async Task <bool> VerifyArcSealAsync(FormatOptions options, ArcHeaderSet[] sets, int i, bool doAsync, CancellationToken cancellationToken)
{
DkimSignatureAlgorithm algorithm;
AsymmetricKeyParameter key;
string d, s, q, b;
ValidateArcSealParameters(sets[i].ArcSealParameters, out algorithm, out d, out s, out q, out b);
if (!IsEnabled(algorithm))
{
return(false);
}
if (doAsync)
{
key = await PublicKeyLocator.LocatePublicKeyAsync(q, d, s, cancellationToken).ConfigureAwait(false);
}
else
{
key = PublicKeyLocator.LocatePublicKey(q, d, s, cancellationToken);
}
if ((key is RsaKeyParameters rsa) && rsa.Modulus.BitLength < MinimumRsaKeyLength)
{
return(false);
}
options = options.Clone();
options.NewLineFormat = NewLineFormat.Dos;
using (var stream = new DkimSignatureStream(CreateVerifyContext(algorithm, key))) {
using (var filtered = new FilteredStream(stream)) {
filtered.Add(options.CreateNewLineFilter());
for (int j = 0; j < i; j++)
{
WriteHeaderRelaxed(options, filtered, sets[j].ArcAuthenticationResult, false);
WriteHeaderRelaxed(options, filtered, sets[j].ArcMessageSignature, false);
WriteHeaderRelaxed(options, filtered, sets[j].ArcSeal, false);
}
WriteHeaderRelaxed(options, filtered, sets[i].ArcAuthenticationResult, false);
WriteHeaderRelaxed(options, filtered, sets[i].ArcMessageSignature, false);
// now include the ARC-Seal header that we are verifying,
// but only after removing the "b=" signature value.
var seal = GetSignedSignatureHeader(sets[i].ArcSeal);
WriteHeaderRelaxed(options, filtered, seal, true);
filtered.Flush();
}
return(stream.VerifySignature(b));
}
}
async Task <bool> VerifyArcMessageSignatureAsync(FormatOptions options, MimeMessage message, Header arcSignature, Dictionary <string, string> parameters, bool doAsync, CancellationToken cancellationToken)
{
DkimCanonicalizationAlgorithm headerAlgorithm, bodyAlgorithm;
DkimSignatureAlgorithm signatureAlgorithm;
AsymmetricKeyParameter key;
string d, s, q, bh, b;
string[] headers;
int maxLength;
ValidateArcMessageSignatureParameters(parameters, out signatureAlgorithm, out headerAlgorithm, out bodyAlgorithm,
out d, out s, out q, out headers, out bh, out b, out maxLength);
if (!IsEnabled(signatureAlgorithm))
{
return(false);
}
options = options.Clone();
options.NewLineFormat = NewLineFormat.Dos;
// first check the body hash (if that's invalid, then the entire signature is invalid)
if (!VerifyBodyHash(options, message, signatureAlgorithm, bodyAlgorithm, maxLength, bh))
{
return(false);
}
if (doAsync)
{
key = await PublicKeyLocator.LocatePublicKeyAsync(q, d, s, cancellationToken).ConfigureAwait(false);
}
else
{
key = PublicKeyLocator.LocatePublicKey(q, d, s, cancellationToken);
}
if ((key is RsaKeyParameters rsa) && rsa.Modulus.BitLength < MinimumRsaKeyLength)
{
return(false);
}
return(VerifySignature(options, message, arcSignature, signatureAlgorithm, key, headers, headerAlgorithm, b));
}
async Task <bool> VerifyAsync(FormatOptions options, MimeMessage message, Header dkimSignature, bool doAsync, CancellationToken cancellationToken)
{
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
if (message == null)
{
throw new ArgumentNullException(nameof(message));
}
if (dkimSignature == null)
{
throw new ArgumentNullException(nameof(dkimSignature));
}
if (dkimSignature.Id != HeaderId.DkimSignature)
{
throw new ArgumentException("The signature parameter MUST be a DKIM-Signature header.", nameof(dkimSignature));
}
