private static bool ValidateSignatures(dynamic data, string centralApiPublicKey) { string paymentInfoJson = data.PaymentInfo; string centralApiPaymentInfoSignature = data.PaymentInfoSignature; string paymentProofJson = data.PaymentProof; string paymentProofSignature = data.PaymentProofSignature; // validate signatures of PaymentInfo and PaymentProof using (var centralApiRsa = RSA.Create()) { RsaExtensions.FromXmlString(centralApiRsa, centralApiPublicKey); bool isPaymentInfoSignatureValid = centralApiRsa.VerifyData( Encoding.UTF8.GetBytes(paymentInfoJson), Convert.FromBase64String(centralApiPaymentInfoSignature), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); bool isPaymentProofSignatureValid = centralApiRsa.VerifyData( Encoding.UTF8.GetBytes(paymentProofJson), Convert.FromBase64String(paymentProofSignature), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); return(isPaymentInfoSignatureValid && isPaymentProofSignatureValid); } }
private void InitializeRsa() { using (var publicRsa = RSA.Create()) { var publicKeyXml = File.ReadAllText(_jwtSettings.RsaPublicKeyXml); RsaExtensions.FromXmlString(publicRsa, publicKeyXml); _issuerSigningKey = new RsaSecurityKey(publicRsa); } }
public static string SignAndEncryptData <T>( T model, string apiSigningKey, string bankKey) where T : class { // Sign data with api private key using (var rsa = RSA.Create()) { RsaExtensions.FromXmlString(rsa, apiSigningKey); var aesParams = CryptographyExtensions.GenerateKey(); var key = Convert.FromBase64String(aesParams[0]); var iv = Convert.FromBase64String(aesParams[1]); var serializedModel = JsonConvert.SerializeObject(model); var dataObject = new { Model = serializedModel, Timestamp = DateTime.UtcNow }; var data = JsonConvert.SerializeObject(dataObject); var signature = Convert.ToBase64String(rsa .SignData(Encoding.UTF8.GetBytes(data), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1)); // Encrypt with bank public key string encryptedKey; string encryptedIv; using (var encryptionRsa = RSA.Create()) { RsaExtensions.FromXmlString(encryptionRsa, bankKey); encryptedKey = Convert.ToBase64String(encryptionRsa.Encrypt(key, RSAEncryptionPadding.Pkcs1)); encryptedIv = Convert.ToBase64String(encryptionRsa.Encrypt(iv, RSAEncryptionPadding.Pkcs1)); } var encryptedData = Convert.ToBase64String(CryptographyExtensions.Encrypt(data, key, iv)); var json = new { EncryptedKey = encryptedKey, EncryptedIv = encryptedIv, Data = encryptedData, Signature = signature }; var serializedJson = JsonConvert.SerializeObject(json); var request = Convert.ToBase64String(Encoding.UTF8.GetBytes(serializedJson)); return(request); } }
public static string GeneratePaymentRequestWithProof(dynamic request, string bankPublicKey, string centralApiKey) { string paymentInfoJson = request.PaymentInfo; string websitePaymentInfoSignature = request.PaymentInfoSignature; string returnUrl = request.ReturnUrl; // generate PaymentProof containing the bank's public key // and merchant's original PaymentInfo signature var paymentProof = new { BankPublicKey = bankPublicKey, PaymentInfoSignature = websitePaymentInfoSignature }; string paymentProofJson = JsonConvert.SerializeObject(paymentProof); string paymentInfoCentralApiSignature; string paymentProofSignature; // sign the PaymentInfo and PaymentProof using (var centralApiRsa = RSA.Create()) { RsaExtensions.FromXmlString(centralApiRsa, centralApiKey); paymentInfoCentralApiSignature = Convert.ToBase64String( centralApiRsa.SignData( Encoding.UTF8.GetBytes(paymentInfoJson), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1)); paymentProofSignature = Convert.ToBase64String( centralApiRsa.SignData( Encoding.UTF8.GetBytes(paymentProofJson), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1)); } var proofRequest = new { PaymentInfo = paymentInfoJson, PaymentInfoSignature = paymentInfoCentralApiSignature, PaymentProof = paymentProofJson, PaymentProofSignature = paymentProofSignature, ReturnUrl = returnUrl }; string proofRequestJson = JsonConvert.SerializeObject(proofRequest); string encodedProofRequest = Convert.ToBase64String(Encoding.UTF8.GetBytes(proofRequestJson)); return(encodedProofRequest); }
