public void KeepDocument ()
{
string result = @"<dsig:Reference URI="""" xmlns:dsig=""http://www.w3.org/2000/09/xmldsig#""><dsig:Transforms><dsig:Transform Algorithm=""http://www.w3.org/2000/09/xmldsig#enveloped-signature"" /></dsig:Transforms><dsig:DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" /><dsig:DigestValue>nDF2V/bzRd0VE3EwShWtsBzTEDc=</dsig:DigestValue></dsig:Reference>";
XmlDocument doc = new XmlDocument ();
doc.LoadXml (xml);
XmlElement org = (XmlElement) doc.SelectSingleNode ("//*[local-name()='Reference']");
Reference r = new Reference ();
r.LoadXml (org);
XmlElement el = r.GetXml ();
Assert.AreEqual (doc, el.OwnerDocument);
Assert.AreEqual (org, el);
Assert.AreEqual (result, el.OuterXml);
}
public void LoadXml(XmlElement value)
{
if (value == null)
{
throw new ArgumentNullException(nameof(value));
}
// SignedInfo
XmlElement signedInfoElement = value;
if (!signedInfoElement.LocalName.Equals("SignedInfo"))
{
throw new CryptographicException(SR.Cryptography_Xml_InvalidElement, "SignedInfo");
}
XmlNamespaceManager nsm = new XmlNamespaceManager(value.OwnerDocument.NameTable);
nsm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);
// Id attribute -- optional
_id = Utils.GetAttribute(signedInfoElement, "Id", SignedXml.XmlDsigNamespaceUrl);
// CanonicalizationMethod -- must be present
XmlElement canonicalizationMethodElement = signedInfoElement.SelectSingleNode("ds:CanonicalizationMethod", nsm) as XmlElement;
if (canonicalizationMethodElement == null)
{
throw new CryptographicException(SR.Cryptography_Xml_InvalidElement, "SignedInfo/CanonicalizationMethod");
}
_canonicalizationMethod = Utils.GetAttribute(canonicalizationMethodElement, "Algorithm", SignedXml.XmlDsigNamespaceUrl);
_canonicalizationMethodTransform = null;
if (canonicalizationMethodElement.ChildNodes.Count > 0)
{
CanonicalizationMethodObject.LoadInnerXml(canonicalizationMethodElement.ChildNodes);
}
// SignatureMethod -- must be present
XmlElement signatureMethodElement = signedInfoElement.SelectSingleNode("ds:SignatureMethod", nsm) as XmlElement;
if (signatureMethodElement == null)
{
throw new CryptographicException(SR.Cryptography_Xml_InvalidElement, "SignedInfo/SignatureMethod");
}
_signatureMethod = Utils.GetAttribute(signatureMethodElement, "Algorithm", SignedXml.XmlDsigNamespaceUrl);
// Now get the output length if we are using a MAC algorithm
XmlElement signatureLengthElement = signatureMethodElement.SelectSingleNode("ds:HMACOutputLength", nsm) as XmlElement;
if (signatureLengthElement != null)
{
_signatureLength = signatureLengthElement.InnerXml;
}
// flush out any reference that was there
_references.Clear();
XmlNodeList referenceNodes = signedInfoElement.SelectNodes("ds:Reference", nsm);
if (referenceNodes != null)
{
foreach (XmlNode node in referenceNodes)
{
XmlElement referenceElement = node as XmlElement;
Reference reference = new Reference();
AddReference(reference);
reference.LoadXml(referenceElement);
}
}
// Save away the cached value
_cachedXml = signedInfoElement;
}
public static bool VerifySignature(Stream xmlStream, Stream signatureStream, out X509Certificate2 certificate)
{
XmlDocument xmlDocument = new XmlDocument();
xmlDocument.Load(signatureStream);
SignedXml signedXml = new SignedXml();
signedXml.LoadXml(xmlDocument.DocumentElement);
certificate = signedXml.KeyInfo.OfType<KeyInfoX509Data>().SelectMany(c => c.Certificates.OfType<X509Certificate2>()).FirstOrDefault();
foreach (Reference reference in signedXml.SignedInfo.References.ToArray())
{
Reference newReference = new Reference(xmlStream);
newReference.LoadXml(reference.GetXml());
signedXml.AddReference(newReference);
signedXml.SignedInfo.References.Remove(reference);
}
return signedXml.CheckSignature();
}
/// <include file='doc\SignedInfo.uex' path='docs/doc[@for="SignedInfo.LoadXml"]/*' />
public void LoadXml(XmlElement value)
{
// Guard against nulls
