<Dictionary<string, string>>(json);
// Validate the issue date and request id are valid.
var validateResult = ValidateAuthParameters(authParameters);
if(validateResult != null)
{
return validateResult;
}
var claimIdentity = new ClaimsIdentity(nameof(AwsCredentialsAuthenticationHandler));
foreach (var kvp in authParameters)
{
claimIdentity.AddClaim(new Claim(kvp.Key, kvp.Value));
}
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(claimIdentity), SchemaName);
return AuthenticateResult.Success(ticket);
}
catch (Exception)
{
return AuthenticateResult.Fail("Error decoding authorization value");
}
}