private void AddSignatureReference(MessageHeader header, string headerId, IPrefixGenerator prefixGenerator, XmlDictionaryWriter writer) { // No transforms added to Reference as the digest value has already been calculated byte[] hashValue; headerId = GetSignatureHash(header, headerId, prefixGenerator, writer, out hashValue); var reference = new System.Security.Cryptography.Xml.Reference(); reference.DigestMethod = AlgorithmSuite.DefaultDigestAlgorithm; reference.DigestValue = hashValue; reference.Id = headerId; _signedXml.AddReference(reference); }
private string GetSignatureStream(MessageHeader header, string headerId, IPrefixGenerator prefixGenerator, XmlDictionaryWriter writer, out Stream stream) { stream = new MemoryStream(); XmlDictionaryWriter effectiveWriter; XmlBuffer canonicalBuffer = null; if (writer.CanCanonicalize) { effectiveWriter = writer; } else { canonicalBuffer = new XmlBuffer(int.MaxValue); effectiveWriter = canonicalBuffer.OpenSection(XmlDictionaryReaderQuotas.Max); } effectiveWriter.StartCanonicalization(stream, false, null); header.WriteStartHeader(effectiveWriter, Version); if (headerId == null) { headerId = GenerateId(); StandardsManager.IdManager.WriteIdAttribute(effectiveWriter, headerId); } header.WriteHeaderContents(effectiveWriter, Version); effectiveWriter.WriteEndElement(); effectiveWriter.EndCanonicalization(); effectiveWriter.Flush(); if (!ReferenceEquals(effectiveWriter, writer)) { Fx.Assert(canonicalBuffer != null, "Canonical buffer cannot be null."); canonicalBuffer.CloseSection(); canonicalBuffer.Close(); XmlDictionaryReader dicReader = canonicalBuffer.GetReader(0); writer.WriteNode(dicReader, false); dicReader.Close(); } stream.Position = 0; return(headerId); }
public override void ApplyBodySecurity(XmlDictionaryWriter writer, IPrefixGenerator prefixGenerator) { SecurityAppliedMessage message = SecurityAppliedMessage; switch (message.BodyProtectionMode) { case MessagePartProtectionMode.None: return; case MessagePartProtectionMode.Sign: var ms = new MemoryStream(); if (CanCanonicalizeAndFragment(writer)) { message.WriteBodyToSignWithFragments(ms, false, null, writer); } else { message.WriteBodyToSign(ms); } ms.Position = 0; AddReference("#" + message.BodyId, ms); return; case MessagePartProtectionMode.SignThenEncrypt: throw new PlatformNotSupportedException(); case MessagePartProtectionMode.Encrypt: throw new PlatformNotSupportedException(); case MessagePartProtectionMode.EncryptThenSign: throw new PlatformNotSupportedException(); default: Fx.Assert("Invalid MessagePartProtectionMode"); return; } }
public abstract void ApplySecurityAndWriteHeaders(MessageHeaders headers, XmlDictionaryWriter writer, IPrefixGenerator prefixGenerator);
public abstract void ApplyBodySecurity(XmlDictionaryWriter writer, IPrefixGenerator prefixGenerator);
private void AddEncryptionReference(MessageHeader header, string headerId, IPrefixGenerator prefixGenerator, bool sign, out MemoryStream plainTextStream, out string encryptedDataId) { throw new PlatformNotSupportedException(); }
public override void ApplySecurityAndWriteHeaders(MessageHeaders headers, XmlDictionaryWriter writer, IPrefixGenerator prefixGenerator) { string[] headerIds; if (RequireMessageProtection || ShouldSignToHeader) { headerIds = headers.GetHeaderAttributes(UtilityStrings.IdAttribute, StandardsManager.IdManager.DefaultIdNamespaceUri); } else { headerIds = null; } for (int i = 0; i < headers.Count; i++) { MessageHeader header = headers.GetMessageHeader(i); if (Version.Addressing == AddressingVersion.None && header.Namespace == AddressingVersion.None.Namespace) { continue; } if (header != this) { ApplySecurityAndWriteHeader(header, headerIds == null ? null : headerIds[i], writer, prefixGenerator); } } }
private void ApplySecurityAndWriteHeader(MessageHeader header, string headerId, XmlDictionaryWriter writer, IPrefixGenerator prefixGenerator) { if (!RequireMessageProtection && ShouldSignToHeader) { if ((header.Name == XD.AddressingDictionary.To.Value) && (header.Namespace == Message.Version.Addressing.Namespace)) { if (_toHeaderStream == null) { Stream headerStream; headerId = GetSignatureStream(header, headerId, prefixGenerator, writer, out headerStream); _toHeaderStream = headerStream; _toHeaderId = headerId; } else { // More than one 'To' header is specified in the message. throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.TransportSecuredMessageHasMoreThanOneToHeader)); } return; } } MessagePartProtectionMode protectionMode = GetProtectionMode(header); switch (protectionMode) { case MessagePartProtectionMode.None: header.WriteHeader(writer, Version); return; case MessagePartProtectionMode.Sign: AddSignatureReference(header, headerId, prefixGenerator, writer); return; case MessagePartProtectionMode.SignThenEncrypt: case MessagePartProtectionMode.Encrypt: case MessagePartProtectionMode.EncryptThenSign: throw new PlatformNotSupportedException(); default: Fx.Assert("Invalid MessagePartProtectionMode"); return; } }