WrappedKeySecurityToken ReadWrappedKeySecurityTokenCore ( XmlReader reader, SecurityTokenResolver tokenResolver) { if (tokenResolver == null) throw new ArgumentNullException ("tokenResolver"); EncryptedKey ek = new EncryptedKey (); ek.LoadXml (new XmlDocument ().ReadNode (reader) as XmlElement); SecurityKeyIdentifier ki = new SecurityKeyIdentifier (); foreach (KeyInfoClause kic in ek.KeyInfo) ki.Add (ReadKeyIdentifierClause (new XmlNodeReader (kic.GetXml ()))); SecurityToken token = tokenResolver.ResolveToken (ki); string alg = ek.EncryptionMethod.KeyAlgorithm; foreach (SecurityKey skey in token.SecurityKeys) if (skey.IsSupportedAlgorithm (alg)) { byte [] key = skey.DecryptKey (alg, ek.CipherData.CipherValue); WrappedKeySecurityToken wk = new WrappedKeySecurityToken (ek.Id, key, alg, token, ki); // FIXME: This should not be required. wk.SetWrappedKey (ek.CipherData.CipherValue); wk.ReferenceList = ek.ReferenceList; return wk; } throw new InvalidOperationException (String.Format ("Cannot resolve security key with the resolved SecurityToken specified by the key identifier in the EncryptedKey XML. The key identifier is: {0}", ki)); }
WrappedKeySecurityToken CreateWrappedKeyToken(string id, string encryptionMethod, string carriedKeyName, SecurityKeyIdentifier unwrappingTokenIdentifier, byte[] wrappedKey, SecurityTokenResolver tokenResolver) { ISspiNegotiationInfo sspiResolver = tokenResolver as ISspiNegotiationInfo; if (sspiResolver != null) { ISspiNegotiation unwrappingSspiContext = sspiResolver.SspiNegotiation; // ensure that the encryption algorithm is compatible if (encryptionMethod != unwrappingSspiContext.KeyEncryptionAlgorithm) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.BadKeyEncryptionAlgorithm, encryptionMethod))); } byte[] unwrappedKey = unwrappingSspiContext.Decrypt(wrappedKey); return new WrappedKeySecurityToken(id, unwrappedKey, encryptionMethod, unwrappingSspiContext, unwrappedKey); } else { if (tokenResolver == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("tokenResolver")); } if (unwrappingTokenIdentifier == null || unwrappingTokenIdentifier.Count == 0) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.MissingKeyInfoInEncryptedKey))); } SecurityToken unwrappingToken; SecurityHeaderTokenResolver resolver = tokenResolver as SecurityHeaderTokenResolver; if (resolver != null) { unwrappingToken = resolver.ExpectedWrapper; if (unwrappingToken != null) { if (!resolver.CheckExternalWrapperMatch(unwrappingTokenIdentifier)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException( SR.GetString(SR.EncryptedKeyWasNotEncryptedWithTheRequiredEncryptingToken, unwrappingToken))); } } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException( SR.GetString(SR.UnableToResolveKeyInfoForUnwrappingToken, unwrappingTokenIdentifier, resolver))); } } else { try { unwrappingToken = tokenResolver.ResolveToken(unwrappingTokenIdentifier); } catch (Exception exception) { if (exception is MessageSecurityException) throw; throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException( SR.GetString(SR.UnableToResolveKeyInfoForUnwrappingToken, unwrappingTokenIdentifier, tokenResolver), exception)); } } SecurityKey unwrappingSecurityKey; byte[] unwrappedKey = SecurityUtils.DecryptKey(unwrappingToken, encryptionMethod, wrappedKey, out unwrappingSecurityKey); return new WrappedKeySecurityToken(id, unwrappedKey, encryptionMethod, unwrappingToken, unwrappingTokenIdentifier, wrappedKey, unwrappingSecurityKey); } }
private WrappedKeySecurityToken CreateWrappedKeyToken(string id, string encryptionMethod, string carriedKeyName, SecurityKeyIdentifier unwrappingTokenIdentifier, byte[] wrappedKey, SecurityTokenResolver tokenResolver) { SecurityToken expectedWrapper; SecurityKey key; ISspiNegotiationInfo info = tokenResolver as ISspiNegotiationInfo; if (info != null) { ISspiNegotiation sspiNegotiation = info.SspiNegotiation; if (encryptionMethod != sspiNegotiation.KeyEncryptionAlgorithm) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("BadKeyEncryptionAlgorithm", new object[] { encryptionMethod }))); } byte[] keyToWrap = sspiNegotiation.Decrypt(wrappedKey); return new WrappedKeySecurityToken(id, keyToWrap, encryptionMethod, sspiNegotiation, keyToWrap); } if (tokenResolver == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("tokenResolver")); } if ((unwrappingTokenIdentifier == null) || (unwrappingTokenIdentifier.Count == 0)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("MissingKeyInfoInEncryptedKey"))); } SecurityHeaderTokenResolver resolver = tokenResolver as SecurityHeaderTokenResolver; if (resolver != null) { expectedWrapper = resolver.ExpectedWrapper; if (expectedWrapper == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnableToResolveKeyInfoForUnwrappingToken", new object[] { unwrappingTokenIdentifier, resolver }))); } if (!resolver.CheckExternalWrapperMatch(unwrappingTokenIdentifier)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("EncryptedKeyWasNotEncryptedWithTheRequiredEncryptingToken", new object[] { expectedWrapper }))); } } else { try { expectedWrapper = tokenResolver.ResolveToken(unwrappingTokenIdentifier); } catch (Exception exception) { if (exception is MessageSecurityException) { throw; } throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnableToResolveKeyInfoForUnwrappingToken", new object[] { unwrappingTokenIdentifier, tokenResolver }), exception)); } } return new WrappedKeySecurityToken(id, System.ServiceModel.Security.SecurityUtils.DecryptKey(expectedWrapper, encryptionMethod, wrappedKey, out key), encryptionMethod, expectedWrapper, unwrappingTokenIdentifier, wrappedKey, key); }