Discuss this help topic in SecureBlackbox Forum
XML: Verify manifest references
To verify the references in the manifest, you need to
The code sample below verifies references contained in the signature manifest:
C#:
for (int i = 0; i < XMLVerifier.Signature.Objects.Count; i++)
// check the object by Id (if we know which object should contain Manifest)
// or process all objects
{
TElXMLObject Obj = XMLVerifier.Signature.get_Objects(i);
for (int j = 0; j < Obj.DataList.Count; j++)
if (Obj.DataList[j] is TElXMLManifest)
{
TElXMLManifest manifest = (TElXMLManifest)Obj.DataList[j];
for (int k = 0; k < manifest.Count; k++)
{
TElXMLReference Ref = manifest.get_Reference(k);
// based on Ref.URI value validate the reference
// for example compare DigestValue with a pre-caclulated digest
// value of the file/object
// or set appropriate Ref.URIData/URINode/URIStream property
// and recalculate the digest value, for example:
byte[] RefDigest = Ref.DigestValue;
try
{
Ref.URINode = ...
Ref.UpdateDigestValue();
bool ValidationResult = SBUtils.Unit.CompareMem(RefDigest, Reference.DigestValue);
}
finally
{
Ref.DigestValue = RefDigest;
}
}
}
}