internal override void WriteTimestampCanonicalForm(Stream stream, SecurityTimestamp timestamp, byte[] workBuffer)
 {
     TimestampCanonicalFormWriter.Instance.WriteCanonicalForm(
         stream,
         timestamp.Id, timestamp.GetCreationTimeChars(), timestamp.GetExpiryTimeChars(),
         workBuffer);
 }
Пример #2
0
        public void AddTimestamp(SecurityTimestamp timestamp)
        {
            ThrowIfProcessingStarted();
            if (ElementContainer.Timestamp != null)
            {
                throw TraceUtility.ThrowHelperError(new InvalidOperationException(SR.TimestampAlreadySetForSecurityHeader), Message);
            }

            ElementContainer.Timestamp = timestamp ?? throw TraceUtility.ThrowHelperArgumentNull(nameof(timestamp), Message);
        }
        protected override ISignatureValueSecurityElement CompletePrimarySignatureCore(SendSecurityHeaderElement[] signatureConfirmations, SecurityToken[] signedEndorsingTokens, SecurityToken[] signedTokens, SendSecurityHeaderElement[] basicTokens)
        {
            ISignatureValueSecurityElement signedXml;

            if (this.signedXml == null)
            {
                return(null);
            }
            SecurityTimestamp timestamp = base.Timestamp;

            if (timestamp != null)
            {
                if (timestamp.Id == null)
                {
                    throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("TimestampToSignHasNoId")));
                }
                HashStream stream = this.TakeHashStream();
                base.StandardsManager.WSUtilitySpecificationVersion.WriteTimestampCanonicalForm(stream, timestamp, this.signedInfo.ResourcePool.TakeEncodingBuffer());
                this.signedInfo.AddReference(timestamp.Id, stream.FlushHashAndGetValue());
            }
            if ((base.ShouldSignToHeader && (this.signatureKey is AsymmetricSecurityKey)) && (base.Version.Addressing != AddressingVersion.None))
            {
                if (this.toHeaderHash == null)
                {
                    throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("TransportSecurityRequireToHeader")));
                }
                this.signedInfo.AddReference(this.toHeaderId, this.toHeaderHash);
            }
            this.AddSignatureReference(signatureConfirmations);
            if (base.RequireMessageProtection)
            {
                this.AddSignatureReference(signedEndorsingTokens);
                this.AddSignatureReference(signedTokens);
                this.AddSignatureReference(basicTokens);
            }
            if (this.signedInfo.ReferenceCount == 0)
            {
                throw TraceUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("NoPartsOfMessageMatchedPartsToSign")), base.Message);
            }
            try
            {
                this.signedXml.ComputeSignature(this.signatureKey);
                signedXml = this.signedXml;
            }
            finally
            {
                this.hashStream              = null;
                this.signedInfo              = null;
                this.signedXml               = null;
                this.signatureKey            = null;
                this.effectiveSignatureParts = null;
            }
            return(signedXml);
        }
 public void AddTimestamp(SecurityTimestamp timestamp)
 {
     base.ThrowIfProcessingStarted();
     if (this.elementContainer.Timestamp != null)
     {
         throw TraceUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("TimestampAlreadySetForSecurityHeader")), base.Message);
     }
     if (timestamp == null)
     {
         throw TraceUtility.ThrowHelperArgumentNull("timestamp", base.Message);
     }
     this.elementContainer.Timestamp = timestamp;
 }
        private void ReadTimestamp(XmlDictionaryReader reader)
        {
            if (_timestamp != null)
            {
                throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.DuplicateTimestampInSecurityHeader), Message);
            }
            bool   expectTimestampToBeSigned   = RequireMessageProtection || _hasEndorsingOrSignedEndorsingSupportingTokens;
            string expectedDigestAlgorithm     = expectTimestampToBeSigned ? AlgorithmSuite.DefaultDigestAlgorithm : null;
            SignatureResourcePool resourcePool = expectTimestampToBeSigned ? ResourcePool : null;

