Discuss this help topic in SecureBlackbox Forum

XML: Verify manifest references

To verify the references in the manifest, you need to

  1. Locate the manifest by enumerating signature objects using Signature.Objects property and, for each Object, its Objects[].DataList list, and checking, if one of the elements in the DataList is of TElXMLManifest type;
  2. Enumerate references in the manifest using TElXMLManifest.Count and TElXMLManifest.Reference[] properties;
  3. based on the value of Reference.URI property validate the reference - for example compare DigestValue with a pre-caclulated digest value of the file/object or set appropriate Ref.URIData/URINode/URIStream property and recalculate the digest value.

The code sample below verifies references contained in the signature manifest:

C#:


for (int i = 0; i < XMLVerifier.Signature.Objects.Count; i++)
// check the object by Id (if we know which object should contain Manifest)
// or process all objects
{
  TElXMLObject Obj = XMLVerifier.Signature.get_Objects(i);
  for (int j = 0; j < Obj.DataList.Count; j++)
	if (Obj.DataList[j] is TElXMLManifest)
	{
	   TElXMLManifest manifest = (TElXMLManifest)Obj.DataList[j];
	   for (int k = 0; k < manifest.Count; k++)
	   {
		  TElXMLReference Ref = manifest.get_Reference(k);
		  // based on Ref.URI value validate the reference
		  // for example compare DigestValue with a pre-caclulated digest
		  // value of the file/object
		  // or set appropriate Ref.URIData/URINode/URIStream property
		  // and recalculate the digest value, for example:
		  byte[] RefDigest = Ref.DigestValue;
		  try
		  {
			Ref.URINode = ...
			Ref.UpdateDigestValue();
			bool ValidationResult = SBUtils.Unit.CompareMem(RefDigest, Reference.DigestValue);
		  }
		  finally
		  {
			Ref.DigestValue = RefDigest;
		  }
	   }
	}
}

How To articles about XML signing (XMLDSig and XAdES)

Discuss this help topic in SecureBlackbox Forum