/// <summary>
/// Enqueue message thread safe
/// </summary>
/// <param name="message"></param>
internal void AddMessageToQueue(SinricMessage message)
{
var payloadJson = JsonConvert.SerializeObject(message.Payload);
message.RawPayload = new JRaw(payloadJson);
// compute the signature using our secret key so that the service can verify authenticity
message.Signature.Hmac = HmacSignature.Signature(payloadJson, SecretKey);
OutgoingMessages.Enqueue(message);
Debug.Print("Queued websocket message for sending");
}
internal static bool ValidateMessageSignature(SinricMessage message, string secretKey)
{
var payloadString = message.RawPayload?.Value as string;
if (!string.IsNullOrEmpty(payloadString))
{
// if the message contains a payload then we need to validate its signature
// todo validate timestamp of message, must be within X seconds of local clock, and must be > than the last message time received to protect against replay attacks
// compute a local signature from the raw payload using our secret key:
var signature = HmacSignature.Signature(payloadString, secretKey);
// compare the locally computed signature with the one supplied in the message:
return(signature == message.Signature.Hmac);
}
return(true);
}