public EncryptedHeaderXml(MessageVersion version, bool shouldReadXmlReferenceKeyInfoClause)
{
this.version = version;
encryptedData = new EncryptedData();
// This is for the case when the service send an EncryptedHeader to the client where the KeyInfo clause contains referenceXml clause.
encryptedData.ShouldReadXmlReferenceKeyInfoClause = shouldReadXmlReferenceKeyInfoClause;
}
protected override byte[] DecryptSecurityHeaderElement(EncryptedData encryptedData, WrappedKeySecurityToken wrappedKeyToken, out SecurityToken encryptionToken)
{
if ((encryptedData.KeyIdentifier != null) || (wrappedKeyToken == null))
{
encryptionToken = ResolveKeyIdentifier(encryptedData.KeyIdentifier, base.CombinedPrimaryTokenResolver, false);
if ((((wrappedKeyToken != null) && (wrappedKeyToken.ReferenceList != null)) && (encryptedData.HasId && wrappedKeyToken.ReferenceList.ContainsReferredId(encryptedData.Id))) && (wrappedKeyToken != encryptionToken))
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("EncryptedKeyWasNotEncryptedWithTheRequiredEncryptingToken", new object[] { wrappedKeyToken })));
}
}
else
{
encryptionToken = wrappedKeyToken;
}
using (SymmetricAlgorithm algorithm = CreateDecryptionAlgorithm(encryptionToken, encryptedData.EncryptionMethod, base.AlgorithmSuite))
{
encryptedData.SetUpDecryption(algorithm);
return encryptedData.GetDecryptedBuffer();
}
}
void DecryptBody(XmlDictionaryReader bodyContentReader, SecurityToken token)
{
EncryptedData bodyXml = new EncryptedData();
bodyXml.ShouldReadXmlReferenceKeyInfoClause = this.MessageDirection == MessageDirection.Output;
bodyXml.SecurityTokenSerializer = this.StandardsManager.SecurityTokenSerializer;
bodyXml.ReadFrom(bodyContentReader, MaxReceivedMessageSize);
if (!bodyContentReader.EOF && bodyContentReader.NodeType != XmlNodeType.EndElement)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new FormatException(SR.GetString(SR.BadEncryptedBody)));
}
if (token == null)
{
token = ResolveKeyIdentifier(bodyXml.KeyIdentifier, this.PrimaryTokenResolver, false);
}
RecordEncryptionToken(token);
using (SymmetricAlgorithm algorithm = CreateDecryptionAlgorithm(token, bodyXml.EncryptionMethod, this.AlgorithmSuite))
{
bodyXml.SetUpDecryption(algorithm);
this.SecurityVerifiedMessage.SetDecryptedBody(bodyXml.GetDecryptedBuffer());
}
}
private void DecryptBody(XmlDictionaryReader bodyContentReader, SecurityToken token)
{
EncryptedData data = new EncryptedData {
SecurityTokenSerializer = base.StandardsManager.SecurityTokenSerializer
};
data.ReadFrom(bodyContentReader, base.MaxReceivedMessageSize);
if (!bodyContentReader.EOF && (bodyContentReader.NodeType != XmlNodeType.EndElement))
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new FormatException(System.ServiceModel.SR.GetString("BadEncryptedBody")));
}
if (token == null)
{
token = ResolveKeyIdentifier(data.KeyIdentifier, base.PrimaryTokenResolver, false);
}
base.RecordEncryptionToken(token);
using (SymmetricAlgorithm algorithm = CreateDecryptionAlgorithm(token, data.EncryptionMethod, base.AlgorithmSuite))
{
data.SetUpDecryption(algorithm);
base.SecurityVerifiedMessage.SetDecryptedBody(data.GetDecryptedBuffer());
}
}
EncryptedData CreateEncryptedData()
{
EncryptedData encryptedData = new EncryptedData();
encryptedData.SecurityTokenSerializer = this.StandardsManager.SecurityTokenSerializer;
encryptedData.KeyIdentifier = this.encryptionKeyIdentifier;
encryptedData.EncryptionMethod = this.EncryptionAlgorithm;
encryptedData.EncryptionMethodDictionaryString = this.EncryptionAlgorithmDictionaryString;
return encryptedData;
}
protected override byte[] DecryptSecurityHeaderElement(
EncryptedData encryptedData, WrappedKeySecurityToken wrappedKeyToken, out SecurityToken encryptionToken)
{
if ((encryptedData.KeyIdentifier != null) || (wrappedKeyToken == null))
{
// The EncryptedData might have a KeyInfo inside it. Try resolving the SecurityKeyIdentifier.
