File: system\security\cryptography\xml\SignedXmlDebugLog.cs
Project: ndp\clr\src\managedlibraries\security\System.Security.csproj (System.Security)
// ==++==
// 
//   Copyright (c) Microsoft Corporation.  All rights reserved.
// 
// ==--==
// <OWNER>Microsoft</OWNER>
// 
 
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Globalization;
using System.IO;
using System.Reflection;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Xml;
 
namespace System.Security.Cryptography.Xml {
    /// <summary>
    ///     Trace support for debugging issues signing and verifying XML signatures.
    /// </summary>
    internal static class SignedXmlDebugLog {
 
        //
        // In order to enable XML digital signature debug loggging, applications should setup their config
        // file to be similar to the following:
        //     
        // <configuration>
        //   <system.diagnostics>
        //     <sources>
        //       <source name="System.Security.Cryptography.Xml.SignedXml"
        //               switchName="XmlDsigLogSwitch">
        //         <listeners>
        //           <add name="logFile" />
        //         </listeners>
        //       </source>
        //     </sources>
        //     <switches>
        //       <add name="XmlDsigLogSwitch" value="Verbose" />
        //     </switches>
        //     <sharedListeners>
        //       <add name="logFile"
        //            type="System.Diagnostics.TextWriterTraceListener"
        //            initializeData="XmlDsigLog.txt"/>
        //     </sharedListeners>
        //     <trace autoflush="true">
        //       <listeners>
        //         <add name="logFile" />
        //       </listeners>
        //     </trace>
        //   </system.diagnostics>
        // </configuration>
        //
 
        private const string NullString = "(null)";
 
        private static TraceSource s_traceSource = new TraceSource("System.Security.Cryptography.Xml.SignedXml");
        private static volatile bool s_haveVerboseLogging;
        private static volatile bool s_verboseLogging;
        private static volatile bool s_haveInformationLogging;
        private static volatile bool s_informationLogging;
 
        /// <summary>
        ///     Types of events that are logged to the debug log
        /// </summary>
        internal enum SignedXmlDebugEvent {
            /// <summary>
            ///     Canonicalization of input XML has begun
            /// </summary>
            BeginCanonicalization,
 
            /// <summary>
            ///     Verificaiton of the signature format itself is beginning
            /// </summary>
            BeginCheckSignatureFormat,
 
            /// <summary>
            ///     Verification of a signed info is beginning
            /// </summary>
            BeginCheckSignedInfo,
 
            /// <summary>
            ///     Signing is beginning
            /// </summary>
            BeginSignatureComputation,
 
            /// <summary>
            ///     Signature verification is beginning
            /// </summary>
            BeginSignatureVerification,
 
            /// <summary>
            ///     Input data has been transformed to its canonicalized form
            /// </summary>
            CanonicalizedData,
 
            /// <summary>
            ///     The result of signature format validation
            /// </summary>
            FormatValidationResult,
 
            /// <summary>
            ///     Namespaces are being propigated into the signature
            /// </summary>
            NamespacePropagation,
 
            /// <summary>
            ///     Output from a Reference
            /// </summary>
            ReferenceData,
 
            /// <summary>
            ///     The result of a signature verification
            /// </summary>
            SignatureVerificationResult,
 
            /// <summary>
            ///     Calculating the final signature
            /// </summary>
            Signing,
 
            /// <summary>
            ///     A reference is being hashed
            /// </summary>
            SigningReference,
 
            /// <summary>
            ///     A signature has failed to verify
            /// </summary>
            VerificationFailure,
 
            /// <summary>
            ///     Verify that a reference has the correct hash value
            /// </summary>
            VerifyReference,
 
            /// <summary>
            ///     Verification is processing the SignedInfo section of the signature
            /// </summary>
            VerifySignedInfo,
 
            /// <summary>
            ///     Verification status on the x.509 certificate in use
            /// </summary>
            X509Verification,
 
            /// <summary>
            ///     The signature is being rejected by the signature format verifier due to having
            ///     a canonicalization algorithm which is not on the known valid list.
            /// </summary>
            UnsafeCanonicalizationMethod,
 
            /// <summary>
            ///     The signature is being rejected by the signature verifier due to having
            ///     a transform algorithm which is not on the known valid list.
            /// </summary>
            UnsafeTransformMethod,
        }
 
        /// <summary>
        ///     Check to see if logging should be done in this process
        /// </summary>
        private static bool InformationLoggingEnabled {
            get {
                if (!s_haveInformationLogging)
                {
                    s_informationLogging = s_traceSource.Switch.ShouldTrace(TraceEventType.Information);
                    s_haveInformationLogging = true;
                }
 
                return s_informationLogging;
            }
        }
 
        /// <summary>
        ///     Check to see if verbose log messages should be generated
        /// </summary>
        private static bool VerboseLoggingEnabled {
            get {
                if (!s_haveVerboseLogging)
                {
                    s_verboseLogging = s_traceSource.Switch.ShouldTrace(TraceEventType.Verbose);
                    s_haveVerboseLogging = true;
                }
 
                return s_verboseLogging;
            }
        }
 
        /// <summary>
        ///     Convert the byte array into a hex string
        /// </summary>
        private static string FormatBytes(byte[] bytes) {
            if (bytes == null)
                return NullString;
 
