/// <summary>
/// Unmarshaller the response from the service to the response class.
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override AmazonWebServiceResponse Unmarshall(JsonUnmarshallerContext context)
{
SignResponse response = new SignResponse();
context.Read();
int targetDepth = context.CurrentDepth;
while (context.ReadAtDepth(targetDepth))
{
if (context.TestExpression("KeyId", targetDepth))
{
var unmarshaller = StringUnmarshaller.Instance;
response.KeyId = unmarshaller.Unmarshall(context);
continue;
}
if (context.TestExpression("Signature", targetDepth))
{
var unmarshaller = MemoryStreamUnmarshaller.Instance;
response.Signature = unmarshaller.Unmarshall(context);
continue;
}
if (context.TestExpression("SigningAlgorithm", targetDepth))
{
var unmarshaller = StringUnmarshaller.Instance;
response.SigningAlgorithm = unmarshaller.Unmarshall(context);
continue;
}
}
return(response);
}
public void Reset()
{
_requestData = new fiskaltrust.ifPOS.v0.ReceiptRequest();
_responseData = null;
_signData = null;
LastError = string.Empty;
}
public Timestamp CreateTimeStamp(RequestSignatureType signatureType, DocumentBaseType document)
{
if (signatureType == null)
{
throw new ArgumentNullException("signatureType", "El valor no puede ser nulo.");
}
if (document == null)
{
throw new ArgumentNullException("document", "El valor no puede ser nulo.");
}
SignRequest request = BuildRequest(signatureType, document, null);
CreateTimeSoapClient tsaSoapClient = new CreateTimeSoapClient(_identity, _serverCert);
SignResponse response = tsaSoapClient.createTimeStamp(request);
if (ResultType.Success.Equals(response.Result.ResultMajor))
{
return(response.SignatureObject.Item as Timestamp);
}
else
{
throw new AfirmaResultException(response.Result.ResultMajor, response.Result.ResultMessage.Value);
}
}
public async Task SignAsync()
{
byte[] data = Encoding.UTF8.GetBytes("some text");
using (HttpClient httpClient = HttpClientHelper.GetHttpClient(this.serverUri))
{
var workload = new HttpWorkloadClient(httpClient)
{
BaseUrl = HttpClientHelper.GetBaseUrl(this.serverUri)
};
var payload = new SignRequest()
{
Algo = SignRequestAlgo.HMACSHA256,
Data = data,
KeyId = "primary"
};
SignResponse response = await workload.SignAsync(WorkloadApiVersion, "testModule", "1", payload);
string expected;
using (var algorithm = new HMACSHA256(Encoding.UTF8.GetBytes("key")))
{
expected = Convert.ToBase64String(algorithm.ComputeHash(data));
}
Assert.Equal(expected, Convert.ToBase64String(response.Digest));
}
}
async Task <SignResponse> SignAsyncWithRetry(HttpWorkloadClient hsmHttpClient, SignRequest signRequest)
{
var transientRetryPolicy = new RetryPolicy(TransientErrorDetectionStrategy, TransientRetryStrategy);
SignResponse response = await transientRetryPolicy.ExecuteAsync(() => hsmHttpClient.SignAsync(this.apiVersion, this.moduleId, this.generationId, signRequest));
return(response);
}
public Timestamp RenewTimeStamp(Timestamp previousTimestamp, DocumentBaseType document)
{
if (previousTimestamp == null)
{
throw new ArgumentNullException("previousTimestamp", "El valor no puede ser nulo.");
}
if (document == null)
{
throw new ArgumentNullException("document", "El valor no puede ser nulo.");
}
SignRequest request = BuildRequest(RequestSignatureType.XML, document, previousTimestamp);
RenewTimeSoapClient tsaSoapClient = new RenewTimeSoapClient(_identity, _serverCert);
SignResponse response = tsaSoapClient.renewTimeStamp(request);
if (ResultType.Success.Equals(response.Result.ResultMajor))
{
return(response.SignatureObject.Item as Timestamp);
}
else
{
throw new AfirmaResultException(response.Result.ResultMajor, response.Result.ResultMessage.Value);
}
}