if (value == null)
{
throw new ArgumentNullException("value");
}
// SignedInfo
XmlElement signedInfoElement = value;
if (!signedInfoElement.LocalName.Equals("SignedInfo"))
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "SignedInfo");
}
XmlNamespaceManager nsm = new XmlNamespaceManager(value.OwnerDocument.NameTable);
nsm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);
// CanonicalizationMethod -- must be present
XmlNodeList canonicalizationMethodNodes = signedInfoElement.SelectNodes("ds:CanonicalizationMethod", nsm);
if (canonicalizationMethodNodes.Count == 0)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "SignedInfo/CanonicalizationMethod");
}
XmlElement canonicalizationMethodElement = (XmlElement)canonicalizationMethodNodes.Item(0);
m_strCanonicalizationMethod = canonicalizationMethodElement.GetAttribute("Algorithm");
// SignatureMethod -- must be present
XmlNodeList signatureMethodNodes = signedInfoElement.SelectNodes("ds:SignatureMethod", nsm);
if (signatureMethodNodes.Count == 0)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "SignedInfo/SignatureMethod");
}
XmlElement signatureMethodElement = (XmlElement)signatureMethodNodes.Item(0);
m_strSignatureMethod = signatureMethodElement.GetAttribute("Algorithm");
// Now get the output length if we are using a MAC algorithm
XmlNodeList signatureLengthNodes = signatureMethodElement.SelectNodes("ds:HMACOutputLength", nsm);
if (signatureLengthNodes.Count > 0)
{
m_strSignatureLength = signatureLengthNodes.Item(0).InnerXml;
}
// References if any
// Flush the any reference that was there
m_references.Clear();
XmlNodeList referenceNodes = signedInfoElement.SelectNodes("ds:Reference", nsm);
for (int i = 0; i < referenceNodes.Count; ++i)
{
Reference reference = new Reference();
reference.LoadXml((XmlElement)referenceNodes.Item(i));
m_references.Add(reference);
}
// Save away the cached value
m_cachedXml = signedInfoElement;
}
public void LoadXml(XmlElement value)
{
if (value == null)
{
throw new ArgumentNullException("value");
}
// SignedInfo
XmlElement signedInfoElement = value;
if (!signedInfoElement.LocalName.Equals("SignedInfo"))
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "SignedInfo");
}
XmlNamespaceManager nsm = new XmlNamespaceManager(value.OwnerDocument.NameTable);
nsm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);
int expectedChildNodes = 0;
// Id attribute -- optional
m_id = Utils.GetAttribute(signedInfoElement, "Id", SignedXml.XmlDsigNamespaceUrl);
if (!Utils.VerifyAttributes(signedInfoElement, "Id"))
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "SignedInfo");
}
// CanonicalizationMethod -- must be present
XmlNodeList canonicalizationMethodNodes = signedInfoElement.SelectNodes("ds:CanonicalizationMethod", nsm);
if (canonicalizationMethodNodes == null || canonicalizationMethodNodes.Count == 0 || (!Utils.GetAllowAdditionalSignatureNodes() && canonicalizationMethodNodes.Count > 1))
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "SignedInfo/CanonicalizationMethod");
}
XmlElement canonicalizationMethodElement = canonicalizationMethodNodes.Item(0) as XmlElement;
expectedChildNodes += canonicalizationMethodNodes.Count;
m_canonicalizationMethod = Utils.GetAttribute(canonicalizationMethodElement, "Algorithm", SignedXml.XmlDsigNamespaceUrl);
if ((m_canonicalizationMethod == null && !Utils.GetSkipSignatureAttributeEnforcement()) || !Utils.VerifyAttributes(canonicalizationMethodElement, "Algorithm"))
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "SignedInfo/CanonicalizationMethod");
}
m_canonicalizationMethodTransform = null;
if (canonicalizationMethodElement.ChildNodes.Count > 0)
{
this.CanonicalizationMethodObject.LoadInnerXml(canonicalizationMethodElement.ChildNodes);
}
// SignatureMethod -- must be present
XmlNodeList signatureMethodNodes = signedInfoElement.SelectNodes("ds:SignatureMethod", nsm);
