public override bool Matches(SecurityKeyIdentifierClause keyIdentifierClause) { EncryptedKeyIdentifierClause e = keyIdentifierClause as EncryptedKeyIdentifierClause; return(e != null && Matches(e.GetRawBuffer(), e.EncryptionMethod, e.CarriedKeyName)); }
public override bool Matches(SecurityKeyIdentifierClause keyIdentifierClause) { EncryptedKeyIdentifierClause that = keyIdentifierClause as EncryptedKeyIdentifierClause; // PreSharp #pragma warning suppress 56506 return(ReferenceEquals(this, that) || (that != null && that.Matches(this.GetRawBuffer(), this.encryptionMethod, this.carriedKeyName))); }
public override bool Matches(SecurityKeyIdentifierClause keyIdentifierClause) { EncryptedKeyIdentifierClause that = keyIdentifierClause as EncryptedKeyIdentifierClause; // PreSharp Bug: Parameter 'that' to this public method must be validated: A null-dereference can occur here. #pragma warning suppress 56506 return(ReferenceEquals(this, that) || (that != null && that.Matches(this.GetRawBuffer(), this.encryptionMethod, this.carriedKeyName))); }
/// <summary> /// Creates a SAML Token with the input parameters /// </summary> /// <param name="stsName">Name of the STS issuing the SAML Token</param> /// <param name="proofToken">Associated Proof Token</param> /// <param name="issuerToken">Associated Issuer Token</param> /// <param name="proofKeyEncryptionToken">Token to encrypt the proof key with</param> /// <param name="samlConditions">The Saml Conditions to be used in the construction of the SAML Token</param> /// <param name="samlAttributes">The Saml Attributes to be used in the construction of the SAML Token</param> /// <returns>A SAML Token</returns> public static SamlSecurityToken CreateSamlToken(string stsName, BinarySecretSecurityToken proofToken, SecurityToken issuerToken, SecurityToken proofKeyEncryptionToken, SamlConditions samlConditions, IEnumerable<SamlAttribute> samlAttributes) { // Create a security token reference to the issuer certificate SecurityKeyIdentifierClause skic = issuerToken.CreateKeyIdentifierClause<X509ThumbprintKeyIdentifierClause>(); SecurityKeyIdentifier issuerKeyIdentifier = new SecurityKeyIdentifier(skic); // Create an encrypted key clause containing the encrypted proof key byte[] wrappedKey = proofKeyEncryptionToken.SecurityKeys[0].EncryptKey(SecurityAlgorithms.RsaOaepKeyWrap, proofToken.GetKeyBytes()); SecurityKeyIdentifierClause encryptingTokenClause = proofKeyEncryptionToken.CreateKeyIdentifierClause<X509ThumbprintKeyIdentifierClause>(); EncryptedKeyIdentifierClause encryptedKeyClause = new EncryptedKeyIdentifierClause(wrappedKey, SecurityAlgorithms.RsaOaepKeyWrap, new SecurityKeyIdentifier(encryptingTokenClause) ); SecurityKeyIdentifier proofKeyIdentifier = new SecurityKeyIdentifier(encryptedKeyClause); // Create a comfirmationMethod for HolderOfKey List<string> confirmationMethods = new List<string>(1); confirmationMethods.Add(SamlConstants.HolderOfKey); // Create a SamlSubject with proof key and confirmation method from above SamlSubject samlSubject = new SamlSubject(null, null, null, confirmationMethods, null, proofKeyIdentifier); // Create a SamlAttributeStatement from the passed in SamlAttribute collection and the SamlSubject from above SamlAttributeStatement samlAttributeStatement = new SamlAttributeStatement(samlSubject, samlAttributes); // Put the SamlAttributeStatement into a list of SamlStatements List<SamlStatement> samlSubjectStatements = new List<SamlStatement>(); samlSubjectStatements.Add(samlAttributeStatement); // Create a SigningCredentials instance from the key associated with the issuerToken. SigningCredentials signingCredentials = new SigningCredentials(issuerToken.SecurityKeys[0], SecurityAlgorithms.RsaSha1Signature, SecurityAlgorithms.Sha1Digest, issuerKeyIdentifier); // Create a SamlAssertion from the list of SamlStatements created above and the passed in // SamlConditions. SamlAssertion samlAssertion = new SamlAssertion("_" + Guid.NewGuid().ToString(), stsName, DateTime.UtcNow, samlConditions, new SamlAdvice(), samlSubjectStatements ); // Set the SigningCredentials for the SamlAssertion samlAssertion.SigningCredentials = signingCredentials; // Create a SamlSecurityToken from the SamlAssertion and return it return new SamlSecurityToken(samlAssertion); }
