protected override void StartPrimarySignatureCore(SecurityToken token, SecurityKeyIdentifier keyIdentifier, MessagePartSpecification signatureParts, bool generateTargettableSignature) { string str3; XmlDictionaryString str4; SecurityAlgorithmSuite algorithmSuite = base.AlgorithmSuite; string defaultCanonicalizationAlgorithm = algorithmSuite.DefaultCanonicalizationAlgorithm; XmlDictionaryString defaultCanonicalizationAlgorithmDictionaryString = algorithmSuite.DefaultCanonicalizationAlgorithmDictionaryString; if (defaultCanonicalizationAlgorithm != "http://www.w3.org/2001/10/xml-exc-c14n#") { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnsupportedCanonicalizationAlgorithm", new object[] { algorithmSuite.DefaultCanonicalizationAlgorithm }))); } algorithmSuite.GetSignatureAlgorithmAndKey(token, out str3, out this.signatureKey, out str4); string defaultDigestAlgorithm = algorithmSuite.DefaultDigestAlgorithm; XmlDictionaryString defaultDigestAlgorithmDictionaryString = algorithmSuite.DefaultDigestAlgorithmDictionaryString; this.signedInfo = new PreDigestedSignedInfo(ServiceModelDictionaryManager.Instance, defaultCanonicalizationAlgorithm, defaultCanonicalizationAlgorithmDictionaryString, defaultDigestAlgorithm, defaultDigestAlgorithmDictionaryString, str3, str4); this.signedXml = new SignedXml(this.signedInfo, ServiceModelDictionaryManager.Instance, base.StandardsManager.SecurityTokenSerializer); if (keyIdentifier != null) { this.signedXml.Signature.KeyIdentifier = keyIdentifier; } if (generateTargettableSignature) { this.signedXml.Id = base.GenerateId(); } this.effectiveSignatureParts = signatureParts; this.hashStream = this.signedInfo.ResourcePool.TakeHashStream(defaultDigestAlgorithm); }
protected override ISignatureValueSecurityElement CompletePrimarySignatureCore(SendSecurityHeaderElement[] signatureConfirmations, SecurityToken[] signedEndorsingTokens, SecurityToken[] signedTokens, SendSecurityHeaderElement[] basicTokens) { ISignatureValueSecurityElement signedXml; if (this.signedXml == null) { return null; } SecurityTimestamp timestamp = base.Timestamp; if (timestamp != null) { if (timestamp.Id == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("TimestampToSignHasNoId"))); } HashStream stream = this.TakeHashStream(); base.StandardsManager.WSUtilitySpecificationVersion.WriteTimestampCanonicalForm(stream, timestamp, this.signedInfo.ResourcePool.TakeEncodingBuffer()); this.signedInfo.AddReference(timestamp.Id, stream.FlushHashAndGetValue()); } if ((base.ShouldSignToHeader && (this.signatureKey is AsymmetricSecurityKey)) && (base.Version.Addressing != AddressingVersion.None)) { if (this.toHeaderHash == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("TransportSecurityRequireToHeader"))); } this.signedInfo.AddReference(this.toHeaderId, this.toHeaderHash); } this.AddSignatureReference(signatureConfirmations); if (base.RequireMessageProtection) { this.AddSignatureReference(signedEndorsingTokens); this.AddSignatureReference(signedTokens); this.AddSignatureReference(basicTokens); } if (this.signedInfo.ReferenceCount == 0) { throw TraceUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("NoPartsOfMessageMatchedPartsToSign")), base.Message); } try { this.signedXml.ComputeSignature(this.signatureKey); signedXml = this.signedXml; } finally { this.hashStream = null; this.signedInfo = null; this.signedXml = null; this.signatureKey = null; this.effectiveSignatureParts = null; } return signedXml; }
protected override ISignatureValueSecurityElement CreateSupportingSignature(SecurityToken token, SecurityKeyIdentifier identifier, ISecurityElement elementToSign) { string str; XmlDictionaryString str2; SecurityKey key; SecurityAlgorithmSuite algorithmSuite = base.AlgorithmSuite; algorithmSuite.GetSignatureAlgorithmAndKey(token, out str, out key, out str2); SignedXml xml = new SignedXml(ServiceModelDictionaryManager.Instance, base.StandardsManager.SecurityTokenSerializer); SignedInfo signedInfo = xml.Signature.SignedInfo; signedInfo.CanonicalizationMethod = algorithmSuite.DefaultCanonicalizationAlgorithm; signedInfo.CanonicalizationMethodDictionaryString = algorithmSuite.DefaultCanonicalizationAlgorithmDictionaryString; signedInfo.SignatureMethod = str; signedInfo.SignatureMethodDictionaryString = str2; if (elementToSign.Id == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("ElementToSignMustHaveId"))); } Reference reference = new Reference(ServiceModelDictionaryManager.Instance, "#" + elementToSign.Id, elementToSign) { DigestMethod = algorithmSuite.DefaultDigestAlgorithm, DigestMethodDictionaryString = algorithmSuite.DefaultDigestAlgorithmDictionaryString }; reference.AddTransform(new ExclusiveCanonicalizationTransform()); ((StandardSignedInfo) signedInfo).AddReference(reference); xml.ComputeSignature(key); if (identifier != null) { xml.Signature.KeyIdentifier = identifier; } return xml; }
void VerifySignature(SignedXml signature, SecurityKey signatureVerificationKey) { if (signature == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("signature"); if (signatureVerificationKey == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("signatureVerificatonKey"); signature.StartSignatureVerification(signatureVerificationKey); signature.EnsureDigestValidity(this.assertionId, tokenStream); signature.CompleteSignatureVerification(); }
void ICanonicalWriterEndRootElementCallback.OnEndOfRootElement(XmlDictionaryWriter dictionaryWriter) { byte[] hashValue = this.hashStream.FlushHashAndGetValue(); PreDigestedSignedInfo signedInfo = new PreDigestedSignedInfo(this.dictionaryManager); signedInfo.AddEnvelopedSignatureTransform = true; signedInfo.CanonicalizationMethod = SecurityAlgorithms.ExclusiveC14n; signedInfo.SignatureMethod = this.signingCredentials.SignatureAlgorithm; signedInfo.DigestMethod = this.signingCredentials.DigestAlgorithm; signedInfo.AddReference(this.assertionId, hashValue); SignedXml signedXml = new SignedXml(signedInfo, this.dictionaryManager, this.keyInfoSerializer); signedXml.ComputeSignature(this.signingCredentials.SigningKey); signedXml.Signature.KeyIdentifier = this.signingCredentials.SigningKeyIdentifier; signedXml.WriteTo(dictionaryWriter); }
public Signature(SignedXml signedXml, System.IdentityModel.SignedInfo signedInfo) { this.signedXml = signedXml; this.signedInfo = signedInfo; }
protected void ReadSignature(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver, SamlSerializer samlSerializer) { if (reader == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); if (samlSerializer == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("samlSerializer"); if (this.signature != null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SAMLSignatureAlreadyRead))); // If the reader cannot canonicalize then buffer the signature element to a canonicalizing reader. XmlDictionaryReader effectiveReader = reader; if (!effectiveReader.CanCanonicalize) { MemoryStream stream = new MemoryStream(); XmlDictionaryWriter writer = XmlDictionaryWriter.CreateBinaryWriter(stream, samlSerializer.DictionaryManager.ParentDictionary); writer.WriteNode(effectiveReader, false); writer.Flush(); stream.Position = 0; effectiveReader = XmlDictionaryReader.CreateBinaryReader(stream.GetBuffer(), 0, (int)stream.Length, samlSerializer.DictionaryManager.ParentDictionary, reader.Quotas); effectiveReader.MoveToContent(); writer.Close(); } SignedXml signedXml = new SignedXml(new StandardSignedInfo(samlSerializer.DictionaryManager), samlSerializer.DictionaryManager, keyInfoSerializer); signedXml.TransformFactory = ExtendedTransformFactory.Instance; signedXml.ReadFrom(effectiveReader); SecurityKeyIdentifier securityKeyIdentifier = signedXml.Signature.KeyIdentifier; this.verificationKey = SamlSerializer.ResolveSecurityKey(securityKeyIdentifier, outOfBandTokenResolver); if (this.verificationKey == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLUnableToResolveSignatureKey, this.issuer))); this.signature = signedXml; this.signingToken = SamlSerializer.ResolveSecurityToken(securityKeyIdentifier, outOfBandTokenResolver); if (this.signingToken == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SamlSigningTokenNotFound))); if (!ReferenceEquals(reader, effectiveReader)) effectiveReader.Close(); }
