public static bool Validate(BaseRequest request, string publicKey)
{
string signature = request.Signature;
request.Signature = null;
string message = JsonHelper.Serialize(request);
request.Signature = signature;
return CryptoHelper.Verify(publicKey, message, signature);
}
private void Validate(int issuerId, BaseRequest baseReq = null)
{
if (baseReq is GetAccountRequest)
{
var request = (GetAccountRequest)baseReq;
int isserId = FiatCoinHelper.GetIssuerId(request.Address);
var account = DataAccess.DataAccessor.FiatCoinRepository.GetAccount(isserId, request.Address);
if (account == null)
{
var message = string.Format("Account with address = {0} not found", request.Address);
throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.NotFound, message));
}
}
else if (baseReq is RegisterRequest)
{
}
else if (baseReq is UnregisterRequest)
{
var request = (UnregisterRequest)baseReq;
int isserId = FiatCoinHelper.GetIssuerId(request.Address);
var account = DataAccess.DataAccessor.FiatCoinRepository.GetAccount(isserId, request.Address);
if (account == null)
{
var message = string.Format("Account with address = {0} not found", request.Address);
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NoContent, message));
}
ValidateRequestor(request, account);
}
else if (baseReq is DirectPayRequest)
{
var request = (DirectPayRequest)baseReq;
int srcIsserId = FiatCoinHelper.GetIssuerId(request.PaymentTransaction.Source);
if (srcIsserId != issuerId)
{
var message = string.Format("Source's issuer Id = {0}, but the request was sent to issuer Id = {1}", srcIsserId, issuerId);
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, message));
}
var account = DataAccess.DataAccessor.FiatCoinRepository.GetAccount(srcIsserId, request.PaymentTransaction.Source);
if (account == null)
{
var message = string.Format("Account with address = {0} not found", request.PaymentTransaction.Source);
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NoContent, message));
}
ValidateRequestor(request, account);
var transactions = DataAccess.DataAccessor.FiatCoinRepository.GetTransactions(srcIsserId, request.PaymentTransaction.Source);
var balance = CalculateBalance(transactions, request.PaymentTransaction.Source);
if (request.PaymentTransaction.Amount > balance)
{
var message = string.Format("Insufficient funds, balance = {0}, to pay = {1}", balance, request.PaymentTransaction.Amount);
throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.BadRequest, message));
}
}
else if (baseReq is FundRequest)
{
var request = (FundRequest)baseReq;
int destIsserId = FiatCoinHelper.GetIssuerId(request.PaymentTransaction.Dest);
var account = DataAccess.DataAccessor.FiatCoinRepository.GetTransactions(destIsserId, request.PaymentTransaction.Dest);
if (account == null)
{
var message = string.Format("Account with address = {0} not found", request.PaymentTransaction.Dest);
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound, message));
}
}
}
public void ValidateRequestor(BaseRequest request, PaymentAccount account)
{
string publicKey = account.PublicKey;
string signature = request.Signature;
request.Signature = null;
string jsonString = JsonHelper.Serialize(request);
request.Signature = signature;
bool authorized = CryptoHelper.Verify(publicKey, jsonString, signature);
if (!authorized)
{
var message = string.Format("User is not authorized to operate on the object.");
throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.Unauthorized, message));
}
}
