protected override void StartPrimarySignatureCore(SecurityToken token, SecurityKeyIdentifier keyIdentifier, MessagePartSpecification signatureParts, bool generateTargettableSignature)
{
string str3;
XmlDictionaryString str4;
SecurityAlgorithmSuite algorithmSuite = base.AlgorithmSuite;
string defaultCanonicalizationAlgorithm = algorithmSuite.DefaultCanonicalizationAlgorithm;
XmlDictionaryString defaultCanonicalizationAlgorithmDictionaryString = algorithmSuite.DefaultCanonicalizationAlgorithmDictionaryString;
if (defaultCanonicalizationAlgorithm != "http://www.w3.org/2001/10/xml-exc-c14n#")
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnsupportedCanonicalizationAlgorithm", new object[] { algorithmSuite.DefaultCanonicalizationAlgorithm })));
}
algorithmSuite.GetSignatureAlgorithmAndKey(token, out str3, out this.signatureKey, out str4);
string defaultDigestAlgorithm = algorithmSuite.DefaultDigestAlgorithm;
XmlDictionaryString defaultDigestAlgorithmDictionaryString = algorithmSuite.DefaultDigestAlgorithmDictionaryString;
this.signedInfo = new PreDigestedSignedInfo(ServiceModelDictionaryManager.Instance, defaultCanonicalizationAlgorithm, defaultCanonicalizationAlgorithmDictionaryString, defaultDigestAlgorithm, defaultDigestAlgorithmDictionaryString, str3, str4);
this.signedXml = new SignedXml(this.signedInfo, ServiceModelDictionaryManager.Instance, base.StandardsManager.SecurityTokenSerializer);
if (keyIdentifier != null)
{
this.signedXml.Signature.KeyIdentifier = keyIdentifier;
}
if (generateTargettableSignature)
{
this.signedXml.Id = base.GenerateId();
}
this.effectiveSignatureParts = signatureParts;
this.hashStream = this.signedInfo.ResourcePool.TakeHashStream(defaultDigestAlgorithm);
}
protected override ISignatureValueSecurityElement CompletePrimarySignatureCore(SendSecurityHeaderElement[] signatureConfirmations, SecurityToken[] signedEndorsingTokens, SecurityToken[] signedTokens, SendSecurityHeaderElement[] basicTokens)
{
ISignatureValueSecurityElement signedXml;
if (this.signedXml == null)
{
return null;
}
SecurityTimestamp timestamp = base.Timestamp;
if (timestamp != null)
{
if (timestamp.Id == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("TimestampToSignHasNoId")));
}
HashStream stream = this.TakeHashStream();
base.StandardsManager.WSUtilitySpecificationVersion.WriteTimestampCanonicalForm(stream, timestamp, this.signedInfo.ResourcePool.TakeEncodingBuffer());
this.signedInfo.AddReference(timestamp.Id, stream.FlushHashAndGetValue());
}
if ((base.ShouldSignToHeader && (this.signatureKey is AsymmetricSecurityKey)) && (base.Version.Addressing != AddressingVersion.None))
{
if (this.toHeaderHash == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("TransportSecurityRequireToHeader")));
}
this.signedInfo.AddReference(this.toHeaderId, this.toHeaderHash);
}
this.AddSignatureReference(signatureConfirmations);
if (base.RequireMessageProtection)
{
this.AddSignatureReference(signedEndorsingTokens);
this.AddSignatureReference(signedTokens);
this.AddSignatureReference(basicTokens);
}
if (this.signedInfo.ReferenceCount == 0)
{
throw TraceUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("NoPartsOfMessageMatchedPartsToSign")), base.Message);
}
try
{
this.signedXml.ComputeSignature(this.signatureKey);
signedXml = this.signedXml;
}
finally
{
this.hashStream = null;
this.signedInfo = null;
this.signedXml = null;
this.signatureKey = null;
