private bool CheckSignedInfo(IMac macAlg)
{
if (macAlg == null)
{
throw new ArgumentNullException(nameof(macAlg));
}
SignedXmlDebugLog.LogBeginCheckSignedInfo(this, m_signature.SignedInfo);
int signatureLength;
if (m_signature.SignedInfo.SignatureLength == null)
{
signatureLength = macAlg.GetMacSize() * 8;
}
else
{
signatureLength = Convert.ToInt32(m_signature.SignedInfo.SignatureLength, null);
}
// signatureLength should be less than hash size
if (signatureLength < 0 || signatureLength > macAlg.GetMacSize() * 8)
{
throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_InvalidSignatureLength);
}
if (signatureLength % 8 != 0)
{
throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_InvalidSignatureLength2);
}
if (m_signature.SignatureValue == null)
{
throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_SignatureValueRequired);
}
if (m_signature.SignatureValue.Length != signatureLength / 8)
{
throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_InvalidSignatureLength);
}
// Calculate the hash
GetC14NDigest(new MacHashWrapper(macAlg));
byte[] hashValue = new byte[macAlg.GetMacSize()];
macAlg.DoFinal(hashValue, 0);
SignedXmlDebugLog.LogVerifySignedInfo(this, macAlg, hashValue, m_signature.SignatureValue);
for (int i = 0; i < m_signature.SignatureValue.Length; i++)
{
if (m_signature.SignatureValue[i] != hashValue[i])
{
return(false);
}
}
return(true);
}
private static bool DoesSignatureUseSafeCanonicalizationMethod(SignedXml signedXml)
{
foreach (string safeAlgorithm in signedXml.SafeCanonicalizationMethods)
{
if (string.Equals(safeAlgorithm, signedXml.SignedInfo.CanonicalizationMethod, StringComparison.OrdinalIgnoreCase))
{
return(true);
}
}
SignedXmlDebugLog.LogUnsafeCanonicalizationMethod(signedXml, signedXml.SignedInfo.CanonicalizationMethod, signedXml.SafeCanonicalizationMethods);
return(false);
}
public void ComputeSignature(IMac macAlg)
{
if (macAlg == null)
{
throw new ArgumentNullException(nameof(macAlg));
}
if (!(macAlg is HMac))
{
throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_SignatureMethodKeyMismatch);
}
int signatureLength;
if (m_signature.SignedInfo.SignatureLength == null)
{
signatureLength = macAlg.GetMacSize() * 8;
}
else
{
signatureLength = Convert.ToInt32(m_signature.SignedInfo.SignatureLength, null);
}
// signatureLength should be less than hash size
if (signatureLength < 0 || signatureLength > macAlg.GetMacSize() * 8)
{
throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_InvalidSignatureLength);
}
if (signatureLength % 8 != 0)
{
throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_InvalidSignatureLength2);
}
BuildDigestedReferences();
SignedInfo.SignatureMethod = (macAlg.AlgorithmName.Substring(0, macAlg.AlgorithmName.IndexOf('/')).ToUpperInvariant()) switch
{
"SHA-1" => SignedXml.XmlDsigHMACSHA1Url,
"SHA-256" => SignedXml.XmlDsigMoreHMACSHA256Url,
"SHA-384" => SignedXml.XmlDsigMoreHMACSHA384Url,
"SHA-512" => SignedXml.XmlDsigMoreHMACSHA512Url,
"MD5" => SignedXml.XmlDsigMoreHMACMD5Url,
"RIPEMD160" => SignedXml.XmlDsigMoreHMACRIPEMD160Url,
_ => throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_SignatureMethodKeyMismatch),
};
GetC14NDigest(new MacHashWrapper(macAlg));
byte[] hashValue = new byte[macAlg.GetMacSize()];
macAlg.DoFinal(hashValue, 0);
