Esempio n. 1
0
        private void ValidateBody(byte[] body, IEnumerable <IRequestHeader> requestHeaders)
        {
            string signature = ExtractHeaderValue(requestHeaders, "X-GCS-Signature");
            string keyId     = ExtractHeaderValue(requestHeaders, "X-GCS-KeyId");

            using (var mac = new HMACSHA256(StringUtils.Encoding.GetBytes(_secretKeyStore.GetSecretKey(keyId))))
            {
                mac.Initialize();
                byte[] unencodedResult   = mac.ComputeHash(body);
                var    expectedSignature = Convert.ToBase64String(unencodedResult);
                bool   isValid           = signature.CompareWithoutTimingLeak(expectedSignature);
                if (!isValid)
                {
                    throw new SignatureValidationException("failed to validate signature '" + signature + "'");
                }
            }
        }
Esempio n. 2
0
        private void ValidateBody(byte[] body, IEnumerable <IRequestHeader> requestHeaders)
        {
            var numberOfSignatureHeaders = requestHeaders.Count(SignaturePredicate);

            if (numberOfSignatureHeaders == 0)
            {
                throw new SignatureValidationException("Missing X-GCS-Signature header");
            }
            if (numberOfSignatureHeaders != 1)
            {
                throw new SignatureValidationException("Duplicate X-GCS-Signature header");
            }

            var numberOfKeyIdHeaders = requestHeaders.Count(KeyIdPredicate);

            if (numberOfKeyIdHeaders == 0)
            {
                throw new SignatureValidationException("Missing X-GCS-KeyId header");
            }
            if (numberOfKeyIdHeaders != 1)
            {
                throw new SignatureValidationException("Duplicate X-GCS-KeyId header");
            }

            var signature = requestHeaders.SingleOrDefault(SignaturePredicate)?.Value;

            var keyId = requestHeaders.SingleOrDefault(KeyIdPredicate)?.Value;

            using (var mac = new HMACSHA256(StringUtils.Encoding.GetBytes(_secretKeyStore.GetSecretKey(keyId))))
            {
                mac.Initialize();
                byte[] unencodedResult   = mac.ComputeHash(body);
                var    expectedSignature = Convert.ToBase64String(unencodedResult);
                bool   isValid           = signature.CompareWithoutTimingLeak(expectedSignature);
                if (!isValid)
                {
                    throw new SignatureValidationException("failed to validate signature '" + signature + "'");
                }
            }
        }
Esempio n. 3
0
        private void ValidateBody(byte[] body, IEnumerable <IRequestHeader> requestHeaders)
        {
            Func <IRequestHeader, bool> signaturePredicate = (IRequestHeader h) => h.Name.Equals("X-GCS-Signature", StringComparison.InvariantCultureIgnoreCase);
            Func <IRequestHeader, bool> keyIdPredicate     = (IRequestHeader h) => h.Name.Equals("X-GCS-KeyId", StringComparison.InvariantCultureIgnoreCase);

            if (requestHeaders.Count(signaturePredicate) != 1)
            {
                if (requestHeaders.Count(signaturePredicate) == 0)
                {
                    throw new SignatureValidationException("Missing X-GCS-Signature header");
                }
                throw new SignatureValidationException("Duplicate X-GCS-Signature header");
            }
            if (requestHeaders.Count(keyIdPredicate) != 1)
            {
                if (requestHeaders.Count(keyIdPredicate) == 0)
                {
                    throw new SignatureValidationException("Missing X-GCS-KeyId header");
                }
                throw new SignatureValidationException("Duplicate X-GCS-KeyId header");
            }

            var signature = requestHeaders.SingleOrDefault(signaturePredicate)?.Value;

            var keyId = requestHeaders.SingleOrDefault(keyIdPredicate)?.Value;

            var mac = new HMACSHA256(StringUtils.Encoding.GetBytes(_secretKeyStore.GetSecretKey(keyId)));

            mac.Initialize();
            byte[] unencodedResult   = mac.ComputeHash(body);
            var    expectedSignature = Convert.ToBase64String(unencodedResult);
            bool   isValid           = signature.CompareWithoutTimingLeak(expectedSignature);

            if (!isValid)
            {
                throw new SignatureValidationException("failed to validate signature '" + signature + "'");
            }
        }