protected override void StartPrimarySignatureCore(SecurityToken token, SecurityKeyIdentifier keyIdentifier, MessagePartSpecification signatureParts, bool generateTargettableSignature)
 {
     string str3;
     XmlDictionaryString str4;
     SecurityAlgorithmSuite algorithmSuite = base.AlgorithmSuite;
     string defaultCanonicalizationAlgorithm = algorithmSuite.DefaultCanonicalizationAlgorithm;
     XmlDictionaryString defaultCanonicalizationAlgorithmDictionaryString = algorithmSuite.DefaultCanonicalizationAlgorithmDictionaryString;
     if (defaultCanonicalizationAlgorithm != "http://www.w3.org/2001/10/xml-exc-c14n#")
     {
         throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnsupportedCanonicalizationAlgorithm", new object[] { algorithmSuite.DefaultCanonicalizationAlgorithm })));
     }
     algorithmSuite.GetSignatureAlgorithmAndKey(token, out str3, out this.signatureKey, out str4);
     string defaultDigestAlgorithm = algorithmSuite.DefaultDigestAlgorithm;
     XmlDictionaryString defaultDigestAlgorithmDictionaryString = algorithmSuite.DefaultDigestAlgorithmDictionaryString;
     this.signedInfo = new PreDigestedSignedInfo(ServiceModelDictionaryManager.Instance, defaultCanonicalizationAlgorithm, defaultCanonicalizationAlgorithmDictionaryString, defaultDigestAlgorithm, defaultDigestAlgorithmDictionaryString, str3, str4);
     this.signedXml = new SignedXml(this.signedInfo, ServiceModelDictionaryManager.Instance, base.StandardsManager.SecurityTokenSerializer);
     if (keyIdentifier != null)
     {
         this.signedXml.Signature.KeyIdentifier = keyIdentifier;
     }
     if (generateTargettableSignature)
     {
         this.signedXml.Id = base.GenerateId();
     }
     this.effectiveSignatureParts = signatureParts;
     this.hashStream = this.signedInfo.ResourcePool.TakeHashStream(defaultDigestAlgorithm);
 }
 protected override ISignatureValueSecurityElement CompletePrimarySignatureCore(SendSecurityHeaderElement[] signatureConfirmations, SecurityToken[] signedEndorsingTokens, SecurityToken[] signedTokens, SendSecurityHeaderElement[] basicTokens)
 {
     ISignatureValueSecurityElement signedXml;
     if (this.signedXml == null)
     {
         return null;
     }
     SecurityTimestamp timestamp = base.Timestamp;
     if (timestamp != null)
     {
         if (timestamp.Id == null)
         {
             throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("TimestampToSignHasNoId")));
         }
         HashStream stream = this.TakeHashStream();
         base.StandardsManager.WSUtilitySpecificationVersion.WriteTimestampCanonicalForm(stream, timestamp, this.signedInfo.ResourcePool.TakeEncodingBuffer());
         this.signedInfo.AddReference(timestamp.Id, stream.FlushHashAndGetValue());
     }
     if ((base.ShouldSignToHeader && (this.signatureKey is AsymmetricSecurityKey)) && (base.Version.Addressing != AddressingVersion.None))
     {
         if (this.toHeaderHash == null)
         {
             throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("TransportSecurityRequireToHeader")));
         }
         this.signedInfo.AddReference(this.toHeaderId, this.toHeaderHash);
     }
     this.AddSignatureReference(signatureConfirmations);
     if (base.RequireMessageProtection)
     {
         this.AddSignatureReference(signedEndorsingTokens);
         this.AddSignatureReference(signedTokens);
         this.AddSignatureReference(basicTokens);
     }
     if (this.signedInfo.ReferenceCount == 0)
     {
         throw TraceUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("NoPartsOfMessageMatchedPartsToSign")), base.Message);
     }
     try
     {
         this.signedXml.ComputeSignature(this.signatureKey);
         signedXml = this.signedXml;
     }
     finally
     {
         this.hashStream = null;
         this.signedInfo = null;
         this.signedXml = null;
         this.signatureKey = null;
         this.effectiveSignatureParts = null;
     }
     return signedXml;
 }
 protected override ISignatureValueSecurityElement CreateSupportingSignature(SecurityToken token, SecurityKeyIdentifier identifier, ISecurityElement elementToSign)
 {
     string str;
     XmlDictionaryString str2;
     SecurityKey key;
     SecurityAlgorithmSuite algorithmSuite = base.AlgorithmSuite;
     algorithmSuite.GetSignatureAlgorithmAndKey(token, out str, out key, out str2);
     SignedXml xml = new SignedXml(ServiceModelDictionaryManager.Instance, base.StandardsManager.SecurityTokenSerializer);
     SignedInfo signedInfo = xml.Signature.SignedInfo;
     signedInfo.CanonicalizationMethod = algorithmSuite.DefaultCanonicalizationAlgorithm;
     signedInfo.CanonicalizationMethodDictionaryString = algorithmSuite.DefaultCanonicalizationAlgorithmDictionaryString;
     signedInfo.SignatureMethod = str;
     signedInfo.SignatureMethodDictionaryString = str2;
     if (elementToSign.Id == null)
     {
         throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("ElementToSignMustHaveId")));
     }
     Reference reference = new Reference(ServiceModelDictionaryManager.Instance, "#" + elementToSign.Id, elementToSign) {
         DigestMethod = algorithmSuite.DefaultDigestAlgorithm,
         DigestMethodDictionaryString = algorithmSuite.DefaultDigestAlgorithmDictionaryString
     };
     reference.AddTransform(new ExclusiveCanonicalizationTransform());
     ((StandardSignedInfo) signedInfo).AddReference(reference);
     xml.ComputeSignature(key);
     if (identifier != null)
     {
         xml.Signature.KeyIdentifier = identifier;
     }
     return xml;
 }
Exemplo n.º 4
0
        void VerifySignature(SignedXml signature, SecurityKey signatureVerificationKey)
        {
            if (signature == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("signature");

