public void EmptyChain ()
{
TransformChain chain = new TransformChain ();
AssertEquals ("empty count", 0, chain.Count);
AssertNotNull ("IEnumerator", chain.GetEnumerator ());
AssertEquals ("ToString()", "System.Security.Cryptography.Xml.TransformChain", chain.ToString ());
}
private void DownloadCipherValue(CipherData cipherData, out Stream inputStream, out Stream decInputStream, out WebResponse response)
{
// maybe a network stream, make sure we allow just what is needed!!
PermissionSet ps = SecurityManager.GetStandardSandbox(m_evidence);
ps.PermitOnly();
WebRequest request = WebRequest.Create(cipherData.CipherReference.Uri);
if (request == null)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_UriNotResolved"), cipherData.CipherReference.Uri);
}
response = request.GetResponse();
if (response == null)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_UriNotResolved"), cipherData.CipherReference.Uri);
}
inputStream = response.GetResponseStream();
if (inputStream == null)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_UriNotResolved"), cipherData.CipherReference.Uri);
}
TransformChain tc = cipherData.CipherReference.TransformChain;
decInputStream = tc.TransformToOctetStream(inputStream, m_xmlResolver, cipherData.CipherReference.Uri);
}
public void FullChain ()
{
TransformChain chain = new TransformChain ();
XmlDsigBase64Transform base64 = new XmlDsigBase64Transform ();
chain.Add (base64);
AssertEquals ("XmlDsigBase64Transform", base64, chain[0]);
AssertEquals ("count 1", 1, chain.Count);
XmlDsigC14NTransform c14n = new XmlDsigC14NTransform ();
chain.Add (c14n);
AssertEquals ("XmlDsigC14NTransform", c14n, chain[1]);
AssertEquals ("count 2", 2, chain.Count);
XmlDsigC14NWithCommentsTransform c14nc = new XmlDsigC14NWithCommentsTransform ();
chain.Add (c14nc);
AssertEquals ("XmlDsigC14NWithCommentsTransform", c14nc, chain[2]);
AssertEquals ("count 3", 3, chain.Count);
XmlDsigEnvelopedSignatureTransform esign = new XmlDsigEnvelopedSignatureTransform ();
chain.Add (esign);
AssertEquals ("XmlDsigEnvelopedSignatureTransform", esign, chain[3]);
AssertEquals ("count 4", 4, chain.Count);
XmlDsigXPathTransform xpath = new XmlDsigXPathTransform ();
chain.Add (xpath);
AssertEquals ("XmlDsigXPathTransform", xpath, chain[4]);
AssertEquals ("count 5", 5, chain.Count);
XmlDsigXsltTransform xslt = new XmlDsigXsltTransform ();
chain.Add (xslt);
AssertEquals ("XmlDsigXsltTransform", xslt, chain[5]);
AssertEquals ("count 6", 6, chain.Count);
}
internal Reference (XmlElement element) {
m_transformChain = new TransformChain();
m_refTarget = element;
m_refTargetType = ReferenceTargetType.XmlElement;
m_cachedXml = null;
m_digestMethod = SignedXml.XmlDsigSHA1Url;
}
public Reference (Stream stream) {
m_transformChain = new TransformChain();
m_refTarget = stream;
m_refTargetType = ReferenceTargetType.Stream;
m_cachedXml = null;
m_digestMethod = SignedXml.XmlDsigSHA1Url;
}
public void FullChain ()
{
TransformChain chain = new TransformChain ();
XmlDsigBase64Transform base64 = new XmlDsigBase64Transform ();
chain.Add (base64);
Assert.AreEqual (base64, chain[0], "XmlDsigBase64Transform");
Assert.AreEqual (1, chain.Count, "count 1");
XmlDsigC14NTransform c14n = new XmlDsigC14NTransform ();
chain.Add (c14n);
Assert.AreEqual (c14n, chain[1], "XmlDsigC14NTransform");
Assert.AreEqual (2, chain.Count, "count 2");
XmlDsigC14NWithCommentsTransform c14nc = new XmlDsigC14NWithCommentsTransform ();
chain.Add (c14nc);
Assert.AreEqual (c14nc, chain[2], "XmlDsigC14NWithCommentsTransform");
Assert.AreEqual (3, chain.Count, "count 3");
XmlDsigEnvelopedSignatureTransform esign = new XmlDsigEnvelopedSignatureTransform ();
chain.Add (esign);
Assert.AreEqual (esign, chain[3], "XmlDsigEnvelopedSignatureTransform");
Assert.AreEqual (4, chain.Count, "count 4");
XmlDsigXPathTransform xpath = new XmlDsigXPathTransform ();
chain.Add (xpath);
Assert.AreEqual (xpath, chain[4], "XmlDsigXPathTransform");
Assert.AreEqual (5, chain.Count, "count 5");