            StringBuilder builder = new StringBuilder(bytes.Length * 2);
            foreach (byte b in bytes) {
                builder.Append(b.ToString("x2", CultureInfo.InvariantCulture));
            }
 
            return builder.ToString();
        }
 
        /// <summary>
        ///     Map a key to a string describing the key
        /// </summary>
        private static string GetKeyName(object key) {
            Debug.Assert(key != null, "key != null");
 
            ICspAsymmetricAlgorithm cspKey = key as ICspAsymmetricAlgorithm;
            X509Certificate certificate = key as X509Certificate;
            X509Certificate2 certificate2 = key as X509Certificate2;
 
            //
            // Use the following sources for key names, if available:
            //
            // * CAPI key         -> key container name
            // * X509Certificate2 -> subject simple name
            // * X509Certificate  -> subject name
            // * All others       -> hash code
            //
 
            string keyName = null;
            if (cspKey != null && cspKey.CspKeyContainerInfo.KeyContainerName != null) {
                keyName = String.Format(CultureInfo.InvariantCulture,
                                        "\"{0}\"",
                                        cspKey.CspKeyContainerInfo.KeyContainerName);
            }
            else if (certificate2 != null) {
                keyName = String.Format(CultureInfo.InvariantCulture,
                                        "\"{0}\"",
                                        certificate2.GetNameInfo(X509NameType.SimpleName, false));
            }
            else if (certificate != null) {
                keyName = String.Format(CultureInfo.InvariantCulture,
                                        "\"{0}\"",
                                        certificate.Subject);
            }
            else {
                keyName = key.GetHashCode().ToString("x8", CultureInfo.InvariantCulture);
            }
 
            return String.Format(CultureInfo.InvariantCulture, "{0}#{1}", key.GetType().Name, keyName);
        }
 
        /// <summary>
        ///     Map an object to a string describing the object
        /// </summary>
        private static string GetObjectId(object o) {
            Debug.Assert(o != null, "o != null");
 
            return String.Format(CultureInfo.InvariantCulture,
                                 "{0}#{1}", o.GetType().Name,
                                 o.GetHashCode().ToString("x8", CultureInfo.InvariantCulture));
        }
 
        /// <summary>
        ///     Map an OID to the friendliest name possible
        /// </summary>
        private static string GetOidName(Oid oid) {
            Debug.Assert(oid != null, "oid != null");
 
            string friendlyName = oid.FriendlyName;
            if (String.IsNullOrEmpty(friendlyName))
                friendlyName = oid.Value;
 
            return friendlyName;
        }
 
        /// <summary>
        ///     Log that canonicalization has begun on input data
        /// </summary>
        /// <param name="signedXml">SignedXml object doing the signing or verification</param>
        /// <param name="canonicalizationTransform">transform canonicalizing the input</param>
        internal static void LogBeginCanonicalization(SignedXml signedXml, Transform canonicalizationTransform) {
            Debug.Assert(signedXml != null, "signedXml != null");
            Debug.Assert(canonicalizationTransform != null, "canonicalizationTransform != null");
 
            if (InformationLoggingEnabled) {
                string logMessage = String.Format(CultureInfo.InvariantCulture,
                                                  SecurityResources.GetResourceString("Log_BeginCanonicalization"),
                                                  canonicalizationTransform.Algorithm,
                                                  canonicalizationTransform.GetType().Name);
                WriteLine(signedXml,
                          TraceEventType.Information,
                          SignedXmlDebugEvent.BeginCanonicalization,
                          logMessage);
            }
 
            if (VerboseLoggingEnabled) {
                string canonicalizationSettings = String.Format(CultureInfo.InvariantCulture,
                                                                SecurityResources.GetResourceString("Log_CanonicalizationSettings"),
                                                                canonicalizationTransform.Resolver.GetType(),
                                                                canonicalizationTransform.BaseURI);
                WriteLine(signedXml,
                          TraceEventType.Verbose,
                          SignedXmlDebugEvent.BeginCanonicalization,
                          canonicalizationSettings);
            }
        }
 
        /// <summary>
        ///     Log that we're going to be validating the signature format itself
        /// </summary>
        /// <param name="signedXml">SignedXml object doing the verification</param>
        /// <param name="formatValidator">Callback delegate which is being used for format verification</param>
        internal static void LogBeginCheckSignatureFormat(SignedXml signedXml, Func<SignedXml, bool> formatValidator) {
            Debug.Assert(signedXml != null, "signedXml != null");
            Debug.Assert(formatValidator != null, "formatValidator != null");
 
            if (InformationLoggingEnabled) {
                MethodInfo validationMethod = formatValidator.Method;
 
                string logMessage = String.Format(CultureInfo.InvariantCulture,
                                                  SecurityResources.GetResourceString("Log_CheckSignatureFormat"),
                                                  validationMethod.Module.Assembly.FullName,
                                                  validationMethod.DeclaringType.FullName,
                                                  validationMethod.Name);
                WriteLine(signedXml, TraceEventType.Information, SignedXmlDebugEvent.BeginCheckSignatureFormat, logMessage);
            }
        }
 
