private void ValidateBody(byte[] body, IEnumerable <IRequestHeader> requestHeaders) { string signature = ExtractHeaderValue(requestHeaders, "X-GCS-Signature"); string keyId = ExtractHeaderValue(requestHeaders, "X-GCS-KeyId"); using (var mac = new HMACSHA256(StringUtils.Encoding.GetBytes(_secretKeyStore.GetSecretKey(keyId)))) { mac.Initialize(); byte[] unencodedResult = mac.ComputeHash(body); var expectedSignature = Convert.ToBase64String(unencodedResult); bool isValid = signature.CompareWithoutTimingLeak(expectedSignature); if (!isValid) { throw new SignatureValidationException("failed to validate signature '" + signature + "'"); } } }
private void ValidateBody(byte[] body, IEnumerable <IRequestHeader> requestHeaders) { var numberOfSignatureHeaders = requestHeaders.Count(SignaturePredicate); if (numberOfSignatureHeaders == 0) { throw new SignatureValidationException("Missing X-GCS-Signature header"); } if (numberOfSignatureHeaders != 1) { throw new SignatureValidationException("Duplicate X-GCS-Signature header"); } var numberOfKeyIdHeaders = requestHeaders.Count(KeyIdPredicate); if (numberOfKeyIdHeaders == 0) { throw new SignatureValidationException("Missing X-GCS-KeyId header"); } if (numberOfKeyIdHeaders != 1) { throw new SignatureValidationException("Duplicate X-GCS-KeyId header"); } var signature = requestHeaders.SingleOrDefault(SignaturePredicate)?.Value; var keyId = requestHeaders.SingleOrDefault(KeyIdPredicate)?.Value; using (var mac = new HMACSHA256(StringUtils.Encoding.GetBytes(_secretKeyStore.GetSecretKey(keyId)))) { mac.Initialize(); byte[] unencodedResult = mac.ComputeHash(body); var expectedSignature = Convert.ToBase64String(unencodedResult); bool isValid = signature.CompareWithoutTimingLeak(expectedSignature); if (!isValid) { throw new SignatureValidationException("failed to validate signature '" + signature + "'"); } } }
private void ValidateBody(byte[] body, IEnumerable <IRequestHeader> requestHeaders) { Func <IRequestHeader, bool> signaturePredicate = (IRequestHeader h) => h.Name.Equals("X-GCS-Signature", StringComparison.InvariantCultureIgnoreCase); Func <IRequestHeader, bool> keyIdPredicate = (IRequestHeader h) => h.Name.Equals("X-GCS-KeyId", StringComparison.InvariantCultureIgnoreCase); if (requestHeaders.Count(signaturePredicate) != 1) { if (requestHeaders.Count(signaturePredicate) == 0) { throw new SignatureValidationException("Missing X-GCS-Signature header"); } throw new SignatureValidationException("Duplicate X-GCS-Signature header"); } if (requestHeaders.Count(keyIdPredicate) != 1) { if (requestHeaders.Count(keyIdPredicate) == 0) { throw new SignatureValidationException("Missing X-GCS-KeyId header"); } throw new SignatureValidationException("Duplicate X-GCS-KeyId header"); } var signature = requestHeaders.SingleOrDefault(signaturePredicate)?.Value; var keyId = requestHeaders.SingleOrDefault(keyIdPredicate)?.Value; var mac = new HMACSHA256(StringUtils.Encoding.GetBytes(_secretKeyStore.GetSecretKey(keyId))); mac.Initialize(); byte[] unencodedResult = mac.ComputeHash(body); var expectedSignature = Convert.ToBase64String(unencodedResult); bool isValid = signature.CompareWithoutTimingLeak(expectedSignature); if (!isValid) { throw new SignatureValidationException("failed to validate signature '" + signature + "'"); } }