XmlDsigXsltTransform xslt = new XmlDsigXsltTransform ();
chain.Add (xslt);
Assert.AreEqual (xslt, chain[5], "XmlDsigXsltTransform");
Assert.AreEqual (6, chain.Count, "count 6");
}
public void EmptyChain ()
{
TransformChain chain = new TransformChain ();
Assert.AreEqual (0, chain.Count, "empty count");
Assert.IsNotNull (chain.GetEnumerator (), "IEnumerator");
Assert.AreEqual ("System.Security.Cryptography.Xml.TransformChain", chain.ToString (), "ToString()");
}
private static SignatureVerificationResult VerifyStrongNameSignatureTransforms(SignedInfo signedInfo)
{
int num = 0;
foreach (Reference reference in signedInfo.References)
{
TransformChain transformChain = reference.TransformChain;
bool flag = false;
if (string.IsNullOrEmpty(reference.Uri))
{
num++;
flag = (((transformChain != null) && (transformChain.Count == 2)) && (string.Compare(transformChain[0].Algorithm, "http://www.w3.org/2000/09/xmldsig#enveloped-signature", StringComparison.Ordinal) == 0)) && (string.Compare(transformChain[1].Algorithm, "http://www.w3.org/2001/10/xml-exc-c14n#", StringComparison.Ordinal) == 0);
}
else if (string.Compare(reference.Uri, "#StrongNameKeyInfo", StringComparison.Ordinal) == 0)
{
num++;
flag = ((transformChain != null) && (transformChain.Count == 1)) && (string.Compare(transformChain[0].Algorithm, "http://www.w3.org/2001/10/xml-exc-c14n#", StringComparison.Ordinal) == 0);
}
else
{
flag = true;
}
if (!flag)
{
return(SignatureVerificationResult.BadSignatureFormat);
}
}
if (num == 0)
{
return(SignatureVerificationResult.BadSignatureFormat);
}
return(SignatureVerificationResult.Valid);
}
//
// public methods
//
internal XmlElement GetXml(XmlDocument document)
{
// Create the Reference
XmlElement referenceElement = document.CreateElement("Reference", SignedXml.XmlDsigNamespaceUrl);
if (_uri != null)
{
referenceElement.SetAttribute("URI", _uri);
}
// Add the transforms to the Reference
if (TransformChain.Count != 0)
{
referenceElement.AppendChild(TransformChain.GetXml(document, SignedXml.XmlDsigNamespaceUrl));
}
// Add the DigestMethod
XmlElement digestMethodElement = document.CreateElement("DigestMethod", SignedXml.XmlDsigNamespaceUrl);
digestMethodElement.SetAttribute("Algorithm", _digestMethod);
referenceElement.AppendChild(digestMethodElement);
XmlElement digestValueElement = document.CreateElement("DigestValue", SignedXml.XmlDsigNamespaceUrl);
digestValueElement.AppendChild(document.CreateTextNode(Convert.ToBase64String(_digestValue)));
referenceElement.AppendChild(digestValueElement);
return(referenceElement);
}
public override void LoadXml(XmlElement value)
{
if (value == null)
{
throw new ArgumentNullException(nameof(value));
}
ReferenceType = value.LocalName;
string uri = Utils.GetAttribute(value, "URI", EncryptedXml.XmlEncNamespaceUrl);
Uri = uri ?? throw new CryptographicException(SR.Cryptography_Xml_UriRequired);
// Transforms
XmlNamespaceManager nsm = new XmlNamespaceManager(value.OwnerDocument.NameTable);
nsm.AddNamespace("enc", EncryptedXml.XmlEncNamespaceUrl);
XmlNode transformsNode = value.SelectSingleNode("enc:Transforms", nsm);
if (transformsNode != null)
{
TransformChain.LoadXml(transformsNode as XmlElement);
}
// cache the Xml
_cachedXml = value;
}
//
// public constructors
//
public Reference()
{
m_transformChain = new TransformChain();
m_refTarget = null;
m_refTargetType = ReferenceTargetType.UriReference;
m_cachedXml = null;
m_digestMethod = SignedXml.XmlDsigDigestDefault;
}
public Reference (string uri) {
m_transformChain = new TransformChain();
m_refTarget = uri;
m_uri = uri;
m_refTargetType = ReferenceTargetType.UriReference;
m_cachedXml = null;
m_digestMethod = SignedXml.XmlDsigSHA1Url;
}
public Reference(Stream stream)
{
m_transformChain = new TransformChain();
m_refTarget = stream;
m_refTargetType = ReferenceTargetType.Stream;
m_cachedXml = null;
m_digestMethod = SignedXml.XmlDsigSHA1Url;
}
//
// public constructors
//
public Reference(string uri, string tagASerAplicada, SignedXml main)
{
_transformChain = new TransformChain();