encryptionToken = ResolveKeyIdentifier(encryptedData.KeyIdentifier, this.CombinedPrimaryTokenResolver, false);
if (wrappedKeyToken != null && wrappedKeyToken.ReferenceList != null && encryptedData.HasId && wrappedKeyToken.ReferenceList.ContainsReferredId(encryptedData.Id) && (wrappedKeyToken != encryptionToken))
{
// We have a EncryptedKey with a ReferenceList inside it. This would mean that
// all the EncryptedData pointed by the ReferenceList should be encrypted only
// by this key. The individual EncryptedData elements if containing a KeyInfo
// clause should point back to the same EncryptedKey token.
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.EncryptedKeyWasNotEncryptedWithTheRequiredEncryptingToken, wrappedKeyToken)));
}
}
else
{
encryptionToken = wrappedKeyToken;
}
using (SymmetricAlgorithm algorithm = CreateDecryptionAlgorithm(encryptionToken, encryptedData.EncryptionMethod, this.AlgorithmSuite))
{
encryptedData.SetUpDecryption(algorithm);
return encryptedData.GetDecryptedBuffer();
}
}
protected override EncryptedData ReadSecurityHeaderEncryptedItem(XmlDictionaryReader reader, bool readXmlreferenceKeyInfoClause)
{
EncryptedData encryptedData = new EncryptedData();
encryptedData.ShouldReadXmlReferenceKeyInfoClause = readXmlreferenceKeyInfoClause;
encryptedData.SecurityTokenSerializer = this.StandardsManager.SecurityTokenSerializer;
encryptedData.ReadFrom(reader);
return encryptedData;
}
protected override EncryptedData ReadSecurityHeaderEncryptedItem(XmlDictionaryReader reader)
{
EncryptedData data = new EncryptedData {
SecurityTokenSerializer = base.StandardsManager.SecurityTokenSerializer
};
data.ReadFrom(reader);
return data;
}
public void WriteBodyToSignThenEncryptWithFragments(
Stream stream, bool includeComments, string[] inclusivePrefixes,
EncryptedData encryptedData, SymmetricAlgorithm algorithm, XmlDictionaryWriter writer)
{
IFragmentCapableXmlDictionaryWriter fragmentingWriter = (IFragmentCapableXmlDictionaryWriter) writer;
SetBodyId();
encryptedData.Id = this.securityHeader.GenerateId();
this.startBodyFragment = new MemoryStream();
BufferedOutputStream bodyContentFragment = new BufferManagerOutputStream(SR.XmlBufferQuotaExceeded, 1024, int.MaxValue, this.securityHeader.StreamBufferManager);
this.endBodyFragment = new MemoryStream();
writer.StartCanonicalization(stream, includeComments, inclusivePrefixes);
fragmentingWriter.StartFragment(this.startBodyFragment, false);
WriteStartInnerMessageWithId(writer);
fragmentingWriter.EndFragment();
fragmentingWriter.StartFragment(bodyContentFragment, true);
this.InnerMessage.WriteBodyContents(writer);
fragmentingWriter.EndFragment();
fragmentingWriter.StartFragment(this.endBodyFragment, false);
writer.WriteEndElement();
fragmentingWriter.EndFragment();
writer.EndCanonicalization();
int bodyLength;
byte[] bodyBuffer = bodyContentFragment.ToArray(out bodyLength);
encryptedData.SetUpEncryption(algorithm, new ArraySegment<byte>(bodyBuffer, 0, bodyLength));
this.encryptedBodyContent = encryptedData;
this.state = BodyState.SignedThenEncrypted;
}
public void WriteBodyToSignThenEncrypt(Stream canonicalStream, EncryptedData encryptedData, SymmetricAlgorithm algorithm)
{
XmlBuffer buffer = new XmlBuffer(int.MaxValue);
