Skip to Content
0
Former Member
May 28, 2010 at 10:11 AM

Validating Archive Link secKey from C#

149 Views

All,

I have written a archive link service using C#, and all is working great except when security is enabled. I have been reading around and the most fesible solution appears to be using BouncyCastle to do the validation, however I keep getting the error 'message-digest attribute value does not match calculated value'.

The querystring is:

?info&pVersion=0045&contRep=IT&docId=001&accessMode=R&authId=CN%3DSAPHTTPCS000.pse,OU%3DI0020112593,OU%3DSAPWebAS,O%3DSAPTrustCommunity,C%3DDE&expiration=20100528121019&secKey=MIIBWQYJKoZIhvcNAQcCoIIBSjCCAUYCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGCASUwggEhAgEBMHYwcTELMAkGA1UEBhMCREUxHDAaBgNVBAoTE1NBUCBUcnVzdCBDb21tdW5pdHkxEzARBgNVBAsTClNBUCBXZWIgQVMxFDASBgNVBAsTC0kwMDIwMTEyNTkzMRkwFwYDVQQDExBTQVBIVFRQQ1MwMDAucHNlAgEAMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xMDA1MjgxMDEwMTlaMCMGCSqGSIb3DQEJBDEWBBTYx2fOt9K%2Fdui50Fz8sEgMiZSj1TAJBgcqhkjOOAQDBC8wLQIVAJ3iEzSAz%2BCHSmr7x6k7rrhrWhy3AhRQlSwXVnfYSp1%2FnWZc80R%2FXaAFWw%3D%3D

Which gives me the following string to validate with: IT001rCN=SAPHTTPCS000.pse,OU=I0020112593,OU=SAPWebAS,O=SAPTrustCommunity,C=DE20100528121019

(note: I have tried leavng the accessMode parameter in the same case as URL with no avail)

Here is the code I am trying to use to validate the values

byte[] auth = System.Text.Encoding.ASCII.GetBytes(authString.ToString());

Org.BouncyCastle.Cms.CmsSignedData csd = new Org.BouncyCastle.Cms.CmsSignedData(new Org.BouncyCastle.Cms.CmsProcessableByteArray(auth), sk);

Org.BouncyCastle.Cms.SignerInformationStore store = csd.GetSignerInfos();

System.Collections.ICollection signers = store.GetSigners();

foreach (Org.BouncyCastle.Cms.SignerInformation sinfo in signers)

{

try

{

//Sometimes failures error

if (!sinfo.Verify(cert)) return false;

}

catch(Exception ex) { return false; }

}

return true;

The error occurs on the sinfo.Verify line.

Any ideas where I am going wrong would be greatly appreciated.