private static void CheckSignature(HttpRequestData request, IdentityProvider idp, IOptions options)
{
// Can't use the query string params as found in HttpReqeustData
// because they are already unescaped and we need the exact format
// of the original data.
var rawQueryStringParams = request.Url.Query.TrimStart('?').Split('&').Select(qp => qp.Split('='))
.ToDictionary(kv => kv[0], kv => kv[1]);
var msgParam = "";
string msg;
if (rawQueryStringParams.TryGetValue("SAMLRequest", out msg))
{
msgParam = "SAMLRequest=" + msg;
}
else
{
msgParam = "SAMLResponse=" + rawQueryStringParams["SAMLResponse"];
}
var relayStateParam = "";
string relayState;
if (rawQueryStringParams.TryGetValue("RelayState", out relayState))
{
relayStateParam = "&RelayState=" + relayState;
}
var signedString = string.Format(CultureInfo.InvariantCulture, "{0}{1}&SigAlg={2}", msgParam,
relayStateParam, rawQueryStringParams["SigAlg"]);
var sigAlg = request.QueryString["SigAlg"].Single();
XmlHelpers.ValidateSignatureMethodStrength(options.SPOptions.MinIncomingSigningAlgorithm, sigAlg);
var signatureDescription = (SignatureDescription)CryptographyExtensions.CreateAlgorithmFromName(sigAlg);
var hashAlg = signatureDescription.CreateDigest();
hashAlg.ComputeHash(Encoding.UTF8.GetBytes(signedString));
var signature = Convert.FromBase64String(request.QueryString["Signature"].Single());
if (!idp.SigningKeys.Any(kic =>
signatureDescription
.CreateDeformatter(((AsymmetricSecurityKey)kic.CreateKey()).GetAsymmetricAlgorithm(sigAlg, false))
.VerifySignature(hashAlg, signature)))
{
throw new InvalidSignatureException(string.Format(CultureInfo.InvariantCulture,
"Message from {0} failed signature verification", idp.EntityId.Id));
}
}
public static string SignAndEncryptData <T>(
T model,
string apiSigningKey,
string bankKey)
where T : class
{
// Sign data with api private key
using (var rsa = RSA.Create())
{
RsaExtensions.FromXmlString(rsa, apiSigningKey);
var aesParams = CryptographyExtensions.GenerateKey();
var key = Convert.FromBase64String(aesParams[0]);
var iv = Convert.FromBase64String(aesParams[1]);
var serializedModel = JsonConvert.SerializeObject(model);
var dataObject = new
{
Model = serializedModel,
Timestamp = DateTime.UtcNow
};
var data = JsonConvert.SerializeObject(dataObject);
var signature = Convert.ToBase64String(rsa
.SignData(Encoding.UTF8.GetBytes(data), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1));
// Encrypt with bank public key
string encryptedKey;
string encryptedIv;
using (var encryptionRsa = RSA.Create())
{
RsaExtensions.FromXmlString(encryptionRsa, bankKey);
encryptedKey = Convert.ToBase64String(encryptionRsa.Encrypt(key, RSAEncryptionPadding.Pkcs1));
encryptedIv = Convert.ToBase64String(encryptionRsa.Encrypt(iv, RSAEncryptionPadding.Pkcs1));
}
var encryptedData = Convert.ToBase64String(CryptographyExtensions.Encrypt(data, key, iv));
var json = new
{
EncryptedKey = encryptedKey,
EncryptedIv = encryptedIv,
Data = encryptedData,
Signature = signature
};
var serializedJson = JsonConvert.SerializeObject(json);
var request = Convert.ToBase64String(Encoding.UTF8.GetBytes(serializedJson));
return(request);
}
}
private string SignAndEncryptData(CentralApiSubmitTransferDto model)
{
using (var rsa = RSA.Create())
{
RsaExtensions.FromXmlString(rsa, this.bankConfiguration.Key);
var aesParams = CryptographyExtensions.GenerateKey();
var key = Convert.FromBase64String(aesParams[0]);
var iv = Convert.FromBase64String(aesParams[1]);
var serializedModel = JsonConvert.SerializeObject(model);
var dataObject = new
{
Model = serializedModel,
Timestamp = DateTime.UtcNow
};
var data = JsonConvert.SerializeObject(dataObject);
var signature = Convert.ToBase64String(rsa
.SignData(Encoding.UTF8.GetBytes(data), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1));
string encryptedKey;
string encryptedIv;
using (var encryptionRsa = RSA.Create())
{
RsaExtensions.FromXmlString(encryptionRsa, this.bankConfiguration.CentralApiPublicKey);
encryptedKey = Convert.ToBase64String(encryptionRsa.Encrypt(key, RSAEncryptionPadding.Pkcs1));
encryptedIv = Convert.ToBase64String(encryptionRsa.Encrypt(iv, RSAEncryptionPadding.Pkcs1));
}
var encryptedData = Convert.ToBase64String(CryptographyExtensions.Encrypt(data, key, iv));
var json = new
{
BankName = this.bankConfiguration.BankName,
BankSwiftCode = this.bankConfiguration.UniqueIdentifier,
BankCountry = this.bankConfiguration.Country,
EncryptedKey = encryptedKey,
EncryptedIv = encryptedIv,
Data = encryptedData,
Signature = signature
