public async Task Sign(HttpRequestMessage request, DateTimeOffset timeOfSigning, TimeSpan expires)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
try {
if (timeOfSigning > _systemClock.UtcNow)
{
throw new HttpMessageSigningException("Cannot create a signature that is created in the future.");
}
if (timeOfSigning.Add(expires) < _systemClock.UtcNow)
{
throw new HttpMessageSigningException("Cannot create a signature that has already expired.");
}
var clonedSettings = (SigningSettings)_signingSettings.Clone();
var onRequestSigningTask = _signingSettings.Events?.OnRequestSigning?.Invoke(request, clonedSettings);
if (onRequestSigningTask != null)
{
await onRequestSigningTask.ConfigureAwait(continueOnCapturedContext : false);
}
_signingSettingsSanitizer.SanitizeHeaderNamesToInclude(clonedSettings, request);
clonedSettings.Validate();
await _signatureHeaderEnsurer.EnsureHeader(request, clonedSettings, timeOfSigning).ConfigureAwait(continueOnCapturedContext: false);
var signature = await _signatureCreator.CreateSignature(request, clonedSettings, timeOfSigning, expires).ConfigureAwait(continueOnCapturedContext: false);
var onSignatureCreatedTask = _signingSettings.Events?.OnSignatureCreated?.Invoke(request, signature, clonedSettings);
if (onSignatureCreatedTask != null)
{
await onSignatureCreatedTask.ConfigureAwait(continueOnCapturedContext : false);
}
var authParam = _authorizationHeaderParamCreator.CreateParam(signature);
_logger?.LogDebug("Setting Authorization scheme to '{0}' and param to '{1}'.", clonedSettings.AuthorizationScheme, authParam);
request.Headers.Authorization = new AuthenticationHeaderValue(clonedSettings.AuthorizationScheme, authParam);
var onRequestSignedTask = _signingSettings.Events?.OnRequestSigned?.Invoke(request, signature, clonedSettings);
if (onRequestSignedTask != null)
{
await onRequestSignedTask.ConfigureAwait(continueOnCapturedContext : false);
}
}
catch (Exception ex) {
_logger?.LogError(ex, "Could not sign the specified request. See inner exception.");
throw;
}
}
public async Task <Signature> CreateSignature(HttpRequestMessage request, SigningSettings settings, DateTimeOffset timeOfSigning)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
if (settings == null)
{
throw new ArgumentNullException(nameof(settings));
}
_signingSettingsSanitizer.SanitizeHeaderNamesToInclude(settings, request);
settings.Validate();
var nonce = settings.EnableNonce ? _nonceGenerator.GenerateNonce() : null;
var requestForSigning = request.ToRequestForSigning();
var signingString = _signingStringComposer.Compose(
requestForSigning,
settings.SignatureAlgorithm.Name,
settings.Headers,
timeOfSigning,
settings.Expires,
nonce);
var eventTask = settings.Events?.OnSigningStringComposed?.Invoke(request, signingString);
if (eventTask != null)
{
await eventTask;
}
_logger?.LogDebug("Composed the following signing string for request signing: {0}", signingString);
var signatureHash = settings.SignatureAlgorithm.ComputeHash(signingString);
var signatureString = _base64Converter.ToBase64(signatureHash);
_logger?.LogDebug("The base64 hash of the signature string for signing is '{0}'.", signatureString);
var signature = new Signature {
KeyId = settings.KeyId,
Algorithm = $"{settings.SignatureAlgorithm.Name.ToLowerInvariant()}-{settings.SignatureAlgorithm.HashAlgorithm.ToString().ToLowerInvariant()}",
Created = timeOfSigning,
Expires = timeOfSigning.Add(settings.Expires),
Headers = settings.Headers,
Nonce = nonce,
String = signatureString
};
return(signature);
}