using System;
using System.IO;
using System.Linq;
using System.Net;
using System.Security.Cryptography;
using System.Text;
using Landingpage.Models.XML;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Encodings;
using Org.BouncyCastle.Crypto.Engines;
using Org.BouncyCastle.OpenSsl;
namespace Landingpage.Models
{
public class ExampleUseage
{
public bool ReiceverRole_JustReceivedAPayload_NowCheckEncryption_Valid(
string payloadFileXml, // should contain contents like https://edi4steel-eu.atlassian.net/wiki/spaces/EWEDI4STEEL/pages/187236374884762/Standardized+order
string payloadMetadata // should contain contents like https://edi4steel-eu.atlassian.net/wiki/spaces/EWEDI4STEEL/pages/229310472950303/Example+payload+metadata+API
)
{
// convert payloadMetadata (xml) to an object, change below object to actual type
SubmitMessage payloadMetadataObject = payloadMetadata;
var algorithm = payloadMetadataObject.Payloads.Payload.PayloadProperties.FirstOrDefault(x => x.Name == "HashAlgorithm");
var hash = payloadMetadataObject.Payloads.Payload.PayloadProperties.FirstOrDefault(x => x.Name == "Hash");
var isencrypted = payloadMetadataObject.Payloads.Payload.PayloadProperties.FirstOrDefault(x => x.Name == "HashIsEncrypted");
if (isencrypted.Value == "True")
{
// url parameter is edi4steel.eu when sender uses edi4steel API, if they use
// their own accesspoint or saas accesspoint the other end must have provided the url
// to you and you must have stored it somewhere..
var decryptedHash = AccesspointEncryptionHelper.Descrypt("https://edi4steel.eu", hash.Value);
string hashToCheck = AccesspointEncryptionHelper.Sha256_hash(payloadFileXml);
if (decryptedHash == hashToCheck)
return true;
return false; // hashes not equal
}
return true; // not hashed, fine
}
public string SenderRole_HashWithPrivateKey_BeforeSend(
string payloadXml // should contain contents like https://edi4steel-eu.atlassian.net/wiki/spaces/EWEDI4STEEL/pages/187236374884762/Standardized+order
)
{
// this method is only required if you have your own accesspoint or saas accesspoint
// the api version does this for you!
// this is a private key generated by Lets Encrypt (auto generated)
// and is done so (and others must also do so) with an RSA algorithm, not Eliptic cure etc!
string privateKey = File.ReadAllText(@"D:\Certificates\domain-key.pem");
// the returned value should be stored value of hash in DeliverMessage
return AccesspointEncryptionHelper.Encrypt(privateKey, AccesspointEncryptionHelper.Sha256_hash(payloadXml));
}
}
/// <summary>
/// Helper method for encryption
/// </summary>
public static class AccesspointEncryptionHelper
{
/// <summary>
/// The default algorithm to use
/// </summary>
public static string DefaultHashAlgorithm = "SHA256";
/// <summary>
/// Encrypt some plain text
/// </summary>
/// <param name="privateKeyPemFormat"></param>
/// <param name="plaingTextInput"></param>
/// <returns></returns>
public static string Encrypt(string privateKeyPemFormat, string plaingTextInput)
{
return RsaEncryptWithPrivate(plaingTextInput, privateKeyPemFormat);
}
/// <summary>
/// Decrypt some encrypted text
/// </summary>
/// <param name="urlForCertificatePublicKey"></param>
/// <param name="encryptedText"></param>
/// <returns></returns>
public static string Descrypt(string urlForCertificatePublicKey, string encryptedText)
{
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls | SecurityProtocolType.Ssl3;
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(urlForCertificatePublicKey);
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
response.Close();
System.Security.Cryptography.X509Certificates.X509Certificate cert = request.ServicePoint.Certificate;
Org.BouncyCastle.X509.X509Certificate convertedCert = new Org.BouncyCastle.X509.X509CertificateParser().ReadCertificate(cert.GetRawCertData());
AsymmetricKeyParameter key = convertedCert.GetPublicKey();
return RsaDecryptWithPublic(encryptedText, key);
}
/// <summary>
/// Has some vlaue
/// </summary>
/// <param name="value"></param>
/// <returns></returns>
public static string Sha256_hash(string value)
{
StringBuilder Sb = new StringBuilder();
using (SHA256 hash = SHA256Managed.Create())
{
Encoding enc = Encoding.UTF8;
byte[] result = hash.ComputeHash(enc.GetBytes(value));
foreach (byte b in result)
Sb.Append(b.ToString("x2"));
}
return Sb.ToString();
}
private static string RsaEncryptWithPrivate(string clearText, string privateKey)
{
var bytesToEncrypt = Encoding.UTF8.GetBytes(clearText);
var encryptEngine = new Pkcs1Encoding(new RsaEngine());
using (var txtreader = new StringReader(privateKey))
{
var keyPair = (AsymmetricCipherKeyPair)new PemReader(txtreader).ReadObject();
encryptEngine.Init(true, keyPair.Private);
}
var encrypted = Convert.ToBase64String(encryptEngine.ProcessBlock(bytesToEncrypt, 0, bytesToEncrypt.Length));
return encrypted;
}
private static string RsaDecryptWithPublic(string base64Input, AsymmetricKeyParameter publicKey)
{
var bytesToDecrypt = Convert.FromBase64String(base64Input);
var decryptEngine = new Pkcs1Encoding(new RsaEngine());
var keyParameter = publicKey;
decryptEngine.Init(false, keyParameter);
var decrypted = Encoding.UTF8.GetString(decryptEngine.ProcessBlock(bytesToDecrypt, 0, bytesToDecrypt.Length));
return decrypted;
}
}
} |