Exemplo n.º 1
0
            private void ProcessWSERequest(SoapEnvelope envelope, WSE.Security security)
            {
                // by default we consider that SOAP messages is not signed
                bool IsSigned = false;

                // if security element is null
                // the call is made not from WSE-enabled client
                if (security != null)
                {
                    foreach (ISecurityElement element in security.Elements)
                    {
                        if (element is MessageSignature)
                        {
                            // The given context contains a Signature element.
                            MessageSignature sign = element as MessageSignature;

                            if (CheckSignature(envelope, security, sign))
                            {
                                // The SOAP message is signed.
                                if (sign.SigningToken is UsernameToken)
                                {
                                    UsernameToken token = sign.SigningToken as UsernameToken;

                                    // The SOAP message is signed
                                    // with a UsernameToken.
                                    IsSigned = true;
                                }
                            }
                        }
                    }
                }

                // throw an exception if the message did not pass all the tests
                if (!IsSigned)
                {
                    throw new SecurityFault("SOAP response should be signed.");
                }

                // check encryption
                bool IsEncrypted = false;

                foreach (ISecurityElement element in security.Elements)
                {
                    if (element is EncryptedData)
                    {
                        EncryptedData         encryptedData = element as EncryptedData;
                        System.Xml.XmlElement targetElement = encryptedData.TargetElement;

                        if (SoapHelper.IsBodyElement(targetElement))
                        {
                            // The given SOAP message has the Body element Encrypted.
                            IsEncrypted = true;
                        }
                    }
                }

                if (!IsEncrypted)
                {
                    throw new SecurityFault("SOAP response should be encrypted.");
                }
            }