public async Task <bool> IsAuthenticAsync( HttpRequest request) { var options = _optionsMonitorMonitor.CurrentValue; if (!options.IsRequestAuthenticationEnabled) { _logger .LogRequestAuthenticatorRequestAuthenticationIsDisabled(); return(true); } var timestamp = request.GetSlackTimestampHeaderValue(); var signature = request.GetSlackSignatureHeaderValue(); var message = await request.ReadAsync() ?? string.Empty; _logger.LogInvokingSignatureVerification( timestamp, signature, message); return(_signatureVerifier.Verify( signature, timestamp, message)); }
public void AddMessage(Guid groupId, ParticipantMessage message, VerifiedParticipant participant) { var groupDetails = groupRepository.GetGroup(groupId); var groupPubKey = File.ReadAllText(groupDetails.Name + "PublicKey.txt"); var rsaPubKey = RsaKeyUtils.GetDeserializedKPublicKey(groupPubKey); SignedEntity signedEntity = new SignedEntity(FromBase64String(participant.PublicKey), FromBase64String(participant.Signature)); bool isVerified = signatureVerifier.Verify(signedEntity, rsaPubKey); if (isVerified) { groupRepository.SaveMessage(participant, message); } }
public async Task <IActionResult> HandleHook() { LogHeaders(Request.Headers); var verified = _signatureVerifier.Verify(Request, DateTime.UtcNow); if (!verified) { _logger.LogWarning("Bad Signature!"); return(this.Unauthorized()); } // the body is json, but we aren't trying to deserialize it here--we're just dumping it to the message sink using StreamReader reader = new StreamReader(Request.Body, Encoding.UTF8); var content = await reader.ReadToEndAsync(); _sink.HandleMessage(content); return(Ok()); }