            if (signatureVerificationKey == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("signatureVerificatonKey");

            signature.StartSignatureVerification(signatureVerificationKey);
            signature.EnsureDigestValidity(this.assertionId, tokenStream);
            signature.CompleteSignatureVerification();
        }
Exemplo n.º 5
0
        void ICanonicalWriterEndRootElementCallback.OnEndOfRootElement(XmlDictionaryWriter dictionaryWriter)
        {
            byte[] hashValue = this.hashStream.FlushHashAndGetValue();

            PreDigestedSignedInfo signedInfo = new PreDigestedSignedInfo(this.dictionaryManager);
            signedInfo.AddEnvelopedSignatureTransform = true;
            signedInfo.CanonicalizationMethod = SecurityAlgorithms.ExclusiveC14n;
            signedInfo.SignatureMethod = this.signingCredentials.SignatureAlgorithm;
            signedInfo.DigestMethod = this.signingCredentials.DigestAlgorithm;
            signedInfo.AddReference(this.assertionId, hashValue);

            SignedXml signedXml = new SignedXml(signedInfo, this.dictionaryManager, this.keyInfoSerializer);
            signedXml.ComputeSignature(this.signingCredentials.SigningKey);
            signedXml.Signature.KeyIdentifier = this.signingCredentials.SigningKeyIdentifier;
            signedXml.WriteTo(dictionaryWriter);
        }
 public Signature(SignedXml signedXml, System.IdentityModel.SignedInfo signedInfo)
 {
     this.signedXml = signedXml;
     this.signedInfo = signedInfo;
 }
Exemplo n.º 7
0
        protected void ReadSignature(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver, SamlSerializer samlSerializer)
        {
            if (reader == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");

            if (samlSerializer == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("samlSerializer");

            if (this.signature != null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SAMLSignatureAlreadyRead)));

