private SecurityToken ResolveSignatureToken(SecurityKeyIdentifier keyIdentifier, SecurityTokenResolver resolver, bool isPrimarySignature)
{
TryResolveKeyIdentifier(keyIdentifier, resolver, true, out SecurityToken token);
if (token == null && !isPrimarySignature)
{
// check if there is a rsa key token authenticator
if (keyIdentifier.Count == 1)
{
if (keyIdentifier.TryFind <RsaKeyIdentifierClause>(out RsaKeyIdentifierClause rsaClause))
{
RsaSecurityTokenAuthenticator rsaAuthenticator = FindAllowedAuthenticator <RsaSecurityTokenAuthenticator>(false);
if (rsaAuthenticator != null)
{
token = new RsaSecurityToken(rsaClause.Rsa);
ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies = rsaAuthenticator.ValidateToken(token);
TokenTracker rsaTracker = GetSupportingTokenTracker(rsaAuthenticator, out SupportingTokenAuthenticatorSpecification spec);
if (rsaTracker == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.Format(SR.UnknownTokenAuthenticatorUsedInTokenProcessing, rsaAuthenticator)));
}
rsaTracker.RecordToken(token);
SecurityTokenAuthorizationPoliciesMapping.Add(token, authorizationPolicies);
}
}
}
}
if (token == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(
SR.Format(SR.UnableToResolveKeyInfoForVerifyingSignature, keyIdentifier, resolver)));
}
return(token);
}
public void AppendElement(
ReceiveSecurityHeaderElementCategory elementCategory, object element,
ReceiveSecurityHeaderBindingModes bindingMode, string id, TokenTracker supportingTokenTracker)
{
if (id != null)
{
VerifyIdUniquenessInSecurityHeader(id);
}
EnsureCapacityToAdd();
_elements[Count++].SetElement(elementCategory, element, bindingMode, id, false, null, supportingTokenTracker);
}
public void SetElement(
ReceiveSecurityHeaderElementCategory elementCategory, object element,
ReceiveSecurityHeaderBindingModes bindingMode, string id, bool encrypted, byte[] decryptedBuffer, TokenTracker supportingTokenTracker)
{
this.elementCategory = elementCategory;
this.element = element;
this.bindingMode = bindingMode;
this.encrypted = encrypted;
this.decryptedBuffer = decryptedBuffer;
this.supportingTokenTracker = supportingTokenTracker;
this.id = id;
}
public void SetElement(
ReceiveSecurityHeaderElementCategory elementCategory, object element,
ReceiveSecurityHeaderBindingModes bindingMode, string id, bool encrypted, byte[] decryptedBuffer, TokenTracker supportingTokenTracker)
{
this.elementCategory = elementCategory;
this.element = element;
this.bindingMode = bindingMode;
this.encrypted = encrypted;
this.decryptedBuffer = decryptedBuffer;
this.supportingTokenTracker = supportingTokenTracker;
this.id = id;
}
public void AppendToken(SecurityToken token, ReceiveSecurityHeaderBindingModes mode, TokenTracker supportingTokenTracker)
{
AppendElement(ReceiveSecurityHeaderElementCategory.Token, token,
mode, token.Id, supportingTokenTracker);
}
public void SetTokenAfterDecryption(int index, SecurityToken token, ReceiveSecurityHeaderBindingModes mode, byte[] decryptedBuffer, TokenTracker supportingTokenTracker)
{
SetElementAfterDecryption(index, ReceiveSecurityHeaderElementCategory.Token, token, mode, token.Id, decryptedBuffer, supportingTokenTracker);
}
public void SetElementAfterDecryption(
int index,
ReceiveSecurityHeaderElementCategory elementCategory, object element,
ReceiveSecurityHeaderBindingModes bindingMode, string id, byte[] decryptedBuffer, TokenTracker supportingTokenTracker)
{
Fx.Assert(0 <= index && index < Count, "index out of range");
Fx.Assert(_elements[index].elementCategory == ReceiveSecurityHeaderElementCategory.EncryptedData, "Replaced item must be EncryptedData");
if (id != null)
{
VerifyIdUniquenessInSecurityHeader(id);
}
_elements[index].PreserveIdBeforeDecryption();
_elements[index].SetElement(elementCategory, element, bindingMode, id, true, decryptedBuffer, supportingTokenTracker);
}
public void Register(TokenTracker tracker)
{
Trackers.Add(tracker);
}
public void Register(TokenTracker tracker)
{
Trackers.Add(tracker);
}
