Exemple #1
0
        public HmacSignatureContent Resolve(HmacRequestInfo req)
        {
            var request = new HmacSignatureContent
            {
                Method      = req.Method,
                Uri         = urlResolver.Resolve(req),
                Nonce       = req.Headers.Required(Headers.XNonce),
                AppId       = req.Headers.Required(Headers.XAppId),
                Date        = GetDate(req.Headers),
                Accepts     = string.Join(", ", req.Headers.All(Headers.Accept)),
                ContentType = req.Headers.FirstOrDefault(Headers.ContentType),
                ContentMd5  = Md5(req.Headers)
            };

            return(request);
        }
        public Uri Resolve(HmacRequestInfo msg)
        {
            string ResolveUrlProtocol()
            {
                string p = msg.Headers.FirstOrDefault(Headers.XForwardedProto);

                if (p != null)
                {
                    return(p);
                }

                p = msg.Headers.FirstOrDefault(Headers.XForwardedProtocol);
                if (p != null)
                {
                    return(p);
                }

                p = msg.Headers.FirstOrDefault(Headers.XUrlScheme);
                if (p != null)
                {
                    return(p);
                }

                return(!string.IsNullOrWhiteSpace(overrideScheme) ? overrideScheme : msg.Url.Scheme);
            }

            string url = msg.Headers.FirstOrDefault(Headers.XOriginalUrl);

            if (url == null)
            {
                return(msg.Url);
            }

            if (Uri.IsWellFormedUriString(url, UriKind.Absolute))
            {
                return(new Uri(url));
            }

            string protocol = ResolveUrlProtocol();
            string host     = string.IsNullOrWhiteSpace(overrideHostname) ? msg.Url.Host : overrideHostname;

            return(new Uri($"{protocol}://{host}{url}"));
        }
        public HmacAuthenticationResult Authenticate(HmacRequestInfo req)
        {
            string clientSignature = ResolveSignature(req.Headers);

            HmacSignatureContent signatureContent = signatureContentResolver.Resolve(req);

            dateValidator.Validate(signatureContent.Date);

            SecureString secret       = GetAppSecret(signatureContent.AppId);
            string       signatureSrc = signatureContent.ToCanonicalString();
            string       signature    = algorithm.Sign(secret, signatureSrc);

            if (signature != clientSignature)
            {
                throw new HmacAuthenticationException($"Signature mismatch. Signature src: '{signatureSrc}'");
            }

            return(new HmacAuthenticationResult(signatureContent.AppId));
        }