void VerifySoapAttributeMatchForHeader(MessageHeaderInfo info, MessagePartSpecification signatureParts, XmlDictionaryReader reader)
{
if (!signatureParts.IsHeaderIncluded(info.Name, info.Namespace))
{
return;
}
EnvelopeVersion currentVersion = this.Version.Envelope;
EnvelopeVersion otherVersion = currentVersion == EnvelopeVersion.Soap11 ? EnvelopeVersion.Soap12 : EnvelopeVersion.Soap11;
bool presentInCurrentVersion;
bool presentInOtherVersion;
presentInCurrentVersion = null != reader.GetAttribute(XD.MessageDictionary.MustUnderstand, currentVersion.DictionaryNamespace);
presentInOtherVersion = null != reader.GetAttribute(XD.MessageDictionary.MustUnderstand, otherVersion.DictionaryNamespace);
if (presentInOtherVersion && !presentInCurrentVersion)
{
throw TraceUtility.ThrowHelperError(
new MessageSecurityException(SR.GetString(
SR.InvalidAttributeInSignedHeader, info.Name, info.Namespace,
XD.MessageDictionary.MustUnderstand, otherVersion.DictionaryNamespace,
XD.MessageDictionary.MustUnderstand, currentVersion.DictionaryNamespace)), this.SecurityVerifiedMessage);
}
presentInCurrentVersion = null != reader.GetAttribute(currentVersion.DictionaryActor, currentVersion.DictionaryNamespace);
presentInOtherVersion = null != reader.GetAttribute(otherVersion.DictionaryActor, otherVersion.DictionaryNamespace);
if (presentInOtherVersion && !presentInCurrentVersion)
{
throw TraceUtility.ThrowHelperError(
new MessageSecurityException(SR.GetString(
SR.InvalidAttributeInSignedHeader, info.Name, info.Namespace,
otherVersion.DictionaryActor, otherVersion.DictionaryNamespace,
currentVersion.DictionaryActor, currentVersion.DictionaryNamespace)), this.SecurityVerifiedMessage);
}
}
private MessagePartProtectionMode GetProtectionMode(MessageHeader header)
{
if (!RequireMessageProtection)
{
return(MessagePartProtectionMode.None);
}
bool sign = _signedXml != null && _effectiveSignatureParts.IsHeaderIncluded(header);
bool encrypt = false;
return(MessagePartProtectionModeHelper.GetProtectionMode(sign, encrypt, SignThenEncrypt));
}
protected void EnsureEndpointAddressDoesNotRequireEncryption(EndpointAddress target)
{
if ((this.ApplicationProtectionRequirements != null) && (this.ApplicationProtectionRequirements.OutgoingEncryptionParts != null))
{
MessagePartSpecification channelParts = this.ApplicationProtectionRequirements.OutgoingEncryptionParts.ChannelParts;
if (channelParts != null)
{
for (int i = 0; i < this.targetAddress.Headers.Count; i++)
{
AddressHeader header = target.Headers[i];
if (channelParts.IsHeaderIncluded(header.Name, header.Namespace))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("SecurityNegotiationCannotProtectConfidentialEndpointHeader", new object[] { target, header.Name, header.Namespace })));
}
}
}
}
}
private void VerifySoapAttributeMatchForHeader(MessageHeaderInfo info, MessagePartSpecification signatureParts, XmlDictionaryReader reader)
{
if (signatureParts.IsHeaderIncluded(info.Name, info.Namespace))
{
EnvelopeVersion envelope = base.Version.Envelope;
EnvelopeVersion version2 = (envelope == EnvelopeVersion.Soap11) ? EnvelopeVersion.Soap12 : EnvelopeVersion.Soap11;
bool flag = null != reader.GetAttribute(System.ServiceModel.XD.MessageDictionary.MustUnderstand, envelope.DictionaryNamespace);
if ((null != reader.GetAttribute(System.ServiceModel.XD.MessageDictionary.MustUnderstand, version2.DictionaryNamespace)) && !flag)
