public IActionResult Post()
{
var payload = ReadPayload();
_logger.LogInformation("Received a webhook");
var signatureHeader = Request.Headers["x-xero-signature"].FirstOrDefault();
_logger.LogInformation("Verifying the signature to confirm that the payload is from Xero.");
var isValid = _signatureVerifier.VerifySignature(payload, signatureHeader);
if (!isValid)
{
_logger.LogWarning("The signature is incorrect. Responding with HTTP 401 Unauthorised.");
return(Unauthorized());
}
_logger.LogInformation("The signature is correct. Saving the payload for processing later (so that we can respond as quickly as possible).");
_payloadQueue.Enqueue(payload);
_logger.LogInformation("Webhook is saved. Returning an empty 200 OK");
return(Ok());
}
public IActionResult Post()
{
var payload = ReadPayload();
_logger.LogInformation("Received a webhook");
var signatureHeader = Request.Headers["x-xero-signature"].FirstOrDefault();
_logger.LogInformation("Verifying the signature to confirm that the payload is from Xero.");
var isValid = _signatureVerifier.VerifySignature(payload, signatureHeader);
if (!isValid)
{
_logger.LogWarning("The signature is incorrect. Responding with HTTP 401 Unauthorised.");
return(Unauthorized());
}
_logger.LogInformation("The signature is correct. Saving the payload for processing later (so that we can respond as quickly as possible).");
if (!payload.Contains("resourceId")) // hand-shake
{
return(Ok());
}
// _payloadQueue.Enqueue(payload);
// var update = JsonConvert.DeserializeXNode(payload);
var objectToUpdate = JsonConvert.DeserializeObject <Payload>(payload);
var @event = objectToUpdate.Events.FirstOrDefault();
if (@event != null)
{
return(Ok());
}
var model = new EmployeeModel {
ContactId = @event.ResourceId
};
switch (@event.EventType)
{
case "UPDATE":
_employeeService.Update(model);
break;
case "ADD":
_employeeService.Add(model);
break;
}
_contactObservable.AddActivity(
new Activity
{
Id = model.Id,
PersonName = model.FullName,
Status = @event.EventType
});
_logger.LogInformation("Webhook is saved. Returning an empty 200 OK");
return(Ok());
}
public async Task <IActionResult> Response()
{
var payload = await ReadPayload();
//Check if payload is valid.
if (_signatureVerifier.VerifySignature(payload + Request.Headers["Nonce"].FirstOrDefault(),
Request.Headers["HMAC"].FirstOrDefault()))
{
var response = JsonConvert.DeserializeObject <ResponseObject>(payload);
if (response.ResponseType == (int)ResponseTypes.AccountOtp)
{
if (response.status == "Success")
{
var accountOTPResponse = JsonConvert.DeserializeObject <AccountOTPResponse>(response.result.ToString());
//TODO your logic
}
else
{
var errors = response.errors;
}
}
else if (response.ResponseType == (int)ResponseTypes.InstructionStatusUpdate)
{
if (response.status == "Success")
{
//TODO your logic
}
else
{
var errors = response.errors;
}
}
else if (response.ResponseType == (int)ResponseTypes.NewFineCount)
{
if (response.status == "Success")
{
var newFineCounts = JsonConvert.DeserializeObject <List <NewFineCountResponse> >(response.result.ToString());
//TODO your logic
}
else
{
var errors = response.errors;
}
}
else if (response.ResponseType == (int)ResponseTypes.LicensingInstructionStatusUpdate)
{
if (response.status == "Success")
{
var obj = JsonConvert.DeserializeObject <LicensingInstructionStatusUpdateResponse>(response.result.ToString());
if (
obj.StatusId == eLicensingInstructionStatus.AgentAcceptedInstruction ||
obj.StatusId == eLicensingInstructionStatus.InstructionCreated
)
{
var details = (LicensingInstructionUpdateGeneralDetails)obj.AdditionalDetails;
// TODO your logic
}
else if (obj.StatusId == eLicensingInstructionStatus.InstructionCompleted)
{
var details = (LicensingInstructionCompletedResponse)obj.AdditionalDetails;
// TODO your logic
}
else if (
obj.StatusId == eLicensingInstructionStatus.InstructionSubmittedForCourier ||
obj.StatusId == eLicensingInstructionStatus.InstructionCourierCollected ||
obj.StatusId == eLicensingInstructionStatus.InstructionCourierDelivered ||
obj.StatusId == eLicensingInstructionStatus.InstructionCourierInTransit
)
{
var details = (LicensingInstructionCourierUpdateResponse)obj.AdditionalDetails;
// TODO your logic
}
else if (obj.StatusId == eLicensingInstructionStatus.InstructionFailed)
{
var details = (LicensingInstructionFailedResponse)obj.AdditionalDetails;
// TODO your logic
}
else if (obj.StatusId == eLicensingInstructionStatus.InstructionCompleted)
{
