public bool CheckSignatureReturningKey(out AsymmetricKeyParameter signingKey)
{
SignedXmlDebugLog.LogBeginSignatureVerification(this, _context);
int count = 0;
signingKey = null;
bool bRet = false;
AsymmetricKeyParameter key = null;
if (!CheckSignatureFormat())
{
return(false);
}
do
{
key = GetPublicKey();
if (key != null)
{
if (count++ > 0)
{
_bCacheValid = false;
}
bRet = CheckSignature(key);
SignedXmlDebugLog.LogVerificationResult(this, key, bRet);
}
} while (key != null && bRet == false);
signingKey = key;
return(bRet);
}
public bool CheckSignature(X509Certificate certificate, bool verifySignatureOnly)
{
if (!verifySignatureOnly)
{
// Check key usages to make sure it is good for signing.
var exts = certificate.CertificateStructure.TbsCertificate.Extensions;
foreach (DerObjectIdentifier extension in exts.ExtensionOids)
{
if (extension.Equals(X509Extensions.KeyUsage))
{
var keyUsage = certificate.GetKeyUsage();
bool validKeyUsage = (keyUsage[0 /* DigitalSignature */] || keyUsage[0 /* NonRepudiation */]);
if (!validKeyUsage)
{
SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_X509KeyUsage);
return(false);
}
break;
}
}
// Do the chain verification to make sure the certificate is valid.
/*X509Chain chain = new X509Chain();
* chain.ChainPolicy.ExtraStore.AddRange(BuildBagOfCerts());
* bool chainVerified = chain.Build(certificate);
* SignedXmlDebugLog.LogVerifyX509Chain(this, chain, certificate);
*
* if (!chainVerified)
* {
* SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_X509Chain);
* return false;
* }*/
}
AsymmetricKeyParameter publicKey = certificate.GetPublicKey();
if (!CheckSignature(publicKey))
{
return(false);
}
SignedXmlDebugLog.LogVerificationResult(this, certificate, true);
return(true);
}
public bool CheckSignature(IMac macAlg)
{
if (!CheckSignatureFormat())
{
return(false);
}
if (!CheckSignedInfo(macAlg))
{
SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_SignedInfo);
return(false);
}
if (!CheckDigestedReferences())
{
SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_References);
return(false);
}
SignedXmlDebugLog.LogVerificationResult(this, macAlg, true);
return(true);
}
public bool CheckSignature(AsymmetricKeyParameter key)
{
if (!CheckSignatureFormat())
{
return(false);
}
if (!CheckSignedInfo(key))
{
SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_SignedInfo);
return(false);
}
// Now is the time to go through all the references and see if their DigestValues are good
if (!CheckDigestedReferences())
{
SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_References);
return(false);
}
SignedXmlDebugLog.LogVerificationResult(this, key, true);
return(true);
}