SendSecurityHeader.cs source code in C# .NET

Source code for the .NET framework in C#

                        

Code:

/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / Security / SendSecurityHeader.cs / 1 / SendSecurityHeader.cs

                            //---------------------------------------------------------- 
// Copyright (c) Microsoft Corporation.  All rights reserved.
//-----------------------------------------------------------

namespace System.ServiceModel.Security 
{
    using System.Collections.Generic; 
    using System.ServiceModel.Channels; 
    using System.ServiceModel;
    using System.ServiceModel.Description; 
    using System.Collections.ObjectModel;
    using System.Diagnostics;
    using System.IO;
    using System.IdentityModel.Tokens; 
    using System.IdentityModel.Selectors;
    using System.Security.Cryptography; 
 
    using System.ServiceModel.Security.Tokens;
    using System.Xml; 
    using System.ServiceModel.Diagnostics;

    using DictionaryManager = System.IdentityModel.DictionaryManager;
    using ISecurityElement = System.IdentityModel.ISecurityElement; 
    using ISignatureValueSecurityElement = System.IdentityModel.ISignatureValueSecurityElement;
    using IPrefixGenerator = System.IdentityModel.IPrefixGenerator; 
 
    abstract class SendSecurityHeader : SecurityHeader, IMessageHeaderWithSharedNamespace
    { 
        bool basicTokenEncrypted;
        SendSecurityHeaderElementContainer elementContainer;
        bool primarySignatureDone;
        bool encryptSignature; 
        SignatureConfirmations signatureValuesGenerated;
        SignatureConfirmations signatureConfirmationsToSend; 
        int idCounter; 
        string idPrefix;
        bool hasSignedTokens; 
        bool hasEncryptedTokens;
        MessagePartSpecification signatureParts;
        MessagePartSpecification encryptionParts;
        SecurityTokenParameters signingTokenParameters; 
        SecurityTokenParameters encryptingTokenParameters;
        List basicSupportingTokenParameters = null; 
        List endorsingTokenParameters = null; 
        List signedEndorsingTokenParameters = null;
        List signedTokenParameters = null; 
        SecurityToken encryptingToken;
        bool skipKeyInfoForEncryption;
        byte[] primarySignatureValue = null;
 
        bool shouldSignToHeader = false;
 
        SecurityProtocolCorrelationState correlationState; 
        bool signThenEncrypt = true;
        static readonly string[] ids = new string[] { "_0", "_1", "_2", "_3", "_4", "_5", "_6", "_7", "_8", "_9" }; 

        protected SendSecurityHeader(Message message, string actor, bool mustUnderstand, bool relay,
            SecurityStandardsManager standardsManager,
            SecurityAlgorithmSuite algorithmSuite, 
            MessageDirection transferDirection)
            : base(message, actor, mustUnderstand, relay, standardsManager, algorithmSuite, transferDirection) 
        { 
            this.elementContainer = new SendSecurityHeaderElementContainer();
        } 

        public SecurityProtocolCorrelationState CorrelationState
        {
            get { return this.correlationState; } 
            set
            { 
                ThrowIfProcessingStarted(); 
                this.correlationState = value;
            } 
        }

        public MessagePartSpecification EncryptionParts
        { 
            get { return this.encryptionParts; }
            set 
            { 
                ThrowIfProcessingStarted();
                if (value == null) 
                {
                    throw TraceUtility.ThrowHelperError(new ArgumentNullException("value"), this.Message);
                }
                if (!value.IsReadOnly) 
                {
                    throw TraceUtility.ThrowHelperError(new InvalidOperationException( 
                        SR.GetString(SR.MessagePartSpecificationMustBeImmutable)), this.Message); 
                }
                this.encryptionParts = value; 
            }
        }

        public bool EncryptPrimarySignature 
        {
            get { return this.encryptSignature; } 
            set 
            {
                ThrowIfProcessingStarted(); 
                this.encryptSignature = value;
            }
        }
 
        internal byte[] PrimarySignatureValue
        { 
            get { return this.primarySignatureValue; } 
        }
 
