コード例 #1
        void ValidateTokensByParameters(IEnumerable <SecurityTokenParameters> plist, List <SupportingTokenInfo> tokens, bool optional, SecurityTokenAttachmentMode attachMode)
            foreach (SecurityTokenParameters p in plist)
                SecurityTokenResolver      r;
                SecurityTokenAuthenticator a =
                    security.CreateTokenAuthenticator(p, out r);
                SupportingTokenSpecification spec = ValidateTokensByParameters(a, r, tokens);
                if (spec == null)
                    if (optional)
                        throw new MessageSecurityException(String.Format("No security token could be validated for authenticator '{0}' which is indicated by the '{1}' supporting token parameters", a, attachMode));
                    // For endorsing tokens, verify corresponding signatures.
                    switch (attachMode)
                    case SecurityTokenAttachmentMode.Endorsing:
                    case SecurityTokenAttachmentMode.SignedEndorsing:
                        WSSignedXml esxml = GetSignatureForToken(spec.SecurityToken);
                        if (esxml == null)
                            throw new MessageSecurityException(String.Format("The '{1}' token '{0}' is expected to endorse the primary signature but no corresponding signature is found.", spec.SecurityToken, attachMode));

                        bool confirmed;
                        SecurityAlgorithmSuite suite = security.Element.DefaultAlgorithmSuite;
                        foreach (SecurityTokenReferenceKeyInfo kic in esxml.KeyInfo)
                            SecurityKey          signKey = spec.SecurityToken.ResolveKeyIdentifierClause(kic.Clause);
                            SymmetricSecurityKey symkey  = signKey as SymmetricSecurityKey;
                            if (symkey != null)
                                confirmed = esxml.CheckSignature(symkey.GetKeyedHashAlgorithm(suite.DefaultSymmetricSignatureAlgorithm));
                                AsymmetricAlgorithm alg = ((AsymmetricSecurityKey)signKey).GetAsymmetricAlgorithm(suite.DefaultAsymmetricSignatureAlgorithm, false);
                                confirmed = esxml.CheckSignature(alg);
                            if (!confirmed)
                                throw new MessageSecurityException(String.Format("Signature for '{1}' token '{0}' is invalid.", spec.SecurityToken, attachMode));

                        sec_prop.ConfirmedSignatures.Insert(0, Convert.ToBase64String(esxml.SignatureValue));

コード例 #2
        void ExtractSecurity()
            if (security.MessageProtectionOrder == MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature &&
                wss_header.Find <SignedXml> () != null)
                throw new MessageSecurityException("The security binding element expects that the message signature is encrypted, while it isn't.");

            WrappedKeySecurityToken wk = wss_header.Find <WrappedKeySecurityToken> ();
            DerivedKeySecurityToken dk = wss_header.Find <DerivedKeySecurityToken> ();

            if (wk != null)
                if (Parameters.RequireDerivedKeys && dk == null)
                    throw new MessageSecurityException("DerivedKeyToken is required in this contract, but was not found in the message");
                // FIXME: this is kind of hack for symmetric reply processing.
                wk = RequestSecurity.ProtectionToken != null ? RequestSecurity.ProtectionToken.SecurityToken as WrappedKeySecurityToken : null;

            SymmetricSecurityKey wkkey = wk != null ? wk.SecurityKeys [0] as SymmetricSecurityKey : null;

            wss_header_reader.DecryptSecurity(this, wkkey, RequestSecurity != null ? RequestSecurity.EncryptionKey : null);

            // signature confirmation
            WSSignedXml sxml = wss_header.Find <WSSignedXml> ();

            if (sxml == null)
                throw new MessageSecurityException("The the message signature is expected but not found.");

            bool confirmed = false;

            SecurityKeyIdentifierClause sigClause = null;

            foreach (KeyInfoClause kic in sxml.KeyInfo)
                SecurityTokenReferenceKeyInfo r = kic as SecurityTokenReferenceKeyInfo;
                if (r != null)
                    sigClause = r.Clause;
            if (sigClause == null)
                throw new MessageSecurityException("SecurityTokenReference was not found in dsig:Signature KeyInfo.");