            _timestamp = StandardsManager.WSUtilitySpecificationVersion.ReadTimestamp(reader, expectedDigestAlgorithm, resourcePool);
            _timestamp.ValidateRangeAndFreshness(_replayWindow, _clockSkew);
            ElementManager.AppendTimestamp(_timestamp);
        }
 internal override void WriteTimestamp(XmlDictionaryWriter writer, SecurityTimestamp timestamp)
 {
     writer.WriteStartElement(System.ServiceModel.XD.UtilityDictionary.Prefix.Value, System.ServiceModel.XD.UtilityDictionary.Timestamp, System.ServiceModel.XD.UtilityDictionary.Namespace);
     writer.WriteAttributeString(System.ServiceModel.XD.UtilityDictionary.IdAttribute, System.ServiceModel.XD.UtilityDictionary.Namespace, timestamp.Id);
     writer.WriteStartElement(System.ServiceModel.XD.UtilityDictionary.CreatedElement, System.ServiceModel.XD.UtilityDictionary.Namespace);
     char[] creationTimeChars = timestamp.GetCreationTimeChars();
     writer.WriteChars(creationTimeChars, 0, creationTimeChars.Length);
     writer.WriteEndElement();
     writer.WriteStartElement(System.ServiceModel.XD.UtilityDictionary.ExpiresElement, System.ServiceModel.XD.UtilityDictionary.Namespace);
     char[] expiryTimeChars = timestamp.GetExpiryTimeChars();
     writer.WriteChars(expiryTimeChars, 0, expiryTimeChars.Length);
     writer.WriteEndElement();
     writer.WriteEndElement();
 }
            internal override void WriteTimestamp(XmlDictionaryWriter writer, SecurityTimestamp timestamp)
            {
                writer.WriteStartElement(XD.UtilityDictionary.Prefix.Value, XD.UtilityDictionary.Timestamp, XD.UtilityDictionary.Namespace);
                writer.WriteAttributeString(XD.UtilityDictionary.IdAttribute, XD.UtilityDictionary.Namespace, timestamp.Id);

                writer.WriteStartElement(XD.UtilityDictionary.CreatedElement, XD.UtilityDictionary.Namespace);
                char[] creationTime = timestamp.GetCreationTimeChars();
                writer.WriteChars(creationTime, 0, creationTime.Length);
                writer.WriteEndElement(); // wsu:Created

                writer.WriteStartElement(XD.UtilityDictionary.ExpiresElement, XD.UtilityDictionary.Namespace);
                char[] expiryTime = timestamp.GetExpiryTimeChars();
                writer.WriteChars(expiryTime, 0, expiryTime.Length);
                writer.WriteEndElement(); // wsu:Expires

                writer.WriteEndElement();
            }
 internal override void WriteTimestamp(XmlDictionaryWriter writer, SecurityTimestamp timestamp)
 {
     writer.WriteStartElement(System.ServiceModel.XD.UtilityDictionary.Prefix.Value, System.ServiceModel.XD.UtilityDictionary.Timestamp, System.ServiceModel.XD.UtilityDictionary.Namespace);
     writer.WriteAttributeString(System.ServiceModel.XD.UtilityDictionary.IdAttribute, System.ServiceModel.XD.UtilityDictionary.Namespace, timestamp.Id);
     writer.WriteStartElement(System.ServiceModel.XD.UtilityDictionary.CreatedElement, System.ServiceModel.XD.UtilityDictionary.Namespace);
     char[] creationTimeChars = timestamp.GetCreationTimeChars();
     writer.WriteChars(creationTimeChars, 0, creationTimeChars.Length);
     writer.WriteEndElement();
     writer.WriteStartElement(System.ServiceModel.XD.UtilityDictionary.ExpiresElement, System.ServiceModel.XD.UtilityDictionary.Namespace);
     char[] expiryTimeChars = timestamp.GetExpiryTimeChars();
     writer.WriteChars(expiryTimeChars, 0, expiryTimeChars.Length);
     writer.WriteEndElement();
     writer.WriteEndElement();
 }
 internal abstract void WriteTimestampCanonicalForm(Stream stream, SecurityTimestamp timestamp, byte[] buffer);
 internal abstract void WriteTimestamp(XmlDictionaryWriter writer, SecurityTimestamp timestamp);
 public void AddTimestamp(SecurityTimestamp timestamp)
 {
     base.ThrowIfProcessingStarted();
     if (this.elementContainer.Timestamp != null)
     {
         throw TraceUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("TimestampAlreadySetForSecurityHeader")), base.Message);
     }
     if (timestamp == null)
     {
         throw TraceUtility.ThrowHelperArgumentNull("timestamp", base.Message);
     }
     this.elementContainer.Timestamp = timestamp;
 }
Пример #12
0
        void ValidateDigestsOfTargetsInSecurityHeader(StandardSignedInfo signedInfo, SecurityTimestamp timestamp, bool isPrimarySignature, object signatureTarget, string id)
        {
            Fx.Assert(!isPrimarySignature || (isPrimarySignature && (signatureTarget == null)), "For primary signature we try to validate all the references.");