            // If the reader cannot canonicalize then buffer the signature element to a canonicalizing reader.
            XmlDictionaryReader effectiveReader = reader;
            if (!effectiveReader.CanCanonicalize)
            {
                MemoryStream stream = new MemoryStream();
                XmlDictionaryWriter writer = XmlDictionaryWriter.CreateBinaryWriter(stream, samlSerializer.DictionaryManager.ParentDictionary);
                writer.WriteNode(effectiveReader, false);
                writer.Flush();
                stream.Position = 0;
                effectiveReader = XmlDictionaryReader.CreateBinaryReader(stream.GetBuffer(), 0, (int)stream.Length, samlSerializer.DictionaryManager.ParentDictionary, reader.Quotas);
                effectiveReader.MoveToContent();
                writer.Close();
            }
            SignedXml signedXml = new SignedXml(new StandardSignedInfo(samlSerializer.DictionaryManager), samlSerializer.DictionaryManager, keyInfoSerializer);
            signedXml.TransformFactory = ExtendedTransformFactory.Instance;
            signedXml.ReadFrom(effectiveReader);
            SecurityKeyIdentifier securityKeyIdentifier = signedXml.Signature.KeyIdentifier;
            this.verificationKey = SamlSerializer.ResolveSecurityKey(securityKeyIdentifier, outOfBandTokenResolver);
            if (this.verificationKey == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLUnableToResolveSignatureKey, this.issuer)));

            this.signature = signedXml;
            this.signingToken = SamlSerializer.ResolveSecurityToken(securityKeyIdentifier, outOfBandTokenResolver);
            if (this.signingToken == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SamlSigningTokenNotFound)));

