private bool CheckSignedInfo(IMac macAlg) { if (macAlg == null) { throw new ArgumentNullException(nameof(macAlg)); } SignedXmlDebugLog.LogBeginCheckSignedInfo(this, m_signature.SignedInfo); int signatureLength; if (m_signature.SignedInfo.SignatureLength == null) { signatureLength = macAlg.GetMacSize() * 8; } else { signatureLength = Convert.ToInt32(m_signature.SignedInfo.SignatureLength, null); } // signatureLength should be less than hash size if (signatureLength < 0 || signatureLength > macAlg.GetMacSize() * 8) { throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_InvalidSignatureLength); } if (signatureLength % 8 != 0) { throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_InvalidSignatureLength2); } if (m_signature.SignatureValue == null) { throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_SignatureValueRequired); } if (m_signature.SignatureValue.Length != signatureLength / 8) { throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_InvalidSignatureLength); } // Calculate the hash GetC14NDigest(new MacHashWrapper(macAlg)); byte[] hashValue = new byte[macAlg.GetMacSize()]; macAlg.DoFinal(hashValue, 0); SignedXmlDebugLog.LogVerifySignedInfo(this, macAlg, hashValue, m_signature.SignatureValue); for (int i = 0; i < m_signature.SignatureValue.Length; i++) { if (m_signature.SignatureValue[i] != hashValue[i]) { return(false); } } return(true); }
private static bool DoesSignatureUseSafeCanonicalizationMethod(SignedXml signedXml) { foreach (string safeAlgorithm in signedXml.SafeCanonicalizationMethods) { if (string.Equals(safeAlgorithm, signedXml.SignedInfo.CanonicalizationMethod, StringComparison.OrdinalIgnoreCase)) { return(true); } } SignedXmlDebugLog.LogUnsafeCanonicalizationMethod(signedXml, signedXml.SignedInfo.CanonicalizationMethod, signedXml.SafeCanonicalizationMethods); return(false); }
public void ComputeSignature(IMac macAlg) { if (macAlg == null) { throw new ArgumentNullException(nameof(macAlg)); } if (!(macAlg is HMac)) { throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_SignatureMethodKeyMismatch); } int signatureLength; if (m_signature.SignedInfo.SignatureLength == null) { signatureLength = macAlg.GetMacSize() * 8; } else { signatureLength = Convert.ToInt32(m_signature.SignedInfo.SignatureLength, null); } // signatureLength should be less than hash size if (signatureLength < 0 || signatureLength > macAlg.GetMacSize() * 8) { throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_InvalidSignatureLength); } if (signatureLength % 8 != 0) { throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_InvalidSignatureLength2); } BuildDigestedReferences(); SignedInfo.SignatureMethod = (macAlg.AlgorithmName.Substring(0, macAlg.AlgorithmName.IndexOf('/')).ToUpperInvariant()) switch { "SHA-1" => SignedXml.XmlDsigHMACSHA1Url, "SHA-256" => SignedXml.XmlDsigMoreHMACSHA256Url, "SHA-384" => SignedXml.XmlDsigMoreHMACSHA384Url, "SHA-512" => SignedXml.XmlDsigMoreHMACSHA512Url, "MD5" => SignedXml.XmlDsigMoreHMACMD5Url, "RIPEMD160" => SignedXml.XmlDsigMoreHMACRIPEMD160Url, _ => throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_SignatureMethodKeyMismatch), }; GetC14NDigest(new MacHashWrapper(macAlg)); byte[] hashValue = new byte[macAlg.GetMacSize()]; macAlg.DoFinal(hashValue, 0); SignedXmlDebugLog.LogSigning(this, macAlg); m_signature.SignatureValue = new byte[signatureLength / 8]; Buffer.BlockCopy(hashValue, 0, m_signature.SignatureValue, 0, signatureLength / 8); }
public static bool CheckSignatureFormat(SignedXml signedXml, Func <SignedXml, bool> _signatureFormatValidator) { if (_signatureFormatValidator == null) { return(true); } SignedXmlDebugLog.LogBeginCheckSignatureFormat(signedXml, _signatureFormatValidator); bool formatValid = _signatureFormatValidator(signedXml); SignedXmlDebugLog.LogFormatValidationResult(signedXml, formatValid); return(formatValid); }
