/// <summary> /// Decrypts the Password using the EncryptionAlgorithm and places the result in DecryptedPassword /// </summary> public override void Decrypt(X509Certificate2 certificate, byte[] senderNonce, string securityPolicyUri) { // handle no encryption. if (String.IsNullOrEmpty(securityPolicyUri) || securityPolicyUri == SecurityPolicies.None) { m_decryptedTokenData = m_tokenData; return; } EncryptedData encryptedData = new EncryptedData(); encryptedData.Data = m_tokenData; encryptedData.Algorithm = m_encryptionAlgorithm; byte[] decryptedTokenData = SecurityPolicies.Decrypt( certificate, securityPolicyUri, encryptedData); // verify the sender's nonce. int startOfNonce = decryptedTokenData.Length; if (senderNonce != null) { startOfNonce -= senderNonce.Length; for (int ii = 0; ii < senderNonce.Length; ii++) { if (senderNonce[ii] != decryptedTokenData[ii+startOfNonce]) { throw new ServiceResultException(StatusCodes.BadIdentityTokenRejected); } } } // copy results. m_decryptedTokenData = new byte[startOfNonce]; Array.Copy(decryptedTokenData, m_decryptedTokenData, startOfNonce); }
/// <summary> /// Decrypts the CipherText using the SecurityPolicyUri and returns the PlainTetx. /// </summary> public static byte[] Decrypt(X509Certificate2 certificate, string securityPolicyUri, EncryptedData dataToDecrypt) { // check if nothing to do. if (dataToDecrypt == null) { return null; } // nothing more to do if no encryption. if (String.IsNullOrEmpty(securityPolicyUri)) { return dataToDecrypt.Data; } // decrypt data. switch (securityPolicyUri) { case SecurityPolicies.Basic256: case SecurityPolicies.Basic256Sha256: { if (dataToDecrypt.Algorithm == SecurityAlgorithms.RsaOaep) { return RsaUtils.Decrypt(new ArraySegment<byte>(dataToDecrypt.Data), certificate, true); } break; } case SecurityPolicies.Basic128Rsa15: { if (dataToDecrypt.Algorithm == SecurityAlgorithms.Rsa15) { return RsaUtils.Decrypt(new ArraySegment<byte>(dataToDecrypt.Data), certificate, false); } break; } case SecurityPolicies.None: { if (String.IsNullOrEmpty(dataToDecrypt.Algorithm)) { return dataToDecrypt.Data; } break; } default: { throw ServiceResultException.Create( StatusCodes.BadSecurityPolicyRejected, "Unsupported security policy: {0}", securityPolicyUri); } } throw ServiceResultException.Create( StatusCodes.BadIdentityTokenInvalid, "Unexpected encryption algorithm : {0}", dataToDecrypt.Algorithm); }
/// <summary> /// Decrypts the Password using the EncryptionAlgorithm and places the result in DecryptedPassword /// </summary> public override void Decrypt(X509Certificate2 certificate, byte[] senderNonce, string securityPolicyUri) { // handle no encryption. if (String.IsNullOrEmpty(securityPolicyUri) || securityPolicyUri == SecurityPolicies.None) { m_decryptedPassword = new UTF8Encoding().GetString(m_password, 0, m_password.Length); return; } // decrypt. EncryptedData encryptedData = new EncryptedData(); encryptedData.Data = m_password; encryptedData.Algorithm = m_encryptionAlgorithm; byte[] decryptedPassword = SecurityPolicies.Decrypt( certificate, securityPolicyUri, encryptedData); if (decryptedPassword == null) { m_decryptedPassword = null; return; } // verify the sender's nonce. int startOfNonce = decryptedPassword.Length; if (senderNonce != null) { startOfNonce -= senderNonce.Length; for (int ii = 0; ii < senderNonce.Length; ii++) { if (senderNonce[ii] != decryptedPassword[ii+startOfNonce]) { throw new ServiceResultException(StatusCodes.BadIdentityTokenRejected); } } } // convert to UTF-8. m_decryptedPassword = new UTF8Encoding().GetString(decryptedPassword, 0, startOfNonce); }
/// <summary> /// Encrypts the text using the SecurityPolicyUri and returns the result. /// </summary> public static EncryptedData Encrypt(X509Certificate2 certificate, string securityPolicyUri, byte[] plainText) { EncryptedData encryptedData = new EncryptedData(); encryptedData.Algorithm = null; encryptedData.Data = plainText; // check if nothing to do. if (plainText == null) { return encryptedData; } // nothing more to do if no encryption. if (String.IsNullOrEmpty(securityPolicyUri)) { return encryptedData; } // encrypt data. switch (securityPolicyUri) { case SecurityPolicies.Basic256: case SecurityPolicies.Basic256Sha256: { encryptedData.Algorithm = SecurityAlgorithms.RsaOaep; encryptedData.Data = RsaUtils.Encrypt(plainText, certificate, true); break; } case SecurityPolicies.Basic128Rsa15: { encryptedData.Algorithm = SecurityAlgorithms.Rsa15; encryptedData.Data = RsaUtils.Encrypt(plainText, certificate, false); break; } case SecurityPolicies.None: { break; } default: { throw ServiceResultException.Create( StatusCodes.BadSecurityPolicyRejected, "Unsupported security policy: {0}", securityPolicyUri); } } return encryptedData; }