public IActionResult Post()
        {
            var payload = ReadPayload();

            _logger.LogInformation("Received a webhook");

            var signatureHeader = Request.Headers["x-xero-signature"].FirstOrDefault();

            _logger.LogInformation("Verifying the signature to confirm that the payload is from Xero.");
            var isValid = _signatureVerifier.VerifySignature(payload, signatureHeader);

            if (!isValid)
            {
                _logger.LogWarning("The signature is incorrect. Responding with HTTP 401 Unauthorised.");
                return(Unauthorized());
            }

            _logger.LogInformation("The signature is correct. Saving the payload for processing later (so that we can respond as quickly as possible).");
            _payloadQueue.Enqueue(payload);

            _logger.LogInformation("Webhook is saved. Returning an empty 200 OK");
            return(Ok());
        }
Ejemplo n.º 2
0
        public IActionResult Post()
        {
            var payload = ReadPayload();

            _logger.LogInformation("Received a webhook");

            var signatureHeader = Request.Headers["x-xero-signature"].FirstOrDefault();

            _logger.LogInformation("Verifying the signature to confirm that the payload is from Xero.");
            var isValid = _signatureVerifier.VerifySignature(payload, signatureHeader);

            if (!isValid)
            {
                _logger.LogWarning("The signature is incorrect. Responding with HTTP 401 Unauthorised.");
                return(Unauthorized());
            }

            _logger.LogInformation("The signature is correct. Saving the payload for processing later (so that we can respond as quickly as possible).");

            if (!payload.Contains("resourceId")) // hand-shake
            {
                return(Ok());
            }

            // _payloadQueue.Enqueue(payload);
            // var update = JsonConvert.DeserializeXNode(payload);

            var objectToUpdate = JsonConvert.DeserializeObject <Payload>(payload);


            var @event = objectToUpdate.Events.FirstOrDefault();

            if (@event != null)
            {
                return(Ok());
            }

            var model = new EmployeeModel {
                ContactId = @event.ResourceId
            };


            switch (@event.EventType)
            {
            case "UPDATE":
                _employeeService.Update(model);
                break;

            case "ADD":
                _employeeService.Add(model);
                break;
            }

            _contactObservable.AddActivity(
                new Activity
            {
                Id         = model.Id,
                PersonName = model.FullName,
                Status     = @event.EventType
            });

            _logger.LogInformation("Webhook is saved. Returning an empty 200 OK");
            return(Ok());
        }
        public async Task <IActionResult> Response()
        {
            var payload = await ReadPayload();