XmlDictionaryWriter fragmentingWriter = buffer.OpenSection(XmlDictionaryReaderQuotas.Max);
WriteBodyToSignThenEncryptWithFragments(canonicalStream, false, null, encryptedData, algorithm, fragmentingWriter);
((IFragmentCapableXmlDictionaryWriter)fragmentingWriter).WriteFragment(this.startBodyFragment.GetBuffer(), 0, (int)this.startBodyFragment.Length);
((IFragmentCapableXmlDictionaryWriter)fragmentingWriter).WriteFragment(this.endBodyFragment.GetBuffer(), 0, (int)this.endBodyFragment.Length);
buffer.CloseSection();
buffer.Close();
this.startBodyFragment = null;
this.endBodyFragment = null;
XmlDictionaryReader reader = buffer.GetReader(0);
reader.MoveToContent();
this.bodyPrefix = reader.Prefix;
if (reader.HasAttributes)
{
this.bodyAttributes = XmlAttributeHolder.ReadAttributes(reader);
}
reader.Close();
}
public void WriteBodyToEncryptThenSign(Stream canonicalStream, EncryptedData encryptedData, SymmetricAlgorithm algorithm)
{
encryptedData.Id = this.securityHeader.GenerateId();
SetBodyId();
XmlDictionaryWriter encryptingWriter = XmlDictionaryWriter.CreateTextWriter(Stream.Null);
// The XmlSerializer body formatter would add a
// document declaration to the body fragment when a fresh writer
// is provided. Hence, insert a dummy element here and capture
// the body contents as a fragment.
encryptingWriter.WriteStartElement("a");
MemoryStream ms = new MemoryStream();
((IFragmentCapableXmlDictionaryWriter)encryptingWriter).StartFragment(ms, true);
this.InnerMessage.WriteBodyContents(encryptingWriter);
((IFragmentCapableXmlDictionaryWriter)encryptingWriter).EndFragment();
encryptingWriter.WriteEndElement();
ms.Flush();
encryptedData.SetUpEncryption(algorithm, new ArraySegment<byte>(ms.GetBuffer(), 0, (int) ms.Length));
this.fullBodyBuffer = new XmlBuffer(int.MaxValue);
XmlDictionaryWriter canonicalWriter = this.fullBodyBuffer.OpenSection(XmlDictionaryReaderQuotas.Max);
canonicalWriter.StartCanonicalization(canonicalStream, false, null);
WriteStartInnerMessageWithId(canonicalWriter);
encryptedData.WriteTo(canonicalWriter, ServiceModelDictionaryManager.Instance);
canonicalWriter.WriteEndElement();
canonicalWriter.EndCanonicalization();
canonicalWriter.Flush();
this.fullBodyBuffer.CloseSection();
this.fullBodyBuffer.Close();
this.state = BodyState.EncryptedThenSigned;
}
public void WriteBodyToEncrypt(EncryptedData encryptedData, SymmetricAlgorithm algorithm)
{
encryptedData.Id = this.securityHeader.GenerateId();
BodyContentHelper helper = new BodyContentHelper();
XmlDictionaryWriter encryptingWriter = helper.CreateWriter();
this.InnerMessage.WriteBodyContents(encryptingWriter);
encryptedData.SetUpEncryption(algorithm, helper.ExtractResult());
this.encryptedBodyContent = encryptedData;
this.state = BodyState.Encrypted;
}
public void WriteBodyToSignThenEncryptWithFragments(Stream stream, bool includeComments, string[] inclusivePrefixes, EncryptedData encryptedData, SymmetricAlgorithm algorithm, XmlDictionaryWriter writer)
{
int num;
IFragmentCapableXmlDictionaryWriter writer2 = (IFragmentCapableXmlDictionaryWriter) writer;
this.SetBodyId();
encryptedData.Id = this.securityHeader.GenerateId();
this.startBodyFragment = new MemoryStream();
