public void TestSignatureDataOk() { SignatureData signatureData = GetSignatureDataFromFile(Resources.SignatureData_Ok); Assert.AreEqual(4, signatureData.Count, "Invalid amount of child TLV objects"); CollectionAssert.AreEqual(signatureData.GetCertificateId(), new byte[] { 0xc2, 0x46, 0xb1, 0x39 }, "Certificate Id should be equal"); CollectionAssert.AreEqual(signatureData.GetSignatureValue(), Base16.Decode( "98D9A4D14722BB2C22425AC9112FBF6A2491B7051AD0CBFD8153E669BFCC6CDF20EEC80F7FCC7236985A4F83871DD6E245470BCA323A3902035B78764DDC4C6EB42416A3A7D7E5CEF6ED6AE8FADA668413758CF7DE1E9565EDF646170286D0F43CA30491DD3407B53DEEDDCBD2620057AB6580E3D3E938AE44EABAF3282357EEBB7B2325616755A1F20B3A78DE2F636DE10F7CCD75B6C5BB80EFEBA216F9BF1A302DCB93B9D3E3E9754620E6D8EC8672C5329CBBB00A9A4617242950D68B8A55CBA77E69DECDD49DD96F69FAA6BFBB0EF48A913F5F26AFA01FB08192D62123FC644BA2978CAF147229BD5702663494983A40ED77AA5016EAABC1FE8456DC17D4"), "Signature value should be correct"); Assert.AreEqual(signatureData.SignatureType, "1.2.840.113549.1.1.11", "Signature type should be correct"); Assert.AreEqual("https://www.guardtime.com", signatureData.CertificateRepositoryUri, "Unexpected certificate repository uri."); }
/// <see cref="VerificationRule.Verify" /> public override VerificationResult Verify(IVerificationContext context) { IKsiSignature signature = GetSignature(context); CalendarAuthenticationRecord calendarAuthenticationRecord = GetCalendarAuthenticationRecord(signature); SignatureData signatureData = calendarAuthenticationRecord.SignatureData; byte[] certificateBytes = GetPublicationsFile(context).FindCertificateById(signatureData.GetCertificateId()); if (certificateBytes == null) { throw new KsiVerificationException("No certificate found in publications file with id: " + Base16.Encode(signatureData.GetCertificateId()) + "."); } byte[] signedBytes = calendarAuthenticationRecord.PublicationData.Encode(); try { ICryptoSignatureVerifier cryptoSignatureVerifier = CryptoSignatureVerifierFactory.GetCryptoSignatureVerifierByOid(signatureData.SignatureType); CryptoSignatureVerificationData data = new CryptoSignatureVerificationData(certificateBytes, signature.AggregationTime); cryptoSignatureVerifier.Verify(signedBytes, signatureData.GetSignatureValue(), data); } catch (PkiVerificationFailedCertNotValidException ex) { Logger.Debug(ex); return(new VerificationResult(GetRuleName(), VerificationResultCode.Fail, VerificationError.Key03)); } catch (PkiVerificationFailedException ex) { Logger.Debug("Could not verify signature.{0}Signature type: {1}{0}{2}{0}{3}", Environment.NewLine, signatureData.SignatureType, ex, ex.AdditionalInfo); return(new VerificationResult(GetRuleName(), VerificationResultCode.Fail, VerificationError.Key02)); } catch (PkiVerificationErrorException ex) { Logger.Debug("Signature verification error.{0}Signature type: {1}{0}{2}", Environment.NewLine, signatureData.SignatureType, ex); return(new VerificationResult(GetRuleName(), VerificationResultCode.Fail, VerificationError.Key02)); } return(new VerificationResult(GetRuleName(), VerificationResultCode.Ok)); }