private void ValidateDigestsOfTargetsInSecurityHeader(StandardSignedInfo signedInfo, SecurityTimestamp timestamp, bool isPrimarySignature, object signatureTarget, string id)
{
for (int i = 0; i < signedInfo.ReferenceCount; i++)
{
Reference reference = signedInfo[i];
base.AlgorithmSuite.EnsureAcceptableDigestAlgorithm(reference.DigestMethod);
string str = reference.ExtractReferredId();
if (isPrimarySignature || (id == str))
{
if ((((timestamp != null) && (timestamp.Id == str)) && (!reference.TransformChain.NeedsInclusiveContext && (timestamp.DigestAlgorithm == reference.DigestMethod))) && (timestamp.GetDigest() != null))
{
reference.EnsureDigestValidity(str, timestamp.GetDigest());
base.ElementManager.SetTimestampSigned(str);
}
else if (signatureTarget != null)
{
reference.EnsureDigestValidity(id, signatureTarget);
}
else
{
XmlDictionaryReader signatureVerificationReader = base.ElementManager.GetSignatureVerificationReader(str, base.EncryptBeforeSignMode);
if (signatureVerificationReader != null)
{
reference.EnsureDigestValidity(str, signatureVerificationReader);
signatureVerificationReader.Close();
}
}
if (!isPrimarySignature)
{
return;
}
}
}
}
public override void MarkElements(ReceiveSecurityHeaderElementManager elementManager, bool messageSecurityMode)
{
bool flag = false;
for (int i = 0; i < elementManager.Count; i++)
{
ReceiveSecurityHeaderEntry entry;
elementManager.GetElementEntry(i, out entry);
if (entry.elementCategory == ReceiveSecurityHeaderElementCategory.Signature)
{
if (!messageSecurityMode)
{
elementManager.SetBindingMode(i, ReceiveSecurityHeaderBindingModes.Endorsing);
continue;
}
SignedXml element = (SignedXml)entry.element;
StandardSignedInfo signedInfo = (StandardSignedInfo)element.Signature.SignedInfo;
bool flag2 = false;
if (signedInfo.ReferenceCount == 1)
{
string uri = signedInfo[0].Uri;
if (((uri == null) || (uri.Length <= 1)) || (uri[0] != '#'))
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnableToResolveReferenceUriForSignature", new object[] { uri })));
}
string str2 = uri.Substring(1);
for (int j = 0; j < elementManager.Count; j++)
{
ReceiveSecurityHeaderEntry entry2;
elementManager.GetElementEntry(j, out entry2);
if (((j != i) && (entry2.elementCategory == ReceiveSecurityHeaderElementCategory.Signature)) && (entry2.id == str2))
{
flag2 = true;
break;
}
}
}
if (flag2)
{
elementManager.SetBindingMode(i, ReceiveSecurityHeaderBindingModes.Endorsing);
}
else
{
if (flag)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("AtMostOnePrimarySignatureInReceiveSecurityHeader")));
}
flag = true;
elementManager.SetBindingMode(i, ReceiveSecurityHeaderBindingModes.Primary);
}
}
}
}
protected override SecurityToken VerifySignature(SignedXml signedXml, bool isPrimarySignature, SecurityHeaderTokenResolver resolver, object signatureTarget, string id)
{
SecurityToken token = this.ResolveSignatureToken(signedXml.Signature.KeyIdentifier, resolver, isPrimarySignature);
if (isPrimarySignature)
{
base.RecordSignatureToken(token);
}
ReadOnlyCollection <SecurityKey> securityKeys = token.SecurityKeys;
SecurityKey securityKey = ((securityKeys != null) && (securityKeys.Count > 0)) ? securityKeys[0] : null;
if (securityKey == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnableToCreateICryptoFromTokenForSignatureVerification", new object[] { token })));
}
base.AlgorithmSuite.EnsureAcceptableSignatureKeySize(securityKey, token);
base.AlgorithmSuite.EnsureAcceptableSignatureAlgorithm(securityKey, signedXml.Signature.SignedInfo.SignatureMethod);
signedXml.StartSignatureVerification(securityKey);
StandardSignedInfo signedInfo = (StandardSignedInfo)signedXml.Signature.SignedInfo;
this.ValidateDigestsOfTargetsInSecurityHeader(signedInfo, base.Timestamp, isPrimarySignature, signatureTarget, id);
if (!isPrimarySignature)
{
if ((!base.RequireMessageProtection && (securityKey is AsymmetricSecurityKey)) && (base.Version.Addressing != AddressingVersion.None))
{
int headerIndex = base.Message.Headers.FindHeader(System.ServiceModel.XD.AddressingDictionary.To.Value, base.Message.Version.Addressing.Namespace);
if (headerIndex == -1)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("TransportSecuredMessageMissingToHeader")));
}
XmlDictionaryReader readerAtHeader = base.Message.Headers.GetReaderAtHeader(headerIndex);
id = readerAtHeader.GetAttribute(System.ServiceModel.XD.UtilityDictionary.IdAttribute, System.ServiceModel.XD.UtilityDictionary.Namespace);
if (id == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnsignedToHeaderInTransportSecuredMessage")));
}
signedXml.EnsureDigestValidity(id, readerAtHeader);
}
signedXml.CompleteSignatureVerification();
return(token);
}
this.pendingSignature = signedXml;
return(token);
}
