public EncryptedHeaderXml(MessageVersion version, bool shouldReadXmlReferenceKeyInfoClause) { this.version = version; encryptedData = new EncryptedData(); // This is for the case when the service send an EncryptedHeader to the client where the KeyInfo clause contains referenceXml clause. encryptedData.ShouldReadXmlReferenceKeyInfoClause = shouldReadXmlReferenceKeyInfoClause; }
protected override byte[] DecryptSecurityHeaderElement(EncryptedData encryptedData, WrappedKeySecurityToken wrappedKeyToken, out SecurityToken encryptionToken) { if ((encryptedData.KeyIdentifier != null) || (wrappedKeyToken == null)) { encryptionToken = ResolveKeyIdentifier(encryptedData.KeyIdentifier, base.CombinedPrimaryTokenResolver, false); if ((((wrappedKeyToken != null) && (wrappedKeyToken.ReferenceList != null)) && (encryptedData.HasId && wrappedKeyToken.ReferenceList.ContainsReferredId(encryptedData.Id))) && (wrappedKeyToken != encryptionToken)) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("EncryptedKeyWasNotEncryptedWithTheRequiredEncryptingToken", new object[] { wrappedKeyToken }))); } } else { encryptionToken = wrappedKeyToken; } using (SymmetricAlgorithm algorithm = CreateDecryptionAlgorithm(encryptionToken, encryptedData.EncryptionMethod, base.AlgorithmSuite)) { encryptedData.SetUpDecryption(algorithm); return encryptedData.GetDecryptedBuffer(); } }
void DecryptBody(XmlDictionaryReader bodyContentReader, SecurityToken token) { EncryptedData bodyXml = new EncryptedData(); bodyXml.ShouldReadXmlReferenceKeyInfoClause = this.MessageDirection == MessageDirection.Output; bodyXml.SecurityTokenSerializer = this.StandardsManager.SecurityTokenSerializer; bodyXml.ReadFrom(bodyContentReader, MaxReceivedMessageSize); if (!bodyContentReader.EOF && bodyContentReader.NodeType != XmlNodeType.EndElement) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new FormatException(SR.GetString(SR.BadEncryptedBody))); } if (token == null) { token = ResolveKeyIdentifier(bodyXml.KeyIdentifier, this.PrimaryTokenResolver, false); } RecordEncryptionToken(token); using (SymmetricAlgorithm algorithm = CreateDecryptionAlgorithm(token, bodyXml.EncryptionMethod, this.AlgorithmSuite)) { bodyXml.SetUpDecryption(algorithm); this.SecurityVerifiedMessage.SetDecryptedBody(bodyXml.GetDecryptedBuffer()); } }
private void DecryptBody(XmlDictionaryReader bodyContentReader, SecurityToken token) { EncryptedData data = new EncryptedData { SecurityTokenSerializer = base.StandardsManager.SecurityTokenSerializer }; data.ReadFrom(bodyContentReader, base.MaxReceivedMessageSize); if (!bodyContentReader.EOF && (bodyContentReader.NodeType != XmlNodeType.EndElement)) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new FormatException(System.ServiceModel.SR.GetString("BadEncryptedBody"))); } if (token == null) { token = ResolveKeyIdentifier(data.KeyIdentifier, base.PrimaryTokenResolver, false); } base.RecordEncryptionToken(token); using (SymmetricAlgorithm algorithm = CreateDecryptionAlgorithm(token, data.EncryptionMethod, base.AlgorithmSuite)) { data.SetUpDecryption(algorithm); base.SecurityVerifiedMessage.SetDecryptedBody(data.GetDecryptedBuffer()); } }
EncryptedData CreateEncryptedData() { EncryptedData encryptedData = new EncryptedData(); encryptedData.SecurityTokenSerializer = this.StandardsManager.SecurityTokenSerializer; encryptedData.KeyIdentifier = this.encryptionKeyIdentifier; encryptedData.EncryptionMethod = this.EncryptionAlgorithm; encryptedData.EncryptionMethodDictionaryString = this.EncryptionAlgorithmDictionaryString; return encryptedData; }
