void ResolveSigningCredentials() { if (_signedXml.Signature == null || _signedXml.Signature.KeyIdentifier == null || _signedXml.Signature.KeyIdentifier.Count == 0) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID3276))); } SecurityKey signingKey = null; if (!_signingTokenResolver.TryResolveSecurityKey(_signedXml.Signature.KeyIdentifier[0], out signingKey)) { if (_resolveIntrinsicSigningKeys && _signedXml.Signature.KeyIdentifier.CanCreateKey) { signingKey = _signedXml.Signature.KeyIdentifier.CreateKey(); } else { // // we cannot find the signing key to verify the signature // EncryptedKeyIdentifierClause encryptedKeyClause; if (_signedXml.Signature.KeyIdentifier.TryFind <EncryptedKeyIdentifierClause>(out encryptedKeyClause)) { // // System.IdentityModel.Tokens.EncryptedKeyIdentifierClause.ToString() does not print out // very good information except the cipher data in this case. We have worked around that // by using the token serializer to serialize the key identifier clause again. // throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new SignatureVerificationFailedException( SR.GetString(SR.ID4036, XmlUtil.SerializeSecurityKeyIdentifier(_signedXml.Signature.KeyIdentifier, _tokenSerializer)))); } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new SignatureVerificationFailedException(SR.GetString(SR.ID4037, _signedXml.Signature.KeyIdentifier.ToString()))); } } } WifSignedInfo signedInfo = _signedXml.Signature.SignedInfo as WifSignedInfo; _signingCredentials = new SigningCredentials(signingKey, _signedXml.Signature.SignedInfo.SignatureMethod, signedInfo[0].DigestMethod, _signedXml.Signature.KeyIdentifier); }
void OnEndOfRootElement() { if (null == _signedXml) { if (_requireSignature) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new CryptographicException(SR.GetString(SR.ID3089))); } } else { ResolveSigningCredentials(); _signedXml.StartSignatureVerification(_signingCredentials.SigningKey); _wrappedReader.XmlTokens.SetElementExclusion(XD.XmlSignatureDictionary.Signature.Value, XD.XmlSignatureDictionary.Namespace.Value); WifSignedInfo signedInfo = _signedXml.Signature.SignedInfo as WifSignedInfo; _signedXml.EnsureDigestValidity(signedInfo[0].ExtractReferredId(), _wrappedReader); _signedXml.CompleteSignatureVerification(); } }