public static async Task <string> Run(SignOptions options)
{
var serviceProvider = new ServiceCollection()
.AddHttpMessageSigning()
.BuildServiceProvider();
var requestSignerFactory = serviceProvider.GetRequiredService <IRequestSignerFactory>();
ISignatureAlgorithm signatureAlgorithm;
if (string.IsNullOrEmpty(options.KeyType) || options.KeyType.Equals("RSA", StringComparison.OrdinalIgnoreCase))
{
signatureAlgorithm = RSASignatureAlgorithm.CreateForSigning(HashAlgorithmName.SHA512, KeyReader.ReadRSA(options.PrivateKey));
}
else if (options.KeyType.Equals("P256", StringComparison.OrdinalIgnoreCase) || options.KeyType.Equals("ECDSA", StringComparison.OrdinalIgnoreCase))
{
signatureAlgorithm = ECDsaSignatureAlgorithm.CreateForSigning(HashAlgorithmName.SHA512, KeyReader.ReadECDsaPrivate(options.PrivateKey));
}
else if (options.KeyType.Equals("HMAC", StringComparison.OrdinalIgnoreCase))
{
signatureAlgorithm = SignatureAlgorithm.CreateForSigning(options.PrivateKey, HashAlgorithmName.SHA512);
}
else
{
throw new NotSupportedException("The specified key type is not supported.");
}
if (!string.IsNullOrEmpty(options.Algorithm) &&
!options.Algorithm.StartsWith("rsa", StringComparison.OrdinalIgnoreCase) &&
!options.Algorithm.StartsWith("hmac", StringComparison.OrdinalIgnoreCase) &&
!options.Algorithm.StartsWith("ecdsa", StringComparison.OrdinalIgnoreCase))
{
signatureAlgorithm = new CustomSignatureAlgorithm(options.Algorithm);
}
var signingSettings = new SigningSettings {
SignatureAlgorithm = signatureAlgorithm,
EnableNonce = false,
DigestHashAlgorithm = HashAlgorithmName.SHA256,
AutomaticallyAddRecommendedHeaders = false,
Headers = options.Headers
?.Split(new[] { ' ', ',' }, StringSplitOptions.RemoveEmptyEntries)
.Select(h => new HeaderName(h))
.ToArray()
};
var signer = requestSignerFactory.Create(
new KeyId("test"),
signingSettings);
var created = DateTimeOffset.UtcNow;
if (!string.IsNullOrEmpty(options.Created))
{
var createdUnix = int.Parse(options.Created);
created = DateTimeOffset.FromUnixTimeSeconds(createdUnix);
}
var expires = signingSettings.Expires;
if (!string.IsNullOrEmpty(options.Expires))
{
var expiresUnix = int.Parse(options.Expires);
var expiresAbsolute = DateTimeOffset.FromUnixTimeSeconds(expiresUnix);
expires = expiresAbsolute - created;
}
await signer.Sign(options.Message, created, expires);
var serializedMessage = HttpMessageSerializer.Serialize(options.Message);
return(serializedMessage);
}
public static async Task <bool> Run(VerifyOptions options)
{
ISignatureAlgorithm signatureAlgorithm;
if (string.IsNullOrEmpty(options.KeyType) || options.KeyType.Equals("RSA", StringComparison.OrdinalIgnoreCase))
{
signatureAlgorithm = RSASignatureAlgorithm.CreateForVerification(HashAlgorithmName.SHA512, KeyReader.ReadRSA(options.PublicKey));
}
else if (options.KeyType.Equals("P256", StringComparison.OrdinalIgnoreCase) || options.KeyType.Equals("ECDSA", StringComparison.OrdinalIgnoreCase))
{
signatureAlgorithm = ECDsaSignatureAlgorithm.CreateForVerification(HashAlgorithmName.SHA512, KeyReader.ReadECDsaPublic(options.PublicKey));
}
else if (options.KeyType.Equals("HMAC", StringComparison.OrdinalIgnoreCase))
{
signatureAlgorithm = SignatureAlgorithm.CreateForVerification(options.PublicKey, HashAlgorithmName.SHA512);
}
else
{
throw new NotSupportedException("The specified key type is not supported.");
}
var serviceProvider = new ServiceCollection()
.AddHttpMessageSignatureVerification(provider => {
var clientStore = new InMemoryClientStore();
clientStore.Register(new Client(
new KeyId("test"),
"ConformanceClient",
signatureAlgorithm,
TimeSpan.FromSeconds(30),
TimeSpan.FromMinutes(1)));
return(clientStore);
})
.BuildServiceProvider();
var verifier = serviceProvider.GetRequiredService <IRequestSignatureVerifier>();
var verificationResult = await verifier.VerifySignature(options.Message, new SignedRequestAuthenticationOptions {
OnSignatureParsed = options.ModifyParsedSignature
});
return(verificationResult is RequestSignatureVerificationResultSuccess);
}