this.effectiveSignatureParts = null;
}
return signedXml;
}
protected override ISignatureValueSecurityElement CreateSupportingSignature(SecurityToken token, SecurityKeyIdentifier identifier, ISecurityElement elementToSign)
{
string str;
XmlDictionaryString str2;
SecurityKey key;
SecurityAlgorithmSuite algorithmSuite = base.AlgorithmSuite;
algorithmSuite.GetSignatureAlgorithmAndKey(token, out str, out key, out str2);
SignedXml xml = new SignedXml(ServiceModelDictionaryManager.Instance, base.StandardsManager.SecurityTokenSerializer);
SignedInfo signedInfo = xml.Signature.SignedInfo;
signedInfo.CanonicalizationMethod = algorithmSuite.DefaultCanonicalizationAlgorithm;
signedInfo.CanonicalizationMethodDictionaryString = algorithmSuite.DefaultCanonicalizationAlgorithmDictionaryString;
signedInfo.SignatureMethod = str;
signedInfo.SignatureMethodDictionaryString = str2;
if (elementToSign.Id == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("ElementToSignMustHaveId")));
}
Reference reference = new Reference(ServiceModelDictionaryManager.Instance, "#" + elementToSign.Id, elementToSign) {
DigestMethod = algorithmSuite.DefaultDigestAlgorithm,
DigestMethodDictionaryString = algorithmSuite.DefaultDigestAlgorithmDictionaryString
};
reference.AddTransform(new ExclusiveCanonicalizationTransform());
((StandardSignedInfo) signedInfo).AddReference(reference);
xml.ComputeSignature(key);
if (identifier != null)
{
xml.Signature.KeyIdentifier = identifier;
}
return xml;
}
void VerifySignature(SignedXml signature, SecurityKey signatureVerificationKey)
{
if (signature == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("signature");
if (signatureVerificationKey == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("signatureVerificatonKey");
signature.StartSignatureVerification(signatureVerificationKey);
signature.EnsureDigestValidity(this.assertionId, tokenStream);
signature.CompleteSignatureVerification();
}
void ICanonicalWriterEndRootElementCallback.OnEndOfRootElement(XmlDictionaryWriter dictionaryWriter)
{
byte[] hashValue = this.hashStream.FlushHashAndGetValue();
PreDigestedSignedInfo signedInfo = new PreDigestedSignedInfo(this.dictionaryManager);
signedInfo.AddEnvelopedSignatureTransform = true;
signedInfo.CanonicalizationMethod = SecurityAlgorithms.ExclusiveC14n;
signedInfo.SignatureMethod = this.signingCredentials.SignatureAlgorithm;
signedInfo.DigestMethod = this.signingCredentials.DigestAlgorithm;
signedInfo.AddReference(this.assertionId, hashValue);
SignedXml signedXml = new SignedXml(signedInfo, this.dictionaryManager, this.keyInfoSerializer);
signedXml.ComputeSignature(this.signingCredentials.SigningKey);
signedXml.Signature.KeyIdentifier = this.signingCredentials.SigningKeyIdentifier;
signedXml.WriteTo(dictionaryWriter);
}
public Signature(SignedXml signedXml, System.IdentityModel.SignedInfo signedInfo)
{
this.signedXml = signedXml;
this.signedInfo = signedInfo;
}
protected void ReadSignature(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver, SamlSerializer samlSerializer)
{
if (reader == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
if (samlSerializer == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("samlSerializer");
if (this.signature != null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SAMLSignatureAlreadyRead)));
// If the reader cannot canonicalize then buffer the signature element to a canonicalizing reader.