        /// <summary>
        ///     Log that checking SignedInfo is beginning
        /// </summary>
        /// <param name="signedXml">SignedXml object doing the verification</param>
        /// <param name="signedInfo">SignedInfo object being verified</param>
        internal static void LogBeginCheckSignedInfo(SignedXml signedXml, SignedInfo signedInfo) {
            Debug.Assert(signedXml != null, "signedXml != null");
            Debug.Assert(signedInfo != null, " signedInfo != null");
 
            if (InformationLoggingEnabled) {
                string logMessage = String.Format(CultureInfo.InvariantCulture,
                                                  SecurityResources.GetResourceString("Log_CheckSignedInfo"),
                                                  signedInfo.Id != null ? signedInfo.Id : NullString);
                WriteLine(signedXml, TraceEventType.Information, SignedXmlDebugEvent.BeginCheckSignedInfo, logMessage);
            }
        }
 
        /// <summary>
        ///     Log that signature computation is beginning
        /// </summary>
        /// <param name="signedXml">SignedXml object doing the signing</param>
        /// <param name="context">Context of the signature</param>
        internal static void LogBeginSignatureComputation(SignedXml signedXml, XmlElement context) {
            Debug.Assert(signedXml != null, "signedXml != null");
 
            if (InformationLoggingEnabled) {
                WriteLine(signedXml,
                          TraceEventType.Information,
                          SignedXmlDebugEvent.BeginSignatureComputation,
                          SecurityResources.GetResourceString("Log_BeginSignatureComputation"));
            }
 
            if (VerboseLoggingEnabled) {
                string contextData = String.Format(CultureInfo.InvariantCulture,
                                                   SecurityResources.GetResourceString("Log_XmlContext"),
                                                   context != null ? context.OuterXml : NullString);
 
                WriteLine(signedXml,
                          TraceEventType.Verbose,
                          SignedXmlDebugEvent.BeginSignatureComputation,
                          contextData);
            }
        }
 
        /// <summary>
        ///     Log that signature verification is beginning
        /// </summary>
        /// <param name="signedXml">SignedXml object doing the verification</param>
        /// <param name="context">Context of the verification</param>
        internal static void LogBeginSignatureVerification(SignedXml signedXml, XmlElement context) {
            Debug.Assert(signedXml != null, "signedXml != null");
            
            if (InformationLoggingEnabled) {
                WriteLine(signedXml,
                          TraceEventType.Information,
                          SignedXmlDebugEvent.BeginSignatureVerification,
                          SecurityResources.GetResourceString("Log_BeginSignatureVerification"));
            }
 
            if (VerboseLoggingEnabled) {
                string contextData = String.Format(CultureInfo.InvariantCulture,
                                                   SecurityResources.GetResourceString("Log_XmlContext"),
                                                   context != null ? context.OuterXml : NullString);
 
                WriteLine(signedXml,
                          TraceEventType.Verbose,
                          SignedXmlDebugEvent.BeginSignatureVerification,
                          contextData);
            }
        }
 
        /// <summary>
        ///     Log the canonicalized data
        /// </summary>
        /// <param name="signedXml">SignedXml object doing the signing or verification</param>
        /// <param name="canonicalizationTransform">transform canonicalizing the input</param>
        internal static void LogCanonicalizedOutput(SignedXml signedXml, Transform canonicalizationTransform) {
            Debug.Assert(signedXml != null, "signedXml != null");
            Debug.Assert(canonicalizationTransform != null, "canonicalizationTransform != null");
 
            if (VerboseLoggingEnabled) {
                using (StreamReader reader = new StreamReader(canonicalizationTransform.GetOutput(typeof(Stream)) as Stream)) {
                    string logMessage = String.Format(CultureInfo.InvariantCulture,
                                                      SecurityResources.GetResourceString("Log_CanonicalizedOutput"),
                                                      reader.ReadToEnd());
                    WriteLine(signedXml,
                              TraceEventType.Verbose,
                              SignedXmlDebugEvent.CanonicalizedData,
                              logMessage);
                }
            }
        }
 
        /// <summary>
        ///     Log that the signature format callback has rejected the signature
        /// </summary>
        /// <param name="signedXml">SignedXml object doing the signature verification</param>
        /// <param name="result">result of the signature format verification</param>
        internal static void LogFormatValidationResult(SignedXml signedXml, bool result) {
            Debug.Assert(signedXml != null, "signedXml != null");
 
            if (InformationLoggingEnabled) {
                string logMessage = result ? SecurityResources.GetResourceString("Log_FormatValidationSuccessful") :
                                             SecurityResources.GetResourceString("Log_FormatValidationNotSuccessful");
                WriteLine(signedXml, TraceEventType.Information, SignedXmlDebugEvent.FormatValidationResult, logMessage);
            }
        }
 