private void TcpClient_Complated(object sender, CommonLib.Net.MessageModel e)
{
try
{
if (e.MessageId != 0x02)
{
return;
}
ServiceHelper.TcpClient.Complated -= TcpClient_Complated;
signResponse = JsonConvert.DeserializeObject <SignResponse>(e.Message);
if (signResponse != null)
{
//处理税款数据
SignSuccessData();
}
else
{
SignFilureData();
}
}
catch (Exception ex)
{
MessageBoxEx.Show(ex.Message);
}
}
private async Task <SignResponse> SignAsyncWithRetry(HttpHsmClient hsmHttpClient, string moduleId, string generationId, SignRequest signRequest)
{
var transientRetryPolicy = new RetryPolicy(TransientErrorDetectionStrategy, TransientRetryStrategy);
SignResponse response = await transientRetryPolicy.ExecuteAsync(() => hsmHttpClient.SignAsync(_apiVersion, moduleId, generationId, signRequest));
return(response);
}
private void _signTcpClient_Complated(object sender, MessageModel e)
{
try
{
if (e.MessageId == 0x03)
{
//返回错误
ErrorInfo erroInfo = JsonConvert.DeserializeObject <ErrorInfo>(e.Message);
if (erroInfo != null)
{
MessageBoxEx.Show(erroInfo.Description, MessageBoxButton.OK);
return;
}
}
if (e.MessageId != 0x02)
{
return;
}
signResponse = JsonConvert.DeserializeObject <SignResponse>(e.Message);
if (signResponse != null)
{
//处理税款数据
SignSuccessData();
}
else
{
SignFilureData();
}
}
catch (Exception ex)
{
MessageBoxEx.Show(ex.Message);
}
}
private Document ProcessResponseWithSignedDoc(SignResponse downloadResponse)
{
//check the download response
VerifyResponse(downloadResponse, "urn:oasis:names:tc:dss:1.0:resultmajor:Success", null);
//Return the downloaded document (we assume there is only a single document)
return(new Document(downloadResponse.OptionalOutputs.DocumentWithSignature.Document));
}
public async Task <string> SignAsync(string moduleId, string generationId, string data)
{
if (string.IsNullOrEmpty(moduleId))
{
throw new ArgumentNullException(nameof(moduleId));
}
if (string.IsNullOrEmpty(generationId))
{
throw new ArgumentNullException(nameof(generationId));
}
var signRequest = new SignRequest()
{
KeyId = DefaultKeyId,
Algo = DefaultSignRequestAlgo,
Data = Encoding.UTF8.GetBytes(data)
};
HttpClient httpClient = HttpClientHelper.GetHttpClient(_providerUri);
try
{
var hsmHttpClient = new HttpHsmClient(httpClient)
{
BaseUrl = HttpClientHelper.GetBaseUrl(_providerUri)
};
SignResponse response = await this.SignAsyncWithRetry(hsmHttpClient, moduleId, generationId, signRequest);
return(Convert.ToBase64String(response.Digest));
}
catch (Exception ex)
{
switch (ex)
{
case SwaggerException <ErrorResponse> errorResponseException:
throw new HttpHsmComunicationException(
$"Error calling SignAsync: {errorResponseException.Result?.Message ?? string.Empty}",
errorResponseException.StatusCode);
case SwaggerException swaggerException:
throw new HttpHsmComunicationException(
$"Error calling SignAsync: {swaggerException.Response ?? string.Empty}",
swaggerException.StatusCode);
default:
throw;
}
}
finally
{
httpClient.Dispose();
}
}
public StorageInfoDO Store(byte[] documentData, String contentType)
{
Console.WriteLine("Store");
// setup the client
SetupClient();
// create SignRequest
String requestId = "dss-sign-request-" + Guid.NewGuid().ToString();
SignRequest signRequest = new SignRequest();
signRequest.RequestID = requestId;
signRequest.Profile = DSSConstants.ARTIFACT_NAMESPACE;
// add "ReturnStorageInfo" optional input
AnyType optionalInputs = new AnyType();
XmlElement returnStorageInfoElement = GetElement("artifact", "ReturnStorageInfo", DSSConstants.ARTIFACT_NAMESPACE);
optionalInputs.Any = new XmlElement[] { returnStorageInfoElement };
signRequest.OptionalInputs = optionalInputs;
// add document
signRequest.InputDocuments = GetInputDocuments(documentData, contentType);