            if (!ReferenceEquals(reader, effectiveReader))
                effectiveReader.Close();
        }
 protected override SecurityToken VerifySignature(SignedXml signedXml, bool isPrimarySignature, SecurityHeaderTokenResolver resolver, object signatureTarget, string id)
 {
     SecurityToken token = this.ResolveSignatureToken(signedXml.Signature.KeyIdentifier, resolver, isPrimarySignature);
     if (isPrimarySignature)
     {
         base.RecordSignatureToken(token);
     }
     ReadOnlyCollection<SecurityKey> securityKeys = token.SecurityKeys;
     SecurityKey securityKey = ((securityKeys != null) && (securityKeys.Count > 0)) ? securityKeys[0] : null;
     if (securityKey == null)
     {
         throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnableToCreateICryptoFromTokenForSignatureVerification", new object[] { token })));
     }
     base.AlgorithmSuite.EnsureAcceptableSignatureKeySize(securityKey, token);
     base.AlgorithmSuite.EnsureAcceptableSignatureAlgorithm(securityKey, signedXml.Signature.SignedInfo.SignatureMethod);
     signedXml.StartSignatureVerification(securityKey);
     StandardSignedInfo signedInfo = (StandardSignedInfo) signedXml.Signature.SignedInfo;
     this.ValidateDigestsOfTargetsInSecurityHeader(signedInfo, base.Timestamp, isPrimarySignature, signatureTarget, id);
     if (!isPrimarySignature)
     {
         if ((!base.RequireMessageProtection && (securityKey is AsymmetricSecurityKey)) && (base.Version.Addressing != AddressingVersion.None))
         {
             int headerIndex = base.Message.Headers.FindHeader(System.ServiceModel.XD.AddressingDictionary.To.Value, base.Message.Version.Addressing.Namespace);
             if (headerIndex == -1)
             {
                 throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("TransportSecuredMessageMissingToHeader")));
             }
             XmlDictionaryReader readerAtHeader = base.Message.Headers.GetReaderAtHeader(headerIndex);
             id = readerAtHeader.GetAttribute(System.ServiceModel.XD.UtilityDictionary.IdAttribute, System.ServiceModel.XD.UtilityDictionary.Namespace);
             if (id == null)
             {
                 throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnsignedToHeaderInTransportSecuredMessage")));
             }
             signedXml.EnsureDigestValidity(id, readerAtHeader);
         }
         signedXml.CompleteSignatureVerification();
         return token;
     }
     this.pendingSignature = signedXml;
     return token;
 }
Exemplo n.º 9
0
 public Signature(SignedXml signedXml, SignedInfo signedInfo)
 {
     this.signedXml = signedXml;
     this.signedInfo = signedInfo;
 }
 protected override void ExecuteMessageProtectionPass(bool hasAtLeastOneSupportingTokenExpectedToBeSigned)
 {
     bool flag8;
     bool flag9;
     SignatureTargetIdManager idManager = base.StandardsManager.IdManager;
     MessagePartSpecification specification = base.RequiredEncryptionParts ?? MessagePartSpecification.NoParts;
     MessagePartSpecification signatureParts = base.RequiredSignatureParts ?? MessagePartSpecification.NoParts;
     bool checkForTokensAtHeaders = hasAtLeastOneSupportingTokenExpectedToBeSigned;
     bool doSoapAttributeChecks = !signatureParts.IsBodyIncluded;
     bool encryptBeforeSignMode = base.EncryptBeforeSignMode;
     SignedInfo signedInfo = (this.pendingSignature != null) ? this.pendingSignature.Signature.SignedInfo : null;
     SignatureConfirmations sentSignatureConfirmations = base.GetSentSignatureConfirmations();
     if (((sentSignatureConfirmations != null) && (sentSignatureConfirmations.Count > 0)) && sentSignatureConfirmations.IsMarkedForEncryption)
     {
         base.VerifySignatureEncryption();
     }
     MessageHeaders headers = base.SecurityVerifiedMessage.Headers;
     XmlDictionaryReader readerAtFirstHeader = base.SecurityVerifiedMessage.GetReaderAtFirstHeader();
     bool atLeastOneHeaderOrBodyEncrypted = false;
     for (int i = 0; i < headers.Count; i++)
     {
         if (readerAtFirstHeader.NodeType != XmlNodeType.Element)
         {
             readerAtFirstHeader.MoveToContent();
         }
         if (i == base.HeaderIndex)
         {
             readerAtFirstHeader.Skip();
         }
         else
         {
             bool flag6;
             bool flag5 = false;
             string str = idManager.ExtractId(readerAtFirstHeader);
             if (str != null)
             {
                 flag5 = this.TryDeleteReferenceListEntry(str);
             }
             if (!flag5 && readerAtFirstHeader.IsStartElement("EncryptedHeader", "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"))
             {
                 XmlDictionaryReader readerAtHeader = headers.GetReaderAtHeader(i);
                 readerAtHeader.ReadStartElement("EncryptedHeader", "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd");
                 if (readerAtHeader.IsStartElement(EncryptedData.ElementName, System.ServiceModel.XD.XmlEncryptionDictionary.Namespace))
                 {
                     string attribute = readerAtHeader.GetAttribute(System.ServiceModel.XD.XmlEncryptionDictionary.Id, null);
                     if ((attribute != null) && this.TryDeleteReferenceListEntry(attribute))
                     {
                         flag5 = true;
                     }
                 }
             }
             base.ElementManager.VerifyUniquenessAndSetHeaderId(str, i);
             MessageHeaderInfo info = headers[i];
