Refactor cryptographic settings for thread safety

Moved cryptographic settings (`SignatureAlgorithm`, `SignaturePadding`) from the static `CredentialSettings` class to instance-level properties in the `Credential` class, ensuring thread safety and better encapsulation.

Updated `SignData` and `VerifyData` methods in `Credential` and `PrivateKey` to use instance-specific parameters. Modified `ConfigureAlgorithmForInvoicing` and `ConfigureAlgorithmForXmlDownloader` to return `ICredential` for a fluent interface.

Enhanced `ICredential` and `IPrivateKey` interfaces to support the new design. Removed unused code and updated XML documentation. Incremented version to 4.0.340.

Author: mendozagit

Common/CredentialSettings.cs

@@ -1,23 +1,9 @@
-using System.Security.Cryptography;
-
+
 namespace Fiscalapi.Credentials.Common;
 
 public static class CredentialSettings
 {
-    /// <summary>
-    /// Default algorithm to sing mexican invoicing 
-    /// </summary>
-    public static HashAlgorithmName SignatureAlgorithm { get; set; } = HashAlgorithmName.SHA1;
-
-    /// <summary>
-    /// Default signature padding
-    /// </summary>
-    public static RSASignaturePadding SignaturePadding { get; set; } = RSASignaturePadding.Pkcs1;
-
-    /// <summary>
-    /// Default algorithm to digest SAT services
-    /// </summary>
-    public static HashAlgorithm HashAlgorithm { get; set; } = SHA1.Create();
+    //Algoritmos ahora son parte de la instancia (thread-safe)
 
     /// <summary>
     /// Path of the CadenaOriginal.xslt file to do XML data transformation using an XSLT stylesheet.

Core/Credential.cs

@@ -28,6 +28,12 @@ public Credential(ICertificate certificate, IPrivateKey privateKey)
         PemPrivateKey = privateKey.GetPemRepresentation();
 
         certificateWithPrivateKey = X509Certificate2.CreateFromPem(PemCertificate, PemPrivateKey);
+        
+        // Default algorithm is SHA256 (for invoicing)
+        SignatureAlgorithm = HashAlgorithmName.SHA256;
+        
+        // Default padding is Pkcs1 (used for both invoicing and XML downloader)
+        SignaturePadding = RSASignaturePadding.Pkcs1;
     }
 
     /// <summary>
@@ -50,6 +56,16 @@ public Credential(ICertificate certificate, IPrivateKey privateKey)
 
     public string PemPrivateKey { get; }
 
+    /// <summary>
+    /// Signature algorithm used for signing data. Default is SHA256 (for invoicing).
+    /// </summary>
+    public HashAlgorithmName SignatureAlgorithm { get; set; }
+
+    /// <summary>
+    /// Signature padding used for signing data. Default is Pkcs1 (used for both invoicing and XML downloader).
+    /// </summary>
+    public RSASignaturePadding SignaturePadding { get; set; }
+
     public byte[] CreatePFX()
     {
         var pfxBytes = certificateWithPrivateKey.Export(X509ContentType.Pfx, PasswordPhrase);
@@ -72,11 +88,10 @@ private string GetPrivateKeyPemRepresentation()
     /// </summary>
     /// <param name="toSign">string to be signed</param>
     /// <returns>signed bytes</returns>
-    /// see CredentialSettings class to see signature parameters
     public byte[] SignData(string toSign)
     {
         //Sing and get signed bytes array
-        var signedBytes = PrivateKey.SignData(toSign);
+        var signedBytes = PrivateKey.SignData(toSign, SignatureAlgorithm, SignaturePadding);
 
         return signedBytes;
     }
@@ -89,7 +104,7 @@ public byte[] SignData(string toSign)
     /// <returns>True when the signature is valid, otherwise false</returns>
     public bool VerifyData(byte[] dataToVerify, byte[] signedData)
     {
-        var isValid = PrivateKey.VerifyData(dataToVerify, signedData);
+        var isValid = PrivateKey.VerifyData(dataToVerify, signedData, SignatureAlgorithm, SignaturePadding);
 
         return isValid;
     }
@@ -212,19 +227,21 @@ public string GetOriginalStringByXmlString(string xmlAsString)
 
     /// <summary>
     /// Configure the Signature algorithm to do invoicing, using the donetcfdi/invoicing library.
-    /// The default value is HashAlgorithmName.SHA1 (used for downloading xml), call ConfigureAlgorithmForInvoicing() methost to set HashAlgorithmName.SHA256 when you need to sign invoices. 
+    /// Sets HashAlgorithmName.SHA256 for signing invoices. Returns this for fluent interface.
     /// </summary>
-    public void ConfigureAlgorithmForInvoicing()
+    public ICredential ConfigureAlgorithmForInvoicing()
     {
-        CredentialSettings.SignatureAlgorithm = HashAlgorithmName.SHA256;
+        SignatureAlgorithm = HashAlgorithmName.SHA256;
+        return this;
     }
 
     /// <summary>
     /// Configure the Signature algorithm to do xml-downloader, using the donetcfdi/xml-downloader library.
-    /// The default value is HashAlgorithmName.SHA1 (used for downloading xml), call ConfigureAlgorithmForXmlDownloader() method to set HashAlgorithmName.SHA1 when you need to download xml. 
+    /// Sets HashAlgorithmName.SHA1 for downloading xml. Returns this for fluent interface.
     /// </summary>
-    public void ConfigureAlgorithmForXmlDownloader()
+    public ICredential ConfigureAlgorithmForXmlDownloader()
     {
-        CredentialSettings.SignatureAlgorithm = HashAlgorithmName.SHA1;
+        SignatureAlgorithm = HashAlgorithmName.SHA1;
+        return this;
     }
 }

