using System.Security.Cryptography.X509Certificates;
namespace QRBee.Core.Security
{
///
/// All cryptographic primitives are here.
///
public interface ISecurityService
{
// -------------------------- encryption --------------------------
///
/// Sign block of data
///
/// Data to sign
/// Signature
///
byte[] Sign(byte [] data);
///
/// Verify digital signature
///
/// Source data
/// Signature to check
/// Public key certificate to use
///
///
bool Verify(byte [] data, byte [] signature, X509Certificate2 signedBy);
///
/// Encrypt data for the selected client identified by X.509 certificate.
///
/// Clear data to encrypt
/// Certificate of the destination client
/// Encrypted data
///
byte[] Encrypt(byte[] data, X509Certificate2 destCert);
///
/// Decrypt data encrypted for this service
///
/// Binary encrypted data
/// Decrypted data
///
byte[] Decrypt(byte[] data);
// -------------------------- certificate services --------------------------
///
/// Convert binary block to X509Certificate2.
///
///
/// PEM-encoded certificate
///
X509Certificate2 Deserialize(string pemData);
///
/// Convert certificate to PEM-encoded string.
///
///
///
string Serialize(X509Certificate2 cert);
///
/// Get certificate serial number.
///
///
///
string GetSerialNumber(X509Certificate2 cert);
///
/// Check if certificate is valid for this particular service.
/// Note that such certificates will (and should) fail normal cert chain check.
/// Valid certificates issued by different authority will fail the test.
///
/// Certificate to check
/// True is certificate is valid for this service use
bool IsValid(X509Certificate2 destCert);
///
/// Issue client certificate
///
/// Client name (goes to CN=)
/// Client's RSA public key
/// Certificate
X509Certificate2 CreateCertificate(string subjectName, byte[] rsaPublicKey);
}
}