public void Constructors () { byte [] bytes = new byte [32]; // null identifier / null CarriedKeyName EncryptedKeyIdentifierClause ekic = new EncryptedKeyIdentifierClause (bytes, SecurityAlgorithms.Aes256Encryption, null, null); Assert.IsNull (ekic.EncryptingKeyIdentifier, "#1"); Assert.IsNull (ekic.CarriedKeyName, "#2"); // any EncryptionMethods are allowed here.. new EncryptedKeyIdentifierClause (new byte [32], "urn:foo"); }
/// <summary> /// Resolves the given SecurityKeyIdentifierClause to a SecurityKey. /// </summary> /// <param name="keyIdentifierClause">SecurityKeyIdentifierClause to resolve</param> /// <param name="key">The resolved SecurityKey.</param> /// <returns>True if successfully resolved.</returns> /// <exception cref="ArgumentNullException">The input argument 'keyIdentifierClause' is null.</exception> protected override bool TryResolveSecurityKeyCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityKey key) { if (keyIdentifierClause == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("keyIdentifierClause"); } key = null; EncryptedKeyIdentifierClause encryptedKeyIdentifierClause = keyIdentifierClause as EncryptedKeyIdentifierClause; if (encryptedKeyIdentifierClause != null) { SecurityKeyIdentifier keyIdentifier = encryptedKeyIdentifierClause.EncryptingKeyIdentifier; if (keyIdentifier != null && keyIdentifier.Count > 0) { for (int i = 0; i < keyIdentifier.Count; i++) { SecurityKey unwrappingSecurityKey = null; if (TryResolveSecurityKey(keyIdentifier[i], out unwrappingSecurityKey)) { byte[] wrappedKey = encryptedKeyIdentifierClause.GetEncryptedKey(); string wrappingAlgorithm = encryptedKeyIdentifierClause.EncryptionMethod; byte[] unwrappedKey = unwrappingSecurityKey.DecryptKey(wrappingAlgorithm, wrappedKey); key = new InMemorySymmetricSecurityKey(unwrappedKey, false); return(true); } } } } else { SecurityToken token = null; if (TryResolveToken(keyIdentifierClause, out token)) { if (token.SecurityKeys.Count > 0) { key = token.SecurityKeys[0]; return(true); } } } return(false); }
public override void WriteKeyIdentifierClauseCore(XmlDictionaryWriter writer, SecurityKeyIdentifierClause keyIdentifierClause) { EncryptedKeyIdentifierClause encryptedKeyClause = keyIdentifierClause as EncryptedKeyIdentifierClause; writer.WriteStartElement(XD.XmlEncryptionDictionary.Prefix.Value, XD.XmlEncryptionDictionary.EncryptedKey, NamespaceUri); if (encryptedKeyClause.EncryptionMethod != null) { writer.WriteStartElement(XD.XmlEncryptionDictionary.Prefix.Value, XD.XmlEncryptionDictionary.EncryptionMethod, NamespaceUri); writer.WriteAttributeString(XD.XmlEncryptionDictionary.AlgorithmAttribute, null, encryptedKeyClause.EncryptionMethod); if (encryptedKeyClause.EncryptionMethod == XD.SecurityAlgorithmDictionary.RsaOaepKeyWrap.Value) { writer.WriteStartElement(XmlSignatureStrings.Prefix, XD.XmlSignatureDictionary.DigestMethod, XD.XmlSignatureDictionary.Namespace); writer.WriteAttributeString(XD.XmlSignatureDictionary.Algorithm, null, SecurityAlgorithms.Sha1Digest); writer.WriteEndElement(); } writer.WriteEndElement(); } if (encryptedKeyClause.EncryptingKeyIdentifier != null) { this.securityTokenSerializer.WriteKeyIdentifier(writer, encryptedKeyClause.EncryptingKeyIdentifier); } writer.WriteStartElement(XD.XmlEncryptionDictionary.Prefix.Value, XD.XmlEncryptionDictionary.CipherData, NamespaceUri); writer.WriteStartElement(XD.XmlEncryptionDictionary.Prefix.Value, XD.XmlEncryptionDictionary.CipherValue, NamespaceUri); byte[] encryptedKey = encryptedKeyClause.GetEncryptedKey(); writer.WriteBase64(encryptedKey, 0, encryptedKey.Length); writer.WriteEndElement(); writer.WriteEndElement(); if (encryptedKeyClause.CarriedKeyName != null) { writer.WriteElementString(XD.XmlEncryptionDictionary.Prefix.Value, XD.XmlEncryptionDictionary.CarriedKeyName, NamespaceUri, encryptedKeyClause.CarriedKeyName); } writer.WriteEndElement(); }
public override bool Matches(SecurityKeyIdentifierClause keyIdentifierClause) { EncryptedKeyIdentifierClause objB = keyIdentifierClause as EncryptedKeyIdentifierClause; return(object.ReferenceEquals(this, objB) || ((objB != null) && objB.Matches(base.GetRawBuffer(), this.encryptionMethod, this.carriedKeyName))); }
