private async Task ValidateSignatureAsync(AcmeRawPostRequest request, AcmeHeader header, CancellationToken cancellationToken)
{
if (request is null)
{
throw new ArgumentNullException(nameof(request));
}
if (header is null)
{
throw new ArgumentNullException(nameof(header));
}
_logger.LogDebug("Attempting to validate signature ...");
var jwk = header.Jwk;
if (jwk == null)
{
try
{
var accountId = header.GetAccountId();
var account = await _accountService.LoadAcountAsync(accountId, cancellationToken);
jwk = account?.Jwk;
}
catch (InvalidOperationException)
{
throw new MalformedRequestException("KID could not be found.");
}
}
if (jwk == null)
{
throw new MalformedRequestException("Could not load JWK.");
}
var securityKey = jwk.SecurityKey;
using var signatureProvider = new AsymmetricSignatureProvider(securityKey, header.Alg);
var plainText = System.Text.Encoding.UTF8.GetBytes($"{request.Header}.{request.Payload ?? ""}");
var signature = Base64UrlEncoder.DecodeBytes(request.Signature);
if (!signatureProvider.Verify(plainText, signature))
{
throw new MalformedRequestException("The signature could not be verified");
}
_logger.LogDebug("successfully validated signature.");
}
