public CardSavrResponse(HttpResponseMessage response) { StatusCode = response.StatusCode; string value = ApiUtil.GetSingleHeaderValue(response.Headers, "x-cardsavr-paging"); if (value != null) { log.Debug($"found server paging header: \"{value}\""); Paging = Paging.FromHeader(value); } }
private void VerifyResponseSignature(Uri uri, HttpResponseMessage response, string body) { string auth = ApiUtil.GetSingleHeaderValue(response.Headers, "authorization"); string nonce = ApiUtil.GetSingleHeaderValue(response.Headers, "nonce"); string toSign = $"{uri.PathAndQuery}{auth}{nonce}{body ?? ""}"; string signature = ApiUtil.GetSingleHeaderValue(response.Headers, "signature"); if (auth == null || auth == "") { log.Debug("Not an authorized response, probably merchants endpoint"); } else if (!HashUtil.HmacVerify(toSign, GetEncryptionKey(), signature)) { log.Error($"failed to verify signature \"{signature}\"; auth=({auth}), nonce=({nonce})"); throw new InvalidSignatureException($"{uri.PathAndQuery}, expected={signature}"); } log.Debug($"verified response-signature \"{signature}\""); }