private async Task <bool> VerifySignature(string mpSignatureHeader)
{
if (!Request.Body.CanSeek)
{
Request.EnableBuffering();
}
HttpContext.Request.Body.Seek(0, SeekOrigin.Begin);
string rawRequestBody;
using (var stream = new StreamReader(HttpContext.Request.Body))
{
rawRequestBody = await stream.ReadToEndAsync();
}
Log.Debug("Body: '{Body}'", rawRequestBody);
var endpointUrl = _mobilePaySettings.WebhookUrl;
var signatureKey = await _webhookService.SignatureKey();
var hash = new HMACSHA1(Encoding.UTF8.GetBytes(signatureKey))
.ComputeHash(Encoding.UTF8.GetBytes(endpointUrl + rawRequestBody.Trim()));
var computedSignature = Convert.ToBase64String(hash);
Log.Debug("ComputedSignature: {Signature}", computedSignature);
return(mpSignatureHeader.Equals(computedSignature));
}