};
var jsonRequest = JsonConvert.SerializeObject(json);
var encryptedRequest = Convert.ToBase64String(Encoding.UTF8.GetBytes(jsonRequest));
return(encryptedRequest);
}
}
private static void SMixUnsafe(uint[] B, int Boffset, uint[] Bp, int Bpoffset, uint N, int r)
{
unsafe {
uint Nmask = N - 1;
int Bs = 16 * 2 * r;
uint *scratch1 = stackalloc uint[16] /*, scratch2 = stackalloc uint[16]*/;
uint *scratchX = stackalloc uint[16], scratchY = stackalloc uint[Bs];
uint *scratchZ = stackalloc uint[Bs];
uint *x = stackalloc uint[Bs];
var v = new uint[N][];
for (int i = 0; i < v.Length; i++)
{
v[i] = new uint[Bs];
}
CopyUints(B, Boffset, x, Bs);
for (uint i = 0; i < N; i++)
{
CopyUints(x, v[i], 0, Bs);
BlockMix(x, 0, x, 0, scratchX, scratchY, scratch1, /*scratch2,*/ r);
}
for (uint i = 0; i < N; i++)
{
uint j = x[Bs - 16] & Nmask;
uint[] vj = v[j];
for (int k = 0; k < Bs; k++)
{
scratchZ[k] = x[k] ^ vj[k];
}
BlockMix(scratchZ, 0, x, 0, scratchX, scratchY, scratch1, /*scratch2,*/ r);
}
CopyUints(x, Bp, Bpoffset, Bs);
for (int i = 0; i < v.Length; i++)
{
v[i].SecureWipe();
}
CryptographyExtensions.WipeMemory(x, Bs);
CryptographyExtensions.WipeMemory(scratchX, 16);
CryptographyExtensions.WipeMemory(scratchY, Bs);
CryptographyExtensions.WipeMemory(scratchZ, Bs);
CryptographyExtensions.WipeMemory(scratch1, 16);
//CryptographyExtensions.WipeMemory(scratch2, 16);
}
}
private static string AddSignature(string queryString, ISaml2Message message)
{
string signingAlgorithmUrl = message.SigningAlgorithm;
queryString += "&SigAlg=" + Uri.EscapeDataString(signingAlgorithmUrl);
var signatureDescription = (SignatureDescription)CryptographyExtensions.CreateAlgorithmFromName(signingAlgorithmUrl);
HashAlgorithm hashAlg = signatureDescription.CreateDigest();
hashAlg.ComputeHash(Encoding.UTF8.GetBytes(queryString));
AsymmetricSignatureFormatter asymmetricSignatureFormatter =
signatureDescription.CreateFormatter(
EnvironmentHelpers.IsNetCore ? message.SigningCertificate.PrivateKey :
((RSACryptoServiceProvider)message.SigningCertificate.PrivateKey)
.GetSha256EnabledRSACryptoServiceProvider());
byte[] signatureValue = asymmetricSignatureFormatter.CreateSignature(hashAlg);
queryString += "&Signature=" + Uri.EscapeDataString(Convert.ToBase64String(signatureValue));
return(queryString);
}
public override ProductBlockchain Create(ProductBlockchain blockchain)
{
var rand = new Random(); //random integer
var currentTime = DateTime.Now; //current date time
var word = "";
var last = GetAll().OrderByDescending(x => x.Id).FirstOrDefault(); //get last record hash if exists
if (blockchain.ProductId is null)
{
word = $"{last?.Hash}:{blockchain.Comment}:{currentTime.ToString()}:{rand.ToString()}"; //create new blockchain record
}
else
{
word = $"{last?.Hash}:{blockchain.Comment}:{blockchain.ProductId}:{currentTime.ToString()}:{rand.ToString()}"; //forming new blockchain record
}
blockchain.Hash = CryptographyExtensions.GetHashSha256(word);
return(base.Create(blockchain));
}
public async Task <IActionResult> LogIn(LoginModel model)
{
if (!ModelState.IsValid)
{
return(View("LogIn"));
}
var hashedBytes = CryptographyExtensions.HashPasswordSha512(model.Password);
var isAuthenticated = await _sql.AuthenticateUser(model.Username, hashedBytes).ConfigureAwait(false);
if (!isAuthenticated)
{
return(View("LogIn"));
}
var claims = new List <Claim>
{
new Claim(ClaimTypes.Name, model.Username)
};
var principal = new ClaimsPrincipal(new ClaimsIdentity(claims, "login"));
await HttpContext.SignInAsync(principal).ConfigureAwait(false);
return(Redirect("/Home/RaidEfforts"));
}
public void Saml2RedirectBinding_Bind_AddsSignature()
{
var actual = CreateAndBindMessageWithSignature();
var queryParams = HttpUtility.ParseQueryString(actual.Location.Query);
var query = actual.Location.Query.TrimStart('?');
var signedData = query.Split(new[] { "&Signature=" }, StringSplitOptions.None)[0];
var sigalg = queryParams["SigAlg"];
var signatureDescription = (SignatureDescription)CryptographyExtensions
.CreateAlgorithmFromName(sigalg);
var hashAlg = signatureDescription.CreateDigest();
hashAlg.ComputeHash(Encoding.UTF8.GetBytes(signedData));
var asymmetricSignatureDeformatter = signatureDescription.CreateDeformatter(
SignedXmlHelper.TestCert.PublicKey.Key);
asymmetricSignatureDeformatter.VerifySignature(
hashAlg, Convert.FromBase64String(queryParams["Signature"]))
.Should().BeTrue("signature should be valid");
}
public string CreateIv()
{
return(CryptographyExtensions.GenerateString(16));
}
