public bool CheckSignature(X509Certificate2 certificate, bool verifySignatureOnly)
{
if (!verifySignatureOnly)
{
// Check key usages to make sure it is good for signing.
foreach (X509Extension extension in certificate.Extensions)
{
if (string.Equals(extension.Oid.Value, "2.5.29.15" /* szOID_KEY_USAGE */, StringComparison.OrdinalIgnoreCase))
{
X509KeyUsageExtension keyUsage = new X509KeyUsageExtension();
keyUsage.CopyFrom(extension);
SignedXmlDebugLog.LogVerifyKeyUsage(this, certificate, keyUsage);
bool validKeyUsage = (keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) != 0 ||
(keyUsage.KeyUsages & X509KeyUsageFlags.NonRepudiation) != 0;
if (!validKeyUsage)
{
SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_X509KeyUsage);
return(false);
}
break;
}
}
// Do the chain verification to make sure the certificate is valid.
X509Chain chain = new X509Chain();
chain.ChainPolicy.ExtraStore.AddRange(BuildBagOfCerts());
bool chainVerified = chain.Build(certificate);
SignedXmlDebugLog.LogVerifyX509Chain(this, chain, certificate);
if (!chainVerified)
{
SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_X509Chain);
return(false);
}
}
using (AsymmetricAlgorithm publicKey = Utils.GetAnyPublicKey(certificate))
{
if (!CheckSignature(publicKey))
{
return(false);
}
}
SignedXmlDebugLog.LogVerificationResult(this, certificate, true);
return(true);
}
public bool CheckSignature(KeyedHashAlgorithm macAlg)
{
if (!CheckSignatureFormat())
{
return(false);
}
if (!CheckSignedInfo(macAlg))
{
SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_SignedInfo);
return(false);
}
if (!CheckDigestedReferences())
{
SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_References);
return(false);
}
SignedXmlDebugLog.LogVerificationResult(this, macAlg, true);
return(true);
}
public bool CheckSignature(AsymmetricAlgorithm key)
{
if (!CheckSignatureFormat())
{
return(false);
}
if (!CheckSignedInfo(key))
{
SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_SignedInfo);
return(false);
}
// Now is the time to go through all the references and see if their DigestValues are good
if (!CheckDigestedReferences())
{
SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_References);
return(false);
}
SignedXmlDebugLog.LogVerificationResult(this, key, true);
return(true);
}