if (signatureMethodNodes == null || signatureMethodNodes.Count == 0 || (!Utils.GetAllowAdditionalSignatureNodes() && signatureMethodNodes.Count > 1))
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "SignedInfo/SignatureMethod");
}
XmlElement signatureMethodElement = signatureMethodNodes.Item(0) as XmlElement;
expectedChildNodes += signatureMethodNodes.Count;
m_signatureMethod = Utils.GetAttribute(signatureMethodElement, "Algorithm", SignedXml.XmlDsigNamespaceUrl);
if ((m_signatureMethod == null && !Utils.GetSkipSignatureAttributeEnforcement()) || !Utils.VerifyAttributes(signatureMethodElement, "Algorithm"))
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "SignedInfo/SignatureMethod");
}
// Now get the output length if we are using a MAC algorithm
XmlElement signatureLengthElement = signatureMethodElement.SelectSingleNode("ds:HMACOutputLength", nsm) as XmlElement;
if (signatureLengthElement != null)
{
m_signatureLength = signatureLengthElement.InnerXml;
}
// flush out any reference that was there
m_references.Clear();
// Reference - 0 or more
XmlNodeList referenceNodes = signedInfoElement.SelectNodes("ds:Reference", nsm);
if (referenceNodes != null)
{
if (referenceNodes.Count > Utils.GetMaxReferencesPerSignedInfo())
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "SignedInfo/Reference");
}
foreach (XmlNode node in referenceNodes)
{
XmlElement referenceElement = node as XmlElement;
Reference reference = new Reference();
AddReference(reference);
reference.LoadXml(referenceElement);
}
expectedChildNodes += referenceNodes.Count;
}
// Verify that there aren't any extra nodes that aren't allowed
if (!Utils.GetAllowAdditionalSignatureNodes() && (signedInfoElement.SelectNodes("*").Count != expectedChildNodes))
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "SignedInfo");
}
// Save away the cached value
m_cachedXml = signedInfoElement;
}
public void LoadXml(XmlElement value)
{
if (value == null)
{
throw new ArgumentNullException("value");
}
XmlElement element = value;
if (!element.LocalName.Equals("SignedInfo"))
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "SignedInfo");
}
XmlNamespaceManager nsmgr = new XmlNamespaceManager(value.OwnerDocument.NameTable);
nsmgr.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
this.m_id = System.Security.Cryptography.Xml.Utils.GetAttribute(element, "Id", "http://www.w3.org/2000/09/xmldsig#");
XmlElement element2 = element.SelectSingleNode("ds:CanonicalizationMethod", nsmgr) as XmlElement;
if (element2 == null)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "SignedInfo/CanonicalizationMethod");
}
this.m_canonicalizationMethod = System.Security.Cryptography.Xml.Utils.GetAttribute(element2, "Algorithm", "http://www.w3.org/2000/09/xmldsig#");
this.m_canonicalizationMethodTransform = null;
if (element2.ChildNodes.Count > 0)
{
this.CanonicalizationMethodObject.LoadInnerXml(element2.ChildNodes);
}
XmlElement element3 = element.SelectSingleNode("ds:SignatureMethod", nsmgr) as XmlElement;
if (element3 == null)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "SignedInfo/SignatureMethod");
}
this.m_signatureMethod = System.Security.Cryptography.Xml.Utils.GetAttribute(element3, "Algorithm", "http://www.w3.org/2000/09/xmldsig#");
XmlElement element4 = element3.SelectSingleNode("ds:HMACOutputLength", nsmgr) as XmlElement;
if (element4 != null)
{
this.m_signatureLength = element4.InnerXml;
}
this.m_references.Clear();
XmlNodeList list = element.SelectNodes("ds:Reference", nsmgr);
if (list != null)
{
foreach (XmlNode node in list)
{
XmlElement element5 = node as XmlElement;
Reference reference = new Reference();
this.AddReference(reference);
reference.LoadXml(element5);
}
}
this.m_cachedXml = element;
}
public void LoadXml (XmlElement value)
{
if (value == null)
throw new ArgumentNullException ("value");
if ((value.LocalName != XmlSignature.ElementNames.Manifest) || (value.NamespaceURI != XmlSignature.NamespaceURI))