XmlDictionaryReader effectiveReader = reader;
if (!effectiveReader.CanCanonicalize)
{
MemoryStream stream = new MemoryStream();
XmlDictionaryWriter writer = XmlDictionaryWriter.CreateBinaryWriter(stream, samlSerializer.DictionaryManager.ParentDictionary);
writer.WriteNode(effectiveReader, false);
writer.Flush();
stream.Position = 0;
effectiveReader = XmlDictionaryReader.CreateBinaryReader(stream.GetBuffer(), 0, (int)stream.Length, samlSerializer.DictionaryManager.ParentDictionary, reader.Quotas);
effectiveReader.MoveToContent();
writer.Close();
}
SignedXml signedXml = new SignedXml(new StandardSignedInfo(samlSerializer.DictionaryManager), samlSerializer.DictionaryManager, keyInfoSerializer);
signedXml.TransformFactory = ExtendedTransformFactory.Instance;
signedXml.ReadFrom(effectiveReader);
SecurityKeyIdentifier securityKeyIdentifier = signedXml.Signature.KeyIdentifier;
this.verificationKey = SamlSerializer.ResolveSecurityKey(securityKeyIdentifier, outOfBandTokenResolver);
if (this.verificationKey == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLUnableToResolveSignatureKey, this.issuer)));
this.signature = signedXml;
this.signingToken = SamlSerializer.ResolveSecurityToken(securityKeyIdentifier, outOfBandTokenResolver);
if (this.signingToken == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SamlSigningTokenNotFound)));
if (!ReferenceEquals(reader, effectiveReader))
effectiveReader.Close();
}
protected override SecurityToken VerifySignature(SignedXml signedXml, bool isPrimarySignature, SecurityHeaderTokenResolver resolver, object signatureTarget, string id)
{
SecurityToken token = this.ResolveSignatureToken(signedXml.Signature.KeyIdentifier, resolver, isPrimarySignature);
if (isPrimarySignature)
{
base.RecordSignatureToken(token);
}
ReadOnlyCollection<SecurityKey> securityKeys = token.SecurityKeys;
SecurityKey securityKey = ((securityKeys != null) && (securityKeys.Count > 0)) ? securityKeys[0] : null;
if (securityKey == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnableToCreateICryptoFromTokenForSignatureVerification", new object[] { token })));
}
base.AlgorithmSuite.EnsureAcceptableSignatureKeySize(securityKey, token);
base.AlgorithmSuite.EnsureAcceptableSignatureAlgorithm(securityKey, signedXml.Signature.SignedInfo.SignatureMethod);
signedXml.StartSignatureVerification(securityKey);
StandardSignedInfo signedInfo = (StandardSignedInfo) signedXml.Signature.SignedInfo;
this.ValidateDigestsOfTargetsInSecurityHeader(signedInfo, base.Timestamp, isPrimarySignature, signatureTarget, id);
if (!isPrimarySignature)
{
if ((!base.RequireMessageProtection && (securityKey is AsymmetricSecurityKey)) && (base.Version.Addressing != AddressingVersion.None))
{
int headerIndex = base.Message.Headers.FindHeader(System.ServiceModel.XD.AddressingDictionary.To.Value, base.Message.Version.Addressing.Namespace);
if (headerIndex == -1)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("TransportSecuredMessageMissingToHeader")));
}
XmlDictionaryReader readerAtHeader = base.Message.Headers.GetReaderAtHeader(headerIndex);
id = readerAtHeader.GetAttribute(System.ServiceModel.XD.UtilityDictionary.IdAttribute, System.ServiceModel.XD.UtilityDictionary.Namespace);
if (id == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnsignedToHeaderInTransportSecuredMessage")));
}
signedXml.EnsureDigestValidity(id, readerAtHeader);
}
signedXml.CompleteSignatureVerification();
