public override SignatureVerificationFailure VerifySync(HttpRequestForSigning signedRequest, Signature signature, Client client)
{
// Algorithm parameter is not required
if (string.IsNullOrEmpty(signature.Algorithm))
{
_logger?.LogDebug("Algorithm match verification is not required, because there is no algorithm specified in the signature.");
return(null);
}
// hs2019 is always ok
if (signature.Algorithm == Signature.DefaultSignatureAlgorithm)
{
return(null);
}
var algorithmParts = new List <string>();
if (!string.IsNullOrEmpty(signature.Algorithm))
{
var separatorIndex = signature.Algorithm.IndexOf('-');
if (separatorIndex < 0 || separatorIndex >= signature.Algorithm.Length - 1)
{
algorithmParts.Add(signature.Algorithm);
}
else
{
algorithmParts.Add(signature.Algorithm.Substring(0, separatorIndex));
algorithmParts.Add(signature.Algorithm.Substring(separatorIndex + 1));
}
}
if (algorithmParts.Count < 2)
{
return(SignatureVerificationFailure.InvalidSignatureAlgorithm($"The specified signature algorithm ({signature.Algorithm}) is not supported."));
}
if (!client.SignatureAlgorithm.Name.Equals(algorithmParts[0], StringComparison.OrdinalIgnoreCase))
{
return(SignatureVerificationFailure.InvalidSignatureAlgorithm($"The specified signature algorithm ({algorithmParts[0]}) does not match the registered signature algorithm for the client with id {client.Id}."));
}
if (!client.SignatureAlgorithm.HashAlgorithm.Name.Equals(algorithmParts[1], StringComparison.OrdinalIgnoreCase))
{
return(SignatureVerificationFailure.InvalidSignatureAlgorithm($"The specified hash algorithm ({algorithmParts[1]}) does not match the registered hash algorithm for the client with id {client.Id}."));
}
return(null);
}
public override SignatureVerificationFailure VerifySync(HttpRequestForVerification signedRequest, Signature signature, Client client)
{
// Algorithm parameter is not required
if (string.IsNullOrEmpty(signature.Algorithm))
{
_logger?.LogDebug("Algorithm verification is not required, because there is no algorithm specified in the signature.");
return(null);
}
// hs2019 is always allowed
if (signature.Algorithm == Signature.DefaultSignatureAlgorithm)
{
return(null);
}
var algorithmParts = new List <string>();
if (!string.IsNullOrEmpty(signature.Algorithm))
{
var separatorIndex = signature.Algorithm.IndexOf('-');
if (separatorIndex < 0 || separatorIndex >= signature.Algorithm.Length - 1)
{
algorithmParts.Add(signature.Algorithm);
}
else
{
algorithmParts.Add(signature.Algorithm.Substring(0, separatorIndex));
algorithmParts.Add(signature.Algorithm.Substring(separatorIndex + 1));
}
}
if (algorithmParts.Count < 2)
{
return(SignatureVerificationFailure.InvalidSignatureAlgorithm($"The specified signature algorithm ({signature.Algorithm}) is not supported."));
}
if (!SupportedSignatureAlgorithmNames.Contains(algorithmParts[0]))
{
return(SignatureVerificationFailure.InvalidSignatureAlgorithm($"The specified signature algorithm ({signature.Algorithm}) is not supported."));
}
if (!SupportedHashAlgorithmNames.Contains(algorithmParts[1].ToUpperInvariant()))
{
return(SignatureVerificationFailure.InvalidSignatureAlgorithm($"The specified hash algorithm ({algorithmParts[1]}) is not supported."));
}
return(null);
}
