public override SignatureVerificationFailure VerifySync(HttpRequestForSigning signedRequest, Signature signature, Client client) { // Algorithm parameter is not required if (string.IsNullOrEmpty(signature.Algorithm)) { _logger?.LogDebug("Algorithm match verification is not required, because there is no algorithm specified in the signature."); return(null); } // hs2019 is always ok if (signature.Algorithm == Signature.DefaultSignatureAlgorithm) { return(null); } var algorithmParts = new List <string>(); if (!string.IsNullOrEmpty(signature.Algorithm)) { var separatorIndex = signature.Algorithm.IndexOf('-'); if (separatorIndex < 0 || separatorIndex >= signature.Algorithm.Length - 1) { algorithmParts.Add(signature.Algorithm); } else { algorithmParts.Add(signature.Algorithm.Substring(0, separatorIndex)); algorithmParts.Add(signature.Algorithm.Substring(separatorIndex + 1)); } } if (algorithmParts.Count < 2) { return(SignatureVerificationFailure.InvalidSignatureAlgorithm($"The specified signature algorithm ({signature.Algorithm}) is not supported.")); } if (!client.SignatureAlgorithm.Name.Equals(algorithmParts[0], StringComparison.OrdinalIgnoreCase)) { return(SignatureVerificationFailure.InvalidSignatureAlgorithm($"The specified signature algorithm ({algorithmParts[0]}) does not match the registered signature algorithm for the client with id {client.Id}.")); } if (!client.SignatureAlgorithm.HashAlgorithm.Name.Equals(algorithmParts[1], StringComparison.OrdinalIgnoreCase)) { return(SignatureVerificationFailure.InvalidSignatureAlgorithm($"The specified hash algorithm ({algorithmParts[1]}) does not match the registered hash algorithm for the client with id {client.Id}.")); } return(null); }
public override SignatureVerificationFailure VerifySync(HttpRequestForVerification signedRequest, Signature signature, Client client) { // Algorithm parameter is not required if (string.IsNullOrEmpty(signature.Algorithm)) { _logger?.LogDebug("Algorithm verification is not required, because there is no algorithm specified in the signature."); return(null); } // hs2019 is always allowed if (signature.Algorithm == Signature.DefaultSignatureAlgorithm) { return(null); } var algorithmParts = new List <string>(); if (!string.IsNullOrEmpty(signature.Algorithm)) { var separatorIndex = signature.Algorithm.IndexOf('-'); if (separatorIndex < 0 || separatorIndex >= signature.Algorithm.Length - 1) { algorithmParts.Add(signature.Algorithm); } else { algorithmParts.Add(signature.Algorithm.Substring(0, separatorIndex)); algorithmParts.Add(signature.Algorithm.Substring(separatorIndex + 1)); } } if (algorithmParts.Count < 2) { return(SignatureVerificationFailure.InvalidSignatureAlgorithm($"The specified signature algorithm ({signature.Algorithm}) is not supported.")); } if (!SupportedSignatureAlgorithmNames.Contains(algorithmParts[0])) { return(SignatureVerificationFailure.InvalidSignatureAlgorithm($"The specified signature algorithm ({signature.Algorithm}) is not supported.")); } if (!SupportedHashAlgorithmNames.Contains(algorithmParts[1].ToUpperInvariant())) { return(SignatureVerificationFailure.InvalidSignatureAlgorithm($"The specified hash algorithm ({algorithmParts[1]}) is not supported.")); } return(null); }