public void Union(MessagePartSpecification specification) { if (_isReadOnly) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.ObjectIsReadOnly)); } if (specification == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("specification"); } _isBodyIncluded |= specification.IsBodyIncluded; List <XmlQualifiedName> headerTypes = specification._headerTypes; if (headerTypes != null && headerTypes.Count > 0) { if (_headerTypes == null) { _headerTypes = new List <XmlQualifiedName>(headerTypes.Count); } for (int i = 0; i < headerTypes.Count; i++) { XmlQualifiedName qname = headerTypes[i]; _headerTypes.Add(qname); } } }
public bool TryGetParts(string action, bool excludeChannelScope, out MessagePartSpecification parts) { if (action == null) { action = MessageHeaders.WildcardAction; } parts = null; if (isReadOnly) { if (readOnlyNormalizedActionParts.ContainsKey(action)) { if (excludeChannelScope) { parts = actionParts[action]; } else { parts = readOnlyNormalizedActionParts[action]; } } } else if (actionParts.ContainsKey(action)) { MessagePartSpecification p = new MessagePartSpecification(); p.Union(actionParts[action]); if (!excludeChannelScope) { p.Union(channelParts); } parts = p; } return(parts != null); }
private static MessagePartSpecification ExtractMessageParts(string action, ScopedMessagePartSpecification scopedParts, bool isForSignature) { MessagePartSpecification parts = null; if (scopedParts.TryGetParts(action, out parts)) { return(parts); } else if (scopedParts.TryGetParts(MessageHeaders.WildcardAction, out parts)) { return(parts); } // send back a fault indication that the action is unknown SecurityVersion wss = MessageSecurityVersion.Default.SecurityVersion; FaultCode subCode = new FaultCode(wss.InvalidSecurityFaultCode.Value, wss.HeaderNamespace.Value); FaultCode senderCode = FaultCode.CreateSenderFaultCode(subCode); FaultReason reason = new FaultReason(SR.Format(SR.InvalidOrUnrecognizedAction, action), System.Globalization.CultureInfo.CurrentCulture); MessageFault fault = MessageFault.CreateFault(senderCode, reason); if (isForSignature) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.Format(SR.NoSignaturePartsSpecified, action), null, fault)); } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.Format(SR.NoEncryptionPartsSpecified, action), null, fault)); } }
internal void AddParts(MessagePartSpecification parts, XmlDictionaryString action) { if (action == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException(nameof(action))); } AddParts(parts, action.Value); }
public void AddParts(MessagePartSpecification parts) { if (parts == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException(nameof(parts))); } ThrowIfReadOnly(); channelParts.Union(parts); }
protected override void StartPrimarySignatureCore(SecurityToken token, SecurityKeyIdentifier keyIdentifier, MessagePartSpecification signatureParts, bool generateTargettableSignature) { SecurityAlgorithmSuite suite = AlgorithmSuite; string canonicalizationAlgorithm = suite.DefaultCanonicalizationAlgorithm; if (canonicalizationAlgorithm != SecurityAlgorithms.ExclusiveC14n) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new MessageSecurityException(SR.Format(SR.UnsupportedCanonicalizationAlgorithm, suite.DefaultCanonicalizationAlgorithm))); } string signatureAlgorithm; XmlDictionaryString signatureAlgorithmDictionaryString; SecurityKey signatureKey; suite.GetSignatureAlgorithmAndKey(token, out signatureAlgorithm, out signatureKey, out signatureAlgorithmDictionaryString); AsymmetricAlgorithm asymmetricAlgorithm = null; GetSigningAlgorithm(signatureKey, signatureAlgorithm, out _signingKey, out asymmetricAlgorithm); _signedXml = new SignedXml(); _signedXml.SignedInfo.CanonicalizationMethod = canonicalizationAlgorithm; _signedXml.SignedInfo.SignatureMethod = signatureAlgorithm; _signedXml.SigningKey = asymmetricAlgorithm; if (keyIdentifier != null) { var stream = new MemoryStream(); using (var xmlWriter = XmlDictionaryWriter.CreateTextWriter(stream, Encoding.UTF8, false)) { StandardsManager.SecurityTokenSerializer.WriteKeyIdentifier(xmlWriter, keyIdentifier); } stream.Position = 0; XmlDocument doc = new XmlDocument(); doc.Load(stream); var keyInfo = new KeyInfo(); keyInfo.LoadXml(doc.DocumentElement); _signedXml.KeyInfo = keyInfo; } if (generateTargettableSignature) { _signedXml.Signature.Id = GenerateId(); } _effectiveSignatureParts = signatureParts; }
public void MakeReadOnly() { if (!isReadOnly) { readOnlyNormalizedActionParts = new Dictionary <string, MessagePartSpecification>(); foreach (string action in actionParts.Keys) { MessagePartSpecification p = new MessagePartSpecification(); p.Union(actionParts[action]); p.Union(channelParts); p.MakeReadOnly(); readOnlyNormalizedActionParts[action] = p; } isReadOnly = true; } }
