Пример #1
0
        private static bool ValidateSignatures(dynamic data, string centralApiPublicKey)
        {
            string paymentInfoJson = data.PaymentInfo;
            string centralApiPaymentInfoSignature = data.PaymentInfoSignature;
            string paymentProofJson      = data.PaymentProof;
            string paymentProofSignature = data.PaymentProofSignature;

            // validate signatures of PaymentInfo and PaymentProof
            using (var centralApiRsa = RSA.Create())
            {
                RsaExtensions.FromXmlString(centralApiRsa, centralApiPublicKey);

                bool isPaymentInfoSignatureValid = centralApiRsa.VerifyData(
                    Encoding.UTF8.GetBytes(paymentInfoJson),
                    Convert.FromBase64String(centralApiPaymentInfoSignature),
                    HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);

                bool isPaymentProofSignatureValid = centralApiRsa.VerifyData(
                    Encoding.UTF8.GetBytes(paymentProofJson),
                    Convert.FromBase64String(paymentProofSignature),
                    HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);

                return(isPaymentInfoSignatureValid && isPaymentProofSignatureValid);
            }
        }
 private void InitializeRsa()
 {
     using (var publicRsa = RSA.Create())
     {
         var publicKeyXml = File.ReadAllText(_jwtSettings.RsaPublicKeyXml);
         RsaExtensions.FromXmlString(publicRsa, publicKeyXml);
         _issuerSigningKey = new RsaSecurityKey(publicRsa);
     }
 }
Пример #3
0
        public static string SignAndEncryptData <T>(
            T model,
            string apiSigningKey,
            string bankKey)
            where T : class
        {
            // Sign data with api private key
            using (var rsa = RSA.Create())
            {
                RsaExtensions.FromXmlString(rsa, apiSigningKey);
                var aesParams = CryptographyExtensions.GenerateKey();
                var key       = Convert.FromBase64String(aesParams[0]);
                var iv        = Convert.FromBase64String(aesParams[1]);

                var serializedModel = JsonConvert.SerializeObject(model);
                var dataObject      = new
                {
                    Model     = serializedModel,
                    Timestamp = DateTime.UtcNow
                };

                var data = JsonConvert.SerializeObject(dataObject);

                var signature = Convert.ToBase64String(rsa
                                                       .SignData(Encoding.UTF8.GetBytes(data), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1));

                // Encrypt with bank public key
                string encryptedKey;
                string encryptedIv;
                using (var encryptionRsa = RSA.Create())
                {
                    RsaExtensions.FromXmlString(encryptionRsa, bankKey);
                    encryptedKey = Convert.ToBase64String(encryptionRsa.Encrypt(key, RSAEncryptionPadding.Pkcs1));
                    encryptedIv  = Convert.ToBase64String(encryptionRsa.Encrypt(iv, RSAEncryptionPadding.Pkcs1));
                }

                var encryptedData = Convert.ToBase64String(CryptographyExtensions.Encrypt(data, key, iv));

                var json = new
                {
                    EncryptedKey = encryptedKey,
                    EncryptedIv  = encryptedIv,
                    Data         = encryptedData,
                    Signature    = signature
                };

                var serializedJson = JsonConvert.SerializeObject(json);
                var request        = Convert.ToBase64String(Encoding.UTF8.GetBytes(serializedJson));

                return(request);
            }
        }
Пример #4
0
        public static string GeneratePaymentRequestWithProof(dynamic request, string bankPublicKey,
                                                             string centralApiKey)
        {
            string paymentInfoJson             = request.PaymentInfo;
            string websitePaymentInfoSignature = request.PaymentInfoSignature;
            string returnUrl = request.ReturnUrl;

            // generate PaymentProof containing the bank's public key
            // and merchant's original PaymentInfo signature
            var paymentProof = new
            {
                BankPublicKey        = bankPublicKey,
                PaymentInfoSignature = websitePaymentInfoSignature
            };

            string paymentProofJson = JsonConvert.SerializeObject(paymentProof);


            string paymentInfoCentralApiSignature;
            string paymentProofSignature;

