private void SignWithSupportingToken(SecurityToken token, SecurityKeyIdentifierClause identifierClause)
{
if (token == null)
{
throw TraceUtility.ThrowHelperArgumentNull(nameof(token), Message);
}
if (identifierClause == null)
{
throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.TokenManagerCannotCreateTokenReference), Message);
}
if (!RequireMessageProtection)
{
if (ElementContainer.Timestamp == null)
{
throw TraceUtility.ThrowHelperError(new InvalidOperationException(
SR.SigningWithoutPrimarySignatureRequiresTimestamp), Message);
}
}
else
{
if (!_primarySignatureDone)
{
throw TraceUtility.ThrowHelperError(new InvalidOperationException(
SR.PrimarySignatureMustBeComputedBeforeSupportingTokenSignatures), Message);
}
if (ElementContainer.PrimarySignature.Item == null)
{
throw TraceUtility.ThrowHelperError(new InvalidOperationException(
SR.Format(SR.SupportingTokenSignaturesNotExpected)), Message);
}
}
SecurityKeyIdentifier identifier = new SecurityKeyIdentifier(identifierClause);
ISignatureValueSecurityElement supportingSignature;
if (!RequireMessageProtection)
{
supportingSignature = CreateSupportingSignature(token, identifier);
}
else
{
supportingSignature = CreateSupportingSignature(token, identifier, ElementContainer.PrimarySignature.Item);
}
AddGeneratedSignatureValue(supportingSignature.GetSignatureValue(), _encryptSignature);
SendSecurityHeaderElement supportingSignatureElement = new SendSecurityHeaderElement(supportingSignature.Id, supportingSignature)
{
MarkedForEncryption = _encryptSignature
};
ElementContainer.AddEndorsingSignature(supportingSignatureElement);
}