public MtbContainer Sign(MtbContainer mtb) { mtb.IssuerSignedTicketBundle.Header = new IssuerSignatureHeader(SignatureAlgorithm.ES256, _keyRepository.SigningIssuerId, _keyRepository.SigningKeyId); var signingInput = CreateCoseSigningInput(mtb.IssuerSignedTicketBundle.Header.GetBytes(), mtb.IssuerSignedTicketBundle.TicketBundle.GetBytes()); var privateKey = _keyRepository.GetPrivateKey(); using (var dsa = new ECDsaCng(privateKey)) { mtb.IssuerSignedTicketBundle.Signature = dsa.SignData(signingInput); } return mtb; }
public void CreateMtbFromBytes_Creates_A_MtbContainer_with_TicketBundle() { var bytes = Convert.FromBase64String(mtbB64); var mtb = new MtbContainer(bytes); Assert.That(mtb, Is.Not.Null); Assert.That(mtb.IssuerSignedTicketBundle, Is.Not.Null); }
public void Verify_Returns_False_When_Invalid_Signature() { issuerSignedTicketBundle.Signature = new byte[64]; var mtb = new MtbContainer(issuerSignedTicketBundle); var result = service.Verify(mtb); Assert.That(result, Is.False); }
/// <summary> /// Creates a signed MTB with one participant object. /// Participant object is expected to be serialized to JSON-array; /// [{participantTicketObject-1}, {participantTicketObject-2}, ... ] /// </summary> /// <param name="jsonString">Participant object serialized to JSON</param> /// <param name="participantId">Participant id (PID) for Ticket Bundle map</param> /// <returns>Signed MTB as byte[]</returns> public byte[] CreateSigned(string jsonString, string participantId) { var participantObject = new ParticipantObject(jsonString); var ticketBundle = new TicketBundle(); ticketBundle.ParticipantObjects.Add(participantId, participantObject); var unSignedBundle = new IssuerSignedTicketBundle(ticketBundle); var mtbContainer = new MtbContainer(unSignedBundle); // Sign var signedMtb = _service.Sign(mtbContainer); return signedMtb.GetBytes(); }
public void Sign_Creates_a_MTB_with_valid_signature() { var ticketBundle = new TicketBundle(); var issuerTicketBundle = new IssuerSignedTicketBundle(ticketBundle); var mtb = new MtbContainer(issuerTicketBundle); var signed = service.Sign(mtb); var signedBundle = signed.IssuerSignedTicketBundle; var validationResult = service.Verify(mtb); Assert.That(signedBundle.Signature, Is.Not.Null); Assert.That(validationResult, Is.True); }
public void Sign_Creates_a_MTB_with_valid_header() { var ticketBundle = new TicketBundle(); var issuerTicketBundle = new IssuerSignedTicketBundle(ticketBundle); var mtb = new MtbContainer(issuerTicketBundle); var signed = service.Sign(mtb); var signedBundle = signed.IssuerSignedTicketBundle; Assert.That(signedBundle.Header, Is.Not.Null); Assert.That(signedBundle.Header.alg, Is.EqualTo(SignatureAlgorithm.ES256)); Assert.That(signedBundle.Header.iid, Is.EqualTo(keyRepo.SigningIssuerId)); Assert.That(signedBundle.Header.kid, Is.EqualTo(keyRepo.SigningKeyId)); }
public bool Verify(MtbContainer mtb) { var header = mtb.IssuerSignedTicketBundle.Header; var signingInput = CreateCoseSigningInput(mtb.IssuerSignedTicketBundle.Header.GetBytes(), mtb.IssuerSignedTicketBundle.TicketBundle.GetBytes()); var signature = mtb.IssuerSignedTicketBundle.Signature; var publicKey = _keyRepository.GetPublicKey(header.alg, header.iid, header.kid); if (publicKey != null) { if (signature.Length > 64) { signature = SignatureConverter.FromDerEncoded(signature); } using (var dsa = new ECDsaCng(publicKey)) { return dsa.VerifyData(signingInput, signature); } } return false; }
/// <summary> /// Verifies a Issuer signature for a MTB /// </summary> /// <param name="mtbContainer">MTB Conatiner to verify</param> /// <returns>True if signature is verified.</returns> public bool Verify(MtbContainer mtbContainer) { return _service.Verify(mtbContainer); }
/// <summary> /// Parses a byte array and returns a MtbContainer. /// Issuer signature is not verified. Use <see cref="Verify(MtbContainer)"/> to verify. /// </summary> /// <param name="data">Raw MTB byte[]</param> /// <returns>Filled MtbContainer</returns> public MtbContainer Parse(byte[] data) { var mtbContainer = new MtbContainer(data); return mtbContainer; }
public void Verify_Returns_True_When_Ok_Signature() { var mtb = new MtbContainer(issuerSignedTicketBundle); var result = service.Verify(mtb); Assert.That(result, Is.True); }