verify method
Verify the Pkcs7 validity against a list of trusted certificates and returns the validated signature
Implementation
Pkcs7SignerInfo verify(List<X509> trusted) {
if (contentType.objectIdentifierAsString != Pkcs.signedData) {
throw Exception(
'Invalid Pkcs7 message type: ${contentType.objectIdentifierAsString}');
}
final certs = certificates.toList();
// One signature should match
for (final si in signerInfo) {
if (si.signatureAlgorithmID.objectIdentifierAsString != Pkcs.RsaesPkcs1) {
continue;
}
try {
final algo = si.digestAlgorithm;
final sign = si.signature;
final message = ASN1Set(
elements: si.signedAttributes
.map((e) => ASN1Sequence(
elements: [
e.key,
ASN1Set(elements: e.value),
],
))
.toList())
.encode();
for (final cert in certs) {
if (cert.verifySignature(sign, message, algo)) {
cert.verifyChain(certs, trusted);
return si;
}
}
} catch (e) {
print('Error: $e');
}
}
throw Exception('Unable to validate the message signature');
}