var details = (LicensingInstructionCompletedResponse)obj.AdditionalDetails;
// TODO your logic
}
//TODO your logic
}
else
{
var errors = response.errors;
}
}
else if (response.ResponseType == (int)ResponseTypes.DocumentsUploadResponse)
{
if (response.status == "Success")
{
var obj = JsonConvert.DeserializeObject <List <DocumentUploadItemResponse> >(response.result.ToString());
//TODO your logic
}
else
{
var errors = response.errors;
}
}
else if (response.ResponseType == (int)ResponseTypes.QuoteCreated)
{
if (response.status == "Success")
{
var obj = JsonConvert.DeserializeObject <QuoteCreatedResponse>(response.result.ToString());
//TODO your logic
}
else
{
var errors = response.errors;
}
}
else if (response.ResponseType == (int)ResponseTypes.QuotePaid)
{
if (response.status == "Success")
{
var obj = JsonConvert.DeserializeObject <QuotePaidResponse>(response.result.ToString());
//TODO your logic
}
else
{
var errors = response.errors;
}
}
else
{
return(BadRequest("Invalid response type"));
}
return(Ok());
}
return(Unauthorized());
}
public async Task <RequestSignatureVerificationResult> VerifySignature(HttpRequest request, SignedRequestAuthenticationOptions options)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
Client client = null;
Signature signature = null;
try {
signature = _signatureParser.Parse(request, options);
var eventTask = options.OnSignatureParsed;
if (eventTask != null)
{
await eventTask.Invoke(request, signature).ConfigureAwait(false);
}
try {
signature.Validate();
}
catch (ValidationException ex) {
throw new InvalidSignatureException(
"The signature is invalid. See inner exception.",
ex);
}
client = await _clientStore.Get(signature.KeyId).ConfigureAwait(false);
if (client == null)
{
var failure = SignatureVerificationFailure.InvalidClient($"No {nameof(Client)}s with id '{signature.KeyId}' are registered in the server store.");
_logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Code, failure.Message);
return(new RequestSignatureVerificationResultFailure(client, signature, failure));
}
var requestForSigning = await request.ToRequestForSigning(signature).ConfigureAwait(false);
var verificationFailure = await _signatureVerifier.VerifySignature(requestForSigning, signature, client).ConfigureAwait(false);
var verificationResultCreator = _verificationResultCreatorFactory.Create(client, signature);
var result = verificationFailure == null
? verificationResultCreator.CreateForSuccess()
: verificationResultCreator.CreateForFailure(verificationFailure);
if (result is RequestSignatureVerificationResultSuccess success)
{
_logger?.LogDebug($"Request signature verification succeeded for principal {success.Principal?.Identity?.Name ?? "[null]"}.");
}
else if (result is RequestSignatureVerificationResultFailure failure)
{
_logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Failure.Code, failure.Failure.Message);
}
return(result);
}
catch (InvalidSignatureException ex) {
var failure = SignatureVerificationFailure.InvalidSignature(ex.Message, ex);
_logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Code, failure.Message);
return(new RequestSignatureVerificationResultFailure(client, signature, failure));
}
}
public async Task <IHttpActionResult> Command(string command)
{
if (!Request.IsAuthorized())
{
Log.Fatal("Blocked WebApiHost request from {blockedIp}", Request.GetRemoteIp());
return(StatusCode(HttpStatusCode.Forbidden));
}
var context = new OperationContext(Request);
try
{
Program.WebApiHost.ClientConnected();
context.SetRawInputParameters(Request.RequestUri.Query, command);
var inputParameters = await ReadInputParameters(Request, command);
context.SetInputParameters(inputParameters);
var validationResult = ValidateParameters(inputParameters);
if (!validationResult.isParametersOk)
{
return(ErrorResultBadRequest(validationResult.errorReason, context));
}
switch (inputParameters.ArgsInfo.Function)
{
case ProgramFunction.Sign:
var signerResponse = _signer.Sign(
inputParameters.ArgsInfo.SigType,
inputParameters.ArgsInfo.GostFlavor,
inputParameters.ArgsInfo.CertificateThumbprint,
inputParameters.DataToSign,
inputParameters.ArgsInfo.NodeId,
inputParameters.ArgsInfo.IgnoreExpiredCertificate,
inputParameters.ArgsInfo.IsAddSigningTime);
var binaryData = signerResponse.IsResultBase64Bytes
? Convert.FromBase64String(signerResponse.SignedData)
: Encoding.UTF8.GetBytes(signerResponse.SignedData);
context.SetSignerResponse(signerResponse);
var streamToReturn = new MemoryStream(binaryData);
var returnMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StreamContent(streamToReturn),
};
SetAdditionalResponseProperties(returnMessage);
Log.Debug(
"Successfully signed file from ip {requesterIp} with following parameters: [{parameters}]",
Request.GetRemoteIp(),
context.RawInputParameters);
return(SuccessResult(returnMessage, context));
case ProgramFunction.Verify:
var verifierResponse = _verifier.VerifySignature(
inputParameters.ArgsInfo.SigType,
nodeId: inputParameters.ArgsInfo.NodeId,
signedFileBytes: inputParameters.DataToSign,
signatureFileBytes: inputParameters.SignatureFileBytes,
isVerifyCertificateChain: inputParameters.ArgsInfo.IsVerifyCertificateChain);
var verifierRetrurnMessge = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(JsonConvert.SerializeObject(verifierResponse))
};
SetAdditionalResponseProperties(verifierRetrurnMessge);
Log.Debug(
"Successfully checked signature from ip {requesterIp} with following parameters: [{parameters}]",
Request.GetRemoteIp(),
context.RawInputParameters);
return(SuccessResult(verifierRetrurnMessge, context));
case ProgramFunction.Extract:
var readCertificate = _certificateProcessor.ReadCertificateFromSignedFile(
inputParameters.ArgsInfo.SigType,
signedFileBytes: inputParameters.DataToSign,
signatureFileBytes: inputParameters.SignatureFileBytes,
nodeId: inputParameters.ArgsInfo.NodeId);
var serializableCertificate = _certificateSerializer.CertificateToSerializable(readCertificate);
var extractedCertificateRetrurnMessge = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(JsonConvert.SerializeObject(serializableCertificate))
};
SetAdditionalResponseProperties(extractedCertificateRetrurnMessge);
Log.Debug(
"Successfully extracted certificate from signed file from ip {requesterIp} with following parameters: [{parameters}]",
Request.GetRemoteIp(),
context.RawInputParameters);
return(SuccessResult(extractedCertificateRetrurnMessge, context));
case ProgramFunction.VerifyAndExtract:
var verifierResponsePart = _verifier.VerifySignature(
inputParameters.ArgsInfo.SigType,
signedFileBytes: inputParameters.DataToSign,
signatureFileBytes: inputParameters.SignatureFileBytes,
nodeId: inputParameters.ArgsInfo.NodeId,
isVerifyCertificateChain: inputParameters.ArgsInfo.IsVerifyCertificateChain);
var readCertificatePart = _certificateProcessor.ReadCertificateFromSignedFile(
inputParameters.ArgsInfo.SigType,
signedFileBytes: inputParameters.DataToSign,
signatureFileBytes: inputParameters.SignatureFileBytes,
nodeId: inputParameters.ArgsInfo.NodeId);
var serializableCertificatePart =
_certificateSerializer.CertificateToSerializable(readCertificatePart);
var combinedResponse = new CombinedResponse()
{
VerificationResult = verifierResponsePart,
ExtractedCertificate = serializableCertificatePart
};
if (verifierResponsePart.SigningDateTime.HasValue)
{
combinedResponse.SignatureInfo = new()
{
SigningDateTime = verifierResponsePart.SigningDateTime
};
}
var verifyAndExtractRetrurnMessge = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(JsonConvert.SerializeObject(combinedResponse))
};
SetAdditionalResponseProperties(verifyAndExtractRetrurnMessge);
Log.Debug(
"Successfully verified and extracted certificate from signed file from ip {requesterIp} with following parameters: [{parameters}]",
Request.GetRemoteIp(),
context.RawInputParameters);
return(SuccessResult(verifyAndExtractRetrurnMessge, context));
case ProgramFunction.Describe:
var readInputCertificate = _certificateProcessor.ReadCertificateFromCertificateFile(inputParameters.CertificateFileBytes);
var describedCertificate =
_certificateSerializer.CertificateToSerializable(readInputCertificate);
var certificateDescribeReturnMessge = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(JsonConvert.SerializeObject(describedCertificate))
};
Log.Debug(
"Successfully described extracted certificate from ip {requesterIp}",
Request.GetRemoteIp());
return(SuccessResult(certificateDescribeReturnMessge, context));
default:
return(ErrorResultBadRequest($"Command {command} is not supported.", context));
}
}
catch (OperationCanceledException opce)
{
Log.Warning("Client disconnected prior to singing completion");
return(ErrorResultBadRequest(opce, context));
}
catch (Exception ex)
{
Log.Error(ex, "Error occured during signing process with command: {command}", command);
return(ErrorResultBadRequest(ex, context));
}
finally
{
SaveOperationContext(context);
Program.WebApiHost.ClientDisconnected();
}
}