protected override byte[] DecryptSecurityHeaderElement( EncryptedData encryptedData, WrappedKeySecurityToken wrappedKeyToken, out SecurityToken encryptionToken) { if ((encryptedData.KeyIdentifier != null) || (wrappedKeyToken == null)) { // The EncryptedData might have a KeyInfo inside it. Try resolving the SecurityKeyIdentifier. encryptionToken = ResolveKeyIdentifier(encryptedData.KeyIdentifier, this.CombinedPrimaryTokenResolver, false); if (wrappedKeyToken != null && wrappedKeyToken.ReferenceList != null && encryptedData.HasId && wrappedKeyToken.ReferenceList.ContainsReferredId(encryptedData.Id) && (wrappedKeyToken != encryptionToken)) { // We have a EncryptedKey with a ReferenceList inside it. This would mean that // all the EncryptedData pointed by the ReferenceList should be encrypted only // by this key. The individual EncryptedData elements if containing a KeyInfo // clause should point back to the same EncryptedKey token. throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.EncryptedKeyWasNotEncryptedWithTheRequiredEncryptingToken, wrappedKeyToken))); } } else { encryptionToken = wrappedKeyToken; } using (SymmetricAlgorithm algorithm = CreateDecryptionAlgorithm(encryptionToken, encryptedData.EncryptionMethod, this.AlgorithmSuite)) { encryptedData.SetUpDecryption(algorithm); return encryptedData.GetDecryptedBuffer(); } }
protected override EncryptedData ReadSecurityHeaderEncryptedItem(XmlDictionaryReader reader, bool readXmlreferenceKeyInfoClause) { EncryptedData encryptedData = new EncryptedData(); encryptedData.ShouldReadXmlReferenceKeyInfoClause = readXmlreferenceKeyInfoClause; encryptedData.SecurityTokenSerializer = this.StandardsManager.SecurityTokenSerializer; encryptedData.ReadFrom(reader); return encryptedData; }
protected override EncryptedData ReadSecurityHeaderEncryptedItem(XmlDictionaryReader reader) { EncryptedData data = new EncryptedData { SecurityTokenSerializer = base.StandardsManager.SecurityTokenSerializer }; data.ReadFrom(reader); return data; }
public void WriteBodyToSignThenEncryptWithFragments( Stream stream, bool includeComments, string[] inclusivePrefixes, EncryptedData encryptedData, SymmetricAlgorithm algorithm, XmlDictionaryWriter writer) { IFragmentCapableXmlDictionaryWriter fragmentingWriter = (IFragmentCapableXmlDictionaryWriter) writer; SetBodyId(); encryptedData.Id = this.securityHeader.GenerateId(); this.startBodyFragment = new MemoryStream(); BufferedOutputStream bodyContentFragment = new BufferManagerOutputStream(SR.XmlBufferQuotaExceeded, 1024, int.MaxValue, this.securityHeader.StreamBufferManager); this.endBodyFragment = new MemoryStream(); writer.StartCanonicalization(stream, includeComments, inclusivePrefixes); fragmentingWriter.StartFragment(this.startBodyFragment, false); WriteStartInnerMessageWithId(writer); fragmentingWriter.EndFragment(); fragmentingWriter.StartFragment(bodyContentFragment, true); this.InnerMessage.WriteBodyContents(writer); fragmentingWriter.EndFragment(); fragmentingWriter.StartFragment(this.endBodyFragment, false); writer.WriteEndElement(); fragmentingWriter.EndFragment(); writer.EndCanonicalization(); int bodyLength; byte[] bodyBuffer = bodyContentFragment.ToArray(out bodyLength); encryptedData.SetUpEncryption(algorithm, new ArraySegment<byte>(bodyBuffer, 0, bodyLength)); this.encryptedBodyContent = encryptedData; this.state = BodyState.SignedThenEncrypted; }
