public void TestSignatureDataOk()
{
SignatureData signatureData = GetSignatureDataFromFile(Resources.SignatureData_Ok);
Assert.AreEqual(4, signatureData.Count, "Invalid amount of child TLV objects");
CollectionAssert.AreEqual(signatureData.GetCertificateId(), new byte[] { 0xc2, 0x46, 0xb1, 0x39 }, "Certificate Id should be equal");
CollectionAssert.AreEqual(signatureData.GetSignatureValue(),
Base16.Decode(
"98D9A4D14722BB2C22425AC9112FBF6A2491B7051AD0CBFD8153E669BFCC6CDF20EEC80F7FCC7236985A4F83871DD6E245470BCA323A3902035B78764DDC4C6EB42416A3A7D7E5CEF6ED6AE8FADA668413758CF7DE1E9565EDF646170286D0F43CA30491DD3407B53DEEDDCBD2620057AB6580E3D3E938AE44EABAF3282357EEBB7B2325616755A1F20B3A78DE2F636DE10F7CCD75B6C5BB80EFEBA216F9BF1A302DCB93B9D3E3E9754620E6D8EC8672C5329CBBB00A9A4617242950D68B8A55CBA77E69DECDD49DD96F69FAA6BFBB0EF48A913F5F26AFA01FB08192D62123FC644BA2978CAF147229BD5702663494983A40ED77AA5016EAABC1FE8456DC17D4"),
"Signature value should be correct");
Assert.AreEqual(signatureData.SignatureType, "1.2.840.113549.1.1.11", "Signature type should be correct");
Assert.AreEqual("https://www.guardtime.com", signatureData.CertificateRepositoryUri, "Unexpected certificate repository uri.");
}
/// <see cref="VerificationRule.Verify" />
public override VerificationResult Verify(IVerificationContext context)
{
IKsiSignature signature = GetSignature(context);
CalendarAuthenticationRecord calendarAuthenticationRecord = GetCalendarAuthenticationRecord(signature);
SignatureData signatureData = calendarAuthenticationRecord.SignatureData;
byte[] certificateBytes = GetPublicationsFile(context).FindCertificateById(signatureData.GetCertificateId());
if (certificateBytes == null)
{
throw new KsiVerificationException("No certificate found in publications file with id: " + Base16.Encode(signatureData.GetCertificateId()) + ".");
}
byte[] signedBytes = calendarAuthenticationRecord.PublicationData.Encode();
try
{
ICryptoSignatureVerifier cryptoSignatureVerifier = CryptoSignatureVerifierFactory.GetCryptoSignatureVerifierByOid(signatureData.SignatureType);
CryptoSignatureVerificationData data = new CryptoSignatureVerificationData(certificateBytes, signature.AggregationTime);
cryptoSignatureVerifier.Verify(signedBytes, signatureData.GetSignatureValue(), data);
}
catch (PkiVerificationFailedCertNotValidException ex)
{
Logger.Debug(ex);
return(new VerificationResult(GetRuleName(), VerificationResultCode.Fail, VerificationError.Key03));
}
catch (PkiVerificationFailedException ex)
{
Logger.Debug("Could not verify signature.{0}Signature type: {1}{0}{2}{0}{3}",
Environment.NewLine,
signatureData.SignatureType,
ex,
ex.AdditionalInfo);
return(new VerificationResult(GetRuleName(), VerificationResultCode.Fail, VerificationError.Key02));
}
catch (PkiVerificationErrorException ex)
{
Logger.Debug("Signature verification error.{0}Signature type: {1}{0}{2}",
Environment.NewLine,
signatureData.SignatureType,
ex);
return(new VerificationResult(GetRuleName(), VerificationResultCode.Fail, VerificationError.Key02));
}
return(new VerificationResult(GetRuleName(), VerificationResultCode.Ok));
}
