Jag skapar en tjänst för signaturer, validering av signaturer och autentisering med hjälp av Freja eID v1.0 i denna handledning. Freja eID är en global tjänst för elektronisk identifiering (eID) som kan användas för e-autentisering och e-signaturer. Användare av Freja eID använder en smarttelefonapplikation för att logga in och skapa signaturer, varje användare kan kontrollera hur deras eID får användas och de kan se historik i en webbportal.
Denna kod har testats och fungerar med Google Chrome (75.0.3770.100), Mozilla Firefox (75.0) och Microsoft Edge (81.0.416.62), detta utan polyfills. Koden fungerar i Internet Explorer (11.829.17134.0) med polyfills för Array.from, Promise, String.prototype.padStart, TextEncoder, WebCrypto, XMLHttpRequest, Array.prototype.includes, CustomEvent, Array.prototype.closest, Array.prototype.remove, String.prototype.endsWith and String.prototype.includes och transpilering. Om du vill stödja äldre webbläsare kan du läsa vårt inlägg om transpilering och komplettering av JavaScript. Den här koden har beroenden till annytab.effects, Font Awesome, annytab.notifier och js-spark-md5.
Förberedelser och inställningar
Denna tjänst implementeras med HTML, JavaScript och C-sharp i ASP.NET Core. Du måste hämta ett klienttestcertifikat genom att skicka ett e-postmeddelande till Freja eID. Klienttestcertifikatet används för att ansluta till REST API:et. Du måste också hämta JWS-certifikat för att kunna validera signaturer.
Du måste ladda ner Freja eID-appen till din smarttelefon och starta applikationen i testläge, instruktioner hittar du här. När du har skapat ett testkonto kan du uppgradera ditt konto från BASIC till EXTENDED och sedan till PLUS via Test Vetting Portal. Jag använder en application.json-fil för att spara inställningar avseende min freja-klient och en FrejaOptions-klass för att komma åt dessa inställningar.
{"Logging": {"LogLevel": {"Default": "Debug","System": "Information","Microsoft": "Information"}},"AllowedHosts": "*","FrejaOptions": {"BaseAddress": "https://services.test.frejaeid.com","JwsCertificate": "MIIEETCCAvmgAwIBAgIUTeCJ0hz3mbtyONBEiap7su74LZwwDQYJKoZIhvcNAQELBQAwgYMxCzAJBgNVBAYTAlNFMRIwEAYDVQQHEwlTdG9ja2hvbG0xFDASBgNVBGETCzU1OTExMC00ODA2MR0wGwYDVQQKExRWZXJpc2VjIEZyZWphIGVJRCBBQjENMAsGA1UECxMEVGVzdDEcMBoGA1UEAxMTUlNBIFRFU1QgSXNzdWluZyBDQTAeFw0xNzA3MTIxNTIwMTNaFw0yMDA3MTIxNTIwMTNaMIGKMQswCQYDVQQGEwJTRTESMBAGA1UEBxMJU3RvY2tob2xtMRQwEgYDVQRhEws1NTkxMTAtNDgwNjEdMBsGA1UEChMUVmVyaXNlYyBGcmVqYSBlSUQgQUIxDTALBgNVBAsTBFRlc3QxIzAhBgNVBAMTGkZyZWphIGVJRCBURVNUIE9yZyBTaWduaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgMINs87TiouDPSSmpn05kZv9TN8XdopcHnElp6ElJLpQh3oYGIL4B71oIgF3r8zRWq8kQoJlYMugmhsld0r0EsUJbsrcjBJ5CJ1WYZg1Vu8FpYLKoaFRI/qxT6xCMvd238Q99Sdl6G6O9sQQoFq10EaYBa970Tl3nDziQQ6bbSNkZoOYIZoicx4+1XFsrGiru8o8QIyc3g0eSgrd3esbUkuk0eH65SeaaOCrsaCOpJUqEziD+el4R6d40dTz/uxWmNpGKF4BmsNWeQi9b4gDYuFqNYhs7bnahvkK6LvtDThV79395px/oUz5BEDdVwjxPJzgaAuUHE+6A1dMapkjsQIDAQABo3QwcjAOBgNVHQ8BAf8EBAMCBsAwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBRqfIoPnXAOHNpfLaA8Jl+I6BW/nDASBgNVHSAECzAJMAcGBSoDBAUKMB0GA1UdDgQWBBT7j90x8xG2Sg2p7dCiEpsq3mo5PTANBgkqhkiG9w0BAQsFAAOCAQEAaKEIpRJvhXcN3MvP7MIMzzuKh2O8kRVRQAoKCj0K0R9tTUFS5Ang1fEGMxIfLBohOlRhXgKtqJuB33IKzjyA/1IBuRUg2bEyecBf45IohG+vn4fAHWTJcwVChHWcOUH+Uv1g7NX593nugv0fFdPqt0JCnsFx2c/r9oym+VPP7p04BbXzYUk+17qmFBP/yNlltjzfeVnIOk4HauR9i94FrfynuZLuItB6ySCVmOlfA0r1pHv5sofBEirhwceIw1EtFqEDstI+7XZMXgDwSRYFc1pTjrWMaua2UktmJyWZPfIY69pi/z4u+uAnlPuQZnksaGdZiIcAyrt5IXpNCU5wyg==","TimeoutInMilliseconds" : 90000}}
using System;namespace Annytab.Scripts{public class FrejaOptions{#region Variablespublic string BaseAddress { get; set; }public string JwsCertificate { get; set; }public Int32? TimeoutInMilliseconds { get; set; }#endregion#region Constructorspublic FrejaOptions(){// Set values for instance variablesthis.BaseAddress = null;this.JwsCertificate = null;this.TimeoutInMilliseconds = null;} // End of the constructor#endregion} // End of the class} // End of the namespace
Modeller
