public void ProcessInbound(MessageContext context, Action continueProcessing)
{
bool signatureVerified = false;
Envelope env = context.Envelope;
// start by getting the purported sender's identity
string sender = env.GetSenderIdentity();
if (string.IsNullOrEmpty(sender))
{
_log.Error("An inbound event arrived with no sender identity");
}
else
{
// use the identity to lookup their certificate
X509Certificate2 senderCert = _certProvider.GetCertificateFor(sender);
if (null == senderCert)
{
_log.Error("Sender " + sender + " does not have a public key certificate available");
}
else
{
// get the digital signature from the headers
byte[] digitalSignature = env.GetDigitalSignature();
if (0 == digitalSignature.LongLength)
{
_log.Error("Sender " + sender + " did not digitally sign the event");
}
else
{
// verify that the payload hasn't been tampered with by using the
// sender's public key and the digital signature on the envelope
RSACryptoServiceProvider rsaProvider = senderCert.PublicKey.Key as RSACryptoServiceProvider;
signatureVerified = rsaProvider.VerifyData(env.Payload, new SHA1CryptoServiceProvider(), digitalSignature);
}
}
}
if (signatureVerified)
{
continueProcessing();
}
}