private async Task <bool> HandleRequestWithoutBody(VerifyRequestQuery request, CancellationToken cancellationToken) { var signatureHeaderParameters = request.HttpRequest.Headers["X-Signature"].ToString().Split(':'); if (signatureHeaderParameters.Length != 2) { return(false); } var requestPublicKey = signatureHeaderParameters.First(); var isVerified = verification.Verify(request.HttpRequest.QueryString.Value, requestPublicKey, signatureHeaderParameters.Last()); if (!isVerified) { return(false); } var profile = await repository.GetProfileAsyncNt(request.VerifiedRequest.ProfileId, request.VerifiedRequest.DeviceId, cancellationToken); if (profile == null) { return(false); } var profilePublicKey = profile.PublicKey; if (string.IsNullOrEmpty(profilePublicKey)) { return(false); } return(profilePublicKey == requestPublicKey); }
public async Task <IActionResult> Run( [HttpTrigger(AuthorizationLevel.Anonymous, "put", Route = "profile")] HttpRequest req, ILogger log, CancellationToken cancellationToken) { try { string requestBody = await new StreamReader(req.Body).ReadToEndAsync(); string signedAttestation = req.Headers["X-SignedSafetyNet"].ToString(); string[] signatureHeaderParameters = req.Headers["X-Signature"].ToString().Split(':'); if (signatureHeaderParameters.Length != 2) { return(new BadRequestResult()); } var publicKey = signatureHeaderParameters.First(); var isVerified = verification.Verify(requestBody, publicKey, signatureHeaderParameters.Last()); if (!isVerified) { return(new UnauthorizedResult()); } var data = JsonConvert.DeserializeObject <VerifyProfileRequest>(requestBody); var command = new VerifyProfileCommand(data.DeviceId, data.ProfileId, data.CovidPass, data.Nonce, publicKey, signedAttestation); await mediator.Send(command, cancellationToken); return(new OkResult()); } catch (DomainException ex) { var errors = validation.ProcessErrors(ex); return(new BadRequestObjectResult(errors)); } }
private bool HandleRequestWithoutBody(VerifyRequestWithoutPublicKeyValidationQuery request, CancellationToken cancellationToken) { var signatureHeaderParameters = request.HttpRequest.Headers["X-Signature"].ToString().Split(':'); if (signatureHeaderParameters.Length != 2) { return(false); } var requestPublicKey = signatureHeaderParameters.First(); var isVerified = verification.Verify(request.HttpRequest.QueryString.Value, requestPublicKey, signatureHeaderParameters.Last()); if (!isVerified) { return(false); } return(true); }