private AsymmetricAlgorithm GetNextCertificatePublicKey() { while (_x509Enum.MoveNext()) { X509Certificate2 certificate = (X509Certificate2)_x509Enum.Current; if (certificate != null) { return(Utils.GetAnyPublicKey(certificate)); } } return(null); }
public bool CheckSignature(X509Certificate2 certificate, bool verifySignatureOnly) { if (!verifySignatureOnly) { // Check key usages to make sure it is good for signing. foreach (X509Extension extension in certificate.Extensions) { if (string.Compare(extension.Oid.Value, "2.5.29.15" /* szOID_KEY_USAGE */, StringComparison.OrdinalIgnoreCase) == 0) { X509KeyUsageExtension keyUsage = new X509KeyUsageExtension(); keyUsage.CopyFrom(extension); SignedXmlDebugLog.LogVerifyKeyUsage(this, certificate, keyUsage); bool validKeyUsage = (keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) != 0 || (keyUsage.KeyUsages & X509KeyUsageFlags.NonRepudiation) != 0; if (!validKeyUsage) { SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_X509KeyUsage); return(false); } break; } } // Do the chain verification to make sure the certificate is valid. X509Chain chain = new X509Chain(); chain.ChainPolicy.ExtraStore.AddRange(BuildBagOfCerts()); bool chainVerified = chain.Build(certificate); SignedXmlDebugLog.LogVerifyX509Chain(this, chain, certificate); if (!chainVerified) { SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_X509Chain); return(false); } } using (AsymmetricAlgorithm publicKey = Utils.GetAnyPublicKey(certificate)) { if (!CheckSignature(publicKey)) { return(false); } } SignedXmlDebugLog.LogVerificationResult(this, certificate, true); return(true); }