protected override DecryptedHeader DecryptHeader(XmlDictionaryReader reader, WrappedKeySecurityToken wrappedKeyToken)
{
SecurityToken token;
EncryptedHeaderXml xml = new EncryptedHeaderXml(base.Version) {
SecurityTokenSerializer = base.StandardsManager.SecurityTokenSerializer
};
xml.ReadFrom(reader, base.MaxReceivedMessageSize);
if (xml.MustUnderstand != this.MustUnderstand)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("EncryptedHeaderAttributeMismatch", new object[] { XD.MessageDictionary.MustUnderstand.Value, xml.MustUnderstand, this.MustUnderstand })));
}
if (xml.Relay != this.Relay)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("EncryptedHeaderAttributeMismatch", new object[] { XD.Message12Dictionary.Relay.Value, xml.Relay, this.Relay })));
}
if (xml.Actor != this.Actor)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("EncryptedHeaderAttributeMismatch", new object[] { base.Version.Envelope.DictionaryActor, xml.Actor, this.Actor })));
}
if (wrappedKeyToken == null)
{
token = WSSecurityOneDotZeroReceiveSecurityHeader.ResolveKeyIdentifier(xml.KeyIdentifier, base.CombinedPrimaryTokenResolver, false);
}
else
{
token = wrappedKeyToken;
}
base.RecordEncryptionToken(token);
using (SymmetricAlgorithm algorithm = WSSecurityOneDotZeroReceiveSecurityHeader.CreateDecryptionAlgorithm(token, xml.EncryptionMethod, base.AlgorithmSuite))
{
xml.SetUpDecryption(algorithm);
return new DecryptedHeader(xml.GetDecryptedBuffer(), base.SecurityVerifiedMessage.GetEnvelopeAttributes(), base.SecurityVerifiedMessage.GetHeaderAttributes(), base.Version, base.StandardsManager.IdManager, base.ReaderQuotas);
}
}
public EncryptedHeader(MessageHeader plainTextHeader, EncryptedHeaderXml headerXml, string name, string namespaceUri, MessageVersion version) : base(plainTextHeader)
{
if (!headerXml.HasId || (headerXml.Id == null))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("EncryptedHeaderXmlMustHaveId")));
}
this.headerXml = headerXml;
this.name = name;
this.namespaceUri = namespaceUri;
this.version = version;
}
public EncryptedHeader(MessageHeader plainTextHeader, EncryptedHeaderXml headerXml, string name, string namespaceUri, MessageVersion version)
: base(plainTextHeader)
{
if (!headerXml.HasId || headerXml.Id == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.EncryptedHeaderXmlMustHaveId)));
}
this.headerXml = headerXml;
this.name = name;
this.namespaceUri = namespaceUri;
this.version = version;
}
protected override EncryptedHeader EncryptHeader(MessageHeader plainTextHeader, SymmetricAlgorithm algorithm, SecurityKeyIdentifier keyIdentifier, MessageVersion version, string id, MemoryStream stream)
{
EncryptedHeaderXml headerXml = new EncryptedHeaderXml(version)
{
SecurityTokenSerializer = base.StandardsManager.SecurityTokenSerializer,
EncryptionMethod = base.EncryptionAlgorithm,
EncryptionMethodDictionaryString = base.EncryptionAlgorithmDictionaryString,
KeyIdentifier = keyIdentifier,
Id = id,
MustUnderstand = this.MustUnderstand,
Relay = this.Relay,
Actor = this.Actor
};
headerXml.SetUpEncryption(algorithm, stream);
return(new EncryptedHeader(plainTextHeader, headerXml, EncryptedHeaderXml.ElementName.Value, EncryptedHeaderXml.NamespaceUri.Value, version));
}
protected override DecryptedHeader DecryptHeader(XmlDictionaryReader reader, WrappedKeySecurityToken wrappedKeyToken)
{
// If it is the client, then we may need to read the GenericXmlSecurityKeyIdentoifoer clause while reading EncryptedData.