        /// <summary>
        ///     Log that a signature is being rejected as having an invalid format due to its canonicalization
        ///     algorithm not being on the valid list.
        /// </summary>
        /// <param name="signedXml">SignedXml object doing the signature verification</param>
        /// <param name="result">result of the signature format verification</param>
        internal static void LogUnsafeCanonicalizationMethod(SignedXml signedXml, string algorithm, IEnumerable<string> validAlgorithms) {
            Debug.Assert(signedXml != null, "signedXml != null");
            Debug.Assert(validAlgorithms != null, "validAlgorithms != null");
 
            if (InformationLoggingEnabled) {
                StringBuilder validAlgorithmBuilder = new StringBuilder();
                foreach (string validAlgorithm in validAlgorithms) {
                    if (validAlgorithmBuilder.Length != 0) {
                        validAlgorithmBuilder.Append(", ");
                    }
 
                    validAlgorithmBuilder.AppendFormat("\"{0}\"", validAlgorithm);
                }
 
                string logMessage = String.Format(CultureInfo.InvariantCulture,
                                                  SecurityResources.GetResourceString("Log_UnsafeCanonicalizationMethod"),
                                                  algorithm,
                                                  validAlgorithmBuilder.ToString());
 
                WriteLine(signedXml, TraceEventType.Information, SignedXmlDebugEvent.UnsafeCanonicalizationMethod, logMessage);
            }
        }
 
        /// <summary>
        ///     Log that a signature is being rejected as having an invalid signature due to a transform
        ///     algorithm not being on the valid list.
        /// </summary>
        /// <param name="signedXml">SignedXml object doing the signature verification</param>
        /// <param name="algorithm">Transform algorithm that was not allowed</param>
        /// <param name="validC14nAlgorithms">The valid C14N algorithms</param>
        /// <param name="validTransformAlgorithms">The valid C14N algorithms</param>
        internal static void LogUnsafeTransformMethod(
            SignedXml signedXml,
            string algorithm,
            IEnumerable<string> validC14nAlgorithms,
            IEnumerable<string> validTransformAlgorithms)
        {
            Debug.Assert(signedXml != null, "signedXml != null");
            Debug.Assert(validC14nAlgorithms != null, "validC14nAlgorithms != null");
            Debug.Assert(validTransformAlgorithms != null, "validTransformAlgorithms != null");
 
            if (InformationLoggingEnabled) {
                StringBuilder validAlgorithmBuilder = new StringBuilder();
                foreach (string validAlgorithm in validC14nAlgorithms) {
                    if (validAlgorithmBuilder.Length != 0) {
                        validAlgorithmBuilder.Append(", ");
                    }
 
                    validAlgorithmBuilder.AppendFormat("\"{0}\"", validAlgorithm);
                }
 
                foreach (string validAlgorithm in validTransformAlgorithms) {
                    if (validAlgorithmBuilder.Length != 0) {
                        validAlgorithmBuilder.Append(", ");
                    }
 
                    validAlgorithmBuilder.AppendFormat("\"{0}\"", validAlgorithm);
                }
 
                string logMessage = String.Format(CultureInfo.InvariantCulture,
                                                  SecurityResources.GetResourceString("Log_UnsafeTransformMethod"),
                                                  algorithm,
                                                  validAlgorithmBuilder.ToString());
 
                WriteLine(signedXml, TraceEventType.Information, SignedXmlDebugEvent.UnsafeTransformMethod, logMessage);
            }
        }
 
        /// <summary>
        ///     Log namespaces which are being propigated into the singature
        /// </summary>
        /// <param name="signedXml">SignedXml doing the signing or verification</param>
        /// <param name="namespaces">namespaces being propigated</param>
        internal static void LogNamespacePropagation(SignedXml signedXml, XmlNodeList namespaces) {
            Debug.Assert(signedXml != null, "signedXml != null");
 
            if (InformationLoggingEnabled) {
                if (namespaces != null) {
                    foreach (XmlAttribute propagatedNamespace in namespaces) {
                        string propagationMessage = String.Format(CultureInfo.InvariantCulture,
                                                                  SecurityResources.GetResourceString("Log_PropagatingNamespace"),
                                                                  propagatedNamespace.Name,
                                                                  propagatedNamespace.Value);
 
                        WriteLine(signedXml,
                                  TraceEventType.Information,
                                  SignedXmlDebugEvent.NamespacePropagation,
                                  propagationMessage);
                    }
                }
                else {
                    WriteLine(signedXml,
                              TraceEventType.Information,
                              SignedXmlDebugEvent.NamespacePropagation,
                              SecurityResources.GetResourceString("Log_NoNamespacesPropagated"));
                }
            }
        }
 
        /// <summary>
        ///     Log the output of a reference
        /// </summary>
        /// <param name="reference">The reference being processed</param>
        /// <param name="data">Stream containing the output of the reference</param>
        /// <returns>Stream containing the output of the reference</returns>
        internal static Stream LogReferenceData(Reference reference, Stream data) {
            if (VerboseLoggingEnabled) {
                //
                // Since the input data stream could be from the network or another source that does not
                // support rewinding, we will read the stream into a temporary MemoryStream that can be used
                // to stringify the output and also return to the reference so that it can produce the hash
                // value.
                //
 
                MemoryStream ms = new MemoryStream();
 
