/// <summary>
/// POST Request From Wechat
/// </summary>
/// <param name="AppID"></param>
/// <param name="signature"></param>
/// <param name="timestamp"></param>
/// <param name="nonce"></param>
/// <returns></returns>
public IHttpActionResult Post(String AppID, [FromUri] String signature, [FromUri] String timestamp, [FromUri]String nonce)
{
try
{
IWechatConfig config = SimpleWechatConfigManager.GetInstance().FetchSelectedConfig(AppID);
logger.DebugFormat(@"The app [{1}] token is [{0}]", config.Token ?? @"Nu1l", AppID ?? @"Nu1l");
String request = this.Request.Content.ReadAsStringAsync().Result;
logger.DebugFormat(@"The post AppID is [{0}], signature is [{2}], timestamp is [{3}], request is [{1}]", AppID ?? @"Nu1l", request ?? @"Nu1l", signature ?? @"Nu1l", timestamp ?? @"Nu1l");
if ( ( !String.IsNullOrEmpty(signature)
&& !String.IsNullOrEmpty(timestamp)
&& !String.IsNullOrEmpty(nonce))
|| _FORCE_SIGNATURE_FLAG)
{
MessageCryptErrorCode retCode = SignatureVerifier.VerifySignature(config.Token, timestamp, nonce, request, signature);
if (retCode != MessageCryptErrorCode.WXMsgCrypt_OK)
throw new ApplicationException(@"verify signature failed");
}
return NotFound();
}
catch (Exception ex)
{
logger.Error(ex);
return BadRequest();
}
}
public async void InstallUpdate(AppCastItem item, string installPath = null)
{
var path = installPath != null && File.Exists(installPath)
? installPath
: await GetDownloadPathForAppCastItem(item);
if (File.Exists(path))
{
NetSparkleUpdater.Enums.ValidationResult result;
try
{
result = SignatureVerifier.VerifySignatureOfFile(item.DownloadSignature, path);
}
catch (Exception exc)
{
Log.Error("Error validating signature of file: {0}; {1}", exc.Message,
exc.StackTrace);
result = NetSparkleUpdater.Enums.ValidationResult.Invalid;
}
if (result == NetSparkleUpdater.Enums.ValidationResult.Valid)
{
await RunDownloadedInstaller(path);
}
}
}
public DeliverToActivityPubTask(EventQueueItem item, IEntityStore entityStore, EntityFlattener entityFlattener, IServiceProvider serviceProvider, DeliveryService deliveryService, SignatureVerifier verifier, KeyService keyService) : base(item)
{
_entityStore = entityStore;
_entityFlattener = entityFlattener;
_serviceProvider = serviceProvider;
_deliveryService = deliveryService;
_verifier = verifier;
_keyService = keyService;
}
public void VerifySignature()
{
var signature = TestdataLoader.ReadFromResource("signature.p7s");
var signedData = TestdataLoader.ReadFromResource("signedData.xml");
var signatureVerifier = new SignatureVerifier();
var certificate = signatureVerifier.Validate(signedData, signature);
certificate.Should().NotBeNull();
}
public DeliverToActivityPubTask(EventQueueItem item, IEntityStore entityStore, EntityFlattener entityFlattener, IServiceProvider serviceProvider, DeliveryService deliveryService, APContext context, EntityData data, SignatureVerifier verifier) : base(item)
{
_entityStore = entityStore;
_entityFlattener = entityFlattener;
_serviceProvider = serviceProvider;
_deliveryService = deliveryService;
_context = context;
_data = data;
_verifier = verifier;
}
public void PublicKeyImportWithPrivateKeyShouldFail()
{
bool isValid = SignatureVerifier.IsSignatureValid("this-is-not-important",
"absAUKYl78KAI3aA8FDWE2y2JATOCz7OUKG1hVhFNOyjSfwlGXhMA4oe3qou6JEnuKlsx+AqS5O+nz0oJ68FR7gLU8NPrWjVIWqFTyQMS0ntDRMEUl3oZXXD24fy+NaUOZ6o9OPxFASlEN/ueplXSgcedpXLfo0cfWQWM0GcTJ4=",
//next we will give public private exported csp
