Initial Commit

PatchProbe.Cli/Auth/EcdsaRequestAuthenticator.cs

@@ -0,0 +1,31 @@
+using System.Security.Cryptography;
+using System.Text;
+
+namespace PatchProbe.Cli.Auth;
+
+internal sealed class EcdsaRequestAuthenticator(IDeviceCredentialStore store) : IRequestAuthenticator
+{
+    public Task AuthenticateAsync(HttpRequestMessage request, string requestBody, CancellationToken ct = default)
+    {
+        if (!store.IsEnrolled)
+            return Task.CompletedTask;
+
+        var creds = store.Load();
+
+        using var ecdsa = ECDsa.Create();
+        ecdsa.ImportPkcs8PrivateKey(Convert.FromBase64String(creds.PrivateKeyPkcs8), out _);
+
+        var timestamp = DateTimeOffset.UtcNow.ToUnixTimeMilliseconds().ToString();
+        var bodyHash = Convert.ToBase64String(SHA256.HashData(Encoding.UTF8.GetBytes(requestBody)));
+
+        // Signed message: deviceId LF timestamp LF sha256(body)
+        var message = Encoding.UTF8.GetBytes($"{creds.DeviceId}\n{timestamp}\n{bodyHash}");
+        var signature = Convert.ToBase64String(ecdsa.SignData(message, HashAlgorithmName.SHA256));
+
+        request.Headers.Add("X-Device-Id", creds.DeviceId);
+        request.Headers.Add("X-Timestamp", timestamp);
+        request.Headers.Add("X-Signature", signature);
+
+        return Task.CompletedTask;
+    }
+}