SignedXmlDebugLog.LogSigning(this, macAlg);
m_signature.SignatureValue = new byte[signatureLength / 8];
Buffer.BlockCopy(hashValue, 0, m_signature.SignatureValue, 0, signatureLength / 8);
}
public static bool CheckSignatureFormat(SignedXml signedXml, Func <SignedXml, bool> _signatureFormatValidator)
{
if (_signatureFormatValidator == null)
{
return(true);
}
SignedXmlDebugLog.LogBeginCheckSignatureFormat(signedXml, _signatureFormatValidator);
bool formatValid = _signatureFormatValidator(signedXml);
SignedXmlDebugLog.LogFormatValidationResult(signedXml, formatValid);
return(formatValid);
}
public void ComputeSignature()
{
SignedXmlDebugLog.LogBeginSignatureComputation(this, _context);
BuildDigestedReferences();
// Load the key
AsymmetricKeyParameter key = SigningKey;
if (key == null)
{
throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_LoadKeyFailed);
}
// Check the signature algorithm associated with the key so that we can accordingly set the signature method
if (SignedInfo.SignatureMethod == null)
{
if (key is DsaKeyParameters)
{
SignedInfo.SignatureMethod = XmlDsigDSAUrl;
}
else if (key is RsaKeyParameters)
{
// Default to RSA-SHA1
if (SignedInfo.SignatureMethod == null)
{
SignedInfo.SignatureMethod = XmlDsigRSASHA256Url;
}
}
else
{
throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_CreatedKeyFailed);
}
}
// See if there is a signature description class defined in the Config file
ISigner signatureDescription = CryptoHelpers.CreateFromName(SignedInfo.SignatureMethod) as ISigner;
if (signatureDescription == null)
{
throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_SignatureDescriptionNotCreated);
}
signatureDescription.Init(true, key);
GetC14NDigest(signatureDescription);
//SignedXmlDebugLog.LogSigning(this, key, signatureDescription, hashAlg, asymmetricSignatureFormatter);
m_signature.SignatureValue = signatureDescription.GenerateSignature();
}
// If we have a signature format validation callback, check to see if this signature's format (not
// the signautre itself) is valid according to the validator. A return value of true indicates that
// the signature format is acceptable, false means that the format is not valid.
private bool CheckSignatureFormat()
{
if (_signatureFormatValidator == null)
{
// No format validator means that we default to accepting the signature. (This is
// effectively compatibility mode with v3.5).
return(true);
}
SignedXmlDebugLog.LogBeginCheckSignatureFormat(this, _signatureFormatValidator);
bool formatValid = _signatureFormatValidator(this);
SignedXmlDebugLog.LogFormatValidationResult(this, formatValid);
return(formatValid);
}
public bool CheckSignature(X509Certificate certificate, bool verifySignatureOnly)
{
if (!verifySignatureOnly)
{
// Check key usages to make sure it is good for signing.
var exts = certificate.CertificateStructure.TbsCertificate.Extensions;
foreach (DerObjectIdentifier extension in exts.ExtensionOids)
{
if (extension.Equals(X509Extensions.KeyUsage))
{
var keyUsage = certificate.GetKeyUsage();
bool validKeyUsage = (keyUsage[0 /* DigitalSignature */] || keyUsage[0 /* NonRepudiation */]);
if (!validKeyUsage)
{
SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_X509KeyUsage);
return(false);
}
break;
}
}
// Do the chain verification to make sure the certificate is valid.