"BwIAAACkAABSU0EyAAQAAAEAAQBXZXt7QOileknWzBH2Sg+Yk4INDTbKA5XUUfUe23zUmr6eM1USCNHX3lidZfjk5Emuui1m8k0KnghxcJfOau8iPRpLg/lubMNojpLGe2MXn5GsyjgEpVdE+Cf0pLBAYHcBuBYHj99muMsJrJW1/InbKFa24JuVnBr+MybPuMXqtc9Ehyz/oomfsO6eYguHP4sqrvB595AFTtkKE7TcGmbt1dUWkSTxT0vfkvbVj0C/H8d7XlshIHlG1m2BEnFNi+T5CM2o0MH54c8DXKRhEujS+xeuk+u9POwL2/XLIvUcfMhL6Pt3o+Dk7HRkT3SPhRa/yJeZ1JEHpoVkYJOVfcXLfwijulTXJughtRpgd+0CBk4JSLYj0fkY+QyRWtuHQfAXTscNGGyW8uIMvHfPdNNOwuiKC4yZLfHuw+hQ1FDtTgH+iJ3nW5fwcIKudN0wusnRE3RIDo8QZky8AvAPb9Z/KbZHhpYXriWyfBKAfP9izhZaIcrRT6Fu+N9E+7oWkQY82jRwv237qtKOuqKl/WGcQE42vfBHWxmeKnBSzKZq8o+92oc06o2PYXqNqt38JOXn34W64nccPvINJJMIQ2UFoSydNf9D6iyxde86RDgSbNMxjqwEY3MiQmRs+QTG/8gwm5aiZG9Kr7K+3Vs65yr0NCwBmZ0DqMowmMbaeTrP3JYS/Ngr22p5vqtsYSTTGn/tU9mBL2asfWO4dxvkNXHCDNmendlCwvYKQZJONTS+GgxDfeC5i/lThMP1ua64H3I="
);
Assert.True(!isValid);
}
public void Verify_Returns_True_When_Timestamp_And_Signature_Are_Valid()
{
var timestamp = DateTimeOffset.UnixEpoch.ToUnixTimeSeconds();
var verifier = new SignatureVerifier(
Secret,
TimeSpan.FromSeconds(int.MaxValue));
var actual = verifier.Verify(
"v0=213cb52f067f4cd9faa388704ba5eac347bc79df40fc4491590cd4d8571b8af1",
timestamp,
"message");
Assert.True(actual);
}
public void Verify_Returns_False_When_Signature_Is_Not_Valid()
{
var timestamp = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
var verifier = new SignatureVerifier(
Secret,
TimeSpan.FromSeconds(TimeDeltaToleranceSeconds));
var actual = verifier.Verify(
"signature",
timestamp,
"message");
Assert.False(actual);
}
static void Main(string[] args)
{
SignatureVerifier signatureVerifier = new SignatureVerifier();
RNGRandomGenerator rngGenerator = new RNGRandomGenerator();
EmailSender emailSender = new EmailSender();
BlindChatDbContext context = new BlindChatDbContext();
GroupRepository groupRepository = new GroupRepository(context);
APIServer server = new APIServer(groupRepository, emailSender, rngGenerator, signatureVerifier);
CertificateGenerator generator = new CertificateGenerator();
int userInput = 0;
do
{
userInput = DisplayMenu();
switch (userInput.ToString())
{
case "1":
CreateGroup(server, generator);
break;
case "2":
InviteParticipants(context, server);
break;
case "3":
RegisterParticipant(server, groupRepository, generator);
break;
case "4":
SignCertificate(server);
break;
case "5":
SaveBlindParticipant(server, groupRepository);
break;
case "6":
SendMessageOnGroup(server, groupRepository);
break;
default:
Console.WriteLine("Default case");
break;
}
} while (userInput != 7);
}
public AuthController(APContext context, UserManager <APUser> userManager, SignInManager <APUser> signInManager, JwtTokenSettings tokenSettings, EntityFlattener entityFlattener, IEntityStore entityStore, AtomEntryParser entryParser, AtomEntryGenerator entryGenerator, EntityData entityConfiguration, IDataProtectionProvider dataProtectionProvider, IConfigurationRoot configuration, DeliveryService deliveryService, SignatureVerifier verifier)
{
_context = context;
_userManager = userManager;
_signInManager = signInManager;
_tokenSettings = tokenSettings;
_entityFlattener = entityFlattener;
_entityStore = entityStore;
_entryParser = entryParser;
_entryGenerator = entryGenerator;
_entityConfiguration = entityConfiguration;
_dataProtector = dataProtectionProvider.CreateProtector("OAuth tokens");
_configuration = configuration;
_deliveryService = deliveryService;
_verifier = verifier;
}
public void Verify_Returns_False_When_Timestamp_Has_Expired()
{
var expiredTimestamp =
DateTimeOffset.UtcNow.AddSeconds(-TimeDeltaToleranceSeconds + 1)
.ToUnixTimeSeconds();
var verifier = new SignatureVerifier(
Secret,
TimeSpan.FromSeconds(TimeDeltaToleranceSeconds));
var actual = verifier.Verify(
"signature",
expiredTimestamp,
"message");
Assert.False(actual);