_uri = uri;
tag = tagASerAplicada;
_digestMethod = SignedXml.XmlDsigSHA1Url;
_signedXml = main;
}
//
// public constructors
//
public Reference()
{
_transformChain = new TransformChain();
_refTarget = null;
_refTargetType = ReferenceTargetType.UriReference;
_cachedXml = null;
_digestMethod = SignedXml.XmlDsigSHA1Url;
}
//
// public constructors
//
public Reference()
{
_transformChain = new TransformChain();
_refTarget = null;
_refTargetType = ReferenceTargetType.UriReference;
_cachedXml = null;
_digestMethod = DefaultDigestMethod;
}
public Reference(Stream stream)
{
_transformChain = new TransformChain();
_refTarget = stream;
_refTargetType = ReferenceTargetType.Stream;
_cachedXml = null;
_digestMethod = DefaultDigestMethod;
}
internal Reference(XmlElement element)
{
m_transformChain = new TransformChain();
m_refTarget = element;
m_refTargetType = ReferenceTargetType.XmlElement;
m_cachedXml = null;
m_digestMethod = SignedXml.XmlDsigSHA1Url;
}
internal Reference(XmlElement element)
{
_transformChain = new TransformChain();
_refTarget = element;
_refTargetType = ReferenceTargetType.XmlElement;
_cachedXml = null;
_digestMethod = DefaultDigestMethod;
}
public void AddTransform(Transform transform)
{
if (transform == null)
{
throw new ArgumentNullException(nameof(transform));
}
TransformChain.Add(transform);
}
public Reference(string uri)
{
m_transformChain = new TransformChain();
m_refTarget = uri;
m_uri = uri;
m_refTargetType = ReferenceTargetType.UriReference;
m_cachedXml = null;
m_digestMethod = SignedXml.XmlDsigSHA1Url;
}
public void AddTransform(Transform transform)
{
if (transform == null)
{
throw new ArgumentNullException("transform");
}
transform.Reference = this;
TransformChain.Add(transform);
}
internal XmlElement GetXml(XmlDocument document)
{
// Create the Reference
XmlElement referenceElement = document.CreateElement("Reference", SignedXml.XmlDsigNamespaceUrl);
if (!string.IsNullOrEmpty(_id))
{
referenceElement.SetAttribute("Id", _id);
}
if (_uri != null)
{
referenceElement.SetAttribute("URI", _uri);
}
if (!string.IsNullOrEmpty(_type))
{
referenceElement.SetAttribute("Type", _type);
}
// Add the transforms to the Reference
if (TransformChain.Count != 0)
{
referenceElement.AppendChild(TransformChain.GetXml(document, SignedXml.XmlDsigNamespaceUrl));
}
// Add the DigestMethod
if (string.IsNullOrEmpty(_digestMethod))
{
throw new CryptographicException(SR.Cryptography_Xml_DigestMethodRequired);
}
XmlElement digestMethodElement = document.CreateElement("DigestMethod", SignedXml.XmlDsigNamespaceUrl);
digestMethodElement.SetAttribute("Algorithm", _digestMethod);
referenceElement.AppendChild(digestMethodElement);
if (DigestValue == null)
{
if (_hashAlgorithm.Hash == null)
{
throw new CryptographicException(SR.Cryptography_Xml_DigestValueRequired);
}
DigestValue = _hashAlgorithm.Hash;
}
XmlElement digestValueElement = document.CreateElement("DigestValue", SignedXml.XmlDsigNamespaceUrl);
digestValueElement.AppendChild(document.CreateTextNode(Convert.ToBase64String(_digestValue)));
referenceElement.AppendChild(digestValueElement);
return(referenceElement);
}
private bool ReferenceUsesSafeTransformMethods(Reference reference)
{
TransformChain transformChain = reference.TransformChain;
int transformCount = transformChain.Count;
for (int i = 0; i < transformCount; i++)
{
Transform transform = transformChain[i];
if (!IsSafeTransform(transform.Algorithm))
{
return(false);
}
}
return(true);
}
/// <summary>
/// Verify the transforms on a strong name signature are valid for a ClickOnce manifest.
/// </summary>
/// <remarks>
/// For a reference to the entire document, we expect both exclusive cannonicalization and
/// enveloped transform. For a reference to the strong name key section, we expect only exclusive
/// cannonicalization. Other references are not given special meaning for a strong name signature
/// and are ignored. Failure to have exactly the correct set of transforms is an error with the
/// strong name signature.