        protected bool ShouldSignToHeader
        {
            get { return this.shouldSignToHeader; }
        } 

        public string IdPrefix 
        { 
            get { return this.idPrefix; }
            set 
            {
                ThrowIfProcessingStarted();
                this.idPrefix = string.IsNullOrEmpty(value) || value == "_" ? null : value;
            } 
        }
 
        public override string Name 
        {
            get { return this.StandardsManager.SecurityVersion.HeaderName.Value; } 
        }

        public override string Namespace
        { 
            get { return this.StandardsManager.SecurityVersion.HeaderNamespace.Value; }
        } 
 
        protected SecurityAppliedMessage SecurityAppliedMessage
        { 
            get { return (SecurityAppliedMessage) this.Message; }
        }

        public bool SignThenEncrypt 
        {
            get { return this.signThenEncrypt; } 
            set 
            {
                ThrowIfProcessingStarted(); 
                this.signThenEncrypt = value;
            }
        }
 
        public MessagePartSpecification SignatureParts
        { 
            get { return this.signatureParts; } 
            set
            { 
                ThrowIfProcessingStarted();
                if (value == null)
                {
                    throw TraceUtility.ThrowHelperError(new ArgumentNullException("value"), this.Message); 
                }
                if (!value.IsReadOnly) 
                { 
                    throw TraceUtility.ThrowHelperError(new InvalidOperationException(
                        SR.GetString(SR.MessagePartSpecificationMustBeImmutable)), this.Message); 
                }
                this.signatureParts = value;
            }
        } 

        public SecurityTimestamp Timestamp 
        { 
            get { return this.elementContainer.Timestamp; }
        } 

        public bool HasSignedTokens
        {
            get 
            {
                return this.hasSignedTokens; 
            } 
        }
 
        public bool HasEncryptedTokens
        {
            get
            { 
                return this.hasEncryptedTokens;
            } 
        } 

        public void AddPrerequisiteToken(SecurityToken token) 
        {
            ThrowIfProcessingStarted();
            if (token == null)
            { 
                throw TraceUtility.ThrowHelperArgumentNull("token", this.Message);
            } 
            this.elementContainer.PrerequisiteToken = token; 
        }
 
        void AddParameters(ref List list, SecurityTokenParameters item)
        {
            if (list == null)
            { 
                list = new List();
            } 
            list.Add(item); 
        }
 
        public abstract void ApplyBodySecurity(XmlDictionaryWriter writer, IPrefixGenerator prefixGenerator);

        public abstract void ApplySecurityAndWriteHeaders(MessageHeaders headers, XmlDictionaryWriter writer, IPrefixGenerator prefixGenerator);
 
        protected virtual bool HasSignedEncryptedMessagePart
        { 
            get { return false; } 
        }
 
        public void SetSigningToken(SecurityToken token, SecurityTokenParameters tokenParameters)
        {
            ThrowIfProcessingStarted();
            if ((token == null && tokenParameters != null) || (token != null && tokenParameters == null)) 
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentException(SR.GetString(SR.TokenMustBeNullWhenTokenParametersAre))); 
            } 
            this.elementContainer.SourceSigningToken = token;
            this.signingTokenParameters = tokenParameters; 
        }

        public void SetEncryptionToken(SecurityToken token, SecurityTokenParameters tokenParameters)
        { 
            ThrowIfProcessingStarted();
            if ((token == null && tokenParameters != null) || (token != null && tokenParameters == null)) 
            { 
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentException(SR.GetString(SR.TokenMustBeNullWhenTokenParametersAre)));
            } 
            this.elementContainer.SourceEncryptionToken = token;
            this.encryptingTokenParameters = tokenParameters;
        }
 

