/// <summary>
/// Determines whether the signature is valid for the specified message.
/// </summary>
/// <param name="validator">Used to validate the signature.</param>
/// <param name="request">The request message that contains the signature.</param>
/// <param name="signature">The signature to validate.</param>
/// <returns>
/// A <see cref="SignatureValidationResult"/> that represents the result of the validation.
/// </returns>
public static async Task <SignatureValidationResult> ValidateAsync(
this HttpSignatureValidator validator, HttpRequest request,
HttpSignature signature)
{
// Allow to read the request body multiple times
request.EnableBuffering();
// First, we try the raw request URL (if available)
var requestFeature = request.HttpContext.Features.Get <IHttpRequestFeature>();
if (!string.IsNullOrEmpty(requestFeature.RawTarget))
{
var result = await validator.ValidateAsync(signature,
request.Method,
requestFeature.RawTarget,
request.Body).ConfigureAwait(false);
// If the signature is OK, we're done. If it's Expired or Duplicate, there's no point
// in checking again.
if (result != SignatureValidationResult.Invalid)
{
return(result);
}
}
return(await validator.ValidateAsync(signature,
request.Method,
request.GetEncodedUrl(),
request.Body).ConfigureAwait(false));
}
/// <summary>
/// Initializes a new instance of the <see cref="SignatureHandler"/> class.
/// </summary>
/// <param name="validator">Used to validate signatures.</param>
/// <param name="options">The signature options.</param>
/// <param name="logger">A factory used to create logger instances.</param>
/// <param name="encoder">A URL encoder.</param>
/// <param name="clock">Used to get the current time.</param>
public SignatureHandler(HttpSignatureValidator validator,
IOptionsMonitor <SignatureHandlerOptions> options,
ILoggerFactory logger,
System.Text.Encodings.Web.UrlEncoder encoder,
Microsoft.AspNetCore.Authentication.ISystemClock clock)
: base(options, logger, encoder, clock)
{
Validator = validator;
}
