public override void ApplyBodySecurity(XmlDictionaryWriter writer, IPrefixGenerator prefixGenerator) { EncryptedData data; HashStream stream; SecurityAppliedMessage securityAppliedMessage = base.SecurityAppliedMessage; switch (securityAppliedMessage.BodyProtectionMode) { case MessagePartProtectionMode.Sign: stream = this.TakeHashStream(); if (!CanCanonicalizeAndFragment(writer)) { securityAppliedMessage.WriteBodyToSign(stream); } else { securityAppliedMessage.WriteBodyToSignWithFragments(stream, false, null, writer); } this.signedInfo.AddReference(securityAppliedMessage.BodyId, stream.FlushHashAndGetValue()); return; case MessagePartProtectionMode.Encrypt: data = this.CreateEncryptedDataForBody(); securityAppliedMessage.WriteBodyToEncrypt(data, this.encryptingSymmetricAlgorithm); this.referenceList.AddReferredId(data.Id); return; case MessagePartProtectionMode.SignThenEncrypt: stream = this.TakeHashStream(); data = this.CreateEncryptedDataForBody(); if (!CanCanonicalizeAndFragment(writer)) { securityAppliedMessage.WriteBodyToSignThenEncrypt(stream, data, this.encryptingSymmetricAlgorithm); } else { securityAppliedMessage.WriteBodyToSignThenEncryptWithFragments(stream, false, null, data, this.encryptingSymmetricAlgorithm, writer); } this.signedInfo.AddReference(securityAppliedMessage.BodyId, stream.FlushHashAndGetValue()); this.referenceList.AddReferredId(data.Id); this.hasSignedEncryptedMessagePart = true; return; case MessagePartProtectionMode.EncryptThenSign: stream = this.TakeHashStream(); data = this.CreateEncryptedDataForBody(); securityAppliedMessage.WriteBodyToEncryptThenSign(stream, data, this.encryptingSymmetricAlgorithm); this.signedInfo.AddReference(securityAppliedMessage.BodyId, stream.FlushHashAndGetValue()); this.referenceList.AddReferredId(data.Id); return; } }
public CanonicalWriter(CanonicalEncoder encoder, string[] inclusivePrefixes, bool includeComments, IPrefixGenerator prefixGenerator, int startingDepthForAttributePrefixGeneration) { _attributesToRender = new CanonicalAttributeManager(); _encoder = encoder; _includeComments = includeComments; _prefixGenerator = prefixGenerator; _startingDepthForAttributePrefixGeneration = startingDepthForAttributePrefixGeneration; _manager = new ExclusiveCanonicalNamespaceManager(); _elements = new ElementEntry[InitialElementStackSize]; _inclusivePrefixes = inclusivePrefixes; Reset(); }
private void AddEncryptionReference(MessageHeader header, string headerId, IPrefixGenerator prefixGenerator, bool sign, out MemoryStream plainTextStream, out string encryptedDataId) { plainTextStream = new MemoryStream(); XmlDictionaryWriter writer = XmlDictionaryWriter.CreateTextWriter(plainTextStream); if (sign) { this.AddSignatureReference(header, headerId, prefixGenerator, writer); } else { header.WriteHeader(writer, base.Version); writer.Flush(); } encryptedDataId = base.GenerateId(); this.referenceList.AddReferredId(encryptedDataId); }
private string GetSignatureHash(MessageHeader header, string headerId, IPrefixGenerator prefixGenerator, XmlDictionaryWriter writer, out byte[] hash) { XmlDictionaryWriter writer2; HashStream stream = this.TakeHashStream(); XmlBuffer buffer = null; if (writer.CanCanonicalize) { writer2 = writer; } else { buffer = new XmlBuffer(0x7fffffff); writer2 = buffer.OpenSection(XmlDictionaryReaderQuotas.Max); } writer2.StartCanonicalization(stream, false, null); header.WriteStartHeader(writer2, base.Version); if (headerId == null) { headerId = base.GenerateId(); base.StandardsManager.IdManager.WriteIdAttribute(writer2, headerId); } header.WriteHeaderContents(writer2, base.Version); writer2.WriteEndElement(); writer2.EndCanonicalization(); writer2.Flush(); if (!object.ReferenceEquals(writer2, writer)) { buffer.CloseSection(); buffer.Close(); XmlDictionaryReader reader = buffer.GetReader(0); writer.WriteNode(reader, false); reader.Close(); } hash = stream.FlushHashAndGetValue(); return(headerId); }