public void ComputeSignature() { SignedXmlDebugLog.LogBeginSignatureComputation(this, _context); BuildDigestedReferences(); // Load the key AsymmetricKeyParameter key = SigningKey; if (key == null) { throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_LoadKeyFailed); } // Check the signature algorithm associated with the key so that we can accordingly set the signature method if (SignedInfo.SignatureMethod == null) { if (key is DsaKeyParameters) { SignedInfo.SignatureMethod = XmlDsigDSAUrl; } else if (key is RsaKeyParameters) { // Default to RSA-SHA1 if (SignedInfo.SignatureMethod == null) { SignedInfo.SignatureMethod = XmlDsigRSASHA256Url; } } else { throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_CreatedKeyFailed); } } // See if there is a signature description class defined in the Config file ISigner signatureDescription = CryptoHelpers.CreateFromName(SignedInfo.SignatureMethod) as ISigner; if (signatureDescription == null) { throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_SignatureDescriptionNotCreated); } signatureDescription.Init(true, key); GetC14NDigest(signatureDescription); //SignedXmlDebugLog.LogSigning(this, key, signatureDescription, hashAlg, asymmetricSignatureFormatter); m_signature.SignatureValue = signatureDescription.GenerateSignature(); }
// If we have a signature format validation callback, check to see if this signature's format (not // the signautre itself) is valid according to the validator. A return value of true indicates that // the signature format is acceptable, false means that the format is not valid. private bool CheckSignatureFormat() { if (_signatureFormatValidator == null) { // No format validator means that we default to accepting the signature. (This is // effectively compatibility mode with v3.5). return(true); } SignedXmlDebugLog.LogBeginCheckSignatureFormat(this, _signatureFormatValidator); bool formatValid = _signatureFormatValidator(this); SignedXmlDebugLog.LogFormatValidationResult(this, formatValid); return(formatValid); }
public bool CheckSignature(X509Certificate certificate, bool verifySignatureOnly) { if (!verifySignatureOnly) { // Check key usages to make sure it is good for signing. var exts = certificate.CertificateStructure.TbsCertificate.Extensions; foreach (DerObjectIdentifier extension in exts.ExtensionOids) { if (extension.Equals(X509Extensions.KeyUsage)) { var keyUsage = certificate.GetKeyUsage(); bool validKeyUsage = (keyUsage[0 /* DigitalSignature */] || keyUsage[0 /* NonRepudiation */]); if (!validKeyUsage) { SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_X509KeyUsage); return(false); } break; } } // Do the chain verification to make sure the certificate is valid. /*X509Chain chain = new X509Chain(); * chain.ChainPolicy.ExtraStore.AddRange(BuildBagOfCerts()); * bool chainVerified = chain.Build(certificate); * SignedXmlDebugLog.LogVerifyX509Chain(this, chain, certificate); * * if (!chainVerified) * { * SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_X509Chain); * return false; * }*/ } AsymmetricKeyParameter publicKey = certificate.GetPublicKey(); if (!CheckSignature(publicKey)) { return(false); } SignedXmlDebugLog.LogVerificationResult(this, certificate, true); return(true); }
private void BuildDigestedReferences() { // Default the DigestMethod and Canonicalization ArrayList references = SignedInfo.References; // Reset the cache _refProcessed = new bool[references.Count]; _refLevelCache = new int[references.Count]; ReferenceLevelSortOrder sortOrder = new ReferenceLevelSortOrder(); sortOrder.References = references; // Don't alter the order of the references array list ArrayList sortedReferences = new ArrayList(); foreach (Reference reference in references) { sortedReferences.Add(reference); } sortedReferences.Sort(sortOrder); CanonicalXmlNodeList nodeList = new CanonicalXmlNodeList(); foreach (DataObject obj in m_signature.ObjectList) { nodeList.Add(obj.GetXml()); } foreach (Reference reference in sortedReferences) { // If no DigestMethod has yet been set, default it to sha1 if (reference.DigestMethod == null) { reference.DigestMethod = Reference.DefaultDigestMethod; } SignedXmlDebugLog.LogSigningReference(this, reference); reference.UpdateHashValue(_containingDocument, nodeList); // If this reference has an Id attribute, add it if (reference.Id != null) { nodeList.Add(reference.GetXml()); } } }
