public static string CheckSignResponse(string retSubject, string challenge, string hashalg, string signature, string appgwcert, string appgwcertIssuer, string appgwcertRoot, string appgwcertRevocationMode, string usercert, string usercertIssuer, string usercertRoot, string usercertRevocationMode, ref string strSignSubject, ref string strSignCertIssuer, ref string strUserCertIssuer)
{
/* checks the signature (challenge + usercert signed by appgwcert)
*
* Input:
* retSubject blank ... return emailaddress
* "E" within retSubject: return emailaddress
* "S" within retSubject: return subject
* "U" within retSubject: return userPrincipalName
* if more than one character is specified: fields are separated by |
* order of of fields in return string is: E then S then U
* e.g "ES" returns emailaddress and subject (separated by |)
* challenge ... data that has been used for signing (hex bytes separated by "-", eg. "10-AB-C0-....-F1" )
* hashalg ... "MD5", "SHA1", "SHA256", ...
* signature ... signature of byte respresentation of challenge + usercert: hash value signed by appgwcert (hex bytes separated by "-")
*
* appgwcert ... certificate that has been used by the Application Gateway for signing (hex bytes separated by "-")
* appgwcertIssuer ... Common Name (CN) of allowed certificate issuer (optional) or list of CNs separated by "|"
* appgwcertRoot ... Common Name (CN) of allowed certificate root (optional) or list of CNs separated by "|"
* appgwcertRevocationMode ... "NoCheck", "Online" or "Offline"; if empty: defaults to "Online"
*
* usercert ... certificate of user (hex bytes separated by "-")
* usercertIssuer ... Common Name (CN) of allowed certificate issuer (optional) or list of CNs separated by "|"
* usercertRoot ... Common Name (CN) of allowed certificate root (optional) or list of CNs separated by "|"
* usercertRevocationMode ... "NoCheck", "Online" or "Offline"; if empty: defaults to "Online"
*
*Output:
* strSignSubject ... Subject of signature certificate (appgwcert)
* strSignCertIssuer ... Issuer of signature certificate (appgwcert)
* strUserCertIssuer ... Issuer of user certificate (usercert)
*
* return: emailaddress etc. depending on value of retSubject
* else error message starting with "Error:"
*
*/< br > ....
}
reinhold.leitner@applicgate.com (C) December 2024 www.applicgate.com |