}
public ActionResult PostInfluxTelemetry([FromBody] InfluxTelemetry telemetryPackage)
{
// verify in coming data
if (telemetryPackage?.NodeId == null ||
string.IsNullOrWhiteSpace(telemetryPackage.Signature) ||
telemetryPackage.Payload == null ||
telemetryPackage.Payload.Count == 0)
{
Console.WriteLine("bad request");
return(BadRequest());
}
// Get Node key from keystore
string nodeKey;
try
{
nodeKey = _keyStore.GetKeyForNode(telemetryPackage.NodeId);
}
catch (KeyNotFoundException)
{
Console.WriteLine($"Node Unknown: {telemetryPackage.NodeId}");
return(StatusCode(403));
}
// Verify Signature
string signedPayload = string.Join("", telemetryPackage.Payload);
bool signatureValid = SignatureVerifier.IsSignatureValid(signedPayload, telemetryPackage.Signature, nodeKey);
if (!signatureValid)
{
Console.WriteLine($"Bad signature from node: {telemetryPackage.NodeId}");
return(StatusCode(403));
}
Console.WriteLine($"Accepted telemetry from {telemetryPackage.NodeId} [{telemetryPackage.Payload.Count} metrics]");
// Signature valid - record to db
if (_influx.Enqueue(telemetryPackage.Payload, true))
{
return(Accepted());
}
else
{
return(StatusCode(400));
}
}
public AuthController(DbConnection connection, UserManager <APUser> userManager, SignInManager <APUser> signInManager, JwtTokenSettings tokenSettings, EntityFlattener entityFlattener, IEntityStore entityStore, EntityData entityConfiguration, IDataProtectionProvider dataProtectionProvider, IConfigurationRoot configuration, DeliveryService deliveryService, SignatureVerifier verifier, IServiceProvider provider, CollectionTools collectionTools, RelevantEntitiesService relevantEntities)
{
_connection = connection;
_userManager = userManager;
_signInManager = signInManager;
_tokenSettings = tokenSettings;
_entityFlattener = entityFlattener;
_entityStore = entityStore;
_entityConfiguration = entityConfiguration;
_dataProtector = dataProtectionProvider.CreateProtector("OAuth tokens");
_configuration = configuration;
_deliveryService = deliveryService;
_verifier = verifier;
_provider = provider;
_collectionTools = collectionTools;
_relevantEntities = relevantEntities;
}
public GetEntityHandler(DbConnection connection, EntityFlattener flattener, IEntityStore mainStore,
IServiceProvider serviceProvider, DeliveryService deliveryService, ServerConfig entityData,
ClaimsPrincipal user, CollectionTools collectionTools, INotifier notifier, JwtTokenSettings tokenSettings,
SignatureVerifier verifier, IAuthorizer authorizer)
{
_connection = connection;
_flattener = flattener;
_mainStore = mainStore;
_serviceProvider = serviceProvider;
_entityData = entityData;
_deliveryService = deliveryService;
_user = user;
_collectionTools = collectionTools;
_notifier = notifier;
_tokenSettings = tokenSettings;
_verifier = verifier;
_authorizer = authorizer;
}
public GetEntityHandler(APContext acontext, EntityFlattener flattener, IEntityStore mainStore,
AtomEntryGenerator entryGenerator, IServiceProvider serviceProvider, DeliveryService deliveryService,
EntityData entityData, ClaimsPrincipal user, CollectionTools collectionTools, INotifier notifier, JwtTokenSettings tokenSettings,
SignatureVerifier verifier)
{
_context = acontext;
_flattener = flattener;
_mainStore = mainStore;
_entryGenerator = entryGenerator;
_serviceProvider = serviceProvider;
_entityData = entityData;
_deliveryService = deliveryService;
_user = user;
_collectionTools = collectionTools;
_notifier = notifier;
_tokenSettings = tokenSettings;
_verifier = verifier;
}
public static PayloadSignatureTuple CreateSamplePayload(int numberOfEvents, bool useValidSigningKey, int firstSequenceNumber)
