public static bool ValidateResponse(SigneringResponse response, string requestId, string signText) { if (response.Status.ToUpperInvariant() != "OK") { if (response.Status.ToUpperInvariant() == "CANCELLED") { return(false); } throw new DigitalSigneringFailedException(String.Format("An error occured, code {0}", response.Status)); } if (response.RequestId != requestId) { throw new DigitalSigneringFailedException(String.Format("RequestId does not match expected value. expected: {0}, actual:{1}", requestId, response.RequestId)); } if (String.IsNullOrEmpty(response.SignedSignatureProof)) { throw new DigitalSigneringFailedException(String.Format("The response did not contain a signature proof. expected: {0}, actual:{1}", signText, response.SignedSignatureProof)); } var recievedSignText = GetSignText(response.SignedSignatureProof); if (recievedSignText != signText) { throw new DigitalSigneringFailedException(String.Format("The signtext did not match the expected value. expected: {0}, actual:{1}", signText, recievedSignText)); } var cert = GetCertificateFromResponse(response); var expectedCertificateSubject = SigningConfiguration.Instance.SigningAuthorityServiceCertificateSubject; if (!cert.Verify() && cert.SubjectName.Name != expectedCertificateSubject) { throw new DigitalSigneringFailedException(String.Format("Certificate used for signing of signing response not valid. Certificate subject: {0}", cert.SubjectName.Name)); } var calculatedFingerprint = string.Concat(response.RequestId, response.Status, response.EntityId, response.Pid, response.Cvr, response.Rid, response.SignedSignatureProof); var key = (RSACryptoServiceProvider)cert.PublicKey.Key; var signatureValid = key.VerifyData(Encoding.UTF8.GetBytes(calculatedFingerprint), CryptoConfig.CreateFromName("SHA256"), Convert.FromBase64String(response.SignedFingerPrint)); if (!signatureValid) { throw new DigitalSigneringFailedException("Signature could not be verified"); } return(true); }
private static X509Certificate2 GetCertificateFromResponse(SigneringResponse response) { var signatureProof = Encoding.UTF8.GetString(Convert.FromBase64String(response.SignedSignatureProof)); var doc = new XmlDocument() { PreserveWhitespace = true }; doc.LoadXml(signatureProof); var signedXml = new SignedXml(doc); var nodeList = doc.GetElementsByTagName("Signature"); signedXml.LoadXml((XmlElement)nodeList[0]); var cert = (X509Certificate2)signedXml.Signature.KeyInfo.Cast <KeyInfoX509Data>().First().Certificates[0]; return(cert); }
public ActionResult ValidateSigning(string id) { var response = new SigneringResponse() { RequestId = Request.Form["RequestId"], Status = Request.Form["Status"], EntityId = Request.Form["EntityId"], SignedSignatureProof = Request.Form["SignedSignatureProof"], SignedFingerPrint = Request.Form["SignedFingerPrint"], Pid = Request.Form["PID"], Cvr = Request.Form["CVR"], Rid = Request.Form["RID"] }; var validationResult = Signer.ValidateResponse(response, id, Message); return(RedirectToAction("Index", "Home", new RouteValueDictionary() { { "result", validationResult } })); }