            // sign the PaymentInfo and PaymentProof
            using (var centralApiRsa = RSA.Create())
            {
                RsaExtensions.FromXmlString(centralApiRsa, centralApiKey);

                paymentInfoCentralApiSignature = Convert.ToBase64String(
                    centralApiRsa.SignData(
                        Encoding.UTF8.GetBytes(paymentInfoJson),
                        HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1));

                paymentProofSignature = Convert.ToBase64String(
                    centralApiRsa.SignData(
                        Encoding.UTF8.GetBytes(paymentProofJson),
                        HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1));
            }

            var proofRequest = new
            {
                PaymentInfo           = paymentInfoJson,
                PaymentInfoSignature  = paymentInfoCentralApiSignature,
                PaymentProof          = paymentProofJson,
                PaymentProofSignature = paymentProofSignature,
                ReturnUrl             = returnUrl
            };

            string proofRequestJson = JsonConvert.SerializeObject(proofRequest);

            string encodedProofRequest = Convert.ToBase64String(Encoding.UTF8.GetBytes(proofRequestJson));

            return(encodedProofRequest);
        }
Пример #5
0
        private string SignAndEncryptData(CentralApiSubmitTransferDto model)
        {
            using (var rsa = RSA.Create())
            {
                RsaExtensions.FromXmlString(rsa, this.bankConfiguration.Key);
                var aesParams = CryptographyExtensions.GenerateKey();
                var key       = Convert.FromBase64String(aesParams[0]);
                var iv        = Convert.FromBase64String(aesParams[1]);

                var serializedModel = JsonConvert.SerializeObject(model);
                var dataObject      = new
                {
                    Model     = serializedModel,
                    Timestamp = DateTime.UtcNow
                };

                var data = JsonConvert.SerializeObject(dataObject);

                var signature = Convert.ToBase64String(rsa
                                                       .SignData(Encoding.UTF8.GetBytes(data), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1));

                string encryptedKey;
                string encryptedIv;
                using (var encryptionRsa = RSA.Create())
                {
                    RsaExtensions.FromXmlString(encryptionRsa, this.bankConfiguration.CentralApiPublicKey);
                    encryptedKey = Convert.ToBase64String(encryptionRsa.Encrypt(key, RSAEncryptionPadding.Pkcs1));
                    encryptedIv  = Convert.ToBase64String(encryptionRsa.Encrypt(iv, RSAEncryptionPadding.Pkcs1));
                }

                var encryptedData = Convert.ToBase64String(CryptographyExtensions.Encrypt(data, key, iv));

                var json = new
                {
                    BankName      = this.bankConfiguration.BankName,
                    BankSwiftCode = this.bankConfiguration.UniqueIdentifier,
                    BankCountry   = this.bankConfiguration.Country,
                    EncryptedKey  = encryptedKey,
                    EncryptedIv   = encryptedIv,
                    Data          = encryptedData,
                    Signature     = signature
                };

                var jsonRequest      = JsonConvert.SerializeObject(json);
                var encryptedRequest = Convert.ToBase64String(Encoding.UTF8.GetBytes(jsonRequest));

                return(encryptedRequest);
            }
        }
Пример #6
0
        public static string GenerateSuccessResponse(dynamic paymentRequest, string bankKey)
        {
            // generate PaymentConfirmation
            var paymentConfirmation = new
            {
                Success = true,
                paymentRequest.PaymentProofSignature
            };

            var paymentConfirmationJson = JsonConvert.SerializeObject(paymentConfirmation);

            // sign the PaymentConfirmation
            string paymentConfirmationSignature;

            using (var bankRsa = RSA.Create())
            {
                RsaExtensions.FromXmlString(bankRsa, bankKey);

                paymentConfirmationSignature = Convert.ToBase64String(
                    bankRsa.SignData(
                        Encoding.UTF8.GetBytes(paymentConfirmationJson),
                        HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1));
            }

            // generate response
            var response = new
            {
                paymentRequest.PaymentInfo,
                paymentRequest.PaymentProof,
                PaymentConfirmation          = paymentConfirmationJson,
                PaymentConfirmationSignature = paymentConfirmationSignature
            };

            var responseJson = JsonConvert.SerializeObject(response);

            var base64Response = Convert.ToBase64String(Encoding.UTF8.GetBytes(responseJson));

            return(base64Response);
        }
Пример #7
0
        private static bool ValidateSignature(dynamic data)
        {
            string paymentInfoJson      = data.PaymentInfo;
            string paymentInfoSignature = data.PaymentInfoSignature;
            string websitePublicKey     = data.PublicKey;

            // validate PaymentInfo signature to make sure it has not been modified
            // (or at least make it more difficult to modify as it would require signing it with a new key)

            // ! This signature must also be verified by the merchant website after a successful payment
            using (var websiteRsa = RSA.Create())
            {
                RsaExtensions.FromXmlString(websiteRsa, websitePublicKey);

                bool isWebsiteSignatureValid = websiteRsa.VerifyData(
                    Encoding.UTF8.GetBytes(paymentInfoJson),
                    Convert.FromBase64String(paymentInfoSignature),
                    HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);

                return(isWebsiteSignatureValid);
            }
        }