protected override SecurityToken VerifySignature(SignedXml signedXml, bool isPrimarySignature, SecurityHeaderTokenResolver resolver, object signatureTarget, string id) { SecurityToken token = this.ResolveSignatureToken(signedXml.Signature.KeyIdentifier, resolver, isPrimarySignature); if (isPrimarySignature) { base.RecordSignatureToken(token); } ReadOnlyCollection<SecurityKey> securityKeys = token.SecurityKeys; SecurityKey securityKey = ((securityKeys != null) && (securityKeys.Count > 0)) ? securityKeys[0] : null; if (securityKey == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnableToCreateICryptoFromTokenForSignatureVerification", new object[] { token }))); } base.AlgorithmSuite.EnsureAcceptableSignatureKeySize(securityKey, token); base.AlgorithmSuite.EnsureAcceptableSignatureAlgorithm(securityKey, signedXml.Signature.SignedInfo.SignatureMethod); signedXml.StartSignatureVerification(securityKey); StandardSignedInfo signedInfo = (StandardSignedInfo) signedXml.Signature.SignedInfo; this.ValidateDigestsOfTargetsInSecurityHeader(signedInfo, base.Timestamp, isPrimarySignature, signatureTarget, id); if (!isPrimarySignature) { if ((!base.RequireMessageProtection && (securityKey is AsymmetricSecurityKey)) && (base.Version.Addressing != AddressingVersion.None)) { int headerIndex = base.Message.Headers.FindHeader(System.ServiceModel.XD.AddressingDictionary.To.Value, base.Message.Version.Addressing.Namespace); if (headerIndex == -1) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("TransportSecuredMessageMissingToHeader"))); } XmlDictionaryReader readerAtHeader = base.Message.Headers.GetReaderAtHeader(headerIndex); id = readerAtHeader.GetAttribute(System.ServiceModel.XD.UtilityDictionary.IdAttribute, System.ServiceModel.XD.UtilityDictionary.Namespace); if (id == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnsignedToHeaderInTransportSecuredMessage"))); } signedXml.EnsureDigestValidity(id, readerAtHeader); } signedXml.CompleteSignatureVerification(); return token; } this.pendingSignature = signedXml; return token; }
public Signature(SignedXml signedXml, SignedInfo signedInfo) { this.signedXml = signedXml; this.signedInfo = signedInfo; }
protected override void ExecuteMessageProtectionPass(bool hasAtLeastOneSupportingTokenExpectedToBeSigned) { bool flag8; bool flag9; SignatureTargetIdManager idManager = base.StandardsManager.IdManager; MessagePartSpecification specification = base.RequiredEncryptionParts ?? MessagePartSpecification.NoParts; MessagePartSpecification signatureParts = base.RequiredSignatureParts ?? MessagePartSpecification.NoParts; bool checkForTokensAtHeaders = hasAtLeastOneSupportingTokenExpectedToBeSigned; bool doSoapAttributeChecks = !signatureParts.IsBodyIncluded; bool encryptBeforeSignMode = base.EncryptBeforeSignMode; SignedInfo signedInfo = (this.pendingSignature != null) ? this.pendingSignature.Signature.SignedInfo : null; SignatureConfirmations sentSignatureConfirmations = base.GetSentSignatureConfirmations(); if (((sentSignatureConfirmations != null) && (sentSignatureConfirmations.Count > 0)) && sentSignatureConfirmations.IsMarkedForEncryption) { base.VerifySignatureEncryption(); } MessageHeaders headers = base.SecurityVerifiedMessage.Headers; XmlDictionaryReader readerAtFirstHeader = base.SecurityVerifiedMessage.GetReaderAtFirstHeader(); bool atLeastOneHeaderOrBodyEncrypted = false; for (int i = 0; i < headers.Count; i++) { if (readerAtFirstHeader.NodeType != XmlNodeType.Element) { readerAtFirstHeader.MoveToContent(); } if (i == base.HeaderIndex) { readerAtFirstHeader.Skip(); } else { bool flag6; bool flag5 = false; string str = idManager.ExtractId(readerAtFirstHeader); if (str != null) { flag5 = this.TryDeleteReferenceListEntry(str); } if (!flag5 && readerAtFirstHeader.IsStartElement("EncryptedHeader", "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd")) { XmlDictionaryReader readerAtHeader = headers.GetReaderAtHeader(i); readerAtHeader.ReadStartElement("EncryptedHeader", "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"); if (readerAtHeader.IsStartElement(EncryptedData.ElementName, System.ServiceModel.XD.XmlEncryptionDictionary.Namespace)) { string attribute = readerAtHeader.GetAttribute(System.ServiceModel.XD.XmlEncryptionDictionary.Id, null); if ((attribute != null) && this.TryDeleteReferenceListEntry(attribute)) { flag5 = true; } } } base.ElementManager.VerifyUniquenessAndSetHeaderId(str, i); MessageHeaderInfo info = headers[i]; if (!flag5 && specification.IsHeaderIncluded(info.Name, info.Namespace)) { base.SecurityVerifiedMessage.OnUnencryptedPart(info.Name, info.Namespace); } if ((!flag5 || encryptBeforeSignMode) && (str != null)) { flag6 = this.EnsureDigestValidityIfIdMatches(signedInfo, str, readerAtFirstHeader, doSoapAttributeChecks, signatureParts, info, checkForTokensAtHeaders); } else { flag6 = false; } if (flag5) { XmlDictionaryReader reader = flag6 ? headers.GetReaderAtHeader(i) : readerAtFirstHeader; DecryptedHeader header = this.DecryptHeader(reader, this.pendingDecryptionToken); info = header; str = header.Id; base.ElementManager.VerifyUniquenessAndSetDecryptedHeaderId(str, i); headers.ReplaceAt(i, header); if (!object.ReferenceEquals(reader, readerAtFirstHeader)) { reader.Close(); } if (!encryptBeforeSignMode && (str != null)) { XmlDictionaryReader headerReader = header.GetHeaderReader(); flag6 = this.EnsureDigestValidityIfIdMatches(signedInfo, str, headerReader, doSoapAttributeChecks, signatureParts, info, checkForTokensAtHeaders); headerReader.Close(); } } if (!flag6 && signatureParts.IsHeaderIncluded(info.Name, info.Namespace)) { base.SecurityVerifiedMessage.OnUnsignedPart(info.Name, info.Namespace); } if (flag6 && flag5) { base.VerifySignatureEncryption(); } if (flag5 && !flag6) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("EncryptedHeaderNotSigned", new object[] { info.Name, info.Namespace }))); } if (!flag6 && !flag5) { readerAtFirstHeader.Skip(); } atLeastOneHeaderOrBodyEncrypted |= flag5; } } readerAtFirstHeader.ReadEndElement(); if (readerAtFirstHeader.NodeType != XmlNodeType.Element) { readerAtFirstHeader.MoveToContent(); } string id = idManager.ExtractId(readerAtFirstHeader); base.ElementManager.VerifyUniquenessAndSetBodyId(id); base.SecurityVerifiedMessage.SetBodyPrefixAndAttributes(readerAtFirstHeader); bool flag7 = specification.IsBodyIncluded || this.HasPendingDecryptionItem(); if ((!flag7 || encryptBeforeSignMode) && (id != null)) { flag8 = this.EnsureDigestValidityIfIdMatches(signedInfo, id, readerAtFirstHeader, false, null, null, false); } else { flag8 = false; } if (flag7) { XmlDictionaryReader reader5 = flag8 ? base.SecurityVerifiedMessage.CreateFullBodyReader() : readerAtFirstHeader; reader5.ReadStartElement(); string str4 = idManager.ExtractId(reader5); base.ElementManager.VerifyUniquenessAndSetBodyContentId(str4); flag9 = (str4 != null) && this.TryDeleteReferenceListEntry(str4); if (flag9) { this.DecryptBody(reader5, this.pendingDecryptionToken); } if (!object.ReferenceEquals(reader5, readerAtFirstHeader)) { reader5.Close(); } if ((!encryptBeforeSignMode && (signedInfo != null)) && signedInfo.HasUnverifiedReference(id)) { reader5 = base.SecurityVerifiedMessage.CreateFullBodyReader(); flag8 = this.EnsureDigestValidityIfIdMatches(signedInfo, id, reader5, false, null, null, false); reader5.Close(); } } else { flag9 = false; } if (flag8 && flag9) { base.VerifySignatureEncryption(); } readerAtFirstHeader.Close(); if (this.pendingSignature != null) { this.pendingSignature.CompleteSignatureVerification(); this.pendingSignature = null; } this.pendingDecryptionToken = null; atLeastOneHeaderOrBodyEncrypted |= flag9; if (!flag8 && signatureParts.IsBodyIncluded) { base.SecurityVerifiedMessage.OnUnsignedPart(System.ServiceModel.XD.MessageDictionary.Body.Value, base.Version.Envelope.Namespace); } if (!flag9 && specification.IsBodyIncluded) { base.SecurityVerifiedMessage.OnUnencryptedPart(System.ServiceModel.XD.MessageDictionary.Body.Value, base.Version.Envelope.Namespace); } base.SecurityVerifiedMessage.OnMessageProtectionPassComplete(atLeastOneHeaderOrBodyEncrypted); }