Core/ICredential.cs

@@ -1,4 +1,5 @@
-using Fiscalapi.Credentials.Common;
+using System.Security.Cryptography;
+using Fiscalapi.Credentials.Common;
 
 namespace Fiscalapi.Credentials.Core;
 
@@ -27,6 +28,16 @@ public interface ICredential
     /// </summary>
     CredentialType CredentialType { get; }
 
+    /// <summary>
+    /// Signature algorithm used for signing data. Default is SHA256 (for invoicing).
+    /// </summary>
+    HashAlgorithmName SignatureAlgorithm { get; set; }
+
+    /// <summary>
+    /// Signature padding used for signing data. Default is Pkcs1 (used for both invoicing and XML downloader).
+    /// </summary>
+    RSASignaturePadding SignaturePadding { get; set; }
+
     byte[] CreatePFX();
 
     /// <summary>
@@ -87,13 +98,13 @@ public interface ICredential
 
     /// <summary>
     /// Configure the Signature algorithm to do invoicing, using the donetcfdi/invoicing library.
-    /// The default value is HashAlgorithmName.SHA1 (used for downloading xml), call ConfigureAlgorithmForInvoicing() methost to set HashAlgorithmName.SHA256 when you need to sign invoices. 
+    /// Sets HashAlgorithmName.SHA256 for signing invoices. Returns this for fluent interface.
     /// </summary>
-    public void ConfigureAlgorithmForInvoicing();
+    public ICredential ConfigureAlgorithmForInvoicing();
 
     /// <summary>
     /// Configure the Signature algorithm to do xml-downloader, using the donetcfdi/xml-downloader library.
-    /// The default value is HashAlgorithmName.SHA1 (used for downloading xml), call ConfigureAlgorithmForXmlDownloader() method to set HashAlgorithmName.SHA1 when you need to download xml. 
+    /// Sets HashAlgorithmName.SHA1 for downloading xml. Returns this for fluent interface.
     /// </summary>
-    public void ConfigureAlgorithmForXmlDownloader();
+    public ICredential ConfigureAlgorithmForXmlDownloader();
 }

Core/IPrivateKey.cs

@@ -42,15 +42,18 @@ public interface IPrivateKey
     /// Sign some data
     /// </summary>
     /// <param name="toSign">string to be signed</param>
+    /// <param name="algorithm">Hash algorithm to use for signing</param>
+    /// <param name="padding">Signature padding to use</param>
     /// <returns>signed bytes</returns>
-    /// see CredentialSettings class
-    byte[] SignData(string toSign);
+    byte[] SignData(string toSign, HashAlgorithmName algorithm, RSASignaturePadding padding);
 
     /// <summary>
     /// Verify the signature of some data
     /// </summary>
     /// <param name="dataToVerify">original data in bytes</param>
     /// <param name="signedData">signed data in bytes</param>
+    /// <param name="algorithm">Hash algorithm to use for verification</param>
+    /// <param name="padding">Signature padding to use</param>
     /// <returns>True when the signature is valid, otherwise false</returns>
-    bool VerifyData(byte[] dataToVerify, byte[] signedData);
+    bool VerifyData(byte[] dataToVerify, byte[] signedData, HashAlgorithmName algorithm, RSASignaturePadding padding);
 }

Core/PrivateKey.cs

@@ -63,15 +63,16 @@ public string GetPemRepresentation()
     /// Sign some data
     /// </summary>
     /// <param name="toSign">string to be signed</param>
+    /// <param name="algorithm">Hash algorithm to use for signing</param>
+    /// <param name="padding">Signature padding to use</param>
     /// <returns>signed bytes</returns>
-    /// see CredentialSettings class
-    public byte[] SignData(string toSign)
+    public byte[] SignData(string toSign, HashAlgorithmName algorithm, RSASignaturePadding padding)
     {
         //get bytes array to sing
         var bytesToSign = toSign.GetBytes();
 
         //Sing and get signed bytes array
-        var signedBytes = RsaPrivateKey.SignData(bytesToSign, CredentialSettings.SignatureAlgorithm, CredentialSettings.SignaturePadding);
+        var signedBytes = RsaPrivateKey.SignData(bytesToSign, algorithm, padding);
 
         //Converts signed bytes to base64
         return signedBytes;
@@ -82,14 +83,15 @@ public byte[] SignData(string toSign)
     /// </summary>
     /// <param name="dataToVerify">original data in bytes</param>
     /// <param name="signedData">signed data in bytes</param>
+    /// <param name="algorithm">Hash algorithm to use for verification</param>
+    /// <param name="padding">Signature padding to use</param>
     /// <returns>True when the signature is valid, otherwise false</returns>
-    public bool VerifyData(byte[] dataToVerify, byte[] signedData)
+    public bool VerifyData(byte[] dataToVerify, byte[] signedData, HashAlgorithmName algorithm, RSASignaturePadding padding)
     {
         try
         {
             //Validation 
-            var isValid = RsaPrivateKey.VerifyData(dataToVerify, signedData, CredentialSettings.SignatureAlgorithm,
-                CredentialSettings.SignaturePadding);
+            var isValid = RsaPrivateKey.VerifyData(dataToVerify, signedData, algorithm, padding);
 
 
             return isValid;

fiscalapi-credentials.csproj

@@ -2,7 +2,7 @@
 
   <PropertyGroup>
 	  <TargetFrameworks>net8.0;net9.0</TargetFrameworks>
-	  <Version>4.0.97</Version>
+	  <Version>4.0.340</Version>
 	  <AssemblyVersion>$(Version)</AssemblyVersion>
 	  <FileVersion>$(Version)</FileVersion>
 	  <PackageVersion>$(Version)</PackageVersion>