            SecurityToken signToken;
            SecurityKey   signKey;

            signToken = TokenResolver.ResolveToken(sigClause);
            signKey   = signToken.ResolveKeyIdentifierClause(sigClause);
            SymmetricSecurityKey symkey = signKey as SymmetricSecurityKey;

            if (symkey != null)
                confirmed = sxml.CheckSignature(new HMACSHA1(symkey.GetSymmetricKey()));
                if (wk != null)
                    // FIXME: authenticate token
                    sec_prop.ProtectionToken = new SecurityTokenSpecification(wk, null);
                AsymmetricAlgorithm alg = ((AsymmetricSecurityKey)signKey).GetAsymmetricAlgorithm(security.DefaultSignatureAlgorithm, false);
                confirmed = sxml.CheckSignature(alg);
                sec_prop.InitiatorToken = new SecurityTokenSpecification(
            if (!confirmed)
                throw new MessageSecurityException("Message signature is invalid.");

            // token authentication
            // FIXME: it might not be limited to recipient
            if (Direction == MessageDirection.Input)

            sec_prop.EncryptionKey = ((SymmetricSecurityKey)wk.SecurityKeys [0]).GetSymmetricKey();
コード例 #3
        public Message SecureMessage()
            secprop = Message.Properties.Security ?? new SecurityMessageProperty();

            SecurityToken encToken =
                secprop.InitiatorToken != null ? secprop.InitiatorToken.SecurityToken : security.EncryptionToken;
            // FIXME: it might be still incorrect.
            SecurityToken signToken =
                Parameters == CounterParameters ? null :
            MessageProtectionOrder protectionOrder =
            SecurityTokenSerializer serializer =
            SecurityBindingElement element =
            SecurityAlgorithmSuite suite = element.DefaultAlgorithmSuite;

// FIXME: remove this hack
            if (!ShouldOutputEncryptedKey)
                encToken = new BinarySecretSecurityToken(secprop.EncryptionKey);

            string      messageId         = "uuid-" + Guid.NewGuid();
            int         identForMessageId = 1;
            XmlDocument doc = new XmlDocument();

            doc.PreserveWhitespace = true;

            UniqueId relatesTo = RelatesTo;

            if (relatesTo != null)
                msg.Headers.RelatesTo = relatesTo;
            else             // FIXME: probably it is always added when it is stateful ?
                msg.Headers.MessageId = new UniqueId("urn:" + messageId);

            // FIXME: get correct ReplyTo value
            if (Direction == MessageDirection.Input)
                msg.Headers.Add(MessageHeader.CreateHeader("ReplyTo", msg.Version.Addressing.Namespace, EndpointAddress10.FromEndpointAddress(new EndpointAddress(Constants.WsaAnonymousUri))));

            if (MessageTo != null)
                msg.Headers.Add(MessageHeader.CreateHeader("To", msg.Version.Addressing.Namespace, MessageTo.Uri.AbsoluteUri, true));

            // wss:Security
            WSSecurityMessageHeader header =
                new WSSecurityMessageHeader(serializer);

            // 1. [Timestamp]
            if (element.IncludeTimestamp)
                WsuTimestamp timestamp = new WsuTimestamp();
                timestamp.Id      = messageId + "-" + identForMessageId++;
                timestamp.Created = DateTime.Now;
                // FIXME: on service side, use element.LocalServiceSettings.TimestampValidityDuration
                timestamp.Expires = timestamp.Created.Add(element.LocalClientSettings.TimestampValidityDuration);

            XmlNamespaceManager nsmgr = new XmlNamespaceManager(doc.NameTable);

            nsmgr.AddNamespace("s", msg.Version.Envelope.Namespace);
            nsmgr.AddNamespace("o", Constants.WssNamespace);
            nsmgr.AddNamespace("u", Constants.WsuNamespace);
            nsmgr.AddNamespace("o11", Constants.Wss11Namespace);

