private static async Task <string> CreateChecksumFromRequest(HttpRequestMessage request)
{
var verb = request.Method.Method;
var path = request.RequestUri.AbsolutePath;
var query = request.RequestUri.Query.TrimStart('?');
var headers = $"x-dv-signature-algorithm:DV1-HMAC-SHA256\nx-dv-signature-headers:x-dv-signature-algorithm,x-dv-signature-headers,x-dv-signature-timestamp\nx-dv-signature-timestamp:{request.Headers.GetValues("x-dv-signature-timestamp").FirstOrDefault()}\n";
var body = string.Empty;
if (request.Content != null)
{
body = await request.Content.ReadAsStringAsync() ?? string.Empty;
}
return($"{verb}\n{path}\n{query}\n{headers}\n{HmacSha256Algorithm.Sha256(body)}");
}
public static async Task SignWithDv1HmacSha256(this HttpRequestMessage request, string secret)
{
if (string.IsNullOrWhiteSpace(secret))
{
throw new ArgumentException(nameof(secret));
}
request.Headers.Add("x-dv-signature-algorithm", "DV1-HMAC-SHA256");
request.Headers.Add("x-dv-signature-headers", "x-dv-signature-algorithm,x-dv-signature-headers,x-dv-signature-timestamp");
if (!request.Headers.Contains("x-dv-signature-timestamp"))
{
request.Headers.Add("x-dv-signature-timestamp", DateTime.UtcNow.ToString("O"));
}
var checksumFromRequest = await CreateChecksumFromRequest(request);
var checksum = HmacSha256Algorithm.HmacSha256(Convert.FromBase64String(secret), HmacSha256Algorithm.Sha256(checksumFromRequest));
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", checksum);
}
public static async Task <string> CalculateDv1HmacSha256Signature(this HttpRequest request, string appSecret)
{
// This enables replay of the request body, needed to get the body to the controller
request.EnableBuffering();
var reader = new StreamReader(request.Body, Encoding.UTF8, false, 1024 * 128, true);
var body = await reader.ReadToEndAsync();
// Never forget to rewind the stream
request.Body.Seek(0, SeekOrigin.Begin);
string signatureHeaders = request.Headers["x-dv-signature-headers"];
if (signatureHeaders == null)
{
return(null);
}
// See: https://github.com/aws/aws-lambda-dotnet/issues/656
var requestFeature = request.HttpContext.Features.Get <IHttpRequestFeature>();
var uri = new Uri(requestFeature.RawTarget, UriKind.RelativeOrAbsolute);
var headers = signatureHeaders.Split(',');
Array.Sort(headers, string.Compare);
var enumerable = headers.Select(header => $"{header.ToLowerInvariant()}:{request.Headers[header]}");
var normalizedHeaders = string.Join("\n", enumerable.ToArray());
var httpVerb = request.Method;
var resourcePath = uri.IsAbsoluteUri?uri.AbsolutePath:uri.OriginalString;
var queryString = request.QueryString.HasValue?request.QueryString.Value.TrimStart('?'):string.Empty;
var payload = HmacSha256Algorithm.Sha256(body);
var normalizedRequest = $"{httpVerb}\n{resourcePath}\n{queryString}\n{normalizedHeaders}\n\n{payload}";
var requestHash = HmacSha256Algorithm.Sha256(normalizedRequest);
var signatureHash = HmacSha256Algorithm.HmacSha256(Convert.FromBase64String(appSecret), requestHash);
return(signatureHash);
}
public void HmacSha256WithBodyHash(string input, string expected)
{
Assert.AreEqual(expected, HmacSha256Algorithm.HmacSha256(Convert.FromBase64String(Key), HmacSha256Algorithm.Sha256(input)));
}
public void TestSha256(string input, string expected)
{
Assert.AreEqual(expected, HmacSha256Algorithm.Sha256(input));
}