public void WriteBodyToSignThenEncrypt(Stream canonicalStream, EncryptedData encryptedData, SymmetricAlgorithm algorithm) { XmlBuffer buffer = new XmlBuffer(int.MaxValue); XmlDictionaryWriter fragmentingWriter = buffer.OpenSection(XmlDictionaryReaderQuotas.Max); WriteBodyToSignThenEncryptWithFragments(canonicalStream, false, null, encryptedData, algorithm, fragmentingWriter); ((IFragmentCapableXmlDictionaryWriter)fragmentingWriter).WriteFragment(this.startBodyFragment.GetBuffer(), 0, (int)this.startBodyFragment.Length); ((IFragmentCapableXmlDictionaryWriter)fragmentingWriter).WriteFragment(this.endBodyFragment.GetBuffer(), 0, (int)this.endBodyFragment.Length); buffer.CloseSection(); buffer.Close(); this.startBodyFragment = null; this.endBodyFragment = null; XmlDictionaryReader reader = buffer.GetReader(0); reader.MoveToContent(); this.bodyPrefix = reader.Prefix; if (reader.HasAttributes) { this.bodyAttributes = XmlAttributeHolder.ReadAttributes(reader); } reader.Close(); }
public void WriteBodyToEncryptThenSign(Stream canonicalStream, EncryptedData encryptedData, SymmetricAlgorithm algorithm) { encryptedData.Id = this.securityHeader.GenerateId(); SetBodyId(); XmlDictionaryWriter encryptingWriter = XmlDictionaryWriter.CreateTextWriter(Stream.Null); // The XmlSerializer body formatter would add a // document declaration to the body fragment when a fresh writer // is provided. Hence, insert a dummy element here and capture // the body contents as a fragment. encryptingWriter.WriteStartElement("a"); MemoryStream ms = new MemoryStream(); ((IFragmentCapableXmlDictionaryWriter)encryptingWriter).StartFragment(ms, true); this.InnerMessage.WriteBodyContents(encryptingWriter); ((IFragmentCapableXmlDictionaryWriter)encryptingWriter).EndFragment(); encryptingWriter.WriteEndElement(); ms.Flush(); encryptedData.SetUpEncryption(algorithm, new ArraySegment<byte>(ms.GetBuffer(), 0, (int) ms.Length)); this.fullBodyBuffer = new XmlBuffer(int.MaxValue); XmlDictionaryWriter canonicalWriter = this.fullBodyBuffer.OpenSection(XmlDictionaryReaderQuotas.Max); canonicalWriter.StartCanonicalization(canonicalStream, false, null); WriteStartInnerMessageWithId(canonicalWriter); encryptedData.WriteTo(canonicalWriter, ServiceModelDictionaryManager.Instance); canonicalWriter.WriteEndElement(); canonicalWriter.EndCanonicalization(); canonicalWriter.Flush(); this.fullBodyBuffer.CloseSection(); this.fullBodyBuffer.Close(); this.state = BodyState.EncryptedThenSigned; }
public void WriteBodyToEncrypt(EncryptedData encryptedData, SymmetricAlgorithm algorithm) { encryptedData.Id = this.securityHeader.GenerateId(); BodyContentHelper helper = new BodyContentHelper(); XmlDictionaryWriter encryptingWriter = helper.CreateWriter(); this.InnerMessage.WriteBodyContents(encryptingWriter); encryptedData.SetUpEncryption(algorithm, helper.ExtractResult()); this.encryptedBodyContent = encryptedData; this.state = BodyState.Encrypted; }