public override void ApplySecurityAndWriteHeaders(MessageHeaders headers, XmlDictionaryWriter writer, IPrefixGenerator prefixGenerator) { string[] headerAttributes; if (base.RequireMessageProtection || base.ShouldSignToHeader) { headerAttributes = headers.GetHeaderAttributes("Id", base.StandardsManager.IdManager.DefaultIdNamespaceUri); } else { headerAttributes = null; } for (int i = 0; i < headers.Count; i++) { MessageHeader messageHeader = headers.GetMessageHeader(i); if (((base.Version.Addressing != AddressingVersion.None) || !(messageHeader.Namespace == AddressingVersion.None.Namespace)) && (messageHeader != this)) { this.ApplySecurityAndWriteHeader(messageHeader, (headerAttributes == null) ? null : headerAttributes[i], writer, prefixGenerator); } } }
private void ApplySecurityAndWriteHeader(MessageHeader header, string headerId, XmlDictionaryWriter writer, IPrefixGenerator prefixGenerator) { if ((!base.RequireMessageProtection && base.ShouldSignToHeader) && ((header.Name == System.ServiceModel.XD.AddressingDictionary.To.Value) && (header.Namespace == base.Message.Version.Addressing.Namespace))) { byte[] buffer; if (this.toHeaderHash != null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("TransportSecuredMessageHasMoreThanOneToHeader"))); } headerId = this.GetSignatureHash(header, headerId, prefixGenerator, writer, out buffer); this.toHeaderHash = buffer; this.toHeaderId = headerId; } else { MemoryStream stream; string str; switch (this.GetProtectionMode(header)) { case MessagePartProtectionMode.None: header.WriteHeader(writer, base.Version); return; case MessagePartProtectionMode.Sign: this.AddSignatureReference(header, headerId, prefixGenerator, writer); return; case MessagePartProtectionMode.Encrypt: this.AddEncryptionReference(header, headerId, prefixGenerator, false, out stream, out str); this.EncryptAndWriteHeader(header, str, stream, writer); return; case MessagePartProtectionMode.SignThenEncrypt: this.AddEncryptionReference(header, headerId, prefixGenerator, true, out stream, out str); this.EncryptAndWriteHeader(header, str, stream, writer); this.hasSignedEncryptedMessagePart = true; return; case MessagePartProtectionMode.EncryptThenSign: { this.AddEncryptionReference(header, headerId, prefixGenerator, false, out stream, out str); EncryptedHeader header2 = this.EncryptHeader(header, this.encryptingSymmetricAlgorithm, this.encryptionKeyIdentifier, base.Version, str, stream); this.AddSignatureReference(header2, str, prefixGenerator, writer); return; } } } }
private void AddSignatureReference(MessageHeader header, string headerId, IPrefixGenerator prefixGenerator, XmlDictionaryWriter writer) { byte[] buffer; headerId = this.GetSignatureHash(header, headerId, prefixGenerator, writer, out buffer); this.signedInfo.AddReference(headerId, buffer); }
public abstract void ApplySecurityAndWriteHeaders(MessageHeaders headers, XmlDictionaryWriter writer, IPrefixGenerator prefixGenerator);
public abstract void ApplyBodySecurity(XmlDictionaryWriter writer, IPrefixGenerator prefixGenerator);
private string GetSignatureHash(MessageHeader header, string headerId, IPrefixGenerator prefixGenerator, XmlDictionaryWriter writer, out byte[] hash) { XmlDictionaryWriter writer2; HashStream stream = this.TakeHashStream(); XmlBuffer buffer = null; if (writer.CanCanonicalize) { writer2 = writer; } else { buffer = new XmlBuffer(0x7fffffff); writer2 = buffer.OpenSection(XmlDictionaryReaderQuotas.Max); } writer2.StartCanonicalization(stream, false, null); header.WriteStartHeader(writer2, base.Version); if (headerId == null) { headerId = base.GenerateId(); base.StandardsManager.IdManager.WriteIdAttribute(writer2, headerId); } header.WriteHeaderContents(writer2, base.Version); writer2.WriteEndElement(); writer2.EndCanonicalization(); writer2.Flush(); if (!object.ReferenceEquals(writer2, writer)) { buffer.CloseSection(); buffer.Close(); XmlDictionaryReader reader = buffer.GetReader(0); writer.WriteNode(reader, false); reader.Close(); } hash = stream.FlushHashAndGetValue(); return headerId; }