Imported Upstream version 5.10.0.47

Former-commit-id: d0813289fa2d35e1f8ed77530acb4fb1df441bc0
2018-01-24 17:04:36 +00:00
parent 88ff76fe28
commit e46a49ecf1
5927 changed files with 226314 additions and 129848 deletions
--- a/mcs/class/System.Security/System.Security.Cryptography.Xml/SignedXml.cs
+++ b/mcs/class/System.Security/System.Security.Cryptography.Xml/SignedXml.cs
@ -734,6 +734,97 @@ namespace System.Security.Cryptography.Xml {
 			return xel;
 		}

+		internal static XmlElement DefaultGetIdElement(XmlDocument document, string idValue)
+		{
+			if (document == null)
+				return null;
+
+			try
+			{
+				XmlConvert.VerifyNCName(idValue);
+			}
+			catch
+			{
+				// Identifiers are required to be an NCName
+				//   (xml:id version 1.0, part 4, paragraph 2, bullet 1)
+				//
+				// If it isn't an NCName, it isn't allowed to match.
+				return null;
+			}
+
+			// Get the element with idValue
+			XmlElement elem = document.GetElementById(idValue);
+
+			if (elem != null)
+			{
+				// Have to check for duplicate ID values from the DTD.
+
+				XmlDocument docClone = (XmlDocument)document.CloneNode(true);
+				XmlElement cloneElem = docClone.GetElementById(idValue);
+
+				// If it's null here we want to know about it, because it means that
+				// GetElementById failed to work across the cloning, and our uniqueness
+				// test is invalid.
+				System.Diagnostics.Debug.Assert(cloneElem != null);
+
+				// Guard against null anyways
+				if (cloneElem != null)
+				{
+					cloneElem.Attributes.RemoveAll();
+
+					XmlElement cloneElem2 = docClone.GetElementById(idValue);
+
+					if (cloneElem2 != null)
+					{
+						throw new CryptographicException(
+							SR.Cryptography_Xml_InvalidReference);
+					}
+				}
+
+				return elem;
+			}
+
+			elem = GetSingleReferenceTarget(document, "Id", idValue);
+			if (elem != null)
+				return elem;
+			elem = GetSingleReferenceTarget(document, "id", idValue);
+			if (elem != null)
+				return elem;
+			elem = GetSingleReferenceTarget(document, "ID", idValue);
+
+			return elem;
+		}
+
+		private static XmlElement GetSingleReferenceTarget(XmlDocument document, string idAttributeName, string idValue)
+		{
+			// idValue has already been tested as an NCName (unless overridden for compatibility), so there's no
+			// escaping that needs to be done here.
+			string xPath = "//*[@" + idAttributeName + "=\"" + idValue + "\"]";
+
+			// http://www.w3.org/TR/xmldsig-core/#sec-ReferenceProcessingModel says that for the form URI="#chapter1":
+			//
+			//   Identifies a node-set containing the element with ID attribute value 'chapter1' ...
+			//
+			// Note that it uses the singular. Therefore, if the match is ambiguous, we should consider the document invalid.
+			//
+			// In this case, we'll treat it the same as having found nothing across all fallbacks (but shortcut so that we don't
+			// fall into a trap of finding a secondary element which wasn't the originally signed one).
+
+			XmlNodeList nodeList = document.SelectNodes(xPath);
+
+			if (nodeList == null || nodeList.Count == 0)
+			{
+				return null;
+			}
+
+			if (nodeList.Count == 1)
+			{
+				return nodeList[0] as XmlElement;
+			}
+
+			throw new CryptographicException(SR.Cryptography_Xml_InvalidReference);
+		}
+
 		// According to book ".NET Framework Security" this method
 		// iterates all possible keys then return null
 		protected virtual AsymmetricAlgorithm GetPublicKey ()