public void LookupATrustCertificateTest() { var test = new ReceiptQrCode(QRCODE1); string certSerial = test.CertificateSerial; // Lookup needs serial in decimal int certificateSerialDecimal = Convert.ToInt32(certSerial, 16); Assert.Equal(2065058440, certificateSerialDecimal); // Sample A-Trust lookup for above serial var result = CertificateLookup.ATrust(certificateSerialDecimal); string cert64Encoded = Convert.ToBase64String(result.CertificateBinary); Assert.Equal(CERT64ENCODED, cert64Encoded); }
public static IActionResult Run([HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req, TraceWriter log) { // TODO: Proper error handling, proper monitoring (Application Insights) log.Info("C# HTTP trigger function processed a request."); string requestBody = new StreamReader(req.Body).ReadToEnd(); var data = JsonConvert.DeserializeObject <VerificationParameters>(requestBody); // Short-circuit out of here if signature is invalid anyways byte[] signature = Convert.FromBase64String(data.Signature); if (64 != signature.Length) { return(new BadRequestObjectResult("Signature is not 64 bytes in length")); } // TODO: A-Trust hardcoded, would be data.Authority switch // TODO: Here we would be adding the caching logic for the certificates (hash of authority & cert# for lookup) var certificateLookupResult = CertificateLookup.ATrust(data.CertificateNumber); // TODO: Assuming valid lookup, would need checking certificateLookupResult.Found var cert = new X509Certificate2(certificateLookupResult.CertificateBinary); // https://stackoverflow.com/a/38235996/141927 using (ECDsa ecdsa = cert.GetECDsaPublicKey()) { if (ecdsa != null) { bool valid = ecdsa.VerifyHash(Convert.FromBase64String(data.HashToVerify), signature); return((ActionResult) new OkObjectResult(valid)); } else { return(new NotFoundResult()); } } }