bool SelfVerifyPolicyManager::verify (const Signature* signatureInfo, const SignedBlob& signedBlob) { const Sha256WithRsaSignature *signature = dynamic_cast<const Sha256WithRsaSignature *>(signatureInfo); if (!signature) throw SecurityException ("SelfVerifyPolicyManager: Signature is not Sha256WithRsaSignature."); if (signature->getKeyLocator().getType() == ndn_KeyLocatorType_KEY) // Use the public key DER directly. return verifySha256WithRsaSignature (signature, signedBlob, signature->getKeyLocator().getKeyData()); else if (signature->getKeyLocator().getType() == ndn_KeyLocatorType_KEYNAME && identityStorage_) { // Assume the key name is a certificate name. Blob publicKeyDer = identityStorage_->getKey (IdentityCertificate::certificateNameToPublicKeyName (signature->getKeyLocator().getKeyName())); if (!publicKeyDer) // Can't find the public key with the name. return false; return verifySha256WithRsaSignature(signature, signedBlob, publicKeyDer); } else // Can't find a key to verify. return false; }
/** * Verify the RSA signature of the data using the given public key. * @param signature The signature bytes. * @param data The input byte array to verify. * @param publicKeyDer The DER-encoded public key used to verify the signature. * @param verified Set verified to true if the signature verifies, false if not. * @return 0 for success, else NDN_ERROR_Error_decoding_key if publicKeyDer * can't be decoded as an RSA public key. */ static ndn_Error verifySha256WithRsaSignature (const BlobLite& signature, const BlobLite& data, const BlobLite& publicKeyDer, bool &verified) { return verifySha256WithRsaSignature (signature.buf(), signature.size(), data.buf(), data.size(), publicKeyDer.buf(), publicKeyDer.size(), verified); }
bool PolicyManager::verifySignature (const Signature* signature, const SignedBlob& signedBlob, const Blob& publicKeyDer) { if (dynamic_cast<const Sha256WithRsaSignature *>(signature)) { if (publicKeyDer.isNull()) return false; return verifySha256WithRsaSignature (signature->getSignature(), signedBlob, publicKeyDer); } else if (dynamic_cast<const Sha256WithEcdsaSignature *>(signature)) { if (publicKeyDer.isNull()) return false; return verifySha256WithEcdsaSignature (signature->getSignature(), signedBlob, publicKeyDer); } else if (dynamic_cast<const DigestSha256Signature *>(signature)) return verifyDigestSha256Signature(signature->getSignature(), signedBlob); else throw SecurityException("PolicyManager::verify: Signature type is unknown"); }