#736 Generate hash and sign/verify data for secrettext values

src/System Application/App/Cryptography Management/src/CryptographyManagement.Codeunit.al

@@ -105,6 +105,17 @@ codeunit 1266 "Cryptography Management"
     begin
     end;
 
+    /// <summary>
+    /// Generates a hash from a string based on the provided hash algorithm.
+    /// </summary>
+    /// <param name="InputString">Input string.</param>
+    /// <param name="HashAlgorithmType">The available hash algorithms include MD5, SHA1, SHA256, SHA384, and SHA512.</param>
+    /// <returns>Hashed value.</returns>
+    procedure GenerateHash(InputString: SecretText; HashAlgorithmType: Option MD5,SHA1,SHA256,SHA384,SHA512): SecretText
+    begin
+        exit(CryptographyManagementImpl.GenerateHash(InputString, HashAlgorithmType));
+    end;
+
     /// <summary>
     /// Generates a hash from a string based on the provided hash algorithm.
     /// </summary>
@@ -132,6 +143,18 @@ codeunit 1266 "Cryptography Management"
     end;
 #endif
 
+    /// <summary>
+    /// Generates a keyed hash from a string based on provided hash algorithm and key.
+    /// </summary>
+    /// <param name="InputString">Input string.</param>
+    /// <param name="Key">Key to use in the hash algorithm.</param>
+    /// <param name="HashAlgorithmType">The available hash algorithms include HMACMD5, HMACSHA1, HMACSHA256, HMACSHA384, and HMACSHA512.</param>
+    /// <returns>Hashed value.</returns>
+    procedure GenerateHash(InputString: SecretText; "Key": SecretText; HashAlgorithmType: Option HMACMD5,HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512): SecretText
+    begin
+        exit(CryptographyManagementImpl.GenerateHash(InputString, Key, HashAlgorithmType));
+    end;
+
     /// <summary>
     /// Generates a keyed hash from a string based on provided hash algorithm and key.
     /// </summary>
@@ -155,6 +178,17 @@ codeunit 1266 "Cryptography Management"
         exit(CryptographyManagementImpl.GenerateHash(InputInStream, HashAlgorithmType));
     end;
 
+    /// <summary>
+    /// Generates a base64 encoded hash from a string based on provided hash algorithm.
+    /// </summary>
+    /// <param name="InputString">Input string.</param>
+    /// <param name="HashAlgorithmType">The available hash algorithms include MD5, SHA1, SHA256, SHA384, and SHA512.</param>
+    /// <returns>Base64 hashed value.</returns>
+    procedure GenerateHashAsBase64String(InputString: SecretText; HashAlgorithmType: Option MD5,SHA1,SHA256,SHA384,SHA512): SecretText
+    begin
+        exit(CryptographyManagementImpl.GenerateHashAsBase64String(InputString, HashAlgorithmType));
+    end;
+
     /// <summary>
     /// Generates a base64 encoded hash from a string based on provided hash algorithm.
     /// </summary>
@@ -182,6 +216,18 @@ codeunit 1266 "Cryptography Management"
     end;
 #endif
 
+    /// <summary>
+    /// Generates a keyed base64 encoded hash from a string based on provided hash algorithm and key.
+    /// </summary>
+    /// <param name="InputString">Input string.</param>
+    /// <param name="Key">Key to use in the hash algorithm.</param>
+    /// <param name="HashAlgorithmType">The available hash algorithms include HMACMD5, HMACSHA1, HMACSHA256, HMACSHA384, and HMACSHA512.</param>
+    /// <returns>Base64 hashed value.</returns>
+    procedure GenerateHashAsBase64String(InputString: SecretText; "Key": SecretText; HashAlgorithmType: Option HMACMD5,HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512): SecretText
+    begin
+        exit(CryptographyManagementImpl.GenerateHashAsBase64String(InputString, Key, HashAlgorithmType));
+    end;
+
     /// <summary>
     /// Generates a keyed base64 encoded hash from a string based on provided hash algorithm and key.
     /// </summary>
@@ -210,6 +256,18 @@ codeunit 1266 "Cryptography Management"
     end;
 #endif
 