/// </remarks>
private static SignatureVerificationResult VerifyStrongNameSignatureTransforms(SignedInfo signedInfo)
{
Debug.Assert(signedInfo != null, "signedInfo != null");
int totalReferences = 0;
foreach (Reference reference in signedInfo.References)
{
TransformChain transforms = reference.TransformChain;
bool validTransformChain = false;
if (String.IsNullOrEmpty(reference.Uri))
{
totalReferences++;
validTransformChain = transforms != null &&
transforms.Count == 2 &&
String.Compare(transforms[0].Algorithm, SignedXml.XmlDsigEnvelopedSignatureTransformUrl, StringComparison.Ordinal) == 0 &&
String.Compare(transforms[1].Algorithm, SignedXml.XmlDsigExcC14NTransformUrl, StringComparison.Ordinal) == 0;
}
else if (String.Compare(reference.Uri, "#StrongNameKeyInfo", StringComparison.Ordinal) == 0)
{
totalReferences++;
validTransformChain = transforms != null &&
transforms.Count == 1 &&
String.Compare(transforms[0].Algorithm, SignedXml.XmlDsigExcC14NTransformUrl, StringComparison.Ordinal) == 0;
}
else
{
validTransformChain = true;
}
if (!validTransformChain)
{
return(SignatureVerificationResult.BadSignatureFormat);
}
}
if (totalReferences == 0)
{
return(SignatureVerificationResult.BadSignatureFormat);
}
return(SignatureVerificationResult.Valid);
}
internal new XmlElement GetXml(XmlDocument document)
{
if (ReferenceType == null)
{
throw new CryptographicException(SR.Cryptography_Xml_ReferenceTypeRequired);
}
// Create the Reference
XmlElement referenceElement = document.CreateElement(ReferenceType, EncryptedXml.XmlEncNamespaceUrl);
if (!string.IsNullOrEmpty(Uri))
{
referenceElement.SetAttribute("URI", Uri);
}
// Add the transforms to the CipherReference
if (TransformChain.Count > 0)
{
referenceElement.AppendChild(TransformChain.GetXml(document, EncryptedXml.XmlEncNamespaceUrl));
}
return(referenceElement);
}
public virtual void LoadXml(XmlElement value)
{
if (value == null)
{
throw new ArgumentNullException("value");
}
ReferenceType = value.LocalName;
Uri = Utils.GetAttribute(value, "URI", EncryptedXml.XmlEncNamespaceUrl);
// Transforms
XmlNamespaceManager nsm = new XmlNamespaceManager(value.OwnerDocument.NameTable);
nsm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);
XmlNode transformsNode = value.SelectSingleNode("ds:Transforms", nsm);
if (transformsNode != null)
{
TransformChain.LoadXml(transformsNode as XmlElement);
}
// cache the Xml
_cachedXml = value;
}
protected EncryptedReference(string uri, TransformChain transformChain)
{
TransformChain = transformChain;
Uri = uri;
_cachedXml = null;
}
public CipherReference (string uri, TransformChain tc)
: base (uri, tc)
{
}
protected EncryptedReference (string uri, TransformChain transformChain) {
this.TransformChain = transformChain;
this.Uri = uri;
m_cachedXml = null;
}
public KeyReference (string uri, TransformChain transformChain) : base(uri, transformChain) {
ReferenceType = "KeyReference";
}
public CipherReference (string uri, TransformChain transformChain) : base(uri, transformChain) {
ReferenceType = "CipherReference";
}
public DataReference(string uri, TransformChain tc)
: base(uri, tc)
{
ReferenceType = XmlEncryption.ElementNames.DataReference;
}
protected EncryptedReference (string uri, TransformChain tc)
: this ()
{
Uri = uri;
TransformChain = tc;
}
public Reference ()
{
chain = new TransformChain ();
digestMethod = XmlSignature.NamespaceURI + "sha1";
}
public KeyReference(string uri, TransformChain transformChain) : base(uri, transformChain)
{
base.ReferenceType = "KeyReference";
}
public Reference()
{
chain = new TransformChain();
digestMethod = XmlSignature.NamespaceURI + "sha1";
}
public KeyReference (string uri, TransformChain tc)
: base (uri, tc)
{
ReferenceType = XmlEncryption.ElementNames.KeyReference;
}
protected EncryptedReference(string uri, TransformChain transformChain)
{
this.TransformChain = transformChain;
this.Uri = uri;
m_cachedXml = null;
}
public DataReference(string uri, TransformChain transformChain) : base(uri, transformChain)
{
ReferenceType = "DataReference";
}
public void LoadXml(XmlElement value)
{
if (value == null)
{
throw new ArgumentNullException(nameof(value));
}
_id = Utils.GetAttribute(value, "Id", SignedXml.XmlDsigNamespaceUrl);
_uri = Utils.GetAttribute(value, "URI", SignedXml.XmlDsigNamespaceUrl);
_type = Utils.GetAttribute(value, "Type", SignedXml.XmlDsigNamespaceUrl);
if (!Utils.VerifyAttributes(value, new string[] { "Id", "URI", "Type" }))
{
throw new CryptographicException(SR.Cryptography_Xml_InvalidElement, "Reference");
}
XmlNamespaceManager nsm = new XmlNamespaceManager(value.OwnerDocument.NameTable);
nsm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);
// Transforms