// operate
SignResponse signResponse = client.sign(signRequest);
// parse response
CheckResponse(signResponse, requestId);
try
{
ValidateResult(signResponse);
}
catch (NotParseableXMLDocumentException e)
{
throw new SystemException(e.Message, e);
}
// check profile
if (!signResponse.Profile.Equals(DSSConstants.ARTIFACT_NAMESPACE))
{
throw new SystemException("Unexpected SignResponse.Profile: " + signResponse.Profile);
}
// parse StorageInfo
DSSXSDNamespace.StorageInfo storageInfo = FindStorageInfo(signResponse);
if (null == storageInfo)
{
throw new SystemException("Missing StorageInfo");
}
return(new StorageInfoDO(storageInfo.Identifier, storageInfo.Validity.NotBefore, storageInfo.Validity.NotAfter));
}
public virtual void TestProcessSignResponse()
{
mockDataStore.Setup(x => x.GetSignSessionData(SESSION_ID))
.Returns(new SignSessionData(ACCOUNT_NAME, APP_ID_SIGN, SERVER_CHALLENGE_SIGN, USER_PUBLIC_KEY_SIGN_HEX));
var u2FServer = new U2FServerReferenceImpl(mockChallengeGenerator.Object, mockDataStore.Object, crypto,
TRUSTED_DOMAINS);
var signResponse = new SignResponse(BROWSER_DATA_SIGN_BASE64, SIGN_RESPONSE_DATA_BASE64,
SERVER_CHALLENGE_SIGN_BASE64, SESSION_ID, APP_ID_SIGN);
u2FServer.ProcessSignResponse(signResponse);
}
public Task <SignResponse> SignAsync(string api_version, string name, string genid, SignRequest payload)
{
using (var algorithm = new HMACSHA256(Encoding.UTF8.GetBytes("key")))
{
var response = new SignResponse()
{
Digest = algorithm.ComputeHash(payload.Data)
};
return(Task.FromResult(response));
}
}
private void GetUserData(SignResponse resp)
{
RestClient.Get <User>("https://shovel-database.firebaseio.com/Users/" + resp.localId + ".json?auth=" + resp.idToken).Then(response =>
{
user = response;
UserDataPool.signUpUser = user;
UserDataPool.resp = resp;
user.localId = resp.localId;
user.idToken = resp.idToken;
closeSignMenu();
});
}
/// <summary>
/// Downloads the document that was uploaded before and signed offline.
/// </summary>
/// <remarks>
/// The session is closed when the downloads finishes, it can't be reused afterward and should be removed from the storage.
/// </remarks>
/// <param name="session">The session linked to the uploaded document</param>
/// <returns>The document with signature, including id and mimeType</returns>
/// <exception cref="ArgumentException">When the signResponse isn't valid, including its signature</exception>
/// <exception cref="InvalidOperationException">When the e-contract service returns an error</exception>
public Document DownloadDocument(Dssp2StepSession session)
{
if (session == null)
{
throw new ArgumentNullException("session");
}
var client = CreateDSSPClient();
var downloadRequest = CreateDownloadRequest(session);
SignResponse downloadResponse = client.sign(downloadRequest);
return(ProcessResponseWithSignedDoc(downloadResponse));
}
/// <summary>
/// Add an eSeal to the document via the e-contract service.
/// </summary>
/// <remarks>
/// The application should authenticate, based on this authentication, the Digital Signature Service will
/// select a key to be used to seal the given document.
/// </remarks>
/// <param name="document">The document to seal</param>
/// <param name="properties">Signature properties</param>
/// <returns>The sealed document</returns>
public Document Seal(Document document, SignatureRequestProperties properties)
{
if (document == null)
{
throw new ArgumentNullException("document");
}
var client = CreateDSSPClient();
var request = CreateSealRequest(document, properties);
SignResponse response = client.sign(request);
return(ProcessResponseWithSignedDoc(response));
}
/// <summary>
/// Uploads a document to e-Contract for online signature.
