private async Task ValidateSignatureAsync(AcmeRawPostRequest request, AcmeHeader header, CancellationToken cancellationToken) { if (request is null) { throw new ArgumentNullException(nameof(request)); } if (header is null) { throw new ArgumentNullException(nameof(header)); } _logger.LogDebug("Attempting to validate signature ..."); var jwk = header.Jwk; if (jwk == null) { try { var accountId = header.GetAccountId(); var account = await _accountService.LoadAcountAsync(accountId, cancellationToken); jwk = account?.Jwk; } catch (InvalidOperationException) { throw new MalformedRequestException("KID could not be found."); } } if (jwk == null) { throw new MalformedRequestException("Could not load JWK."); } var securityKey = jwk.SecurityKey; using var signatureProvider = new AsymmetricSignatureProvider(securityKey, header.Alg); var plainText = System.Text.Encoding.UTF8.GetBytes($"{request.Header}.{request.Payload ?? ""}"); var signature = Base64UrlEncoder.DecodeBytes(request.Signature); if (!signatureProvider.Verify(plainText, signature)) { throw new MalformedRequestException("The signature could not be verified"); } _logger.LogDebug("successfully validated signature."); }