/*X509Chain chain = new X509Chain();
* chain.ChainPolicy.ExtraStore.AddRange(BuildBagOfCerts());
* bool chainVerified = chain.Build(certificate);
* SignedXmlDebugLog.LogVerifyX509Chain(this, chain, certificate);
*
* if (!chainVerified)
* {
* SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_X509Chain);
* return false;
* }*/
}
AsymmetricKeyParameter publicKey = certificate.GetPublicKey();
if (!CheckSignature(publicKey))
{
return(false);
}
SignedXmlDebugLog.LogVerificationResult(this, certificate, true);
return(true);
}
private void BuildDigestedReferences()
{
// Default the DigestMethod and Canonicalization
ArrayList references = SignedInfo.References;
// Reset the cache
_refProcessed = new bool[references.Count];
_refLevelCache = new int[references.Count];
ReferenceLevelSortOrder sortOrder = new ReferenceLevelSortOrder();
sortOrder.References = references;
// Don't alter the order of the references array list
ArrayList sortedReferences = new ArrayList();
foreach (Reference reference in references)
{
sortedReferences.Add(reference);
}
sortedReferences.Sort(sortOrder);
CanonicalXmlNodeList nodeList = new CanonicalXmlNodeList();
foreach (DataObject obj in m_signature.ObjectList)
{
nodeList.Add(obj.GetXml());
}
foreach (Reference reference in sortedReferences)
{
// If no DigestMethod has yet been set, default it to sha1
if (reference.DigestMethod == null)
{
reference.DigestMethod = Reference.DefaultDigestMethod;
}
SignedXmlDebugLog.LogSigningReference(this, reference);
reference.UpdateHashValue(_containingDocument, nodeList);
// If this reference has an Id attribute, add it
if (reference.Id != null)
{
nodeList.Add(reference.GetXml());
}
}
}
public void ComputeSignature()
{
SignedXmlDebugLog.LogBeginSignatureComputation(this, _context);
ReferenceManager.BuildDigestedReferences(this);
AsymmetricKeyParameter key = SigningKey;
if (key == null)
{
throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_LoadKeyFailed);
}
if (SignedInfo.SignatureMethod == null)
{
if (key is DsaKeyParameters)
{
SignedInfo.SignatureMethod = XmlNameSpace.Url[NS.XmlDsigDSAUrl];
}
else if (key is RsaKeyParameters)
{
SignedInfo.SignatureMethod = XmlNameSpace.Url[NS.XmlDsigRSASHA256Url];
}
else
{
throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_CreatedKeyFailed);
}
}
ISigner signatureDescription = CryptoHelpers.CreateFromName <ISigner>(SignedInfo.SignatureMethod);
if (signatureDescription == null)
{
throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_SignatureDescriptionNotCreated);
}
signatureDescription.Init(true, key);
CheckSignatureManager.GetC14NDigest(new SignerHashWrapper(signatureDescription), this);
SignedXmlDebugLog.LogSigning(this, key, signatureDescription);
MSignature.SetSignatureValue(signatureDescription.GenerateSignature());
}
private bool CheckSignedInfo(AsymmetricKeyParameter key)
{
if (key == null)
{
throw new ArgumentNullException("key");
}
SignedXmlDebugLog.LogBeginCheckSignedInfo(this, m_signature.SignedInfo);
ISigner signatureDescription = CryptoHelpers.CreateFromName(SignatureMethod) as ISigner;
if (signatureDescription == null)
{
throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_SignatureDescriptionNotCreated);
}
// Let's see if the key corresponds with the SignatureMethod
/*Type ta = Type.GetType(signatureDescription.KeyAlgorithm);
* if (!IsKeyTheCorrectAlgorithm(key, ta))
* return false;*/
try {
signatureDescription.Init(false, key);
} catch (Exception) {
return(false);
}
GetC14NDigest(signatureDescription);
/*SignedXmlDebugLog.LogVerifySignedInfo(this,
* key,
* signatureDescription,
* hashAlgorithm,
* asymmetricSignatureDeformatter,
* hashval,
* m_signature.SignatureValue);*/
return(signatureDescription.VerifySignature(m_signature.SignatureValue));
}
public static void BuildDigestedReferences(SignedXml signedXml)
{
ArrayList references = signedXml.SignedInfo.References;
signedXml.RefProcessed = new bool[references.Count];
signedXml.RefLevelCache = new int[references.Count];
ReferenceLevelSortOrder sortOrder = new ReferenceLevelSortOrder();