return token;
}
this.pendingSignature = signedXml;
return token;
}
public Signature(SignedXml signedXml, SignedInfo signedInfo)
{
this.signedXml = signedXml;
this.signedInfo = signedInfo;
}
protected override void ExecuteMessageProtectionPass(bool hasAtLeastOneSupportingTokenExpectedToBeSigned)
{
bool flag8;
bool flag9;
SignatureTargetIdManager idManager = base.StandardsManager.IdManager;
MessagePartSpecification specification = base.RequiredEncryptionParts ?? MessagePartSpecification.NoParts;
MessagePartSpecification signatureParts = base.RequiredSignatureParts ?? MessagePartSpecification.NoParts;
bool checkForTokensAtHeaders = hasAtLeastOneSupportingTokenExpectedToBeSigned;
bool doSoapAttributeChecks = !signatureParts.IsBodyIncluded;
bool encryptBeforeSignMode = base.EncryptBeforeSignMode;
SignedInfo signedInfo = (this.pendingSignature != null) ? this.pendingSignature.Signature.SignedInfo : null;
SignatureConfirmations sentSignatureConfirmations = base.GetSentSignatureConfirmations();
if (((sentSignatureConfirmations != null) && (sentSignatureConfirmations.Count > 0)) && sentSignatureConfirmations.IsMarkedForEncryption)
{
base.VerifySignatureEncryption();
}
MessageHeaders headers = base.SecurityVerifiedMessage.Headers;
XmlDictionaryReader readerAtFirstHeader = base.SecurityVerifiedMessage.GetReaderAtFirstHeader();
bool atLeastOneHeaderOrBodyEncrypted = false;
for (int i = 0; i < headers.Count; i++)
{
if (readerAtFirstHeader.NodeType != XmlNodeType.Element)
{
readerAtFirstHeader.MoveToContent();
}
if (i == base.HeaderIndex)
{
readerAtFirstHeader.Skip();
}
else
{
bool flag6;
bool flag5 = false;
string str = idManager.ExtractId(readerAtFirstHeader);
if (str != null)
{
flag5 = this.TryDeleteReferenceListEntry(str);
}
if (!flag5 && readerAtFirstHeader.IsStartElement("EncryptedHeader", "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"))
{
XmlDictionaryReader readerAtHeader = headers.GetReaderAtHeader(i);
readerAtHeader.ReadStartElement("EncryptedHeader", "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd");
if (readerAtHeader.IsStartElement(EncryptedData.ElementName, System.ServiceModel.XD.XmlEncryptionDictionary.Namespace))
{
string attribute = readerAtHeader.GetAttribute(System.ServiceModel.XD.XmlEncryptionDictionary.Id, null);
if ((attribute != null) && this.TryDeleteReferenceListEntry(attribute))
{
flag5 = true;
}
}
}
base.ElementManager.VerifyUniquenessAndSetHeaderId(str, i);
MessageHeaderInfo info = headers[i];
if (!flag5 && specification.IsHeaderIncluded(info.Name, info.Namespace))
{
base.SecurityVerifiedMessage.OnUnencryptedPart(info.Name, info.Namespace);
}
if ((!flag5 || encryptBeforeSignMode) && (str != null))
{
flag6 = this.EnsureDigestValidityIfIdMatches(signedInfo, str, readerAtFirstHeader, doSoapAttributeChecks, signatureParts, info, checkForTokensAtHeaders);
}
else
{
flag6 = false;
}
if (flag5)
{
XmlDictionaryReader reader = flag6 ? headers.GetReaderAtHeader(i) : readerAtFirstHeader;
DecryptedHeader header = this.DecryptHeader(reader, this.pendingDecryptionToken);
info = header;
str = header.Id;
base.ElementManager.VerifyUniquenessAndSetDecryptedHeaderId(str, i);
headers.ReplaceAt(i, header);
if (!object.ReferenceEquals(reader, readerAtFirstHeader))
{
reader.Close();
}
if (!encryptBeforeSignMode && (str != null))
{
XmlDictionaryReader headerReader = header.GetHeaderReader();
