/// <summary>
/// Decrypts the Password using the EncryptionAlgorithm and places the result in DecryptedPassword
/// </summary>
public override void Decrypt(X509Certificate2 certificate, byte[] senderNonce, string securityPolicyUri)
{
// handle no encryption.
if (String.IsNullOrEmpty(securityPolicyUri) || securityPolicyUri == SecurityPolicies.None)
{
m_decryptedTokenData = m_tokenData;
return;
}
EncryptedData encryptedData = new EncryptedData();
encryptedData.Data = m_tokenData;
encryptedData.Algorithm = m_encryptionAlgorithm;
byte[] decryptedTokenData = SecurityPolicies.Decrypt(
certificate,
securityPolicyUri,
encryptedData);
// verify the sender's nonce.
int startOfNonce = decryptedTokenData.Length;
if (senderNonce != null)
{
startOfNonce -= senderNonce.Length;
for (int ii = 0; ii < senderNonce.Length; ii++)
{
if (senderNonce[ii] != decryptedTokenData[ii+startOfNonce])
{
throw new ServiceResultException(StatusCodes.BadIdentityTokenRejected);
}
}
}
// copy results.
m_decryptedTokenData = new byte[startOfNonce];
Array.Copy(decryptedTokenData, m_decryptedTokenData, startOfNonce);
}
/// <summary>
/// Decrypts the CipherText using the SecurityPolicyUri and returns the PlainTetx.
/// </summary>
public static byte[] Decrypt(X509Certificate2 certificate, string securityPolicyUri, EncryptedData dataToDecrypt)
{
// check if nothing to do.
if (dataToDecrypt == null)
{
return null;
}
// nothing more to do if no encryption.
if (String.IsNullOrEmpty(securityPolicyUri))
{
return dataToDecrypt.Data;
}
// decrypt data.
switch (securityPolicyUri)
{
case SecurityPolicies.Basic256:
case SecurityPolicies.Basic256Sha256:
{
if (dataToDecrypt.Algorithm == SecurityAlgorithms.RsaOaep)
{
return RsaUtils.Decrypt(new ArraySegment<byte>(dataToDecrypt.Data), certificate, true);
}
break;
}
case SecurityPolicies.Basic128Rsa15:
{
if (dataToDecrypt.Algorithm == SecurityAlgorithms.Rsa15)
{
return RsaUtils.Decrypt(new ArraySegment<byte>(dataToDecrypt.Data), certificate, false);
}
break;
}
case SecurityPolicies.None:
{
if (String.IsNullOrEmpty(dataToDecrypt.Algorithm))
{
return dataToDecrypt.Data;
}
break;
}
default:
{
throw ServiceResultException.Create(
StatusCodes.BadSecurityPolicyRejected,
"Unsupported security policy: {0}",
securityPolicyUri);
}
}
throw ServiceResultException.Create(
StatusCodes.BadIdentityTokenInvalid,
"Unexpected encryption algorithm : {0}",
dataToDecrypt.Algorithm);
}
/// <summary>
/// Decrypts the Password using the EncryptionAlgorithm and places the result in DecryptedPassword
/// </summary>
public override void Decrypt(X509Certificate2 certificate, byte[] senderNonce, string securityPolicyUri)
{
// handle no encryption.
if (String.IsNullOrEmpty(securityPolicyUri) || securityPolicyUri == SecurityPolicies.None)
{
m_decryptedPassword = new UTF8Encoding().GetString(m_password, 0, m_password.Length);
return;
}
// decrypt.
EncryptedData encryptedData = new EncryptedData();
encryptedData.Data = m_password;
encryptedData.Algorithm = m_encryptionAlgorithm;
byte[] decryptedPassword = SecurityPolicies.Decrypt(
certificate,
securityPolicyUri,
encryptedData);
if (decryptedPassword == null)
{
m_decryptedPassword = null;
return;
}
// verify the sender's nonce.
int startOfNonce = decryptedPassword.Length;
if (senderNonce != null)
{
startOfNonce -= senderNonce.Length;
for (int ii = 0; ii < senderNonce.Length; ii++)
{
if (senderNonce[ii] != decryptedPassword[ii+startOfNonce])
{
throw new ServiceResultException(StatusCodes.BadIdentityTokenRejected);
}
}
}
// convert to UTF-8.
m_decryptedPassword = new UTF8Encoding().GetString(decryptedPassword, 0, startOfNonce);
}
/// <summary>
/// Encrypts the text using the SecurityPolicyUri and returns the result.
/// </summary>
public static EncryptedData Encrypt(X509Certificate2 certificate, string securityPolicyUri, byte[] plainText)
{
EncryptedData encryptedData = new EncryptedData();
encryptedData.Algorithm = null;
encryptedData.Data = plainText;
// check if nothing to do.
if (plainText == null)
{
return encryptedData;
}
// nothing more to do if no encryption.
if (String.IsNullOrEmpty(securityPolicyUri))
{
return encryptedData;
}
// encrypt data.
switch (securityPolicyUri)
{
case SecurityPolicies.Basic256:
case SecurityPolicies.Basic256Sha256:
{
encryptedData.Algorithm = SecurityAlgorithms.RsaOaep;
encryptedData.Data = RsaUtils.Encrypt(plainText, certificate, true);
break;
}
case SecurityPolicies.Basic128Rsa15:
{
encryptedData.Algorithm = SecurityAlgorithms.Rsa15;
encryptedData.Data = RsaUtils.Encrypt(plainText, certificate, false);
break;
}
case SecurityPolicies.None:
{
break;
}
default:
{
throw ServiceResultException.Create(
StatusCodes.BadSecurityPolicyRejected,
"Unsupported security policy: {0}",
securityPolicyUri);
}
}
return encryptedData;
}