sortOrder.SetReferences(references);
ArrayList sortedReferences = new ArrayList();
foreach (Reference reference in references)
{
sortedReferences.Add(reference);
}
sortedReferences.Sort(sortOrder);
CanonicalXmlNodeList nodeList = new CanonicalXmlNodeList();
foreach (DataObject obj in signedXml.Signature.GetObjectList())
{
nodeList.Add(obj.GetXml());
}
foreach (Reference reference in sortedReferences)
{
if (reference.DigestMethod == null)
{
reference.DigestMethod = XmlNameSpace.Url[NS.XmlDsigSHA256Url];
}
SignedXmlDebugLog.LogSigningReference(signedXml, reference);
reference.UpdateHashValue(signedXml.ContainingDocument, nodeList);
if (reference.GetId() != null)
{
nodeList.Add(reference.GetXml());
}
}
}
public bool CheckSignature(IMac macAlg)
{
if (!CheckSignatureFormat())
{
return(false);
}
if (!CheckSignedInfo(macAlg))
{
SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_SignedInfo);
return(false);
}
if (!CheckDigestedReferences())
{
SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_References);
return(false);
}
SignedXmlDebugLog.LogVerificationResult(this, macAlg, true);
return(true);
}
public bool CheckSignature(AsymmetricKeyParameter key)
{
if (!CheckSignatureFormat())
{
return(false);
}
if (!CheckSignedInfo(key))
{
SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_SignedInfo);
return(false);
}
// Now is the time to go through all the references and see if their DigestValues are good
if (!CheckDigestedReferences())
{
SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_References);
return(false);
}
SignedXmlDebugLog.LogVerificationResult(this, key, true);
return(true);
}
// What we want to do is pump the input throug the TransformChain and then
// hash the output of the chain document is the document context for resolving relative references
internal byte[] CalculateHashValue(XmlDocument document, CanonicalXmlNodeList refList)
{
// refList is a list of elements that might be targets of references
// Now's the time to create our hashing algorithm
IDigest digest = CryptoHelpers.CreateFromName <IDigest>(_digestMethod);
if (digest == null)
{
IMac mac = CryptoHelpers.CreateFromName <IMac>(_digestMethod);
if (mac == null)
{
throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_CreateHashAlgorithmFailed);
}
// For compatibility to corefx' HMAC implementation
byte[] randomKey = Utils.GenerateRandomBlock(mac.GetMacSize());
mac.Init(new KeyParameter(randomKey));
_hashAlgorithm = new MacHashWrapper(mac);
}
else
{
_hashAlgorithm = new DigestHashWrapper(digest);
}
// Let's go get the target.
string baseUri = (document == null ? System.Environment.CurrentDirectory + "\\" : document.BaseURI);
Stream hashInputStream = null;
WebResponse response = null;
Stream inputStream = null;
XmlResolver resolver = null;
_hashval = null;
try
{
switch (_refTargetType)
{
case ReferenceTargetType.Stream:
// This is the easiest case. We already have a stream, so just pump it through the TransformChain
resolver = (SignedXml.ResolverSet ? SignedXml._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri));
hashInputStream = TransformChain.TransformToOctetStream((Stream)_refTarget, resolver, baseUri);
break;
case ReferenceTargetType.UriReference:
// Second-easiest case -- dereference the URI & pump through the TransformChain
// handle the special cases where the URI is null (meaning whole doc)
// or the URI is just a fragment (meaning a reference to an embedded Object)
if (_uri == null)
{
// We need to create a DocumentNavigator out of the XmlElement
resolver = (SignedXml.ResolverSet ? SignedXml._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri));
// In the case of a Uri-less reference, we will simply pass null to the transform chain.
// The first transform in the chain is expected to know how to retrieve the data to hash.
hashInputStream = TransformChain.TransformToOctetStream((Stream)null, resolver, baseUri);
}
else if (_uri.Length == 0)
{
// This is the self-referential case. First, check that we have a document context.