            //Check if payload is valid.
            if (_signatureVerifier.VerifySignature(payload + Request.Headers["Nonce"].FirstOrDefault(),
                                                   Request.Headers["HMAC"].FirstOrDefault()))
            {
                var response = JsonConvert.DeserializeObject <ResponseObject>(payload);
                if (response.ResponseType == (int)ResponseTypes.AccountOtp)
                {
                    if (response.status == "Success")
                    {
                        var accountOTPResponse = JsonConvert.DeserializeObject <AccountOTPResponse>(response.result.ToString());
                        //TODO your logic
                    }
                    else
                    {
                        var errors = response.errors;
                    }
                }
                else if (response.ResponseType == (int)ResponseTypes.InstructionStatusUpdate)
                {
                    if (response.status == "Success")
                    {
                        //TODO your logic
                    }
                    else
                    {
                        var errors = response.errors;
                    }
                }
                else if (response.ResponseType == (int)ResponseTypes.NewFineCount)
                {
                    if (response.status == "Success")
                    {
                        var newFineCounts = JsonConvert.DeserializeObject <List <NewFineCountResponse> >(response.result.ToString());
                        //TODO your logic
                    }
                    else
                    {
                        var errors = response.errors;
                    }
                }
                else if (response.ResponseType == (int)ResponseTypes.LicensingInstructionStatusUpdate)
                {
                    if (response.status == "Success")
                    {
                        var obj = JsonConvert.DeserializeObject <LicensingInstructionStatusUpdateResponse>(response.result.ToString());
                        if (
                            obj.StatusId == eLicensingInstructionStatus.AgentAcceptedInstruction ||
                            obj.StatusId == eLicensingInstructionStatus.InstructionCreated
                            )
                        {
                            var details = (LicensingInstructionUpdateGeneralDetails)obj.AdditionalDetails;
                            // TODO your logic
                        }
                        else if (obj.StatusId == eLicensingInstructionStatus.InstructionCompleted)
                        {
                            var details = (LicensingInstructionCompletedResponse)obj.AdditionalDetails;
                            // TODO your logic
                        }
                        else if (
                            obj.StatusId == eLicensingInstructionStatus.InstructionSubmittedForCourier ||
                            obj.StatusId == eLicensingInstructionStatus.InstructionCourierCollected ||
                            obj.StatusId == eLicensingInstructionStatus.InstructionCourierDelivered ||
                            obj.StatusId == eLicensingInstructionStatus.InstructionCourierInTransit
                            )
                        {
                            var details = (LicensingInstructionCourierUpdateResponse)obj.AdditionalDetails;
                            // TODO your logic
                        }
                        else if (obj.StatusId == eLicensingInstructionStatus.InstructionFailed)
                        {
                            var details = (LicensingInstructionFailedResponse)obj.AdditionalDetails;
                            // TODO your logic
                        }
                        else if (obj.StatusId == eLicensingInstructionStatus.InstructionCompleted)
                        {
                            var details = (LicensingInstructionCompletedResponse)obj.AdditionalDetails;
                            // TODO your logic
                        }
                        //TODO your logic
                    }
                    else
                    {
                        var errors = response.errors;
                    }
                }
                else if (response.ResponseType == (int)ResponseTypes.DocumentsUploadResponse)
                {
                    if (response.status == "Success")
                    {
                        var obj = JsonConvert.DeserializeObject <List <DocumentUploadItemResponse> >(response.result.ToString());
                        //TODO your logic
                    }
                    else
                    {
                        var errors = response.errors;
                    }
                }
                else if (response.ResponseType == (int)ResponseTypes.QuoteCreated)
                {
                    if (response.status == "Success")
                    {
                        var obj = JsonConvert.DeserializeObject <QuoteCreatedResponse>(response.result.ToString());
                        //TODO your logic
                    }
                    else
                    {
                        var errors = response.errors;
                    }
                }
                else if (response.ResponseType == (int)ResponseTypes.QuotePaid)
                {
                    if (response.status == "Success")
                    {
                        var obj = JsonConvert.DeserializeObject <QuotePaidResponse>(response.result.ToString());
                        //TODO your logic
                    }
                    else
                    {
                        var errors = response.errors;
                    }
                }
                else
                {
                    return(BadRequest("Invalid response type"));
                }

                return(Ok());
            }

            return(Unauthorized());
        }
        public async Task <RequestSignatureVerificationResult> VerifySignature(HttpRequest request, SignedRequestAuthenticationOptions options)
        {
            if (request == null)
            {
                throw new ArgumentNullException(nameof(request));
            }
            if (options == null)
            {
                throw new ArgumentNullException(nameof(options));
            }

            Client    client    = null;
            Signature signature = null;

            try {
                signature = _signatureParser.Parse(request, options);

                var eventTask = options.OnSignatureParsed;
                if (eventTask != null)
                {
                    await eventTask.Invoke(request, signature).ConfigureAwait(false);
                }

                try {
                    signature.Validate();
                }
                catch (ValidationException ex) {
                    throw new InvalidSignatureException(
                              "The signature is invalid. See inner exception.",
                              ex);
                }

                client = await _clientStore.Get(signature.KeyId).ConfigureAwait(false);

                if (client == null)
                {
                    var failure = SignatureVerificationFailure.InvalidClient($"No {nameof(Client)}s with id '{signature.KeyId}' are registered in the server store.");
                    _logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Code, failure.Message);
                    return(new RequestSignatureVerificationResultFailure(client, signature, failure));
                }

                var requestForSigning = await request.ToRequestForSigning(signature).ConfigureAwait(false);

                var verificationFailure = await _signatureVerifier.VerifySignature(requestForSigning, signature, client).ConfigureAwait(false);

