internal SecurityToken ResolveToken(SecurityKeyIdentifierClause keyIdentifierClause, bool matchOnlyExternal, bool resolveIntrinsicKeyClause)
{
if (keyIdentifierClause == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("keyIdentifierClause");
}
SecurityToken resolvedToken = null;
for (int i = 0; i < this.tokenCount; i++)
{
if (matchOnlyExternal && tokens[i].AllowedReferenceStyle != SecurityTokenReferenceStyle.External)
{
continue;
}
SecurityToken token = tokens[i].Token;
if (tokens[i].TokenParameters != null && tokens[i].TokenParameters.MatchesKeyIdentifierClause(token, keyIdentifierClause, tokens[i].AllowedReferenceStyle))
{
resolvedToken = token;
break;
}
else if (tokens[i].TokenParameters == null)
{
// match it according to the allowed reference style
if (tokens[i].AllowedReferenceStyle == SecurityTokenReferenceStyle.Internal && MatchDirectReference(token, keyIdentifierClause))
{
resolvedToken = token;
break;
}
}
}
if ((resolvedToken == null) && (keyIdentifierClause is EncryptedKeyIdentifierClause))
{
EncryptedKeyIdentifierClause keyClause = (EncryptedKeyIdentifierClause)keyIdentifierClause;
SecurityKeyIdentifier wrappingTokenReference = keyClause.EncryptingKeyIdentifier;
SecurityToken unwrappingToken;
if (this.expectedWrapper != null
&& CheckExternalWrapperMatch(wrappingTokenReference))
unwrappingToken = this.expectedWrapper;
else
unwrappingToken = ResolveToken(wrappingTokenReference, true, resolveIntrinsicKeyClause);
if (unwrappingToken != null)
{
resolvedToken = SecurityUtils.CreateTokenFromEncryptedKeyClause(keyClause, unwrappingToken);
}
}
if ((resolvedToken == null) && (keyIdentifierClause is X509RawDataKeyIdentifierClause) && (!matchOnlyExternal) && (resolveIntrinsicKeyClause))
{
resolvedToken = new X509SecurityToken(new X509Certificate2(((X509RawDataKeyIdentifierClause)keyIdentifierClause).GetX509RawData()));
}
byte[] derivationNonce = keyIdentifierClause.GetDerivationNonce();
if ((resolvedToken != null) && (derivationNonce != null))
{
// A Implicit Derived Key is specified. Create a derived key off of the resolve token.
if (SecurityUtils.GetSecurityKey<SymmetricSecurityKey>(resolvedToken) == null)
{
// The resolved token contains no Symmetric Security key and thus we cannot create
// a derived key off of it.
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.UnableToDeriveKeyFromKeyInfoClause, keyIdentifierClause, resolvedToken)));
}
int derivationLength = (keyIdentifierClause.DerivationLength == 0) ? DerivedKeySecurityToken.DefaultDerivedKeyLength : keyIdentifierClause.DerivationLength;
if (derivationLength > this.securityHeader.MaxDerivedKeyLength)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.DerivedKeyLengthSpecifiedInImplicitDerivedKeyClauseTooLong, keyIdentifierClause.ToString(), derivationLength, this.securityHeader.MaxDerivedKeyLength)));
bool alreadyDerived = false;
for (int i = 0; i < this.tokenCount; ++i)
{
DerivedKeySecurityToken derivedKeyToken = this.tokens[i].Token as DerivedKeySecurityToken;
if (derivedKeyToken != null)
{
if ((derivedKeyToken.Length == derivationLength) &&
(CryptoHelper.IsEqual(derivedKeyToken.Nonce, derivationNonce)) &&
(derivedKeyToken.TokenToDerive.MatchesKeyIdentifierClause(keyIdentifierClause)))
{
// This is a implcit derived key for which we have already derived the
// token.