// The Enveloped Signature does not discard comments as per spec; those will be omitted during the transform chain process
if (document == null)
{
throw new System.Security.Cryptography.CryptographicException(string.Format(CultureInfo.CurrentCulture, SR.Cryptography_Xml_SelfReferenceRequiresContext, _uri));
}
// Normalize the containing document
resolver = (SignedXml.ResolverSet ? SignedXml._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri));
XmlDocument docWithNoComments = Utils.DiscardComments(Utils.PreProcessDocumentInput(document, resolver, baseUri));
hashInputStream = TransformChain.TransformToOctetStream(docWithNoComments, resolver, baseUri);
}
else if (_uri[0] == '#')
{
// If we get here, then we are constructing a Reference to an embedded DataObject
// referenced by an Id = attribute. Go find the relevant object
bool discardComments = true;
string idref = Utils.GetIdFromLocalUri(_uri, out discardComments);
if (idref == "xpointer(/)")
{
// This is a self referencial case
if (document == null)
{
throw new System.Security.Cryptography.CryptographicException(string.Format(CultureInfo.CurrentCulture, SR.Cryptography_Xml_SelfReferenceRequiresContext, _uri));
}
// We should not discard comments here!!!
resolver = (SignedXml.ResolverSet ? SignedXml._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri));
hashInputStream = TransformChain.TransformToOctetStream(Utils.PreProcessDocumentInput(document, resolver, baseUri), resolver, baseUri);
break;
}
XmlElement elem = SignedXml.GetIdElement(document, idref);
if (elem != null)
{
_namespaces = Utils.GetPropagatedAttributes(elem.ParentNode as XmlElement);
}
if (elem == null)
{
// Go throw the referenced items passed in
if (refList != null)
{
foreach (XmlNode node in refList)
{
XmlElement tempElem = node as XmlElement;
if ((tempElem != null) && (Utils.HasAttribute(tempElem, "Id", SignedXml.XmlDsigNamespaceUrl)) &&
(Utils.GetAttribute(tempElem, "Id", SignedXml.XmlDsigNamespaceUrl).Equals(idref)))
{
elem = tempElem;
if (_signedXml._context != null)
{
_namespaces = Utils.GetPropagatedAttributes(_signedXml._context);
}
break;
}
}
}
}
if (elem == null)
{
throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_InvalidReference);
}
XmlDocument normDocument = Utils.PreProcessElementInput(elem, resolver, baseUri);
// Add the propagated attributes
Utils.AddNamespaces(normDocument.DocumentElement, _namespaces);
resolver = (SignedXml.ResolverSet ? SignedXml._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri));
if (discardComments)
{
// We should discard comments before going into the transform chain
XmlDocument docWithNoComments = Utils.DiscardComments(normDocument);
hashInputStream = TransformChain.TransformToOctetStream(docWithNoComments, resolver, baseUri);
}
else
{
// This is an XPointer reference, do not discard comments!!!
hashInputStream = TransformChain.TransformToOctetStream(normDocument, resolver, baseUri);
}
}
else
{
throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_UriNotResolved, _uri);
}
break;
case ReferenceTargetType.XmlElement:
// We need to create a DocumentNavigator out of the XmlElement
resolver = (SignedXml.ResolverSet ? SignedXml._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri));
hashInputStream = TransformChain.TransformToOctetStream(Utils.PreProcessElementInput((XmlElement)_refTarget, resolver, baseUri), resolver, baseUri);
break;
default:
throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_UriNotResolved, _uri);
}
// Compute the new hash value
hashInputStream = SignedXmlDebugLog.LogReferenceData(this, hashInputStream);
// Default the buffer size to 4K.