public void WriteBodyToSignThenEncryptWithFragments(Stream stream, bool includeComments, string[] inclusivePrefixes, EncryptedData encryptedData, SymmetricAlgorithm algorithm, XmlDictionaryWriter writer) { int num; IFragmentCapableXmlDictionaryWriter writer2 = (IFragmentCapableXmlDictionaryWriter) writer; this.SetBodyId(); encryptedData.Id = this.securityHeader.GenerateId(); this.startBodyFragment = new MemoryStream(); BufferedOutputStream stream2 = new BufferManagerOutputStream("XmlBufferQuotaExceeded", 0x400, 0x7fffffff, BufferManager.CreateBufferManager(0L, 0x7fffffff)); this.endBodyFragment = new MemoryStream(); writer.StartCanonicalization(stream, includeComments, inclusivePrefixes); writer2.StartFragment(this.startBodyFragment, false); this.WriteStartInnerMessageWithId(writer); writer2.EndFragment(); writer2.StartFragment(stream2, true); base.InnerMessage.WriteBodyContents(writer); writer2.EndFragment(); writer2.StartFragment(this.endBodyFragment, false); writer.WriteEndElement(); writer2.EndFragment(); writer.EndCanonicalization(); byte[] array = stream2.ToArray(out num); encryptedData.SetUpEncryption(algorithm, new ArraySegment<byte>(array, 0, num)); this.encryptedBodyContent = encryptedData; this.state = BodyState.SignedThenEncrypted; }
public void WriteBodyToEncryptThenSign(Stream canonicalStream, EncryptedData encryptedData, SymmetricAlgorithm algorithm) { encryptedData.Id = this.securityHeader.GenerateId(); this.SetBodyId(); XmlDictionaryWriter writer = XmlDictionaryWriter.CreateTextWriter(Stream.Null); writer.WriteStartElement("a"); MemoryStream stream = new MemoryStream(); ((IFragmentCapableXmlDictionaryWriter) writer).StartFragment(stream, true); base.InnerMessage.WriteBodyContents(writer); ((IFragmentCapableXmlDictionaryWriter) writer).EndFragment(); writer.WriteEndElement(); stream.Flush(); encryptedData.SetUpEncryption(algorithm, new ArraySegment<byte>(stream.GetBuffer(), 0, (int) stream.Length)); this.fullBodyBuffer = new XmlBuffer(0x7fffffff); XmlDictionaryWriter writer2 = this.fullBodyBuffer.OpenSection(XmlDictionaryReaderQuotas.Max); writer2.StartCanonicalization(canonicalStream, false, null); this.WriteStartInnerMessageWithId(writer2); encryptedData.WriteTo(writer2, ServiceModelDictionaryManager.Instance); writer2.WriteEndElement(); writer2.EndCanonicalization(); writer2.Flush(); this.fullBodyBuffer.CloseSection(); this.fullBodyBuffer.Close(); this.state = BodyState.EncryptedThenSigned; }
public void WriteBodyToSignThenEncryptWithFragments(Stream stream, bool includeComments, string[] inclusivePrefixes, EncryptedData encryptedData, SymmetricAlgorithm algorithm, XmlDictionaryWriter writer) { int num; IFragmentCapableXmlDictionaryWriter writer2 = (IFragmentCapableXmlDictionaryWriter)writer; this.SetBodyId(); encryptedData.Id = this.securityHeader.GenerateId(); this.startBodyFragment = new MemoryStream(); BufferedOutputStream stream2 = new BufferManagerOutputStream("XmlBufferQuotaExceeded", 0x400, 0x7fffffff, BufferManager.CreateBufferManager(0L, 0x7fffffff)); this.endBodyFragment = new MemoryStream(); writer.StartCanonicalization(stream, includeComments, inclusivePrefixes); writer2.StartFragment(this.startBodyFragment, false); this.WriteStartInnerMessageWithId(writer); writer2.EndFragment(); writer2.StartFragment(stream2, true); base.InnerMessage.WriteBodyContents(writer); writer2.EndFragment(); writer2.StartFragment(this.endBodyFragment, false); writer.WriteEndElement(); writer2.EndFragment(); writer.EndCanonicalization(); byte[] array = stream2.ToArray(out num); encryptedData.SetUpEncryption(algorithm, new ArraySegment <byte>(array, 0, num)); this.encryptedBodyContent = encryptedData; this.state = BodyState.SignedThenEncrypted; }