            for (int i = 0; i < signedInfo.ReferenceCount; i++)
            {
                Reference reference = signedInfo[i];
                this.AlgorithmSuite.EnsureAcceptableDigestAlgorithm(reference.DigestMethod);
                string referredId = reference.ExtractReferredId();
                if (isPrimarySignature || (id == referredId))
                {
                    if (timestamp != null && timestamp.Id == referredId && !reference.TransformChain.NeedsInclusiveContext &&
                        timestamp.DigestAlgorithm == reference.DigestMethod && timestamp.GetDigest() != null)
                    {
                        reference.EnsureDigestValidity(referredId, timestamp.GetDigest());
                        this.ElementManager.SetTimestampSigned(referredId);
                    }
                    else
                    {
                        if (signatureTarget != null)
                        {
                            reference.EnsureDigestValidity(id, signatureTarget);
                        }
                        else
                        {
                            int tokenIndex             = -1;
                            XmlDictionaryReader reader = null;
                            if (reference.IsStrTranform())
                            {
                                if (this.ElementManager.TryGetTokenElementIndexFromStrId(referredId, out tokenIndex))
                                {
                                    ReceiveSecurityHeaderEntry entry;
                                    this.ElementManager.GetElementEntry(tokenIndex, out entry);
                                    bool isSignedToken = (entry.bindingMode == ReceiveSecurityHeaderBindingModes.Signed) ||
                                                         (entry.bindingMode == ReceiveSecurityHeaderBindingModes.SignedEndorsing);
                                    // This means it is a protected(signed)primary token.
                                    if (!this.ElementManager.IsPrimaryTokenSigned)
                                    {
                                        this.ElementManager.IsPrimaryTokenSigned = entry.bindingMode == ReceiveSecurityHeaderBindingModes.Primary &&
                                                                                   entry.elementCategory == ReceiveSecurityHeaderElementCategory.Token;
                                    }
                                    this.ElementManager.SetSigned(tokenIndex);
                                    // We pass true if it is a signed supporting token, signed primary token or a SignedEndorsing token. We pass false if it is a SignedEncrypted Token.
                                    reader = this.ElementManager.GetReader(tokenIndex, isSignedToken);
                                }
                            }
                            else
                            {
                                reader = this.ElementManager.GetSignatureVerificationReader(referredId, this.EncryptBeforeSignMode);
                            }

                            if (reader != null)
                            {
                                reference.EnsureDigestValidity(referredId, reader);
                                reader.Close();
                            }
                        }
                    }

                    if (!isPrimarySignature)
                    {
                        // We were given an id to verify and we have verified it. So just break out
                        // of the loop.
                        break;
                    }
                }
            }

            // This check makes sure that if RequireSignedPrimaryToken is true (ProtectTokens is enabled on sbe) then the incoming message
            // should have the primary signature over the primary(signing)token.
            if (isPrimarySignature && this.RequireSignedPrimaryToken && !this.ElementManager.IsPrimaryTokenSigned)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SupportingTokenIsNotSigned, new IssuedSecurityTokenParameters())));
            }