public void ComputeSignature() { SignedXmlDebugLog.LogBeginSignatureComputation(this, _context); ReferenceManager.BuildDigestedReferences(this); AsymmetricKeyParameter key = SigningKey; if (key == null) { throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_LoadKeyFailed); } if (SignedInfo.SignatureMethod == null) { if (key is DsaKeyParameters) { SignedInfo.SignatureMethod = XmlNameSpace.Url[NS.XmlDsigDSAUrl]; } else if (key is RsaKeyParameters) { SignedInfo.SignatureMethod = XmlNameSpace.Url[NS.XmlDsigRSASHA256Url]; } else { throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_CreatedKeyFailed); } } ISigner signatureDescription = CryptoHelpers.CreateFromName <ISigner>(SignedInfo.SignatureMethod); if (signatureDescription == null) { throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_SignatureDescriptionNotCreated); } signatureDescription.Init(true, key); CheckSignatureManager.GetC14NDigest(new SignerHashWrapper(signatureDescription), this); SignedXmlDebugLog.LogSigning(this, key, signatureDescription); MSignature.SetSignatureValue(signatureDescription.GenerateSignature()); }
private bool CheckSignedInfo(AsymmetricKeyParameter key) { if (key == null) { throw new ArgumentNullException("key"); } SignedXmlDebugLog.LogBeginCheckSignedInfo(this, m_signature.SignedInfo); ISigner signatureDescription = CryptoHelpers.CreateFromName(SignatureMethod) as ISigner; if (signatureDescription == null) { throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_SignatureDescriptionNotCreated); } // Let's see if the key corresponds with the SignatureMethod /*Type ta = Type.GetType(signatureDescription.KeyAlgorithm); * if (!IsKeyTheCorrectAlgorithm(key, ta)) * return false;*/ try { signatureDescription.Init(false, key); } catch (Exception) { return(false); } GetC14NDigest(signatureDescription); /*SignedXmlDebugLog.LogVerifySignedInfo(this, * key, * signatureDescription, * hashAlgorithm, * asymmetricSignatureDeformatter, * hashval, * m_signature.SignatureValue);*/ return(signatureDescription.VerifySignature(m_signature.SignatureValue)); }
public static void BuildDigestedReferences(SignedXml signedXml) { ArrayList references = signedXml.SignedInfo.References; signedXml.RefProcessed = new bool[references.Count]; signedXml.RefLevelCache = new int[references.Count]; ReferenceLevelSortOrder sortOrder = new ReferenceLevelSortOrder(); sortOrder.SetReferences(references); ArrayList sortedReferences = new ArrayList(); foreach (Reference reference in references) { sortedReferences.Add(reference); } sortedReferences.Sort(sortOrder); CanonicalXmlNodeList nodeList = new CanonicalXmlNodeList(); foreach (DataObject obj in signedXml.Signature.GetObjectList()) { nodeList.Add(obj.GetXml()); } foreach (Reference reference in sortedReferences) { if (reference.DigestMethod == null) { reference.DigestMethod = XmlNameSpace.Url[NS.XmlDsigSHA256Url]; } SignedXmlDebugLog.LogSigningReference(signedXml, reference); reference.UpdateHashValue(signedXml.ContainingDocument, nodeList); if (reference.GetId() != null) { nodeList.Add(reference.GetXml()); } } }
public bool CheckSignature(IMac macAlg) { if (!CheckSignatureFormat()) { return(false); } if (!CheckSignedInfo(macAlg)) { SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_SignedInfo); return(false); } if (!CheckDigestedReferences()) { SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_References); return(false); } SignedXmlDebugLog.LogVerificationResult(this, macAlg, true); return(true); }
public bool CheckSignature(AsymmetricKeyParameter key) { if (!CheckSignatureFormat()) { return(false); } if (!CheckSignedInfo(key)) { SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_SignedInfo); return(false); } // Now is the time to go through all the references and see if their DigestValues are good if (!CheckDigestedReferences()) { SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_References); return(false); } SignedXmlDebugLog.LogVerificationResult(this, key, true); return(true); }