{
throw TraceUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("InvalidAttributeInSignedHeader", new object[] { info.Name, info.Namespace, System.ServiceModel.XD.MessageDictionary.MustUnderstand, version2.DictionaryNamespace, System.ServiceModel.XD.MessageDictionary.MustUnderstand, envelope.DictionaryNamespace })), base.SecurityVerifiedMessage);
}
flag = null != reader.GetAttribute(envelope.DictionaryActor, envelope.DictionaryNamespace);
if ((null != reader.GetAttribute(version2.DictionaryActor, version2.DictionaryNamespace)) && !flag)
{
throw TraceUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("InvalidAttributeInSignedHeader", new object[] { info.Name, info.Namespace, version2.DictionaryActor, version2.DictionaryNamespace, envelope.DictionaryActor, envelope.DictionaryNamespace })), base.SecurityVerifiedMessage);
}
}
}
// helper methods
protected void EnsureEndpointAddressDoesNotRequireEncryption(EndpointAddress target)
{
if (ApplicationProtectionRequirements == null ||
ApplicationProtectionRequirements.OutgoingEncryptionParts == null)
{
return;
}
MessagePartSpecification channelEncryptionParts = ApplicationProtectionRequirements.OutgoingEncryptionParts.ChannelParts;
if (channelEncryptionParts == null)
{
return;
}
for (int i = 0; i < _targetAddress.Headers.Count; ++i)
{
AddressHeader header = target.Headers[i];
if (channelEncryptionParts.IsHeaderIncluded(header.Name, header.Namespace))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.Format(SR.SecurityNegotiationCannotProtectConfidentialEndpointHeader, target, header.Name, header.Namespace)));
}
}
}
private static MessagePartSpecification UnionMessagePartSpecifications(ScopedMessagePartSpecification actionParts)
{
MessagePartSpecification result = new MessagePartSpecification(false);
foreach (string action in actionParts.Actions)
{
MessagePartSpecification parts;
if (actionParts.TryGetParts(action, out parts))
{
if (parts.IsBodyIncluded)
{
result.IsBodyIncluded = true;
}
foreach (XmlQualifiedName headerType in parts.HeaderTypes)
{
if (!result.IsHeaderIncluded(headerType.Name, headerType.Namespace))
{
result.HeaderTypes.Add(headerType);
}
}
}
}
return(result);
}
private static MessagePartSpecification UnionMessagePartSpecifications(ScopedMessagePartSpecification actionParts)
{
MessagePartSpecification specification = new MessagePartSpecification(false);
foreach (string str in actionParts.Actions)
{
MessagePartSpecification specification2;
if (actionParts.TryGetParts(str, out specification2))
{
if (specification2.IsBodyIncluded)
{
specification.IsBodyIncluded = true;
}
foreach (XmlQualifiedName name in specification2.HeaderTypes)
{
if (!specification.IsHeaderIncluded(name.Name, name.Namespace))
{
specification.HeaderTypes.Add(name);
}
}
}
}
return(specification);
}
private static MessagePartSpecification UnionMessagePartSpecifications(ScopedMessagePartSpecification actionParts)
{
MessagePartSpecification result = new MessagePartSpecification(false);
foreach (string action in actionParts.Actions)
{
MessagePartSpecification parts;
if (actionParts.TryGetParts(action, out parts))
{
if (parts.IsBodyIncluded)
{
result.IsBodyIncluded = true;
}
foreach (XmlQualifiedName headerType in parts.HeaderTypes)
{
if (!result.IsHeaderIncluded(headerType.Name, headerType.Namespace))
{
result.HeaderTypes.Add(headerType);
}
}
}
}