                // First read the input stream into our temporary stream
                byte[] buffer = new byte[4096];
                int readBytes = 0;
                do {
                    readBytes = data.Read(buffer, 0, buffer.Length);
                    ms.Write(buffer, 0, readBytes);
                } while (readBytes == buffer.Length);
 
                // Log out information about it
                string logMessage = String.Format(CultureInfo.InvariantCulture,
                                                  SecurityResources.GetResourceString("Log_TransformedReferenceContents"),
                                                  Encoding.UTF8.GetString(ms.ToArray()));
                WriteLine(reference,
                          TraceEventType.Verbose,
                          SignedXmlDebugEvent.ReferenceData,
                          logMessage);
 
                // Rewind to the beginning, so that the entire input stream is hashed
                ms.Seek(0, SeekOrigin.Begin);
                return ms;
            }
            else {
                return data;
            }
        }
 
        /// <summary>
        ///     Log the computation of a signature value when signing with an asymmetric algorithm
        /// </summary>
        /// <param name="signedXml">SignedXml object calculating the signature</param>
        /// <param name="key">key used for signing</param>
        /// <param name="signatureDescription">signature description being used to create the signature</param>
        /// <param name="hash">hash algorithm used to digest the output</param>
        /// <param name="asymmetricSignatureFormatter">signature formatter used to do the signing</param>
        internal static void LogSigning(SignedXml signedXml,
                                        object key,
                                        SignatureDescription signatureDescription,
                                        HashAlgorithm hash,
                                        AsymmetricSignatureFormatter asymmetricSignatureFormatter) {
            Debug.Assert(signedXml != null, "signedXml != null");
            Debug.Assert(signatureDescription != null, "signatureDescription != null");
            Debug.Assert(hash != null, "hash != null");
            Debug.Assert(asymmetricSignatureFormatter != null, "asymmetricSignatureFormatter != null");
 
            if (InformationLoggingEnabled) {
                string logMessage = String.Format(CultureInfo.InvariantCulture,
                                                  SecurityResources.GetResourceString("Log_SigningAsymmetric"),
                                                  GetKeyName(key),
                                                  signatureDescription.GetType().Name,
                                                  hash.GetType().Name,
                                                  asymmetricSignatureFormatter.GetType().Name);
 
                WriteLine(signedXml,
                          TraceEventType.Information,
                          SignedXmlDebugEvent.Signing,
                          logMessage);
            }
        }
 
        /// <summary>
        ///     Log the computation of a signature value when signing with a keyed hash algorithm
        /// </summary>
        /// <param name="signedXml">SignedXml object calculating the signature</param>
        /// <param name="key">key the signature is created with</param>
        /// <param name="hash">hash algorithm used to digest the output</param>
        /// <param name="asymmetricSignatureFormatter">signature formatter used to do the signing</param>
        internal static void LogSigning(SignedXml signedXml, KeyedHashAlgorithm key) {
            Debug.Assert(signedXml != null, "signedXml != null");
            Debug.Assert(key != null, "key != null");
 
            if (InformationLoggingEnabled) {
                string logMessage = String.Format(CultureInfo.InvariantCulture,
                                                  SecurityResources.GetResourceString("Log_SigningHmac"),
                                                  key.GetType().Name);
 
                WriteLine(signedXml,
                          TraceEventType.Information,
                          SignedXmlDebugEvent.Signing,
                          logMessage);
            }
        }
 
        /// <summary>
        ///     Log the calculation of a hash value of a reference
        /// </summary>
        /// <param name="signedXml">SignedXml object driving the signature</param>
        /// <param name="reference">Reference being hashed</param>
        internal static void LogSigningReference(SignedXml signedXml, Reference reference) {
            Debug.Assert(signedXml != null, "signedXml != null");
            Debug.Assert(reference != null, "reference != null");
 
            if (VerboseLoggingEnabled) {
                HashAlgorithm hashAlgorithm = Utils.CreateFromName<HashAlgorithm>(reference.DigestMethod);
                string hashAlgorithmName = hashAlgorithm == null ? "null" : hashAlgorithm.GetType().Name;
                string logMessage = String.Format(CultureInfo.InvariantCulture,
                                                  SecurityResources.GetResourceString("Log_SigningReference"),
                                                  GetObjectId(reference),
                                                  reference.Uri,
                                                  reference.Id,
                                                  reference.Type,
                                                  reference.DigestMethod,
                                                  hashAlgorithmName);
 
                WriteLine(signedXml,
                          TraceEventType.Verbose,
                          SignedXmlDebugEvent.SigningReference,
                          logMessage);
            }
        }
 
        /// <summary>
        ///     Log the specific point where a signature is determined to not be verifiable
        /// </summary>
        /// <param name="signedXml">SignedXml object doing the verification</param>
        /// <param name="failureLocation">location that the signature was determined to be invalid</param>
        internal static void LogVerificationFailure(SignedXml signedXml, string failureLocation) {
            if (InformationLoggingEnabled) {
                string logMessage = String.Format(CultureInfo.InvariantCulture,
                                                  SecurityResources.GetResourceString("Log_VerificationFailed"),
                                                  failureLocation);
 