+    /// <summary>
+    /// Generates keyed base64 encoded hash from provided string based on provided hash algorithm and base64 key.
+    /// </summary>
+    /// <param name="InputString">Input string.</param>
+    /// <param name="Key">Key to use in the hash algorithm.</param>
+    /// <param name="HashAlgorithmType">The available hash algorithms include HMACMD5, HMACSHA1, HMACSHA256, HMACSHA384, and HMACSHA512.</param>
+    /// <returns>Base64 hashed value.</returns>
+    procedure GenerateBase64KeyedHashAsBase64String(InputString: SecretText; "Key": SecretText; HashAlgorithmType: Option HMACMD5,HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512): SecretText
+    begin
+        exit(CryptographyManagementImpl.GenerateBase64KeyedHashAsBase64String(InputString, Key, HashAlgorithmType));
+    end;
+
     /// <summary>
     /// Generates keyed base64 encoded hash from provided string based on provided hash algorithm and base64 key.
     /// </summary>
@@ -238,6 +296,18 @@ codeunit 1266 "Cryptography Management"
     end;
 #endif
 
+    /// <summary>
+    /// Generates keyed base64 encoded hash from provided string based on provided hash algorithm and base64 key.
+    /// </summary>
+    /// <param name="InputString">Input string.</param>
+    /// <param name="Key">Key to use in the hash algorithm.</param>
+    /// <param name="HashAlgorithmType">The available hash algorithms include HMACMD5, HMACSHA1, HMACSHA256, HMACSHA384, and HMACSHA512.</param>
+    /// <returns>Hashed value.</returns>
+    procedure GenerateBase64KeyedHash(InputString: SecretText; "Key": SecretText; HashAlgorithmType: Option HMACMD5,HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512): SecretText
+    begin
+        exit(CryptographyManagementImpl.GenerateBase64KeyedHash(InputString, Key, HashAlgorithmType));
+    end;
+
     /// <summary>
     /// Generates keyed base64 encoded hash from provided string based on provided hash algorithm and base64 key.
     /// </summary>
@@ -278,6 +348,18 @@ codeunit 1266 "Cryptography Management"
         CryptographyManagementImpl.SignData(InputString, XmlString, HashAlgorithm, SignatureOutStream);
     end;
 
+    /// <summary>
+    /// Computes the hash value of the specified string and signs it.
+    /// </summary>
+    /// <param name="InputString">Input string for signing.</param>
+    /// <param name="XmlString">The private key to use in the hash algorithm.</param>
+    /// <param name="HashAlgorithm">The available hash algorithms are MD5, SHA1, SHA256, SHA384, and SHA512.</param>
+    /// <param name="SignatureOutStream">The stream to write the signature for the specified string.</param>
+    procedure SignData(InputString: SecretText; XmlString: SecretText; HashAlgorithm: Enum "Hash Algorithm"; SignatureOutStream: OutStream)
+    begin
+        CryptographyManagementImpl.SignData(InputString, XmlString, HashAlgorithm, SignatureOutStream);
+    end;
+
 #if not CLEAN24
     /// <summary>
     /// Computes the hash value of the specified data and signs it.
@@ -306,6 +388,18 @@ codeunit 1266 "Cryptography Management"
         CryptographyManagementImpl.SignData(DataInStream, XmlString, HashAlgorithm, SignatureOutStream);
     end;
 
+    /// <summary>
+    /// Computes the hash value of the specified string and signs it.
+    /// </summary>
+    /// <param name="InputString">Input string for signing.</param>
+    /// <param name="SignatureKey">The private key to use in the hash algorithm.</param>
+    /// <param name="HashAlgorithm">The available hash algorithms are MD5, SHA1, SHA256, SHA384, and SHA512.</param>
+    /// <param name="SignatureOutStream">The stream to write the signature for the specified string.</param>
+    procedure SignData(InputString: SecretText; SignatureKey: Codeunit "Signature Key"; HashAlgorithm: Enum "Hash Algorithm"; SignatureOutStream: OutStream)
+    begin
+        CryptographyManagementImpl.SignData(InputString, SignatureKey, HashAlgorithm, SignatureOutStream);
+    end;
+
     /// <summary>
     /// Computes the hash value of the specified string and signs it.
     /// </summary>
@@ -343,6 +437,19 @@ codeunit 1266 "Cryptography Management"
         CryptographyManagementImpl.SignData(InputString, XmlString, HashAlgorithm, RSASignaturePadding, SignatureOutStream);
     end;
 