bool hasTransforms = false;
TransformChain = new TransformChain();
XmlNodeList transformsNodes = value.SelectNodes("ds:Transforms", nsm);
if (transformsNodes != null && transformsNodes.Count != 0)
{
if (transformsNodes.Count > 1)
{
throw new CryptographicException(SR.Cryptography_Xml_InvalidElement, "Reference/Transforms");
}
hasTransforms = true;
XmlElement transformsElement = transformsNodes[0] as XmlElement;
if (!Utils.VerifyAttributes(transformsElement, (string[])null))
{
throw new CryptographicException(SR.Cryptography_Xml_InvalidElement, "Reference/Transforms");
}
XmlNodeList transformNodes = transformsElement.SelectNodes("ds:Transform", nsm);
if (transformNodes != null)
{
if (transformNodes.Count != transformsElement.SelectNodes("*").Count)
{
throw new CryptographicException(SR.Cryptography_Xml_InvalidElement, "Reference/Transforms");
}
if (transformNodes.Count > Utils.MaxTransformsPerReference)
{
throw new CryptographicException(SR.Cryptography_Xml_InvalidElement, "Reference/Transforms");
}
foreach (XmlNode transformNode in transformNodes)
{
XmlElement transformElement = transformNode as XmlElement;
string algorithm = Utils.GetAttribute(transformElement, "Algorithm", SignedXml.XmlDsigNamespaceUrl);
if (algorithm == null || !Utils.VerifyAttributes(transformElement, "Algorithm"))
{
throw new CryptographicException(SR.Cryptography_Xml_UnknownTransform);
}
Transform transform = CryptoHelpers.CreateFromName <Transform>(algorithm);
if (transform == null)
{
throw new CryptographicException(SR.Cryptography_Xml_UnknownTransform);
}
AddTransform(transform);
// let the transform read the children of the transformElement for data
transform.LoadInnerXml(transformElement.ChildNodes);
// Hack! this is done to get around the lack of here() function support in XPath
if (transform is XmlDsigEnvelopedSignatureTransform)
{
// Walk back to the Signature tag. Find the nearest signature ancestor
// Signature-->SignedInfo-->Reference-->Transforms-->Transform
XmlNode signatureTag = transformElement.SelectSingleNode("ancestor::ds:Signature[1]", nsm);
XmlNodeList signatureList = transformElement.SelectNodes("//ds:Signature", nsm);
if (signatureList != null)
{
int position = 0;
foreach (XmlNode node in signatureList)
{
position++;
if (node == signatureTag)
{
((XmlDsigEnvelopedSignatureTransform)transform).SignaturePosition = position;
break;
}
}
}
}
}
}
}
// DigestMethod
XmlNodeList digestMethodNodes = value.SelectNodes("ds:DigestMethod", nsm);
if (digestMethodNodes == null || digestMethodNodes.Count == 0 || digestMethodNodes.Count > 1)
{
throw new CryptographicException(SR.Cryptography_Xml_InvalidElement, "Reference/DigestMethod");
}
XmlElement digestMethodElement = digestMethodNodes[0] as XmlElement;
_digestMethod = Utils.GetAttribute(digestMethodElement, "Algorithm", SignedXml.XmlDsigNamespaceUrl);
if (_digestMethod == null || !Utils.VerifyAttributes(digestMethodElement, "Algorithm"))
{
throw new CryptographicException(SR.Cryptography_Xml_InvalidElement, "Reference/DigestMethod");
}
// DigestValue
XmlNodeList digestValueNodes = value.SelectNodes("ds:DigestValue", nsm);
if (digestValueNodes == null || digestValueNodes.Count == 0 || digestValueNodes.Count > 1)
{
throw new CryptographicException(SR.Cryptography_Xml_InvalidElement, "Reference/DigestValue");
}
XmlElement digestValueElement = digestValueNodes[0] as XmlElement;
_digestValue = Convert.FromBase64String(Utils.DiscardWhiteSpaces(digestValueElement.InnerText));
if (!Utils.VerifyAttributes(digestValueElement, (string[])null))
{
throw new CryptographicException(SR.Cryptography_Xml_InvalidElement, "Reference/DigestValue");
}
// Verify that there aren't any extra nodes that aren't allowed
int expectedChildNodeCount = hasTransforms ? 3 : 2;
if (value.SelectNodes("*").Count != expectedChildNodeCount)
{
throw new CryptographicException(SR.Cryptography_Xml_InvalidElement, "Reference");
}
// cache the Xml
_cachedXml = value;
}
public DataReference(string uri, TransformChain transformChain) : base(uri, transformChain)
{
base.ReferenceType = "DataReference";
}
// What we want to do is pump the input throug the TransformChain and then
// hash the output of the chain document is the document context for resolving relative references
internal byte[] CalculateHashValue(XmlDocument document, CanonicalXmlNodeList refList)
{
// refList is a list of elements that might be targets of references
// Now's the time to create our hashing algorithm
_hashAlgorithm = CryptoHelpers.CreateFromName <HashAlgorithm>(_digestMethod);
if (_hashAlgorithm == null)
{
throw new CryptographicException(SR.Cryptography_Xml_CreateHashAlgorithmFailed);
}
// Let's go get the target.