var parameters = ParseParameterTags(dkimSignature.Id, dkimSignature.Value);
DkimCanonicalizationAlgorithm headerAlgorithm, bodyAlgorithm;
DkimSignatureAlgorithm signatureAlgorithm;
AsymmetricKeyParameter key;
string d, s, q, bh, b;
string[] headers;
int maxLength;
ValidateDkimSignatureParameters(parameters, out signatureAlgorithm, out headerAlgorithm, out bodyAlgorithm,
out d, out s, out q, out headers, out bh, out b, out maxLength);
if (!IsEnabled(signatureAlgorithm))
{
return(false);
}
if (doAsync)
{
key = await PublicKeyLocator.LocatePublicKeyAsync(q, d, s, cancellationToken).ConfigureAwait(false);
}
else
{
key = PublicKeyLocator.LocatePublicKey(q, d, s, cancellationToken);
}
if ((key is RsaKeyParameters rsa) && rsa.Modulus.BitLength < MinimumRsaKeyLength)
{
return(false);
}
options = options.Clone();
options.NewLineFormat = NewLineFormat.Dos;
// first check the body hash (if that's invalid, then the entire signature is invalid)
var hash = Convert.ToBase64String(message.HashBody(options, signatureAlgorithm, bodyAlgorithm, maxLength));
if (hash != bh)
{
return(false);
}
using (var stream = new DkimSignatureStream(CreateVerifyContext(signatureAlgorithm, key))) {
using (var filtered = new FilteredStream(stream)) {
filtered.Add(options.CreateNewLineFilter());
WriteHeaders(options, message, headers, headerAlgorithm, filtered);
// now include the DKIM-Signature header that we are verifying,
// but only after removing the "b=" signature value.
var header = GetSignedSignatureHeader(dkimSignature);
switch (headerAlgorithm)
{
case DkimCanonicalizationAlgorithm.Relaxed:
WriteHeaderRelaxed(options, filtered, header, true);
break;
default:
WriteHeaderSimple(options, filtered, header, true);
break;
}
filtered.Flush();
}
return(stream.VerifySignature(b));
}
}
async Task <bool> VerifyAsync(FormatOptions options, MimeMessage message, Header dkimSignature, bool doAsync, CancellationToken cancellationToken)
{
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
if (message == null)
{
throw new ArgumentNullException(nameof(message));
}
if (dkimSignature == null)
{
throw new ArgumentNullException(nameof(dkimSignature));
}
if (dkimSignature.Id != HeaderId.DkimSignature)
{
throw new ArgumentException("The signature parameter MUST be a DKIM-Signature header.", nameof(dkimSignature));
}
var parameters = ParseParameterTags(dkimSignature.Id, dkimSignature.Value);
DkimCanonicalizationAlgorithm headerAlgorithm, bodyAlgorithm;
DkimSignatureAlgorithm signatureAlgorithm;
AsymmetricKeyParameter key;
string d, s, q, bh, b;
string[] headers;
int maxLength;
ValidateDkimSignatureParameters(parameters, out signatureAlgorithm, out headerAlgorithm, out bodyAlgorithm,
out d, out s, out q, out headers, out bh, out b, out maxLength);
if (!IsEnabled(signatureAlgorithm))
{
return(false);
}
options = options.Clone();
options.NewLineFormat = NewLineFormat.Dos;
// first check the body hash (if that's invalid, then the entire signature is invalid)
if (!VerifyBodyHash(options, message, signatureAlgorithm, bodyAlgorithm, maxLength, bh))
{
return(false);
}
if (doAsync)
{
key = await PublicKeyLocator.LocatePublicKeyAsync(q, d, s, cancellationToken).ConfigureAwait(false);
}
else
{
key = PublicKeyLocator.LocatePublicKey(q, d, s, cancellationToken);
}
if ((key is RsaKeyParameters rsa) && rsa.Modulus.BitLength < MinimumRsaKeyLength)
{
return(false);
}
return(VerifySignature(options, message, dkimSignature, signatureAlgorithm, key, headers, headerAlgorithm, b));
}