private static bool RsaPkcs15_Verify(
ArraySegment<byte> dataToVerify,
byte[] signature,
X509Certificate2 signingCertificate,
HashAlgorithmName algorithm)
{
// extract the public key.
using (RSA rsa = signingCertificate.GetRSAPublicKey())
{
if (rsa == null)
{
throw ServiceResultException.Create(StatusCodes.BadSecurityChecksFailed, "No public key for certificate.");
}
// verify signature.
if (!rsa.VerifyData(dataToVerify.Array, dataToVerify.Offset, dataToVerify.Count, signature, algorithm, RSASignaturePadding.Pkcs1))
{
string messageType = new UTF8Encoding().GetString(dataToVerify.Array, dataToVerify.Offset, 4);
int messageLength = BitConverter.ToInt32(dataToVerify.Array, dataToVerify.Offset + 4);
string actualSignature = Utils.ToHexString(signature);
Utils.Trace(
"Could not validate signature.\r\nCertificate={0}, MessageType={1}, Length={2}\r\nActualSignature={3}",
signingCertificate.Subject,
messageType,
messageLength,
actualSignature);
return false;
}
}
return true;
}