private void VerifyResponse(HttpResponseMessage responseMessage, string content)
{
var serverSignatureHeader = responseMessage.Headers.FirstOrDefault(h => h.Key == ServerSignatureHeaderName).Value.FirstOrDefault();
if (serverSignatureHeader == null)
{
throw new BunqApiException("Server sent an invalid response. No signature header found.");
}
var builder = new StringBuilder();
builder.AppendFormat("{0}\n", (int)responseMessage.StatusCode);
foreach (var header in responseMessage.Headers.Where(h => h.Key.StartsWith("X-Bunq-") && h.Key != ServerSignatureHeaderName).OrderBy(h => h.Key))
{
builder.AppendFormat("{0}: {1}\n", header.Key, header.Value.First());
}
builder.Append("\n");
builder.Append(content);
var builderBytes = Encoding.UTF8.GetBytes(builder.ToString());
var serverSignature = Convert.FromBase64String(serverSignatureHeader);
if (!ServerPublicKey.VerifyData(builderBytes, serverSignature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1))
{
throw new BunqApiException("Server sent an invalid response. Signature invalid.");
}
}
