private void StartSignature()
{
if (this.elementContainer.SourceSigningToken == null)
{
return;
}
// determine the key identifier clause to use for the source
SecurityTokenReferenceStyle sourceSigningKeyReferenceStyle = GetTokenReferenceStyle(this.signingTokenParameters);
SecurityKeyIdentifierClause sourceSigningKeyIdentifierClause = this.signingTokenParameters.CreateKeyIdentifierClause(this.elementContainer.SourceSigningToken, sourceSigningKeyReferenceStyle);
if (sourceSigningKeyIdentifierClause == null)
{
throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.TokenManagerCannotCreateTokenReference), this.Message);
}
SecurityToken signingToken;
SecurityKeyIdentifierClause signingKeyIdentifierClause;
// determine if a token needs to be derived
if (this.signingTokenParameters.RequireDerivedKeys && !this.signingTokenParameters.HasAsymmetricKey)
{
string derivationAlgorithm = this.AlgorithmSuite.GetSignatureKeyDerivationAlgorithm(this.elementContainer.SourceSigningToken, this.StandardsManager.MessageSecurityVersion.SecureConversationVersion);
string expectedDerivationAlgorithm = SecurityUtils.GetKeyDerivationAlgorithm(this.StandardsManager.MessageSecurityVersion.SecureConversationVersion);
if (derivationAlgorithm == expectedDerivationAlgorithm)
{
DerivedKeySecurityToken derivedSigningToken = new DerivedKeySecurityToken(-1, 0, this.AlgorithmSuite.GetSignatureKeyDerivationLength(this.elementContainer.SourceSigningToken, this.StandardsManager.MessageSecurityVersion.SecureConversationVersion), null, DerivedKeySecurityToken.DefaultNonceLength, this.elementContainer.SourceSigningToken,
sourceSigningKeyIdentifierClause, derivationAlgorithm, GenerateId());
signingToken = this.elementContainer.DerivedSigningToken = derivedSigningToken;
signingKeyIdentifierClause = new LocalIdKeyIdentifierClause(signingToken.Id, signingToken.GetType());
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.Format(SR.UnsupportedCryptoAlgorithm, derivationAlgorithm)));
}
}
else
{
signingToken = elementContainer.SourceSigningToken;
signingKeyIdentifierClause = sourceSigningKeyIdentifierClause;
}
SecurityKeyIdentifier signingKeyIdentifier = new SecurityKeyIdentifier(signingKeyIdentifierClause);
if (signatureConfirmationsToSend != null && signatureConfirmationsToSend.Count > 0)
{
ISecurityElement[] signatureConfirmationElements;
signatureConfirmationElements = CreateSignatureConfirmationElements(signatureConfirmationsToSend);
for (int i = 0; i < signatureConfirmationElements.Length; ++i)
{
SendSecurityHeaderElement sigConfElement = new SendSecurityHeaderElement(signatureConfirmationElements[i].Id, signatureConfirmationElements[i]);
sigConfElement.MarkedForEncryption = signatureConfirmationsToSend.IsMarkedForEncryption;
this.elementContainer.AddSignatureConfirmation(sigConfElement);
}
}
bool generateTargettablePrimarySignature = ((this.endorsingTokenParameters != null) || (this.signedEndorsingTokenParameters != null));
this.StartPrimarySignatureCore(signingToken, signingKeyIdentifier, this.signatureParts, generateTargettablePrimarySignature);
}
public void AddBasicSupportingToken(SecurityToken token, SecurityTokenParameters parameters)
{
if (token == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(token));
}
if (parameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(parameters));
}
ThrowIfProcessingStarted();
SendSecurityHeaderElement tokenElement = new SendSecurityHeaderElement(token.Id, new TokenElement(token, StandardsManager))
{
MarkedForEncryption = true
};
ElementContainer.AddBasicSupportingToken(tokenElement);
HasEncryptedTokens = true;
HasSignedTokens = true;
AddParameters(ref _basicSupportingTokenParameters, parameters);
if (_basicTokens == null)
{
_basicTokens = new List <SecurityToken>();
}
// We maintain a list of the basic tokens for the SignThenEncrypt case as we will
// need this token to write STR entry on OnWriteHeaderContents.
_basicTokens.Add(token);
}
protected override ISecurityElement CompleteEncryptionCore(SendSecurityHeaderElement primarySignature, SendSecurityHeaderElement[] basicTokens, SendSecurityHeaderElement[] signatureConfirmations, SendSecurityHeaderElement[] endorsingSignatures)
{
if (this.referenceList == null)
{
return(null);
}
throw new NotImplementedException();
}
private void SignWithSupportingToken(SecurityToken token, SecurityKeyIdentifierClause identifierClause)
{
if (token == null)
{
throw TraceUtility.ThrowHelperArgumentNull(nameof(token), Message);
}
if (identifierClause == null)
{
throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.TokenManagerCannotCreateTokenReference), Message);
}
if (!RequireMessageProtection)
{
if (ElementContainer.Timestamp == null)
{
throw TraceUtility.ThrowHelperError(new InvalidOperationException(
SR.SigningWithoutPrimarySignatureRequiresTimestamp), Message);
}
}
else
{
if (!_primarySignatureDone)
{
throw TraceUtility.ThrowHelperError(new InvalidOperationException(
SR.PrimarySignatureMustBeComputedBeforeSupportingTokenSignatures), Message);
}
if (ElementContainer.PrimarySignature.Item == null)
{
throw TraceUtility.ThrowHelperError(new InvalidOperationException(
SR.Format(SR.SupportingTokenSignaturesNotExpected)), Message);
}
}
SecurityKeyIdentifier identifier = new SecurityKeyIdentifier(identifierClause);
ISignatureValueSecurityElement supportingSignature;
if (!RequireMessageProtection)
{
supportingSignature = CreateSupportingSignature(token, identifier);
}
else
{
supportingSignature = CreateSupportingSignature(token, identifier, ElementContainer.PrimarySignature.Item);
}
AddGeneratedSignatureValue(supportingSignature.GetSignatureValue(), _encryptSignature);
SendSecurityHeaderElement supportingSignatureElement = new SendSecurityHeaderElement(supportingSignature.Id, supportingSignature)
{
MarkedForEncryption = _encryptSignature
};
ElementContainer.AddEndorsingSignature(supportingSignatureElement);
}
protected abstract ISecurityElement CompleteEncryptionCore(SendSecurityHeaderElement primarySignature,
SendSecurityHeaderElement[] basicTokens, SendSecurityHeaderElement[] signatureConfirmations, SendSecurityHeaderElement[] endorsingSignatures);
public void AddEndorsingSignature(SendSecurityHeaderElement signature) => Add <SendSecurityHeaderElement>(ref _endorsingSignatures, signature);
public void AddSignatureConfirmation(SendSecurityHeaderElement confirmation) => Add <SendSecurityHeaderElement>(ref _signatureConfirmations, confirmation);
public void AddBasicSupportingToken(SendSecurityHeaderElement tokenElement) => Add <SendSecurityHeaderElement>(ref _basicSupportingTokens, tokenElement);
protected override ISecurityElement CompleteEncryptionCore(SendSecurityHeaderElement primarySignature, SendSecurityHeaderElement[] basicTokens, SendSecurityHeaderElement[] signatureConfirmations, SendSecurityHeaderElement[] endorsingSignatures)
{
return(null);
}