{
var sampleEvents = CreateThisManyEvents(numberOfEvents);
var payload = new Payload
{
Events = sampleEvents,
FirstEventSequence = firstSequenceNumber,
LastEventSequence = firstSequenceNumber + numberOfEvents - 1
};
var payloadString = JsonConvert.SerializeObject(payload);
var signature = new SignatureVerifier().GenerateSignature(useValidSigningKey
? File.ReadAllText("Resources/SigningKey.txt")
: "InvalidKey", payloadString);
return(new PayloadSignatureTuple(payload, signature));
}
public IActionResult Verify([FromQuery] string signature)
{
var userAgent = Request.Headers["User-Agent"].ToString();
var adscoreKey = "KEY_GOES_HERE";
List <string> ipAddresses = GetIpAddresses();
var verifyResult = SignatureVerifier.Verify(signature, userAgent, "customer", adscoreKey, ipAddresses.ToArray());
// Possible scores and verdicts:
// score verdict
// 0 "ok"
// 3 "junk"
// 6 "proxy"
// 9 "bot"
// null "no verdict" (verification is not possible. Check error for more details)
var score = verifyResult.Score;
var verdict = verifyResult.Verdict;
// Error message explaining e.g why "bot" score has been assigned to given request
var error = verifyResult.Error;
// Ip addresses used to check against the signature. It can be either IPv4 or IPv6
var ipAddress = verifyResult.IpAddress;
// Epoch millis when request has been executed, resolved from the signature
var requestTime = verifyResult.RequestTime;
// Epoch millis when signature for given request has been generated
var signatureTime = verifyResult.SignatureTime;
// True if either requestTime or signatureTime expired
var expired = verifyResult.Expired;
return(Ok(String.Format("Score:{0}, verdict:{1}, expired:{2}, error:{3}, ipAddress:{4}, requestTime:{5}, signatureTime:{6}",
score, verdict, expired, error, ipAddress, requestTime, signatureTime)));
}
public static PayloadSignatureTuple CreateSamplePayload(int numberOfEvents, bool useValidSigningKey, int firstSequenceNumber)
{
var sampleEvents = CreateThisManyEvents(numberOfEvents);
var payload = new Payload
{
Events = sampleEvents,
FirstEventSequence = firstSequenceNumber,
LastEventSequence = firstSequenceNumber + numberOfEvents - 1
};
var payloadString = JsonConvert.SerializeObject(payload);
string signature;
if (useValidSigningKey)
{
var configuration = new ConfigurationBuilder()
.AddJsonFile("appsettings.json", optional: false, reloadOnChange: true)
.Build();
var webhookSettings = configuration.GetSection("WebhookSettings").Get <WebhookSettings>();
signature = new SignatureVerifier(webhookSettings).GenerateSignature(payloadString);
}
else
{
var webhookSettings = new WebhookSettings
{
SigningKey = "InvalidKey"
};
signature = new SignatureVerifier(webhookSettings).GenerateSignature(payloadString);
}
return(new PayloadSignatureTuple(payload, signature));
}
public asicManifest VerifiedManifest()
{
if (Signatures?.Containers?.FirstOrDefault() != null && CadesManifest != null)
{
var certificate =
new SignatureVerifier().Validate(
GetCadesManifestBlob(),
Signatures.Containers.FirstOrDefault().Data.ToArray());
return(new asicManifest
{
certificate = new[] { certificate },
file = CadesManifest.Digests.Select(d => new asicFile
{
digest = d.Value.Digest.ToArray(),
mimetype = d.Value.MimeType.ToString(),
name = d.Value.Name,
verified = true
}).ToArray(),
rootfile = CadesManifest.RootFile
});
}
return(null);
}
public ActionResult PostRealTimeTelemetry([FromBody] RealTimeTelemetry realTimePackage)
{
// verify incoming data
if (realTimePackage?.NodeId == null ||
string.IsNullOrWhiteSpace(realTimePackage.Signature) ||
realTimePackage.Payload == null ||
