bool
SelfVerifyPolicyManager::verify
(const Signature* signatureInfo, const SignedBlob& signedBlob)
{
const Sha256WithRsaSignature *signature =
dynamic_cast<const Sha256WithRsaSignature *>(signatureInfo);
if (!signature)
throw SecurityException
("SelfVerifyPolicyManager: Signature is not Sha256WithRsaSignature.");
if (signature->getKeyLocator().getType() == ndn_KeyLocatorType_KEY)
// Use the public key DER directly.
return verifySha256WithRsaSignature
(signature, signedBlob, signature->getKeyLocator().getKeyData());
else if (signature->getKeyLocator().getType() == ndn_KeyLocatorType_KEYNAME &&
identityStorage_) {
// Assume the key name is a certificate name.
Blob publicKeyDer = identityStorage_->getKey
(IdentityCertificate::certificateNameToPublicKeyName
(signature->getKeyLocator().getKeyName()));
if (!publicKeyDer)
// Can't find the public key with the name.
return false;
return verifySha256WithRsaSignature(signature, signedBlob, publicKeyDer);
}
else
// Can't find a key to verify.
return false;
}
/**
* Verify the RSA signature of the data using the given public key.
* @param signature The signature bytes.
* @param data The input byte array to verify.
* @param publicKeyDer The DER-encoded public key used to verify the signature.
* @param verified Set verified to true if the signature verifies, false if not.
* @return 0 for success, else NDN_ERROR_Error_decoding_key if publicKeyDer
* can't be decoded as an RSA public key.
*/
static ndn_Error
verifySha256WithRsaSignature
(const BlobLite& signature, const BlobLite& data,
const BlobLite& publicKeyDer, bool &verified)
{
return verifySha256WithRsaSignature
(signature.buf(), signature.size(), data.buf(), data.size(),
publicKeyDer.buf(), publicKeyDer.size(), verified);
}
bool
PolicyManager::verifySignature
(const Signature* signature, const SignedBlob& signedBlob,
const Blob& publicKeyDer)
{
if (dynamic_cast<const Sha256WithRsaSignature *>(signature)) {
if (publicKeyDer.isNull())
return false;
return verifySha256WithRsaSignature
(signature->getSignature(), signedBlob, publicKeyDer);
}
else if (dynamic_cast<const Sha256WithEcdsaSignature *>(signature)) {
if (publicKeyDer.isNull())
return false;
return verifySha256WithEcdsaSignature
(signature->getSignature(), signedBlob, publicKeyDer);
}
else if (dynamic_cast<const DigestSha256Signature *>(signature))
return verifyDigestSha256Signature(signature->getSignature(), signedBlob);
else
throw SecurityException("PolicyManager::verify: Signature type is unknown");
}
