/// <summary> /// Assert matching signature /// </summary> /// <param name="httpContext"></param> /// <returns></returns> public virtual bool AssertSignature(HttpContext httpContext) { var signature = GetSignature(httpContext); if (!string.IsNullOrEmpty(signature)) { var requestBody = RequestBody(httpContext).GetAwaiter().GetResult(); var hash = new HMACSHA256(Encoding.ASCII.GetBytes(_options.ApiKey)) .ComputeHash(Encoding.ASCII.GetBytes(requestBody)) .Aggregate(string.Empty, (s, e) => s + String.Format("{0:X2}", e), s => s); if (!hash.Equals(signature, StringComparison.InvariantCultureIgnoreCase)) { throw new WebHookBadSignatureExpcetion("WebHook Signatures didn't match!"); } } else { throw new WebHookMissedSignatureException("WebHook must be signed"); } return(true); }
string VerifySignedRequest(string signedRequest) { string[] requestSplit = signedRequest.Split('.'); string signature = "", jsonStr = ""; if (requestSplit.Length == 2) { jsonStr = Encoding.UTF8.GetString(Convert.FromBase64String(requestSplit[0])); signature = Encoding.UTF8.GetString(Convert.FromBase64String(requestSplit[1])); } else { throw new InvalidOperationException("Incorrect amount of JWT segments."); } string expectedSignature = CreateToken(jsonStr, BCClientSecret); if (!HMACSHA256.Equals(signature, expectedSignature)) // This doesn't work { Console.WriteLine("Bad signed request from BigCommerce!"); } return(jsonStr); }