flag6 = this.EnsureDigestValidityIfIdMatches(signedInfo, str, headerReader, doSoapAttributeChecks, signatureParts, info, checkForTokensAtHeaders);
headerReader.Close();
}
}
if (!flag6 && signatureParts.IsHeaderIncluded(info.Name, info.Namespace))
{
base.SecurityVerifiedMessage.OnUnsignedPart(info.Name, info.Namespace);
}
if (flag6 && flag5)
{
base.VerifySignatureEncryption();
}
if (flag5 && !flag6)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("EncryptedHeaderNotSigned", new object[] { info.Name, info.Namespace })));
}
if (!flag6 && !flag5)
{
readerAtFirstHeader.Skip();
}
atLeastOneHeaderOrBodyEncrypted |= flag5;
}
}
readerAtFirstHeader.ReadEndElement();
if (readerAtFirstHeader.NodeType != XmlNodeType.Element)
{
readerAtFirstHeader.MoveToContent();
}
string id = idManager.ExtractId(readerAtFirstHeader);
base.ElementManager.VerifyUniquenessAndSetBodyId(id);
base.SecurityVerifiedMessage.SetBodyPrefixAndAttributes(readerAtFirstHeader);
bool flag7 = specification.IsBodyIncluded || this.HasPendingDecryptionItem();
if ((!flag7 || encryptBeforeSignMode) && (id != null))
{
flag8 = this.EnsureDigestValidityIfIdMatches(signedInfo, id, readerAtFirstHeader, false, null, null, false);
}
else
{
flag8 = false;
}
if (flag7)
{
XmlDictionaryReader reader5 = flag8 ? base.SecurityVerifiedMessage.CreateFullBodyReader() : readerAtFirstHeader;
reader5.ReadStartElement();
string str4 = idManager.ExtractId(reader5);
base.ElementManager.VerifyUniquenessAndSetBodyContentId(str4);
flag9 = (str4 != null) && this.TryDeleteReferenceListEntry(str4);
if (flag9)
{
this.DecryptBody(reader5, this.pendingDecryptionToken);
}
if (!object.ReferenceEquals(reader5, readerAtFirstHeader))
{
reader5.Close();
}
if ((!encryptBeforeSignMode && (signedInfo != null)) && signedInfo.HasUnverifiedReference(id))
{
reader5 = base.SecurityVerifiedMessage.CreateFullBodyReader();
flag8 = this.EnsureDigestValidityIfIdMatches(signedInfo, id, reader5, false, null, null, false);
reader5.Close();
}
}
else
{
flag9 = false;
}
if (flag8 && flag9)
{
base.VerifySignatureEncryption();
}
readerAtFirstHeader.Close();
if (this.pendingSignature != null)
{
this.pendingSignature.CompleteSignatureVerification();
this.pendingSignature = null;
}
this.pendingDecryptionToken = null;
atLeastOneHeaderOrBodyEncrypted |= flag9;
if (!flag8 && signatureParts.IsBodyIncluded)
{
base.SecurityVerifiedMessage.OnUnsignedPart(System.ServiceModel.XD.MessageDictionary.Body.Value, base.Version.Envelope.Namespace);
}
if (!flag9 && specification.IsBodyIncluded)
{
base.SecurityVerifiedMessage.OnUnencryptedPart(System.ServiceModel.XD.MessageDictionary.Body.Value, base.Version.Envelope.Namespace);
}
base.SecurityVerifiedMessage.OnMessageProtectionPassComplete(atLeastOneHeaderOrBodyEncrypted);
}
protected override SignedXml ReadSignatureCore(XmlDictionaryReader signatureReader)
{
SignedXml xml = new SignedXml(ServiceModelDictionaryManager.Instance, base.StandardsManager.SecurityTokenSerializer);
xml.Signature.SignedInfo.ResourcePool = base.ResourcePool;
xml.ReadFrom(signatureReader);
return xml;
}
public Signature(SignedXml signedXml, System.IdentityModel.SignedInfo signedInfo)
{
this.signedXml = signedXml;
this.signedInfo = signedInfo;
}
void ReadSignature()
{
_signedXml = new SignedXml(new WifSignedInfo(_dictionaryManager), _dictionaryManager, _tokenSerializer);
_signedXml.TransformFactory = ExtendedTransformFactory.Instance;
_signedXml.ReadFrom(_wrappedReader);