static void AddHeaderProtectionRequirements(MessageHeaderDescription header, MessagePartSpecification signedParts, MessagePartSpecification encryptedParts, ProtectionLevel defaultProtectionLevel) { var p = defaultProtectionLevel; //header.HasProtectionLevel currently is always false; //ProtectionLevel p = header.HasProtectionLevel ? header.ProtectionLevel : defaultProtectionLevel; if (p != ProtectionLevel.None) { var headerName = new XmlQualifiedName(header.Name, header.Namespace); signedParts.HeaderTypes.Add(headerName); if (p == ProtectionLevel.EncryptAndSign) { encryptedParts.HeaderTypes.Add(headerName); } } }
public ScopedMessagePartSpecification(ScopedMessagePartSpecification other) : this() { if (other == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException(nameof(other))); } channelParts.Union(other.channelParts); if (other.actionParts != null) { foreach (string action in other.actionParts.Keys) { MessagePartSpecification p = new MessagePartSpecification(); p.Union(other.actionParts[action]); actionParts[action] = p; } } }
public void AddParts(MessagePartSpecification parts, string action) { if (action == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException(nameof(action))); } if (parts == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException(nameof(parts))); } ThrowIfReadOnly(); if (!actionParts.ContainsKey(action)) { actionParts[action] = new MessagePartSpecification(); } actionParts[action].Union(parts); }
private static void AddFaultProtectionRequirements(FaultDescriptionCollection faults, ChannelProtectionRequirements requirements, ProtectionLevel defaultProtectionLevel, bool addToIncoming) { if (faults == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(faults)); } if (requirements == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(requirements)); } foreach (FaultDescription fault in faults) { var signedParts = new MessagePartSpecification(); var encryptedParts = new MessagePartSpecification(); ProtectionLevel p = defaultProtectionLevel; // FaultDescription.HasProtectionLevel currently is always false //ProtectionLevel p = fault.HasProtectionLevel ? fault.ProtectionLevel : defaultProtectionLevel; if (p != ProtectionLevel.None) { signedParts.IsBodyIncluded = true; if (p == ProtectionLevel.EncryptAndSign) { encryptedParts.IsBodyIncluded = true; } } if (addToIncoming) { requirements.IncomingSignatureParts.AddParts(signedParts, fault.Action); requirements.IncomingEncryptionParts.AddParts(encryptedParts, fault.Action); } else { requirements.OutgoingSignatureParts.AddParts(signedParts, fault.Action); requirements.OutgoingEncryptionParts.AddParts(encryptedParts, fault.Action); } } }
private static MessagePartSpecification UnionMessagePartSpecifications(ScopedMessagePartSpecification actionParts) { var result = new MessagePartSpecification(false); foreach (string action in actionParts.Actions) { if (actionParts.TryGetParts(action, out MessagePartSpecification parts)) { if (parts.IsBodyIncluded) { result.IsBodyIncluded = true; } foreach (XmlQualifiedName headerType in parts.HeaderTypes) { if (!result.IsHeaderIncluded(headerType.Name, headerType.Namespace)) { result.HeaderTypes.Add(headerType); } } } } return(result); }
protected abstract void StartPrimarySignatureCore(SecurityToken token, SecurityKeyIdentifier identifier, MessagePartSpecification signatureParts, bool generateTargettablePrimarySignature);
protected override ISignatureValueSecurityElement CompletePrimarySignatureCore( SendSecurityHeaderElement[] signatureConfirmations, SecurityToken[] signedEndorsingTokens, SecurityToken[] signedTokens, SendSecurityHeaderElement[] basicTokens, bool isPrimarySignature) { if (_signedXml == null) { return(null); } SecurityTimestamp timestamp = Timestamp; if (timestamp != null) { if (timestamp.Id == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.TimestampToSignHasNoId)); } var buffer = new byte[64]; var ms = new MemoryStream(); StandardsManager.WSUtilitySpecificationVersion.WriteTimestampCanonicalForm( ms, timestamp, buffer); ms.Position = 0; AddReference("#" + timestamp.Id, ms); var reference = new System.Security.Cryptography.Xml.Reference(ms); } if ((ShouldSignToHeader) && (_signingKey != null || _signedXml.SigningKey != null) && (Version.Addressing != AddressingVersion.None)) { if (_toHeaderStream != null) { AddReference("#" + _toHeaderId, _toHeaderStream); } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.TransportSecurityRequireToHeader)); } } AddSignatureReference(signatureConfirmations); if (isPrimarySignature && ShouldProtectTokens) { AddPrimaryTokenSignatureReference(ElementContainer.SourceSigningToken, SigningTokenParameters); } if (RequireMessageProtection) { throw new PlatformNotSupportedException(nameof(RequireMessageProtection)); } if (_signedXml.SignedInfo.References.Count == 0) { throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.NoPartsOfMessageMatchedPartsToSign), Message); } try { if (_signingKey != null) { _signedXml.ComputeSignature(_signingKey); } else { _signedXml.ComputeSignature(); } return(new SignatureValue(_signedXml.Signature)); } finally { _hashStream = null; _signingKey = null; _signedXml = null; _effectiveSignatureParts = null; } }
