| static private VerifySignatureWithTolerantHashAlgorithm ( byte signingPublicKey, byte data, byte signature, AsymmetricAlgorithm signingAlgorithm = null ) : bool | ||
| signingPublicKey | byte | The public key used to verify the signature. |
| data | byte | The data that was signed. |
| signature | byte | The signature. |
| signingAlgorithm | AsymmetricAlgorithm | The signing algorithm. |
| return | bool | |
/// <summary>
/// Deserializes an endpoint from an address book entry and validates that the signatures are correct.
/// </summary>
/// <returns>The deserialized endpoint.</returns>
/// <exception cref="BadAddressBookEntryException">Thrown if the signatures are invalid.</exception>
public Endpoint ExtractEndpoint()
{
var reader = new BinaryReader(new MemoryStream(this.SerializedEndpoint));
Endpoint endpoint;
try
{
endpoint = reader.DeserializeDataContract <Endpoint>();
}
catch (SerializationException ex)
{
throw new BadAddressBookEntryException(ex.Message, ex);
}
try
{
if (!CryptoProviderExtensions.VerifySignatureWithTolerantHashAlgorithm(endpoint.SigningKeyPublicMaterial, this.SerializedEndpoint, this.Signature, this.HashAlgorithmName != null ? (AsymmetricAlgorithm?)CryptoProviderExtensions.GetSignatureProvider(this.HashAlgorithmName) : null))
{
throw new BadAddressBookEntryException(Strings.AddressBookEntrySignatureDoesNotMatch);
}
}
catch (Exception ex)
{ // all those platform-specific exceptions that aren't available to portable libraries.
throw new BadAddressBookEntryException(Strings.AddressBookEntrySignatureDoesNotMatch, ex);
}
return(endpoint);
}
/// <summary>
/// Downloads a <see cref="PayloadReference"/> that is referenced from an incoming inbox item.
/// </summary>
/// <param name="inboxItem">The inbox item that referenced the <see cref="PayloadReference"/>.</param>
/// <param name="cancellationToken">The cancellation token.</param>
/// <returns>The task representing the asynchronous operation.</returns>
protected virtual async Task <PayloadReference> DownloadPayloadReferenceAsync(IncomingList.IncomingItem inboxItem, CancellationToken cancellationToken)
{
Requires.NotNull(inboxItem, "inboxItem");
var responseMessage = await this.HttpClient.GetAsync(inboxItem.Location, cancellationToken).ConfigureAwait(false);
if (responseMessage.StatusCode == HttpStatusCode.NotFound)
{
// delete inbox item and move on.
await this.DeletePayloadReferenceAsync(inboxItem.Location, cancellationToken).ConfigureAwait(false);
this.Log("Missing payload reference.", null);
return(null);
}
responseMessage.EnsureSuccessStatusCode();
var responseStream = await responseMessage.Content.ReadAsStreamAsync().ConfigureAwait(false);
var responseStreamCopy = new MemoryStream();
await responseStream.CopyToAsync(responseStreamCopy, 4096, cancellationToken).ConfigureAwait(false);
responseStreamCopy.Position = 0;
var encryptedKey = await responseStreamCopy.ReadSizeAndBufferAsync(cancellationToken).ConfigureAwait(false);
var key = WinRTCrypto.CryptographicEngine.Decrypt(this.Endpoint.EncryptionKey, encryptedKey);
var iv = await responseStreamCopy.ReadSizeAndBufferAsync(cancellationToken).ConfigureAwait(false);
var ciphertextStream = await responseStreamCopy.ReadSizeAndStreamAsync(cancellationToken).ConfigureAwait(false);
var encryptedVariables = new SymmetricEncryptionVariables(key, iv);
var plainTextPayloadStream = new MemoryStream();
await this.CryptoServices.DecryptAsync(ciphertextStream, plainTextPayloadStream, encryptedVariables, cancellationToken).ConfigureAwait(false);
plainTextPayloadStream.Position = 0;
AsymmetricAlgorithm?signingHashAlgorithm = null; //// Encoding.UTF8.GetString(await plainTextPayloadStream.ReadSizeAndBufferAsync(cancellationToken));
byte[] signature = await plainTextPayloadStream.ReadSizeAndBufferAsync(cancellationToken).ConfigureAwait(false);
long payloadStartPosition = plainTextPayloadStream.Position;
var signedBytes = new byte[plainTextPayloadStream.Length - plainTextPayloadStream.Position];
await plainTextPayloadStream.ReadAsync(signedBytes, 0, signedBytes.Length).ConfigureAwait(false);
plainTextPayloadStream.Position = payloadStartPosition;
var plainTextPayloadReader = new BinaryReader(plainTextPayloadStream);
var recipientPublicSigningKeyBuffer = plainTextPayloadReader.ReadSizeAndBuffer();
var creationDateUtc = DateTime.FromBinary(plainTextPayloadReader.ReadInt64());
var notificationAuthor = Utilities.DeserializeDataContract <Endpoint>(plainTextPayloadReader);
var messageReference = Utilities.DeserializeDataContract <PayloadReference>(plainTextPayloadReader);
messageReference.ReferenceLocation = inboxItem.Location;
if (messageReference.HashAlgorithmName == null)
{
messageReference.HashAlgorithmName = Utilities.GuessHashAlgorithmFromLength(messageReference.Hash.Length).GetHashAlgorithmName();
}
if (!CryptoProviderExtensions.VerifySignatureWithTolerantHashAlgorithm(notificationAuthor.SigningKeyPublicMaterial, signedBytes, signature, signingHashAlgorithm))
{
throw new InvalidMessageException();
}
if (!Utilities.AreEquivalent(recipientPublicSigningKeyBuffer, this.Endpoint.PublicEndpoint.SigningKeyPublicMaterial))
{
throw new InvalidMessageException(Strings.MisdirectedMessage);
}
return(messageReference);
}
