private SecurityToken ResolveSignatureToken(SecurityKeyIdentifier keyIdentifier, SecurityTokenResolver resolver, bool isPrimarySignature) { TryResolveKeyIdentifier(keyIdentifier, resolver, true, out SecurityToken token); if (token == null && !isPrimarySignature) { // check if there is a rsa key token authenticator if (keyIdentifier.Count == 1) { if (keyIdentifier.TryFind <RsaKeyIdentifierClause>(out RsaKeyIdentifierClause rsaClause)) { RsaSecurityTokenAuthenticator rsaAuthenticator = FindAllowedAuthenticator <RsaSecurityTokenAuthenticator>(false); if (rsaAuthenticator != null) { token = new RsaSecurityToken(rsaClause.Rsa); ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies = rsaAuthenticator.ValidateToken(token); TokenTracker rsaTracker = GetSupportingTokenTracker(rsaAuthenticator, out SupportingTokenAuthenticatorSpecification spec); if (rsaTracker == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.Format(SR.UnknownTokenAuthenticatorUsedInTokenProcessing, rsaAuthenticator))); } rsaTracker.RecordToken(token); SecurityTokenAuthorizationPoliciesMapping.Add(token, authorizationPolicies); } } } } if (token == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException( SR.Format(SR.UnableToResolveKeyInfoForVerifyingSignature, keyIdentifier, resolver))); } return(token); }
public void AppendElement( ReceiveSecurityHeaderElementCategory elementCategory, object element, ReceiveSecurityHeaderBindingModes bindingMode, string id, TokenTracker supportingTokenTracker) { if (id != null) { VerifyIdUniquenessInSecurityHeader(id); } EnsureCapacityToAdd(); _elements[Count++].SetElement(elementCategory, element, bindingMode, id, false, null, supportingTokenTracker); }
public void SetElement( ReceiveSecurityHeaderElementCategory elementCategory, object element, ReceiveSecurityHeaderBindingModes bindingMode, string id, bool encrypted, byte[] decryptedBuffer, TokenTracker supportingTokenTracker) { this.elementCategory = elementCategory; this.element = element; this.bindingMode = bindingMode; this.encrypted = encrypted; this.decryptedBuffer = decryptedBuffer; this.supportingTokenTracker = supportingTokenTracker; this.id = id; }
public void AppendToken(SecurityToken token, ReceiveSecurityHeaderBindingModes mode, TokenTracker supportingTokenTracker) { AppendElement(ReceiveSecurityHeaderElementCategory.Token, token, mode, token.Id, supportingTokenTracker); }
public void SetTokenAfterDecryption(int index, SecurityToken token, ReceiveSecurityHeaderBindingModes mode, byte[] decryptedBuffer, TokenTracker supportingTokenTracker) { SetElementAfterDecryption(index, ReceiveSecurityHeaderElementCategory.Token, token, mode, token.Id, decryptedBuffer, supportingTokenTracker); }
public void SetElementAfterDecryption( int index, ReceiveSecurityHeaderElementCategory elementCategory, object element, ReceiveSecurityHeaderBindingModes bindingMode, string id, byte[] decryptedBuffer, TokenTracker supportingTokenTracker) { Fx.Assert(0 <= index && index < Count, "index out of range"); Fx.Assert(_elements[index].elementCategory == ReceiveSecurityHeaderElementCategory.EncryptedData, "Replaced item must be EncryptedData"); if (id != null) { VerifyIdUniquenessInSecurityHeader(id); } _elements[index].PreserveIdBeforeDecryption(); _elements[index].SetElement(elementCategory, element, bindingMode, id, true, decryptedBuffer, supportingTokenTracker); }
public void Register(TokenTracker tracker) { Trackers.Add(tracker); }