32 lines
1.2 KiB
C#
32 lines
1.2 KiB
C#
using System.Security.Cryptography;
|
|
using System.Text;
|
|
|
|
namespace PatchProbe.Cli.Auth;
|
|
|
|
internal sealed class EcdsaRequestAuthenticator(IDeviceCredentialStore store) : IRequestAuthenticator
|
|
{
|
|
public Task AuthenticateAsync(HttpRequestMessage request, string requestBody, CancellationToken ct = default)
|
|
{
|
|
if (!store.IsEnrolled)
|
|
return Task.CompletedTask;
|
|
|
|
var creds = store.Load();
|
|
|
|
using var ecdsa = ECDsa.Create();
|
|
ecdsa.ImportPkcs8PrivateKey(Convert.FromBase64String(creds.PrivateKeyPkcs8), out _);
|
|
|
|
var timestamp = DateTimeOffset.UtcNow.ToUnixTimeMilliseconds().ToString();
|
|
var bodyHash = Convert.ToBase64String(SHA256.HashData(Encoding.UTF8.GetBytes(requestBody)));
|
|
|
|
// Signed message: deviceId LF timestamp LF sha256(body)
|
|
var message = Encoding.UTF8.GetBytes($"{creds.DeviceId}\n{timestamp}\n{bodyHash}");
|
|
var signature = Convert.ToBase64String(ecdsa.SignData(message, HashAlgorithmName.SHA256));
|
|
|
|
request.Headers.Add("X-Device-Id", creds.DeviceId);
|
|
request.Headers.Add("X-Timestamp", timestamp);
|
|
request.Headers.Add("X-Signature", signature);
|
|
|
|
return Task.CompletedTask;
|
|
}
|
|
}
|