        public void AddBasicSupportingToken(SecurityToken token, SecurityTokenParameters parameters) 
        { 
            if (token == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token"); 
            if (parameters == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("parameters");
            ThrowIfProcessingStarted();
            SendSecurityHeaderElement tokenElement = new SendSecurityHeaderElement(token.Id, new TokenElement(token, this.StandardsManager)); 
            tokenElement.MarkedForEncryption = true;
            this.elementContainer.AddBasicSupportingToken(tokenElement); 
            hasEncryptedTokens = true; 
            hasSignedTokens = true;
            this.AddParameters(ref this.basicSupportingTokenParameters, parameters); 
        }

        public void AddEndorsingSupportingToken(SecurityToken token, SecurityTokenParameters parameters)
        { 
            if (token == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token"); 
            if (parameters == null) 
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("parameters");
            ThrowIfProcessingStarted(); 
            this.elementContainer.AddEndorsingSupportingToken(token);
            this.shouldSignToHeader |= (!this.RequireMessageProtection) && (SecurityUtils.GetSecurityKey(token) != null);
            this.AddParameters(ref this.endorsingTokenParameters, parameters);
        } 

        public void AddSignedEndorsingSupportingToken(SecurityToken token, SecurityTokenParameters parameters) 
        { 
            if (token == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token"); 
            if (parameters == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("parameters");
            ThrowIfProcessingStarted();
            this.elementContainer.AddSignedEndorsingSupportingToken(token); 
            hasSignedTokens = true;
            this.shouldSignToHeader |= (!this.RequireMessageProtection) && (SecurityUtils.GetSecurityKey(token) != null); 
            this.AddParameters(ref this.signedEndorsingTokenParameters, parameters); 
        }
 
        public void AddSignedSupportingToken(SecurityToken token, SecurityTokenParameters parameters)
        {
            if (token == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token"); 
            if (parameters == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("parameters"); 
            ThrowIfProcessingStarted(); 
            this.elementContainer.AddSignedSupportingToken(token);
            hasSignedTokens = true; 
            this.AddParameters(ref this.signedTokenParameters, parameters);
        }

        public void AddSignatureConfirmations(SignatureConfirmations confirmations) 
        {
            ThrowIfProcessingStarted(); 
            this.signatureConfirmationsToSend = confirmations; 
        }
 
        public void AddTimestamp(TimeSpan timestampValidityDuration)
        {
            DateTime now = DateTime.UtcNow;
            string id = this.RequireMessageProtection ? SecurityUtils.GenerateId() : GenerateId(); 
            AddTimestamp(new SecurityTimestamp(now, now + timestampValidityDuration, id));
        } 
 
        public void AddTimestamp(SecurityTimestamp timestamp)
        { 
            ThrowIfProcessingStarted();
            if (this.elementContainer.Timestamp != null)
            {
                throw TraceUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.TimestampAlreadySetForSecurityHeader)), this.Message); 
            }
            if (timestamp == null) 
            { 
                throw TraceUtility.ThrowHelperArgumentNull("timestamp", this.Message);
            } 

            this.elementContainer.Timestamp = timestamp;
        }
 
        protected virtual ISignatureValueSecurityElement[] CreateSignatureConfirmationElements(SignatureConfirmations signatureConfirmations)
        { 
            throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException( 
                SR.GetString(SR.SignatureConfirmationNotSupported)));
        } 

        void StartEncryption()
        {
            if (this.elementContainer.SourceEncryptionToken == null) 
            {
                return; 
            } 
            // determine the key identifier clause to use for the source
            SecurityTokenReferenceStyle sourceEncryptingKeyReferenceStyle = GetTokenReferenceStyle(this.encryptingTokenParameters); 
            bool encryptionTokenSerialized = sourceEncryptingKeyReferenceStyle == SecurityTokenReferenceStyle.Internal;
            SecurityKeyIdentifierClause sourceEncryptingKeyIdentifierClause = this.encryptingTokenParameters.CreateKeyIdentifierClause(this.elementContainer.SourceEncryptionToken, sourceEncryptingKeyReferenceStyle);
            if (sourceEncryptingKeyIdentifierClause == null)
            { 
                throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.TokenManagerCannotCreateTokenReference)), this.Message);
            } 
            SecurityToken sourceToken; 
            SecurityKeyIdentifierClause sourceTokenIdentifierClause;
 