string baseUri = (document == null ? System.Environment.CurrentDirectory + "\\" : document.BaseURI);
Stream hashInputStream = null;
WebResponse response = null;
Stream inputStream = null;
XmlResolver resolver = null;
byte[] hashval = null;
try
{
switch (_refTargetType)
{
case ReferenceTargetType.Stream:
// This is the easiest case. We already have a stream, so just pump it through the TransformChain
resolver = (SignedXml.ResolverSet ? SignedXml._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri));
hashInputStream = TransformChain.TransformToOctetStream((Stream)_refTarget, resolver, baseUri);
break;
case ReferenceTargetType.UriReference:
// Second-easiest case -- dereference the URI & pump through the TransformChain
// handle the special cases where the URI is null (meaning whole doc)
// or the URI is just a fragment (meaning a reference to an embedded Object)
if (_uri == null)
{
// We need to create a DocumentNavigator out of the XmlElement
resolver = (SignedXml.ResolverSet ? SignedXml._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri));
// In the case of a Uri-less reference, we will simply pass null to the transform chain.
// The first transform in the chain is expected to know how to retrieve the data to hash.
hashInputStream = TransformChain.TransformToOctetStream((Stream)null, resolver, baseUri);
}
else if (_uri.Length == 0)
{
// This is the self-referential case. First, check that we have a document context.
// The Enveloped Signature does not discard comments as per spec; those will be omitted during the transform chain process
if (document == null)
{
throw new CryptographicException(SR.Format(SR.Cryptography_Xml_SelfReferenceRequiresContext, _uri));
}
// Normalize the containing document
resolver = (SignedXml.ResolverSet ? SignedXml._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri));
XmlDocument docWithNoComments = Utils.DiscardComments(Utils.PreProcessDocumentInput(document, resolver, baseUri));
hashInputStream = TransformChain.TransformToOctetStream(docWithNoComments, resolver, baseUri);
}
else if (_uri[0] == '#')
{
// If we get here, then we are constructing a Reference to an embedded DataObject
// referenced by an Id = attribute. Go find the relevant object
bool discardComments = true;
string idref = Utils.GetIdFromLocalUri(_uri, out discardComments);
if (idref == "xpointer(/)")
{
// This is a self referencial case
if (document == null)
{
throw new CryptographicException(SR.Format(SR.Cryptography_Xml_SelfReferenceRequiresContext, _uri));
}
// We should not discard comments here!!!
resolver = (SignedXml.ResolverSet ? SignedXml._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri));
hashInputStream = TransformChain.TransformToOctetStream(Utils.PreProcessDocumentInput(document, resolver, baseUri), resolver, baseUri);
break;
}
XmlElement elem = SignedXml.GetIdElement(document, idref);
if (elem != null)
{
_namespaces = Utils.GetPropagatedAttributes(elem.ParentNode as XmlElement);
}
if (elem == null)
{
// Go throw the referenced items passed in
if (refList != null)
{
foreach (XmlNode node in refList)
{
XmlElement tempElem = node as XmlElement;
if ((tempElem != null) && (Utils.HasAttribute(tempElem, "Id", SignedXml.XmlDsigNamespaceUrl)) &&
(Utils.GetAttribute(tempElem, "Id", SignedXml.XmlDsigNamespaceUrl).Equals(idref)))
{
elem = tempElem;
if (_signedXml._context != null)
{
_namespaces = Utils.GetPropagatedAttributes(_signedXml._context);
}
break;
}
}
}
}
if (elem == null)
{
throw new CryptographicException(SR.Cryptography_Xml_InvalidReference);
}
XmlDocument normDocument = Utils.PreProcessElementInput(elem, resolver, baseUri);
// Add the propagated attributes
Utils.AddNamespaces(normDocument.DocumentElement, _namespaces);
resolver = (SignedXml.ResolverSet ? SignedXml._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri));
if (discardComments)
{
// We should discard comments before going into the transform chain
XmlDocument docWithNoComments = Utils.DiscardComments(normDocument);
hashInputStream = TransformChain.TransformToOctetStream(docWithNoComments, resolver, baseUri);
}
else
{
// This is an XPointer reference, do not discard comments!!!
