private void StartSignature()
{
if (ElementContainer.SourceSigningToken == null)
{
return;
}
// determine the key identifier clause to use for the source
SecurityTokenReferenceStyle sourceSigningKeyReferenceStyle = GetTokenReferenceStyle(SigningTokenParameters);
SecurityKeyIdentifierClause sourceSigningKeyIdentifierClause = SigningTokenParameters.CreateKeyIdentifierClause(ElementContainer.SourceSigningToken, sourceSigningKeyReferenceStyle);
if (sourceSigningKeyIdentifierClause == null)
{
throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.TokenManagerCannotCreateTokenReference), Message);
}
SecurityToken signingToken;
SecurityKeyIdentifierClause signingKeyIdentifierClause;
// determine if a token needs to be derived
if (SigningTokenParameters.RequireDerivedKeys && !SigningTokenParameters.HasAsymmetricKey)
{
// Derived keys not required for initial implementation
throw ExceptionHelper.PlatformNotSupported();
}
else
{
signingToken = ElementContainer.SourceSigningToken;
signingKeyIdentifierClause = sourceSigningKeyIdentifierClause;
}
SecurityKeyIdentifier signingKeyIdentifier = new SecurityKeyIdentifier(signingKeyIdentifierClause);
if (_signatureConfirmationsToSend != null && _signatureConfirmationsToSend.Count > 0)
{
ISecurityElement[] signatureConfirmationElements;
signatureConfirmationElements = CreateSignatureConfirmationElements(_signatureConfirmationsToSend);
for (int i = 0; i < signatureConfirmationElements.Length; ++i)
{
SendSecurityHeaderElement sigConfElement = new SendSecurityHeaderElement(signatureConfirmationElements[i].Id, signatureConfirmationElements[i]);
sigConfElement.MarkedForEncryption = _signatureConfirmationsToSend.IsMarkedForEncryption;
ElementContainer.AddSignatureConfirmation(sigConfElement);
}
}
bool generateTargettablePrimarySignature = ((_endorsingTokenParameters != null) || (_signedEndorsingTokenParameters != null));
StartPrimarySignatureCore(signingToken, signingKeyIdentifier, _signatureParts, generateTargettablePrimarySignature);
}
private void StartSignature()
{
if (ElementContainer.SourceSigningToken == null)
{
return;
}
// determine the key identifier clause to use for the source
SecurityTokenReferenceStyle sourceSigningKeyReferenceStyle = GetTokenReferenceStyle(SigningTokenParameters);
SecurityKeyIdentifierClause sourceSigningKeyIdentifierClause = SigningTokenParameters.CreateKeyIdentifierClause(ElementContainer.SourceSigningToken, sourceSigningKeyReferenceStyle);
if (sourceSigningKeyIdentifierClause == null)
{
throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.TokenManagerCannotCreateTokenReference), Message);
}
SecurityToken signingToken;
SecurityKeyIdentifierClause signingKeyIdentifierClause;
// determine if a token needs to be derived
if (SigningTokenParameters.RequireDerivedKeys && !SigningTokenParameters.HasAsymmetricKey)
{
string derivationAlgorithm = AlgorithmSuite.GetSignatureKeyDerivationAlgorithm(ElementContainer.SourceSigningToken, StandardsManager.MessageSecurityVersion.SecureConversationVersion);
string expectedDerivationAlgorithm = SecurityUtils.GetKeyDerivationAlgorithm(StandardsManager.MessageSecurityVersion.SecureConversationVersion);
if (derivationAlgorithm == expectedDerivationAlgorithm)
{
DerivedKeySecurityToken derivedSigningToken = new DerivedKeySecurityToken(-1, 0, AlgorithmSuite.GetSignatureKeyDerivationLength(ElementContainer.SourceSigningToken, StandardsManager.MessageSecurityVersion.SecureConversationVersion), null, DerivedKeySecurityToken.DefaultNonceLength, ElementContainer.SourceSigningToken,
sourceSigningKeyIdentifierClause, derivationAlgorithm, GenerateId());
signingToken = ElementContainer.DerivedSigningToken = derivedSigningToken;
signingKeyIdentifierClause = new LocalIdKeyIdentifierClause(signingToken.Id, signingToken.GetType());
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.Format(SR.UnsupportedCryptoAlgorithm, derivationAlgorithm)));
}
}
else
{
signingToken = ElementContainer.SourceSigningToken;
signingKeyIdentifierClause = sourceSigningKeyIdentifierClause;
}
SecurityKeyIdentifier signingKeyIdentifier = new SecurityKeyIdentifier(signingKeyIdentifierClause);
if (_signatureConfirmationsToSend != null && _signatureConfirmationsToSend.Count > 0)
{
ISecurityElement[] signatureConfirmationElements;
signatureConfirmationElements = CreateSignatureConfirmationElements(_signatureConfirmationsToSend);
for (int i = 0; i < signatureConfirmationElements.Length; ++i)
{
SendSecurityHeaderElement sigConfElement = new SendSecurityHeaderElement(signatureConfirmationElements[i].Id, signatureConfirmationElements[i])
{
MarkedForEncryption = _signatureConfirmationsToSend.IsMarkedForEncryption
};
ElementContainer.AddSignatureConfirmation(sigConfElement);
}
}
bool generateTargettablePrimarySignature = ((_endorsingTokenParameters != null) || (_signedEndorsingTokenParameters != null));
StartPrimarySignatureCore(signingToken, signingKeyIdentifier, _signatureParts, generateTargettablePrimarySignature);
}
