/// <summary> /// Initializes a new instance of the <see cref="AccountKey" /> class. /// </summary> /// <param name="keyInfo">The key information.</param> /// <exception cref="ArgumentNullException">keyInfo</exception> /// <exception cref="NotSupportedException"> /// If the provided key is not one of the supported <seealso cref="KeyAlgorithm" />. /// </exception> public AccountKey(KeyInfo keyInfo) { if (keyInfo == null) { throw new ArgumentNullException(nameof(keyInfo)); } SignatureKey = KeyFactory.FromDer(keyInfo.PrivateKeyInfo); signer = SignatureKey.GetSigner(); }
public void ComputeSignature() { if (DigestAlgorithm != _digestAlg) { throw new CryptographicException($"Digest algorithm not supported. Use: {_digestAlg}"); } if (SignatureAlgorithm != _signAlg) { throw new CryptographicException($"Signature algorithm not supported. Use: {_signAlg}"); } if (CanonicalizationAlgorithm != _canonAlg) { throw new CryptographicException($"Canonicalization algorithm not supported. Use: {_canonAlg}"); } if (SignatureKey == null) { throw new CryptographicException($"{nameof(SignatureKey)} is null"); } if (ReferenceUri == null) { throw new CryptographicException($"{nameof(ReferenceUri)} is null"); } var _ref = ReferenceUri; if (ReferenceUri.StartsWith("#xpointer(")) { var customXPath = ReferenceUri.TrimEnd(')'); _ref = customXPath.Substring(customXPath.IndexOf('(') + 1); } var nodes = NamespaceManager == null?_doc.SelectNodes(_ref) : _doc.SelectNodes(_ref, NamespaceManager); if (nodes.Count == 0) { throw new CryptographicException("No references found"); } _digestValue = CanonicalizeAndDigest(nodes); var signedInfo = CreateDoc(); nodes = signedInfo.ToXmlDocument().SelectNodes("*"); var signedInfoDigest = CanonicalizeAndDigest(nodes); _signatureValue = SignatureKey.SignHash(signedInfoDigest, HashAlgorithmName.SHA256, SignaturePadding); }
protected override void DisposeContents() { SignatureKey.AsSpan().Clear(); DerivationKey.AsSpan().Clear(); }
/// <summary> /// Initializes a new instance of the <see cref="AccountKey"/> class. /// </summary> /// <param name="algorithm">The JWS signature algorithm.</param> public AccountKey(KeyAlgorithm algorithm = KeyAlgorithm.ES256) { SignatureKey = KeyFactory.NewKey(algorithm); signer = SignatureKey.GetSigner(); }
public bool VerifySignature() { var xmlNameSpaceList = GetNamespaceList(_doc); var nm = CreateNamespaceManager(_doc, xmlNameSpaceList); var xph = new XPathHelper(XDocument.Parse(_doc.OuterXml, LoadOptions.PreserveWhitespace), Namespaces); var refNodes = xph.GetAuthSignatureReferences().ToList(); if (refNodes.Count != 1) { return(false); } var refUri = refNodes[0].Attribute("URI")?.Value; if (refUri == null) { return(false); } if (refUri.StartsWith("#xpointer(")) { var customXPath = refUri.TrimEnd(')'); refUri = customXPath.Substring(customXPath.IndexOf('(') + 1); } var nodes = _doc.SelectNodes(refUri, nm); if (nodes.Count == 0) { return(false); } var dsigPrefix = nm.LookupPrefix(Namespaces.XmlDsig); var ebicsPrefix = nm.LookupPrefix(Namespaces.Ebics); if (dsigPrefix == "") { dsigPrefix = _defaultNsKey; } if (ebicsPrefix == "") { ebicsPrefix = _defaultNsKey; } var myDigestValue = CanonicalizeAndDigest(nodes, xmlNameSpaceList); var myB64DigestValue = Convert.ToBase64String(myDigestValue); var b64Digest = xph.GetAuthSignatureDigestValue()?.Value.Trim(); if (b64Digest != myB64DigestValue) { return(false); } var signedInfoNode = _doc.SelectSingleNode($"/*/{ebicsPrefix}:{XmlNames.AuthSignature}/{dsigPrefix}:{XmlNames.SignedInfo}", nm); var signedInfoDoc = new XmlDocument(); signedInfoDoc.AppendChild(signedInfoDoc.ImportNode(signedInfoNode, true)); var mySignedInfoDigest = Digest(Canonicalize(signedInfoDoc, xmlNameSpaceList)); var b64Signature = xph.GetAuthSignatureValue()?.Value.Trim(); var signature = Convert.FromBase64String(b64Signature); return (SignatureKey.VerifyHash(mySignedInfoDigest, signature, HashAlgorithmName.SHA256, SignaturePadding)); }