/// <summary>
/// Obtains a <see cref="SignatureProvider "/> and validates the signature.
/// </summary>
/// <param name="encodedBytes">Bytes to validate.</param>
/// <param name="signature">Signature to compare against.</param>
/// <param name="key"><See cref="SecurityKey"/> to use.</param>
/// <param name="algorithm">Crypto algorithm to use.</param>
/// <param name="validationParameters">Priority will be given to <see cref="TokenValidationParameters.CryptoProviderFactory"/> over <see cref="SecurityKey.CryptoProviderFactory"/>.</param>
/// <returns>'true' if signature is valid.</returns>
private bool ValidateSignature(byte[] encodedBytes, byte[] signature, SecurityKey key, string algorithm, TokenValidationParameters validationParameters)
{
var cryptoProviderFactory = validationParameters.CryptoProviderFactory ?? key.CryptoProviderFactory;
if (!cryptoProviderFactory.IsSupportedAlgorithm(algorithm, key))
{
LogHelper.LogInformation(LogMessages.IDX14000, algorithm, key);
return(false);
}
var signatureProvider = cryptoProviderFactory.CreateForVerifying(key, algorithm);
if (signatureProvider == null)
{
throw LogHelper.LogExceptionMessage(new InvalidOperationException(LogHelper.FormatInvariant(TokenLogMessages.IDX10647, (key == null ? "Null" : key.ToString()), (algorithm == null ? "Null" : algorithm))));
}
try
{
return(signatureProvider.Verify(encodedBytes, signature));
}
finally
{
cryptoProviderFactory.ReleaseSignatureProvider(signatureProvider);
}
}