using System.Security.Cryptography.X509Certificates;namespace Annytab.Scripts.Models{public class ResponseData{#region variablespublic bool success { get; set; }public string id { get; set; }public string message { get; set; }public string url { get; set; }#endregion#region Constructorspublic ResponseData(){// Set values for instance variablesthis.success = false;this.id = "";this.message = "";this.url = "";} // End of the constructorpublic ResponseData(bool success, string id, string message, string url = ""){// Set values for instance variablesthis.success = success;this.id = id;this.message = message;this.url = url;} // End of the constructor#endregion} // End of the classpublic class Signature{#region Variablespublic string validation_type { get; set; }public string algorithm { get; set; }public string padding { get; set; }public string data { get; set; }public string value { get; set; }public string certificate { get; set; }#endregion#region Constructorspublic Signature(){// Set values for instance variablesthis.validation_type = null;this.algorithm = null;this.padding = null;this.data = null;this.value = null;this.certificate = null;} // End of the constructor#endregion} // End of the classpublic class SignatureValidationResult{#region Variablespublic bool valid { get; set; }public string signature_data { get; set; }public string signatory { get; set; }public X509Certificate2 certificate { get; set; }#endregion#region Constructorspublic SignatureValidationResult(){// Set values for instance variablesthis.valid = false;this.signature_data = null;this.signatory = null;this.certificate = null;} // End of the constructor#endregion} // End of the class} // End of the namespace
using System;using System.Collections.Generic;namespace Annytab.Scripts{public class DataToSign{public string text { get; set; }public string binaryData { get; set; }} // End of the classpublic class PushNotification{public string title { get; set; }public string text { get; set; }} // End of the classpublic class AttributesToReturnItem{public string attribute { get; set; }} // End of the classpublic class FrejaRequest{public string userInfoType { get; set; }public string userInfo { get; set; }public string minRegistrationLevel { get; set; }public string title { get; set; }public PushNotification pushNotification { get; set; }public Int64? expiry { get; set; }public string dataToSignType { get; set; }public DataToSign dataToSign { get; set; }public string signatureType { get; set; }public IList<AttributesToReturnItem> attributesToReturn { get; set; }} // End of the classpublic class BasicUserInfo{public string name { get; set; }public string surname { get; set; }} // End of the classpublic class AddressesItem{public string country { get; set; }public string city { get; set; }public string postCode { get; set; }public string address1 { get; set; }public string address2 { get; set; }public string address3 { get; set; }public string validFrom { get; set; }public string type { get; set; }public string sourceType { get; set; }} // End of the classpublic class Ssn{public string ssn { get; set; }public string country { get; set; }} // End of the classpublic class RequestedAttributes{public BasicUserInfo basicUserInfo { get; set; }public string emailAddress { get; set; }public string dateOfBirth { get; set; }public List<AddressesItem> addresses { get; set; }public Ssn ssn { get; set; }public string relyingPartyUserId { get; set; }public string integratorSpecificUserId { get; set; }public string customIdentifier { get; set; }} // End of the classpublic class FrejaStatusResponse{public string authRef { get; set; }public string signRef { get; set; }public string status { get; set; }public string details { get; set; }public RequestedAttributes requestedAttributes { get; set; }} // End of the classpublic class FrejaResponseHeader{public string x5t { get; set; }public string alg { get; set; }} // End of the classpublic class FrejaPayload{public string authRef { get; set; }public string signRef { get; set; }public string status { get; set; }public string userInfoType { get; set; }public string userInfo { get; set; }public string minRegistrationLevel { get; set; }public RequestedAttributes requestedAttributes { get; set; }public string signatureType { get; set; }public SignatureData signatureData { get; set; }public Int64? timestamp { get; set; }} // End of the classpublic class SignatureData{public string userSignature { get; set; }public string certificateStatus { get; set; }} // End of the class} // End of the namespace
Freja-klient
using System.Threading.Tasks;using Annytab.Scripts.Models;namespace Annytab.Scripts{public interface IFrejaClient{Task<bool> Authenticate(string userInfoType, string userInfo);Task<bool> Sign(string userInfoType, string userInfo, Annytab.Scripts.Models.Signature signature);SignatureValidationResult Validate(Signature signature);} // End of the interface} // End of the namespace
