public bool ValidateSignature(string keyString)
{
if (keyString == null) throw new ArgumentNullException(nameof(keyString));
if (string.IsNullOrEmpty(RawToken) || string.IsNullOrEmpty(RawToken))
throw new Exception("The token does not have a signature to verify");
var serializedToken = RawToken;
string unsignedToken = null;
// Find the last parameter. The signature must be last per SWT specification.
var lastSeparator = serializedToken.LastIndexOf(ParameterSeparator);
// Check whether the last parameter is an hmac.
if (lastSeparator > 0)
{
var lastParamStart = ParameterSeparator + SimpleWebTokenConstants.Signature + "=";
var lastParam = serializedToken.Substring(lastSeparator);
// Strip the trailing hmac to obtain the original unsigned string for later hmac verification.
if (lastParam.StartsWith(lastParamStart, StringComparison.Ordinal))
{
unsignedToken = serializedToken.Substring(0, lastSeparator);
}
}
var generatedSignature = GenerateSignature(unsignedToken, Convert.FromBase64String(keyString));
return string.CompareOrdinal(generatedSignature, Signature) == 0;
}
