Ejemplo n.º 1
0
        public bool CheckSignature(X509Certificate certificate, bool verifySignatureOnly)
        {
            if (!verifySignatureOnly)
            {
                // Check key usages to make sure it is good for signing.

                var exts = certificate.CertificateStructure.TbsCertificate.Extensions;
                foreach (DerObjectIdentifier extension in exts.ExtensionOids)
                {
                    if (extension.Equals(X509Extensions.KeyUsage))
                    {
                        var  keyUsage      = certificate.GetKeyUsage();
                        bool validKeyUsage = (keyUsage[0 /* DigitalSignature */] || keyUsage[0 /* NonRepudiation */]);

                        if (!validKeyUsage)
                        {
                            SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_X509KeyUsage);
                            return(false);
                        }
                        break;
                    }
                }

                // Do the chain verification to make sure the certificate is valid.

                /*X509Chain chain = new X509Chain();
                 * chain.ChainPolicy.ExtraStore.AddRange(BuildBagOfCerts());
                 * bool chainVerified = chain.Build(certificate);
                 * SignedXmlDebugLog.LogVerifyX509Chain(this, chain, certificate);
                 *
                 * if (!chainVerified)
                 * {
                 *  SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_X509Chain);
                 *  return false;
                 * }*/
            }

            AsymmetricKeyParameter publicKey = certificate.GetPublicKey();

            if (!CheckSignature(publicKey))
            {
                return(false);
            }

            SignedXmlDebugLog.LogVerificationResult(this, certificate, true);
            return(true);
        }
Ejemplo n.º 2
0
        public bool CheckSignature(IMac macAlg)
        {
            if (!CheckSignatureFormat())
            {
                return(false);
            }

            if (!CheckSignedInfo(macAlg))
            {
                SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_SignedInfo);
                return(false);
            }

            if (!CheckDigestedReferences())
            {
                SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_References);
                return(false);
            }

            SignedXmlDebugLog.LogVerificationResult(this, macAlg, true);
            return(true);
        }
Ejemplo n.º 3
0
        public bool CheckSignature(AsymmetricKeyParameter key)
        {
            if (!CheckSignatureFormat())
            {
                return(false);
            }

            if (!CheckSignedInfo(key))
            {
                SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_SignedInfo);
                return(false);
            }

            // Now is the time to go through all the references and see if their DigestValues are good
            if (!CheckDigestedReferences())
            {
                SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_References);
                return(false);
            }

            SignedXmlDebugLog.LogVerificationResult(this, key, true);
            return(true);
        }