public SigningOutput SignContent(string serializedRequest)
{
var hashManager = new HashManager();
var privateKey = KeyStoreAdapter.GetPrivateKeyForUser(SignatoryReference);
var envolope = SigningEnvelope <string> .Create(serializedRequest, SignatoryReference, SignatoryEmail, SignatoryIpAddress);
var hashSigningContent = hashManager.HashContent(envolope.Body);
var rsaEncryptor = new Chilkat.Rsa {
EncodingMode = EncodingMode
};
rsaEncryptor.ImportPrivateKey(privateKey);
var encryptedSignContentHash = rsaEncryptor.EncryptStringENC(hashSigningContent, true);
envolope.AddEncryptedHashForBody(encryptedSignContentHash);
var symmetricKey = KeyStoreAdapter.GetSymmetricKeyForUser(SignatoryReference);
var serializedSignedContent = JsonConvert.SerializeObject(envolope);
var encryptedSignedString = Encrypt(serializedSignedContent, symmetricKey);
return(SigningOutput.Create(encryptedSignedString, SignatoryReference));
}
public void WhenKeyNotFoundAndCreateNewIsFalse_ThenGetRsaKeyAsyncReturnsNull()
{
var adapter = new KeyStoreAdapter();
Assert.IsNull(adapter.CreateRsaKey(
KeyName,
CngKeyUsages.Signing,
false,
null));
}
public SigningEnvelope <T> DecryptSignedContent <T>(string encryptedSignedContent, string signatory)
{
var symmetricKey = KeyStoreAdapter.GetSymmetricKeyForUser(signatory);
var decryptedEnvolope = Decrypt(encryptedSignedContent, symmetricKey);
var decryptedContent = JsonConvert.DeserializeObject <SigningEnvelope <T> >(decryptedEnvolope);
return(decryptedContent);
}
public async Task WhenKeyNotFoundAndCreateNewIsFalse_ThenGetRsaKeyAsyncReturnsNull()
{
var adapter = new KeyStoreAdapter(
CngProvider.MicrosoftSoftwareKeyStorageProvider,
KeySize);
Assert.IsNull(await adapter.CreateRsaKeyAsync(
KeyName,
CngKeyUsages.Signing,
false,
null));
}
public void WhenKeyNotFoundAndCreateNewIsTrue_ThenGetRsaKeyAsyncReturnsNewKey()
{
var adapter = new KeyStoreAdapter();
var key = adapter.CreateRsaKey(
KeyName,
CngKeyUsages.Signing,
true,
null);
Assert.IsNotNull(key);
Assert.AreEqual("RSA", key.SignatureAlgorithm);
}
public async Task WhenKeyNotFoundAndCreateNewIsTrue_ThenGetRsaKeyAsyncReturnsNewKey()
{
var adapter = new KeyStoreAdapter(
CngProvider.MicrosoftSoftwareKeyStorageProvider,
KeySize);
var key = await adapter.CreateRsaKeyAsync(
KeyName,
CngKeyUsages.Signing,
true,
null);
Assert.IsNotNull(key);
Assert.AreEqual("RSA", key.SignatureAlgorithm);
}
public void WhenKeyExistsButUsageDoesNotMatch_ThenGetRsaKeyAsyncReturnsKey()
{
var adapter = new KeyStoreAdapter();
var key1 = adapter.CreateRsaKey(
KeyName,
CngKeyUsages.Signing,
true,
null);
Assert.Throws <CryptographicException>(
() => adapter.CreateRsaKey(
KeyName,
CngKeyUsages.Decryption,
false,
null));
}
public async Task WhenKeyExistsButUsageDoesNotMatch_ThenGetRsaKeyAsyncReturnsKey()
{
var adapter = new KeyStoreAdapter(
CngProvider.MicrosoftSoftwareKeyStorageProvider,
KeySize);
var key1 = await adapter.CreateRsaKeyAsync(
KeyName,
CngKeyUsages.Signing,
true,
null);
AssertEx.ThrowsAggregateException <CryptographicException>(
() => adapter.CreateRsaKeyAsync(
KeyName,
CngKeyUsages.Decryption,
false,
null).Wait());
}
public void WhenKeyExists_ThenGetRsaKeyAsyncReturnsKey()
{
var adapter = new KeyStoreAdapter();
var key1 = adapter.CreateRsaKey(
KeyName,
CngKeyUsages.Signing,
true,
null);
var key2 = adapter.CreateRsaKey(
KeyName,
CngKeyUsages.Signing,
false,
null);
Assert.IsNotNull(key2);
Assert.AreEqual(key1.ExportParameters(false).Modulus, key2.ExportParameters(false).Modulus);
Assert.AreEqual(key1.ExportParameters(false).Exponent, key2.ExportParameters(false).Exponent);
}
public async Task WhenKeyExists_ThenGetRsaKeyAsyncReturnsKey()
{
var adapter = new KeyStoreAdapter(
CngProvider.MicrosoftSoftwareKeyStorageProvider,
KeySize);
var key1 = await adapter.CreateRsaKeyAsync(
KeyName,
CngKeyUsages.Signing,
true,
null);
var key2 = await adapter.CreateRsaKeyAsync(
KeyName,
CngKeyUsages.Signing,
false,
null);
Assert.IsNotNull(key2);
Assert.AreEqual(key1.ExportParameters(false).Modulus, key2.ExportParameters(false).Modulus);
Assert.AreEqual(key1.ExportParameters(false).Exponent, key2.ExportParameters(false).Exponent);
}
public VerificationResult <string> VerifySignature(DigitalSignature <string> signature)
{
var verificationResults = new VerificationResult <string>();
var hashManager = new HashManager();
var envelope = DecryptSignedContent <string>(signature.SignedContent, signature.SignatoryReference);
if (envelope == null)
{
verificationResults.SignatoryMatchedToSignature = false;
return(verificationResults);
}
var hashCurrentBody = hashManager.HashContent(envelope.Body);
var publicKey = KeyStoreAdapter.GetPublicKeyForUser(signature.SignatoryReference);
// Decrypt hash with public key to ensure there is no tampering and content is still the same
var rsaDecryptor = new Chilkat.Rsa {
EncodingMode = EncodingMode
};
rsaDecryptor.ImportPublicKey(publicKey);
var decryptedoriginalHash = rsaDecryptor.DecryptStringENC(envelope.Header.EncryptedBodyHashSignature, false);
var signitureMatch = hashCurrentBody == decryptedoriginalHash;
verificationResults.IpAddress = envelope.Body?.IpAddress;
verificationResults.SignatoryEmailAddress = envelope.Body?.EmailAddress;
verificationResults.SignatoryMatchedToSignature = true;
verificationResults.SignedContentMatchesToSignature = signitureMatch;
verificationResults.ExpectedContent = signature.OriginalContent;
verificationResults.SignedContent = envelope?.Body?.Content;
return(verificationResults);
}
