private void CompleteSignature() { ISignatureValueSecurityElement signedXml = CompletePrimarySignatureCore( ElementContainer.GetSignatureConfirmations(), ElementContainer.GetSignedEndorsingSupportingTokens(), ElementContainer.GetSignedSupportingTokens(), ElementContainer.GetBasicSupportingTokens(), true); if (signedXml == null) { return; } ElementContainer.PrimarySignature = new SendSecurityHeaderElement(signedXml.Id, signedXml); ElementContainer.PrimarySignature.MarkedForEncryption = _encryptSignature; AddGeneratedSignatureValue(signedXml.GetSignatureValue(), EncryptPrimarySignature); _primarySignatureDone = true; _primarySignatureValue = signedXml.GetSignatureValue(); }
protected override void OnWriteHeaderContents(XmlDictionaryWriter writer, MessageVersion messageVersion) { if (_basicSupportingTokenParameters != null && _basicSupportingTokenParameters.Count > 0 && RequireMessageProtection && !_basicTokenEncrypted) { throw TraceUtility.ThrowHelperError(new InvalidOperationException(SR.BasicTokenCannotBeWrittenWithoutEncryption), Message); } if (ElementContainer.Timestamp != null && Layout != SecurityHeaderLayout.LaxTimestampLast) { StandardsManager.WSUtilitySpecificationVersion.WriteTimestamp(writer, ElementContainer.Timestamp); } if (ElementContainer.PrerequisiteToken != null) { StandardsManager.SecurityTokenSerializer.WriteToken(writer, ElementContainer.PrerequisiteToken); } if (ElementContainer.SourceSigningToken != null) { if (ShouldSerializeToken(SigningTokenParameters, MessageDirection)) { StandardsManager.SecurityTokenSerializer.WriteToken(writer, ElementContainer.SourceSigningToken); // Implement Protect token // NOTE: The spec says sign the primary token if it is not included in the message. But we currently are not supporting it // as we do not support STR-Transform for external references. Hence we can not sign the token which is external ie not in the message. // This only affects the messages from service to client where // 1. allowSerializedSigningTokenOnReply is false. // 2. SymmetricSecurityBindingElement with IssuedTokens binding where the issued token has a symmetric key. if (ShouldProtectTokens) { WriteSecurityTokenReferencyEntry(writer, ElementContainer.SourceSigningToken, SigningTokenParameters); } } } if (ElementContainer.DerivedSigningToken != null) { StandardsManager.SecurityTokenSerializer.WriteToken(writer, ElementContainer.DerivedSigningToken); } if (ElementContainer.SourceEncryptionToken != null && ElementContainer.SourceEncryptionToken != ElementContainer.SourceSigningToken && ShouldSerializeToken(_encryptingTokenParameters, MessageDirection)) { StandardsManager.SecurityTokenSerializer.WriteToken(writer, ElementContainer.SourceEncryptionToken); } if (ElementContainer.WrappedEncryptionToken != null) { StandardsManager.SecurityTokenSerializer.WriteToken(writer, ElementContainer.WrappedEncryptionToken); } if (ElementContainer.DerivedEncryptionToken != null) { StandardsManager.SecurityTokenSerializer.WriteToken(writer, ElementContainer.DerivedEncryptionToken); } if (SignThenEncrypt) { if (ElementContainer.ReferenceList != null) { ElementContainer.ReferenceList.WriteTo(writer, ServiceModelDictionaryManager.Instance); } } SecurityToken[] signedTokens = ElementContainer.GetSignedSupportingTokens(); if (signedTokens != null) { for (int i = 0; i < signedTokens.Length; ++i) { StandardsManager.SecurityTokenSerializer.WriteToken(writer, signedTokens[i]); WriteSecurityTokenReferencyEntry(writer, signedTokens[i], _signedTokenParameters[i]); } } SendSecurityHeaderElement[] basicTokensXml = ElementContainer.GetBasicSupportingTokens(); if (basicTokensXml != null) { for (int i = 0; i < basicTokensXml.Length; ++i) { basicTokensXml[i].Item.WriteTo(writer, ServiceModelDictionaryManager.Instance); if (SignThenEncrypt) { WriteSecurityTokenReferencyEntry(writer, _basicTokens[i], _basicSupportingTokenParameters[i]); } } } SecurityToken[] endorsingTokens = ElementContainer.GetEndorsingSupportingTokens(); if (endorsingTokens != null) { for (int i = 0; i < endorsingTokens.Length; ++i) { if (ShouldSerializeToken(_endorsingTokenParameters[i], MessageDirection)) { StandardsManager.SecurityTokenSerializer.WriteToken(writer, endorsingTokens[i]); } } } SecurityToken[] endorsingDerivedTokens = ElementContainer.GetEndorsingDerivedSupportingTokens(); if (endorsingDerivedTokens != null) { for (int i = 0; i < endorsingDerivedTokens.Length; ++i) { StandardsManager.SecurityTokenSerializer.WriteToken(writer, endorsingDerivedTokens[i]); } } SecurityToken[] signedEndorsingTokens = ElementContainer.GetSignedEndorsingSupportingTokens(); if (signedEndorsingTokens != null) { for (int i = 0; i < signedEndorsingTokens.Length; ++i) { StandardsManager.SecurityTokenSerializer.WriteToken(writer, signedEndorsingTokens[i]); WriteSecurityTokenReferencyEntry(writer, signedEndorsingTokens[i], _signedEndorsingTokenParameters[i]); } } SecurityToken[] signedEndorsingDerivedTokens = ElementContainer.GetSignedEndorsingDerivedSupportingTokens(); if (signedEndorsingDerivedTokens != null) { for (int i = 0; i < signedEndorsingDerivedTokens.Length; ++i) { StandardsManager.SecurityTokenSerializer.WriteToken(writer, signedEndorsingDerivedTokens[i]); } } SendSecurityHeaderElement[] signatureConfirmations = ElementContainer.GetSignatureConfirmations(); if (signatureConfirmations != null) { for (int i = 0; i < signatureConfirmations.Length; ++i) { signatureConfirmations[i].Item.WriteTo(writer, ServiceModelDictionaryManager.Instance); } } if (ElementContainer.PrimarySignature != null && ElementContainer.PrimarySignature.Item != null) { ElementContainer.PrimarySignature.Item.WriteTo(writer, ServiceModelDictionaryManager.Instance); } SendSecurityHeaderElement[] endorsingSignatures = ElementContainer.GetEndorsingSignatures(); if (endorsingSignatures != null) { for (int i = 0; i < endorsingSignatures.Length; ++i) { endorsingSignatures[i].Item.WriteTo(writer, ServiceModelDictionaryManager.Instance); } } if (!SignThenEncrypt) { if (ElementContainer.ReferenceList != null) { ElementContainer.ReferenceList.WriteTo(writer, ServiceModelDictionaryManager.Instance); } } if (ElementContainer.Timestamp != null && Layout == SecurityHeaderLayout.LaxTimestampLast) { StandardsManager.WSUtilitySpecificationVersion.WriteTimestamp(writer, ElementContainer.Timestamp); } }