BufferedOutputStream stream2 = new BufferManagerOutputStream("XmlBufferQuotaExceeded", 0x400, 0x7fffffff, BufferManager.CreateBufferManager(0L, 0x7fffffff));
this.endBodyFragment = new MemoryStream();
writer.StartCanonicalization(stream, includeComments, inclusivePrefixes);
writer2.StartFragment(this.startBodyFragment, false);
this.WriteStartInnerMessageWithId(writer);
writer2.EndFragment();
writer2.StartFragment(stream2, true);
base.InnerMessage.WriteBodyContents(writer);
writer2.EndFragment();
writer2.StartFragment(this.endBodyFragment, false);
writer.WriteEndElement();
writer2.EndFragment();
writer.EndCanonicalization();
byte[] array = stream2.ToArray(out num);
encryptedData.SetUpEncryption(algorithm, new ArraySegment<byte>(array, 0, num));
this.encryptedBodyContent = encryptedData;
this.state = BodyState.SignedThenEncrypted;
}
public void WriteBodyToEncryptThenSign(Stream canonicalStream, EncryptedData encryptedData, SymmetricAlgorithm algorithm)
{
encryptedData.Id = this.securityHeader.GenerateId();
this.SetBodyId();
XmlDictionaryWriter writer = XmlDictionaryWriter.CreateTextWriter(Stream.Null);
writer.WriteStartElement("a");
MemoryStream stream = new MemoryStream();
((IFragmentCapableXmlDictionaryWriter) writer).StartFragment(stream, true);
base.InnerMessage.WriteBodyContents(writer);
((IFragmentCapableXmlDictionaryWriter) writer).EndFragment();
writer.WriteEndElement();
stream.Flush();
encryptedData.SetUpEncryption(algorithm, new ArraySegment<byte>(stream.GetBuffer(), 0, (int) stream.Length));
this.fullBodyBuffer = new XmlBuffer(0x7fffffff);
XmlDictionaryWriter writer2 = this.fullBodyBuffer.OpenSection(XmlDictionaryReaderQuotas.Max);
writer2.StartCanonicalization(canonicalStream, false, null);
this.WriteStartInnerMessageWithId(writer2);
encryptedData.WriteTo(writer2, ServiceModelDictionaryManager.Instance);
writer2.WriteEndElement();
writer2.EndCanonicalization();
writer2.Flush();
this.fullBodyBuffer.CloseSection();
this.fullBodyBuffer.Close();
this.state = BodyState.EncryptedThenSigned;
}
public void WriteBodyToSignThenEncryptWithFragments(Stream stream, bool includeComments, string[] inclusivePrefixes, EncryptedData encryptedData, SymmetricAlgorithm algorithm, XmlDictionaryWriter writer)
{
int num;
IFragmentCapableXmlDictionaryWriter writer2 = (IFragmentCapableXmlDictionaryWriter)writer;
this.SetBodyId();
encryptedData.Id = this.securityHeader.GenerateId();
this.startBodyFragment = new MemoryStream();
BufferedOutputStream stream2 = new BufferManagerOutputStream("XmlBufferQuotaExceeded", 0x400, 0x7fffffff, BufferManager.CreateBufferManager(0L, 0x7fffffff));
this.endBodyFragment = new MemoryStream();
writer.StartCanonicalization(stream, includeComments, inclusivePrefixes);
writer2.StartFragment(this.startBodyFragment, false);
this.WriteStartInnerMessageWithId(writer);
writer2.EndFragment();
writer2.StartFragment(stream2, true);
base.InnerMessage.WriteBodyContents(writer);
writer2.EndFragment();
writer2.StartFragment(this.endBodyFragment, false);
writer.WriteEndElement();
writer2.EndFragment();
writer.EndCanonicalization();
byte[] array = stream2.ToArray(out num);
encryptedData.SetUpEncryption(algorithm, new ArraySegment <byte>(array, 0, num));
this.encryptedBodyContent = encryptedData;
this.state = BodyState.SignedThenEncrypted;
}
