/// <summary>
/// Digs the <Signature> element out of the document.
/// </summary>
/// <param name="el">The element.</param>
/// <returns>The <see cref="SignedXml"/>.</returns>
/// <exception cref="InvalidOperationException">if the document does not contain a signature.</exception>
private static SignedXml RetrieveSignature(XmlElement el)
{
if (el.OwnerDocument.DocumentElement == null)
{
var doc = new XmlDocument()
{
PreserveWhitespace = true
};
doc.LoadXml(el.OuterXml);
el = doc.DocumentElement;
}
SignedXml signedXml = new SignedXmlWithIdResolvement(el);
var nodeList = el.GetElementsByTagName(Schema.XmlDSig.Signature.ElementName, Saml20Constants.Xmldsig);
if (nodeList.Count == 0)
{
throw new InvalidOperationException("Document does not contain a signature to verify.");
}
signedXml.LoadXml((XmlElement)nodeList[0]);
// To support SHA256 for XML signatures, an additional algorithm must be enabled.
// This is not supported in .Net versions older than 4.0. In older versions,
// an exception will be raised if an SHA256 signature method is attempted to be used.
if (signedXml.SignatureMethod.Contains("rsa-sha256"))
{
SetupSHA256();
}
// verify that the inlined signature has a valid reference uri
VerifyReferenceUri(signedXml, el.GetAttribute("ID"));
return(signedXml);
}
/// <summary>
/// Digs the <Signature> element out of the document.
/// </summary>
/// <param name="el">The element.</param>
/// <returns>The <see cref="SignedXml"/>.</returns>
/// <exception cref="InvalidOperationException">if the document does not contain a signature.</exception>
private static SignedXml RetrieveSignature(XmlElement el)
{
if (el.OwnerDocument.DocumentElement == null)
{
var doc = new XmlDocument()
{
PreserveWhitespace = true
};
doc.LoadXml(el.OuterXml);
el = doc.DocumentElement;
}
SignedXml signedXml = new SignedXmlWithIdResolvement(el);
var nodeList = el.GetElementsByTagName(Schema.XmlDSig.Signature.ElementName, Saml20Constants.Xmldsig);
if (nodeList.Count == 0)
{
throw new InvalidOperationException("Document does not contain a signature to verify.");
}
signedXml.LoadXml((XmlElement)nodeList[0]);
// To support SHA256 for XML signatures, an additional algorithm must be enabled.
// This is not supported in .Net versions older than 4.0. In older versions,
// an exception will be raised if an SHA256 signature method is attempted to be used.
if (signedXml.SignatureMethod.Contains("rsa-sha256"))
{
var addAlgorithmMethod = typeof(CryptoConfig).GetMethod("AddAlgorithm", BindingFlags.Public | BindingFlags.Static);
if (addAlgorithmMethod == null)
{
throw new InvalidOperationException("This version of .Net does not support CryptoConfig.AddAlgorithm. Enabling sha256 not psosible.");
}
addAlgorithmMethod.Invoke(null, new object[] { typeof(RSAPKCS1SHA256SignatureDescription), new[] { signedXml.SignatureMethod } });
}
// verify that the inlined signature has a valid reference uri
VerifyReferenceUri(signedXml, el.GetAttribute("ID"));
return(signedXml);
}
/// <summary>
/// Digs the <Signature> element out of the document.
/// </summary>
/// <param name="el">The element.</param>
/// <returns>The <see cref="SignedXml"/>.</returns>
/// <exception cref="InvalidOperationException">if the document does not contain a signature.</exception>
private static SignedXml RetrieveSignature(XmlElement el)
{
if (el.OwnerDocument.DocumentElement == null)
{
var doc = new XmlDocument() { PreserveWhitespace = true };
doc.LoadXml(el.OuterXml);
el = doc.DocumentElement;
}
SignedXml signedXml = new SignedXmlWithIdResolvement(el);
var nodeList = el.GetElementsByTagName(Schema.XmlDSig.Signature.ElementName, Saml20Constants.Xmldsig);
if (nodeList.Count == 0)
{
throw new InvalidOperationException("Document does not contain a signature to verify.");
}
signedXml.LoadXml((XmlElement)nodeList[0]);
// To support SHA256 for XML signatures, an additional algorithm must be enabled.
// This is not supported in .Net versions older than 4.0. In older versions,
// an exception will be raised if an SHA256 signature method is attempted to be used.
if (signedXml.SignatureMethod.Contains("rsa-sha256"))
{
var addAlgorithmMethod = typeof(CryptoConfig).GetMethod("AddAlgorithm", BindingFlags.Public | BindingFlags.Static);
if (addAlgorithmMethod == null)
{
throw new InvalidOperationException("This version of .Net does not support CryptoConfig.AddAlgorithm. Enabling sha256 not psosible.");
}
addAlgorithmMethod.Invoke(null, new object[] { typeof(RSAPKCS1SHA256SignatureDescription), new[] { signedXml.SignatureMethod } });
}
// verify that the inlined signature has a valid reference uri
VerifyReferenceUri(signedXml, el.GetAttribute("ID"));
return signedXml;
}
