public CardSavrResponse(HttpResponseMessage response)
{
StatusCode = response.StatusCode;
string value = ApiUtil.GetSingleHeaderValue(response.Headers, "x-cardsavr-paging");
if (value != null)
{
log.Debug($"found server paging header: \"{value}\"");
Paging = Paging.FromHeader(value);
}
}
private void VerifyResponseSignature(Uri uri, HttpResponseMessage response, string body)
{
string auth = ApiUtil.GetSingleHeaderValue(response.Headers, "authorization");
string nonce = ApiUtil.GetSingleHeaderValue(response.Headers, "nonce");
string toSign = $"{uri.PathAndQuery}{auth}{nonce}{body ?? ""}";
string signature = ApiUtil.GetSingleHeaderValue(response.Headers, "signature");
if (auth == null || auth == "")
{
log.Debug("Not an authorized response, probably merchants endpoint");
}
else if (!HashUtil.HmacVerify(toSign, GetEncryptionKey(), signature))
{
log.Error($"failed to verify signature \"{signature}\"; auth=({auth}), nonce=({nonce})");
throw new InvalidSignatureException($"{uri.PathAndQuery}, expected={signature}");
}
log.Debug($"verified response-signature \"{signature}\"");
}
