internal void Verify(ISigner signer)
{
var sb = new StringBuilder();
WriteLicenseProperties(sb);
if (!signer.Verify(sb.ToString(), Signature))
{
ThrowInvalidSignatureException();
}
}
/// <summary>
/// <p>Process the Signature node and verify the digital signatire of the contents.</p>
/// </summary>
/// <exception cref="VerificationException">if something went wrong during verification</exception>
/// <exception cref="VerificationFailedException">if the signature is invalid</exception>
/// <exception cref="ArgumentNullException">If any input parameter is null</exception>
/// <param name="node">xml node with digital signature to be verified</param>
/// <param name="keyInfoProvider">The key information for verifying the signature</param>
///
/// <example>
/// <para>If Signature node to be verified contains all non soap references
/// <code>
/// SignatureManager sm = new SignatureManager();
/// sm.VerifySignature(node, keyInfoProvider, null);
/// </code>
/// </para>
/// <para>If Signature node to be verified contains soap references
/// <code>
/// SignatureManager sm = new SignatureManager();
/// SoapMessageReferenceLoader smrl = new SoapMessageRefernceLoader(theSoapMessage);
/// sm.VerifySignature(node, keyInfoProvider, smrl);
/// </code>
/// Here theSoapMessage is the soap message that was signed.
/// </para>
/// For more information see the demo in CS and in test cases.
/// </example>
public void VerifySignature(XmlNode node, InstantiationVO keyInfoProvider)
{
//Validate not null
ExceptionHelper.ValidateNotNull(node, "node");
ExceptionHelper.ValidateNotNull(keyInfoProvider, "keyInfoProvider");
try
{
// we use namespace manager since <Signature> has default namespace
XmlNamespaceManager nsMgr = new XmlNamespaceManager(node.OwnerDocument.NameTable);
nsMgr.AddNamespace("ds", DEF_XMLDSIG_NS);
//Get SignedInfo node
XmlNode signedInfoNode = node.SelectSingleNode("ds:SignedInfo", nsMgr);
//Get CanonicalizationNode
XmlNode canonNode = signedInfoNode.SelectSingleNode("ds:CanonicalizationMethod", nsMgr);
string canonMethod = canonNode.Attributes.GetNamedItem("Algorithm").Value;
//Get Canonicalization instance
ICanonicalizer canonInst = registry.GetCanonicalizerInstance(canonMethod, emptyDic);
string canonicalized = canonInst.BringToCanonicalForm(signedInfoNode.OuterXml);
//Get Signing Algo
XmlNode signAlgoNode = node.SelectSingleNode("ds:SignedInfo/ds:SignatureMethod", nsMgr);
string signingAlgo = signAlgoNode.Attributes.GetNamedItem("Algorithm").Value;
//Get Signer instance using the Signature mEthos Algorithm attribute value
ISigner signer = registry.GetSignerInstance(signingAlgo, emptyDic);
//Get keyInfoProvider instance
IKeyInfoProvider keyInfoProviderInst = registry.GetKeyInfoProviderInstance(keyInfoProvider.Key,
keyInfoProvider.Params);
//Verify the sign
signer.Verify(canonicalized, keyInfoProviderInst, node);
//Now proceed to check all references
XmlNodeList list = node.SelectNodes("ds:SignedInfo/ds:Reference", nsMgr);
VerifyReferences(list, null);
}
catch (VerificationFailedException ex)
{
throw ex;
}
catch (Exception ex)
{
throw new VerificationException(VERIF_EXCP_MSG, ex);
}
}
/// <summary>
/// <p>Process the Signature node and verify the digital signatire of the contents.</p>
/// </summary>
/// <exception cref="VerificationException">if something went wrong during verification</exception>
/// <exception cref="VerificationFailedException">if the signature is invalid</exception>
/// <exception cref="ArgumentNullException">If any input parameter is null</exception>
/// <param name="node">xml node with digital signature to be verified</param>
/// <param name="keyInfoProvider">The key information for verifying the signature</param>
/// <param name="soapRefLoader">SoapMessageRefernceLoader instance if the Signature was used on a
/// SoapMessage. Should not be null incase of verification of soapMessage.
/// Can be null if verification is of a web reference.
/// </param>
///
/// <example>
/// <para>If Signature node to be verified contains all non soap references
/// <code>
/// SignatureManager sm = new SignatureManager();
/// sm.VerifySignature(node, keyInfoProvider, null);
/// </code>
/// </para>
/// <para>If Signature node to be verified contains soap references
/// <code>
/// SignatureManager sm = new SignatureManager();
/// SoapMessageReferenceLoader smrl = new SoapMessageRefernceLoader(theSoapMessage);
/// sm.VerifySignature(node, keyInfoProvider, smrl);
/// </code>
/// Here theSoapMessage is the soap message that was signed.
/// </para>
/// For more information see the demo in CS and in test cases.
/// </example>
public void VerifySignature(XmlNode node, InstantiationVO keyInfoProvider, IReferenceLoader soapRefLoader)
{
//Validate not null
ExceptionHelper.ValidateNotNull(node, "node");
ExceptionHelper.ValidateNotNull(keyInfoProvider, "keyInfoProvider");
try
{
//Get SignedInfo node
XmlNode signedInfoNode = node.SelectSingleNode("SignedInfo");
//Get CanonicalizationNode
XmlNode canonNode = signedInfoNode.SelectSingleNode("CanonicalizationMethod");
string canonMethod = canonNode.Attributes.GetNamedItem("Algorithm").Value;
//Get Canonicalization instance
ICanonicalizer canonInst = registry.GetCanonicalizerInstance(canonMethod, emptyDic);
string canonicalized = canonInst.BringToCanonicalForm(signedInfoNode.OuterXml);
//Get Signing Algo
XmlNode signAlgoNode = node.SelectSingleNode("SignedInfo/SignatureMethod");
string signingAlgo = signAlgoNode.Attributes.GetNamedItem("Algorithm").Value;
//Get Signer instance using the Signature mEthos Algorithm attribute value
ISigner signer = registry.GetSignerInstance(signingAlgo, emptyDic);
//Get keyInfoProvider instance
IKeyInfoProvider keyInfoProviderInst = registry.GetKeyInfoProviderInstance(keyInfoProvider.Key,
keyInfoProvider.Params);
//Verify the sign
signer.Verify(canonicalized, keyInfoProviderInst, node);
//Now proceed to check all references
XmlNodeList list = node.SelectNodes("SignedInfo/Reference");
VerifyReferences(list, soapRefLoader);
}
catch (VerificationFailedException ex)
{
throw ex;
}
catch (Exception ex)
{
throw new VerificationException(VERIF_EXCP_MSG, ex);
}
}
public static License <TIdentity> Load(ISigner verifier, string licenseString)
{
var sections = licenseString.Split('.');
if (sections.Length != 2)
{
throw new InvalidLicenseException();
}
var rawLicense = sections[0];
var signature = System.Convert.FromBase64String(sections[1]);
if (!verifier.Verify(rawLicense, signature))
{
throw new InvalidLicenseException();
}
return(FromJSON(Utilites.Base64DecodeString(rawLicense)));
}