throw new CryptographicException ();
id = GetAttribute (value, XmlSignature.AttributeNames.Id);
for (int i = 0; i < value.ChildNodes.Count; i++) {
XmlNode n = value.ChildNodes [i];
if (n.NodeType == XmlNodeType.Element &&
n.LocalName == XmlSignature.ElementNames.Reference &&
n.NamespaceURI == XmlSignature.NamespaceURI) {
Reference r = new Reference ();
r.LoadXml ((XmlElement) n);
AddReference (r);
}
}
element = value;
}
public void LoadXml (XmlElement value)
{
if (value == null)
throw new ArgumentNullException ("value");
if ((value.LocalName != XmlSignature.ElementNames.SignedInfo) || (value.NamespaceURI != XmlSignature.NamespaceURI))
throw new CryptographicException ();
id = GetAttribute (value, XmlSignature.AttributeNames.Id);
c14nMethod = XmlSignature.GetAttributeFromElement (value, XmlSignature.AttributeNames.Algorithm, XmlSignature.ElementNames.CanonicalizationMethod);
XmlElement sm = XmlSignature.GetChildElement (value, XmlSignature.ElementNames.SignatureMethod, XmlSignature.NamespaceURI);
if (sm != null) {
signatureMethod = sm.GetAttribute (XmlSignature.AttributeNames.Algorithm);
XmlElement length = XmlSignature.GetChildElement (sm, XmlSignature.ElementNames.HMACOutputLength, XmlSignature.NamespaceURI);
if (length != null) {
signatureLength = length.InnerText;
}
}
for (int i = 0; i < value.ChildNodes.Count; i++) {
XmlNode n = value.ChildNodes [i];
if (n.NodeType == XmlNodeType.Element &&
n.LocalName == XmlSignature.ElementNames.Reference &&
n.NamespaceURI == XmlSignature.NamespaceURI) {
Reference r = new Reference ();
r.LoadXml ((XmlElement) n);
AddReference (r);
}
}
element = value;
}
public void LoadXml(XmlElement value) {
if (value == null)
throw new ArgumentNullException("value");
// SignedInfo
XmlElement signedInfoElement = value;
if (!signedInfoElement.LocalName.Equals("SignedInfo"))
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "SignedInfo");
XmlNamespaceManager nsm = new XmlNamespaceManager(value.OwnerDocument.NameTable);
nsm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);
// Id attribute -- optional
m_id = Utils.GetAttribute(signedInfoElement, "Id", SignedXml.XmlDsigNamespaceUrl);
// CanonicalizationMethod -- must be present
XmlElement canonicalizationMethodElement = signedInfoElement.SelectSingleNode("ds:CanonicalizationMethod", nsm) as XmlElement;
if (canonicalizationMethodElement == null)
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"),"SignedInfo/CanonicalizationMethod");
m_canonicalizationMethod = Utils.GetAttribute(canonicalizationMethodElement, "Algorithm", SignedXml.XmlDsigNamespaceUrl);
m_canonicalizationMethodTransform = null;
if (canonicalizationMethodElement.ChildNodes.Count > 0)
this.CanonicalizationMethodObject.LoadInnerXml(canonicalizationMethodElement.ChildNodes);
// SignatureMethod -- must be present
XmlElement signatureMethodElement = signedInfoElement.SelectSingleNode("ds:SignatureMethod", nsm) as XmlElement;
if (signatureMethodElement == null)
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"),"SignedInfo/SignatureMethod");
m_signatureMethod = Utils.GetAttribute(signatureMethodElement, "Algorithm", SignedXml.XmlDsigNamespaceUrl);
// Now get the output length if we are using a MAC algorithm
XmlElement signatureLengthElement = signatureMethodElement.SelectSingleNode("ds:HMACOutputLength", nsm) as XmlElement;
if (signatureLengthElement != null)
m_signatureLength = signatureLengthElement.InnerXml;
// flush out any reference that was there
m_references.Clear();
XmlNodeList referenceNodes = signedInfoElement.SelectNodes("ds:Reference", nsm);
if (referenceNodes != null) {
foreach(XmlNode node in referenceNodes) {
XmlElement referenceElement = node as XmlElement;
Reference reference = new Reference();
AddReference(reference);
reference.LoadXml(referenceElement);
}
}
// Save away the cached value
m_cachedXml = signedInfoElement;
}
