Letterbook.NSign.Client
0.19.1
dotnet add package Letterbook.NSign.Client --version 0.19.1
NuGet\Install-Package Letterbook.NSign.Client -Version 0.19.1
<PackageReference Include="Letterbook.NSign.Client" Version="0.19.1" />
paket add Letterbook.NSign.Client --version 0.19.1
#r "nuget: Letterbook.NSign.Client, 0.19.1"
// Install Letterbook.NSign.Client as a Cake Addin #addin nuget:?package=Letterbook.NSign.Client&version=0.19.1 // Install Letterbook.NSign.Client as a Cake Tool #tool nuget:?package=Letterbook.NSign.Client&version=0.19.1
NSign.Client
Middleware/handlers for the HttpClient class from the System.Net.Http namespace to help with signing of outgoing
HTTP requests and verification of signatures on incoming HTTP responses.
Usage
Signing outgoing request messages
To have outgoing request messages signed, configure the middleware/handlers on an HttpClient as in the following
example. Please don't forget to adapt mandatory and optional signature components as well as signature parameters to
your use case.
services
.ConfigureMessageSigningOptions(options =>
{
options.SignatureName = "mysig";
options
.WithMandatoryComponent(SignatureComponent.Method)
.WithMandatoryComponent(SignatureComponent.RequestTargetUri)
.WithMandatoryComponent(SignatureComponent.Scheme)
.WithMandatoryComponent(SignatureComponent.Query)
.WithMandatoryComponent(SignatureComponent.Digest)
.WithMandatoryComponent(SignatureComponent.ContentType)
.WithOptionalComponent(SignatureComponent.ContentLength)
.SetParameters = (signatureParams) =>
{
signatureParams
.WithCreatedNow()
.WithExpires(TimeSpan.FromMinutes(5))
.WithNonce(Guid.NewGuid().ToString("N"))
.WithTag("my-signature")
;
};
})
.AddHttpClient<IMyService, MyServiceImpl>("MyService")
.AddSigningHandler()
;
You will also need to configure a signature provider that actually signs the requests. See
NSign.SignatureProviders for currently available standard
implemenations. It is important to register the signature provider through the ISigner interface, for instance:
services
.AddSingleton<ISigner>(new RsaPssSha512SignatureProvider(
new X509Certificate2(@"path\to\certificate.pfx", "PasswordForPfx"),
"my-cert"))
;
NOTE: The signature provider must have access to the private key when asymmetric signatures are used. It must have access to the shared key when symmetric signatures are used.
Verifying signatures on response messages
To have incoming response messages' signatures verified, configure the middleware/handlers on an HttpClient as in the
following example. Please don't forget to adapt required signature components as well as signature parameters to your
use case. Also make sure that the TagsToVerify is updated to include the tags used by the remote service to identify
its signatures.
services
.Configure<SignatureVerificationOptions>((options) =>
{
options.TagsToVerify.Add("remote-service-signature");
options.RequiredSignatureComponents.Add(SignatureComponent.Status));
options.RequiredSignatureComponents.Add(SignatureComponent.RequestTargetUri));
options.RequiredSignatureComponents.Add(SignatureComponent.ContentType));
options.CreatedRequired =
options.ExpiresRequired =
options.KeyIdRequired =
options.AlgorithmRequired =
options.TagRequired = true;
options.MaxSignatureAge = TimeSpan.FromMinutes(5);
})
.AddHttpClient<IMyService, MyServiceImpl>("MyService")
.AddSignatureVerificationHandler()
;
You will also need to configure a signature provider that actually verifies signatures on the responses. See
NSign.SignatureProviders for currently available standard
implemenations. It is important to register the signature provider through the IVerifier interface, for instance:
services
.AddSingleton<IVerifier>(new RsaPssSha512SignatureProvider(
new X509Certificate2(@"path\to\certificate.cer"),
"my-cert"))
;
NOTE: The signature provider only requires access to the public key when asymmetric signatures are used. It must have access to the shared key when symmetric signatures are used.
Further Information
See also:
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net5.0 was computed. net5.0-windows was computed. net6.0 was computed. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
| .NET Core | netcoreapp3.0 was computed. netcoreapp3.1 was computed. |
| .NET Standard | netstandard2.1 is compatible. |
| MonoAndroid | monoandroid was computed. |
| MonoMac | monomac was computed. |
| MonoTouch | monotouch was computed. |
| Tizen | tizen60 was computed. |
| Xamarin.iOS | xamarinios was computed. |
| Xamarin.Mac | xamarinmac was computed. |
| Xamarin.TVOS | xamarintvos was computed. |
| Xamarin.WatchOS | xamarinwatchos was computed. |
-
.NETStandard 2.1
- Letterbook.NSign.Abstractions (>= 0.19.1)
- Microsoft.Extensions.Http (>= 6.0.0)
- Microsoft.Extensions.Logging.Abstractions (>= 6.0.4)
- Microsoft.Extensions.Options (>= 6.0.0)
- StructuredFieldValues (>= 0.5.3)
- System.Collections.Immutable (>= 6.0.0)
- System.IO.Pipelines (>= 6.0.3)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
| Version | Downloads | Last updated |
|---|---|---|
| 0.19.1 | 287 | 10/23/2023 |