public MtbContainer Sign(MtbContainer mtb)
{
mtb.IssuerSignedTicketBundle.Header = new IssuerSignatureHeader(SignatureAlgorithm.ES256, _keyRepository.SigningIssuerId, _keyRepository.SigningKeyId);
var signingInput = CreateCoseSigningInput(mtb.IssuerSignedTicketBundle.Header.GetBytes(), mtb.IssuerSignedTicketBundle.TicketBundle.GetBytes());
var privateKey = _keyRepository.GetPrivateKey();
using (var dsa = new ECDsaCng(privateKey))
{
mtb.IssuerSignedTicketBundle.Signature = dsa.SignData(signingInput);
}
return mtb;
}
public void CreateMtbFromBytes_Creates_A_MtbContainer_with_TicketBundle()
{
var bytes = Convert.FromBase64String(mtbB64);
var mtb = new MtbContainer(bytes);
Assert.That(mtb, Is.Not.Null);
Assert.That(mtb.IssuerSignedTicketBundle, Is.Not.Null);
}
public void Verify_Returns_False_When_Invalid_Signature()
{
issuerSignedTicketBundle.Signature = new byte[64];
var mtb = new MtbContainer(issuerSignedTicketBundle);
var result = service.Verify(mtb);
Assert.That(result, Is.False);
}
/// <summary>
/// Creates a signed MTB with one participant object.
/// Participant object is expected to be serialized to JSON-array;
/// [{participantTicketObject-1}, {participantTicketObject-2}, ... ]
/// </summary>
/// <param name="jsonString">Participant object serialized to JSON</param>
/// <param name="participantId">Participant id (PID) for Ticket Bundle map</param>
/// <returns>Signed MTB as byte[]</returns>
public byte[] CreateSigned(string jsonString, string participantId)
{
var participantObject = new ParticipantObject(jsonString);
var ticketBundle = new TicketBundle();
ticketBundle.ParticipantObjects.Add(participantId, participantObject);
var unSignedBundle = new IssuerSignedTicketBundle(ticketBundle);
var mtbContainer = new MtbContainer(unSignedBundle);
// Sign
var signedMtb = _service.Sign(mtbContainer);
return signedMtb.GetBytes();
}
public void Sign_Creates_a_MTB_with_valid_signature()
{
var ticketBundle = new TicketBundle();
var issuerTicketBundle = new IssuerSignedTicketBundle(ticketBundle);
var mtb = new MtbContainer(issuerTicketBundle);
var signed = service.Sign(mtb);
var signedBundle = signed.IssuerSignedTicketBundle;
var validationResult = service.Verify(mtb);
Assert.That(signedBundle.Signature, Is.Not.Null);
Assert.That(validationResult, Is.True);
}
public void Sign_Creates_a_MTB_with_valid_header()
{
var ticketBundle = new TicketBundle();
var issuerTicketBundle = new IssuerSignedTicketBundle(ticketBundle);
var mtb = new MtbContainer(issuerTicketBundle);
var signed = service.Sign(mtb);
var signedBundle = signed.IssuerSignedTicketBundle;
Assert.That(signedBundle.Header, Is.Not.Null);
Assert.That(signedBundle.Header.alg, Is.EqualTo(SignatureAlgorithm.ES256));
Assert.That(signedBundle.Header.iid, Is.EqualTo(keyRepo.SigningIssuerId));
Assert.That(signedBundle.Header.kid, Is.EqualTo(keyRepo.SigningKeyId));
}
public bool Verify(MtbContainer mtb)
{
var header = mtb.IssuerSignedTicketBundle.Header;
var signingInput = CreateCoseSigningInput(mtb.IssuerSignedTicketBundle.Header.GetBytes(), mtb.IssuerSignedTicketBundle.TicketBundle.GetBytes());
var signature = mtb.IssuerSignedTicketBundle.Signature;
var publicKey = _keyRepository.GetPublicKey(header.alg, header.iid, header.kid);
if (publicKey != null)
{
if (signature.Length > 64)
{
signature = SignatureConverter.FromDerEncoded(signature);
}
using (var dsa = new ECDsaCng(publicKey))
{
return dsa.VerifyData(signingInput, signature);
}
}
return false;
}
/// <summary>
/// Verifies a Issuer signature for a MTB
/// </summary>
/// <param name="mtbContainer">MTB Conatiner to verify</param>
/// <returns>True if signature is verified.</returns>
public bool Verify(MtbContainer mtbContainer)
{
return _service.Verify(mtbContainer);
}
/// <summary>
/// Parses a byte array and returns a MtbContainer.
/// Issuer signature is not verified. Use <see cref="Verify(MtbContainer)"/> to verify.
/// </summary>
/// <param name="data">Raw MTB byte[]</param>
/// <returns>Filled MtbContainer</returns>
public MtbContainer Parse(byte[] data)
{
var mtbContainer = new MtbContainer(data);
return mtbContainer;
}
public void Verify_Returns_True_When_Ok_Signature()
{
var mtb = new MtbContainer(issuerSignedTicketBundle);
var result = service.Verify(mtb);
Assert.That(result, Is.True);
}