return result;
}
protected override void ExecuteMessageProtectionPass(bool hasAtLeastOneSupportingTokenExpectedToBeSigned)
{
bool flag8;
bool flag9;
SignatureTargetIdManager idManager = base.StandardsManager.IdManager;
MessagePartSpecification specification = base.RequiredEncryptionParts ?? MessagePartSpecification.NoParts;
MessagePartSpecification signatureParts = base.RequiredSignatureParts ?? MessagePartSpecification.NoParts;
bool checkForTokensAtHeaders = hasAtLeastOneSupportingTokenExpectedToBeSigned;
bool doSoapAttributeChecks = !signatureParts.IsBodyIncluded;
bool encryptBeforeSignMode = base.EncryptBeforeSignMode;
SignedInfo signedInfo = (this.pendingSignature != null) ? this.pendingSignature.Signature.SignedInfo : null;
SignatureConfirmations sentSignatureConfirmations = base.GetSentSignatureConfirmations();
if (((sentSignatureConfirmations != null) && (sentSignatureConfirmations.Count > 0)) && sentSignatureConfirmations.IsMarkedForEncryption)
{
base.VerifySignatureEncryption();
}
MessageHeaders headers = base.SecurityVerifiedMessage.Headers;
XmlDictionaryReader readerAtFirstHeader = base.SecurityVerifiedMessage.GetReaderAtFirstHeader();
bool atLeastOneHeaderOrBodyEncrypted = false;
for (int i = 0; i < headers.Count; i++)
{
if (readerAtFirstHeader.NodeType != XmlNodeType.Element)
{
readerAtFirstHeader.MoveToContent();
}
if (i == base.HeaderIndex)
{
readerAtFirstHeader.Skip();
}
else
{
bool flag6;
bool flag5 = false;
string str = idManager.ExtractId(readerAtFirstHeader);
if (str != null)
{
flag5 = this.TryDeleteReferenceListEntry(str);
}
if (!flag5 && readerAtFirstHeader.IsStartElement("EncryptedHeader", "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"))
{
XmlDictionaryReader readerAtHeader = headers.GetReaderAtHeader(i);
readerAtHeader.ReadStartElement("EncryptedHeader", "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd");
if (readerAtHeader.IsStartElement(EncryptedData.ElementName, System.ServiceModel.XD.XmlEncryptionDictionary.Namespace))
{
string attribute = readerAtHeader.GetAttribute(System.ServiceModel.XD.XmlEncryptionDictionary.Id, null);
if ((attribute != null) && this.TryDeleteReferenceListEntry(attribute))
{
flag5 = true;
}
}
}
base.ElementManager.VerifyUniquenessAndSetHeaderId(str, i);
MessageHeaderInfo info = headers[i];
if (!flag5 && specification.IsHeaderIncluded(info.Name, info.Namespace))
{
base.SecurityVerifiedMessage.OnUnencryptedPart(info.Name, info.Namespace);
}
if ((!flag5 || encryptBeforeSignMode) && (str != null))
{
flag6 = this.EnsureDigestValidityIfIdMatches(signedInfo, str, readerAtFirstHeader, doSoapAttributeChecks, signatureParts, info, checkForTokensAtHeaders);
}
else
{
flag6 = false;
}
if (flag5)
{
XmlDictionaryReader reader = flag6 ? headers.GetReaderAtHeader(i) : readerAtFirstHeader;
DecryptedHeader header = this.DecryptHeader(reader, this.pendingDecryptionToken);
info = header;
str = header.Id;
base.ElementManager.VerifyUniquenessAndSetDecryptedHeaderId(str, i);
headers.ReplaceAt(i, header);
if (!object.ReferenceEquals(reader, readerAtFirstHeader))
{
reader.Close();
}
if (!encryptBeforeSignMode && (str != null))
{
XmlDictionaryReader headerReader = header.GetHeaderReader();
flag6 = this.EnsureDigestValidityIfIdMatches(signedInfo, str, headerReader, doSoapAttributeChecks, signatureParts, info, checkForTokensAtHeaders);
headerReader.Close();
}
}