                WriteLine(signedXml,
                          TraceEventType.Information,
                          SignedXmlDebugEvent.VerificationFailure,
                          logMessage);
            }
        }
 
        /// <summary>
        ///     Log the success or failure of a signature verification operation
        /// </summary>
        /// <param name="signedXml">SignedXml object doing the verification</param>
        /// <param name="key">public key used to verify the signature</param>
        /// <param name="verified">true if the signature verified, false otherwise</param>
        internal static void LogVerificationResult(SignedXml signedXml, object key, bool verified) {
            Debug.Assert(signedXml != null, "signedXml != null");
            Debug.Assert(key != null, "key != null");
 
            if (InformationLoggingEnabled) {
                string resource = verified ? SecurityResources.GetResourceString("Log_VerificationWithKeySuccessful") :
                                             SecurityResources.GetResourceString("Log_VerificationWithKeyNotSuccessful");
                string logMessage = String.Format(CultureInfo.InvariantCulture,
                                                  resource,
                                                  GetKeyName(key));
 
                WriteLine(signedXml,
                          TraceEventType.Information,
                          SignedXmlDebugEvent.SignatureVerificationResult,
                          logMessage);
            }
        }
 
        /// <summary>
        ///     Log the check for appropriate X509 key usage
        /// </summary>
        /// <param name="signedXml">SignedXml doing the signature verification</param>
        /// <param name="certificate">certificate having its key usages checked</param>
        /// <param name="keyUsages">key usages being examined</param>
        internal static void LogVerifyKeyUsage(SignedXml signedXml, X509Certificate certificate, X509KeyUsageExtension keyUsages) {
            Debug.Assert(signedXml != null, "signedXml != null");
            Debug.Assert(certificate != null, "certificate != null");
 
            if (InformationLoggingEnabled) {
                string logMessage = String.Format(CultureInfo.InvariantCulture,
                                                  SecurityResources.GetResourceString("Log_KeyUsages"),
                                                  keyUsages.KeyUsages,
                                                  GetOidName(keyUsages.Oid),
                                                  GetKeyName(certificate));
 
                WriteLine(signedXml,
                          TraceEventType.Verbose,
                          SignedXmlDebugEvent.X509Verification,
                          logMessage);
            }
        }
 
        /// <summary>
        ///     Log that we are verifying a reference
        /// </summary>
        /// <param name="signedXml">SignedXMl object doing the verification</param>
        /// <param name="reference">reference being verified</param>
        internal static void LogVerifyReference(SignedXml signedXml, Reference reference) {
            Debug.Assert(signedXml != null, "signedXml != null");
            Debug.Assert(reference != null, "reference != null");
 
            if (InformationLoggingEnabled) {
                string logMessage = String.Format(CultureInfo.InvariantCulture,
                                                  SecurityResources.GetResourceString("Log_VerifyReference"),
                                                  GetObjectId(reference),
                                                  reference.Uri,
                                                  reference.Id,
                                                  reference.Type);
 
                WriteLine(signedXml,
                          TraceEventType.Verbose,
                          SignedXmlDebugEvent.VerifyReference,
                          logMessage);
            }
        }
 
        /// <summary>
        ///     Log the hash comparison when verifying a reference
        /// </summary>
        /// <param name="signedXml">SignedXml object verifying the signature</param>
        /// <param name="reference">reference being verified</param>
        /// <param name="actualHash">actual hash value of the reference</param>
        /// <param name="expectedHash">hash value the signature expected the reference to have</param>
        internal static void LogVerifyReferenceHash(SignedXml signedXml,
                                                    Reference reference,
                                                    byte[] actualHash,
                                                    byte[] expectedHash) {
            Debug.Assert(signedXml != null, "signedXml != null");
            Debug.Assert(reference != null, "reference != null");
            Debug.Assert(actualHash != null, "actualHash != null");
            Debug.Assert(expectedHash != null, "expectedHash != null");
 
            if (VerboseLoggingEnabled) {
                HashAlgorithm hashAlgorithm = Utils.CreateFromName<HashAlgorithm>(reference.DigestMethod);
                string hashAlgorithmName = hashAlgorithm == null ? "null" : hashAlgorithm.GetType().Name;
                string logMessage = String.Format(CultureInfo.InvariantCulture,
                                                  SecurityResources.GetResourceString("Log_ReferenceHash"),
                                                  GetObjectId(reference),
                                                  reference.DigestMethod,
                                                  hashAlgorithmName,
                                                  FormatBytes(actualHash),
                                                  FormatBytes(expectedHash));
 
                WriteLine(signedXml,
                          TraceEventType.Verbose,
                          SignedXmlDebugEvent.VerifyReference,
                          logMessage);
            }
        }
 