            // NOTE: On both client and server side, WCF quietly consumes protected tokens even if protect token is not enabled on sbe.
            // To change this behaviour add another check below and throw appropriate exception message.
        }
            internal override void WriteTimestamp(XmlDictionaryWriter writer, SecurityTimestamp timestamp)
            {
                writer.WriteStartElement(XD.UtilityDictionary.Prefix.Value, XD.UtilityDictionary.Timestamp, XD.UtilityDictionary.Namespace);
                writer.WriteAttributeString(XD.UtilityDictionary.IdAttribute, XD.UtilityDictionary.Namespace, timestamp.Id);

                writer.WriteStartElement(XD.UtilityDictionary.CreatedElement, XD.UtilityDictionary.Namespace);
                char[] creationTime = timestamp.GetCreationTimeChars();
                writer.WriteChars(creationTime, 0, creationTime.Length);
                writer.WriteEndElement(); // wsu:Created

                writer.WriteStartElement(XD.UtilityDictionary.ExpiresElement, XD.UtilityDictionary.Namespace);
                char[] expiryTime = timestamp.GetExpiryTimeChars();
                writer.WriteChars(expiryTime, 0, expiryTime.Length);
                writer.WriteEndElement(); // wsu:Expires

                writer.WriteEndElement();
            }
 internal abstract void WriteTimestampCanonicalForm(Stream stream, SecurityTimestamp timestamp, byte[] buffer);
 internal override void WriteTimestampCanonicalForm(Stream stream, SecurityTimestamp timestamp, byte[] workBuffer)
 {
     WSUtilitySpecificationVersion.TimestampCanonicalFormWriter.Instance.WriteCanonicalForm(stream, timestamp.Id, timestamp.GetCreationTimeChars(), timestamp.GetExpiryTimeChars(), workBuffer);
 }
Пример #16
0
 public void AppendTimestamp(SecurityTimestamp timestamp)
 {
     AppendElement(ReceiveSecurityHeaderElementCategory.Timestamp, timestamp,
                   ReceiveSecurityHeaderBindingModes.Unknown, timestamp.Id, null);
 }
 private void ValidateDigestsOfTargetsInSecurityHeader(StandardSignedInfo signedInfo, SecurityTimestamp timestamp, bool isPrimarySignature, object signatureTarget, string id)
 {
     for (int i = 0; i < signedInfo.ReferenceCount; i++)
     {
         Reference reference = signedInfo[i];
         base.AlgorithmSuite.EnsureAcceptableDigestAlgorithm(reference.DigestMethod);
         string str = reference.ExtractReferredId();
         if (isPrimarySignature || (id == str))
         {
             if ((((timestamp != null) && (timestamp.Id == str)) && (!reference.TransformChain.NeedsInclusiveContext && (timestamp.DigestAlgorithm == reference.DigestMethod))) && (timestamp.GetDigest() != null))
             {
                 reference.EnsureDigestValidity(str, timestamp.GetDigest());
                 base.ElementManager.SetTimestampSigned(str);
             }
             else if (signatureTarget != null)
             {
                 reference.EnsureDigestValidity(id, signatureTarget);
             }
             else
             {
                 XmlDictionaryReader signatureVerificationReader = base.ElementManager.GetSignatureVerificationReader(str, base.EncryptBeforeSignMode);
                 if (signatureVerificationReader != null)
                 {
                     reference.EnsureDigestValidity(str, signatureVerificationReader);
                     signatureVerificationReader.Close();
                 }
             }
             if (!isPrimarySignature)
             {
                 return;
             }
         }
     }
 }
        protected override ISignatureValueSecurityElement CompletePrimarySignatureCore(
            SendSecurityHeaderElement[] signatureConfirmations,
            SecurityToken[] signedEndorsingTokens,
            SecurityToken[] signedTokens,
            SendSecurityHeaderElement[] basicTokens, bool isPrimarySignature)
        {
            if (this.signedXml == null)
            {
                return(null);
            }

            SecurityTimestamp timestamp = this.Timestamp;

            if (timestamp != null)
            {
                if (timestamp.Id == null)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.TimestampToSignHasNoId)));
                }
                HashStream hashStream = TakeHashStream();
                this.StandardsManager.WSUtilitySpecificationVersion.WriteTimestampCanonicalForm(
                    hashStream, timestamp, this.signedInfo.ResourcePool.TakeEncodingBuffer());
                signedInfo.AddReference(timestamp.Id, hashStream.FlushHashAndGetValue());
            }

            if ((this.ShouldSignToHeader) && (this.signatureKey is AsymmetricSecurityKey) && (this.Version.Addressing != AddressingVersion.None))
            {
                if (this.toHeaderHash != null)
                {
                    signedInfo.AddReference(this.toHeaderId, this.toHeaderHash);
                }
                else
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.TransportSecurityRequireToHeader)));
                }
            }