if (!flag6 && signatureParts.IsHeaderIncluded(info.Name, info.Namespace))
{
base.SecurityVerifiedMessage.OnUnsignedPart(info.Name, info.Namespace);
}
if (flag6 && flag5)
{
base.VerifySignatureEncryption();
}
if (flag5 && !flag6)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("EncryptedHeaderNotSigned", new object[] { info.Name, info.Namespace })));
}
if (!flag6 && !flag5)
{
readerAtFirstHeader.Skip();
}
atLeastOneHeaderOrBodyEncrypted |= flag5;
}
}
readerAtFirstHeader.ReadEndElement();
if (readerAtFirstHeader.NodeType != XmlNodeType.Element)
{
readerAtFirstHeader.MoveToContent();
}
string id = idManager.ExtractId(readerAtFirstHeader);
base.ElementManager.VerifyUniquenessAndSetBodyId(id);
base.SecurityVerifiedMessage.SetBodyPrefixAndAttributes(readerAtFirstHeader);
bool flag7 = specification.IsBodyIncluded || this.HasPendingDecryptionItem();
if ((!flag7 || encryptBeforeSignMode) && (id != null))
{
flag8 = this.EnsureDigestValidityIfIdMatches(signedInfo, id, readerAtFirstHeader, false, null, null, false);
}
else
{
flag8 = false;
}
if (flag7)
{
XmlDictionaryReader reader5 = flag8 ? base.SecurityVerifiedMessage.CreateFullBodyReader() : readerAtFirstHeader;
reader5.ReadStartElement();
string str4 = idManager.ExtractId(reader5);
base.ElementManager.VerifyUniquenessAndSetBodyContentId(str4);
flag9 = (str4 != null) && this.TryDeleteReferenceListEntry(str4);
if (flag9)
{
this.DecryptBody(reader5, this.pendingDecryptionToken);
}
if (!object.ReferenceEquals(reader5, readerAtFirstHeader))
{
reader5.Close();
}
if ((!encryptBeforeSignMode && (signedInfo != null)) && signedInfo.HasUnverifiedReference(id))
{
reader5 = base.SecurityVerifiedMessage.CreateFullBodyReader();
flag8 = this.EnsureDigestValidityIfIdMatches(signedInfo, id, reader5, false, null, null, false);
reader5.Close();
}
}
else
{
flag9 = false;
}
if (flag8 && flag9)
{
base.VerifySignatureEncryption();
}
readerAtFirstHeader.Close();
if (this.pendingSignature != null)
{
this.pendingSignature.CompleteSignatureVerification();
this.pendingSignature = null;
}
this.pendingDecryptionToken = null;
atLeastOneHeaderOrBodyEncrypted |= flag9;
if (!flag8 && signatureParts.IsBodyIncluded)
{
base.SecurityVerifiedMessage.OnUnsignedPart(System.ServiceModel.XD.MessageDictionary.Body.Value, base.Version.Envelope.Namespace);
}
if (!flag9 && specification.IsBodyIncluded)
{
base.SecurityVerifiedMessage.OnUnencryptedPart(System.ServiceModel.XD.MessageDictionary.Body.Value, base.Version.Envelope.Namespace);
}
base.SecurityVerifiedMessage.OnMessageProtectionPassComplete(atLeastOneHeaderOrBodyEncrypted);
}
void VerifySoapAttributeMatchForHeader(MessageHeaderInfo info, MessagePartSpecification signatureParts, XmlDictionaryReader reader)
{
if (!signatureParts.IsHeaderIncluded(info.Name, info.Namespace))
{
return;
}
EnvelopeVersion currentVersion = this.Version.Envelope;
EnvelopeVersion otherVersion = currentVersion == EnvelopeVersion.Soap11 ? EnvelopeVersion.Soap12 : EnvelopeVersion.Soap11;
bool presentInCurrentVersion;
bool presentInOtherVersion;
presentInCurrentVersion = null != reader.GetAttribute(XD.MessageDictionary.MustUnderstand, currentVersion.DictionaryNamespace);
presentInOtherVersion = null != reader.GetAttribute(XD.MessageDictionary.MustUnderstand, otherVersion.DictionaryNamespace);
if (presentInOtherVersion && !presentInCurrentVersion)
{
throw TraceUtility.ThrowHelperError(
