/// <summary> /// Verifies whether envelope data match the AuthCode signature. /// </summary> /// <param name="envelope">Envelope to verify.</param> /// <returns>True if valid.</returns> public bool VerifyEnvelopeSignature(MrpEnvelope envelope) { var encodingParams = Convert.FromBase64String(envelope.EncodedBody.EncodingParams); var encodedData = Convert.FromBase64String(envelope.EncodedBody.EncodedData); return(envelope.EncodedBody.AuthCode == this.SignData(encodingParams.Concat(encodedData).ToArray())); }
private MrpResponse ParseResponseData(MrpEnvelope mrpEnvelope) { if (mrpEnvelope.Body?.MrpResponse != null) { return(mrpEnvelope.Body.MrpResponse); } var data = Convert.FromBase64String(mrpEnvelope.EncodedBody.EncodedData); var responseParams = DeserializeFromXmlString <MrpEncodingParams>(Encoding.UTF8.GetString(Convert.FromBase64String(mrpEnvelope.EncodedBody.EncodingParams))); if (responseParams.Encryption == "aes") { if (!this.config.UseEncryption) { /* BUG: Response is encrypted, but we don't have secret key to decrypt it. * Happens when server is set to require encryption, but request was plaintext. * Let's just assume response contained error requesting encrypted/authenticated communication. */ return(new MrpResponse() { Status = new Status() { Error = new Error() { ErrorCode = "-1", ErrorClass = "", ErrorMessage = "Je vyžadována autentizace." } } }); } var crypto = new Cryptography(this.config.SecretKey, responseParams.VarKey); if (!crypto.VerifyEnvelopeSignature(mrpEnvelope)) { // Signature doesn't match, assume forged response throw new Exception("Neplatný autentizační kód v elementu \"authCode\"!"); } data = crypto.DecryptData(data); } if (responseParams.Compression == "zlib") { data = Compression.Inflate(data); } return(DeserializeFromXmlString <MrpResponse>(Encoding.UTF8.GetString(data))); }
public async Task <T> PostAsync <T>(Data requestData) where T : IResponse { if (this.httpClient == null) { this.httpClient = new HttpClient(); } if (this.config.Timeout != default) { this.httpClient.Timeout = this.config.Timeout; } var crypto = new Cryptography(this.config.SecretKey); var mrpEnvelope = new MrpEnvelope(); var mrpRequest = new MrpRequest() { Request = new Request() { Command = (MrpCommands)Enum.Parse(typeof(MrpCommands), typeof(T).Name) }, Data = requestData }; if (this.config.UseEncryption || this.config.UseCompression) { var data = Encoding.UTF8.GetBytes(SerializeToXmlString <MrpRequest>(mrpRequest)); var mrpEncodingParams = new MrpEncodingParams(); if (this.config.UseCompression) { mrpEncodingParams.Compression = "zlib"; data = Compression.Deflate(data, this.config.CompressionLevel); } if (this.config.UseEncryption) { mrpEncodingParams.Encryption = "aes"; data = crypto.EncryptData(data); mrpEncodingParams.VarKey = crypto.GetVariantKey(); } var encodingParams = Encoding.UTF8.GetBytes(SerializeToXmlString <MrpEncodingParams>(mrpEncodingParams)); mrpEnvelope.EncodedBody = new EncodedBody() { EncodingParams = Convert.ToBase64String(encodingParams), EncodedData = Convert.ToBase64String(data), }; if (this.config.UseEncryption) { mrpEnvelope.EncodedBody.Authentication = "hmac_sha256"; mrpEnvelope.EncodedBody.AuthCode = crypto.SignData(encodingParams.Concat(data).ToArray()); } } else { mrpEnvelope.Body = new Body { MrpRequest = mrpRequest }; } return((T)await this.ProcessResponseAsync <T>( await this.httpClient.PostAsync( this.config.Url, new StringContent(SerializeToXmlString <MrpEnvelope>(mrpEnvelope), Encoding.UTF8, "application/xml")))); }