private string SignAndEncryptData(CentralApiSubmitTransferDto model) { using (var rsa = RSA.Create()) { RsaExtensions.FromXmlString(rsa, this.bankConfiguration.Key); var aesParams = CryptographyExtensions.GenerateKey(); var key = Convert.FromBase64String(aesParams[0]); var iv = Convert.FromBase64String(aesParams[1]); var serializedModel = JsonConvert.SerializeObject(model); var dataObject = new { Model = serializedModel, Timestamp = DateTime.UtcNow }; var data = JsonConvert.SerializeObject(dataObject); var signature = Convert.ToBase64String(rsa .SignData(Encoding.UTF8.GetBytes(data), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1)); string encryptedKey; string encryptedIv; using (var encryptionRsa = RSA.Create()) { RsaExtensions.FromXmlString(encryptionRsa, this.bankConfiguration.CentralApiPublicKey); encryptedKey = Convert.ToBase64String(encryptionRsa.Encrypt(key, RSAEncryptionPadding.Pkcs1)); encryptedIv = Convert.ToBase64String(encryptionRsa.Encrypt(iv, RSAEncryptionPadding.Pkcs1)); } var encryptedData = Convert.ToBase64String(CryptographyExtensions.Encrypt(data, key, iv)); var json = new { BankName = this.bankConfiguration.BankName, BankSwiftCode = this.bankConfiguration.UniqueIdentifier, BankCountry = this.bankConfiguration.Country, EncryptedKey = encryptedKey, EncryptedIv = encryptedIv, Data = encryptedData, Signature = signature }; var jsonRequest = JsonConvert.SerializeObject(json); var encryptedRequest = Convert.ToBase64String(Encoding.UTF8.GetBytes(jsonRequest)); return(encryptedRequest); } }
public static string GenerateSuccessResponse(dynamic paymentRequest, string bankKey) { // generate PaymentConfirmation var paymentConfirmation = new { Success = true, paymentRequest.PaymentProofSignature }; var paymentConfirmationJson = JsonConvert.SerializeObject(paymentConfirmation); // sign the PaymentConfirmation string paymentConfirmationSignature; using (var bankRsa = RSA.Create()) { RsaExtensions.FromXmlString(bankRsa, bankKey); paymentConfirmationSignature = Convert.ToBase64String( bankRsa.SignData( Encoding.UTF8.GetBytes(paymentConfirmationJson), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1)); } // generate response var response = new { paymentRequest.PaymentInfo, paymentRequest.PaymentProof, PaymentConfirmation = paymentConfirmationJson, PaymentConfirmationSignature = paymentConfirmationSignature }; var responseJson = JsonConvert.SerializeObject(response); var base64Response = Convert.ToBase64String(Encoding.UTF8.GetBytes(responseJson)); return(base64Response); }
private static bool ValidateSignature(dynamic data) { string paymentInfoJson = data.PaymentInfo; string paymentInfoSignature = data.PaymentInfoSignature; string websitePublicKey = data.PublicKey; // validate PaymentInfo signature to make sure it has not been modified // (or at least make it more difficult to modify as it would require signing it with a new key) // ! This signature must also be verified by the merchant website after a successful payment using (var websiteRsa = RSA.Create()) { RsaExtensions.FromXmlString(websiteRsa, websitePublicKey); bool isWebsiteSignatureValid = websiteRsa.VerifyData( Encoding.UTF8.GetBytes(paymentInfoJson), Convert.FromBase64String(paymentInfoSignature), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); return(isWebsiteSignatureValid); } }