new MessageSecurityException(SR.GetString(
SR.InvalidAttributeInSignedHeader, info.Name, info.Namespace,
XD.MessageDictionary.MustUnderstand, otherVersion.DictionaryNamespace,
XD.MessageDictionary.MustUnderstand, currentVersion.DictionaryNamespace)), this.SecurityVerifiedMessage);
}
presentInCurrentVersion = null != reader.GetAttribute(currentVersion.DictionaryActor, currentVersion.DictionaryNamespace);
presentInOtherVersion = null != reader.GetAttribute(otherVersion.DictionaryActor, otherVersion.DictionaryNamespace);
if (presentInOtherVersion && !presentInCurrentVersion)
{
throw TraceUtility.ThrowHelperError(
new MessageSecurityException(SR.GetString(
SR.InvalidAttributeInSignedHeader, info.Name, info.Namespace,
otherVersion.DictionaryActor, otherVersion.DictionaryNamespace,
currentVersion.DictionaryActor, currentVersion.DictionaryNamespace)), this.SecurityVerifiedMessage);
}
}
private void VerifySoapAttributeMatchForHeader(MessageHeaderInfo info, MessagePartSpecification signatureParts, XmlDictionaryReader reader)
{
if (signatureParts.IsHeaderIncluded(info.Name, info.Namespace))
{
EnvelopeVersion envelope = base.Version.Envelope;
EnvelopeVersion version2 = (envelope == EnvelopeVersion.Soap11) ? EnvelopeVersion.Soap12 : EnvelopeVersion.Soap11;
bool flag = null != reader.GetAttribute(System.ServiceModel.XD.MessageDictionary.MustUnderstand, envelope.DictionaryNamespace);
if ((null != reader.GetAttribute(System.ServiceModel.XD.MessageDictionary.MustUnderstand, version2.DictionaryNamespace)) && !flag)
{
throw TraceUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("InvalidAttributeInSignedHeader", new object[] { info.Name, info.Namespace, System.ServiceModel.XD.MessageDictionary.MustUnderstand, version2.DictionaryNamespace, System.ServiceModel.XD.MessageDictionary.MustUnderstand, envelope.DictionaryNamespace })), base.SecurityVerifiedMessage);
}
flag = null != reader.GetAttribute(envelope.DictionaryActor, envelope.DictionaryNamespace);
if ((null != reader.GetAttribute(version2.DictionaryActor, version2.DictionaryNamespace)) && !flag)
{
throw TraceUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("InvalidAttributeInSignedHeader", new object[] { info.Name, info.Namespace, version2.DictionaryActor, version2.DictionaryNamespace, envelope.DictionaryActor, envelope.DictionaryNamespace })), base.SecurityVerifiedMessage);
}
}
}
protected override void ExecuteMessageProtectionPass(bool hasAtLeastOneSupportingTokenExpectedToBeSigned)
{
SignatureTargetIdManager idManager = this.StandardsManager.IdManager;
MessagePartSpecification encryptionParts = this.RequiredEncryptionParts ?? MessagePartSpecification.NoParts;
MessagePartSpecification signatureParts = this.RequiredSignatureParts ?? MessagePartSpecification.NoParts;
bool checkForTokensAtHeaders = hasAtLeastOneSupportingTokenExpectedToBeSigned;
bool doSoapAttributeChecks = !signatureParts.IsBodyIncluded;
bool encryptBeforeSign = this.EncryptBeforeSignMode;
SignedInfo signedInfo = this.pendingSignature != null ? this.pendingSignature.Signature.SignedInfo : null;
SignatureConfirmations signatureConfirmations = this.GetSentSignatureConfirmations();
if (signatureConfirmations != null && signatureConfirmations.Count > 0 && signatureConfirmations.IsMarkedForEncryption)
{
// If Signature Confirmations are encrypted then the signature should
// be encrypted as well.