// What we want to do is pump the input throug the TransformChain and then // hash the output of the chain document is the document context for resolving relative references internal byte[] CalculateHashValue(XmlDocument document, CanonicalXmlNodeList refList) { // refList is a list of elements that might be targets of references // Now's the time to create our hashing algorithm IDigest digest = CryptoHelpers.CreateFromName <IDigest>(_digestMethod); if (digest == null) { IMac mac = CryptoHelpers.CreateFromName <IMac>(_digestMethod); if (mac == null) { throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_CreateHashAlgorithmFailed); } // For compatibility to corefx' HMAC implementation byte[] randomKey = Utils.GenerateRandomBlock(mac.GetMacSize()); mac.Init(new KeyParameter(randomKey)); _hashAlgorithm = new MacHashWrapper(mac); } else { _hashAlgorithm = new DigestHashWrapper(digest); } // Let's go get the target. string baseUri = (document == null ? System.Environment.CurrentDirectory + "\\" : document.BaseURI); Stream hashInputStream = null; WebResponse response = null; Stream inputStream = null; XmlResolver resolver = null; _hashval = null; try { switch (_refTargetType) { case ReferenceTargetType.Stream: // This is the easiest case. We already have a stream, so just pump it through the TransformChain resolver = (SignedXml.ResolverSet ? SignedXml._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri)); hashInputStream = TransformChain.TransformToOctetStream((Stream)_refTarget, resolver, baseUri); break; case ReferenceTargetType.UriReference: // Second-easiest case -- dereference the URI & pump through the TransformChain // handle the special cases where the URI is null (meaning whole doc) // or the URI is just a fragment (meaning a reference to an embedded Object) if (_uri == null) { // We need to create a DocumentNavigator out of the XmlElement resolver = (SignedXml.ResolverSet ? SignedXml._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri)); // In the case of a Uri-less reference, we will simply pass null to the transform chain. // The first transform in the chain is expected to know how to retrieve the data to hash. hashInputStream = TransformChain.TransformToOctetStream((Stream)null, resolver, baseUri); } else if (_uri.Length == 0) { // This is the self-referential case. First, check that we have a document context. // The Enveloped Signature does not discard comments as per spec; those will be omitted during the transform chain process if (document == null) { throw new System.Security.Cryptography.CryptographicException(string.Format(CultureInfo.CurrentCulture, SR.Cryptography_Xml_SelfReferenceRequiresContext, _uri)); } // Normalize the containing document resolver = (SignedXml.ResolverSet ? SignedXml._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri)); XmlDocument docWithNoComments = Utils.DiscardComments(Utils.PreProcessDocumentInput(document, resolver, baseUri)); hashInputStream = TransformChain.TransformToOctetStream(docWithNoComments, resolver, baseUri); } else if (_uri[0] == '#') { // If we get here, then we are constructing a Reference to an embedded DataObject // referenced by an Id = attribute. Go find the relevant object bool discardComments = true; string idref = Utils.GetIdFromLocalUri(_uri, out discardComments); if (idref == "xpointer(/)") { // This is a self referencial case if (document == null) { throw new System.Security.Cryptography.CryptographicException(string.Format(CultureInfo.CurrentCulture, SR.Cryptography_Xml_SelfReferenceRequiresContext, _uri)); } // We should not discard comments here!!! resolver = (SignedXml.ResolverSet ? SignedXml._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri)); hashInputStream = TransformChain.TransformToOctetStream(Utils.PreProcessDocumentInput(document, resolver, baseUri), resolver, baseUri); break; } XmlElement elem = SignedXml.GetIdElement(document, idref); if (elem != null) { _namespaces = Utils.GetPropagatedAttributes(elem.ParentNode as XmlElement); } if (elem == null) { // Go throw the referenced items passed in if (refList != null) { foreach (XmlNode node in refList) { XmlElement tempElem = node as XmlElement; if ((tempElem != null) && (Utils.HasAttribute(tempElem, "Id", SignedXml.XmlDsigNamespaceUrl)) && (Utils.GetAttribute(tempElem, "Id", SignedXml.XmlDsigNamespaceUrl).Equals(idref))) { elem = tempElem; if (_signedXml._context != null) { _namespaces = Utils.GetPropagatedAttributes(_signedXml._context); } break; } } } } if (elem == null) { throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_InvalidReference); } XmlDocument normDocument = Utils.PreProcessElementInput(elem, resolver, baseUri); // Add the propagated attributes Utils.AddNamespaces(normDocument.DocumentElement, _namespaces); resolver = (SignedXml.ResolverSet ? SignedXml._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri)); if (discardComments) { // We should discard comments before going into the transform chain XmlDocument docWithNoComments = Utils.DiscardComments(normDocument); hashInputStream = TransformChain.TransformToOctetStream(docWithNoComments, resolver, baseUri); } else { // This is an XPointer reference, do not discard comments!!! hashInputStream = TransformChain.TransformToOctetStream(normDocument, resolver, baseUri); } } else { throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_UriNotResolved, _uri); } break; case ReferenceTargetType.XmlElement: // We need to create a DocumentNavigator out of the XmlElement resolver = (SignedXml.ResolverSet ? SignedXml._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri)); hashInputStream = TransformChain.TransformToOctetStream(Utils.PreProcessElementInput((XmlElement)_refTarget, resolver, baseUri), resolver, baseUri); break; default: throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_UriNotResolved, _uri); } // Compute the new hash value hashInputStream = SignedXmlDebugLog.LogReferenceData(this, hashInputStream); // Default the buffer size to 4K. byte[] buffer = new byte[4096]; int bytesRead; _hashAlgorithm.Reset(); while ((bytesRead = hashInputStream.Read(buffer, 0, buffer.Length)) > 0) { _hashAlgorithm.BlockUpdate(buffer, 0, bytesRead); } _hashval = new byte[_hashAlgorithm.GetHashSize()]; _hashAlgorithm.DoFinal(_hashval, 0); } finally { if (hashInputStream != null) { hashInputStream.Close(); } if (response != null) { response.Close(); } if (inputStream != null) { inputStream.Close(); } } return(_hashval); }
public void ComputeSignature(IMac macAlg) { if (macAlg == null) { throw new ArgumentNullException(nameof(macAlg)); } if (!(macAlg is HMac)) { throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_SignatureMethodKeyMismatch); } int signatureLength; if (MSignature.SignedInfo.SignatureLength == null) { signatureLength = macAlg.GetMacSize() * 8; } else { signatureLength = Convert.ToInt32(MSignature.SignedInfo.SignatureLength, null); } if (signatureLength < 0 || signatureLength > macAlg.GetMacSize() * 8) { throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_InvalidSignatureLength); } if (signatureLength % 8 != 0) { throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_InvalidSignatureLength2); } ReferenceManager.BuildDigestedReferences(this); var algorithmName = macAlg.AlgorithmName.Substring(0, macAlg.AlgorithmName.IndexOf('/')).ToUpperInvariant(); var signedXmlDictionary = new Dictionary <string, NS>() { { "SHA-1", NS.XmlDsigHMACSHA1Url }, { "SHA-256", NS.XmlDsigMoreHMACSHA256Url }, { "SHA-384", NS.XmlDsigMoreHMACSHA384Url }, { "SHA-512", NS.XmlDsigMoreHMACSHA512Url }, { "MD5", NS.XmlDsigMoreHMACMD5Url }, { "RIPEMD160", NS.XmlDsigMoreHMACRIPEMD160Url } }; try { SignedInfo.SignatureMethod = XmlNameSpace.Url[signedXmlDictionary[algorithmName]]; } catch (Exception) { throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_SignatureMethodKeyMismatch); } CheckSignatureManager.GetC14NDigest(new MacHashWrapper(macAlg), this); byte[] hashValue = new byte[macAlg.GetMacSize()]; macAlg.DoFinal(hashValue, 0); SignedXmlDebugLog.LogSigning(this, macAlg); MSignature.SetSignatureValue(new byte[signatureLength / 8]); Buffer.BlockCopy(hashValue, 0, MSignature.GetSignatureValue(), 0, signatureLength / 8); }
internal byte[] CalculateHashValue(XmlDocument document, CanonicalXmlNodeList refList) { IDigest digest = CryptoHelpers.CreateFromName <IDigest>(_digestMethod); if (digest == null) { IMac mac = CryptoHelpers.CreateFromName <IMac>(_digestMethod); if (mac == null) { throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_CreateHashAlgorithmFailed); } byte[] randomKey = CryptoUtils.GenerateRandomBlock(mac.GetMacSize()); mac.Init(new KeyParameter(randomKey)); _hashAlgorithm = new MacHashWrapper(mac); } else { _hashAlgorithm = new DigestHashWrapper(digest); } string baseUri = document == null ? Environment.CurrentDirectory + "\\" : document.BaseURI; Stream