/// </summary>
/// <remarks>
/// Uploads a document to e-Contract and returns the session for future references.
/// </remarks>
/// <param name="document">The document to be signed</param>
/// <returns>The session, required for the BROWSER/POST protocol and the download of the signed message</returns>
public DsspSession UploadDocument(Document document)
{
if (document == null)
{
throw new ArgumentNullException("document");
}
var client = CreateDSSPClient();
var request = CreateAsyncSignRequest(document, out var clientNonce);
SignResponse response = client.sign(request);
return(ProcessAsyncSignResponse(response, clientNonce));
}
private Dssp2StepSession Process2StepSignResponse(SignResponse signResponse)
{
//check the download response
VerifyResponse(signResponse, "urn:oasis:names:tc:dss:1.0:resultmajor:Success", "urn:oasis:names:tc:dss:1.0:resultminor:documentHash");
//Capture session info & store it
return(new Dssp2StepSession()
{
Signer = this.Signer,
CorrelationId = signResponse.OptionalOutputs.CorrelationID,
DigestAlgo = signResponse.OptionalOutputs.DocumentHash?.DigestMethod?.Algorithm,
DigestValue = signResponse.OptionalOutputs.DocumentHash?.DigestValue
});
}
public byte[] Sign(byte[] message)
{
using (var kmsClient = new AmazonKeyManagementServiceClient())
{
SignRequest signRequest = new SignRequest()
{
SigningAlgorithm = signingAlgorithm,
KeyId = keyId,
MessageType = MessageType.RAW,
Message = new MemoryStream(message)
};
SignResponse signResponse = kmsClient.SignAsync(signRequest).Result;
return(signResponse.Signature.ToArray());
}
}
// (currently, this test uses an enrollment browserdata during a signature)
public virtual void TestProcessSignResponse2()
{
mockDataStore.Setup(x => x.GetSignSessionData(SESSION_ID))
.Returns(new SignSessionData(ACCOUNT_NAME, APP_ID_2, SERVER_CHALLENGE_SIGN, USER_PUBLIC_KEY_2));
mockDataStore.Setup(x => x.GetSecurityKeyData(ACCOUNT_NAME))
.Returns(new List <SecurityKeyData>
{
new SecurityKeyData(0L, KEY_HANDLE_2, USER_PUBLIC_KEY_2, VENDOR_CERTIFICATE, 0)
});
var u2FServer = new U2FServerReferenceImpl(mockChallengeGenerator.Object, mockDataStore.Object, crypto, TRUSTED_DOMAINS);
var signResponse = new SignResponse(BROWSER_DATA_2_BASE64, SIGN_DATA_2_BASE64, CHALLENGE_2_BASE64, SESSION_ID, APP_ID_2);
u2FServer.ProcessSignResponse(signResponse);
}
public void SignInUser(string email, string password)
{
string userData = "{\"email\":\"" + email + "\", \"password\":\"" + password + "\"}";
RestClient.Post(url: "https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=" + AuthKey, userData).Then(onResolved: response =>
{
SignResponse r = JsonConvert.DeserializeObject <SignResponse>(response.Text);
localid = r.localid;
idToken = r.idToken;
success = true;
getUsername(localid);
}).Catch(error =>
{
success = false;
});
}
private DsspSession ProcessAsyncSignResponse(SignResponse response, byte[] clientNonce)
{
//Check response
VerifyResponse(response, "urn:oasis:names:tc:dss:1.0:profiles:asynchronousprocessing:resultmajor:Pending", null);
//Capture session info & store it
var securityTokenResponse = response.OptionalOutputs.RequestSecurityTokenResponseCollection.RequestSecurityTokenResponse[0];
return(new DsspSession()
{
ServerId = response.OptionalOutputs.ResponseID,
KeyId = securityTokenResponse.RequestedSecurityToken.SecurityContextToken.Identifier,
KeyValue = new Psha1DerivedKeyGenerator(clientNonce).GenerateDerivedKey(securityTokenResponse.Entropy.BinarySecret.Value, (int)securityTokenResponse.KeySize),
KeyReference = securityTokenResponse.RequestedUnattachedReference.SecurityTokenReference,
ExpiresOn = securityTokenResponse.Lifetime.Expires.Value
});
}
/// <summary>
/// Uploads the document to e-Contract for offline signature.
