public void Initialize(AcmeRawPostRequest rawPostRequest)
{
if (rawPostRequest is null)
{
throw new ArgumentNullException(nameof(rawPostRequest));
}
_request = rawPostRequest;
_header = ReadHeader(_request);
}
private static TPayload ReadPayload <TPayload>(AcmeRawPostRequest rawRequest)
{
if (rawRequest is null)
{
throw new ArgumentNullException(nameof(rawRequest));
}
var payloadJson = Base64UrlEncoder.Decode(rawRequest.Payload);
var payload = JsonSerializer.Deserialize <TPayload>(payloadJson, _jsonOptions);
return(payload);
}
private static AcmeHeader ReadHeader(AcmeRawPostRequest rawRequest)
{
if (rawRequest is null)
{
throw new ArgumentNullException(nameof(rawRequest));
}
var headerJson = Base64UrlEncoder.Decode(rawRequest.Header);
var header = JsonSerializer.Deserialize <AcmeHeader>(headerJson, _jsonOptions);
return(header);
}
private async Task ValidateSignatureAsync(AcmeRawPostRequest request, AcmeHeader header, CancellationToken cancellationToken)
{
if (request is null)
{
throw new ArgumentNullException(nameof(request));
}
if (header is null)
{
throw new ArgumentNullException(nameof(header));
}
_logger.LogDebug("Attempting to validate signature ...");
var jwk = header.Jwk;
if (jwk == null)
{
try
{
var accountId = header.GetAccountId();
var account = await _accountService.LoadAcountAsync(accountId, cancellationToken);
jwk = account?.Jwk;
}
catch (InvalidOperationException)
{
throw new MalformedRequestException("KID could not be found.");
}
}
if (jwk == null)
{
throw new MalformedRequestException("Could not load JWK.");
}
var securityKey = jwk.SecurityKey;
using var signatureProvider = new AsymmetricSignatureProvider(securityKey, header.Alg);
var plainText = System.Text.Encoding.UTF8.GetBytes($"{request.Header}.{request.Payload ?? ""}");
var signature = Base64UrlEncoder.DecodeBytes(request.Signature);
if (!signatureProvider.Verify(plainText, signature))
{
throw new MalformedRequestException("The signature could not be verified");
}
_logger.LogDebug("successfully validated signature.");
}
public async Task ValidateRequestAsync(AcmeRawPostRequest request, AcmeHeader header,
string requestUrl, CancellationToken cancellationToken)
{
if (request is null)
{
throw new ArgumentNullException(nameof(request));
}
if (header is null)
{
throw new ArgumentNullException(nameof(header));
}
if (string.IsNullOrWhiteSpace(requestUrl))
{
throw new ArgumentNullException(nameof(requestUrl));
}
ValidateRequestHeader(header, requestUrl);
await ValidateNonceAsync(header.Nonce, cancellationToken);
await ValidateSignatureAsync(request, header, cancellationToken);
}