             if (!flag5 && specification.IsHeaderIncluded(info.Name, info.Namespace))
             {
                 base.SecurityVerifiedMessage.OnUnencryptedPart(info.Name, info.Namespace);
             }
             if ((!flag5 || encryptBeforeSignMode) && (str != null))
             {
                 flag6 = this.EnsureDigestValidityIfIdMatches(signedInfo, str, readerAtFirstHeader, doSoapAttributeChecks, signatureParts, info, checkForTokensAtHeaders);
             }
             else
             {
                 flag6 = false;
             }
             if (flag5)
             {
                 XmlDictionaryReader reader = flag6 ? headers.GetReaderAtHeader(i) : readerAtFirstHeader;
                 DecryptedHeader header = this.DecryptHeader(reader, this.pendingDecryptionToken);
                 info = header;
                 str = header.Id;
                 base.ElementManager.VerifyUniquenessAndSetDecryptedHeaderId(str, i);
                 headers.ReplaceAt(i, header);
                 if (!object.ReferenceEquals(reader, readerAtFirstHeader))
                 {
                     reader.Close();
                 }
                 if (!encryptBeforeSignMode && (str != null))
                 {
                     XmlDictionaryReader headerReader = header.GetHeaderReader();
                     flag6 = this.EnsureDigestValidityIfIdMatches(signedInfo, str, headerReader, doSoapAttributeChecks, signatureParts, info, checkForTokensAtHeaders);
                     headerReader.Close();
                 }
             }
             if (!flag6 && signatureParts.IsHeaderIncluded(info.Name, info.Namespace))
             {
                 base.SecurityVerifiedMessage.OnUnsignedPart(info.Name, info.Namespace);
             }
             if (flag6 && flag5)
             {
                 base.VerifySignatureEncryption();
             }
             if (flag5 && !flag6)
             {
                 throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("EncryptedHeaderNotSigned", new object[] { info.Name, info.Namespace })));
             }
             if (!flag6 && !flag5)
             {
                 readerAtFirstHeader.Skip();
             }
             atLeastOneHeaderOrBodyEncrypted |= flag5;
         }
     }
     readerAtFirstHeader.ReadEndElement();
     if (readerAtFirstHeader.NodeType != XmlNodeType.Element)
     {
         readerAtFirstHeader.MoveToContent();
     }
     string id = idManager.ExtractId(readerAtFirstHeader);
     base.ElementManager.VerifyUniquenessAndSetBodyId(id);
     base.SecurityVerifiedMessage.SetBodyPrefixAndAttributes(readerAtFirstHeader);
     bool flag7 = specification.IsBodyIncluded || this.HasPendingDecryptionItem();
     if ((!flag7 || encryptBeforeSignMode) && (id != null))
     {
         flag8 = this.EnsureDigestValidityIfIdMatches(signedInfo, id, readerAtFirstHeader, false, null, null, false);
     }
     else
     {
         flag8 = false;
     }
     if (flag7)
     {
         XmlDictionaryReader reader5 = flag8 ? base.SecurityVerifiedMessage.CreateFullBodyReader() : readerAtFirstHeader;
         reader5.ReadStartElement();
         string str4 = idManager.ExtractId(reader5);
         base.ElementManager.VerifyUniquenessAndSetBodyContentId(str4);
         flag9 = (str4 != null) && this.TryDeleteReferenceListEntry(str4);
         if (flag9)
         {
             this.DecryptBody(reader5, this.pendingDecryptionToken);
         }
         if (!object.ReferenceEquals(reader5, readerAtFirstHeader))
         {
             reader5.Close();
         }
         if ((!encryptBeforeSignMode && (signedInfo != null)) && signedInfo.HasUnverifiedReference(id))
         {
             reader5 = base.SecurityVerifiedMessage.CreateFullBodyReader();
             flag8 = this.EnsureDigestValidityIfIdMatches(signedInfo, id, reader5, false, null, null, false);
             reader5.Close();
         }
     }
     else
     {
         flag9 = false;
     }
     if (flag8 && flag9)
     {
         base.VerifySignatureEncryption();
     }
     readerAtFirstHeader.Close();
     if (this.pendingSignature != null)
     {
         this.pendingSignature.CompleteSignatureVerification();
         this.pendingSignature = null;
     }
     this.pendingDecryptionToken = null;
     atLeastOneHeaderOrBodyEncrypted |= flag9;
     if (!flag8 && signatureParts.IsBodyIncluded)
     {
         base.SecurityVerifiedMessage.OnUnsignedPart(System.ServiceModel.XD.MessageDictionary.Body.Value, base.Version.Envelope.Namespace);
     }
     if (!flag9 && specification.IsBodyIncluded)
     {
         base.SecurityVerifiedMessage.OnUnencryptedPart(System.ServiceModel.XD.MessageDictionary.Body.Value, base.Version.Envelope.Namespace);
     }
     base.SecurityVerifiedMessage.OnMessageProtectionPassComplete(atLeastOneHeaderOrBodyEncrypted);
 }
 protected override SignedXml ReadSignatureCore(XmlDictionaryReader signatureReader)
 {
     SignedXml xml = new SignedXml(ServiceModelDictionaryManager.Instance, base.StandardsManager.SecurityTokenSerializer);
     xml.Signature.SignedInfo.ResourcePool = base.ResourcePool;
     xml.ReadFrom(signatureReader);
     return xml;
 }
 public Signature(SignedXml signedXml, System.IdentityModel.SignedInfo signedInfo)
 {
     this.signedXml  = signedXml;
     this.signedInfo = signedInfo;
 }
        void ReadSignature()
        {
            _signedXml = new SignedXml(new WifSignedInfo(_dictionaryManager), _dictionaryManager, _tokenSerializer);
            _signedXml.TransformFactory = ExtendedTransformFactory.Instance;