            AddSignatureReference(signatureConfirmations);
            if (isPrimarySignature && this.ShouldProtectTokens)
            {
                AddPrimaryTokenSignatureReference(this.ElementContainer.SourceSigningToken, this.SigningTokenParameters);
            }

            if (this.RequireMessageProtection)
            {
                AddSignatureReference(signedEndorsingTokens, SecurityTokenAttachmentMode.SignedEndorsing);
                AddSignatureReference(signedTokens, SecurityTokenAttachmentMode.Signed);
                AddSignatureReference(basicTokens);
            }

            if (this.signedInfo.ReferenceCount == 0)
            {
                throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.NoPartsOfMessageMatchedPartsToSign)), this.Message);
            }
            try
            {
                this.signedXml.ComputeSignature(this.signatureKey);
                return(this.signedXml);
            }
            finally
            {
                this.hashStream              = null;
                this.signedInfo              = null;
                this.signedXml               = null;
                this.signatureKey            = null;
                this.effectiveSignatureParts = null;
            }
        }
 internal abstract void WriteTimestamp(XmlDictionaryWriter writer, SecurityTimestamp timestamp);
        void ValidateDigestsOfTargetsInSecurityHeader(StandardSignedInfo signedInfo, SecurityTimestamp timestamp, bool isPrimarySignature, object signatureTarget, string id)
        {
            Fx.Assert(!isPrimarySignature || (isPrimarySignature && (signatureTarget == null)), "For primary signature we try to validate all the references.");

            for (int i = 0; i < signedInfo.ReferenceCount; i++)
            {
                Reference reference = signedInfo[i];
                this.AlgorithmSuite.EnsureAcceptableDigestAlgorithm(reference.DigestMethod);
                string referredId = reference.ExtractReferredId();
                if (isPrimarySignature || (id == referredId))
                {
                    if (timestamp != null && timestamp.Id == referredId && !reference.TransformChain.NeedsInclusiveContext &&
                        timestamp.DigestAlgorithm == reference.DigestMethod && timestamp.GetDigest() != null)
                    {
                        reference.EnsureDigestValidity(referredId, timestamp.GetDigest());
                        this.ElementManager.SetTimestampSigned(referredId);
                    }
                    else
                    {
                        if (signatureTarget != null)
                            reference.EnsureDigestValidity(id, signatureTarget);
                        else
                        {
                            int tokenIndex = -1;
                            XmlDictionaryReader reader = null;
                            if (reference.IsStrTranform())
                            {
                                if (this.ElementManager.TryGetTokenElementIndexFromStrId(referredId, out tokenIndex))
                                {
                                    ReceiveSecurityHeaderEntry entry;
                                    this.ElementManager.GetElementEntry(tokenIndex, out entry);
                                    bool isSignedToken = (entry.bindingMode == ReceiveSecurityHeaderBindingModes.Signed)
                                                       || (entry.bindingMode == ReceiveSecurityHeaderBindingModes.SignedEndorsing);
                                    // This means it is a protected(signed)primary token.
                                    if (!this.ElementManager.IsPrimaryTokenSigned)
                                    {
                                        this.ElementManager.IsPrimaryTokenSigned = entry.bindingMode == ReceiveSecurityHeaderBindingModes.Primary &&
                                                                                   entry.elementCategory == ReceiveSecurityHeaderElementCategory.Token;
                                    }
                                    this.ElementManager.SetSigned(tokenIndex);
                                    // We pass true if it is a signed supporting token, signed primary token or a SignedEndorsing token. We pass false if it is a SignedEncrypted Token. 
                                    reader = this.ElementManager.GetReader(tokenIndex, isSignedToken);
                                }
                            }
                            else
                                reader = this.ElementManager.GetSignatureVerificationReader(referredId, this.EncryptBeforeSignMode);

                            if (reader != null)
                            {
                                reference.EnsureDigestValidity(referredId, reader);
                                reader.Close();
                            }
                        }
                    }

                    if (!isPrimarySignature)
                    {
                        // We were given an id to verify and we have verified it. So just break out
                        // of the loop.
                        break;
                    }
                }
            }