            /*WrappedKey*/ SecurityToken primaryToken = null;
            DerivedKeySecurityToken      dkeyToken    = null;
            SecurityToken actualToken = null;
            SecurityKeyIdentifierClause actualClause = null;
            Signature sig = null;

            List <DerivedKeySecurityToken> derivedKeys =
                new List <DerivedKeySecurityToken> ();

            SymmetricAlgorithm masterKey = new RijndaelManaged();

            masterKey.KeySize = suite.DefaultSymmetricKeyLength;
            masterKey.Mode    = CipherMode.CBC;
            masterKey.Padding = PaddingMode.ISO10126;
            SymmetricAlgorithm actualKey = masterKey;

            // 2. [Encryption Token]

            // SecurityTokenInclusionMode
            // - Initiator or Recipient
            // - done or notyet. FIXME: not implemented yet
            // It also affects on key reference output

            bool includeEncToken =             // /* FIXME: remove this hack */Parameters is SslSecurityTokenParameters ? false :
                Security.RecipientParameters.InclusionMode, false);
            bool includeSigToken =             // /* FIXME: remove this hack */ Parameters is SslSecurityTokenParameters ? false :
                Security.InitiatorParameters.InclusionMode, false);

            SecurityKeyIdentifierClause encClause = ShouldOutputEncryptedKey ?
                                                    CounterParameters.CallCreateKeyIdentifierClause(encToken, !ShouldOutputEncryptedKey ? SecurityTokenReferenceStyle.Internal : includeEncToken ? Parameters.ReferenceStyle : SecurityTokenReferenceStyle.External) : null;

            MessagePartSpecification sigSpec = SignaturePart;
            MessagePartSpecification encSpec = EncryptionPart;

            // encryption key (possibly also used for signing)
            // FIXME: get correct SymmetricAlgorithm according to the algorithm suite
            if (secprop.EncryptionKey != null)
                actualKey.Key = secprop.EncryptionKey;

// FIXME: remove thid hack
            if (!ShouldOutputEncryptedKey)
                primaryToken = RequestContext.RequestMessage.Properties.Security.ProtectionToken.SecurityToken as WrappedKeySecurityToken;
                primaryToken =
                    // FIXME: remove this hack?
                    encToken is SecurityContextSecurityToken ? encToken :
                    new WrappedKeySecurityToken(messageId + "-" + identForMessageId++,
                                                // security.DefaultKeyWrapAlgorithm,
                                                Parameters.InternalHasAsymmetricKey ?
                                                suite.DefaultAsymmetricKeyWrapAlgorithm :
                                                encClause != null ? new SecurityKeyIdentifier(encClause) : null);

            // If it reuses request's encryption key, do not output.
            if (ShouldOutputEncryptedKey)

            actualToken = primaryToken;

            // FIXME: I doubt it is correct...
            WrappedKeySecurityToken requestEncKey = ShouldOutputEncryptedKey ? null : primaryToken as WrappedKeySecurityToken;

            actualClause = requestEncKey == null ? (SecurityKeyIdentifierClause)
                           new LocalIdKeyIdentifierClause(actualToken.Id, typeof(WrappedKeySecurityToken)) :
                           new InternalEncryptedKeyIdentifierClause(SHA1.Create().ComputeHash(requestEncKey.GetWrappedKey()));

            // generate derived key if needed
            if (CounterParameters.RequireDerivedKeys)
                RijndaelManaged deriv = new RijndaelManaged();
                deriv.KeySize = suite.DefaultEncryptionKeyDerivationLength;
                deriv.Mode    = CipherMode.CBC;
                deriv.Padding = PaddingMode.ISO10126;
                dkeyToken = new DerivedKeySecurityToken(
                    null,                     // algorithm
                    new InMemorySymmetricSecurityKey(actualKey.Key),
                    null,                     // name
                    null,                     // generation
                    null,                     // offset
                    null,                     // label
                actualToken   = dkeyToken;
                actualKey.Key = ((SymmetricSecurityKey)dkeyToken.SecurityKeys [0]).GetSymmetricKey();
                actualClause  = new LocalIdKeyIdentifierClause(dkeyToken.Id);

