// Given a token and useStarTransform value this method adds apporopriate reference accordingly. // 1. If strTransform is disabled, it adds a reference to the token's id. // 2. Else if strtransform is enabled it adds a reference the security token's keyIdentifier's id. void AddTokenSignatureReference(SecurityToken token, SecurityKeyIdentifierClause keyIdentifierClause, bool strTransformEnabled) { if (!strTransformEnabled && token.Id == null) { throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.ElementToSignMustHaveId)), this.Message); } HashStream hashStream = TakeHashStream(); XmlDictionaryWriter utf8Writer = TakeUtf8Writer(); utf8Writer.StartCanonicalization(hashStream, false, null); this.StandardsManager.SecurityTokenSerializer.WriteToken(utf8Writer, token); utf8Writer.EndCanonicalization(); if (strTransformEnabled) { if (keyIdentifierClause != null) { if (String.IsNullOrEmpty(keyIdentifierClause.Id)) { keyIdentifierClause.Id = SecurityUniqueId.Create().Value; } this.ElementContainer.MapSecurityTokenToStrClause(token, keyIdentifierClause); this.signedInfo.AddReference(keyIdentifierClause.Id, hashStream.FlushHashAndGetValue(), true); } else { throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.TokenManagerCannotCreateTokenReference)), this.Message); } } else { this.signedInfo.AddReference(token.Id, hashStream.FlushHashAndGetValue()); } }
void AddSignatureReference(SendSecurityHeaderElement[] elements) { if (elements != null) { for (int i = 0; i < elements.Length; ++i) { SecurityKeyIdentifierClause keyIdentifierClause = null; TokenElement signedEncryptedTokenElement = elements[i].Item as TokenElement; // signedEncryptedTokenElement can either be a TokenElement ( in SignThenEncrypt case) or EncryptedData ( in !SignThenEncryptCase) // STR-Transform does not make sense in !SignThenEncrypt case . // note: signedEncryptedTokenElement can also be SignatureConfirmation but we do not care about it here. bool useStrTransform = signedEncryptedTokenElement != null && SignThenEncrypt && this.ShouldUseStrTransformForToken(signedEncryptedTokenElement.Token, i, SecurityTokenAttachmentMode.SignedEncrypted, out keyIdentifierClause); if (!useStrTransform && elements[i].Id == null) { throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.ElementToSignMustHaveId)), this.Message); } HashStream hashStream = TakeHashStream(); XmlDictionaryWriter utf8Writer = TakeUtf8Writer(); utf8Writer.StartCanonicalization(hashStream, false, null); elements[i].Item.WriteTo(utf8Writer, ServiceModelDictionaryManager.Instance); utf8Writer.EndCanonicalization(); if (useStrTransform) { if (keyIdentifierClause != null) { if (String.IsNullOrEmpty(keyIdentifierClause.Id)) { keyIdentifierClause.Id = SecurityUniqueId.Create().Value; } this.ElementContainer.MapSecurityTokenToStrClause(signedEncryptedTokenElement.Token, keyIdentifierClause); this.signedInfo.AddReference(keyIdentifierClause.Id, hashStream.FlushHashAndGetValue(), true); } else { throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.TokenManagerCannotCreateTokenReference)), this.Message); } } else { this.signedInfo.AddReference(elements[i].Id, hashStream.FlushHashAndGetValue()); } } } }
public override SecurityToken ReadTokenCore(XmlDictionaryReader reader, SecurityTokenResolver tokenResolver) { string id; string userName; string password; ParseToken(reader, out id, out userName, out password); if (id == null) { id = SecurityUniqueId.Create().Value; } return(new UserNameSecurityToken(userName, password, id)); }
public NonceToken(int keySizeInBits) : base(SecurityUniqueId.Create().Value, keySizeInBits, false) { }
public NonceToken(byte[] key) : this(SecurityUniqueId.Create().Value, key) { }
internal static string GenerateId() { return(SecurityUniqueId.Create().Value); }