EncryptedHeaderXml headerXml = new EncryptedHeaderXml(this.Version, this.MessageDirection == MessageDirection.Output);
headerXml.SecurityTokenSerializer = this.StandardsManager.SecurityTokenSerializer;
headerXml.ReadFrom(reader, MaxReceivedMessageSize);
// The Encrypted Headers MustUnderstand, Relay and Actor attributes should match the
// Security Headers value.
if (headerXml.MustUnderstand != this.MustUnderstand)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.EncryptedHeaderAttributeMismatch, XD.MessageDictionary.MustUnderstand.Value, headerXml.MustUnderstand, this.MustUnderstand)));
}
if (headerXml.Relay != this.Relay)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.EncryptedHeaderAttributeMismatch, XD.Message12Dictionary.Relay.Value, headerXml.Relay, this.Relay)));
}
if (headerXml.Actor != this.Actor)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.EncryptedHeaderAttributeMismatch, this.Version.Envelope.DictionaryActor, headerXml.Actor, this.Actor)));
}
SecurityToken token;
if (wrappedKeyToken == null)
{
token = ResolveKeyIdentifier(headerXml.KeyIdentifier, this.CombinedPrimaryTokenResolver, false);
}
else
{
token = wrappedKeyToken;
}
RecordEncryptionToken(token);
using (SymmetricAlgorithm algorithm = CreateDecryptionAlgorithm(token, headerXml.EncryptionMethod, this.AlgorithmSuite))
{
headerXml.SetUpDecryption(algorithm);
return(new DecryptedHeader(
headerXml.GetDecryptedBuffer(),
this.SecurityVerifiedMessage.GetEnvelopeAttributes(), this.SecurityVerifiedMessage.GetHeaderAttributes(),
this.Version, this.StandardsManager.IdManager, this.ReaderQuotas));
}
}
protected override EncryptedHeader EncryptHeader(MessageHeader plainTextHeader, SymmetricAlgorithm algorithm,
SecurityKeyIdentifier keyIdentifier, MessageVersion version, string id, MemoryStream stream)
{
// We are not reading EncryptedData from the wire here, hence pass false.
EncryptedHeaderXml encryptedHeaderXml = new EncryptedHeaderXml(version, false);
encryptedHeaderXml.SecurityTokenSerializer = this.StandardsManager.SecurityTokenSerializer;
encryptedHeaderXml.EncryptionMethod = this.EncryptionAlgorithm;
encryptedHeaderXml.EncryptionMethodDictionaryString = this.EncryptionAlgorithmDictionaryString;
encryptedHeaderXml.KeyIdentifier = keyIdentifier;
encryptedHeaderXml.Id = id;
// The Encrypted Headers MustUnderstand, Relay and Actor attributes will always match the
// Security Headers value. The values for these on the Encrypted Header and its decrypted
// form can be different.
encryptedHeaderXml.MustUnderstand = this.MustUnderstand;
encryptedHeaderXml.Relay = this.Relay;
encryptedHeaderXml.Actor = this.Actor;
encryptedHeaderXml.SetUpEncryption(algorithm, stream);
return new EncryptedHeader(plainTextHeader, encryptedHeaderXml, EncryptedHeaderXml.ElementName.Value, EncryptedHeaderXml.NamespaceUri.Value, version);
}
protected override EncryptedHeader EncryptHeader(MessageHeader plainTextHeader, SymmetricAlgorithm algorithm,
SecurityKeyIdentifier keyIdentifier, MessageVersion version, string id, MemoryStream stream)
{
// We are not reading EncryptedData from the wire here, hence pass false.
EncryptedHeaderXml encryptedHeaderXml = new EncryptedHeaderXml(version, false);
encryptedHeaderXml.SecurityTokenSerializer = this.StandardsManager.SecurityTokenSerializer;
encryptedHeaderXml.EncryptionMethod = this.EncryptionAlgorithm;
encryptedHeaderXml.EncryptionMethodDictionaryString = this.EncryptionAlgorithmDictionaryString;
encryptedHeaderXml.KeyIdentifier = keyIdentifier;
encryptedHeaderXml.Id = id;
// The Encrypted Headers MustUnderstand, Relay and Actor attributes will always match the
// Security Headers value. The values for these on the Encrypted Header and its decrypted
// form can be different.
encryptedHeaderXml.MustUnderstand = this.MustUnderstand;
encryptedHeaderXml.Relay = this.Relay;
encryptedHeaderXml.Actor = this.Actor;
encryptedHeaderXml.SetUpEncryption(algorithm, stream);
return(new EncryptedHeader(plainTextHeader, encryptedHeaderXml, EncryptedHeaderXml.ElementName.Value, EncryptedHeaderXml.NamespaceUri.Value, version));
}
protected override DecryptedHeader DecryptHeader(XmlDictionaryReader reader, WrappedKeySecurityToken wrappedKeyToken)
{
// If it is the client, then we may need to read the GenericXmlSecurityKeyIdentoifoer clause while reading EncryptedData.