              // This check makes sure that if RequireSignedPrimaryToken is true (ProtectTokens is enabled on sbe) then the incoming message 
            // should have the primary signature over the primary(signing)token.
            if (isPrimarySignature && this.RequireSignedPrimaryToken && !this.ElementManager.IsPrimaryTokenSigned)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SupportingTokenIsNotSigned, new IssuedSecurityTokenParameters())));
            }

            // NOTE: On both client and server side, WCF quietly consumes protected tokens even if protect token is not enabled on sbe. 
            // To change this behaviour add another check below and throw appropriate exception message.
        }
        protected override ISignatureValueSecurityElement CompletePrimarySignatureCore(
            SendSecurityHeaderElement[] signatureConfirmations,
            SecurityToken[] signedEndorsingTokens,
            SecurityToken[] signedTokens,
            SendSecurityHeaderElement[] basicTokens, bool isPrimarySignature)
        {
            if (_signedXml == null)
            {
                return(null);
            }

            SecurityTimestamp timestamp = Timestamp;

            if (timestamp != null)
            {
                if (timestamp.Id == null)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.TimestampToSignHasNoId));
                }

                var buffer = new byte[64];
                var ms     = new MemoryStream();
                StandardsManager.WSUtilitySpecificationVersion.WriteTimestampCanonicalForm(
                    ms, timestamp, buffer);
                ms.Position = 0;
                AddReference("#" + timestamp.Id, ms);
                var reference = new Reference(ms);
            }

            if ((ShouldSignToHeader) && (_signingKey != null || _signedXml.SigningKey != null) && (Version.Addressing != AddressingVersion.None))
            {
                if (_toHeaderStream != null)
                {
                    AddReference("#" + _toHeaderId, _toHeaderStream);
                }
                else
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.TransportSecurityRequireToHeader));
                }
            }

            AddSignatureReference(signatureConfirmations);
            if (isPrimarySignature && ShouldProtectTokens)
            {
                AddPrimaryTokenSignatureReference(ElementContainer.SourceSigningToken, SigningTokenParameters);
            }

            if (RequireMessageProtection)
            {
                throw new PlatformNotSupportedException(nameof(RequireMessageProtection));
            }

            if (_signedXml.SignedInfo.References.Count == 0)
            {
                throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.NoPartsOfMessageMatchedPartsToSign), Message);
            }
            try
            {
                if (_signingKey != null)
                {
                    _signedXml.ComputeSignature(_signingKey);
                }
                else
                {
                    _signedXml.ComputeSignature();
                }

                return(new SignatureValue(_signedXml.Signature));
            }
            finally
            {
                _hashStream = null;
                _signingKey = null;
                _signedXml  = null;
                _effectiveSignatureParts = null;
            }
        }
 private void ValidateDigestsOfTargetsInSecurityHeader(StandardSignedInfo signedInfo, SecurityTimestamp timestamp, bool isPrimarySignature, object signatureTarget, string id)
 {
     for (int i = 0; i < signedInfo.ReferenceCount; i++)
     {
         Reference reference = signedInfo[i];
         base.AlgorithmSuite.EnsureAcceptableDigestAlgorithm(reference.DigestMethod);
         string str = reference.ExtractReferredId();
         if (isPrimarySignature || (id == str))
         {
             if ((((timestamp != null) && (timestamp.Id == str)) && (!reference.TransformChain.NeedsInclusiveContext && (timestamp.DigestAlgorithm == reference.DigestMethod))) && (timestamp.GetDigest() != null))
             {
                 reference.EnsureDigestValidity(str, timestamp.GetDigest());
                 base.ElementManager.SetTimestampSigned(str);
             }
             else if (signatureTarget != null)
             {
                 reference.EnsureDigestValidity(id, signatureTarget);
             }
             else
             {
                 XmlDictionaryReader signatureVerificationReader = base.ElementManager.GetSignatureVerificationReader(str, base.EncryptBeforeSignMode);
                 if (signatureVerificationReader != null)
                 {
                     reference.EnsureDigestValidity(str, signatureVerificationReader);
                     signatureVerificationReader.Close();
                 }
             }
             if (!isPrimarySignature)
             {
                 return;
             }
         }
     }
 }