                var verificationResultCreator = _verificationResultCreatorFactory.Create(client, signature);
                var result = verificationFailure == null
                    ? verificationResultCreator.CreateForSuccess()
                    : verificationResultCreator.CreateForFailure(verificationFailure);

                if (result is RequestSignatureVerificationResultSuccess success)
                {
                    _logger?.LogDebug($"Request signature verification succeeded for principal {success.Principal?.Identity?.Name ?? "[null]"}.");
                }
                else if (result is RequestSignatureVerificationResultFailure failure)
                {
                    _logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Failure.Code, failure.Failure.Message);
                }

                return(result);
            }
            catch (InvalidSignatureException ex) {
                var failure = SignatureVerificationFailure.InvalidSignature(ex.Message, ex);
                _logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Code, failure.Message);
                return(new RequestSignatureVerificationResultFailure(client, signature, failure));
            }
        }
Ejemplo n.º 5
0
        public async Task <IHttpActionResult> Command(string command)
        {
            if (!Request.IsAuthorized())
            {
                Log.Fatal("Blocked WebApiHost request from {blockedIp}", Request.GetRemoteIp());
                return(StatusCode(HttpStatusCode.Forbidden));
            }

            var context = new OperationContext(Request);

            try
            {
                Program.WebApiHost.ClientConnected();
                context.SetRawInputParameters(Request.RequestUri.Query, command);

                var inputParameters = await ReadInputParameters(Request, command);

                context.SetInputParameters(inputParameters);

                var validationResult = ValidateParameters(inputParameters);

                if (!validationResult.isParametersOk)
                {
                    return(ErrorResultBadRequest(validationResult.errorReason, context));
                }

                switch (inputParameters.ArgsInfo.Function)
                {
                case ProgramFunction.Sign:
                    var signerResponse = _signer.Sign(
                        inputParameters.ArgsInfo.SigType,
                        inputParameters.ArgsInfo.GostFlavor,
                        inputParameters.ArgsInfo.CertificateThumbprint,
                        inputParameters.DataToSign,
                        inputParameters.ArgsInfo.NodeId,
                        inputParameters.ArgsInfo.IgnoreExpiredCertificate,
                        inputParameters.ArgsInfo.IsAddSigningTime);

                    var binaryData = signerResponse.IsResultBase64Bytes
                                                        ? Convert.FromBase64String(signerResponse.SignedData)
                                                        : Encoding.UTF8.GetBytes(signerResponse.SignedData);

                    context.SetSignerResponse(signerResponse);

                    var streamToReturn = new MemoryStream(binaryData);

                    var returnMessage = new HttpResponseMessage(HttpStatusCode.OK)
                    {
                        Content = new StreamContent(streamToReturn),
                    };

                    SetAdditionalResponseProperties(returnMessage);

                    Log.Debug(
                        "Successfully signed file from ip {requesterIp} with following parameters: [{parameters}]",
                        Request.GetRemoteIp(),
                        context.RawInputParameters);

                    return(SuccessResult(returnMessage, context));

                case ProgramFunction.Verify:
                    var verifierResponse = _verifier.VerifySignature(
                        inputParameters.ArgsInfo.SigType,
                        nodeId: inputParameters.ArgsInfo.NodeId,
                        signedFileBytes: inputParameters.DataToSign,
                        signatureFileBytes: inputParameters.SignatureFileBytes,
                        isVerifyCertificateChain: inputParameters.ArgsInfo.IsVerifyCertificateChain);

                    var verifierRetrurnMessge = new HttpResponseMessage(HttpStatusCode.OK)
                    {
                        Content = new StringContent(JsonConvert.SerializeObject(verifierResponse))
                    };

                    SetAdditionalResponseProperties(verifierRetrurnMessge);