using System;using System.Text;using System.Text.Json;using System.Net.Http;using System.Net.Http.Headers;using System.Collections.Generic;using System.Threading.Tasks;using System.Security.Cryptography;using System.Security.Cryptography.X509Certificates;using Microsoft.AspNetCore.WebUtilities;using Microsoft.Extensions.Options;using Microsoft.Extensions.Logging;using Annytab.Scripts.Models;namespace Annytab.Scripts{public class FrejaClient : IFrejaClient{#region Variablesprivate readonly HttpClient client;private readonly FrejaOptions options;private readonly ILogger logger;#endregion#region Constructorspublic FrejaClient(HttpClient http_client, IOptions<FrejaOptions> options, ILogger<IFrejaClient> logger){// Set values for instance variablesthis.client = http_client;this.options = options.Value;this.logger = logger;// Set values for the clientthis.client.BaseAddress = new Uri(this.options.BaseAddress);this.client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));} // End of the constructor#endregion#region Authenticationpublic async Task<bool> Authenticate(string userInfoType, string userInfo){// VariablesStringContent content = null;FrejaStatusResponse status_response = null;try{// Create a requestFrejaRequest request = new FrejaRequest{userInfoType = userInfoType,userInfo = userInfo,minRegistrationLevel = "PLUS", // BASIC, EXTENDED or PLUSattributesToReturn = new List<AttributesToReturnItem>{new AttributesToReturnItem{attribute = "BASIC_USER_INFO",},new AttributesToReturnItem{attribute = "EMAIL_ADDRESS",},new AttributesToReturnItem{attribute = "DATE_OF_BIRTH",},new AttributesToReturnItem{attribute = "ADDRESSES",},new AttributesToReturnItem{attribute = "SSN",}}};// Set serializer optionsvar json_options = new JsonSerializerOptions{IgnoreNullValues = true,WriteIndented = true,Encoder = System.Text.Encodings.Web.JavaScriptEncoder.UnsafeRelaxedJsonEscaping};// Convert request to jsonstring json = JsonSerializer.Serialize(request, json_options);// Create string contentcontent = new StringContent("initAuthRequest=" + Convert.ToBase64String(Encoding.UTF8.GetBytes(json)));content.Headers.ContentType.MediaType = "application/json";content.Headers.ContentType.CharSet = "utf-8";// Get the responseHttpResponseMessage response = await client.PostAsync("/authentication/1.0/initAuthentication", content);// Check the status code for the responseif (response.IsSuccessStatusCode == true){// Get string datajson = await response.Content.ReadAsStringAsync();// Add contentcontent = new StringContent("getOneAuthResultRequest=" + Convert.ToBase64String(Encoding.UTF8.GetBytes(json)));content.Headers.ContentType.MediaType = "application/json";content.Headers.ContentType.CharSet = "utf-8";// Wait for authenticationInt32 timeout = this.options.TimeoutInMilliseconds.GetValueOrDefault();while (true){// Check for a timeoutif (timeout <= 0){// Cancel the order and return falsecontent = new StringContent("cancelAuthRequest=" + Convert.ToBase64String(Encoding.UTF8.GetBytes(json)));content.Headers.ContentType.MediaType = "application/json";content.Headers.ContentType.CharSet = "utf-8";response = await client.PostAsync("/authentication/1.0/cancel", content);return false;}// Sleep for 2 secondsawait Task.Delay(2000);timeout -= 2000;// Collect a signatureresponse = await client.PostAsync("/authentication/1.0/getOneResult", content);// Check the status code for the responseif (response.IsSuccessStatusCode == true){// Get string datastring data = await response.Content.ReadAsStringAsync();// Convert data to a bankid responsestatus_response = JsonSerializer.Deserialize<FrejaStatusResponse>(data);if (status_response.status == "APPROVED"){// Break out from the loopbreak;}else if (status_response.status == "STARTED" || status_response.status == "DELIVERED_TO_MOBILE"|| status_response.status == "OPENED" || status_response.status == "OPENED"){// Continue to loopcontinue;}else{// CANCELED, RP_CANCELED, EXPIRED or REJECTEDreturn false;}}else{// Get string datastring data = await response.Content.ReadAsStringAsync();// Return falsereturn false;}}}else{// Get string datastring data = await response.Content.ReadAsStringAsync();// Log the errorthis.logger.LogError($"Authenticate: {data}");// Return falsereturn false;}}catch (Exception ex){// Log the exceptionthis.logger.LogInformation(ex, $"Authenticate: {status_response.details}", null);// Return falsereturn false;}finally{if (content != null){content.Dispose();}}// Return successreturn true;} // End of the Authenticate method#endregion#region Signaturespublic async Task<bool> Sign(string userInfoType, string userInfo, Annytab.Scripts.Models.Signature signature){// VariablesStringContent