private void InternalValidateSignature(Federation.Federation federation, ICredentialVault vault, bool checkTrust = true)
{
if (AuthenticationLevel.Level < AuthenticationLevel.VocesTrustedSystem.Level)
{
throw new ModelException("AuthenticationLevel does not support signature");
}
if (Xassertion == null)
{
throw new ModelException("Assertion not initialized");
}
if (!SealUtilities.CheckAssertionSignature(Xassertion))
{
throw new ModelException("IDCard is not signed!");
}
if (ConfigurationManager.AppSettings.AllKeys.Contains("CheckTrust"))
{
checkTrust = ConfigurationManager.AppSettings["CheckTrust"].ToLower().Equals("true");
}
if (checkTrust)
{
var checkCrl = true;
if (ConfigurationManager.AppSettings.AllKeys.Contains("CheckCrl"))
{
checkCrl = ConfigurationManager.AppSettings["CheckCrl"].ToLower().Equals("true");
}
//Check that Signature is in credentialVault and that no certificate in chain is revoked
if (!SignatureUtil.Validate(Xassertion, federation, vault, checkTrust, checkCrl))
{
throw new ModelException("Signature on IdCard could not be validated");
}
}
}
public void ValidateSignatureAndTrust(Federation.Federation federation)
{
InternalValidateSignature(federation, null);
}
