/// <summary> /// Obtains a <see cref="SignatureProvider "/> and validates the signature. /// </summary> /// <param name="encodedBytes">Bytes to validate.</param> /// <param name="signature">Signature to compare against.</param> /// <param name="key"><See cref="SecurityKey"/> to use.</param> /// <param name="algorithm">Crypto algorithm to use.</param> /// <param name="validationParameters">Priority will be given to <see cref="TokenValidationParameters.CryptoProviderFactory"/> over <see cref="SecurityKey.CryptoProviderFactory"/>.</param> /// <returns>'true' if signature is valid.</returns> private bool ValidateSignature(byte[] encodedBytes, byte[] signature, SecurityKey key, string algorithm, TokenValidationParameters validationParameters) { var cryptoProviderFactory = validationParameters.CryptoProviderFactory ?? key.CryptoProviderFactory; if (!cryptoProviderFactory.IsSupportedAlgorithm(algorithm, key)) { LogHelper.LogInformation(LogMessages.IDX14000, algorithm, key); return(false); } var signatureProvider = cryptoProviderFactory.CreateForVerifying(key, algorithm); if (signatureProvider == null) { throw LogHelper.LogExceptionMessage(new InvalidOperationException(LogHelper.FormatInvariant(TokenLogMessages.IDX10647, (key == null ? "Null" : key.ToString()), (algorithm == null ? "Null" : algorithm)))); } try { return(signatureProvider.Verify(encodedBytes, signature)); } finally { cryptoProviderFactory.ReleaseSignatureProvider(signatureProvider); } }