content = null;FrejaStatusResponse status_response = null;try{// Create a requestFrejaRequest request = new FrejaRequest{userInfoType = userInfoType,userInfo = userInfo,minRegistrationLevel = "BASIC", // BASIC, EXTENDED or PLUStitle = "Sign File",pushNotification = new PushNotification // Can not include swedish characters å,ä,ö{title = "Hello - Hallå",text = "Please sign this file - Signera denna fil"},expiry = (Int64)DateTime.UtcNow.AddMinutes(5).Subtract(new DateTime(1970, 1, 1)).TotalMilliseconds,//expiry = DateTimeOffset.UtcNow.AddMinutes(5).ToUnixTimeMilliseconds(),dataToSignType = "SIMPLE_UTF8_TEXT",dataToSign = new DataToSign { text = Convert.ToBase64String(Encoding.UTF8.GetBytes(signature.data)) },signatureType = "SIMPLE",attributesToReturn = new List<AttributesToReturnItem>{//new AttributesToReturnItem//{// attribute = "BASIC_USER_INFO",//},new AttributesToReturnItem{attribute = "EMAIL_ADDRESS",},//new AttributesToReturnItem//{// attribute = "DATE_OF_BIRTH",//},//new AttributesToReturnItem//{// attribute = "ADDRESSES",//},//new AttributesToReturnItem//{// attribute = "SSN",//}}};// Set serializer optionsvar json_options = new JsonSerializerOptions{IgnoreNullValues = true,WriteIndented = true,Encoder = System.Text.Encodings.Web.JavaScriptEncoder.UnsafeRelaxedJsonEscaping};// Convert request to jsonstring json = JsonSerializer.Serialize(request, json_options);// Create string contentcontent = new StringContent("initSignRequest=" + Convert.ToBase64String(Encoding.UTF8.GetBytes(json)));content.Headers.ContentType.MediaType = "application/json";content.Headers.ContentType.CharSet = "utf-8";// Get the responseHttpResponseMessage response = await client.PostAsync("/sign/1.0/initSignature", content);// Check the status code for the responseif (response.IsSuccessStatusCode == true){// Get string datajson = await response.Content.ReadAsStringAsync();// Add contentcontent = new StringContent("getOneSignResultRequest=" + Convert.ToBase64String(Encoding.UTF8.GetBytes(json)));content.Headers.ContentType.MediaType = "application/json";content.Headers.ContentType.CharSet = "utf-8";// Collect the signatureInt32 timeout = this.options.TimeoutInMilliseconds.GetValueOrDefault();while (true){// Check for a timeoutif (timeout <= 0){// Cancel the order and return falsecontent = new StringContent("cancelSignRequest=" + Convert.ToBase64String(Encoding.UTF8.GetBytes(json)));content.Headers.ContentType.MediaType = "application/json";content.Headers.ContentType.CharSet = "utf-8";response = await client.PostAsync("/sign/1.0/cancel", content);return false;}// Sleep for 2 secondsawait Task.Delay(2000);timeout -= 2000;// Collect a signatureresponse = await client.PostAsync("/sign/1.0/getOneResult", content);// Check the status code for the responseif (response.IsSuccessStatusCode == true){// Get string datastring data = await response.Content.ReadAsStringAsync();// Convert data to a bankid responsestatus_response = JsonSerializer.Deserialize<FrejaStatusResponse>(data);if (status_response.status == "APPROVED"){// Break out from the loopbreak;}else if (status_response.status == "STARTED" || status_response.status == "DELIVERED_TO_MOBILE"|| status_response.status == "OPENED" || status_response.status == "OPENED"){// Continue to loopcontinue;}else{// CANCELED, RP_CANCELED or EXPIREDreturn false;}}else{// Get string datastring data = await response.Content.ReadAsStringAsync();// Return falsereturn false;}}}else{// Get string datastring data = await response.Content.ReadAsStringAsync();// Log the errorthis.logger.LogError($"Sign: {data}");// Return falsereturn false;}// Update the signaturesignature.algorithm = "SHA-256";signature.padding = "Pkcs1";signature.value = status_response.details;signature.certificate = this.options.JwsCertificate;}catch (Exception ex){// Log the exceptionthis.logger.LogInformation(ex, $"Sign: {signature.value}", null);// Return falsereturn false;}finally{if (content != null){content.Dispose();}}// Return successreturn true;} // End of the Sign methodpublic SignatureValidationResult Validate(Annytab.Scripts.Models.Signature signature){// Create the result to returnSignatureValidationResult result = new SignatureValidationResult();result.signature_data = signature.data;// Get JWS data (signed by Freja)string[] jws = signature.value.Split('.');byte[] data = Encoding.UTF8.GetBytes(jws[0] + "." + jws[1]);byte[] digest = WebEncoders.Base64UrlDecode(jws[2]);// Get payload dataFrejaPayload payload = JsonSerializer.Deserialize<FrejaPayload>(Encoding.UTF8.GetString(WebEncoders.Base64UrlDecode(jws[1])));result.signatory = payload.userInfoType + ": " + payload.userInfo;string[] user_signature = payload.signatureData.userSignature.Split('.');string signed_data = Encoding.UTF8.GetString(WebEncoders.Base64UrlDecode(user_signature[1]));try{// Get the certificateresult.certificate = new X509Certificate2(Convert.FromBase64String(signature.certificate));// Get the public keyusing (RSA rsa = result.certificate.GetRSAPublicKey()){// Check if the signature is validresult.valid = rsa.VerifyData(data, digest, GetHashAlgorithmName(signature.algorithm), GetRSASignaturePadding(signature.padding));}}catch (Exception ex){// Log the exceptionthis.logger.LogInformation(ex, $"Validate: {signature.value}", null);}// Make sure that signature data conformsif(signature.data != signed_data){result.valid = false;}// Return the validation resultreturn result;} // End of the Validate method#endregion#region Helperspublic static HashAlgorithmName GetHashAlgorithmName(string signature_algorithm){if (signature_algorithm == "SHA-256"){return HashAlgorithmName.SHA256;}else if (signature_algorithm == "SHA-384"){return HashAlgorithmName.SHA384;}else if (signature_algorithm == "SHA-512"){return HashAlgorithmName.SHA512;}else{return HashAlgorithmName.SHA1;}} // End of the GetHashAlgorithmName methodpublic static RSASignaturePadding GetRSASignaturePadding(string signature_padding){if (signature_padding == "Pss"){return RSASignaturePadding.Pss;}else{return RSASignaturePadding.Pkcs1;}} // End of the GetRSASignaturePadding method#endregion} // End of the class} // End of the namespace
Konfiguration
using System;using System.Net;using System.Net.Http;using System.Globalization;using System.Security.Authentication;using System.Security.Cryptography.X509Certificates;using Microsoft.AspNetCore.Builder;using Microsoft.AspNetCore.Hosting;using Microsoft.AspNetCore.Http.Features;using Microsoft.AspNetCore.HttpOverrides;using Microsoft.Extensions.Configuration;using Microsoft.Extensions.DependencyInjection;using Microsoft.Extensions.Hosting;namespace Annytab.Scripts{/// <summary>/// This class handles application startup/// </summary>public class Startup{/// <summary>/// Variables/// </summary>public IConfiguration configuration { get; set; }/// <summary>/// Create a new startup object/// </summary>public Startup(IConfiguration configuration){this.configuration = configuration;} // End of the constructor method/// <summary>/// Configure services/// </summary>public void ConfigureServices(IServiceCollection services){// Add the mvc frameworkservices.AddRazorPages();// Set limits for form optionsservices.Configure<FormOptions>(x =>{x.BufferBody = false;x.KeyLengthLimit = 2048; // 2 KiBx.ValueLengthLimit = 4194304; // 32 MiBx.ValueCountLimit = 2048;// 1024x.MultipartHeadersCountLimit = 32; // 16x.MultipartHeadersLengthLimit = 32768; // 16384x.MultipartBoundaryLengthLimit = 256; // 128x.MultipartBodyLengthLimit = 134217728; // 128 MiB});// Create api optionsservices.Configure<FrejaOptions>(configuration.GetSection("FrejaOptions"));// Create clientsservices.AddHttpClient<IFrejaClient, FrejaClient>().ConfigurePrimaryHttpMessageHandler(() =>{HttpClientHandler handler = new HttpClientHandler{AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate,ClientCertificateOptions = ClientCertificateOption.Manual,SslProtocols = SslProtocols.Tls12 | SslProtocols.Tls11,ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => { return true; }};handler.ClientCertificates.Add(new X509Certificate2("C:\\DATA\\home\\Freja\\Certificates\\ANameNotYetTakenAB_1.pfx", "5iTCTp"));return handler;});} // End of the ConfigureServices method/// <summary>/// This method gets called by the runtime. Use this method to configure the HTTP request pipeline./// </summary>public void Configure(IApplicationBuilder app, IWebHostEnvironment env){// Use error handlingif (env.IsDevelopment()){app.UseDeveloperExceptionPage();}else{app.UseStatusCodePagesWithReExecute("/home/error/{0}");}// To get client ip addressapp.UseForwardedHeaders(new ForwardedHeadersOptions{ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto});// Use static filesapp.UseStaticFiles(new StaticFileOptions{OnPrepareResponse = ctx =>{// Cache static files for 30 daysctx.Context.Response.Headers.Add("Cache-Control", "public,max-age=2592000");ctx.Context.Response.Headers.Add("Expires", DateTime.UtcNow.AddDays(30).ToString("R", CultureInfo.InvariantCulture));}});// For most apps, calls to UseAuthentication, UseAuthorization, and UseCors must// appear between the calls to UseRouting and UseEndpoints to be effective.app.UseRouting();// Use authentication and authorization middlewaresapp.UseAuthentication();app.UseAuthorization();// Routing endpointsapp.UseEndpoints(endpoints =>{endpoints.MapControllerRoute("default","{controller=home}/{action=index}/{id?}");});} // End of the Configure method} // End of the class} // End of the namespace