EncryptedHeaderXml headerXml = new EncryptedHeaderXml(this.Version, this.MessageDirection == MessageDirection.Output);
headerXml.SecurityTokenSerializer = this.StandardsManager.SecurityTokenSerializer;
headerXml.ReadFrom(reader, MaxReceivedMessageSize);
// The Encrypted Headers MustUnderstand, Relay and Actor attributes should match the
// Security Headers value.
if (headerXml.MustUnderstand != this.MustUnderstand)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.EncryptedHeaderAttributeMismatch, XD.MessageDictionary.MustUnderstand.Value, headerXml.MustUnderstand, this.MustUnderstand)));
if (headerXml.Relay != this.Relay)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.EncryptedHeaderAttributeMismatch, XD.Message12Dictionary.Relay.Value, headerXml.Relay, this.Relay)));
if (headerXml.Actor != this.Actor)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.EncryptedHeaderAttributeMismatch, this.Version.Envelope.DictionaryActor, headerXml.Actor, this.Actor)));
SecurityToken token;
if (wrappedKeyToken == null)
{
token = ResolveKeyIdentifier(headerXml.KeyIdentifier, this.CombinedPrimaryTokenResolver, false);
}
else
{
token = wrappedKeyToken;
}
RecordEncryptionToken(token);
using (SymmetricAlgorithm algorithm = CreateDecryptionAlgorithm(token, headerXml.EncryptionMethod, this.AlgorithmSuite))
{
headerXml.SetUpDecryption(algorithm);
return new DecryptedHeader(
headerXml.GetDecryptedBuffer(),
this.SecurityVerifiedMessage.GetEnvelopeAttributes(), this.SecurityVerifiedMessage.GetHeaderAttributes(),
this.Version, this.StandardsManager.IdManager, this.ReaderQuotas);
}
}
protected override DecryptedHeader DecryptHeader(XmlDictionaryReader reader, WrappedKeySecurityToken wrappedKeyToken)
{
SecurityToken token;
EncryptedHeaderXml xml = new EncryptedHeaderXml(base.Version)
{
SecurityTokenSerializer = base.StandardsManager.SecurityTokenSerializer
};
xml.ReadFrom(reader, base.MaxReceivedMessageSize);
if (xml.MustUnderstand != this.MustUnderstand)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("EncryptedHeaderAttributeMismatch", new object[] { XD.MessageDictionary.MustUnderstand.Value, xml.MustUnderstand, this.MustUnderstand })));
}
if (xml.Relay != this.Relay)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("EncryptedHeaderAttributeMismatch", new object[] { XD.Message12Dictionary.Relay.Value, xml.Relay, this.Relay })));
}
if (xml.Actor != this.Actor)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("EncryptedHeaderAttributeMismatch", new object[] { base.Version.Envelope.DictionaryActor, xml.Actor, this.Actor })));
}
if (wrappedKeyToken == null)
{
token = WSSecurityOneDotZeroReceiveSecurityHeader.ResolveKeyIdentifier(xml.KeyIdentifier, base.CombinedPrimaryTokenResolver, false);
}
else
{
token = wrappedKeyToken;
}
base.RecordEncryptionToken(token);
using (SymmetricAlgorithm algorithm = WSSecurityOneDotZeroReceiveSecurityHeader.CreateDecryptionAlgorithm(token, xml.EncryptionMethod, base.AlgorithmSuite))
{
xml.SetUpDecryption(algorithm);
return(new DecryptedHeader(xml.GetDecryptedBuffer(), base.SecurityVerifiedMessage.GetEnvelopeAttributes(), base.SecurityVerifiedMessage.GetHeaderAttributes(), base.Version, base.StandardsManager.IdManager, base.ReaderQuotas));
}
}
