private async Task <string> ReadAndVerifyBodyAsync(HttpRequest request, CancellationToken cancellationToken) { using (var reader = new StreamReader(request.Body)) { var json = await reader.ReadToEndAsync(); var jsonBytes = Encoding.UTF8.GetBytes(json); if (request.Headers.TryGetValue(GitHubSignatureHeader, out StringValues signature)) { var secret = await GetGitHubAppWebhookSecretAsync(cancellationToken); var isValid = GitHubWebhookSignatureValidator.IsValid(jsonBytes, signature, secret); if (isValid) { return(json); } else { throw new CheckEnforcerSecurityException("Webhook signature validation failed."); } } else { throw new CheckEnforcerSecurityException("Webhook missing event signature."); } } }
private async Task <byte[]> ReadAndValidateContentFromGitHubAsync(GitHubRule rule, HttpRequest request) { var payloadContent = await ReadAndValidateContentFromGenericAsync(rule, request); var secret = await GetSecretAsync(rule.WebhookSecret); var signature = request.Headers[GitHubWebhookSignatureValidator.GitHubWebhookSignatureHeader]; bool isValid = GitHubWebhookSignatureValidator.IsValid(payloadContent, signature, secret); return(payloadContent); }
public void VerifyMatchesGitHubTestCase() { var signature = "sha1=d03207e4b030cf234e3447bac4d93add4c6643d8"; var secret = "mysecret"; var payload = "{\"foo\":\"bar\"}"; var payloadBytes = Encoding.UTF8.GetBytes(payload); var isValid = GitHubWebhookSignatureValidator.IsValid(payloadBytes, signature, secret); Assert.IsTrue(isValid); }
private string ReadAndVerifyContent(byte[] contentBytes, string signature) { var secret = GetGitHubAppWebhookSecret(); var isValid = GitHubWebhookSignatureValidator.IsValid(contentBytes, signature, secret); if (!isValid) { throw new CheckEnforcerSecurityException("Webhook signature validation failed."); } var content = Encoding.UTF8.GetString(contentBytes); return(content); }
private async Task <byte[]> ReadAndValidateContentFromGitHubAsync(GitHubRule rule, HttpRequest request) { var payloadContent = await ReadAndValidateContentFromGenericAsync(rule, request); var secret = await GetSecretAsync(rule.WebhookSecret); var signature = request.Headers[GitHubWebhookSignatureValidator.GitHubWebhookSignatureHeader]; bool isValid = GitHubWebhookSignatureValidator.IsValid(payloadContent, signature, secret); if (!isValid) { throw new RouterAuthorizationException("Signature validation failed."); } return(payloadContent); }