Created
May 4, 2023 17:20
-
-
Save jeffdonthemic/8c0b266c1ee0501181fc89493ed97198 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public with sharing class EncryptionService { | |
| // Keys are here for testing purposes. NEVER DO THIS!!! | |
| // Use an approved secrets management solution like Shield Platform Encryption | |
| public static final Blob PRIVATE_KEY = EncodingUtil.base64Decode( | |
| 'IMAGE-A-LOT-MORE-LINES-HERE\n' + | |
| 'MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCS7LXFvLFELXwy\n' + | |
| 'UVKIYJEI3j/7b4HUIOJ1IU1la1g2Vr5SKPn+GziMFhFcBjx6LlJxAkJQlOgBOnkO\n' + | |
| 'cHC3etOoAsrrRh4LPzZ6CXQeSRjilQnzaCdq2CIu+f8UqVWbwPtb3K/aQAX905Ck\n' + | |
| 'qC9DNbUBwQx01n161Nm6Wsg=' | |
| ); | |
| public static final Blob PUBLIC_KEY = EncodingUtil.base64Decode( | |
| 'IMAGE-A-LOT-MORE-LINES-HERE\n' + | |
| 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkuy1xbyxRC18MvA8lo2/\n' + | |
| 'poqRQoQFHOz46ve8IDOVjofzPh7EergYj8XcjCquBH1uep3uzyXZyl34Zq2Cu+38\n' + | |
| 'gwIDAQAB' | |
| ); | |
| // verify a signature generated by node/ruby | |
| public static void testVerify(String data, String thirdPartySignature) { | |
| Blob dataToSign = Blob.valueOf(data); | |
| Blob signature = EncodingUtil.base64Decode(thirdPartySignature); | |
| try { | |
| EncryptionService.verify(signature, dataToSign); | |
| System.debug('Signature verified successfully!'); | |
| } catch (Exception ce) { | |
| System.debug(ce.getMessage()); | |
| } | |
| } | |
| // sign a string and then verify it | |
| public static void testSignAndVerify(String data) { | |
| Blob dataToSign = Blob.valueOf(data); | |
| try { | |
| Blob signature = EncryptionService.sign(dataToSign); | |
| System.debug(EncodingUtil.base64Encode(signature)); | |
| EncryptionService.verify(signature, dataToSign); | |
| System.debug('Signature verified successfully!'); | |
| } catch (Exception ce) { | |
| System.debug(ce.getMessage()); | |
| } | |
| } | |
| /** | |
| * @description Generates one-way Digital Signature (encrypted with an asymmetric key) that can be checked in destination to ensure integrity, authenticity and non-repudiation. | |
| * @param dataToSign Blob that contains some data to sign | |
| * @return Blob | |
| * @example | |
| * Blob dataToSign = Blob.valueOf('Test data'); | |
| * Blob signature = EncryptionService.sign(dataToSign); | |
| * System.debug(EncodingUtil.base64Encode(signature)); | |
| **/ | |
| public static Blob sign(Blob dataToSign) { | |
| // Call Crypto.sign specifying the selected algorithm | |
| return Crypto.sign('RSA-SHA512', dataToSign, PRIVATE_KEY); | |
| } | |
| /** | |
| * @description Recomputes Digital Signature for and compares it with the received one, throwing an exception if they're not equal. | |
| * @param signature Blob that contains the received signature | |
| * @param dataToCheck Blob that contains the data to check the signature for | |
| * @return void | |
| * @example | |
| * try { | |
| * EncryptionService.verify(signature, corruptedData); | |
| * } catch(Exception e) { | |
| * // Should log exception | |
| * System.debug(e.getMessage()); | |
| * } | |
| **/ | |
| public static void verify(Blob signature, Blob dataToCheck) { | |
| Boolean correct = Crypto.verify('RSA-SHA512', dataToCheck, signature, PUBLIC_KEY ); | |
| if (!correct) { | |
| throw new CryptographicException('Doh! Signatures are not equal.'); | |
| } | |
| } | |
| /** | |
| * @description Internal custom exception class | |
| */ | |
| public class CryptographicException extends Exception { | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment