/// <summary>
/// Initializes a new instance of the <see cref="AccountKey" /> class.
/// </summary>
/// <param name="keyInfo">The key information.</param>
/// <exception cref="ArgumentNullException">keyInfo</exception>
/// <exception cref="NotSupportedException">
/// If the provided key is not one of the supported <seealso cref="KeyAlgorithm" />.
/// </exception>
public AccountKey(KeyInfo keyInfo)
{
if (keyInfo == null)
{
throw new ArgumentNullException(nameof(keyInfo));
}
SignatureKey = KeyFactory.FromDer(keyInfo.PrivateKeyInfo);
signer = SignatureKey.GetSigner();
}
public void ComputeSignature()
{
if (DigestAlgorithm != _digestAlg)
{
throw new CryptographicException($"Digest algorithm not supported. Use: {_digestAlg}");
}
if (SignatureAlgorithm != _signAlg)
{
throw new CryptographicException($"Signature algorithm not supported. Use: {_signAlg}");
}
if (CanonicalizationAlgorithm != _canonAlg)
{
throw new CryptographicException($"Canonicalization algorithm not supported. Use: {_canonAlg}");
}
if (SignatureKey == null)
{
throw new CryptographicException($"{nameof(SignatureKey)} is null");
}
if (ReferenceUri == null)
{
throw new CryptographicException($"{nameof(ReferenceUri)} is null");
}
var _ref = ReferenceUri;
if (ReferenceUri.StartsWith("#xpointer("))
{
var customXPath = ReferenceUri.TrimEnd(')');
_ref = customXPath.Substring(customXPath.IndexOf('(') + 1);
}
var nodes = NamespaceManager == null?_doc.SelectNodes(_ref) : _doc.SelectNodes(_ref, NamespaceManager);
if (nodes.Count == 0)
{
throw new CryptographicException("No references found");
}
_digestValue = CanonicalizeAndDigest(nodes);
var signedInfo = CreateDoc();
nodes = signedInfo.ToXmlDocument().SelectNodes("*");
var signedInfoDigest = CanonicalizeAndDigest(nodes);
_signatureValue =
SignatureKey.SignHash(signedInfoDigest, HashAlgorithmName.SHA256, SignaturePadding);
}
protected override void DisposeContents()
{
SignatureKey.AsSpan().Clear();
DerivationKey.AsSpan().Clear();
}
/// <summary>
/// Initializes a new instance of the <see cref="AccountKey"/> class.
/// </summary>
/// <param name="algorithm">The JWS signature algorithm.</param>
public AccountKey(KeyAlgorithm algorithm = KeyAlgorithm.ES256)
{
SignatureKey = KeyFactory.NewKey(algorithm);
signer = SignatureKey.GetSigner();
}
public bool VerifySignature()
{
var xmlNameSpaceList = GetNamespaceList(_doc);
var nm = CreateNamespaceManager(_doc, xmlNameSpaceList);
var xph = new XPathHelper(XDocument.Parse(_doc.OuterXml, LoadOptions.PreserveWhitespace), Namespaces);
var refNodes = xph.GetAuthSignatureReferences().ToList();
if (refNodes.Count != 1)
{
return(false);
}
var refUri = refNodes[0].Attribute("URI")?.Value;
if (refUri == null)
{
return(false);
}
if (refUri.StartsWith("#xpointer("))
{
var customXPath = refUri.TrimEnd(')');
refUri = customXPath.Substring(customXPath.IndexOf('(') + 1);
}
var nodes = _doc.SelectNodes(refUri, nm);
if (nodes.Count == 0)
{
return(false);
}
var dsigPrefix = nm.LookupPrefix(Namespaces.XmlDsig);
var ebicsPrefix = nm.LookupPrefix(Namespaces.Ebics);
if (dsigPrefix == "")
{
dsigPrefix = _defaultNsKey;
}
if (ebicsPrefix == "")
{
ebicsPrefix = _defaultNsKey;
}
var myDigestValue = CanonicalizeAndDigest(nodes, xmlNameSpaceList);
var myB64DigestValue = Convert.ToBase64String(myDigestValue);
var b64Digest = xph.GetAuthSignatureDigestValue()?.Value.Trim();
if (b64Digest != myB64DigestValue)
{
return(false);
}
var signedInfoNode =
_doc.SelectSingleNode($"/*/{ebicsPrefix}:{XmlNames.AuthSignature}/{dsigPrefix}:{XmlNames.SignedInfo}",
nm);
var signedInfoDoc = new XmlDocument();
signedInfoDoc.AppendChild(signedInfoDoc.ImportNode(signedInfoNode, true));
var mySignedInfoDigest = Digest(Canonicalize(signedInfoDoc, xmlNameSpaceList));
var b64Signature = xph.GetAuthSignatureValue()?.Value.Trim();
var signature = Convert.FromBase64String(b64Signature);
return
(SignatureKey.VerifyHash(mySignedInfoDigest, signature, HashAlgorithmName.SHA256,
SignaturePadding));
}