            // if the source token cannot do symmetric crypto, create a wrapped key
            if (!SecurityUtils.HasSymmetricSecurityKey(elementContainer.SourceEncryptionToken))
            {
                int keyLength = Math.Max(128, this.AlgorithmSuite.DefaultSymmetricKeyLength); 
                CryptoHelper.ValidateSymmetricKeyLength(keyLength, this.AlgorithmSuite);
                byte[] key = new byte[keyLength / 8]; 
                CryptoHelper.FillRandomBytes(key); 
                string keyWrapAlgorithm;
                XmlDictionaryString keyWrapAlgorithmDictionaryString; 
                this.AlgorithmSuite.GetKeyWrapAlgorithm(elementContainer.SourceEncryptionToken, out keyWrapAlgorithm, out keyWrapAlgorithmDictionaryString);
                WrappedKeySecurityToken wrappedKey = new WrappedKeySecurityToken(GenerateId(), key, keyWrapAlgorithm, keyWrapAlgorithmDictionaryString,
                    elementContainer.SourceEncryptionToken, new SecurityKeyIdentifier(sourceEncryptingKeyIdentifierClause));
                elementContainer.WrappedEncryptionToken = wrappedKey; 
                sourceToken = wrappedKey;
                sourceTokenIdentifierClause = new LocalIdKeyIdentifierClause(wrappedKey.Id); 
                encryptionTokenSerialized = true; 
            }
            else 
            {
                sourceToken = elementContainer.SourceEncryptionToken;
                sourceTokenIdentifierClause = sourceEncryptingKeyIdentifierClause;
            } 

            // determine if a key needs to be derived 
            SecurityKeyIdentifierClause encryptingKeyIdentifierClause; 
            // determine if a token needs to be derived
            if (this.encryptingTokenParameters.RequireDerivedKeys) 
            {
                string derivationAlgorithm = this.AlgorithmSuite.GetEncryptionKeyDerivationAlgorithm(sourceToken, this.StandardsManager.MessageSecurityVersion.SecureConversationVersion);
                string expectedDerivationAlgorithm = SecurityUtils.GetKeyDerivationAlgorithm(this.StandardsManager.MessageSecurityVersion.SecureConversationVersion);
                if (derivationAlgorithm == expectedDerivationAlgorithm) 
                {
                    DerivedKeySecurityToken derivedEncryptingToken = new DerivedKeySecurityToken(-1, 0, 
                        this.AlgorithmSuite.GetEncryptionKeyDerivationLength(sourceToken, this.StandardsManager.MessageSecurityVersion.SecureConversationVersion), null, DerivedKeySecurityToken.DefaultNonceLength, sourceToken, sourceTokenIdentifierClause, derivationAlgorithm, GenerateId()); 
                    this.encryptingToken = this.elementContainer.DerivedEncryptionToken = derivedEncryptingToken;
                    encryptingKeyIdentifierClause = new LocalIdKeyIdentifierClause(derivedEncryptingToken.Id); 
                }
                else
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.UnsupportedCryptoAlgorithm, derivationAlgorithm))); 
                }
            } 
            else 
            {
                this.encryptingToken = sourceToken; 
                encryptingKeyIdentifierClause = sourceTokenIdentifierClause;
            }

            this.skipKeyInfoForEncryption = encryptionTokenSerialized && this.EncryptedKeyContainsReferenceList && (this.encryptingToken is WrappedKeySecurityToken) && this.signThenEncrypt; 
            SecurityKeyIdentifier identifier;
            if (this.skipKeyInfoForEncryption) 
            { 
                identifier = null;
            } 
            else
            {
                identifier = new SecurityKeyIdentifier(encryptingKeyIdentifierClause);
            } 