protected override SignedXml ReadSignatureCore(XmlDictionaryReader signatureReader) { SignedXml xml = new SignedXml(ServiceModelDictionaryManager.Instance, base.StandardsManager.SecurityTokenSerializer); xml.Signature.SignedInfo.ResourcePool = base.ResourcePool; xml.ReadFrom(signatureReader); return xml; }
public Signature(SignedXml signedXml, System.IdentityModel.SignedInfo signedInfo) { this.signedXml = signedXml; this.signedInfo = signedInfo; }
void ReadSignature() { _signedXml = new SignedXml(new WifSignedInfo(_dictionaryManager), _dictionaryManager, _tokenSerializer); _signedXml.TransformFactory = ExtendedTransformFactory.Instance; _signedXml.ReadFrom(_wrappedReader); if (_signedXml.Signature.SignedInfo.ReferenceCount != 1) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new CryptographicException(SR.GetString(SR.ID3057))); } }
private void ComputeSignature() { PreDigestedSignedInfo signedInfo = new PreDigestedSignedInfo(_dictionaryManager); signedInfo.AddEnvelopedSignatureTransform = true; signedInfo.CanonicalizationMethod = XD.ExclusiveC14NDictionary.Namespace.Value; signedInfo.SignatureMethod = _signingCreds.SignatureAlgorithm; signedInfo.DigestMethod = _signingCreds.DigestAlgorithm; signedInfo.AddReference(_referenceId, _hashStream.FlushHashAndGetValue(_preCanonicalTracingStream)); SignedXml signedXml = new SignedXml(signedInfo, _dictionaryManager, _tokenSerializer); signedXml.ComputeSignature(_signingCreds.SigningKey); signedXml.Signature.KeyIdentifier = _signingCreds.SigningKeyIdentifier; signedXml.WriteTo(base.InnerWriter); ((IDisposable)_hashStream).Dispose(); _hashStream = null; }
void ICanonicalWriterEndRootElementCallback.OnEndOfRootElement(XmlDictionaryWriter dictionaryWriter) { byte[] digest = this.hashStream.FlushHashAndGetValue(); PreDigestedSignedInfo signedInfo = new PreDigestedSignedInfo(this.dictionaryManager) { AddEnvelopedSignatureTransform = true, CanonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#", SignatureMethod = this.signingCredentials.SignatureAlgorithm, DigestMethod = this.signingCredentials.DigestAlgorithm }; signedInfo.AddReference(this.assertionId, digest); SignedXml xml = new SignedXml(signedInfo, this.dictionaryManager, this.keyInfoSerializer); xml.ComputeSignature(this.signingCredentials.SigningKey); xml.Signature.KeyIdentifier = this.signingCredentials.SigningKeyIdentifier; xml.WriteTo(dictionaryWriter); }
protected void ReadSignature(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver, SamlSerializer samlSerializer) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } if (samlSerializer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("samlSerializer"); } if (this.signature != null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.IdentityModel.SR.GetString("SAMLSignatureAlreadyRead"))); } XmlDictionaryReader reader2 = reader; if (!reader2.CanCanonicalize) { MemoryStream stream = new MemoryStream(); XmlDictionaryWriter writer = XmlDictionaryWriter.CreateBinaryWriter(stream, samlSerializer.DictionaryManager.ParentDictionary); writer.WriteNode(reader2, false); writer.Flush(); stream.Position = 0L; reader2 = XmlDictionaryReader.CreateBinaryReader(stream.GetBuffer(), 0, (int) stream.Length, samlSerializer.DictionaryManager.ParentDictionary, reader.Quotas); reader2.MoveToContent(); writer.Close(); } SignedXml xml = new SignedXml(new StandardSignedInfo(samlSerializer.DictionaryManager), samlSerializer.DictionaryManager, keyInfoSerializer) { TransformFactory = ExtendedTransformFactory.Instance }; xml.ReadFrom(reader2); SecurityKeyIdentifier keyIdentifier = xml.Signature.KeyIdentifier; this.verificationKey = SamlSerializer.ResolveSecurityKey(keyIdentifier, outOfBandTokenResolver); if (this.verificationKey == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLUnableToResolveSignatureKey", new object[] { this.issuer }))); } this.signature = xml; this.signingToken = SamlSerializer.ResolveSecurityToken(keyIdentifier, outOfBandTokenResolver); if (this.signingToken == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SamlSigningTokenNotFound"))); } if (!object.ReferenceEquals(reader, reader2)) { reader2.Close(); } }