Controller
using System;using System.Text;using System.Threading.Tasks;using System.Security.Cryptography.X509Certificates;using Microsoft.AspNetCore.Http;using Microsoft.AspNetCore.Mvc;using Microsoft.Extensions.Logging;using Annytab.Scripts.Models;namespace Annytab.Scripts.Controllers{public class frejaController : Controller{#region Variablesprivate readonly ILogger logger;private readonly IFrejaClient freja_client;#endregion#region Constructorspublic frejaController(ILogger<frejaController> logger, IFrejaClient freja_client){// Set values for instance variablesthis.logger = logger;this.freja_client = freja_client;} // End of the constructor#endregion#region Post methods[HttpPost][ValidateAntiForgeryToken]public async Task<IActionResult> authentication(IFormCollection collection){// Get form datastring userInfoType = collection["userInfoType"];string userInfo = collection["txtUserInfo"];// Check if email is personal idif(userInfoType == "SSN"){userInfo = Convert.ToBase64String(Encoding.UTF8.GetBytes("{\"ssn\":" + Convert.ToInt64(userInfo) + ", \"country\":\"" + "SE" + "\"}"));}// Authenticate with freja eID v1.0bool success = await this.freja_client.Authenticate(userInfoType, userInfo);if (success == false){return Json(data: new ResponseData(false, "", "Was not able to authenticate you with Freja eID. If you have a Freja eID app with a valid certificate, try again."));}// Return a responsereturn Json(data: new ResponseData(success, "You were successfully authenticated!", null));} // End of the authentication method[HttpPost][ValidateAntiForgeryToken]public async Task<IActionResult> sign(IFormCollection collection){// Create a signatureAnnytab.Scripts.Models.Signature signature = new Annytab.Scripts.Models.Signature();signature.validation_type = "Freja eID v1.0";// Get form datasignature.data = collection["txtSignatureData"];string userInfoType = collection["userInfoType"];string userInfo = collection["txtUserInfo"];// Check if email is personal idif (userInfoType == "SSN"){userInfo = Convert.ToBase64String(Encoding.UTF8.GetBytes("{\"ssn\":" + Convert.ToInt64(userInfo) + ", \"country\":\"" + "SE" + "\"}"));}// Sign with freja eIDbool success = await this.freja_client.Sign(userInfoType, userInfo, signature);if (success == false){return Json(data: new ResponseData(false, "", "The file could not be signed with Freja eID. If you have a Freja eID app with a valid certificate, try again."));}// Return a responsereturn Json(data: new ResponseData(success, "Signature was successfully created!", signature.value, signature.certificate));} // End of the sign method[HttpPost][ValidateAntiForgeryToken]public IActionResult validate(IFormCollection collection){// Create a signatureAnnytab.Scripts.Models.Signature signature = new Annytab.Scripts.Models.Signature();signature.validation_type = "Freja eID v1.0";signature.algorithm = "SHA-256";signature.padding = "Pkcs1";signature.data = collection["txtSignatureData"];signature.value = collection["txtSignatureValue"];signature.certificate = collection["txtSignatureCertificate"];// Validate the signatureSignatureValidationResult result = this.freja_client.Validate(signature);// Set a title and a messagestring title = result.valid == false ? "Invalid Signature" : "Valid Signature";string message = "<b>" + title + "</b><br />" + signature.data + "<br />" + result.signatory + "<br />";message += result.certificate != null ? result.certificate.GetNameInfo(X509NameType.SimpleName, false) + ", " + result.certificate.GetNameInfo(X509NameType.SimpleName, true)+ ", " + result.certificate.NotBefore.ToString("yyyy-MM-dd") + " to "+ result.certificate.NotAfter.ToString("yyyy-MM-dd") : "";// Return a responsereturn Json(data: new ResponseData(result.valid, title, message));} // End of the validate method#endregion} // End of the class} // End of the namespace
HTML and JavaScript
Detta formulär har en filöverföringskontroll som startar signeringsprocessen, dagens datum och filens md5-hash är den data som blir signerad. Personen som vill verifiera eller underteckna en fil måste ange sin e-postadress, telefonnummer eller personnummer (SSN). Signaturen kan också valideras.