byte[] buffer = new byte[4096];
int bytesRead;
_hashAlgorithm.Reset();
while ((bytesRead = hashInputStream.Read(buffer, 0, buffer.Length)) > 0)
{
_hashAlgorithm.BlockUpdate(buffer, 0, bytesRead);
}
_hashval = new byte[_hashAlgorithm.GetHashSize()];
_hashAlgorithm.DoFinal(_hashval, 0);
}
finally
{
if (hashInputStream != null)
{
hashInputStream.Close();
}
if (response != null)
{
response.Close();
}
if (inputStream != null)
{
inputStream.Close();
}
}
return(_hashval);
}
public void ComputeSignature(IMac macAlg)
{
if (macAlg == null)
{
throw new ArgumentNullException(nameof(macAlg));
}
if (!(macAlg is HMac))
{
throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_SignatureMethodKeyMismatch);
}
int signatureLength;
if (MSignature.SignedInfo.SignatureLength == null)
{
signatureLength = macAlg.GetMacSize() * 8;
}
else
{
signatureLength = Convert.ToInt32(MSignature.SignedInfo.SignatureLength, null);
}
if (signatureLength < 0 || signatureLength > macAlg.GetMacSize() * 8)
{
throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_InvalidSignatureLength);
}
if (signatureLength % 8 != 0)
{
throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_InvalidSignatureLength2);
}
ReferenceManager.BuildDigestedReferences(this);
var algorithmName = macAlg.AlgorithmName.Substring(0, macAlg.AlgorithmName.IndexOf('/')).ToUpperInvariant();
var signedXmlDictionary = new Dictionary <string, NS>()
{
{ "SHA-1", NS.XmlDsigHMACSHA1Url },
{ "SHA-256", NS.XmlDsigMoreHMACSHA256Url },
{ "SHA-384", NS.XmlDsigMoreHMACSHA384Url },
{ "SHA-512", NS.XmlDsigMoreHMACSHA512Url },
{ "MD5", NS.XmlDsigMoreHMACMD5Url },
{ "RIPEMD160", NS.XmlDsigMoreHMACRIPEMD160Url }
};
try
{
SignedInfo.SignatureMethod = XmlNameSpace.Url[signedXmlDictionary[algorithmName]];
}
catch (Exception)
{
throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_SignatureMethodKeyMismatch);
}
CheckSignatureManager.GetC14NDigest(new MacHashWrapper(macAlg), this);
byte[] hashValue = new byte[macAlg.GetMacSize()];
macAlg.DoFinal(hashValue, 0);
SignedXmlDebugLog.LogSigning(this, macAlg);
MSignature.SetSignatureValue(new byte[signatureLength / 8]);
Buffer.BlockCopy(hashValue, 0, MSignature.GetSignatureValue(), 0, signatureLength / 8);
}
internal byte[] CalculateHashValue(XmlDocument document, CanonicalXmlNodeList refList)
{
IDigest digest = CryptoHelpers.CreateFromName <IDigest>(_digestMethod);
if (digest == null)
{
IMac mac = CryptoHelpers.CreateFromName <IMac>(_digestMethod);
if (mac == null)
{
throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_CreateHashAlgorithmFailed);
}
byte[] randomKey = CryptoUtils.GenerateRandomBlock(mac.GetMacSize());
mac.Init(new KeyParameter(randomKey));
_hashAlgorithm = new MacHashWrapper(mac);
}
else
{
_hashAlgorithm = new DigestHashWrapper(digest);
}
string baseUri = document == null ? Environment.CurrentDirectory + "\\" : document.BaseURI;
Stream hashInputStream = null;
WebResponse response = null;
Stream inputStream = null;
XmlResolver resolver = null;
_hashval = null;
try
{
switch (_refTargetType)
{
case ReferenceTargetType.Stream:
resolver = (GetSignedXml().ResolverSet ? GetSignedXml()._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri));
hashInputStream = TransformChain.TransformToOctetStream((Stream)_refTarget, resolver, baseUri);
break;
case ReferenceTargetType.UriReference:
if (_uri == null)
{
resolver = (GetSignedXml().ResolverSet ? GetSignedXml()._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri));
hashInputStream = TransformChain.TransformToOctetStream((Stream)null, resolver, baseUri);
