Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [ComVisible(false)]
- [SecuritySafeCritical]
- public bool CheckSignature(X509Certificate2 certificate, bool verifySignatureOnly) {
- if (!CheckSignature(certificate.PublicKey.Key)) {
- return false;
- }
- if (verifySignatureOnly) {
- SignedXmlDebugLog.LogVerificationResult(this, certificate, true);
- return true;
- }
- // Check key usages to make sure it is good for signing.
- foreach (X509Extension extension in certificate.Extensions) {
- if (String.Compare(extension.Oid.Value, CAPI.szOID_KEY_USAGE, StringComparison.OrdinalIgnoreCase) == 0) {
- X509KeyUsageExtension keyUsage = new X509KeyUsageExtension();
- keyUsage.CopyFrom(extension);
- SignedXmlDebugLog.LogVerifyKeyUsage(this, certificate, keyUsage);
- bool validKeyUsage = (keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) != 0 ||
- (keyUsage.KeyUsages & X509KeyUsageFlags.NonRepudiation) != 0;
- if (!validKeyUsage) {
- SignedXmlDebugLog.LogVerificationFailure(this, SecurityResources.GetResourceString("Log_VerificationFailed_X509KeyUsage"));
- return false;
- }
- break;
- }
- }
- // Do the chain verification to make sure the certificate is valid.
- X509Chain chain = new X509Chain();
- chain.ChainPolicy.ExtraStore.AddRange(BuildBagOfCerts());
- bool chainVerified = chain.Build(certificate);
- SignedXmlDebugLog.LogVerifyX509Chain(this, chain, certificate);
- if (!chainVerified) {
- SignedXmlDebugLog.LogVerificationFailure(this, SecurityResources.GetResourceString("Log_VerificationFailed_X509Chain"));
- return false;
- }
- SignedXmlDebugLog.LogVerificationResult(this, certificate, true);
- return true;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement