public async Task <RequestSignatureVerificationResult> VerifySignature(IOwinRequest request, SignedHttpRequestAuthenticationOptions options)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
var signatureParsingResult = _signatureParser.Parse(request, options);
if (signatureParsingResult is SignatureParsingFailure parsingFailure)
{
var failure = SignatureVerificationFailure.InvalidSignature(parsingFailure.Description, parsingFailure.Failure);
_logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Code, failure.Message);
return(new RequestSignatureVerificationResultFailure(client: null, requestForVerification: null, failure));
}
var parsedSignature = ((SignatureParsingSuccess)signatureParsingResult).Signature;
var eventTask = options.OnSignatureParsed;
if (eventTask != null)
{
await eventTask.Invoke(request, parsedSignature).ConfigureAwait(continueOnCapturedContext: false);
}
var requestForVerification = request.ToHttpRequestForVerification(parsedSignature);
return(await _verificationOrchestrator.VerifySignature(requestForVerification).ConfigureAwait(continueOnCapturedContext: false));
}
public async Task <RequestSignatureVerificationResult> VerifySignature(HttpRequest request, SignedRequestAuthenticationOptions options)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
Client client = null;
Signature signature = null;
try {
signature = _signatureParser.Parse(request);
client = await _clientStore.Get(signature.KeyId);
var requestForSigning = await request.ToRequestForSigning(signature);
var verificationFailure = await _signatureVerifier.VerifySignature(requestForSigning, signature, client);
var verificationResultCreator = _verificationResultCreatorFactory.Create(client, signature);
var result = verificationFailure == null
? verificationResultCreator.CreateForSuccess()
: verificationResultCreator.CreateForFailure(verificationFailure);
if (result is RequestSignatureVerificationResultSuccess success)
{
_logger?.LogDebug($"Request signature verification succeeded for principal {success.Principal?.Identity?.Name ?? "[null]"}.");
}
else if (result is RequestSignatureVerificationResultFailure failure)
{
_logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Failure.Code, failure.Failure.Message);
}
return(result);
}
catch (InvalidClientException ex) {
var failure = SignatureVerificationFailure.InvalidClient(ex.Message, ex);
_logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Code, failure.Message);
return(new RequestSignatureVerificationResultFailure(client, signature, failure));
}
catch (InvalidSignatureException ex) {
var failure = SignatureVerificationFailure.InvalidSignature(ex.Message, ex);
_logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Code, failure.Message);
return(new RequestSignatureVerificationResultFailure(client, signature, failure));
}
}
public override SignatureVerificationFailure VerifySync(HttpRequestForSigning signedRequest, Signature signature, Client client)
{
if (!signature.Created.HasValue)
{
return(SignatureVerificationFailure.InvalidSignature($"The signature does not contain a value for the {nameof(signature.Created)} property, but it is required."));
}
if (!signature.Expires.HasValue)
{
return(SignatureVerificationFailure.InvalidSignature($"The signature does not contain a value for the {nameof(signature.Expires)} property, but it is required."));
}
var expires = signature.Expires.Value - signature.Created.Value;
var signingString = _signingStringComposer.Compose(
signedRequest,
client.SignatureAlgorithm.Name,
signature.Headers,
signature.Created.Value,
expires,
signature.Nonce);
_logger?.LogDebug("Composed the following signing string for request verification: {0}", signingString);
byte[] receivedSignature;
try {
receivedSignature = _base64Converter.FromBase64(signature.String);
}
catch (FormatException ex) {
return(SignatureVerificationFailure.InvalidSignatureString(ex.Message, ex));
}
var isValidSignature = client.SignatureAlgorithm.VerifySignature(signingString, receivedSignature);
_logger?.LogDebug("The verification of the signature {0}.", isValidSignature ? "succeeded" : "failed");
if (!isValidSignature)
{
return(SignatureVerificationFailure.InvalidSignatureString("The signature string does not match the expected value."));
}
return(null);
}
public async Task <RequestSignatureVerificationResult> VerifySignature(HttpRequest request, SignedRequestAuthenticationOptions options)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
Client client = null;
Signature signature = null;
try {
signature = _signatureParser.Parse(request, options);
var eventTask = options.OnSignatureParsed;
if (eventTask != null)
{
await eventTask.Invoke(request, signature).ConfigureAwait(false);
}
try {
signature.Validate();
}
catch (ValidationException ex) {
throw new InvalidSignatureException(
"The signature is invalid. See inner exception.",
ex);
}
client = await _clientStore.Get(signature.KeyId).ConfigureAwait(false);
if (client == null)
{
var failure = SignatureVerificationFailure.InvalidClient($"No {nameof(Client)}s with id '{signature.KeyId}' are registered in the server store.");
_logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Code, failure.Message);
return(new RequestSignatureVerificationResultFailure(client, signature, failure));
}
var requestForSigning = await request.ToRequestForSigning(signature).ConfigureAwait(false);
var verificationFailure = await _signatureVerifier.VerifySignature(requestForSigning, signature, client).ConfigureAwait(false);
var verificationResultCreator = _verificationResultCreatorFactory.Create(client, signature);
var result = verificationFailure == null
? verificationResultCreator.CreateForSuccess()
: verificationResultCreator.CreateForFailure(verificationFailure);
if (result is RequestSignatureVerificationResultSuccess success)
{
_logger?.LogDebug($"Request signature verification succeeded for principal {success.Principal?.Identity?.Name ?? "[null]"}.");
}
else if (result is RequestSignatureVerificationResultFailure failure)
{
_logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Failure.Code, failure.Failure.Message);
}
return(result);
}
catch (InvalidSignatureException ex) {
var failure = SignatureVerificationFailure.InvalidSignature(ex.Message, ex);
_logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Code, failure.Message);
return(new RequestSignatureVerificationResultFailure(client, signature, failure));
}
}