protected override HttpRequestMessage ProcessRequest(HttpRequestMessage request, CancellationToken cancellationToken)
{
var nonce = nonceGenerator.NextNonce;
var timestamp = time.UtcNow;
var content = new HmacSignatureContent
{
Nonce = nonce,
AppId = appId,
Date = timestamp,
Method = request.Method.Method,
Accepts = string.Join(", ", request.Headers.Accept),
ContentType = request.Content?.Headers?.ContentType?.ToString(),
ContentMd5 = request.Content?.Headers?.ContentMD5,
Uri = request.RequestUri
};
var signature = signingAlgorithm.Sign(secret, content.ToCanonicalString());
request.Headers.Authorization = new AuthenticationHeaderValue(Schemas.HMAC, signature);
request.Headers.Add(Headers.XAppId, appId);
request.Headers.Add(Headers.XNonce, nonce);
request.Headers.Date = timestamp;
return(request);
}
public HmacAuthenticationResult Authenticate(HmacRequestInfo req)
{
string clientSignature = ResolveSignature(req.Headers);
HmacSignatureContent signatureContent = signatureContentResolver.Resolve(req);
dateValidator.Validate(signatureContent.Date);
SecureString secret = GetAppSecret(signatureContent.AppId);
string signatureSrc = signatureContent.ToCanonicalString();
string signature = algorithm.Sign(secret, signatureSrc);
if (signature != clientSignature)
{
throw new HmacAuthenticationException($"Signature mismatch. Signature src: '{signatureSrc}'");
}
return(new HmacAuthenticationResult(signatureContent.AppId));
}