        /// <summary>
        ///     Log the verification parameters when verifying the SignedInfo section of a signature using an
        ///     asymmetric key
        /// </summary>
        /// <param name="signedXml">SignedXml object doing the verification</param>
        /// <param name="key">key being used to verify the signed info</param>
        /// <param name="signatureDescription">type of signature description class used</param>
        /// <param name="hashAlgorithm">type of hash algorithm used</param>
        /// <param name="asymmetricSignatureDeformatter">type of signature deformatter used</param>
        /// <param name="actualHashValue">hash value of the signed info</param>
        /// <param name="signatureValue">raw signature value</param>
        internal static void LogVerifySignedInfo(SignedXml signedXml,
                                                 AsymmetricAlgorithm key,
                                                 SignatureDescription signatureDescription,
                                                 HashAlgorithm hashAlgorithm,
                                                 AsymmetricSignatureDeformatter asymmetricSignatureDeformatter,
                                                 byte[] actualHashValue,
                                                 byte[] signatureValue) {
            Debug.Assert(signedXml != null, "signedXml != null");
            Debug.Assert(signatureDescription != null, "signatureDescription != null");
            Debug.Assert(hashAlgorithm != null, "hashAlgorithm != null");
            Debug.Assert(asymmetricSignatureDeformatter != null, "asymmetricSignatureDeformatter != null");
 
            if (InformationLoggingEnabled) {
                string logMessage = String.Format(CultureInfo.InvariantCulture,
                                                  SecurityResources.GetResourceString("Log_VerifySignedInfoAsymmetric"),
                                                  GetKeyName(key),
                                                  signatureDescription.GetType().Name,
                                                  hashAlgorithm.GetType().Name,
                                                  asymmetricSignatureDeformatter.GetType().Name);
                WriteLine(signedXml,
                          TraceEventType.Information,
                          SignedXmlDebugEvent.VerifySignedInfo,
                          logMessage);
            }
 
            if (VerboseLoggingEnabled) {
                string hashLog = String.Format(CultureInfo.InvariantCulture,
                                               SecurityResources.GetResourceString("Log_ActualHashValue"),
                                               FormatBytes(actualHashValue));
                WriteLine(signedXml, TraceEventType.Verbose, SignedXmlDebugEvent.VerifySignedInfo, hashLog);
 
                string signatureLog = String.Format(CultureInfo.InvariantCulture,
                                                    SecurityResources.GetResourceString("Log_RawSignatureValue"),
                                                    FormatBytes(signatureValue));
                WriteLine(signedXml, TraceEventType.Verbose, SignedXmlDebugEvent.VerifySignedInfo, signatureLog);
            }
        }
 
        /// <summary>
        ///     Log the verification parameters when verifying the SignedInfo section of a signature using a
        ///     keyed hash algorithm
        /// </summary>
        /// <param name="signedXml">SignedXml object doing the verification</param>
        /// <param name="mac">hash algoirthm doing the verification</param>
        /// <param name="actualHashValue">hash value of the signed info</param>
        /// <param name="signatureValue">raw signature value</param>
        internal static void LogVerifySignedInfo(SignedXml signedXml,
                                                 KeyedHashAlgorithm mac,
                                                 byte[] actualHashValue,
                                                 byte[] signatureValue) {
            Debug.Assert(signedXml != null, "signedXml != null");
            Debug.Assert(mac != null, "mac != null");
 
            if (InformationLoggingEnabled) {
                string logMessage = String.Format(CultureInfo.InvariantCulture,
                                                  SecurityResources.GetResourceString("Log_VerifySignedInfoHmac"),
                                                  mac.GetType().Name);
                WriteLine(signedXml,
                          TraceEventType.Information,
                          SignedXmlDebugEvent.VerifySignedInfo,
                          logMessage);
            }
 
            if (VerboseLoggingEnabled) {
                string hashLog = String.Format(CultureInfo.InvariantCulture,
                                               SecurityResources.GetResourceString("Log_ActualHashValue"),
                                               FormatBytes(actualHashValue));
                WriteLine(signedXml, TraceEventType.Verbose, SignedXmlDebugEvent.VerifySignedInfo, hashLog);
 
                string signatureLog = String.Format(CultureInfo.InvariantCulture,
                                                    SecurityResources.GetResourceString("Log_RawSignatureValue"),
                                                    FormatBytes(signatureValue));
                WriteLine(signedXml, TraceEventType.Verbose, SignedXmlDebugEvent.VerifySignedInfo, signatureLog);
            }
        }
 
        /// <summary>
        ///     Log that an X509 chain is being built for a certificate
        /// </summary>
        /// <param name="signedXml">SignedXml object building the chain</param>
        /// <param name="chain">chain built for the certificate</param>
        /// <param name="certificate">certificate having the chain built for it</param>
        internal static void LogVerifyX509Chain(SignedXml signedXml, X509Chain chain, X509Certificate certificate) {
            Debug.Assert(signedXml != null, "signedXml != null");
            Debug.Assert(certificate != null, "certificate != null");
            Debug.Assert(chain != null, "chain != null");
 
            if (InformationLoggingEnabled) {
                string buildMessage = String.Format(CultureInfo.InvariantCulture,
                                                    SecurityResources.GetResourceString("Log_BuildX509Chain"),
                                                    GetKeyName(certificate));
                WriteLine(signedXml,
                          TraceEventType.Information,
                          SignedXmlDebugEvent.X509Verification,
                          buildMessage);
            }
 
