public bool Verify (FormatOptions options, Header dkimSignature, IDkimPublicKeyLocator publicKeyLocator, CancellationToken cancellationToken = default (CancellationToken))
{
if (options == null)
throw new ArgumentNullException (nameof (options));
if (dkimSignature == null)
throw new ArgumentNullException (nameof (dkimSignature));
if (dkimSignature.Id != HeaderId.DkimSignature)
throw new ArgumentException ("The dkimSignature parameter MUST be a DKIM-Signature header.", nameof (dkimSignature));
if (publicKeyLocator == null)
throw new ArgumentNullException (nameof (publicKeyLocator));
var parameters = ParseDkimSignature (dkimSignature.Value);
DkimCanonicalizationAlgorithm headerAlgorithm, bodyAlgorithm;
DkimSignatureAlgorithm signatureAlgorithm;
AsymmetricKeyParameter key;
string d, s, q, bh, b;
string[] headers;
int maxLength;
ValidateDkimSignatureParameters (parameters, out signatureAlgorithm, out headerAlgorithm, out bodyAlgorithm,
out d, out s, out q, out headers, out bh, out b, out maxLength);
key = publicKeyLocator.LocatePublicKey (q, d, s, cancellationToken);
options = options.Clone ();
options.NewLineFormat = NewLineFormat.Dos;
// first check the body hash (if that's invalid, then the entire signature is invalid)
var hash = Convert.ToBase64String (DkimHashBody (options, signatureAlgorithm, bodyAlgorithm, maxLength));
if (hash != bh)
return false;
using (var stream = new DkimSignatureStream (DkimGetDigestSigner (signatureAlgorithm, key))) {
using (var filtered = new FilteredStream (stream)) {
filtered.Add (options.CreateNewLineFilter ());
DkimWriteHeaders (options, headers, headerAlgorithm, filtered);
// now include the DKIM-Signature header that we are verifying,
// but only after removing the "b=" signature value.
var header = GetSignedDkimSignatureHeader (dkimSignature);
switch (headerAlgorithm) {
case DkimCanonicalizationAlgorithm.Relaxed:
DkimWriteHeaderRelaxed (options, filtered, header, true);
break;
default:
DkimWriteHeaderSimple (options, filtered, header, true);
break;
}
filtered.Flush ();
}
return stream.VerifySignature (b);
}
}