// Given a token and useStarTransform value this method adds apporopriate reference accordingly.
// 1. If strTransform is disabled, it adds a reference to the token's id.
// 2. Else if strtransform is enabled it adds a reference the security token's keyIdentifier's id.
void AddTokenSignatureReference(SecurityToken token, SecurityKeyIdentifierClause keyIdentifierClause, bool strTransformEnabled)
{
if (!strTransformEnabled && token.Id == null)
{
throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.ElementToSignMustHaveId)), this.Message);
}
HashStream hashStream = TakeHashStream();
XmlDictionaryWriter utf8Writer = TakeUtf8Writer();
utf8Writer.StartCanonicalization(hashStream, false, null);
this.StandardsManager.SecurityTokenSerializer.WriteToken(utf8Writer, token);
utf8Writer.EndCanonicalization();
if (strTransformEnabled)
{
if (keyIdentifierClause != null)
{
if (String.IsNullOrEmpty(keyIdentifierClause.Id))
{
keyIdentifierClause.Id = SecurityUniqueId.Create().Value;
}
this.ElementContainer.MapSecurityTokenToStrClause(token, keyIdentifierClause);
this.signedInfo.AddReference(keyIdentifierClause.Id, hashStream.FlushHashAndGetValue(), true);
}
else
{
throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.TokenManagerCannotCreateTokenReference)), this.Message);
}
}
else
{
this.signedInfo.AddReference(token.Id, hashStream.FlushHashAndGetValue());
}
}
void AddSignatureReference(SendSecurityHeaderElement[] elements)
{
if (elements != null)
{
for (int i = 0; i < elements.Length; ++i)
{
SecurityKeyIdentifierClause keyIdentifierClause = null;
TokenElement signedEncryptedTokenElement = elements[i].Item as TokenElement;
// signedEncryptedTokenElement can either be a TokenElement ( in SignThenEncrypt case) or EncryptedData ( in !SignThenEncryptCase)
// STR-Transform does not make sense in !SignThenEncrypt case .
// note: signedEncryptedTokenElement can also be SignatureConfirmation but we do not care about it here.
bool useStrTransform = signedEncryptedTokenElement != null &&
SignThenEncrypt &&
this.ShouldUseStrTransformForToken(signedEncryptedTokenElement.Token,
i,
SecurityTokenAttachmentMode.SignedEncrypted,
out keyIdentifierClause);
if (!useStrTransform && elements[i].Id == null)
{
throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.ElementToSignMustHaveId)), this.Message);
}
HashStream hashStream = TakeHashStream();
XmlDictionaryWriter utf8Writer = TakeUtf8Writer();
utf8Writer.StartCanonicalization(hashStream, false, null);
elements[i].Item.WriteTo(utf8Writer, ServiceModelDictionaryManager.Instance);
utf8Writer.EndCanonicalization();
if (useStrTransform)
{
if (keyIdentifierClause != null)
{
if (String.IsNullOrEmpty(keyIdentifierClause.Id))
{
keyIdentifierClause.Id = SecurityUniqueId.Create().Value;
}
this.ElementContainer.MapSecurityTokenToStrClause(signedEncryptedTokenElement.Token, keyIdentifierClause);
this.signedInfo.AddReference(keyIdentifierClause.Id, hashStream.FlushHashAndGetValue(), true);
}
else
{
throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.TokenManagerCannotCreateTokenReference)), this.Message);
}
}
else
{
this.signedInfo.AddReference(elements[i].Id, hashStream.FlushHashAndGetValue());
}
}
}
}
public override SecurityToken ReadTokenCore(XmlDictionaryReader reader, SecurityTokenResolver tokenResolver)
{
string id;
string userName;
string password;
ParseToken(reader, out id, out userName, out password);
if (id == null)
{
id = SecurityUniqueId.Create().Value;
}
return(new UserNameSecurityToken(userName, password, id));
}
public NonceToken(int keySizeInBits)
: base(SecurityUniqueId.Create().Value, keySizeInBits, false)
{
}
public NonceToken(byte[] key)
: this(SecurityUniqueId.Create().Value, key)
{
}
internal static string GenerateId()
{
return(SecurityUniqueId.Create().Value);
}
public void ReadFrom(XmlDictionaryReader reader, long maxBufferSize)
{
this.ValidateReadState();
reader.MoveToStartElement(this.OpeningElementName, EncryptedType.NamespaceUri);
this.encoding = reader.GetAttribute(EncryptedType.EncodingAttribute, (XmlDictionaryString)null);
this.id = reader.GetAttribute(System.IdentityModel.XD.XmlEncryptionDictionary.Id, (XmlDictionaryString)null) ?? SecurityUniqueId.Create().Value;
