private static void ValidateReference(
SignedXml signedXml,
XmlElement xmlElement,
string mininumDigestAlgorithm)
{
if (signedXml.SignedInfo.References.Count == 0)
{
throw new InvalidSignatureException(
"No reference found in Xml signature, it doesn't validate the Xml data.");
}
if (signedXml.SignedInfo.References.Count != 1)
{
throw new InvalidSignatureException("Multiple references for Xml signatures are not allowed.");
}
var reference = (Reference)signedXml.SignedInfo.References[0];
if (string.IsNullOrWhiteSpace(reference.Uri))
{
throw new InvalidSignatureException("Empty reference for Xml signature is not allowed.");
}
var id = reference.Uri.Substring(1);
var idElement = signedXml.GetIdElement(xmlElement.OwnerDocument, id);
if (idElement != xmlElement)
{
throw new InvalidSignatureException(
"Incorrect reference on Xml signature. The reference must be to the root element of the element containing the signature.");
}
foreach (Transform transform in reference.TransformChain)
{
if (!allowedTransforms.Contains(transform.Algorithm))
{
throw new InvalidSignatureException(
"Transform \"" + transform.Algorithm +
"\" found in Xml signature SHOULD NOT be used with SAML2.");
}
}
if (!DigestAlgorithms.SkipWhile(a => a != mininumDigestAlgorithm)
.Contains(reference.DigestMethod))
{
throw new InvalidSignatureException("The digest method " + reference.DigestMethod
+ " is weaker than the minimum accepted " +
mininumDigestAlgorithm + ".");
}
}
