private void AddSignatureReference(MessageHeader header, string headerId, IPrefixGenerator prefixGenerator, XmlDictionaryWriter writer)
{
// No transforms added to Reference as the digest value has already been calculated
byte[] hashValue;
headerId = GetSignatureHash(header, headerId, prefixGenerator, writer, out hashValue);
var reference = new Reference();
reference.DigestMethod = AlgorithmSuite.DefaultDigestAlgorithm;
reference.DigestValue = hashValue;
reference.Id = headerId;
_signedXml.AddReference(reference);
}
private string GetSignatureStream(MessageHeader header, string headerId, IPrefixGenerator prefixGenerator, XmlDictionaryWriter writer, out Stream stream)
{
stream = new MemoryStream();
XmlDictionaryWriter effectiveWriter;
XmlBuffer canonicalBuffer = null;
if (writer.CanCanonicalize)
{
effectiveWriter = writer;
}
else
{
canonicalBuffer = new XmlBuffer(int.MaxValue);
effectiveWriter = canonicalBuffer.OpenSection(XmlDictionaryReaderQuotas.Max);
}
effectiveWriter.StartCanonicalization(stream, false, null);
header.WriteStartHeader(effectiveWriter, Version);
if (headerId == null)
{
headerId = GenerateId();
StandardsManager.IdManager.WriteIdAttribute(effectiveWriter, headerId);
}
header.WriteHeaderContents(effectiveWriter, Version);
effectiveWriter.WriteEndElement();
effectiveWriter.EndCanonicalization();
effectiveWriter.Flush();
if (!ReferenceEquals(effectiveWriter, writer))
{
Fx.Assert(canonicalBuffer != null, "Canonical buffer cannot be null.");
canonicalBuffer.CloseSection();
canonicalBuffer.Close();
XmlDictionaryReader dicReader = canonicalBuffer.GetReader(0);
writer.WriteNode(dicReader, false);
dicReader.Close();
}
stream.Position = 0;
return(headerId);
}
public override void ApplyBodySecurity(XmlDictionaryWriter writer, IPrefixGenerator prefixGenerator)
{
SecurityAppliedMessage message = SecurityAppliedMessage;
switch (message.BodyProtectionMode)
{
case MessagePartProtectionMode.None:
return;
case MessagePartProtectionMode.Sign:
var ms = new MemoryStream();
if (CanCanonicalizeAndFragment(writer))
{
message.WriteBodyToSignWithFragments(ms, false, null, writer);
}
else
{
message.WriteBodyToSign(ms);
}
ms.Position = 0;
AddReference("#" + message.BodyId, ms);
return;
case MessagePartProtectionMode.SignThenEncrypt:
throw new PlatformNotSupportedException();
case MessagePartProtectionMode.Encrypt:
throw new PlatformNotSupportedException();
case MessagePartProtectionMode.EncryptThenSign:
throw new PlatformNotSupportedException();
default:
Fx.Assert("Invalid MessagePartProtectionMode");
return;
}
}
private void AddEncryptionReference(MessageHeader header, string headerId, IPrefixGenerator prefixGenerator, bool sign,
out MemoryStream plainTextStream, out string encryptedDataId)
{
throw new PlatformNotSupportedException();
}
public override void ApplySecurityAndWriteHeaders(MessageHeaders headers, XmlDictionaryWriter writer, IPrefixGenerator prefixGenerator)
{
string[] headerIds;
if (RequireMessageProtection || ShouldSignToHeader)
{
headerIds = headers.GetHeaderAttributes(UtilityStrings.IdAttribute,
StandardsManager.IdManager.DefaultIdNamespaceUri);
}
else
{
headerIds = null;
}
for (int i = 0; i < headers.Count; i++)
{
MessageHeader header = headers.GetMessageHeader(i);
if (Version.Addressing == AddressingVersion.None && header.Namespace == AddressingVersion.None.Namespace)
{
continue;
}
if (header != this)
{
ApplySecurityAndWriteHeader(header, headerIds == null ? null : headerIds[i], writer, prefixGenerator);
}
}
}
private void ApplySecurityAndWriteHeader(MessageHeader header, string headerId, XmlDictionaryWriter writer, IPrefixGenerator prefixGenerator)
{
if (!RequireMessageProtection && ShouldSignToHeader)
{
if ((header.Name == XD.AddressingDictionary.To.Value) &&
(header.Namespace == Message.Version.Addressing.Namespace))
{
if (_toHeaderStream == null)
{
Stream headerStream;
headerId = GetSignatureStream(header, headerId, prefixGenerator, writer, out headerStream);
_toHeaderStream = headerStream;
_toHeaderId = headerId;
}
else
{
// More than one 'To' header is specified in the message.
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.TransportSecuredMessageHasMoreThanOneToHeader));
}
return;
}
}
MessagePartProtectionMode protectionMode = GetProtectionMode(header);
switch (protectionMode)
{
case MessagePartProtectionMode.None:
header.WriteHeader(writer, Version);
return;
case MessagePartProtectionMode.Sign:
AddSignatureReference(header, headerId, prefixGenerator, writer);
return;
case MessagePartProtectionMode.SignThenEncrypt:
case MessagePartProtectionMode.Encrypt:
case MessagePartProtectionMode.EncryptThenSign:
throw ExceptionHelper.PlatformNotSupported();
default:
Fx.Assert("Invalid MessagePartProtectionMode");
return;
}
}
public abstract void ApplySecurityAndWriteHeaders(MessageHeaders headers, XmlDictionaryWriter writer, IPrefixGenerator prefixGenerator);
public abstract void ApplyBodySecurity(XmlDictionaryWriter writer, IPrefixGenerator prefixGenerator);