+    /// <summary>
+    /// Verifies that a digital signature is valid.
+    /// </summary>
+    /// <param name="InputString">Input string.</param>
+    /// <param name="XmlString">The public key to use in the hash algorithm.</param>
+    /// <param name="HashAlgorithm">The available hash algorithms are MD5, SHA1, SHA256, SHA384, and SHA512.</param>
+    /// <param name="SignatureInStream">The stream of signature.</param>
+    /// <returns>True if the signature is valid; otherwise, false.</returns>
+    procedure VerifyData(InputString: SecretText; XmlString: Text; HashAlgorithm: Enum "Hash Algorithm"; SignatureInStream: InStream): Boolean
+    begin
+        exit(CryptographyManagementImpl.VerifyData(InputString, XmlString, HashAlgorithm, SignatureInStream));
+    end;
+
     /// <summary>
     /// Verifies that a digital signature is valid.
     /// </summary>
@@ -369,6 +476,19 @@ codeunit 1266 "Cryptography Management"
         exit(CryptographyManagementImpl.VerifyData(DataInStream, XmlString, HashAlgorithm, SignatureInStream));
     end;
 
+    /// <summary>
+    /// Verifies that a digital signature is valid.
+    /// </summary>
+    /// <param name="InputString">Input string.</param>
+    /// <param name="SignatureKey">The private key to use in the hash algorithm.</param>
+    /// <param name="HashAlgorithm">The available hash algorithms are MD5, SHA1, SHA256, SHA384, and SHA512.</param>
+    /// <param name="SignatureInStream">The stream of signature.</param>
+    /// <returns>True if the signature is valid; otherwise, false.</returns>
+    procedure VerifyData(InputString: SecretText; SignatureKey: Codeunit "Signature Key"; HashAlgorithm: Enum "Hash Algorithm"; SignatureInStream: InStream): Boolean
+    begin
+        exit(CryptographyManagementImpl.VerifyData(InputString, SignatureKey, HashAlgorithm, SignatureInStream));
+    end;
+
     /// <summary>
     /// Verifies that a digital signature is valid.
     /// </summary>

src/System Application/App/Cryptography Management/src/CryptographyManagementImpl.Codeunit.al

@@ -242,6 +242,15 @@ codeunit 1279 "Cryptography Management Impl."
         exit(ConvertByteHashToString(HashBytes));
     end;
 
+    procedure GenerateHash(InputString: SecretText; HashAlgorithmType: Option MD5,SHA1,SHA256,SHA384,SHA512): SecretText
+    var
+        HashBytes: DotNet Array;
+    begin
+        if not GenerateHashBytes(HashBytes, InputString, HashAlgorithmType) then
+            exit;
+        exit(ConvertByteHashToString(HashBytes));
+    end;
+
     procedure GenerateHashAsBase64String(InputString: Text; HashAlgorithmType: Option MD5,SHA1,SHA256,SHA384,SHA512): Text
     var
         HashBytes: DotNet Array;
@@ -251,11 +260,21 @@ codeunit 1279 "Cryptography Management Impl."
         exit(ConvertByteHashToBase64String(HashBytes));
     end;
 
-    local procedure GenerateHashBytes(var HashBytes: DotNet Array; InputString: Text; HashAlgorithmType: Option MD5,SHA1,SHA256,SHA384,SHA512): Boolean
+    procedure GenerateHashAsBase64String(InputString: SecretText; HashAlgorithmType: Option MD5,SHA1,SHA256,SHA384,SHA512): SecretText
+    var
+        HashBytes: DotNet Array;
+    begin
+        if not GenerateHashBytes(HashBytes, InputString, HashAlgorithmType) then
+            exit;
+        exit(ConvertByteHashToBase64String(HashBytes));
+    end;
+
+    [NonDebuggable]
+    local procedure GenerateHashBytes(var HashBytes: DotNet Array; InputString: SecretText; HashAlgorithmType: Option MD5,SHA1,SHA256,SHA384,SHA512): Boolean
     var
         Encoding: DotNet Encoding;
     begin
-        if not TryGenerateHash(HashBytes, Encoding.UTF8().GetBytes(InputString), Format(HashAlgorithmType)) then
+        if not TryGenerateHash(HashBytes, Encoding.UTF8().GetBytes(InputString.Unwrap()), Format(HashAlgorithmType)) then
             Error(GetLastErrorText());
         exit(true);
     end;
@@ -281,6 +300,17 @@ codeunit 1279 "Cryptography Management Impl."
         exit(ConvertByteHashToString(HashBytes));
     end;
 
