|
public static RsaPkcs15Sha256_Verify ( ArraySegment |
||
| dataToVerify | ArraySegment |
|
| signature | byte | |
| signingCertificate | ||
| return | bool | |
public static bool RsaPkcs15Sha256_Verify(
ArraySegment<byte> dataToVerify,
byte[] signature,
X509Certificate2 signingCertificate)
{
// extract the private key.
using (RSA rsa = signingCertificate.GetRSAPublicKey())
{
if (rsa == null)
{
throw ServiceResultException.Create(StatusCodes.BadSecurityChecksFailed, "No public key for certificate.");
}
// verify signature.
return rsa.VerifyData(dataToVerify.Array, dataToVerify.Offset, dataToVerify.Count, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
}
}
/// <summary>
/// Verifies the signature using the SecurityPolicyUri and return true if valid.
/// </summary>
public static bool Verify(X509Certificate2 certificate, string securityPolicyUri, byte[] dataToVerify, SignatureData signature)
{
// check if nothing to do.
if (signature == null)
{
return(true);
}
// nothing more to do if no encryption.
if (String.IsNullOrEmpty(securityPolicyUri))
{
return(true);
}
// decrypt data.
switch (securityPolicyUri)
{
case SecurityPolicies.Basic256:
case SecurityPolicies.Basic128Rsa15:
{
if (signature.Algorithm == SecurityAlgorithms.RsaSha1)
{
return(RsaUtils.RsaPkcs15Sha1_Verify(new ArraySegment <byte>(dataToVerify), signature.Signature, certificate));
}
break;
}
case SecurityPolicies.Basic256Sha256:
{
if (signature.Algorithm == SecurityAlgorithms.RsaSha256)
{
return(RsaUtils.RsaPkcs15Sha256_Verify(new ArraySegment <byte>(dataToVerify), signature.Signature, certificate));
}
break;
}
// always accept signatures if security is not used.
case SecurityPolicies.None:
{
return(true);
}
default:
{
throw ServiceResultException.Create(
StatusCodes.BadSecurityPolicyRejected,
"Unsupported security policy: {0}",
securityPolicyUri);
}
}
throw ServiceResultException.Create(
StatusCodes.BadSecurityChecksFailed,
"Unexpected signature algorithm : {0}",
signature.Algorithm);
}
