/// <summary>
/// Assert matching signature
/// </summary>
/// <param name="httpContext"></param>
/// <returns></returns>
public virtual bool AssertSignature(HttpContext httpContext)
{
var signature = GetSignature(httpContext);
if (!string.IsNullOrEmpty(signature))
{
var requestBody = RequestBody(httpContext).GetAwaiter().GetResult();
var hash = new HMACSHA256(Encoding.ASCII.GetBytes(_options.ApiKey))
.ComputeHash(Encoding.ASCII.GetBytes(requestBody))
.Aggregate(string.Empty, (s, e) => s + String.Format("{0:X2}", e), s => s);
if (!hash.Equals(signature, StringComparison.InvariantCultureIgnoreCase))
{
throw new WebHookBadSignatureExpcetion("WebHook Signatures didn't match!");
}
}
else
{
throw new WebHookMissedSignatureException("WebHook must be signed");
}
return(true);
}
string VerifySignedRequest(string signedRequest)
{
string[] requestSplit = signedRequest.Split('.');
string signature = "", jsonStr = "";
if (requestSplit.Length == 2)
{
jsonStr = Encoding.UTF8.GetString(Convert.FromBase64String(requestSplit[0]));
signature = Encoding.UTF8.GetString(Convert.FromBase64String(requestSplit[1]));
}
else
{
throw new InvalidOperationException("Incorrect amount of JWT segments.");
}
string expectedSignature = CreateToken(jsonStr, BCClientSecret);
if (!HMACSHA256.Equals(signature, expectedSignature)) // This doesn't work
{
Console.WriteLine("Bad signed request from BigCommerce!");
}
return(jsonStr);
}