this.wsuId = reader.GetAttribute(System.IdentityModel.XD.XmlEncryptionDictionary.Id, System.IdentityModel.XD.UtilityDictionary.Namespace) ?? SecurityUniqueId.Create().Value;
this.mimeType = reader.GetAttribute(EncryptedType.MimeTypeAttribute, (XmlDictionaryString)null);
this.type = reader.GetAttribute(EncryptedType.TypeAttribute, (XmlDictionaryString)null);
this.ReadAdditionalAttributes(reader);
reader.Read();
if (reader.IsStartElement(EncryptedType.EncryptionMethodElement.ElementName, EncryptedType.NamespaceUri))
{
this.encryptionMethod.ReadFrom(reader);
}
if (this.tokenSerializer.CanReadKeyIdentifier((XmlReader)reader))
{
XmlElement xmlElement = (XmlElement)null;
XmlDictionaryReader dictionaryReader;
if (this.ShouldReadXmlReferenceKeyInfoClause)
{
xmlElement = new XmlDocument().ReadNode((XmlReader)reader) as XmlElement;
dictionaryReader = XmlDictionaryReader.CreateDictionaryReader((XmlReader) new XmlNodeReader((XmlNode)xmlElement));
}
else
{
dictionaryReader = reader;
}
try
{
this.KeyIdentifier = this.tokenSerializer.ReadKeyIdentifier((XmlReader)dictionaryReader);
}
catch (Exception ex)
{
if (Fx.IsFatal(ex) || !this.ShouldReadXmlReferenceKeyInfoClause)
{
throw;
}
else
{
this.keyIdentifier = this.ReadGenericXmlSecurityKeyIdentifier(XmlDictionaryReader.CreateDictionaryReader((XmlReader) new XmlNodeReader((XmlNode)xmlElement)), ex);
}
}
}
reader.ReadStartElement(EncryptedType.CipherDataElementName, EncryptedType.NamespaceUri);
reader.ReadStartElement(EncryptedType.CipherValueElementName, EncryptedType.NamespaceUri);
if (maxBufferSize == 0L)
{
this.ReadCipherData(reader);
}
else
{
this.ReadCipherData(reader, maxBufferSize);
}
reader.ReadEndElement();
reader.ReadEndElement();
this.ReadAdditionalElements(reader);
reader.ReadEndElement();
this.State = EncryptedType.EncryptionState.Read;
}
public static SecurityUniqueId Create()
{
return(SecurityUniqueId.Create(s_commonPrefix));
}
public void ReadFrom(XmlDictionaryReader reader, long maxBufferSize)
{
ValidateReadState();
reader.MoveToStartElement(OpeningElementName, NamespaceUri);
_encoding = reader.GetAttribute(EncodingAttribute, null);
_id = reader.GetAttribute(XD.XmlEncryptionDictionary.Id, null) ?? SecurityUniqueId.Create().Value;
_wsuId = reader.GetAttribute(XD.XmlEncryptionDictionary.Id, XD.UtilityDictionary.Namespace) ?? SecurityUniqueId.Create().Value;
_mimeType = reader.GetAttribute(MimeTypeAttribute, null);
_type = reader.GetAttribute(TypeAttribute, null);
ReadAdditionalAttributes(reader);
reader.Read();
if (reader.IsStartElement(EncryptionMethodElement.ElementName, NamespaceUri))
{
_encryptionMethod.ReadFrom(reader);
}
if (_tokenSerializer.CanReadKeyIdentifier(reader))
{
XmlElement xml = null;
XmlDictionaryReader localReader;
if (this.ShouldReadXmlReferenceKeyInfoClause)
{
// We create the dom only when needed to not affect perf.
XmlDocument doc = new XmlDocument();
xml = (doc.ReadNode(reader) as XmlElement);
localReader = XmlDictionaryReader.CreateDictionaryReader(new XmlNodeReader(xml));
}
else
{
localReader = reader;
}
try
{
this.KeyIdentifier = _tokenSerializer.ReadKeyIdentifier(localReader);
}
catch (Exception e)
{
// In case when the issued token ( custom token) is used as an initiator token; we will fail
// to read the keyIdentifierClause using the plugged in default serializer. So We need to try to read it as an XmlReferencekeyIdentifierClause
// if it is the client side.
if (Fx.IsFatal(e) || !this.ShouldReadXmlReferenceKeyInfoClause)
{
throw;
}
_keyIdentifier = ReadGenericXmlSecurityKeyIdentifier(XmlDictionaryReader.CreateDictionaryReader(new XmlNodeReader(xml)), e);
}
}
reader.ReadStartElement(CipherDataElementName, EncryptedType.NamespaceUri);
reader.ReadStartElement(CipherValueElementName, EncryptedType.NamespaceUri);
if (maxBufferSize == 0)
{
ReadCipherData(reader);
}
else
{
ReadCipherData(reader, maxBufferSize);
}
reader.ReadEndElement(); // CipherValue
reader.ReadEndElement(); // CipherData
ReadAdditionalElements(reader);
reader.ReadEndElement(); // OpeningElementName
this.State = EncryptionState.Read;
}
