Discuss this help topic in SecureBlackbox Forum
EDI: Verify a signature of an AS2/AS3 message
Signed messages are verified automatically as they are loaded. The result of the verification is available as the value of Signature.VerificationResult property. If the value is 0, the signature is valid, otherwise the value specifies one of the errors described in "Message Error Codes" topic. IMPORTANT: as the result of the signature verification is not critical for data extraction, no exception is thrown if signature verification fails.
Signatures can be verified with local certificate(s) or with the certificate(s) embedded in signatures or both.
If you want to use only local certificates, you have to load the trusted certificate(s) into a certificate storage and assign it to Signature.CertStorage property. This can be done before calling Load() method or in the handler of OnVerifyIDs event. Also, it's needed to include voUseLocalCerts option in Signature.VerificationOptions property.
If you want to use the certificates, included into the message, as well, it's needed to include voUseEmbeddedCerts option in Signature.VerificationOptions property. Also in this case the signed certificate MUST be validated to ensure that the certificate belongs to the message originator.
Signature verification result is available as Signature.VerificationResult property value after returning from Load method. If the result is not 0 (success), it is also included to the message processing errors list.
During verification process the following events are fired in the specified order:
Examples:
C#:
TElAS2Message message = new TElAS2Message();
// use only local certificates to verify messages signatures
message.Signature.VerificationOptions |= SBMessages.Unit.voUseLocalCerts;
message.Signature.VerificationOptions &= ~SBMessages.Unit.voUseEmbeddedCerts;
// create an empty storage, the appropriate certificate will be loaded later
message.Signature.CertStorage = new TElMemoryCertStorage();
// create an event handler which will load the necessary certificate
// to the empty certificate storage
message.OnVerifyIDs += delegate(Object sender, TElASMessageVerifier verifier)
{
// load certificate of the specified signer
// (LoadLocalCertificate method has to be created)
LoadLocalCertificate(
// where to load the necessary certificate
message.Signature.CertStorage,
// ID of the certificate which signed the message
(verifier as TElASSMIMEMessageVerifier).Verifier.get_CertIDs(0)
);
};
try
{
// actually load the message from one stream and
// extract the included data to another stream
if (!message.Load(messageStream, dataStream))
{
// there were some issues while loading the message
// check if the message is signed and if the signature is valid
if (message.Signature.Enabled &&
message.Signature.VerificationResult != 0)
{
Console.WriteLine("Failed to verify message signature: {0}",
message.Signature.VerificationResult);
}
}
}
catch (Exception err)
{
Console.WriteLine("Failed to extract included data: {0}", err.Message);
}