/// <summary> /// Verifies if the digital signature on the AS4 Message is valid. /// </summary> /// <param name="config"></param> /// <returns></returns> public bool VerifySignature(VerifySignatureConfig config) { if (config == null) { throw new ArgumentNullException(nameof(config)); } var verifier = new SignatureVerificationStrategy(EnvelopeDocument); return(verifier.VerifySignature(config)); }
private static async Task <StepResult> TryVerifyingSignatureAsync( MessagingContext messagingContext, SigningVerification verification) { try { VerifySignatureConfig options = CreateVerifyOptionsForAS4Message(messagingContext.AS4Message, verification); Logger.Debug($"Verify signature on the AS4Message {{AllowUnknownRootCertificateAuthority={options.AllowUnknownRootCertificateAuthority}}}"); if (!messagingContext.AS4Message.VerifySignature(options)) { return(InvalidSignatureResult( "The signature is invalid", ErrorAlias.FailedAuthentication, messagingContext)); } Logger.Info($"{messagingContext.LogTag} AS4Message has a valid signature present"); JournalLogEntry entry = JournalLogEntry.CreateFrom( messagingContext.AS4Message, $"Signature verified with {(options.AllowUnknownRootCertificateAuthority ? "allowing" : "disallowing")} unknown certificate authorities"); return(await StepResult .Success(messagingContext) .WithJournalAsync(entry)); } catch (CryptographicException exception) { var description = "Signature verification failed"; if (messagingContext.AS4Message.IsEncrypted) { Logger.Error( "Signature verification failed because the received message is still encrypted. " + "Make sure that you specify <Decryption/> information in the <Security/> element of the " + "ReceivingPMode so the ebMS MessagingHeader is first decrypted before it's signature gets verified"); description = "Signature verification failed because the message is still encrypted"; } Logger.Error($"{messagingContext.LogTag} An exception occured while validating the signature: {exception.Message}"); return(InvalidSignatureResult( description, ErrorAlias.FailedAuthentication, messagingContext)); } }
/// <summary> /// Verify the Signature of the AS4 message /// </summary> /// <param name="options"></param> /// <returns></returns> public bool VerifySignature(VerifySignatureConfig options) { var securityTokenReference = SecurityTokenReferenceProvider.Get(_soapEnvelope, SecurityTokenType.Signing, options.CertificateRepository); if (!VerifyCertificate(securityTokenReference.Certificate, options.AllowUnknownRootCertificateAuthority, out X509ChainStatus[] status))