hashInputStream = TransformChain.TransformToOctetStream(normDocument, resolver, baseUri);
}
}
else
{
throw new CryptographicException(SR.Cryptography_Xml_UriNotResolved, _uri);
}
break;
case ReferenceTargetType.XmlElement:
// We need to create a DocumentNavigator out of the XmlElement
resolver = (SignedXml.ResolverSet ? SignedXml._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri));
hashInputStream = TransformChain.TransformToOctetStream(Utils.PreProcessElementInput((XmlElement)_refTarget, resolver, baseUri), resolver, baseUri);
break;
default:
throw new CryptographicException(SR.Cryptography_Xml_UriNotResolved, _uri);
}
// Compute the new hash value
hashInputStream = SignedXmlDebugLog.LogReferenceData(this, hashInputStream);
hashval = _hashAlgorithm.ComputeHash(hashInputStream);
}
finally
{
if (hashInputStream != null)
{
hashInputStream.Close();
}
if (response != null)
{
response.Close();
}
if (inputStream != null)
{
inputStream.Close();
}
}
return(hashval);
}
public virtual void LoadXml (XmlElement value)
{
if (value == null)
throw new ArgumentNullException ("value");
else {
Uri = null;
TransformChain = new TransformChain ();
foreach (XmlNode n in value.ChildNodes) {
if (n is XmlWhitespace)
continue;
switch (n.LocalName) {
case XmlEncryption.ElementNames.Transforms:
foreach (XmlNode xn in ((XmlElement) n).GetElementsByTagName (XmlSignature.ElementNames.Transform, XmlSignature.NamespaceURI)) {
Transform t = null;
switch (((XmlElement) xn).Attributes [XmlSignature.AttributeNames.Algorithm].Value) {
case XmlSignature.AlgorithmNamespaces.XmlDsigBase64Transform:
t = new XmlDsigBase64Transform ();
break;
case XmlSignature.AlgorithmNamespaces.XmlDsigC14NTransform:
t = new XmlDsigC14NTransform ();
break;
case XmlSignature.AlgorithmNamespaces.XmlDsigC14NWithCommentsTransform:
t = new XmlDsigC14NWithCommentsTransform ();
break;
case XmlSignature.AlgorithmNamespaces.XmlDsigEnvelopedSignatureTransform:
t = new XmlDsigEnvelopedSignatureTransform ();
break;
case XmlSignature.AlgorithmNamespaces.XmlDsigXPathTransform:
t = new XmlDsigXPathTransform ();
break;
case XmlSignature.AlgorithmNamespaces.XmlDsigXsltTransform:
t = new XmlDsigXsltTransform ();
break;
case XmlSignature.AlgorithmNamespaces.XmlDsigExcC14NTransform:
t = new XmlDsigExcC14NTransform ();
break;
case XmlSignature.AlgorithmNamespaces.XmlDsigExcC14NWithCommentsTransform:
t = new XmlDsigExcC14NWithCommentsTransform ();
break;
case XmlSignature.AlgorithmNamespaces.XmlDecryptionTransform:
t = new XmlDecryptionTransform ();
break;
default:
continue;
}
t.LoadInnerXml (((XmlElement) xn).ChildNodes);
TransformChain.Add (t);
}
break;
}
}
if (value.HasAttribute (XmlEncryption.AttributeNames.URI))
Uri = value.Attributes [XmlEncryption.AttributeNames.URI].Value;
}
}
protected EncryptedReference (string uri)
{
Uri = uri;
TransformChain = new TransformChain ();
}
public override void LoadXml (XmlElement value)
{
if (value == null)
throw new ArgumentNullException ("value");
if ((value.LocalName != XmlEncryption.ElementNames.CipherReference) || (value.NamespaceURI != EncryptedXml.XmlEncNamespaceUrl))
throw new CryptographicException ("Malformed CipherReference element.");
else {
Uri = null;
TransformChain = new TransformChain ();
foreach (XmlNode n in value.ChildNodes) {
if (n is XmlWhitespace)
continue;
switch (n.LocalName) {
case XmlEncryption.ElementNames.Transforms:
foreach (XmlNode xn in ((XmlElement) n).GetElementsByTagName (XmlSignature.ElementNames.Transform, XmlSignature.NamespaceURI)) {
Transform t = null;
switch (((XmlElement) xn).Attributes [XmlSignature.AttributeNames.Algorithm].Value) {
case XmlSignature.AlgorithmNamespaces.XmlDsigBase64Transform:
t = new XmlDsigBase64Transform ();
break;
case XmlSignature.AlgorithmNamespaces.XmlDsigC14NTransform:
t = new XmlDsigC14NTransform ();
break;