+    [NonDebuggable]
+    procedure GenerateHash(InputString: SecretText; "Key": SecretText; HashAlgorithmType: Option HMACMD5,HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512): SecretText
+    var
+        HashBytes: DotNet Array;
+        Encoding: DotNet Encoding;
+    begin
+        if not GenerateKeyedHashBytes(HashBytes, InputString, Encoding.UTF8().GetBytes(Key.Unwrap()), HashAlgorithmType) then
+            exit;
+        exit(ConvertByteHashToString(HashBytes));
+    end;
+
     [NonDebuggable]
     procedure GenerateHashAsBase64String(InputString: Text; "Key": SecretText; HashAlgorithmType: Option HMACMD5,HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512): Text
     var
@@ -292,6 +322,17 @@ codeunit 1279 "Cryptography Management Impl."
         exit(ConvertByteHashToBase64String(HashBytes));
     end;
 
+    [NonDebuggable]
+    procedure GenerateHashAsBase64String(InputString: SecretText; "Key": SecretText; HashAlgorithmType: Option HMACMD5,HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512): SecretText
+    var
+        HashBytes: DotNet Array;
+        Encoding: DotNet Encoding;
+    begin
+        if not GenerateKeyedHashBytes(HashBytes, InputString, Encoding.UTF8().GetBytes(Key.Unwrap()), HashAlgorithmType) then
+            exit;
+        exit(ConvertByteHashToBase64String(HashBytes));
+    end;
+
     [NonDebuggable]
     procedure GenerateBase64KeyedHashAsBase64String(InputString: Text; "Key": SecretText; HashAlgorithmType: Option HMACMD5,HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512): Text
     var
@@ -303,11 +344,23 @@ codeunit 1279 "Cryptography Management Impl."
         exit(ConvertByteHashToBase64String(HashBytes));
     end;
 
-    local procedure GenerateKeyedHashBytes(var HashBytes: DotNet Array; InputString: Text; "Key": DotNet Array; HashAlgorithmType: Option HMACMD5,HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512): Boolean
+    [NonDebuggable]
+    procedure GenerateBase64KeyedHashAsBase64String(InputString: SecretText; "Key": SecretText; HashAlgorithmType: Option HMACMD5,HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512): SecretText
+    var
+        HashBytes: DotNet Array;
+        Convert: DotNet Convert;
+    begin
+        if not GenerateKeyedHashBytes(HashBytes, InputString, Convert.FromBase64String(Key.Unwrap()), HashAlgorithmType) then
+            exit;
+        exit(ConvertByteHashToBase64String(HashBytes));
+    end;
+
+    [NonDebuggable]
+    local procedure GenerateKeyedHashBytes(var HashBytes: DotNet Array; InputString: SecretText; "Key": DotNet Array; HashAlgorithmType: Option HMACMD5,HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512): Boolean
     begin
-        if (InputString = '') or (Key.Length() = 0) then
+        if InputString.IsEmpty() or (Key.Length() = 0) then
             exit(false);
-        if not TryGenerateKeyedHash(HashBytes, InputString, Key, Format(HashAlgorithmType)) then
+        if not TryGenerateKeyedHash(HashBytes, InputString.Unwrap(), Key, Format(HashAlgorithmType)) then
             Error(GetLastErrorText());
         exit(true);
     end;
@@ -370,20 +423,45 @@ codeunit 1279 "Cryptography Management Impl."
         exit(ConvertByteHashToString(HashBytes));
     end;
 
