Example #1
0
        private async Task <bool> HandleRequestWithoutBody(VerifyRequestQuery request, CancellationToken cancellationToken)
        {
            var signatureHeaderParameters = request.HttpRequest.Headers["X-Signature"].ToString().Split(':');

            if (signatureHeaderParameters.Length != 2)
            {
                return(false);
            }

            var requestPublicKey = signatureHeaderParameters.First();
            var isVerified       = verification.Verify(request.HttpRequest.QueryString.Value, requestPublicKey, signatureHeaderParameters.Last());

            if (!isVerified)
            {
                return(false);
            }

            var profile = await repository.GetProfileAsyncNt(request.VerifiedRequest.ProfileId, request.VerifiedRequest.DeviceId, cancellationToken);

            if (profile == null)
            {
                return(false);
            }

            var profilePublicKey = profile.PublicKey;

            if (string.IsNullOrEmpty(profilePublicKey))
            {
                return(false);
            }

            return(profilePublicKey == requestPublicKey);
        }
Example #2
0
        public async Task <IActionResult> Run(
            [HttpTrigger(AuthorizationLevel.Anonymous, "put", Route = "profile")] HttpRequest req,
            ILogger log, CancellationToken cancellationToken)
        {
            try
            {
                string   requestBody               = await new StreamReader(req.Body).ReadToEndAsync();
                string   signedAttestation         = req.Headers["X-SignedSafetyNet"].ToString();
                string[] signatureHeaderParameters = req.Headers["X-Signature"].ToString().Split(':');
                if (signatureHeaderParameters.Length != 2)
                {
                    return(new BadRequestResult());
                }

                var publicKey  = signatureHeaderParameters.First();
                var isVerified = verification.Verify(requestBody, publicKey, signatureHeaderParameters.Last());

                if (!isVerified)
                {
                    return(new UnauthorizedResult());
                }

                var data = JsonConvert.DeserializeObject <VerifyProfileRequest>(requestBody);

                var command = new VerifyProfileCommand(data.DeviceId, data.ProfileId, data.CovidPass, data.Nonce, publicKey, signedAttestation);
                await mediator.Send(command, cancellationToken);

                return(new OkResult());
            }
            catch (DomainException ex)
            {
                var errors = validation.ProcessErrors(ex);
                return(new BadRequestObjectResult(errors));
            }
        }
Example #3
0
        private bool HandleRequestWithoutBody(VerifyRequestWithoutPublicKeyValidationQuery request, CancellationToken cancellationToken)
        {
            var signatureHeaderParameters = request.HttpRequest.Headers["X-Signature"].ToString().Split(':');

            if (signatureHeaderParameters.Length != 2)
            {
                return(false);
            }

            var requestPublicKey = signatureHeaderParameters.First();
            var isVerified       = verification.Verify(request.HttpRequest.QueryString.Value, requestPublicKey, signatureHeaderParameters.Last());

            if (!isVerified)
            {
                return(false);
            }

            return(true);
        }