/// <summary> /// Determines whether the signature is valid for the specified message. /// </summary> /// <param name="validator">Used to validate the signature.</param> /// <param name="request">The request message that contains the signature.</param> /// <param name="signature">The signature to validate.</param> /// <returns> /// A <see cref="SignatureValidationResult"/> that represents the result of the validation. /// </returns> public static async Task <SignatureValidationResult> ValidateAsync( this HttpSignatureValidator validator, HttpRequest request, HttpSignature signature) { // Allow to read the request body multiple times request.EnableBuffering(); // First, we try the raw request URL (if available) var requestFeature = request.HttpContext.Features.Get <IHttpRequestFeature>(); if (!string.IsNullOrEmpty(requestFeature.RawTarget)) { var result = await validator.ValidateAsync(signature, request.Method, requestFeature.RawTarget, request.Body).ConfigureAwait(false); // If the signature is OK, we're done. If it's Expired or Duplicate, there's no point // in checking again. if (result != SignatureValidationResult.Invalid) { return(result); } } return(await validator.ValidateAsync(signature, request.Method, request.GetEncodedUrl(), request.Body).ConfigureAwait(false)); }
/// <summary> /// Initializes a new instance of the <see cref="SignatureHandler"/> class. /// </summary> /// <param name="validator">Used to validate signatures.</param> /// <param name="options">The signature options.</param> /// <param name="logger">A factory used to create logger instances.</param> /// <param name="encoder">A URL encoder.</param> /// <param name="clock">Used to get the current time.</param> public SignatureHandler(HttpSignatureValidator validator, IOptionsMonitor <SignatureHandlerOptions> options, ILoggerFactory logger, System.Text.Encodings.Web.UrlEncoder encoder, Microsoft.AspNetCore.Authentication.ISystemClock clock) : base(options, logger, encoder, clock) { Validator = validator; }