if (_signedXml.Signature.SignedInfo.ReferenceCount != 1)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new CryptographicException(SR.GetString(SR.ID3057)));
}
}
private void ComputeSignature()
{
PreDigestedSignedInfo signedInfo = new PreDigestedSignedInfo(_dictionaryManager);
signedInfo.AddEnvelopedSignatureTransform = true;
signedInfo.CanonicalizationMethod = XD.ExclusiveC14NDictionary.Namespace.Value;
signedInfo.SignatureMethod = _signingCreds.SignatureAlgorithm;
signedInfo.DigestMethod = _signingCreds.DigestAlgorithm;
signedInfo.AddReference(_referenceId, _hashStream.FlushHashAndGetValue(_preCanonicalTracingStream));
SignedXml signedXml = new SignedXml(signedInfo, _dictionaryManager, _tokenSerializer);
signedXml.ComputeSignature(_signingCreds.SigningKey);
signedXml.Signature.KeyIdentifier = _signingCreds.SigningKeyIdentifier;
signedXml.WriteTo(base.InnerWriter);
((IDisposable)_hashStream).Dispose();
_hashStream = null;
}
void ICanonicalWriterEndRootElementCallback.OnEndOfRootElement(XmlDictionaryWriter dictionaryWriter)
{
byte[] digest = this.hashStream.FlushHashAndGetValue();
PreDigestedSignedInfo signedInfo = new PreDigestedSignedInfo(this.dictionaryManager) {
AddEnvelopedSignatureTransform = true,
CanonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#",
SignatureMethod = this.signingCredentials.SignatureAlgorithm,
DigestMethod = this.signingCredentials.DigestAlgorithm
};
signedInfo.AddReference(this.assertionId, digest);
SignedXml xml = new SignedXml(signedInfo, this.dictionaryManager, this.keyInfoSerializer);
xml.ComputeSignature(this.signingCredentials.SigningKey);
xml.Signature.KeyIdentifier = this.signingCredentials.SigningKeyIdentifier;
xml.WriteTo(dictionaryWriter);
}
protected void ReadSignature(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver, SamlSerializer samlSerializer)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
if (samlSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("samlSerializer");
}
if (this.signature != null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.IdentityModel.SR.GetString("SAMLSignatureAlreadyRead")));
}
XmlDictionaryReader reader2 = reader;
if (!reader2.CanCanonicalize)
{
MemoryStream stream = new MemoryStream();
XmlDictionaryWriter writer = XmlDictionaryWriter.CreateBinaryWriter(stream, samlSerializer.DictionaryManager.ParentDictionary);
writer.WriteNode(reader2, false);
writer.Flush();
stream.Position = 0L;
reader2 = XmlDictionaryReader.CreateBinaryReader(stream.GetBuffer(), 0, (int) stream.Length, samlSerializer.DictionaryManager.ParentDictionary, reader.Quotas);
reader2.MoveToContent();
writer.Close();
}
SignedXml xml = new SignedXml(new StandardSignedInfo(samlSerializer.DictionaryManager), samlSerializer.DictionaryManager, keyInfoSerializer) {
TransformFactory = ExtendedTransformFactory.Instance
};
xml.ReadFrom(reader2);
SecurityKeyIdentifier keyIdentifier = xml.Signature.KeyIdentifier;
this.verificationKey = SamlSerializer.ResolveSecurityKey(keyIdentifier, outOfBandTokenResolver);
if (this.verificationKey == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLUnableToResolveSignatureKey", new object[] { this.issuer })));
}
this.signature = xml;
this.signingToken = SamlSerializer.ResolveSecurityToken(keyIdentifier, outOfBandTokenResolver);
if (this.signingToken == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SamlSigningTokenNotFound")));
}
if (!object.ReferenceEquals(reader, reader2))
{
reader2.Close();
}
}