<!DOCTYPE html><html><head><title>Freja eID v1.0 Signature</title><style>.annytab-textarea{width:300px;height:100px;}.annytab-textbox {width:300px;}.annytab-form-loading-container {display: none;width: 300px;padding: 20px 0px 20px 0px;text-align: center;}.annytab-basic-loading-text {margin: 20px 0px 0px 0px;font-size: 16px;line-height: 24px;}.annytab-cancel-link {color: #ff0000;cursor: pointer;}</style></head><body style="width:100%;font-family:Arial, Helvetica, sans-serif;"><!-- Container --><div style="display:block;padding:10px;"><!-- Input form --><form id="inputForm"><!-- Hidden data -->@Html.AntiForgeryToken()<div>Select file to sign <span id="loading"></span></div><input id="fuFile" name="fuFile" type="file" onchange="calculateMd5();" class="annytab-textbox" /><br /><br /><div>Signature data</div><textarea id="txtSignatureData" name="txtSignatureData" class="annytab-textarea"></textarea><br /><br /><div>User information type</div><input type="radio" name="userInfoType" value="EMAIL" checked>Email<input type="radio" name="userInfoType" value="PHONE">Phone<input type="radio" name="userInfoType" value="SSN">SSN<br /><br /><div>User information</div><input name="txtUserInfo" type="text" class="annytab-textbox" placeholder="Email, SSN or Phone" value="" /><br /><br /><div>Certificate</div><textarea id="txtSignatureCertificate" name="txtSignatureCertificate" class="annytab-textarea"></textarea><br /><br /><div>Signature value</div><textarea id="txtSignatureValue" name="txtSignatureValue" class="annytab-textarea"></textarea><br /><br /><div class="annytab-form-loading-container"><i class="fas fa-spinner fa-pulse fa-4x fa-fw"></i><div class="annytab-basic-loading-text">Start your Freja eID app on your smartphone or tablet.</div><div class="annytab-basic-loading-text annytab-cancel-link" onclick="cancelSignature()">Cancel</div></div><input type="button" value="Authenticate" class="btn-disablable" onclick="authenticate()" disabled /><input type="button" value="Sign file" class="btn-disablable" onclick="createSignature()" disabled /><input type="button" value="Validate signature" class="btn-disablable" onclick="validateSignature()" disabled /></form></div><!-- Style and scripts --><link href="/css/annytab.notifier.css" rel="stylesheet" /><script src="/js/font-awesome/all.min.js"></script><script src="/js/annytab.effects.js"></script><script src="/js/annytab.notifier.js"></script><script src="/js/crypto/spark-md5.js"></script><script>// Set default focusdocument.querySelector('#fuFile').focus();// Authenticatefunction authenticate(){// Make sure that the request is secure (SSL)if (location.protocol !== 'https:') {annytab.notifier.show('error', 'You need a secure connection (SSL)!');return;}// Show loading animationannytab.effects.fadeIn(document.querySelector('.annytab-form-loading-container'), 500);// Disable buttonsdisableButtons();// Create form datavar fd = new FormData(document.querySelector('#inputForm'));// Post form datapostFormData('/freja/authentication', fd, function (data) {if (data.success === true) {annytab.notifier.show('success', data.id);cancelSignature();}else {annytab.notifier.show('error', data.message);cancelSignature();}}, function (data) {annytab.notifier.show('error', data.message);cancelSignature();});} // End of the authenticate method// Create a signaturefunction createSignature(){// Make sure that the request is secure (SSL)if (location.protocol !== 'https:') {annytab.notifier.show('error', 'You need a secure connection (SSL)!');return;}// Show loading animationannytab.effects.fadeIn(document.querySelector('.annytab-form-loading-container'), 500);// Disable buttonsdisableButtons();// Create form datavar fd = new FormData(document.querySelector('#inputForm'));// Post form datapostFormData('/freja/sign', fd, function (data) {if (data.success === true) {annytab.notifier.show('success', data.id);document.querySelector('#txtSignatureValue').value = data.message;document.querySelector('#txtSignatureCertificate').value = data.url;cancelSignature();}else{annytab.notifier.show('error', data.message);cancelSignature();}}, function (data) {annytab.notifier.show('error', data.message);cancelSignature();});} // End of the createSignature method// Cancel a signaturefunction cancelSignature(){// Hide loading