public static void Encrypt(XmlDocument Doc, string ElementToEncrypt, string EncryptionElementID, RSA Alg, string KeyName)
{
// Check the arguments.
if (Doc == null)
{
throw new ArgumentNullException("Doc");
}
if (ElementToEncrypt == null)
{
throw new ArgumentNullException("ElementToEncrypt");
}
if (EncryptionElementID == null)
{
throw new ArgumentNullException("EncryptionElementID");
}
if (Alg == null)
{
throw new ArgumentNullException("Alg");
}
if (KeyName == null)
{
throw new ArgumentNullException("KeyName");
}
////////////////////////////////////////////////
// Find the specified element in the XmlDocument
// object and create a new XmlElemnt object.
////////////////////////////////////////////////
XmlElement elementToEncrypt = Doc.GetElementsByTagName(ElementToEncrypt)[0] as XmlElement;
// Throw an XmlException if the element was not found.
if (elementToEncrypt == null)
{
throw new XmlException("The specified element was not found");
}
//////////////////////////////////////////////////
// Create a new instance of the EncryptedXml class
// and use it to encrypt the XmlElement with the
// a new random symmetric key.
//////////////////////////////////////////////////
// Create a 256 bit Rijndael key.
RijndaelManaged sessionKey = new RijndaelManaged();
sessionKey.KeySize = 256;
EncryptedXml eXml = new EncryptedXml();
byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, sessionKey, false);
////////////////////////////////////////////////
// Construct an EncryptedData object and populate
// it with the desired encryption information.
////////////////////////////////////////////////
EncryptedData edElement = new EncryptedData();
edElement.Type = EncryptedXml.XmlEncElementUrl;
edElement.Id = EncryptionElementID;
// Create an EncryptionMethod element so that the
// receiver knows which algorithm to use for decryption.
edElement.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
// Encrypt the session key and add it to an EncryptedKey element.
EncryptedKey ek = new EncryptedKey();
ek.Id = "keyID";
byte[] encryptedKey = EncryptedXml.EncryptKey(sessionKey.Key, Alg, false);
ek.CipherData = new CipherData(encryptedKey);
ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
// Set the KeyInfo element to specify the
// name of the RSA key.
// Create a new KeyInfo element.
edElement.KeyInfo = new KeyInfo();
// Create a new KeyInfoName element.
KeyInfoName kin = new KeyInfoName();
// Specify a name for the key.
kin.Value = KeyName;
// Add the KeyInfoName element to the
// EncryptedKey object.
ek.KeyInfo.AddClause(kin);
// Create a new KeyReference object.
// Use the uri of the encrypted key.
KeyReference kryRef = new KeyReference("#keyID");
ek.AddReference(kryRef);
// Create a new DataReference element
// for the KeyInfo element. This optional
// element specifies which EncryptedData
// uses this key. An XML document can have
// multiple EncryptedData elements that use
// different keys.
DataReference dRef = new DataReference();
// Specify the EncryptedData URI.
dRef.Uri = "#" + EncryptionElementID;
// Add the DataReference to the EncryptedKey.
ek.AddReference(dRef);
// Add the encrypted key to the
// EncryptedData object.
edElement.KeyInfo.AddClause(new KeyInfoEncryptedKey(ek));
// Add the encrypted element data to the
// EncryptedData object.
edElement.CipherData.CipherValue = encryptedElement;
////////////////////////////////////////////////////
// Replace the element from the original XmlDocument
// object with the EncryptedData element.
////////////////////////////////////////////////////
EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false);
}
object ReadContent(XmlReader reader)
{
reader.MoveToContent();
if (reader.NodeType != XmlNodeType.Element)
{
throw new XmlException(String.Format("Node type {0} is not expected as a WS-Security message header content.", reader.NodeType));
}
switch (reader.NamespaceURI)
{
case Constants.WsuNamespace:
switch (reader.LocalName)
{
case "Timestamp":
return(ReadTimestamp(reader));
}
break;
//case Constants.WstNamespace:
case Constants.Wss11Namespace:
if (reader.LocalName == "SignatureConfirmation")
{
return(ReadSignatureConfirmation(reader, doc));
}
break;
case SignedXml.XmlDsigNamespaceUrl:
switch (reader.LocalName)
{
case "Signature":
WSSignedXml sxml = new WSSignedXml(doc);
sxml.Signature.LoadXml((XmlElement)doc.ReadNode(reader));
UpdateSignatureKeyInfo(sxml.Signature, doc, serializer);
return(sxml);
}
break;
case EncryptedXml.XmlEncNamespaceUrl:
switch (reader.LocalName)
{
case "EncryptedData":
XmlElement el = (XmlElement)doc.ReadNode(reader);
return(CreateEncryptedData(el));
case "ReferenceList":
ReferenceList rl = new ReferenceList();
reader.Read();
for (reader.MoveToContent();
reader.NodeType != XmlNodeType.EndElement;
reader.MoveToContent())
{
switch (reader.LocalName)
{
case "DataReference":
DataReference dref = new DataReference();
dref.LoadXml((XmlElement)doc.ReadNode(reader));
rl.Add(dref);
continue;
case "KeyReference":
KeyReference kref = new KeyReference();
kref.LoadXml((XmlElement)doc.ReadNode(reader));
rl.Add(kref);
continue;
}
throw new XmlException(String.Format("Unexpected {2} node '{0}' in namespace '{1}' in ReferenceList.", reader.Name, reader.NamespaceURI, reader.NodeType));
}
reader.ReadEndElement();
return(rl);
}
break;
}
// SecurityTokenReference will be handled here.
// This order (Token->KeyIdentifierClause) is
// important because WrappedKey could be read
// in both context (but must be a token here).
if (serializer.CanReadToken(reader))
{
return(serializer.ReadToken(reader, resolver));
}
else if (serializer.CanReadKeyIdentifierClause(reader))
{
return(serializer.ReadKeyIdentifierClause(reader));
}
else
{
throw new XmlException(String.Format("Unexpected element '{0}' in namespace '{1}' as a WS-Security message header content.", reader.Name, reader.NamespaceURI));
}
}
public void AddReference(KeyReference keyReference)
{
}
public void AddReference(KeyReference keyReference) {}