            ReferenceList refList = new ReferenceList();

            // When encrypted with DerivedKeyToken, put references
            // immediately after the derived token (not inside the
            // primary token).
            // Similarly, when we do not output EncryptedKey,
            // output ReferenceList in the same way.
            if (CounterParameters.RequireDerivedKeys ||
                ((WrappedKeySecurityToken)primaryToken).ReferenceList = refList;

            // [Signature Confirmation]
            if (security.RequireSignatureConfirmation && secprop.ConfirmedSignatures.Count > 0)
                foreach (string value in secprop.ConfirmedSignatures)
                    header.AddContent(new Wss11SignatureConfirmation(GenerateId(doc), value));

            SupportingTokenInfoCollection tokenInfos =
                Direction == MessageDirection.Input ?
                security.CollectSupportingTokens(GetAction()) :
                new SupportingTokenInfoCollection();                  // empty

            foreach (SupportingTokenInfo tinfo in tokenInfos)

            // populate DOM to sign.
            XPathNavigator nav = doc.CreateNavigator();

            using (XmlWriter w = nav.AppendChild()) {

            XmlElement body    = doc.SelectSingleNode("/s:Envelope/s:Body/*", nsmgr) as XmlElement;
            string     bodyId  = null;
            XmlElement secElem = null;
            Collection <WSSignedXml> endorsedSignatures =
                new Collection <WSSignedXml> ();
            bool signatureProtection = (protectionOrder == MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature);

            // Below are o:Security contents that are not signed...
            if (includeSigToken && signToken != null)

            switch (protectionOrder)
            case MessageProtectionOrder.EncryptBeforeSign:
                // FIXME: implement
                throw new NotImplementedException();

            case MessageProtectionOrder.SignBeforeEncrypt:
            case MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature:

                // sign
                // see clause 8 of WS-SecurityPolicy C.2.2
                WSSignedXml sxml = new WSSignedXml(doc);
                SecurityTokenReferenceKeyInfo sigKeyInfo;

                sig = sxml.Signature;
                sig.SignedInfo.CanonicalizationMethod =
                foreach (XmlElement elem in doc.SelectNodes("/s:Envelope/s:Header/o:Security/u:Timestamp", nsmgr))
                    CreateReference(sig, elem, elem.GetAttribute("Id", Constants.WsuNamespace));
                foreach (XmlElement elem in doc.SelectNodes("/s:Envelope/s:Header/o:Security/o11:SignatureConfirmation", nsmgr))
                    CreateReference(sig, elem, elem.GetAttribute("Id", Constants.WsuNamespace));
                foreach (SupportingTokenInfo tinfo in tokenInfos)
                    if (tinfo.Mode != SecurityTokenAttachmentMode.Endorsing)
                        XmlElement el = sxml.GetIdElement(doc, tinfo.Token.Id);
                        CreateReference(sig, el, el.GetAttribute("Id", Constants.WsuNamespace));
                XmlNodeList nodes = doc.SelectNodes("/s:Envelope/s:Header/*", nsmgr);
                for (int i = 0; i < msg.Headers.Count; i++)
                    MessageHeaderInfo h = msg.Headers [i];
                    if (h.Name == "Security" && h.Namespace == Constants.WssNamespace)
                        secElem = nodes [i] as XmlElement;
                    else if (sigSpec.HeaderTypes.Count == 0 ||
                             sigSpec.HeaderTypes.Contains(new XmlQualifiedName(h.Name, h.Namespace)))
                        string id = GenerateId(doc);
                        h.Id = id;
                        CreateReference(sig, nodes [i] as XmlElement, id);
                if (sigSpec.IsBodyIncluded)
                    bodyId = GenerateId(doc);
                    CreateReference(sig, body.ParentNode as XmlElement, bodyId);