this.VerifySignatureEncryption();
}
MessageHeaders headers = this.SecurityVerifiedMessage.Headers;
XmlDictionaryReader reader = this.SecurityVerifiedMessage.GetReaderAtFirstHeader();
bool atLeastOneHeaderOrBodyEncrypted = false;
for (int i = 0; i < headers.Count; i++)
{
if (reader.NodeType != XmlNodeType.Element)
{
reader.MoveToContent();
}
if (i == this.HeaderIndex)
{
reader.Skip();
continue;
}
bool isHeaderEncrypted = false;
string id = idManager.ExtractId(reader);
if (id != null)
{
isHeaderEncrypted = TryDeleteReferenceListEntry(id);
}
if (!isHeaderEncrypted && reader.IsStartElement(SecurityXXX2005Strings.EncryptedHeader, SecurityXXX2005Strings.Namespace))
{
XmlDictionaryReader localreader = headers.GetReaderAtHeader(i);
localreader.ReadStartElement(SecurityXXX2005Strings.EncryptedHeader, SecurityXXX2005Strings.Namespace);
if (localreader.IsStartElement(EncryptedData.ElementName, XD.XmlEncryptionDictionary.Namespace))
{
string encryptedDataId = localreader.GetAttribute(XD.XmlEncryptionDictionary.Id, null);
if (encryptedDataId != null && TryDeleteReferenceListEntry(encryptedDataId))
{
isHeaderEncrypted = true;
}
}
}
this.ElementManager.VerifyUniquenessAndSetHeaderId(id, i);
MessageHeaderInfo info = headers[i];
if (!isHeaderEncrypted && encryptionParts.IsHeaderIncluded(info.Name, info.Namespace))
{
this.SecurityVerifiedMessage.OnUnencryptedPart(info.Name, info.Namespace);
}
bool headerSigned;
if ((!isHeaderEncrypted || encryptBeforeSign) && id != null)
{
headerSigned = EnsureDigestValidityIfIdMatches(signedInfo, id, reader, doSoapAttributeChecks, signatureParts, info, checkForTokensAtHeaders);
}
else
{
headerSigned = false;
}
if (isHeaderEncrypted)
{
XmlDictionaryReader decryptionReader = headerSigned ? headers.GetReaderAtHeader(i) : reader;
DecryptedHeader decryptedHeader = DecryptHeader(decryptionReader, this.pendingDecryptionToken);
info = decryptedHeader;
id = decryptedHeader.Id;
this.ElementManager.VerifyUniquenessAndSetDecryptedHeaderId(id, i);
headers.ReplaceAt(i, decryptedHeader);
if (!ReferenceEquals(decryptionReader, reader))
{
decryptionReader.Close();
}
if (!encryptBeforeSign && id != null)
{
XmlDictionaryReader decryptedHeaderReader = decryptedHeader.GetHeaderReader();
headerSigned = EnsureDigestValidityIfIdMatches(signedInfo, id, decryptedHeaderReader, doSoapAttributeChecks, signatureParts, info, checkForTokensAtHeaders);
decryptedHeaderReader.Close();
}
}
if (!headerSigned && signatureParts.IsHeaderIncluded(info.Name, info.Namespace))
{
this.SecurityVerifiedMessage.OnUnsignedPart(info.Name, info.Namespace);
}
if (headerSigned && isHeaderEncrypted)
{
// We have a header that is signed and encrypted. So the accompanying primary signature
// should be encrypted as well.
this.VerifySignatureEncryption();
}
if (isHeaderEncrypted && !headerSigned)
{
// We require all encrypted headers (outside the security header) to be signed.