                    Log.Debug(
                        "Successfully checked signature from ip {requesterIp} with following parameters: [{parameters}]",
                        Request.GetRemoteIp(),
                        context.RawInputParameters);

                    return(SuccessResult(verifierRetrurnMessge, context));

                case ProgramFunction.Extract:
                    var readCertificate = _certificateProcessor.ReadCertificateFromSignedFile(
                        inputParameters.ArgsInfo.SigType,
                        signedFileBytes: inputParameters.DataToSign,
                        signatureFileBytes: inputParameters.SignatureFileBytes,
                        nodeId: inputParameters.ArgsInfo.NodeId);

                    var serializableCertificate = _certificateSerializer.CertificateToSerializable(readCertificate);

                    var extractedCertificateRetrurnMessge = new HttpResponseMessage(HttpStatusCode.OK)
                    {
                        Content = new StringContent(JsonConvert.SerializeObject(serializableCertificate))
                    };

                    SetAdditionalResponseProperties(extractedCertificateRetrurnMessge);

                    Log.Debug(
                        "Successfully extracted certificate from signed file from ip {requesterIp} with following parameters: [{parameters}]",
                        Request.GetRemoteIp(),
                        context.RawInputParameters);

                    return(SuccessResult(extractedCertificateRetrurnMessge, context));

                case ProgramFunction.VerifyAndExtract:
                    var verifierResponsePart = _verifier.VerifySignature(
                        inputParameters.ArgsInfo.SigType,
                        signedFileBytes: inputParameters.DataToSign,
                        signatureFileBytes: inputParameters.SignatureFileBytes,
                        nodeId: inputParameters.ArgsInfo.NodeId,
                        isVerifyCertificateChain: inputParameters.ArgsInfo.IsVerifyCertificateChain);

                    var readCertificatePart = _certificateProcessor.ReadCertificateFromSignedFile(
                        inputParameters.ArgsInfo.SigType,
                        signedFileBytes: inputParameters.DataToSign,
                        signatureFileBytes: inputParameters.SignatureFileBytes,
                        nodeId: inputParameters.ArgsInfo.NodeId);

                    var serializableCertificatePart =
                        _certificateSerializer.CertificateToSerializable(readCertificatePart);

                    var combinedResponse = new CombinedResponse()
                    {
                        VerificationResult   = verifierResponsePart,
                        ExtractedCertificate = serializableCertificatePart
                    };

                    if (verifierResponsePart.SigningDateTime.HasValue)
                    {
                        combinedResponse.SignatureInfo = new()
                        {
                            SigningDateTime = verifierResponsePart.SigningDateTime
                        };
                    }

                    var verifyAndExtractRetrurnMessge = new HttpResponseMessage(HttpStatusCode.OK)
                    {
                        Content = new StringContent(JsonConvert.SerializeObject(combinedResponse))
                    };

                    SetAdditionalResponseProperties(verifyAndExtractRetrurnMessge);

                    Log.Debug(
                        "Successfully verified and extracted certificate from signed file from ip {requesterIp} with following parameters: [{parameters}]",
                        Request.GetRemoteIp(),
                        context.RawInputParameters);

                    return(SuccessResult(verifyAndExtractRetrurnMessge, context));

                case ProgramFunction.Describe:
                    var readInputCertificate = _certificateProcessor.ReadCertificateFromCertificateFile(inputParameters.CertificateFileBytes);

                    var describedCertificate =
                        _certificateSerializer.CertificateToSerializable(readInputCertificate);

                    var certificateDescribeReturnMessge = new HttpResponseMessage(HttpStatusCode.OK)
                    {
                        Content = new StringContent(JsonConvert.SerializeObject(describedCertificate))
                    };

                    Log.Debug(
                        "Successfully described extracted certificate from ip {requesterIp}",
                        Request.GetRemoteIp());

                    return(SuccessResult(certificateDescribeReturnMessge, context));

                default:
                    return(ErrorResultBadRequest($"Command {command} is not supported.", context));
                }
            }
            catch (OperationCanceledException opce)
            {
                Log.Warning("Client disconnected prior to singing completion");
                return(ErrorResultBadRequest(opce, context));
            }
            catch (Exception ex)
            {
                Log.Error(ex, "Error occured during signing process with command: {command}", command);
                return(ErrorResultBadRequest(ex, context));
            }
            finally
            {
                SaveOperationContext(context);
                Program.WebApiHost.ClientDisconnected();
            }
        }