/// <summary>
/// Verifies the signature using the SecurityPolicyUri and return true if valid.
/// </summary>
public static bool Verify(X509Certificate2 certificate, string securityPolicyUri, byte[] dataToVerify, SignatureData signature)
{
// check if nothing to do.
if (signature == null)
{
return(true);
}
// nothing more to do if no encryption.
if (String.IsNullOrEmpty(securityPolicyUri))
{
return(true);
}
// decrypt data.
switch (securityPolicyUri)
{
case SecurityPolicies.Basic256:
case SecurityPolicies.Basic128Rsa15:
{
if (signature.Algorithm == SecurityAlgorithms.RsaSha1)
{
return(RsaUtils.RsaPkcs15Sha1_Verify(new ArraySegment <byte>(dataToVerify), signature.Signature, certificate));
}
break;
}
case SecurityPolicies.Basic256Sha256:
{
if (signature.Algorithm == SecurityAlgorithms.RsaSha256)
{
return(RsaUtils.RsaPkcs15Sha256_Verify(new ArraySegment <byte>(dataToVerify), signature.Signature, certificate));
}
break;
}
// always accept signatures if security is not used.
case SecurityPolicies.None:
{
return(true);
}
default:
{
throw ServiceResultException.Create(
StatusCodes.BadSecurityPolicyRejected,
"Unsupported security policy: {0}",
securityPolicyUri);
}
}
throw ServiceResultException.Create(
StatusCodes.BadSecurityChecksFailed,
"Unexpected signature algorithm : {0}",
signature.Algorithm);
}