public CompactSignatureSecurityChannelFactory(
IChannelFactory <IDuplexChannel> innerChannelFactory,
DiscoveryVersion discoveryVersion,
X509Certificate2 signingCertificate,
ReceivedCertificatesStoreSettings receivedCertificatesStoreSettings)
: base()
{
this.signingCertificate = signingCertificate;
this.receivedCertificatesStoreSettings = receivedCertificatesStoreSettings;
this.InnerChannelFactory = innerChannelFactory;
this.discoveryVersion = discoveryVersion;
}
public static void VerifyMessage(
Message innerMessage,
ProtocolSettings discoveryInfo,
ReceivedCertificatesStoreSettings receivedCertificatesStoreSettings)
{
int headerIndex = innerMessage.Headers.FindHeader(ProtocolStrings.SecurityHeaderName, discoveryInfo.DiscoveryNamespace);
if (headerIndex < 0)
{
// A security header is not present, so we can't verify the validity of the message.
throw new CompactSignatureSecurityException("The received message doesn't contain a Security header");
}
ReceivedCompactSignatureHeader compactSignature = new ReceivedCompactSignatureHeader(innerMessage, headerIndex, discoveryInfo);
compactSignature.Process(receivedCertificatesStoreSettings);
}
public CompactSignatureSecurityDuplexChannel(
ChannelManagerBase channelManager,
IDuplexChannel innerChannel,
DiscoveryVersion discoveryVersion,
X509Certificate2 certificate,
ReceivedCertificatesStoreSettings receivedCertificatesStoreSettings)
: base(channelManager)
{
Utility.IfNullThrowNullArgumentException(innerChannel, "innerChannel");
this.DiscoveryInfo = new ProtocolSettings(discoveryVersion);
this.InnerChannel = innerChannel;
this.ReceivedCertificatesStoreSettings = receivedCertificatesStoreSettings;
this.SigningCertificate = certificate;
this.onInnerChannelFaulted = new EventHandler(OnInnerChannelFaulted);
this.InnerChannel.Faulted += this.onInnerChannelFaulted;
}
void Process(ReceivedCertificatesStoreSettings receivedCertificatesStoreSettings)
{
// The attributes should contain the following: Scheme, KeyId, Refs, Sig, [PrefixList]
string schemeUri;
string keyId;
string refs;
string sig;
string inclusivePrefixList;
this.GetCompactSignatureAttributes(out schemeUri, out keyId, out refs, out sig, out inclusivePrefixList);
this.CheckCompactSignatureAttributes(schemeUri, keyId, sig, refs, inclusivePrefixList);
// Look for a certificate that matches the KeyId in the compact signature header
X509Certificate2 certificate = CertificateHelper.GetCertificateByThumbprint(
receivedCertificatesStoreSettings.StoreName,
receivedCertificatesStoreSettings.StoreLocation,
Utility.ToHexString(keyId));
// Construct a ds:SignedInfo, then compute and verify signature
this.VerifySignature(refs, sig, inclusivePrefixList, certificate);
}
internal ReceivedCertificatesStoreSettings(ReceivedCertificatesStoreSettings receivedCertificateStoreSettings)
{
Utility.IfNullThrowNullArgumentException(receivedCertificateStoreSettings, "receivedCertificateStoreSettings");
this.StoreLocation = receivedCertificateStoreSettings.StoreLocation;
this.StoreName = receivedCertificateStoreSettings.StoreName;
}
internal ReceivedCertificatesStoreSettings(ReceivedCertificatesStoreSettings receivedCertificateStoreSettings)
{
Utility.IfNullThrowNullArgumentException(receivedCertificateStoreSettings, "receivedCertificateStoreSettings");
this.StoreLocation = receivedCertificateStoreSettings.StoreLocation;
this.StoreName = receivedCertificateStoreSettings.StoreName;
}
