private WrappedKeySecurityToken CreateWrappedKeyToken(SecurityToken wrappingToken, SecurityTokenParameters wrappingTokenParameters, SecurityTokenReferenceStyle wrappingTokenReferenceStyle) { int keyLength = Math.Max(0x80, this.Factory.OutgoingAlgorithmSuite.DefaultSymmetricKeyLength); CryptoHelper.ValidateSymmetricKeyLength(keyLength, this.Factory.OutgoingAlgorithmSuite); byte[] buffer = new byte[keyLength / 8]; CryptoHelper.FillRandomBytes(buffer); string id = System.ServiceModel.Security.SecurityUtils.GenerateId(); string defaultAsymmetricKeyWrapAlgorithm = this.Factory.OutgoingAlgorithmSuite.DefaultAsymmetricKeyWrapAlgorithm; SecurityKeyIdentifierClause clause = wrappingTokenParameters.CreateKeyIdentifierClause(wrappingToken, wrappingTokenReferenceStyle); SecurityKeyIdentifier wrappingTokenReference = new SecurityKeyIdentifier(); wrappingTokenReference.Add(clause); return new WrappedKeySecurityToken(id, buffer, defaultAsymmetricKeyWrapAlgorithm, wrappingToken, wrappingTokenReference); }
void AddPrimaryTokenSignatureReference(SecurityToken token, SecurityTokenParameters securityTokenParameters) { // Currently we only support signing the primary token if the primary token is an issued token and protectTokens knob is set to true. // We will get rid of the below check when we support all token types. IssuedSecurityTokenParameters istp = securityTokenParameters as IssuedSecurityTokenParameters; if (istp == null) { return; } bool strTransformEnabled = istp != null && istp.UseStrTransform; SecurityKeyIdentifierClause keyIdentifierClause = null; // Only if the primary token is included in the message that we sign it because WCF at present does not resolve externally referenced tokens. // This means in the server's response if (ShouldSerializeToken(securityTokenParameters, this.MessageDirection)) { if (strTransformEnabled) { keyIdentifierClause = securityTokenParameters.CreateKeyIdentifierClause(token, GetTokenReferenceStyle(securityTokenParameters)); } AddTokenSignatureReference(token, keyIdentifierClause, strTransformEnabled); } }
WrappedKeySecurityToken CreateWrappedKeyToken(SecurityToken wrappingToken, SecurityTokenParameters wrappingTokenParameters, SecurityTokenReferenceStyle wrappingTokenReferenceStyle) { int keyLength = Math.Max(128, this.Factory.OutgoingAlgorithmSuite.DefaultSymmetricKeyLength); CryptoHelper.ValidateSymmetricKeyLength(keyLength, this.Factory.OutgoingAlgorithmSuite); byte[] key = new byte[keyLength / 8]; CryptoHelper.FillRandomBytes(key); string tokenId = SecurityUtils.GenerateId(); string wrappingAlgorithm = this.Factory.OutgoingAlgorithmSuite.DefaultAsymmetricKeyWrapAlgorithm; SecurityKeyIdentifierClause clause = wrappingTokenParameters.CreateKeyIdentifierClause(wrappingToken, wrappingTokenReferenceStyle); SecurityKeyIdentifier identifier = new SecurityKeyIdentifier(); identifier.Add(clause); return new WrappedKeySecurityToken(tokenId, key, wrappingAlgorithm, wrappingToken, identifier); }