diff --git a/NetLicensingClient/NetLicensingClient.csproj b/NetLicensingClient/NetLicensingClient.csproj index 68e0fbb..27d0a5e 100644 --- a/NetLicensingClient/NetLicensingClient.csproj +++ b/NetLicensingClient/NetLicensingClient.csproj @@ -1,11 +1,11 @@ - netcoreapp3.1 + netstandard2.0 2.x true NetLicensingClient-csharp - 0.0.4 + 2.4.4 Labs64 NetLicensing © 2010 Labs64 GmbH https://netlicensing.io/img/labs64-avatar-200x200.png @@ -22,5 +22,7 @@ + + diff --git a/NetLicensingClient/RestController/NetLicensingAPI.cs b/NetLicensingClient/RestController/NetLicensingAPI.cs index 01f7f03..f40a36f 100644 --- a/NetLicensingClient/RestController/NetLicensingAPI.cs +++ b/NetLicensingClient/RestController/NetLicensingAPI.cs @@ -8,6 +8,11 @@ using System.Web; using NetLicensingClient.Entities; using NetLicensingClient.Exceptions; +using Org.BouncyCastle.Crypto.Parameters; +using Org.BouncyCastle.OpenSsl; +using System.Security.Cryptography; +using System.Security.Cryptography.Xml; +using System.Xml; namespace NetLicensingClient.RestController { @@ -132,6 +137,10 @@ public static netlicensing request(Context context, Method method, String path, using (StreamReader reader = new StreamReader(memoryStream)) { var responseString = reader.ReadToEnd(); + if (!VerifyXmlSignature(responseString, context.publicKey)) + { + throw new NetLicensingException("XML signature could not be verified"); + } } } memoryStream.Dispose(); @@ -198,6 +207,48 @@ private static netlicensing deserialize(Stream responseStream) return NetLicensingSerializer.Deserialize(responseStream) as netlicensing; } + private static bool VerifyXmlSignature(string xmlString, string publicKey) + { + using (var keyReader = new StringReader(publicKey)) + { + var pemReader = new PemReader(keyReader); + + RsaKeyParameters parameters = (RsaKeyParameters)pemReader.ReadObject(); + RSAParameters rParams = new RSAParameters(); + rParams.Modulus = parameters.Modulus.ToByteArray(); + rParams.Exponent = parameters.Exponent.ToByteArray(); + + RSA rsaKey = RSA.Create(); + rsaKey.ImportParameters(rParams); + + XmlDocument xmlDoc = new XmlDocument(); + xmlDoc.PreserveWhitespace = true; + xmlDoc.LoadXml(xmlString); + + // Create a new SignedXml object and pass it the XML document class + SignedXml signedXml = new SignedXml(xmlDoc); + // Find the "Signature" node and create a new XmlNodeList object + XmlNodeList nodeList = xmlDoc.GetElementsByTagName("Signature"); + + // Throw an exception if no signature was found + if (nodeList.Count <= 0) + { + throw new CryptographicException("Verification failed: No Signature was found in the document."); + } + + // Throw an exception if more than one signature was found + if (nodeList.Count >= 2) + { + throw new CryptographicException("Verification failed: More that one signature was found for the document."); + } + + // Load the first node + signedXml.LoadXml((XmlElement)nodeList[0]); + + // Check the signature and return the result + return signedXml.CheckSignature(rsaKey); + } + } } }