case XmlSignature.AlgorithmNamespaces.XmlDsigC14NWithCommentsTransform:
t = new XmlDsigC14NWithCommentsTransform ();
break;
case XmlSignature.AlgorithmNamespaces.XmlDsigEnvelopedSignatureTransform:
t = new XmlDsigEnvelopedSignatureTransform ();
break;
case XmlSignature.AlgorithmNamespaces.XmlDsigXPathTransform:
t = new XmlDsigXPathTransform ();
break;
case XmlSignature.AlgorithmNamespaces.XmlDsigXsltTransform:
t = new XmlDsigXsltTransform ();
break;
#if NET_2_0
case XmlSignature.AlgorithmNamespaces.XmlDecryptionTransform:
t = new XmlDecryptionTransform ();
break;
#endif
default:
continue;
}
t.LoadInnerXml (((XmlElement) xn).ChildNodes);
TransformChain.Add (t);
}
break;
}
}
if (value.HasAttribute (XmlEncryption.AttributeNames.URI))
Uri = value.Attributes [XmlEncryption.AttributeNames.URI].Value;
}
}
public CipherReference(string uri, TransformChain transformChain) : base(uri, transformChain)
{
ReferenceType = "CipherReference";
}
protected EncryptedReference ()
{
TransformChain = new TransformChain ();
}
protected EncryptedReference ()
{
uri = null;
TransformChain = new TransformChain ();
}
//
// private methods
//
private byte[] GetCipherValue(CipherData cipherData)
{
if (cipherData == null)
{
throw new ArgumentNullException("cipherData");
}
WebResponse response = null;
Stream inputStream = null;
if (cipherData.CipherValue != null)
{
return(cipherData.CipherValue);
}
else if (cipherData.CipherReference != null)
{
if (cipherData.CipherReference.CipherValue != null)
{
return(cipherData.CipherReference.CipherValue);
}
Stream decInputStream = null;
// See if the CipherReference is a local URI
if (!Utils.GetLeaveCipherValueUnchecked() && cipherData.CipherReference.Uri == null)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_UriNotSupported"));
}
if (cipherData.CipherReference.Uri.Length == 0)
{
// self referenced Uri
string baseUri = (m_document == null ? null : m_document.BaseURI);
TransformChain tc = cipherData.CipherReference.TransformChain;
if (!Utils.GetLeaveCipherValueUnchecked() && tc == null)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_UriNotSupported"));
}
decInputStream = tc.TransformToOctetStream(m_document, m_xmlResolver, baseUri);
}
else if (cipherData.CipherReference.Uri[0] == '#')
{
string idref = Utils.ExtractIdFromLocalUri(cipherData.CipherReference.Uri);
// Serialize
if (Utils.GetLeaveCipherValueUnchecked())
{
inputStream = new MemoryStream(m_encoding.GetBytes(GetIdElement(m_document, idref).OuterXml));
}
else
{
XmlElement idElem = GetIdElement(m_document, idref);
if (idElem == null || idElem.OuterXml == null)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_UriNotSupported"));
}
inputStream = new MemoryStream(m_encoding.GetBytes(idElem.OuterXml));
}
string baseUri = (m_document == null ? null : m_document.BaseURI);
TransformChain tc = cipherData.CipherReference.TransformChain;
if (!Utils.GetLeaveCipherValueUnchecked() && tc == null)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_UriNotSupported"));
}
decInputStream = tc.TransformToOctetStream(inputStream, m_xmlResolver, baseUri);
}
else
{
DownloadCipherValue(cipherData, out inputStream, out decInputStream, out response);
}
// read the output stream into a memory stream
byte[] cipherValue = null;
using (MemoryStream ms = new MemoryStream()) {
Utils.Pump(decInputStream, ms);
cipherValue = ms.ToArray();
// Close the stream and return
if (response != null)
{
response.Close();
}
if (inputStream != null)
{
inputStream.Close();
}
decInputStream.Close();
}
// cache the cipher value for Perf reasons in case we call this routine twice
cipherData.CipherReference.CipherValue = cipherValue;
return(cipherValue);
}
// Throw a CryptographicException if we were unable to retrieve the cipher data.
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_MissingCipherData"));
}