resolvedToken = this.tokens[i].Token;
alreadyDerived = true;
break;
}
}
}
if (!alreadyDerived)
{
string psha1Algorithm = SecurityUtils.GetKeyDerivationAlgorithm(this.securityHeader.StandardsManager.MessageSecurityVersion.SecureConversationVersion);
resolvedToken = new DerivedKeySecurityToken(-1, 0, derivationLength, null, derivationNonce, resolvedToken, keyIdentifierClause, psha1Algorithm, SecurityUtils.GenerateId());
((DerivedKeySecurityToken)resolvedToken).InitializeDerivedKey(derivationLength);
Add(resolvedToken, SecurityTokenReferenceStyle.Internal, null);
this.securityHeader.EnsureDerivedKeyLimitNotReached();
}
}
return resolvedToken;
}
internal SecurityToken ResolveToken(SecurityKeyIdentifierClause keyIdentifierClause, bool matchOnlyExternal, bool resolveIntrinsicKeyClause)
{
if (keyIdentifierClause == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("keyIdentifierClause");
}
SecurityToken token = null;
for (int i = 0; i < this.tokenCount; i++)
{
if (!matchOnlyExternal || (this.tokens[i].AllowedReferenceStyle == SecurityTokenReferenceStyle.External))
{
SecurityToken token2 = this.tokens[i].Token;
if ((this.tokens[i].TokenParameters != null) && this.tokens[i].TokenParameters.MatchesKeyIdentifierClause(token2, keyIdentifierClause, this.tokens[i].AllowedReferenceStyle))
{
token = token2;
break;
}
if (((this.tokens[i].TokenParameters == null) && (this.tokens[i].AllowedReferenceStyle == SecurityTokenReferenceStyle.Internal)) && this.MatchDirectReference(token2, keyIdentifierClause))
{
token = token2;
break;
}
}
}
if ((token == null) && (keyIdentifierClause is EncryptedKeyIdentifierClause))
{
SecurityToken expectedWrapper;
EncryptedKeyIdentifierClause keyClause = (EncryptedKeyIdentifierClause) keyIdentifierClause;
SecurityKeyIdentifier encryptingKeyIdentifier = keyClause.EncryptingKeyIdentifier;
if ((this.expectedWrapper != null) && this.CheckExternalWrapperMatch(encryptingKeyIdentifier))
{
expectedWrapper = this.expectedWrapper;
}
else
{
expectedWrapper = this.ResolveToken(encryptingKeyIdentifier, true, resolveIntrinsicKeyClause);
}
if (expectedWrapper != null)
{
token = System.ServiceModel.Security.SecurityUtils.CreateTokenFromEncryptedKeyClause(keyClause, expectedWrapper);
}
}
if (((token == null) && (keyIdentifierClause is X509RawDataKeyIdentifierClause)) && (!matchOnlyExternal && resolveIntrinsicKeyClause))
{
token = new X509SecurityToken(new X509Certificate2(((X509RawDataKeyIdentifierClause) keyIdentifierClause).GetX509RawData()));
}
byte[] derivationNonce = keyIdentifierClause.GetDerivationNonce();
if ((token != null) && (derivationNonce != null))
{
if (System.ServiceModel.Security.SecurityUtils.GetSecurityKey<SymmetricSecurityKey>(token) == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnableToDeriveKeyFromKeyInfoClause", new object[] { keyIdentifierClause, token })));
}
int length = (keyIdentifierClause.DerivationLength == 0) ? 0x20 : keyIdentifierClause.DerivationLength;
if (length > this.securityHeader.MaxDerivedKeyLength)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("DerivedKeyLengthSpecifiedInImplicitDerivedKeyClauseTooLong", new object[] { keyIdentifierClause.ToString(), length, this.securityHeader.MaxDerivedKeyLength })));
}
bool flag = false;
for (int j = 0; j < this.tokenCount; j++)
{
DerivedKeySecurityToken token4 = this.tokens[j].Token as DerivedKeySecurityToken;
if (((token4 != null) && (token4.Length == length)) && (CryptoHelper.IsEqual(token4.Nonce, derivationNonce) && token4.TokenToDerive.MatchesKeyIdentifierClause(keyIdentifierClause)))
{
token = this.tokens[j].Token;
flag = true;
break;
}
}
if (!flag)
{
string keyDerivationAlgorithm = System.ServiceModel.Security.SecurityUtils.GetKeyDerivationAlgorithm(this.securityHeader.StandardsManager.MessageSecurityVersion.SecureConversationVersion);
token = new DerivedKeySecurityToken(-1, 0, length, null, derivationNonce, token, keyIdentifierClause, keyDerivationAlgorithm, System.ServiceModel.Security.SecurityUtils.GenerateId());
((DerivedKeySecurityToken) token).InitializeDerivedKey(length);
this.Add(token, SecurityTokenReferenceStyle.Internal, null);
this.securityHeader.EnsureDerivedKeyLimitNotReached();
}
}
return token;
}