public void ReadFrom(XmlDictionaryReader reader, long maxBufferSize) { this.ValidateReadState(); reader.MoveToStartElement(this.OpeningElementName, EncryptedType.NamespaceUri); this.encoding = reader.GetAttribute(EncryptedType.EncodingAttribute, (XmlDictionaryString)null); this.id = reader.GetAttribute(System.IdentityModel.XD.XmlEncryptionDictionary.Id, (XmlDictionaryString)null) ?? SecurityUniqueId.Create().Value; this.wsuId = reader.GetAttribute(System.IdentityModel.XD.XmlEncryptionDictionary.Id, System.IdentityModel.XD.UtilityDictionary.Namespace) ?? SecurityUniqueId.Create().Value; this.mimeType = reader.GetAttribute(EncryptedType.MimeTypeAttribute, (XmlDictionaryString)null); this.type = reader.GetAttribute(EncryptedType.TypeAttribute, (XmlDictionaryString)null); this.ReadAdditionalAttributes(reader); reader.Read(); if (reader.IsStartElement(EncryptedType.EncryptionMethodElement.ElementName, EncryptedType.NamespaceUri)) { this.encryptionMethod.ReadFrom(reader); } if (this.tokenSerializer.CanReadKeyIdentifier((XmlReader)reader)) { XmlElement xmlElement = (XmlElement)null; XmlDictionaryReader dictionaryReader; if (this.ShouldReadXmlReferenceKeyInfoClause) { xmlElement = new XmlDocument().ReadNode((XmlReader)reader) as XmlElement; dictionaryReader = XmlDictionaryReader.CreateDictionaryReader((XmlReader) new XmlNodeReader((XmlNode)xmlElement)); } else { dictionaryReader = reader; } try { this.KeyIdentifier = this.tokenSerializer.ReadKeyIdentifier((XmlReader)dictionaryReader); } catch (Exception ex) { if (Fx.IsFatal(ex) || !this.ShouldReadXmlReferenceKeyInfoClause) { throw; } else { this.keyIdentifier = this.ReadGenericXmlSecurityKeyIdentifier(XmlDictionaryReader.CreateDictionaryReader((XmlReader) new XmlNodeReader((XmlNode)xmlElement)), ex); } } } reader.ReadStartElement(EncryptedType.CipherDataElementName, EncryptedType.NamespaceUri); reader.ReadStartElement(EncryptedType.CipherValueElementName, EncryptedType.NamespaceUri); if (maxBufferSize == 0L) { this.ReadCipherData(reader); } else { this.ReadCipherData(reader, maxBufferSize); } reader.ReadEndElement(); reader.ReadEndElement(); this.ReadAdditionalElements(reader); reader.ReadEndElement(); this.State = EncryptedType.EncryptionState.Read; }
public static SecurityUniqueId Create() { return(SecurityUniqueId.Create(s_commonPrefix)); }
public void ReadFrom(XmlDictionaryReader reader, long maxBufferSize) { ValidateReadState(); reader.MoveToStartElement(OpeningElementName, NamespaceUri); _encoding = reader.GetAttribute(EncodingAttribute, null); _id = reader.GetAttribute(XD.XmlEncryptionDictionary.Id, null) ?? SecurityUniqueId.Create().Value; _wsuId = reader.GetAttribute(XD.XmlEncryptionDictionary.Id, XD.UtilityDictionary.Namespace) ?? SecurityUniqueId.Create().Value; _mimeType = reader.GetAttribute(MimeTypeAttribute, null); _type = reader.GetAttribute(TypeAttribute, null); ReadAdditionalAttributes(reader); reader.Read(); if (reader.IsStartElement(EncryptionMethodElement.ElementName, NamespaceUri)) { _encryptionMethod.ReadFrom(reader); } if (_tokenSerializer.CanReadKeyIdentifier(reader)) { XmlElement xml = null; XmlDictionaryReader localReader; if (this.ShouldReadXmlReferenceKeyInfoClause) { // We create the dom only when needed to not affect perf. XmlDocument doc = new XmlDocument(); xml = (doc.ReadNode(reader) as XmlElement); localReader = XmlDictionaryReader.CreateDictionaryReader(new XmlNodeReader(xml)); } else { localReader = reader; } try { this.KeyIdentifier = _tokenSerializer.ReadKeyIdentifier(localReader); } catch (Exception e) { // In case when the issued token ( custom token) is used as an initiator token; we will fail // to read the keyIdentifierClause using the plugged in default serializer. So We need to try to read it as an XmlReferencekeyIdentifierClause // if it is the client side. if (Fx.IsFatal(e) || !this.ShouldReadXmlReferenceKeyInfoClause) { throw; } _keyIdentifier = ReadGenericXmlSecurityKeyIdentifier(XmlDictionaryReader.CreateDictionaryReader(new XmlNodeReader(xml)), e); } } reader.ReadStartElement(CipherDataElementName, EncryptedType.NamespaceUri); reader.ReadStartElement(CipherValueElementName, EncryptedType.NamespaceUri); if (maxBufferSize == 0) { ReadCipherData(reader); } else { ReadCipherData(reader, maxBufferSize); } reader.ReadEndElement(); // CipherValue reader.ReadEndElement(); // CipherData ReadAdditionalElements(reader); reader.ReadEndElement(); // OpeningElementName this.State = EncryptionState.Read; }