                if (security.DefaultSignatureAlgorithm == SignedXml.XmlDsigHMACSHA1Url)
                    // FIXME: use appropriate hash algorithm
                    sxml.ComputeSignature(new HMACSHA1(actualKey.Key));
                    sigKeyInfo = new SecurityTokenReferenceKeyInfo(actualClause, serializer, doc);
                    SecurityKeyIdentifierClause signClause =
                        CounterParameters.CallCreateKeyIdentifierClause(signToken, includeSigToken ? CounterParameters.ReferenceStyle : SecurityTokenReferenceStyle.External);
                    AsymmetricSecurityKey signKey = (AsymmetricSecurityKey)signToken.ResolveKeyIdentifierClause(signClause);
                    sxml.SigningKey = signKey.GetAsymmetricAlgorithm(security.DefaultSignatureAlgorithm, true);
                    sigKeyInfo = new SecurityTokenReferenceKeyInfo(signClause, serializer, doc);

                sxml.KeyInfo = new KeyInfo();

                if (!signatureProtection)

                // endorse the signature with (signed)endorsing
                // supporting tokens.

                foreach (SupportingTokenInfo tinfo in tokenInfos)
                    switch (tinfo.Mode)
                    case SecurityTokenAttachmentMode.Endorsing:
                    case SecurityTokenAttachmentMode.SignedEndorsing:
                        if (sxml.Signature.Id == null)
                            sig.Id = GenerateId(doc);
                        WSSignedXml ssxml = new WSSignedXml(doc);
                        ssxml.Signature.SignedInfo.CanonicalizationMethod = suite.DefaultCanonicalizationAlgorithm;
                        CreateReference(ssxml.Signature, doc, sig.Id);
                        SecurityToken sst = tinfo.Token;
                        SecurityKey   ssk = sst.SecurityKeys [0];                                     // FIXME: could be different?
                        SecurityKeyIdentifierClause tclause = new LocalIdKeyIdentifierClause(sst.Id); // FIXME: could be different?
                        if (ssk is SymmetricSecurityKey)
                            SymmetricSecurityKey signKey = (SymmetricSecurityKey)ssk;
                            AsymmetricSecurityKey signKey = (AsymmetricSecurityKey)ssk;
                            ssxml.SigningKey = signKey.GetAsymmetricAlgorithm(suite.DefaultAsymmetricSignatureAlgorithm, true);
                        ssxml.KeyInfo.AddClause(new SecurityTokenReferenceKeyInfo(tclause, serializer, doc));
                        if (!signatureProtection)


                // encrypt

                WSEncryptedXml exml = new WSEncryptedXml(doc);

                EncryptedData edata = Encrypt(body, actualKey, actualToken.Id, refList, actualClause, exml, doc);
                EncryptedXml.ReplaceElement(body, edata, false);

                // encrypt signature
                if (signatureProtection)
                    XmlElement sigxml = sig.GetXml();
                    edata = Encrypt(sigxml, actualKey, actualToken.Id, refList, actualClause, exml, doc);

                    foreach (WSSignedXml ssxml in endorsedSignatures)
                        sigxml = ssxml.GetXml();
                        edata  = Encrypt(sigxml, actualKey, actualToken.Id, refList, actualClause, exml, doc);

                    if (security.RequireSignatureConfirmation)
                        Collection <Wss11SignatureConfirmation> confs = header.FindAll <Wss11SignatureConfirmation> ();
                        int count = 0;
                        foreach (XmlElement elem in doc.SelectNodes("/s:Envelope/s:Header/o:Security/o11:SignatureConfirmation", nsmgr))
                            edata = Encrypt(elem, actualKey, confs [count].Id, refList, actualClause, exml, doc);
                            EncryptedXml.ReplaceElement(elem, edata, false);
                            header.Contents.Insert(header.Contents.IndexOf(confs [count]), edata);
                            header.Contents.Remove(confs [count++]);

                // encrypt Encrypted supporting tokens
                foreach (SupportingTokenInfo tinfo in tokenInfos)
                    if (tinfo.Mode == SecurityTokenAttachmentMode.SignedEncrypted)
                        XmlElement el = exml.GetIdElement(doc, tinfo.Token.Id);
                        tinfo.Encrypted = Encrypt(el, actualKey, actualToken.Id, refList, actualClause, exml, doc);
                        EncryptedXml.ReplaceElement(el, tinfo.Encrypted, false);
                        header.Contents.Insert(header.Contents.IndexOf(tinfo.Token), tinfo.Encrypted);