hashInputStream = null; WebResponse response = null; Stream inputStream = null; XmlResolver resolver = null; _hashval = null; try { switch (_refTargetType) { case ReferenceTargetType.Stream: resolver = (GetSignedXml().ResolverSet ? GetSignedXml()._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri)); hashInputStream = TransformChain.TransformToOctetStream((Stream)_refTarget, resolver, baseUri); break; case ReferenceTargetType.UriReference: if (_uri == null) { resolver = (GetSignedXml().ResolverSet ? GetSignedXml()._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri)); hashInputStream = TransformChain.TransformToOctetStream((Stream)null, resolver, baseUri); } else if (_uri.Length == 0) { if (document == null) { throw new System.Security.Cryptography.CryptographicException(string.Format(CultureInfo.CurrentCulture, SR.Cryptography_Xml_SelfReferenceRequiresContext, _uri)); } resolver = (GetSignedXml().ResolverSet ? GetSignedXml()._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri)); XmlDocument docWithNoComments = StreamUtils.DiscardComments(StreamUtils.PreProcessDocumentInput(document, resolver, baseUri)); hashInputStream = TransformChain.TransformToOctetStream(docWithNoComments, resolver, baseUri); } else if (_uri[0] == '#') { bool discardComments = true; string idref = ParserUtils.GetIdFromLocalUri(_uri, out discardComments); if (idref == "xpointer(/)") { if (document == null) { throw new System.Security.Cryptography.CryptographicException(string.Format(CultureInfo.CurrentCulture, SR.Cryptography_Xml_SelfReferenceRequiresContext, _uri)); } resolver = (GetSignedXml().ResolverSet ? GetSignedXml()._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri)); hashInputStream = TransformChain.TransformToOctetStream(StreamUtils.PreProcessDocumentInput(document, resolver, baseUri), resolver, baseUri); break; } XmlElement elem = GetSignedXml().GetIdElement(document, idref); if (elem != null) { _namespaces = ElementUtils.GetPropagatedAttributes(elem.ParentNode as XmlElement); } if (elem == null && refList != null) { foreach (XmlNode node in refList) { XmlElement tempElem = node as XmlElement; if ((tempElem != null) && (ElementUtils.HasAttribute(tempElem, "Id", XmlNameSpace.Url[NS.XmlDsigNamespaceUrl])) && (ElementUtils.GetAttribute(tempElem, "Id", NS.XmlDsigNamespaceUrl).Equals(idref))) { elem = tempElem; if (_signedXml._context != null) { _namespaces = ElementUtils.GetPropagatedAttributes(_signedXml._context); } break; } } } if (elem == null) { throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_InvalidReference); } XmlDocument normDocument = StreamUtils.PreProcessElementInput(elem, resolver, baseUri); ElementUtils.AddNamespaces(normDocument.DocumentElement, _namespaces); resolver = (GetSignedXml().ResolverSet ? GetSignedXml()._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri)); if (discardComments) { XmlDocument docWithNoComments = StreamUtils.DiscardComments(normDocument); hashInputStream = TransformChain.TransformToOctetStream(docWithNoComments, resolver, baseUri); } else { hashInputStream = TransformChain.TransformToOctetStream(normDocument, resolver, baseUri); } } else { throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_UriNotResolved, _uri); } break; case ReferenceTargetType.XmlElement: resolver = (GetSignedXml().ResolverSet ? GetSignedXml()._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri)); hashInputStream = TransformChain.TransformToOctetStream(StreamUtils.PreProcessElementInput((XmlElement)_refTarget, resolver, baseUri), resolver, baseUri); break; default: throw new System.Security.Cryptography.CryptographicException(SR.Cryptography_Xml_UriNotResolved, _uri); } hashInputStream = SignedXmlDebugLog.LogReferenceData(this, hashInputStream); byte[] buffer = new byte[4096]; int bytesRead; _hashAlgorithm.Reset(); while ((bytesRead = hashInputStream.Read(buffer, 0, buffer.Length)) > 0) { _hashAlgorithm.BlockUpdate(buffer, 0, bytesRead); } _hashval = new byte[_hashAlgorithm.GetHashSize()]; _hashAlgorithm.DoFinal(_hashval, 0); } finally { if (hashInputStream != null) { hashInputStream.Close(); } if (response != null) { response.Close(); } if (inputStream != null) { inputStream.Close(); } } return(_hashval); }