public bool TryGetParts(string action, out MessagePartSpecification parts) { return(TryGetParts(action, false, out parts)); }
public ScopedMessagePartSpecification() { channelParts = new MessagePartSpecification(); actionParts = new Dictionary <string, MessagePartSpecification>(); }
internal static ChannelProtectionRequirements CreateFromContract(ContractDescription contract, ProtectionLevel defaultRequestProtectionLevel, ProtectionLevel defaultResponseProtectionLevel) { if (contract == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(contract)); } var requirements = new ChannelProtectionRequirements(); var contractScopeDefaultRequestProtectionLevel = ProtectionLevel.None; var contractScopeDefaultResponseProtectionLevel = ProtectionLevel.None; if (contract.HasProtectionLevel) // Currently always false { //contractScopeDefaultRequestProtectionLevel = contract.ProtectionLevel; //contractScopeDefaultResponseProtectionLevel = contract.ProtectionLevel; } else { contractScopeDefaultRequestProtectionLevel = defaultRequestProtectionLevel; contractScopeDefaultResponseProtectionLevel = defaultResponseProtectionLevel; } foreach (var operation in contract.Operations) { var operationScopeDefaultRequestProtectionLevel = ProtectionLevel.None; var operationScopeDefaultResponseProtectionLevel = ProtectionLevel.None; if (operation.HasProtectionLevel) // Currently always false { //operationScopeDefaultRequestProtectionLevel = operation.ProtectionLevel; //operationScopeDefaultResponseProtectionLevel = operation.ProtectionLevel; } else { operationScopeDefaultRequestProtectionLevel = contractScopeDefaultRequestProtectionLevel; operationScopeDefaultResponseProtectionLevel = contractScopeDefaultResponseProtectionLevel; } foreach (var message in operation.Messages) { var messageScopeDefaultProtectionLevel = ProtectionLevel.None; if (message.HasProtectionLevel) { //messageScopeDefaultProtectionLevel = message.ProtectionLevel; } else if (message.Direction == MessageDirection.Input) { messageScopeDefaultProtectionLevel = operationScopeDefaultRequestProtectionLevel; } else { messageScopeDefaultProtectionLevel = operationScopeDefaultResponseProtectionLevel; } var signedParts = new MessagePartSpecification(); var encryptedParts = new MessagePartSpecification(); // determine header protection requirements for message foreach (var header in message.Headers) { AddHeaderProtectionRequirements(header, signedParts, encryptedParts, messageScopeDefaultProtectionLevel); } // determine body protection requirements for message ProtectionLevel bodyProtectionLevel; if (message.Body.Parts.Count > 0) { // initialize the body protection level to none. all the body parts will be // unioned to get the effective body protection level bodyProtectionLevel = ProtectionLevel.None; } else if (message.Body.ReturnValue != null) { if (!(message.Body.ReturnValue.GetType().Equals(typeof(MessagePartDescription)))) { Fx.Assert("Only body return values are supported currently"); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.OnlyBodyReturnValuesSupported)); } bodyProtectionLevel = messageScopeDefaultProtectionLevel; // MessagePartDescription.HasProtectionLevel currently always false //MessagePartDescription desc = message.Body.ReturnValue; //bodyProtectionLevel = desc.HasProtectionLevel ? desc.ProtectionLevel : messageScopeDefaultProtectionLevel; } else { bodyProtectionLevel = messageScopeDefaultProtectionLevel; } // determine body protection requirements for message if (message.Body.Parts.Count > 0) { foreach (var body in message.Body.Parts) { var partProtectionLevel = messageScopeDefaultProtectionLevel; // MessagePartDescription.HasProtectionLevel currently always false //ProtectionLevel partProtectionLevel = body.HasProtectionLevel ? body.ProtectionLevel : messageScopeDefaultProtectionLevel; bodyProtectionLevel = ProtectionLevelHelper.Max(bodyProtectionLevel, partProtectionLevel); if (bodyProtectionLevel == ProtectionLevel.EncryptAndSign) { break; } } } if (bodyProtectionLevel != ProtectionLevel.None) { signedParts.IsBodyIncluded = true; if (bodyProtectionLevel == ProtectionLevel.EncryptAndSign) { encryptedParts.IsBodyIncluded = true; } } // add requirements for message if (message.Direction == MessageDirection.Input) { requirements.IncomingSignatureParts.AddParts(signedParts, message.Action); requirements.IncomingEncryptionParts.AddParts(encryptedParts, message.Action); } else { requirements.OutgoingSignatureParts.AddParts(signedParts, message.Action); requirements.OutgoingEncryptionParts.AddParts(encryptedParts, message.Action); } } if (operation.Faults != null) { if (operation.IsServerInitiated()) { AddFaultProtectionRequirements(operation.Faults, requirements, operationScopeDefaultRequestProtectionLevel, true); } else { AddFaultProtectionRequirements(operation.Faults, requirements, operationScopeDefaultResponseProtectionLevel, false); } } } return(requirements); }