            Message ret = Message.CreateMessage(msg.Version, msg.Headers.Action, new XmlNodeReader(doc.SelectSingleNode("/s:Envelope/s:Body/*", nsmgr) as XmlElement));

            ret.Properties.Security = (SecurityMessageProperty)secprop.CreateCopy();
            ret.Properties.Security.EncryptionKey = masterKey.Key;
            ret.BodyId = bodyId;

            // FIXME: can we support TransportToken here?
            if (element is AsymmetricSecurityBindingElement)
                ret.Properties.Security.InitiatorToken = new SecurityTokenSpecification(encToken, null);                  // FIXME: second argument
                ret.Properties.Security.InitiatorToken = new SecurityTokenSpecification(signToken, null);                 // FIXME: second argument
                ret.Properties.Security.ProtectionToken = new SecurityTokenSpecification(primaryToken, null);


            // Header contents are:
            //	- Timestamp
            //	- SignatureConfirmation if required
            //	- EncryptionToken if included
            //	- derived key token for EncryptionToken
            //	- ReferenceList for encrypted items
            //	- signed supporting tokens
            //	- signed endorsing supporting tokens
            //	(i.e. Signed/SignedEncrypted/SignedEndorsing)
            //	- Signature Token if different from enc token.
            //	- derived key token for sig token if different
            //	- Signature for:
            //		- Timestamp
            //		- supporting tokens (regardless of
            //		  its inclusion)
            //		- message parts in SignedParts
            //		- SignatureToken if TokenProtection
            //		  (regardless of its inclusion)
            //	- Signatures for the main signature (above),
            //	  for every endorsing token and signed
            //	  endorsing token.

//MessageBuffer zzz = ret.CreateBufferedCopy (100000);
//ret = zzz.CreateMessage ();
//Console.WriteLine (zzz.CreateMessage ());
コード例 #4
コード例 #5
        object ReadContent(XmlReader reader)
            if (reader.NodeType != XmlNodeType.Element)
                throw new XmlException(String.Format("Node type {0} is not expected as a WS-Security message header content.", reader.NodeType));
            switch (reader.NamespaceURI)
            case Constants.WsuNamespace:
                switch (reader.LocalName)
                case "Timestamp":

            //case Constants.WstNamespace:
            case Constants.Wss11Namespace:
                if (reader.LocalName == "SignatureConfirmation")
                    return(ReadSignatureConfirmation(reader, doc));

            case SignedXml.XmlDsigNamespaceUrl:
                switch (reader.LocalName)
                case "Signature":
                    WSSignedXml sxml = new WSSignedXml(doc);
                    UpdateSignatureKeyInfo(sxml.Signature, doc, serializer);

            case EncryptedXml.XmlEncNamespaceUrl:
                switch (reader.LocalName)
                case "EncryptedData":
                    XmlElement el = (XmlElement)doc.ReadNode(reader);

                case "ReferenceList":
                    ReferenceList rl = new ReferenceList();
                    for (reader.MoveToContent();
                         reader.NodeType != XmlNodeType.EndElement;
                        switch (reader.LocalName)
                        case "DataReference":
                            DataReference dref = new DataReference();

                        case "KeyReference":
                            KeyReference kref = new KeyReference();
                        throw new XmlException(String.Format("Unexpected {2} node '{0}' in namespace '{1}' in ReferenceList.", reader.Name, reader.NamespaceURI, reader.NodeType));
            // SecurityTokenReference will be handled here.
            // This order (Token->KeyIdentifierClause) is
            // important because WrappedKey could be read
            // in both context (but must be a token here).
            if (serializer.CanReadToken(reader))
                return(serializer.ReadToken(reader, resolver));
            else if (serializer.CanReadKeyIdentifierClause(reader))
                throw new XmlException(String.Format("Unexpected element '{0}' in namespace '{1}' as a WS-Security message header content.", reader.Name, reader.NamespaceURI));