/// </summary>
/// <remarks>
/// Uploads a document to e-Contract and returns the session for easy signing.
/// </remarks>
/// <param name="document">The document to be signed</param>
/// <param name="properties">additional signing properties like location, role and visual signature</param>
/// <returns>The session, required to calculate the signature</returns>
public Dssp2StepSession UploadDocumentFor2Step(Document document, SignatureRequestProperties properties)
{
if (document == null)
{
throw new ArgumentNullException("document");
}
if (!(Signer?.HasPrivateKey ?? false && Signer?.PrivateKey is RSACryptoServiceProvider))
{
throw new InvalidOperationException("Singner must be set and have a private key");
}
var client = CreateDSSPClient();
var request = Create2StepSignRequest(document, properties);
SignResponse response = client.sign(request);
return(Process2StepSignResponse(response));
}
public async Task <string> SignAsync(string data)
{
var signRequest = new SignRequest
{
KeyId = DefaultKeyId,
Algo = DefaultSignRequestAlgo,
Data = Encoding.UTF8.GetBytes(data)
};
HttpClient httpClient = HttpClientHelper.GetHttpClient(this.providerUri);
try
{
var hsmHttpClient = new HttpWorkloadClient(httpClient)
{
BaseUrl = HttpClientHelper.GetBaseUrl(this.providerUri)
};
SignResponse response = await this.SignAsyncWithRetry(hsmHttpClient, signRequest);
return(Convert.ToBase64String(response.Digest));
}
catch (Exception ex)
{
switch (ex)
{
case IoTEdgedException <ErrorResponse> errorResponseException:
throw new HttpHsmCommunicationException(
$"Error calling SignAsync: {errorResponseException.Result?.Message ?? string.Empty}",
errorResponseException.StatusCode);
case IoTEdgedException ioTEdgedException:
throw new HttpHsmCommunicationException(
$"Error calling SignAsync: {ioTEdgedException.Response ?? string.Empty}",
ioTEdgedException.StatusCode);
default:
throw;
}
}
finally
{
httpClient.Dispose();
}
}
public bool Sign()
{
try
{
_requestData.cbChargeItems = _requestChargeItems.ToArray();
_requestData.cbPayItems = _requestPayItems.ToArray();
_responseData = _proxy.Sign(_requestData);
_signData = new SignResponse(_responseData);
return(true);
}
catch (Exception x)
{
LastError = x.Message;
return(false);
}
}
private DSSXSDNamespace.StorageInfo FindStorageInfo(SignResponse signResponse)
{
if (null == signResponse.OptionalOutputs)
{
return(null);
}
foreach (XmlElement optionalOutput in signResponse.OptionalOutputs.Any)
{
if (optionalOutput.NamespaceURI.Equals(DSSConstants.ARTIFACT_NAMESPACE) &&
optionalOutput.LocalName.Equals("StorageInfo"))
{
DSSXSDNamespace.StorageInfo storageInfo = (DSSXSDNamespace.StorageInfo)FromDom("StorageInfo",
DSSConstants.ARTIFACT_NAMESPACE, optionalOutput, typeof(DSSXSDNamespace.StorageInfo));
return(storageInfo);
}
}
return(null);
}
/// <summary>
/// Uploads the document to e-Contract for offline signature.
/// </summary>
/// <remarks>
/// Uploads a document to e-Contract and returns the session for easy signing.
