Skip to content

Commit

Permalink
Merge pull request #1123 from Sustainsys/empty_ref_exception
Browse files Browse the repository at this point in the history 
More informative exception for empty signature reference URI
  • Loading branch information
@AndersAbel
AndersAbel committed Oct 31, 2019
2 parents 353c015 + 9911947 commit c56c23b
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 0 deletions.
4 changes: 4 additions & 0 deletions Sustainsys.Saml2/XmlHelpers.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -451,6 +451,10 @@ private static void FixSignatureIndex(SignedXml signedXml, XmlElement signatureE
}

var reference = (Reference)signedXml.SignedInfo.References[0];
if ( string.IsNullOrWhiteSpace( reference.Uri ) )
{
throw new InvalidSignatureException( "Empty reference for Xml signature is not allowed." );
}
var id = reference.Uri.Substring(1);

var idElement = signedXml.GetIdElement(xmlElement.OwnerDocument, id);
Expand Down
25 changes: 25 additions & 0 deletions Tests/Tests.Shared/XmlHelpersTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -238,6 +238,31 @@ public void XmlHelpers_IsSignedBy_ThrowsOnMissingReferenceInSignature()
.And.Message.Should().Be("No reference found in Xml signature, it doesn't validate the Xml data.");
}

[TestMethod]
public void XmlHelpers_IsSignedBy_ThrowsOnEmptyReferencesInSignature()
{
var xml = "<xml ID=\"myxml\" />";

var xmlDoc = XmlHelpers.XmlDocumentFromString( xml );

var signedXml = new SignedXml( xmlDoc );
signedXml.SigningKey = SignedXmlHelper.TestCert.PrivateKey;
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;

var ref1 = new Reference { Uri = "" };
ref1.AddTransform( new XmlDsigEnvelopedSignatureTransform() );
ref1.AddTransform( new XmlDsigExcC14NTransform() );
signedXml.AddReference( ref1 );

signedXml.ComputeSignature();
xmlDoc.DocumentElement.AppendChild( xmlDoc.ImportNode( signedXml.GetXml(), true ) );

xmlDoc.DocumentElement.Invoking(
x => x.IsSignedBy( SignedXmlHelper.TestCert ) )
.Should().Throw<InvalidSignatureException>()
.And.Message.Should().Be( "Empty reference for Xml signature is not allowed." );
}

[TestMethod]
public void XmlHelpers_IsSignedBy_ThrowsOnDualReferencesInSignature()
{
Expand Down

0 comments on commit c56c23b

Please sign in to comment.