void WriteEncryptedKeyIdentifierClause ( XmlWriter w, EncryptedKeyIdentifierClause ic) { w.WriteStartElement ("e", "EncryptedKey", EncryptedXml.XmlEncNamespaceUrl); w.WriteStartElement ("EncryptionMethod", EncryptedXml.XmlEncNamespaceUrl); w.WriteAttributeString ("Algorithm", ic.EncryptionMethod); w.WriteEndElement (); if (ic.EncryptingKeyIdentifier != null) { w.WriteStartElement ("KeyInfo", SignedXml.XmlDsigNamespaceUrl); foreach (SecurityKeyIdentifierClause ckic in ic.EncryptingKeyIdentifier) WriteKeyIdentifierClause (w, ckic); w.WriteEndElement (); } w.WriteStartElement ("CipherData", EncryptedXml.XmlEncNamespaceUrl); w.WriteStartElement ("CipherValue", EncryptedXml.XmlEncNamespaceUrl); w.WriteString (Convert.ToBase64String (ic.GetEncryptedKey ())); w.WriteEndElement (); w.WriteEndElement (); if (ic.CarriedKeyName != null) w.WriteElementString ("CarriedKeyName", EncryptedXml.XmlEncNamespaceUrl, ic.CarriedKeyName); w.WriteEndElement (); }
public static void WriteProtectedKey(XmlWriter writer, ProtectedKey protectedKey, WSTrustSerializationContext context, WSTrustConstantsAdapter trustConstants) { if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (protectedKey == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("protectedKey"); } if (trustConstants == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("trustConstants"); } if (protectedKey.WrappingCredentials != null) { byte[] encryptedKey = protectedKey.WrappingCredentials.SecurityKey.EncryptKey(protectedKey.WrappingCredentials.Algorithm, protectedKey.GetKeyBytes()); EncryptedKeyIdentifierClause clause = new EncryptedKeyIdentifierClause(encryptedKey, protectedKey.WrappingCredentials.Algorithm, protectedKey.WrappingCredentials.SecurityKeyIdentifier); context.SecurityTokenHandlers.WriteKeyIdentifierClause(writer, clause); } else { BinarySecretSecurityToken entropyToken = new BinarySecretSecurityToken(protectedKey.GetKeyBytes()); WriteBinarySecretSecurityToken(writer, entropyToken, trustConstants); } }
public override bool Matches(SecurityKeyIdentifierClause keyIdentifierClause) { EncryptedKeyIdentifierClause that = keyIdentifierClause as EncryptedKeyIdentifierClause; return(ReferenceEquals(this, that) || (that != null && that.Matches(GetRawBuffer(), _encryptionMethod, CarriedKeyName))); }
public void WriteEncryptedKeyIdentifierClause4 () { StringWriter sw = new StringWriter (); byte [] bytes = new byte [32]; SecurityKeyIdentifier cki = new SecurityKeyIdentifier (); cki.Add (new BinarySecretKeyIdentifierClause (bytes)); EncryptedKeyIdentifierClause ic = new EncryptedKeyIdentifierClause (bytes, SecurityAlgorithms.Aes256Encryption); using (XmlWriter w = XmlWriter.Create (sw, GetWriterSettings ())) { WSSecurityTokenSerializer.DefaultInstance.WriteKeyIdentifierClause (w, ic); } string expected = String.Format ("<e:EncryptedKey xmlns:e=\"{0}\"><e:EncryptionMethod Algorithm=\"{1}\" /><e:CipherData><e:CipherValue>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=</e:CipherValue></e:CipherData></e:EncryptedKey>", EncryptedXml.XmlEncNamespaceUrl, SecurityAlgorithms.Aes256Encryption, SignedXml.XmlDsigNamespaceUrl, "http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1"); Assert.AreEqual (expected, sw.ToString ()); }
public void WriteEncryptedKeyIdentifierClause2 () // derived key { StringWriter sw = new StringWriter (); byte [] bytes = new byte [32]; SecurityKeyIdentifier cki = new SecurityKeyIdentifier (); cki.Add (new X509ThumbprintKeyIdentifierClause (cert)); EncryptedKeyIdentifierClause ic = new EncryptedKeyIdentifierClause (bytes, SecurityAlgorithms.Aes256KeyWrap, cki, "carriedKeyNaaaaame", new byte [32], 32); using (XmlWriter w = XmlWriter.Create (sw, GetWriterSettings ())) { WSSecurityTokenSerializer.DefaultInstance.WriteKeyIdentifierClause (w, ic); } string expected = String.Format ("<e:EncryptedKey xmlns:e=\"{0}\"><e:EncryptionMethod Algorithm=\"{1}\" /><KeyInfo xmlns=\"{2}\"><o:SecurityTokenReference xmlns:o=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"><o:KeyIdentifier ValueType=\"{3}\">GQ3YHlGQhDF1bvMixHliX4uLjlY=</o:KeyIdentifier></o:SecurityTokenReference></KeyInfo><e:CipherData><e:CipherValue>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=</e:CipherValue></e:CipherData><e:CarriedKeyName>carriedKeyNaaaaame</e:CarriedKeyName></e:EncryptedKey>", EncryptedXml.XmlEncNamespaceUrl, SecurityAlgorithms.Aes256KeyWrap, SignedXml.XmlDsigNamespaceUrl, "http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1"); Assert.AreEqual (expected, sw.ToString ()); }