示例#1
0
        public bool CheckSignatureReturningKey(out AsymmetricAlgorithm signingKey)
        {
            SignedXmlDebugLog.LogBeginSignatureVerification(this, _context);

            signingKey = null;
            bool bRet = false;
            AsymmetricAlgorithm key = null;

            if (!CheckSignatureFormat())
            {
                return(false);
            }

            do
            {
                key = GetPublicKey();
                if (key != null)
                {
                    bRet = CheckSignature(key);
                    SignedXmlDebugLog.LogVerificationResult(this, key, bRet);
                }
            } while (key != null && bRet == false);

            signingKey = key;
            return(bRet);
        }
示例#2
0
        public bool CheckSignature(X509Certificate2 certificate, bool verifySignatureOnly)
        {
            if (!CheckSignature(certificate.PublicKey.Key))
            {
                return(false);
            }

            if (verifySignatureOnly)
            {
                SignedXmlDebugLog.LogVerificationResult(this, certificate, true);
                return(true);
            }

            // Check key usages to make sure it is good for signing.
            foreach (X509Extension extension in certificate.Extensions)
            {
                if (String.Compare(extension.Oid.Value, CAPI.szOID_KEY_USAGE, StringComparison.OrdinalIgnoreCase) == 0)
                {
                    X509KeyUsageExtension keyUsage = new X509KeyUsageExtension();
                    keyUsage.CopyFrom(extension);
                    SignedXmlDebugLog.LogVerifyKeyUsage(this, certificate, keyUsage);

                    bool validKeyUsage = (keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) != 0 ||
                                         (keyUsage.KeyUsages & X509KeyUsageFlags.NonRepudiation) != 0;

                    if (!validKeyUsage)
                    {
                        SignedXmlDebugLog.LogVerificationFailure(this, SecurityResources.GetResourceString("Log_VerificationFailed_X509KeyUsage"));
                        return(false);
                    }
                    break;
                }
            }

            // Do the chain verification to make sure the certificate is valid.
            X509Chain chain = new X509Chain();

            chain.ChainPolicy.ExtraStore.AddRange(BuildBagOfCerts());
            bool chainVerified = chain.Build(certificate);

            SignedXmlDebugLog.LogVerifyX509Chain(this, chain, certificate);

            if (!chainVerified)
            {
                SignedXmlDebugLog.LogVerificationFailure(this, SecurityResources.GetResourceString("Log_VerificationFailed_X509Chain"));
                return(false);
            }

            SignedXmlDebugLog.LogVerificationResult(this, certificate, true);
            return(true);
        }
示例#3
0
        public bool CheckSignature(X509Certificate2 certificate, bool verifySignatureOnly)
        {
            if (!verifySignatureOnly)
            {
                // Check key usages to make sure it is good for signing.
                foreach (X509Extension extension in certificate.Extensions)
                {
                    if (string.Equals(extension.Oid.Value, "2.5.29.15" /* szOID_KEY_USAGE */, StringComparison.OrdinalIgnoreCase))
                    {
                        X509KeyUsageExtension keyUsage = new X509KeyUsageExtension();
                        keyUsage.CopyFrom(extension);
                        SignedXmlDebugLog.LogVerifyKeyUsage(this, certificate, keyUsage);

                        bool validKeyUsage = (keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) != 0 ||
                                             (keyUsage.KeyUsages & X509KeyUsageFlags.NonRepudiation) != 0;

                        if (!validKeyUsage)
                        {
                            SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_X509KeyUsage);
                            return(false);
                        }
                        break;
                    }
                }

                // Do the chain verification to make sure the certificate is valid.
                X509Chain chain = new X509Chain();
                chain.ChainPolicy.ExtraStore.AddRange(BuildBagOfCerts());
                bool chainVerified = chain.Build(certificate);
                SignedXmlDebugLog.LogVerifyX509Chain(this, chain, certificate);

                if (!chainVerified)
                {
                    SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_X509Chain);
                    return(false);
                }
            }

            using (AsymmetricAlgorithm publicKey = Utils.GetAnyPublicKey(certificate))
            {
                if (!CheckSignature(publicKey))
                {
                    return(false);
                }
            }