containerannytab.effects.fadeOut(document.querySelector('.annytab-form-loading-container'), 500);// Enable buttonsenableButtons();} // End of the cancelSignature method// Validate signaturefunction validateSignature() {// Disable buttonsdisableButtons();// Create form datavar fd = new FormData(document.querySelector('#inputForm'));// Post form datapostFormData('/freja/validate', fd, function (data) {if (data.success === true) {annytab.notifier.show('success', data.message);}else {annytab.notifier.show('error', data.message);}// Enable buttonsenableButtons();}, function (data) {annytab.notifier.show('error', data.message);// Enable buttonsenableButtons();});} // End of the validateSignature method// Get a hash of a messageasync function getHash(data, algorithm){// Hash datavar hashBuffer = await crypto.subtle.digest(algorithm, new TextEncoder().encode(data));// Convert buffer to byte arrayvar hashArray = Array.from(new Uint8Array(hashBuffer));// Convert bytes to hex stringvar hashHex = hashArray.map(b => b.toString(16).padStart(2, '0')).join('');// Return hash as hex stringreturn hashHex;} // End of the getHash method// #region MD5// Convert Md5 to C# versionfunction convertMd5(str) {return btoa(String.fromCharCode.apply(null,str.replace(/\r|\n/g, "").replace(/([\da-fA-F]{2}) ?/g, "0x$1 ").replace(/ +$/, "").split(" ")));} // End of the convertMd5 method// Calculate a MD5 value of a fileasync function calculateMd5() {// Get the controlsvar data = document.querySelector("#txtSignatureData");var loading = document.querySelector("#loading");// Get the filevar file = document.querySelector("#fuFile").files[0];// Make sure that a file is selectedif (typeof file === 'undefined' || file === null) {return;}// Add a loading animationloading.innerHTML = '- 0 %';// Variablesvar block_size = 4 * 1024 * 1024; // 4 MiBvar offset = 0;// Create a spark objectvar spark = new SparkMD5.ArrayBuffer();var reader = new FileReader();// Create blockswhile (offset < file.size) {// Get the start and end indexesvar start = offset;var end = Math.min(offset + block_size, file.size);await loadToMd5(spark, reader, file.slice(start, end));loading.innerHTML = '- ' + Math.round((offset / file.size) * 100) + ' %';// Modify the offset and increment the indexoffset = end;}// Get todays datevar today = new Date();var dd = String(today.getDate()).padStart(2, '0');var mm = String(today.getMonth() + 1).padStart(2, '0');var yyyy = today.getFullYear();// Output signature datadata.value = yyyy + '-' + mm + '-' + dd + ',' + convertMd5(spark.end());loading.innerHTML = '- 100 %';// Enable buttonsenableButtons();} // End of the calculateMd5 method// Load to md5async function loadToMd5(spark, reader, chunk) {return new Promise((resolve, reject) => {reader.readAsArrayBuffer(chunk);reader.onload = function (e) {resolve(spark.append(e.target.result));};reader.onerror = function () {reject(reader.abort());};});} // End of the loadToMd5 method// #endregion// #region form methods// Post form datafunction postFormData(url, fd, successCallback, errorCallback) {var xhr = new XMLHttpRequest();xhr.open('POST', url, true);xhr.onload = function () {if (xhr.status === 200) {// Get responsevar data = JSON.parse(xhr.response);// Check success statusif (data.success === true) {// Callback successif (successCallback !== null) { successCallback(data); }}else {// Callback errorif (errorCallback !== null) { errorCallback(data); }}}else {// Callback error informationdata = { success: false, id: '', message: xhr.status + " - " + xhr.statusText };if (errorCallback !== null) { errorCallback(data); }}};xhr.onerror = function () {// Callback error informationdata = { success: false, id: '', message: xhr.status + " - " + xhr.statusText };if (errorCallback !== null) { errorCallback(data); }};xhr.send(fd);} // End of the postFormData method// Disable buttonsfunction disableButtons() {var buttons = document.getElementsByClassName('btn-disablable');for (var i = 0; i < buttons.length; i++) {buttons[i].setAttribute('disabled', true);}} // End of the disableButtons method// Enable buttonsfunction enableButtons() {var buttons = document.getElementsByClassName('btn-disablable');for (var i = 0; i < buttons.length; i++) {setTimeout(function (button) { button.removeAttribute('disabled'); }, 1000, buttons[i]);}} // End of the enableButtons method// #endregion</script></body></html>