public void ResolveTokenNonExistent()
{
SecurityTokenResolver r = GetResolver(true, new SecurityToken [0]);
SecurityToken token;
Assert.IsNull(r.ResolveToken(new LocalIdKeyIdentifierClause("urn:foo")));
}
WrappedKeySecurityToken ReadWrappedKeySecurityTokenCore(
XmlReader reader, SecurityTokenResolver tokenResolver)
{
if (tokenResolver == null)
{
throw new ArgumentNullException("tokenResolver");
}
EncryptedKey ek = new EncryptedKey();
ek.LoadXml(new XmlDocument().ReadNode(reader) as XmlElement);
SecurityKeyIdentifier ki = new SecurityKeyIdentifier();
foreach (KeyInfoClause kic in ek.KeyInfo)
{
ki.Add(ReadKeyIdentifierClause(new XmlNodeReader(kic.GetXml())));
}
SecurityToken token = tokenResolver.ResolveToken(ki);
string alg = ek.EncryptionMethod.KeyAlgorithm;
foreach (SecurityKey skey in token.SecurityKeys)
{
if (skey.IsSupportedAlgorithm(alg))
{
byte [] key = skey.DecryptKey(alg, ek.CipherData.CipherValue);
WrappedKeySecurityToken wk =
new WrappedKeySecurityToken(ek.Id, key, alg, token, ki);
// FIXME: This should not be required.
wk.SetWrappedKey(ek.CipherData.CipherValue);
wk.ReferenceList = ek.ReferenceList;
return(wk);
}
}
throw new InvalidOperationException(String.Format("Cannot resolve security key with the resolved SecurityToken specified by the key identifier in the EncryptedKey XML. The key identifier is: {0}", ki));
}
WrappedKeySecurityToken CreateWrappedKeyToken(string id, string encryptionMethod, string carriedKeyName,
SecurityKeyIdentifier unwrappingTokenIdentifier, byte[] wrappedKey, SecurityTokenResolver tokenResolver)
{
ISspiNegotiationInfo sspiResolver = tokenResolver as ISspiNegotiationInfo;
if (sspiResolver != null)
{
ISspiNegotiation unwrappingSspiContext = sspiResolver.SspiNegotiation;
// ensure that the encryption algorithm is compatible
if (encryptionMethod != unwrappingSspiContext.KeyEncryptionAlgorithm)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.BadKeyEncryptionAlgorithm, encryptionMethod)));
}
byte[] unwrappedKey = unwrappingSspiContext.Decrypt(wrappedKey);
return(new WrappedKeySecurityToken(id, unwrappedKey, encryptionMethod, unwrappingSspiContext, unwrappedKey));
}
else
{
if (tokenResolver == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("tokenResolver"));
}
if (unwrappingTokenIdentifier == null || unwrappingTokenIdentifier.Count == 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.MissingKeyInfoInEncryptedKey)));
}
SecurityToken unwrappingToken;
SecurityHeaderTokenResolver resolver = tokenResolver as SecurityHeaderTokenResolver;
if (resolver != null)
{
unwrappingToken = resolver.ExpectedWrapper;
if (unwrappingToken != null)
{
if (!resolver.CheckExternalWrapperMatch(unwrappingTokenIdentifier))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(
SR.GetString(SR.EncryptedKeyWasNotEncryptedWithTheRequiredEncryptingToken, unwrappingToken)));
}
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(
SR.GetString(SR.UnableToResolveKeyInfoForUnwrappingToken, unwrappingTokenIdentifier, resolver)));
}
}
else
{
try
{
unwrappingToken = tokenResolver.ResolveToken(unwrappingTokenIdentifier);
}
catch (Exception exception)
{
if (exception is MessageSecurityException)
{
throw;
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(
SR.GetString(SR.UnableToResolveKeyInfoForUnwrappingToken, unwrappingTokenIdentifier, tokenResolver), exception));
}
}
SecurityKey unwrappingSecurityKey;
byte[] unwrappedKey = SecurityUtils.DecryptKey(unwrappingToken, encryptionMethod, wrappedKey, out unwrappingSecurityKey);
return(new WrappedKeySecurityToken(id, unwrappedKey, encryptionMethod, unwrappingToken, unwrappingTokenIdentifier, wrappedKey, unwrappingSecurityKey));
}
}