string.IsNullOrWhiteSpace(realTimePackage.Payload.Client) ||
string.IsNullOrWhiteSpace(realTimePackage.Payload.BlockHash)
)
{
Console.WriteLine("Bad Request: " + JsonConvert.SerializeObject(realTimePackage, Formatting.Indented));
return(BadRequest());
}
// Get Node key from keystore
string nodeKey;
try
{
nodeKey = _keyStore.GetKeyForNode(realTimePackage.NodeId);
}
catch (KeyNotFoundException)
{
Console.WriteLine($"Node Unknown: {realTimePackage.NodeId}");
return(StatusCode(403));
}
// Verify Signature
string payload = JsonConvert.SerializeObject(realTimePackage.Payload);
bool signatureValid = SignatureVerifier.IsSignatureValid(payload, realTimePackage.Signature, nodeKey);
if (!signatureValid)
{
Console.WriteLine($"Bad signature from node: {realTimePackage.NodeId}");
return(StatusCode(403));
}
//Point format |measurement|,tag_set| |field_set| |timestamp|
//create a point from incoming JSON
Console.WriteLine($"Accepted RT telemetry from {realTimePackage.NodeId} ");
long nanotimestamp = (long)(realTimePackage.Payload.BlockReceived * 1e9);
string influxPoint = string.Format("parity,nodeid={0},client={1} blocknum={2},numpeers={3},blockts={4},numtxinblock={5},propagationtime={6},gaslimit={8},gasused={9} {7}",
realTimePackage.NodeId,
realTimePackage.Payload.Client,
realTimePackage.Payload.BlockNum,
realTimePackage.Payload.NumPeers,
realTimePackage.Payload.BlockTS,
realTimePackage.Payload.NumTxInBlock,
(realTimePackage.Payload.BlockReceived - realTimePackage.Payload.BlockTS),
nanotimestamp,
realTimePackage.Payload.GasLimit,
realTimePackage.Payload.GasUsed);
// Signature valid - record to db
if (_influx.Enqueue(influxPoint, true))
{
return(Accepted());
}
else
{
return(StatusCode(400));
}
}
static void Main(string[] args)
{
//Asta va fi inlocuit cu un API call
SignatureVerifier signatureVerifier = new SignatureVerifier();
RNGRandomGenerator rngGenerator = new RNGRandomGenerator();
EmailSender emailSender = new EmailSender();
BlindChatDbContext context = new BlindChatDbContext();
GroupRepository groupRepository = new GroupRepository(context);
APIServer server = new APIServer(groupRepository, emailSender, rngGenerator, signatureVerifier);
//Set participants
List <Participant> unconfirmedParticipants = server.GetParticipantsToConfirm("Loazarii");
foreach (var participant in unconfirmedParticipants)
{
int invitationCode = participant.InvitationCode;
Guid groupId = (Guid)participant.GroupId;
string email = participant.Email;
Group group = server.GetGroup(participant.InvitationCode);
ClientParticipant clientParticipant = new ClientParticipant(server, groupRepository);
var groupPublicKey = clientParticipant.GetGroupDetails(invitationCode);
//Generate certificate
CertificateGenerator generator = new CertificateGenerator();
var participantKeys = generator.GenerateCertificate("C=RO,O=Qubiz", TimeSpan.FromDays(1), "certParticipant.pfx", "Test.123");
//Serialize
var privateSerializedKey = RsaKeyUtils.GetSerializedPrivateKey(participantKeys.Private);
var publicSerializedKey = RsaKeyUtils.GetSerializedPublicKey(participantKeys.Public);
//Concatenante serialized key
var content = RsaKeyUtils.Combine(publicSerializedKey, privateSerializedKey);
//Generate blind content
ContentBlinder contentBlinder = new ContentBlinder((RsaKeyParameters)groupPublicKey, "Loazarii");
var blindedContent = contentBlinder.GetBlindedContent(content);
var groupRegistration = clientParticipant.GetGroupRegistration(invitationCode, (RsaKeyParameters)participantKeys.Public);
//Save blindedCertificate
clientParticipant.RegisterBlindCertificate(invitationCode, groupRegistration);
//Send for sign DONE
//Get blindSignature
var blindMessage = server.GetSignedMessage(groupId, email);
var signature = Convert.FromBase64CharArray(blindMessage.Signature.ToCharArray(), 0, blindMessage.Signature.Length);
//Unblind signature
var unblindedSignature = contentBlinder.GetUnblindedSignature(signature);
//Verify
var verifiedParticipant = clientParticipant.CheckVerifiedEntity(group, participant.Email, groupRegistration);
clientParticipant.AddClientCertificate(verifiedParticipant, group, email);
ParticipantMessage message = new ParticipantMessage();
message.Message = "Andreiu, ce nevoie faci?";
clientParticipant.AddMessage(groupId, message, verifiedParticipant);
}
Console.ReadKey();
}
/// <summary>
/// Perform JAR digital signature verification against a JAR filename on disk
/// </summary>
/// <param name="jar">JAR container. The caller is expected to dispose this type themselves - it will not be disposed
/// by this method</param>
/// <param name="certificates">certificate to verify / accept against</param>
/// <param name="nonStandardCountCheck">whether to perform the additional file count verification check against
/// MANIFEST.MF (recommended if the file is actually an arbitrary ZIP)</param>
/// <returns>digital signature verification state of the JAR</returns>
public static VerificationResult Jar(IJar jar, IVerificationCertificates certificates, bool nonStandardCountCheck = true)
{
// Unsigned ZIP and probably not even a JAR
if (!jar.Contains(@"META-INF\MANIFEST.MF"))
{
return(new VerificationResult
{
Status = SigningStatus.NotSigned,
Valid = false
});
}
IManifestLoader manifestLoader = new ManifestLoader();
ManifestData centralManifest = manifestLoader.Load(jar, @"META-INF\MANIFEST.MF");
if (nonStandardCountCheck)
{
// Non-standard check: Ensure that no unsigned files have been ADDED
// to the JAR (file qty. [except signature itself] must match manifest entries)
//
int nonManifestFiles = jar.NonSignatureFiles().Count();
if (centralManifest.Entries.Count != nonManifestFiles)
{
Log.Message($"Expected {centralManifest.Entries.Count} file(s) found {nonManifestFiles}");
return(new VerificationResult
{
Status = SigningStatus.FundamentalHashMismatch,
Valid = false
});
}
}
// Verify the hashes of every file in the JAR
//
using (var h = new Hasher())
{
Log.Message($"Central manifest contains {centralManifest.Entries.Count} entries");
foreach (ManifestEntry e in centralManifest.Entries)
{
Log.Message($"Digest check {e.Path} ({e.Digest})");
// Check each file matches the hash in the manifest
if (jar.SHA256(h, e.Path).ToBase64() != e.Digest)
{
Log.Message($"{e.Path} has an incorrect digest");
return(new VerificationResult
{
Status = SigningStatus.FundamentalHashMismatch,
Valid = false
});
}
}
}
// Detect signatures
//
//
ISignatureFinder finder = new SignatureFinder();
List <Signature> signatures = finder.Find(jar);
if (!signatures.Any())
{
Log.Message("No signatures detected");
return(new VerificationResult
{
Status = SigningStatus.NotSigned,
Valid = false
});
}
Log.Message($"{signatures.Count} signature(s) detected");
// Verify signatures
//
//
SignatureVerifier ver = new SignatureVerifier();
if (ver.Verify(jar, centralManifest, signatures, certificates))
{
return(new VerificationResult
{
Status = SigningStatus.SignedValid,
Valid = true
});
}
else
{
return(new VerificationResult
{
Status = SigningStatus.SignedInvalid,
Valid = false
});
}
}
public void SignatureShouldNotVerify(string pubKey, string payload, string signature)
{
bool isValid = SignatureVerifier.IsSignatureValid(payload, signature, pubKey);
Assert.True(!isValid);
}
