public void ResolveTokenNonExistent() { SecurityTokenResolver r = GetResolver(true, new SecurityToken [0]); SecurityToken token; Assert.IsNull(r.ResolveToken(new LocalIdKeyIdentifierClause("urn:foo"))); }
WrappedKeySecurityToken ReadWrappedKeySecurityTokenCore( XmlReader reader, SecurityTokenResolver tokenResolver) { if (tokenResolver == null) { throw new ArgumentNullException("tokenResolver"); } EncryptedKey ek = new EncryptedKey(); ek.LoadXml(new XmlDocument().ReadNode(reader) as XmlElement); SecurityKeyIdentifier ki = new SecurityKeyIdentifier(); foreach (KeyInfoClause kic in ek.KeyInfo) { ki.Add(ReadKeyIdentifierClause(new XmlNodeReader(kic.GetXml()))); } SecurityToken token = tokenResolver.ResolveToken(ki); string alg = ek.EncryptionMethod.KeyAlgorithm; foreach (SecurityKey skey in token.SecurityKeys) { if (skey.IsSupportedAlgorithm(alg)) { byte [] key = skey.DecryptKey(alg, ek.CipherData.CipherValue); WrappedKeySecurityToken wk = new WrappedKeySecurityToken(ek.Id, key, alg, token, ki); // FIXME: This should not be required. wk.SetWrappedKey(ek.CipherData.CipherValue); wk.ReferenceList = ek.ReferenceList; return(wk); } } throw new InvalidOperationException(String.Format("Cannot resolve security key with the resolved SecurityToken specified by the key identifier in the EncryptedKey XML. The key identifier is: {0}", ki)); }
WrappedKeySecurityToken CreateWrappedKeyToken(string id, string encryptionMethod, string carriedKeyName, SecurityKeyIdentifier unwrappingTokenIdentifier, byte[] wrappedKey, SecurityTokenResolver tokenResolver) { ISspiNegotiationInfo sspiResolver = tokenResolver as ISspiNegotiationInfo; if (sspiResolver != null) { ISspiNegotiation unwrappingSspiContext = sspiResolver.SspiNegotiation; // ensure that the encryption algorithm is compatible if (encryptionMethod != unwrappingSspiContext.KeyEncryptionAlgorithm) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.BadKeyEncryptionAlgorithm, encryptionMethod))); } byte[] unwrappedKey = unwrappingSspiContext.Decrypt(wrappedKey); return(new WrappedKeySecurityToken(id, unwrappedKey, encryptionMethod, unwrappingSspiContext, unwrappedKey)); } else { if (tokenResolver == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("tokenResolver")); } if (unwrappingTokenIdentifier == null || unwrappingTokenIdentifier.Count == 0) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.MissingKeyInfoInEncryptedKey))); } SecurityToken unwrappingToken; SecurityHeaderTokenResolver resolver = tokenResolver as SecurityHeaderTokenResolver; if (resolver != null) { unwrappingToken = resolver.ExpectedWrapper; if (unwrappingToken != null) { if (!resolver.CheckExternalWrapperMatch(unwrappingTokenIdentifier)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException( SR.GetString(SR.EncryptedKeyWasNotEncryptedWithTheRequiredEncryptingToken, unwrappingToken))); } } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException( SR.GetString(SR.UnableToResolveKeyInfoForUnwrappingToken, unwrappingTokenIdentifier, resolver))); } } else { try { unwrappingToken = tokenResolver.ResolveToken(unwrappingTokenIdentifier); } catch (Exception exception) { if (exception is MessageSecurityException) { throw; } throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException( SR.GetString(SR.UnableToResolveKeyInfoForUnwrappingToken, unwrappingTokenIdentifier, tokenResolver), exception)); } } SecurityKey unwrappingSecurityKey; byte[] unwrappedKey = SecurityUtils.DecryptKey(unwrappingToken, encryptionMethod, wrappedKey, out unwrappingSecurityKey); return(new WrappedKeySecurityToken(id, unwrappedKey, encryptionMethod, unwrappingToken, unwrappingTokenIdentifier, wrappedKey, unwrappingSecurityKey)); } }