-    procedure SignData(InputString: Text; XmlString: SecretText; HashAlgorithm: Enum "Hash Algorithm"; SignatureOutStream: OutStream)
+    [NonDebuggable]
+    procedure GenerateBase64KeyedHash(InputString: SecretText; "Key": SecretText; HashAlgorithmType: Option HMACMD5,HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512): SecretText
+    var
+        HashBytes: DotNet Array;
+        Convert: DotNet Convert;
+    begin
+        if not GenerateKeyedHashBytes(HashBytes, InputString, Convert.FromBase64String(Key.Unwrap()), HashAlgorithmType) then
+            exit;
+        exit(ConvertByteHashToString(HashBytes));
+    end;
+
+    [NonDebuggable]
+    procedure SignData(InputString: SecretText; XmlString: SecretText; HashAlgorithm: Enum "Hash Algorithm"; SignatureOutStream: OutStream)
     var
         TempBlob: Codeunit "Temp Blob";
         DataOutStream: OutStream;
         DataInStream: InStream;
     begin
-        if InputString = '' then
+        if InputString.IsEmpty() then
             exit;
         TempBlob.CreateOutStream(DataOutStream, TextEncoding::UTF8);
         TempBlob.CreateInStream(DataInStream, TextEncoding::UTF8);
-        DataOutStream.WriteText(InputString);
+        DataOutStream.WriteText(InputString.Unwrap());
         SignData(DataInStream, XmlString, HashAlgorithm, SignatureOutStream);
     end;
 
+    procedure SignData(InputString: SecretText; SignatureKey: Codeunit "Signature Key"; HashAlgorithm: Enum "Hash Algorithm"; SignatureOutStream: OutStream)
+    begin
+        SignData(InputString, SignatureKey.ToXmlString(), HashAlgorithm, SignatureOutStream);
+    end;
+
+    procedure SignData(InputString: Text; XmlString: SecretText; HashAlgorithm: Enum "Hash Algorithm"; SignatureOutStream: OutStream)
+    var
+        InputStringSecretText: SecretText;
+    begin
+        InputStringSecretText := InputString;
+        SignData(InputStringSecretText, XmlString, HashAlgorithm, SignatureOutStream);
+    end;
+
     procedure SignData(InputString: Text; SignatureKey: Codeunit "Signature Key"; HashAlgorithm: Enum "Hash Algorithm"; SignatureOutStream: OutStream)
     begin
         SignData(InputString, SignatureKey.ToXmlString(), HashAlgorithm, SignatureOutStream);
@@ -430,20 +508,34 @@ codeunit 1279 "Cryptography Management Impl."
         RSAImpl.SignData(XmlString, DataInStream, HashAlgorithm, RSASignaturePadding, SignatureOutStream);
     end;
 
-    procedure VerifyData(InputString: Text; XmlString: SecretText; HashAlgorithm: Enum "Hash Algorithm"; SignatureInStream: InStream): Boolean
+    [NonDebuggable]
+    procedure VerifyData(InputString: SecretText; XmlString: SecretText; HashAlgorithm: Enum "Hash Algorithm"; SignatureInStream: InStream): Boolean
     var
         TempBlob: Codeunit "Temp Blob";
         DataOutStream: OutStream;
         DataInStream: InStream;
     begin
-        if InputString = '' then
+        if InputString.IsEmpty() then
             exit(false);
         TempBlob.CreateOutStream(DataOutStream, TextEncoding::UTF8);
         TempBlob.CreateInStream(DataInStream, TextEncoding::UTF8);
-        DataOutStream.WriteText(InputString);
+        DataOutStream.WriteText(InputString.Unwrap());
         exit(VerifyData(DataInStream, XmlString, HashAlgorithm, SignatureInStream));
     end;
 
+    procedure VerifyData(InputString: SecretText; SignatureKey: Codeunit "Signature Key"; HashAlgorithm: Enum "Hash Algorithm"; SignatureInStream: InStream): Boolean
+    begin
+        exit(VerifyData(InputString, SignatureKey.ToXmlString(), HashAlgorithm, SignatureInStream));
+    end;
+
+    procedure VerifyData(InputString: Text; XmlString: SecretText; HashAlgorithm: Enum "Hash Algorithm"; SignatureInStream: InStream): Boolean
+    var
+        InputStringSecretText: SecretText;
+    begin
+        InputStringSecretText := InputString;
+        exit(VerifyData(InputStringSecretText, XmlString, HashAlgorithm, SignatureInStream));
+    end;
+
     procedure VerifyData(InputString: Text; SignatureKey: Codeunit "Signature Key"; HashAlgorithm: Enum "Hash Algorithm"; SignatureInStream: InStream): Boolean
     begin
         exit(VerifyData(InputString, SignatureKey.ToXmlString(), HashAlgorithm, SignatureInStream));