            SignedXmlDebugLog.LogVerificationResult(this, certificate, true);
            return(true);
        }
示例#4
0
        public bool CheckSignature(X509Certificate2 certificate, bool verifySignatureOnly)
        {
            if (!this.CheckSignature(certificate.PublicKey.Key))
            {
                return(false);
            }
            if (verifySignatureOnly)
            {
                SignedXmlDebugLog.LogVerificationResult(this, certificate, true);
                return(true);
            }
            X509ExtensionEnumerator enumerator = certificate.Extensions.GetEnumerator();

            while (enumerator.MoveNext())
            {
                X509Extension current = enumerator.Current;
                if (string.Compare(current.Oid.Value, "2.5.29.15", StringComparison.OrdinalIgnoreCase) == 0)
                {
                    X509KeyUsageExtension keyUsages = new X509KeyUsageExtension();
                    keyUsages.CopyFrom(current);
                    SignedXmlDebugLog.LogVerifyKeyUsage(this, certificate, keyUsages);
                    if (((keyUsages.KeyUsages & X509KeyUsageFlags.DigitalSignature) != X509KeyUsageFlags.None) || ((keyUsages.KeyUsages & X509KeyUsageFlags.NonRepudiation) != X509KeyUsageFlags.None))
                    {
                        break;
                    }
                    SignedXmlDebugLog.LogVerificationFailure(this, SecurityResources.GetResourceString("Log_VerificationFailed_X509KeyUsage"));
                    return(false);
                }
            }
            X509Chain chain = new X509Chain();

            chain.ChainPolicy.ExtraStore.AddRange(this.BuildBagOfCerts());
            bool flag2 = chain.Build(certificate);

            SignedXmlDebugLog.LogVerifyX509Chain(this, chain, certificate);
            if (!flag2)
            {
                SignedXmlDebugLog.LogVerificationFailure(this, SecurityResources.GetResourceString("Log_VerificationFailed_X509Chain"));
                return(false);
            }
            SignedXmlDebugLog.LogVerificationResult(this, certificate, true);
            return(true);
        }
示例#5
0
 public bool CheckSignature(KeyedHashAlgorithm macAlg)
 {
     if (!this.CheckSignatureFormat())
     {
         return(false);
     }
     if (!this.CheckSignedInfo(macAlg))
     {
         SignedXmlDebugLog.LogVerificationFailure(this, SecurityResources.GetResourceString("Log_VerificationFailed_SignedInfo"));
         return(false);
     }
     if (!this.CheckDigestedReferences())
     {
         SignedXmlDebugLog.LogVerificationFailure(this, SecurityResources.GetResourceString("Log_VerificationFailed_References"));
         return(false);
     }
     SignedXmlDebugLog.LogVerificationResult(this, macAlg, true);
     return(true);
 }
示例#6
0
        public bool CheckSignature(KeyedHashAlgorithm macAlg)
        {
            if (!CheckSignatureFormat())
            {
                return(false);
            }

            if (!CheckSignedInfo(macAlg))
            {
                SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_SignedInfo);
                return(false);
            }

            if (!CheckDigestedReferences())
            {
                SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_References);
                return(false);
            }

            SignedXmlDebugLog.LogVerificationResult(this, macAlg, true);
            return(true);
        }
示例#7
0
        public bool CheckSignatureReturningKey(out AsymmetricAlgorithm signingKey)
        {
            SignedXmlDebugLog.LogBeginSignatureVerification(this, this.m_context);
            signingKey = null;
            bool verified           = false;
            AsymmetricAlgorithm key = null;

            if (!this.CheckSignatureFormat())
            {
                return(false);
            }
            do
            {
                key = this.GetPublicKey();
                if (key != null)
                {
                    verified = this.CheckSignature(key);
                    SignedXmlDebugLog.LogVerificationResult(this, key, verified);
                }
            }while ((key != null) && !verified);
            signingKey = key;
            return(verified);
        }
示例#8
0
        public bool CheckSignature(AsymmetricAlgorithm key)
        {
            if (!CheckSignatureFormat())
            {
                return(false);
            }

            if (!CheckSignedInfo(key))
            {
                SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_SignedInfo);
                return(false);
            }

            // Now is the time to go through all the references and see if their DigestValues are good
            if (!CheckDigestedReferences())
            {
                SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_References);
                return(false);
            }

            SignedXmlDebugLog.LogVerificationResult(this, key, true);
            return(true);
        }