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.EncryptedHeaderNotSigned, info.Name, info.Namespace)));
}
if (!headerSigned && !isHeaderEncrypted)
{
reader.Skip();
}
atLeastOneHeaderOrBodyEncrypted |= isHeaderEncrypted;
}
reader.ReadEndElement();
if (reader.NodeType != XmlNodeType.Element)
{
reader.MoveToContent();
}
string bodyId = idManager.ExtractId(reader);
this.ElementManager.VerifyUniquenessAndSetBodyId(bodyId);
this.SecurityVerifiedMessage.SetBodyPrefixAndAttributes(reader);
bool expectBodyEncryption = encryptionParts.IsBodyIncluded || HasPendingDecryptionItem();
bool bodySigned;
if ((!expectBodyEncryption || encryptBeforeSign) && bodyId != null)
{
bodySigned = EnsureDigestValidityIfIdMatches(signedInfo, bodyId, reader, false, null, null, false);
}
else
{
bodySigned = false;
}
bool bodyEncrypted;
if (expectBodyEncryption)
{
XmlDictionaryReader bodyReader = bodySigned ? this.SecurityVerifiedMessage.CreateFullBodyReader() : reader;
bodyReader.ReadStartElement();
string bodyContentId = idManager.ExtractId(bodyReader);
this.ElementManager.VerifyUniquenessAndSetBodyContentId(bodyContentId);
bodyEncrypted = bodyContentId != null && TryDeleteReferenceListEntry(bodyContentId);
if (bodyEncrypted)
{
DecryptBody(bodyReader, this.pendingDecryptionToken);
}
if (!ReferenceEquals(bodyReader, reader))
{
bodyReader.Close();
}
if (!encryptBeforeSign && signedInfo != null && signedInfo.HasUnverifiedReference(bodyId))
{
bodyReader = this.SecurityVerifiedMessage.CreateFullBodyReader();
bodySigned = EnsureDigestValidityIfIdMatches(signedInfo, bodyId, bodyReader, false, null, null, false);
bodyReader.Close();
}
}
else
{
bodyEncrypted = false;
}
if (bodySigned && bodyEncrypted)
{
this.VerifySignatureEncryption();
}
reader.Close();
if (this.pendingSignature != null)
{
this.pendingSignature.CompleteSignatureVerification();
this.pendingSignature = null;
}
this.pendingDecryptionToken = null;
atLeastOneHeaderOrBodyEncrypted |= bodyEncrypted;
if (!bodySigned && signatureParts.IsBodyIncluded)
{
this.SecurityVerifiedMessage.OnUnsignedPart(XD.MessageDictionary.Body.Value, this.Version.Envelope.Namespace);
}
if (!bodyEncrypted && encryptionParts.IsBodyIncluded)
{
this.SecurityVerifiedMessage.OnUnencryptedPart(XD.MessageDictionary.Body.Value, this.Version.Envelope.Namespace);
}
this.SecurityVerifiedMessage.OnMessageProtectionPassComplete(atLeastOneHeaderOrBodyEncrypted);
}
private static MessagePartSpecification UnionMessagePartSpecifications(ScopedMessagePartSpecification actionParts)
{
MessagePartSpecification specification = new MessagePartSpecification(false);
foreach (string str in actionParts.Actions)
{
MessagePartSpecification specification2;
if (actionParts.TryGetParts(str, out specification2))
{
if (specification2.IsBodyIncluded)
{
specification.IsBodyIncluded = true;
}
foreach (XmlQualifiedName name in specification2.HeaderTypes)
{
if (!specification.IsHeaderIncluded(name.Name, name.Namespace))
{
specification.HeaderTypes.Add(name);
}
}
}
}
return specification;
}