private AsymmetricAlgorithm GetNextCertificatePublicKey()
{
while (_x509Enum.MoveNext())
{
X509Certificate2 certificate = (X509Certificate2)_x509Enum.Current;
if (certificate != null)
{
return(Utils.GetAnyPublicKey(certificate));
}
}
return(null);
}
public bool CheckSignature(X509Certificate2 certificate, bool verifySignatureOnly)
{
if (!verifySignatureOnly)
{
// Check key usages to make sure it is good for signing.
foreach (X509Extension extension in certificate.Extensions)
{
if (string.Compare(extension.Oid.Value, "2.5.29.15" /* szOID_KEY_USAGE */, StringComparison.OrdinalIgnoreCase) == 0)
{
X509KeyUsageExtension keyUsage = new X509KeyUsageExtension();
keyUsage.CopyFrom(extension);
SignedXmlDebugLog.LogVerifyKeyUsage(this, certificate, keyUsage);
bool validKeyUsage = (keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) != 0 ||
(keyUsage.KeyUsages & X509KeyUsageFlags.NonRepudiation) != 0;
if (!validKeyUsage)
{
SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_X509KeyUsage);
return(false);
}
break;
}
}
// Do the chain verification to make sure the certificate is valid.
X509Chain chain = new X509Chain();
chain.ChainPolicy.ExtraStore.AddRange(BuildBagOfCerts());
bool chainVerified = chain.Build(certificate);
SignedXmlDebugLog.LogVerifyX509Chain(this, chain, certificate);
if (!chainVerified)
{
SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_X509Chain);
return(false);
}
}
using (AsymmetricAlgorithm publicKey = Utils.GetAnyPublicKey(certificate))
{
if (!CheckSignature(publicKey))
{
return(false);
}
}
SignedXmlDebugLog.LogVerificationResult(this, certificate, true);
return(true);
}