}
else if (_uri.Length == 0)
{
if (document == null)
{
throw new System.Security.Cryptography.CryptographicException(string.Format(CultureInfo.CurrentCulture, SR.Cryptography_Xml_SelfReferenceRequiresContext, _uri));
}
resolver = (GetSignedXml().ResolverSet ? GetSignedXml()._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri));
XmlDocument docWithNoComments = StreamUtils.DiscardComments(StreamUtils.PreProcessDocumentInput(document, resolver, baseUri));
hashInputStream = TransformChain.TransformToOctetStream(docWithNoComments, resolver, baseUri);
}
else if (_uri[0] == '#')
{
bool discardComments = true;
string idref = ParserUtils.GetIdFromLocalUri(_uri, out discardComments);
if (idref == "xpointer(/)")
{
if (document == null)
{
throw new System.Security.Cryptography.CryptographicException(string.Format(CultureInfo.CurrentCulture, SR.Cryptography_Xml_SelfReferenceRequiresContext, _uri));
}
resolver = (GetSignedXml().ResolverSet ? GetSignedXml()._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri));
hashInputStream = TransformChain.TransformToOctetStream(StreamUtils.PreProcessDocumentInput(document, resolver, baseUri), resolver, baseUri);
break;
}
XmlElement elem = GetSignedXml().GetIdElement(document, idref);
if (elem != null)
{
_namespaces = ElementUtils.GetPropagatedAttributes(elem.ParentNode as XmlElement);
}
if (elem == null && refList != null)
{
foreach (XmlNode node in refList)
{
XmlElement tempElem = node as XmlElement;
if ((tempElem != null) && (ElementUtils.HasAttribute(tempElem, "Id", XmlNameSpace.Url[NS.XmlDsigNamespaceUrl])) &&
(ElementUtils.GetAttribute(tempElem, "Id", NS.XmlDsigNamespaceUrl).Equals(idref)))
{
elem = tempElem;
if (_signedXml._context != null)
{
_namespaces = ElementUtils.GetPropagatedAttributes(_signedXml._context);
}
break;
}
}
}
if (elem == null)
{
throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_InvalidReference);
}
XmlDocument normDocument = StreamUtils.PreProcessElementInput(elem, resolver, baseUri);
ElementUtils.AddNamespaces(normDocument.DocumentElement, _namespaces);
resolver = (GetSignedXml().ResolverSet ? GetSignedXml()._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri));
if (discardComments)
{
XmlDocument docWithNoComments = StreamUtils.DiscardComments(normDocument);
hashInputStream = TransformChain.TransformToOctetStream(docWithNoComments, resolver, baseUri);
}
else
{
hashInputStream = TransformChain.TransformToOctetStream(normDocument, resolver, baseUri);
}
}
else
{
throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_UriNotResolved, _uri);
}
break;
case ReferenceTargetType.XmlElement:
resolver = (GetSignedXml().ResolverSet ? GetSignedXml()._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri));
hashInputStream = TransformChain.TransformToOctetStream(StreamUtils.PreProcessElementInput((XmlElement)_refTarget, resolver, baseUri), resolver, baseUri);
break;
default:
throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_UriNotResolved, _uri);
}
hashInputStream = SignedXmlDebugLog.LogReferenceData(this, hashInputStream);
byte[] buffer = new byte[4096];
int bytesRead;
_hashAlgorithm.Reset();
while ((bytesRead = hashInputStream.Read(buffer, 0, buffer.Length)) > 0)
{
_hashAlgorithm.BlockUpdate(buffer, 0, bytesRead);
}
_hashval = new byte[_hashAlgorithm.GetHashSize()];
_hashAlgorithm.DoFinal(_hashval, 0);
}
finally
{
if (hashInputStream != null)
{
hashInputStream.Close();
}
if (response != null)
{
response.Close();
}
if (inputStream != null)
{
inputStream.Close();
}
}
return(_hashval);
}
