private void ValidateDigestsOfTargetsInSecurityHeader(StandardSignedInfo signedInfo, SecurityTimestamp timestamp, bool isPrimarySignature, object signatureTarget, string id) { for (int i = 0; i < signedInfo.ReferenceCount; i++) { Reference reference = signedInfo[i]; base.AlgorithmSuite.EnsureAcceptableDigestAlgorithm(reference.DigestMethod); string str = reference.ExtractReferredId(); if (isPrimarySignature || (id == str)) { if ((((timestamp != null) && (timestamp.Id == str)) && (!reference.TransformChain.NeedsInclusiveContext && (timestamp.DigestAlgorithm == reference.DigestMethod))) && (timestamp.GetDigest() != null)) { reference.EnsureDigestValidity(str, timestamp.GetDigest()); base.ElementManager.SetTimestampSigned(str); } else if (signatureTarget != null) { reference.EnsureDigestValidity(id, signatureTarget); } else { XmlDictionaryReader signatureVerificationReader = base.ElementManager.GetSignatureVerificationReader(str, base.EncryptBeforeSignMode); if (signatureVerificationReader != null) { reference.EnsureDigestValidity(str, signatureVerificationReader); signatureVerificationReader.Close(); } } if (!isPrimarySignature) { return; } } } }
public override void MarkElements(ReceiveSecurityHeaderElementManager elementManager, bool messageSecurityMode) { bool flag = false; for (int i = 0; i < elementManager.Count; i++) { ReceiveSecurityHeaderEntry entry; elementManager.GetElementEntry(i, out entry); if (entry.elementCategory == ReceiveSecurityHeaderElementCategory.Signature) { if (!messageSecurityMode) { elementManager.SetBindingMode(i, ReceiveSecurityHeaderBindingModes.Endorsing); continue; } SignedXml element = (SignedXml)entry.element; StandardSignedInfo signedInfo = (StandardSignedInfo)element.Signature.SignedInfo; bool flag2 = false; if (signedInfo.ReferenceCount == 1) { string uri = signedInfo[0].Uri; if (((uri == null) || (uri.Length <= 1)) || (uri[0] != '#')) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnableToResolveReferenceUriForSignature", new object[] { uri }))); } string str2 = uri.Substring(1); for (int j = 0; j < elementManager.Count; j++) { ReceiveSecurityHeaderEntry entry2; elementManager.GetElementEntry(j, out entry2); if (((j != i) && (entry2.elementCategory == ReceiveSecurityHeaderElementCategory.Signature)) && (entry2.id == str2)) { flag2 = true; break; } } } if (flag2) { elementManager.SetBindingMode(i, ReceiveSecurityHeaderBindingModes.Endorsing); } else { if (flag) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("AtMostOnePrimarySignatureInReceiveSecurityHeader"))); } flag = true; elementManager.SetBindingMode(i, ReceiveSecurityHeaderBindingModes.Primary); } } } }
protected override SecurityToken VerifySignature(SignedXml signedXml, bool isPrimarySignature, SecurityHeaderTokenResolver resolver, object signatureTarget, string id) { SecurityToken token = this.ResolveSignatureToken(signedXml.Signature.KeyIdentifier, resolver, isPrimarySignature); if (isPrimarySignature) { base.RecordSignatureToken(token); } ReadOnlyCollection <SecurityKey> securityKeys = token.SecurityKeys; SecurityKey securityKey = ((securityKeys != null) && (securityKeys.Count > 0)) ? securityKeys[0] : null; if (securityKey == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnableToCreateICryptoFromTokenForSignatureVerification", new object[] { token }))); } base.AlgorithmSuite.EnsureAcceptableSignatureKeySize(securityKey, token); base.AlgorithmSuite.EnsureAcceptableSignatureAlgorithm(securityKey, signedXml.Signature.SignedInfo.SignatureMethod); signedXml.StartSignatureVerification(securityKey); StandardSignedInfo signedInfo = (StandardSignedInfo)signedXml.Signature.SignedInfo; this.ValidateDigestsOfTargetsInSecurityHeader(signedInfo, base.Timestamp, isPrimarySignature, signatureTarget, id); if (!isPrimarySignature) { if ((!base.RequireMessageProtection && (securityKey is AsymmetricSecurityKey)) && (base.Version.Addressing != AddressingVersion.None)) { int headerIndex = base.Message.Headers.FindHeader(System.ServiceModel.XD.AddressingDictionary.To.Value, base.Message.Version.Addressing.Namespace); if (headerIndex == -1) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("TransportSecuredMessageMissingToHeader"))); } XmlDictionaryReader readerAtHeader = base.Message.Headers.GetReaderAtHeader(headerIndex); id = readerAtHeader.GetAttribute(System.ServiceModel.XD.UtilityDictionary.IdAttribute, System.ServiceModel.XD.UtilityDictionary.Namespace); if (id == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnsignedToHeaderInTransportSecuredMessage"))); } signedXml.EnsureDigestValidity(id, readerAtHeader); } signedXml.CompleteSignatureVerification(); return(token); } this.pendingSignature = signedXml; return(token); }