/// </remarks>
/// <param name="document">The document to be signed</param>
/// <param name="properties">additional signing properties like location, role and visual signature</param>
/// <returns>The session, required to calculate the signature</returns>
public Dssp2StepSession UploadDocumentFor2Step(Document document, SignatureRequestProperties properties)
{
if (document == null)
{
throw new ArgumentNullException("document");
}
if ((SignerChain?.Length ?? 0) == 0 ||
SignerChain?[0] == null ||
!(SignerChain?[0].PrivateKey is RSACryptoServiceProvider))
{
throw new InvalidOperationException("SignerChain must be set and the end (first) certificate must have a private key");
}
var client = CreateDSSPClient();
var request = Create2StepSignRequest(document, properties);
SignResponse response = client.sign(request);
return(Process2StepSignResponse(response));
}
public override async Task <string> SignAsync(string keyId, string algorithm, string data)
{
var signRequest = new SignRequest
{
KeyId = keyId,
Algo = this.GetSignatureAlgorithm(algorithm),
Data = Encoding.UTF8.GetBytes(data)
};
using (HttpClient httpClient = HttpClientHelper.GetHttpClient(this.WorkloadUri))
{
var edgeletHttpClient = new HttpWorkloadClient(httpClient)
{
BaseUrl = HttpClientHelper.GetBaseUrl(this.WorkloadUri)
};
SignResponse response = await this.Execute(() => edgeletHttpClient.SignAsync(this.Version.Name, this.ModuleId, this.ModuleGenerationId, signRequest), "SignAsync");
return(Convert.ToBase64String(response.Digest));
}
}
private DSSXSDNamespace.DocumentWithSignature FindDocumentWithSignature(SignResponse signResponse)
{
if (null == signResponse.OptionalOutputs)
{
return(null);
}
foreach (XmlElement optionalOutput in signResponse.OptionalOutputs.Any)
{
if (optionalOutput.NamespaceURI.Equals(DSSConstants.DSS_NAMESPACE) &&
optionalOutput.LocalName.Equals("DocumentWithSignature"))
{
DSSXSDNamespace.DocumentWithSignature documentWithSignature = (DSSXSDNamespace.DocumentWithSignature)
FromDom("DocumentWithSignature", DSSConstants.DSS_NAMESPACE, optionalOutput,
typeof(DSSXSDNamespace.DocumentWithSignature));
return(documentWithSignature);
}
}
return(null);
}
public void Reset()
{
_requestData = new fiskaltrust.ifPOS.v0.ReceiptRequest();
_responseData = null;
_signData = null;
LastError = string.Empty;
}
private DSSXSDNamespace.DocumentWithSignature FindDocumentWithSignature(SignResponse signResponse)
{
if (null == signResponse.OptionalOutputs)
{
return null;
}
foreach (XmlElement optionalOutput in signResponse.OptionalOutputs.Any)
{
if (optionalOutput.NamespaceURI.Equals(DSSConstants.DSS_NAMESPACE) &&
optionalOutput.LocalName.Equals("DocumentWithSignature"))
{
DSSXSDNamespace.DocumentWithSignature documentWithSignature = (DSSXSDNamespace.DocumentWithSignature)
FromDom("DocumentWithSignature", DSSConstants.DSS_NAMESPACE, optionalOutput,
typeof(DSSXSDNamespace.DocumentWithSignature));
return documentWithSignature;
}
}
return null;
}
private DSSXSDNamespace.StorageInfo FindStorageInfo(SignResponse signResponse)
{
if (null == signResponse.OptionalOutputs)
{
return null;
}
foreach (XmlElement optionalOutput in signResponse.OptionalOutputs.Any)
{
if (optionalOutput.NamespaceURI.Equals(DSSConstants.ARTIFACT_NAMESPACE) &&
optionalOutput.LocalName.Equals("StorageInfo"))
{
DSSXSDNamespace.StorageInfo storageInfo = (DSSXSDNamespace.StorageInfo)FromDom("StorageInfo",
DSSConstants.ARTIFACT_NAMESPACE, optionalOutput, typeof(DSSXSDNamespace.StorageInfo));
return storageInfo;
}
}
return null;
}
protected bool Equals(SignResponse other)
{
return string.Equals(Bd, other.Bd) && string.Equals(Sign, other.Sign) &&
string.Equals(Challenge, other.Challenge) && string.Equals(SessionId, other.SessionId) &&
string.Equals(AppId, other.AppId);
}
public bool Sign()
{
try
{
_requestData.cbChargeItems = _requestChargeItems.ToArray();
_requestData.cbPayItems = _requestPayItems.ToArray();
_responseData = _proxy.Sign(_requestData);
_signData = new SignResponse(_responseData);
return true;
}
catch (Exception x)
{
LastError = x.Message;
return false;
}
}