/// <summary>
/// Verifies if the digital signature on the AS4 Message is valid.
/// </summary>
/// <param name="config"></param>
/// <returns></returns>
public bool VerifySignature(VerifySignatureConfig config)
{
if (config == null)
{
throw new ArgumentNullException(nameof(config));
}
var verifier = new SignatureVerificationStrategy(EnvelopeDocument);
return(verifier.VerifySignature(config));
}
private static async Task <StepResult> TryVerifyingSignatureAsync(
MessagingContext messagingContext,
SigningVerification verification)
{
try
{
VerifySignatureConfig options =
CreateVerifyOptionsForAS4Message(messagingContext.AS4Message, verification);
Logger.Debug($"Verify signature on the AS4Message {{AllowUnknownRootCertificateAuthority={options.AllowUnknownRootCertificateAuthority}}}");
if (!messagingContext.AS4Message.VerifySignature(options))
{
return(InvalidSignatureResult(
"The signature is invalid",
ErrorAlias.FailedAuthentication,
messagingContext));
}
Logger.Info($"{messagingContext.LogTag} AS4Message has a valid signature present");
JournalLogEntry entry =
JournalLogEntry.CreateFrom(
messagingContext.AS4Message,
$"Signature verified with {(options.AllowUnknownRootCertificateAuthority ? "allowing" : "disallowing")} unknown certificate authorities");
return(await StepResult
.Success(messagingContext)
.WithJournalAsync(entry));
}
catch (CryptographicException exception)
{
var description = "Signature verification failed";
if (messagingContext.AS4Message.IsEncrypted)
{
Logger.Error(
"Signature verification failed because the received message is still encrypted. "
+ "Make sure that you specify <Decryption/> information in the <Security/> element of the "
+ "ReceivingPMode so the ebMS MessagingHeader is first decrypted before it's signature gets verified");
description = "Signature verification failed because the message is still encrypted";
}
Logger.Error($"{messagingContext.LogTag} An exception occured while validating the signature: {exception.Message}");
return(InvalidSignatureResult(
description,
ErrorAlias.FailedAuthentication,
messagingContext));
}
}
/// <summary>
/// Verify the Signature of the AS4 message
/// </summary>
/// <param name="options"></param>
/// <returns></returns>
public bool VerifySignature(VerifySignatureConfig options)
{
var securityTokenReference =
SecurityTokenReferenceProvider.Get(_soapEnvelope, SecurityTokenType.Signing, options.CertificateRepository);
if (!VerifyCertificate(securityTokenReference.Certificate, options.AllowUnknownRootCertificateAuthority, out X509ChainStatus[] status))