            if (VerboseLoggingEnabled) {
                // Dump out the flags and other miscelanious information used for building
                string revocationMode = String.Format(CultureInfo.InvariantCulture,
                                                      SecurityResources.GetResourceString("Log_RevocationMode"),
                                                      chain.ChainPolicy.RevocationFlag);
                WriteLine(signedXml, TraceEventType.Verbose, SignedXmlDebugEvent.X509Verification, revocationMode);
 
                string revocationFlag = String.Format(CultureInfo.InvariantCulture,
                                                      SecurityResources.GetResourceString("Log_RevocationFlag"),
                                                      chain.ChainPolicy.RevocationFlag);
                WriteLine(signedXml, TraceEventType.Verbose, SignedXmlDebugEvent.X509Verification, revocationFlag);
 
                string verificationFlags = String.Format(CultureInfo.InvariantCulture,
                                                         SecurityResources.GetResourceString("Log_VerificationFlag"),
                                                         chain.ChainPolicy.VerificationFlags);
                WriteLine(signedXml, TraceEventType.Verbose, SignedXmlDebugEvent.X509Verification, verificationFlags);
 
                string verificationTime = String.Format(CultureInfo.InvariantCulture,
                                                        SecurityResources.GetResourceString("Log_VerificationTime"),
                                                        chain.ChainPolicy.VerificationTime);
                WriteLine(signedXml, TraceEventType.Verbose, SignedXmlDebugEvent.X509Verification, verificationTime);
 
                string urlTimeout = String.Format(CultureInfo.InvariantCulture,
                                                  SecurityResources.GetResourceString("Log_UrlTimeout"),
                                                  chain.ChainPolicy.UrlRetrievalTimeout);
                WriteLine(signedXml, TraceEventType.Verbose, SignedXmlDebugEvent.X509Verification, urlTimeout);
            }
 
            // If there were any errors in the chain, make sure to dump those out
            if (InformationLoggingEnabled) {
                foreach (X509ChainStatus status in chain.ChainStatus) {
                    if (status.Status != X509ChainStatusFlags.NoError) {
                        string logMessage = String.Format(CultureInfo.InvariantCulture,
                                                          SecurityResources.GetResourceString("Log_X509ChainError"),
                                                          status.Status,
                                                          status.StatusInformation);
 
                        WriteLine(signedXml,
                                  TraceEventType.Information,
                                  SignedXmlDebugEvent.X509Verification,
                                  logMessage);
                    }
                }
            }
 
            // Finally, dump out the chain itself
            if (VerboseLoggingEnabled) {                
                StringBuilder chainElements = new StringBuilder();
                chainElements.Append(SecurityResources.GetResourceString("Log_CertificateChain"));
 
                foreach (X509ChainElement element in chain.ChainElements) {
                    chainElements.AppendFormat(CultureInfo.InvariantCulture, " {0}", GetKeyName(element.Certificate));
                }
 
                WriteLine(signedXml,
                          TraceEventType.Verbose,
                          SignedXmlDebugEvent.X509Verification,
                          chainElements.ToString());
            }
        }
 
        /// <summary>
        /// Write informaiton when user hits the Signed XML recursion depth limit issue.
        /// This is helpful in debugging this kind of issues.
        /// </summary>
        /// <param name="signedXml">SignedXml object verifying the signature</param>
        /// <param name="reference">reference being verified</param>
        internal static void LogSignedXmlRecursionLimit(SignedXml signedXml,
                                                        Reference reference) {
            Debug.Assert(signedXml != null, "signedXml != null");
            Debug.Assert(reference != null, "reference != null");
 
            if (InformationLoggingEnabled) {
                HashAlgorithm hashAlgorithm = Utils.CreateFromName<HashAlgorithm>(reference.DigestMethod);
                string hashAlgorithmName = hashAlgorithm == null ? "null" : hashAlgorithm.GetType().Name;
                string logMessage = String.Format(CultureInfo.InvariantCulture,
                                                    SecurityResources.GetResourceString("Log_SignedXmlRecursionLimit"),
                                                    GetObjectId(reference),
                                                    reference.DigestMethod,
                                                    hashAlgorithmName);
 
                WriteLine(signedXml,
                            TraceEventType.Information,
                            SignedXmlDebugEvent.VerifySignedInfo,
                            logMessage);
            }
        }
 
        /// <summary>
        ///     Write data to the log
        /// </summary>
        /// <param name="source">object doing the trace</param>
        /// <param name="eventType">severity of the debug event</param>
        /// <param name="data">data being written</param>
        /// <param name="eventId">type of event being traced</param>
        private static void WriteLine(object source, TraceEventType eventType, SignedXmlDebugEvent eventId, string data) {
            Debug.Assert(source != null, "source != null");
            Debug.Assert(!String.IsNullOrEmpty(data), "!String.IsNullOrEmpty(data)");
            Debug.Assert(InformationLoggingEnabled, "InformationLoggingEnabled");
 
            s_traceSource.TraceEvent(eventType,
                                    (int)eventId,
                                    "[{0}, {1}] {2}",
                                    GetObjectId(source),
                                    eventId,
                                    data);
        }
    }
}