public bool VerifyCertChain(IJweCryptoPolicy policy) { var chain = policy.GetX509TrustChain(); Certificates.Where(c => c.SerialNumber != SigningPublicCert.SerialNumber) .ToList() .ForEach(c => chain.ChainPolicy.ExtraStore.Add(c)); if (!chain.Build(SigningPublicCert)) { return(false); } // Make sure we have the same number of elements. if (chain.ChainElements.Count != chain.ChainPolicy.ExtraStore.Count + 1) { return(false); } // Make sure all the thumbprints of the CAs match up. // The first one should be 'primaryCert', leading up to the root CA. for (var i = 1; i < chain.ChainElements.Count; i++) { if (chain.ChainElements[i].Certificate.Thumbprint != chain.ChainPolicy.ExtraStore[i - 1].Thumbprint) { return(false); } } return(true); }
public static T FromEncryptedString <T>(string b64MessageToDecrypt, List <X509Certificate2> issuerEncryptionCerts, IJweCryptoPolicy cryptoPolicy) { var parts = b64MessageToDecrypt.SplitInToSections(); var jwsHeader = JwsHeader.CreateJweHeaderFromEncryptedHeader(parts[0]); var verifiedPayload = JWT.Decode( b64MessageToDecrypt, jwsHeader.SigningPublicCert.GetRSAPublicKey()); var message = new JweMessage { CryptoPolicy = cryptoPolicy, EncryptedMessage = b64MessageToDecrypt, Header = jwsHeader, Payload = JweEncryptedPayload.CreateFromEncryptedPayload(verifiedPayload, issuerEncryptionCerts), Signature = new JweSignature(parts[2]) }; if (!message.IsSignatureValidAndTrusted()) { throw new Rsa3dSecureException(RsaErrorCodes.VerifySignatureFailed, "Message Signature is not valid."); } return(message.GetDecryptedJsonObjectAs <T>()); }
public static JweMessage FromEncryptedString(string b64MessageToDecrypt, List <X509Certificate2> issuerEncryptionCerts, IJweCryptoPolicy cryptoPolicy) { var parts = b64MessageToDecrypt.SplitInToSections(); var jwsHeader = JwsHeader.CreateJweHeaderFromEncryptedHeader(parts[0]); var verifiedPayload = JWT.Decode( b64MessageToDecrypt, jwsHeader.SigningPublicCert.GetRSAPublicKey()); return(new JweMessage { CryptoPolicy = cryptoPolicy, EncryptedMessage = b64MessageToDecrypt, Header = jwsHeader, Payload = JweEncryptedPayload.CreateFromEncryptedPayload(verifiedPayload, issuerEncryptionCerts), Signature = new JweSignature(parts[2]) }); }