            _signedXml.ReadFrom(_wrappedReader);

            if (_signedXml.Signature.SignedInfo.ReferenceCount != 1)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new CryptographicException(SR.GetString(SR.ID3057)));
            }
        }
        private void ComputeSignature()
        {
            PreDigestedSignedInfo signedInfo = new PreDigestedSignedInfo(_dictionaryManager);
            signedInfo.AddEnvelopedSignatureTransform = true;
            signedInfo.CanonicalizationMethod = XD.ExclusiveC14NDictionary.Namespace.Value;
            signedInfo.SignatureMethod = _signingCreds.SignatureAlgorithm;
            signedInfo.DigestMethod = _signingCreds.DigestAlgorithm;
            signedInfo.AddReference(_referenceId, _hashStream.FlushHashAndGetValue(_preCanonicalTracingStream));

            SignedXml signedXml = new SignedXml(signedInfo, _dictionaryManager, _tokenSerializer);
            signedXml.ComputeSignature(_signingCreds.SigningKey);
            signedXml.Signature.KeyIdentifier = _signingCreds.SigningKeyIdentifier;
            signedXml.WriteTo(base.InnerWriter);
            ((IDisposable)_hashStream).Dispose();
            _hashStream = null;
        }
 void ICanonicalWriterEndRootElementCallback.OnEndOfRootElement(XmlDictionaryWriter dictionaryWriter)
 {
     byte[] digest = this.hashStream.FlushHashAndGetValue();
     PreDigestedSignedInfo signedInfo = new PreDigestedSignedInfo(this.dictionaryManager) {
         AddEnvelopedSignatureTransform = true,
         CanonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#",
         SignatureMethod = this.signingCredentials.SignatureAlgorithm,
         DigestMethod = this.signingCredentials.DigestAlgorithm
     };
     signedInfo.AddReference(this.assertionId, digest);
     SignedXml xml = new SignedXml(signedInfo, this.dictionaryManager, this.keyInfoSerializer);
     xml.ComputeSignature(this.signingCredentials.SigningKey);
     xml.Signature.KeyIdentifier = this.signingCredentials.SigningKeyIdentifier;
     xml.WriteTo(dictionaryWriter);
 }
 protected void ReadSignature(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver, SamlSerializer samlSerializer)
 {
     if (reader == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
     }
     if (samlSerializer == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("samlSerializer");
     }
     if (this.signature != null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.IdentityModel.SR.GetString("SAMLSignatureAlreadyRead")));
     }
     XmlDictionaryReader reader2 = reader;
     if (!reader2.CanCanonicalize)
     {
         MemoryStream stream = new MemoryStream();
         XmlDictionaryWriter writer = XmlDictionaryWriter.CreateBinaryWriter(stream, samlSerializer.DictionaryManager.ParentDictionary);
         writer.WriteNode(reader2, false);
         writer.Flush();
         stream.Position = 0L;
         reader2 = XmlDictionaryReader.CreateBinaryReader(stream.GetBuffer(), 0, (int) stream.Length, samlSerializer.DictionaryManager.ParentDictionary, reader.Quotas);
         reader2.MoveToContent();
         writer.Close();
     }
     SignedXml xml = new SignedXml(new StandardSignedInfo(samlSerializer.DictionaryManager), samlSerializer.DictionaryManager, keyInfoSerializer) {
         TransformFactory = ExtendedTransformFactory.Instance
     };
     xml.ReadFrom(reader2);
     SecurityKeyIdentifier keyIdentifier = xml.Signature.KeyIdentifier;
     this.verificationKey = SamlSerializer.ResolveSecurityKey(keyIdentifier, outOfBandTokenResolver);
     if (this.verificationKey == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLUnableToResolveSignatureKey", new object[] { this.issuer })));
     }
     this.signature = xml;
     this.signingToken = SamlSerializer.ResolveSecurityToken(keyIdentifier, outOfBandTokenResolver);
     if (this.signingToken == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SamlSigningTokenNotFound")));
     }
     if (!object.ReferenceEquals(reader, reader2))
     {
         reader2.Close();
     }
 }