            StartEncryptionCore(this.encryptingToken, identifier); 
        } 

        void CompleteEncryption() 
        {
            ISecurityElement referenceList = CompleteEncryptionCore(
                elementContainer.PrimarySignature,
                elementContainer.GetBasicSupportingTokens(), 
                elementContainer.GetSignatureConfirmations(),
                elementContainer.GetEndorsingSignatures()); 
 
            if (referenceList == null)
            { 
                // null out all the encryption fields since there is no encryption needed
                this.elementContainer.SourceEncryptionToken = null;
                this.elementContainer.WrappedEncryptionToken = null;
                this.elementContainer.DerivedEncryptionToken = null; 
                return;
            } 
 
            if (this.skipKeyInfoForEncryption)
            { 
                WrappedKeySecurityToken wrappedKeyToken = this.encryptingToken as WrappedKeySecurityToken;
                wrappedKeyToken.EnsureEncryptedKeySetUp();
                wrappedKeyToken.EncryptedKey.ReferenceList = (ReferenceList) referenceList;
            } 
            else
            { 
                this.elementContainer.ReferenceList = referenceList; 
            }
            basicTokenEncrypted = true; 
        }

        internal void StartSecurityApplication()
        { 
            if (this.SignThenEncrypt)
            { 
                StartSignature(); 
                StartEncryption();
            } 
            else
            {
                StartEncryption();
                StartSignature(); 
            }
        } 
 
        internal void CompleteSecurityApplication()
        { 
            if (this.SignThenEncrypt)
            {
                CompleteSignature();
                SignWithSupportingTokens(); 
                CompleteEncryption();
            } 
            else 
            {
                CompleteEncryption(); 
                CompleteSignature();
                SignWithSupportingTokens();
            }
 
            if (this.correlationState != null)
            { 
                this.correlationState.SignatureConfirmations = GetSignatureValues(); 
            }
        } 

        public void RemoveSignatureEncryptionIfAppropriate()
        {
            if (this.SignThenEncrypt && 
                this.EncryptPrimarySignature &&
                (this.SecurityAppliedMessage.BodyProtectionMode != MessagePartProtectionMode.SignThenEncrypt) && 
                (this.basicSupportingTokenParameters == null || this.basicSupportingTokenParameters.Count == 0) && 
                (this.signatureConfirmationsToSend == null || this.signatureConfirmationsToSend.Count == 0 || !this.signatureConfirmationsToSend.IsMarkedForEncryption) &&
                !this.HasSignedEncryptedMessagePart) 
            {
                this.encryptSignature = false;
            }
        } 

        public string GenerateId() 
        { 
            int id = this.idCounter++;
 
            if (this.idPrefix != null)
            {
                return this.idPrefix + id;
            } 

            if (id < ids.Length) 
            { 
                return ids[id];
            } 
            else
            {
                return "_" + id;
            } 
        }
 
        SignatureConfirmations GetSignatureValues() 
        {
            return this.signatureValuesGenerated; 
        }

        protected override void OnWriteStartHeader(XmlDictionaryWriter writer, MessageVersion messageVersion)
        { 
            this.StandardsManager.SecurityVersion.WriteStartHeader(writer);
            WriteHeaderAttributes(writer, messageVersion); 
        } 

        internal static bool ShouldSerializeToken(SecurityTokenParameters parameters, MessageDirection transferDirection) 
        {
            switch (parameters.InclusionMode)
            {
                case SecurityTokenInclusionMode.AlwaysToInitiator: 
                    return (transferDirection == MessageDirection.Output);
                case SecurityTokenInclusionMode.Once: 
                case SecurityTokenInclusionMode.AlwaysToRecipient: 
                    return (transferDirection == MessageDirection.Input);
                case SecurityTokenInclusionMode.Never: 
                    return false;
                default:
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.UnsupportedTokenInclusionMode, parameters.InclusionMode)));
            } 
        }
 
        protected override void OnWriteHeaderContents(XmlDictionaryWriter writer, MessageVersion messageVersion) 
        {
            if (this.basicSupportingTokenParameters != null && this.basicSupportingTokenParameters.Count > 0 
                && this.RequireMessageProtection && !basicTokenEncrypted)
            {
                throw TraceUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.BasicTokenCannotBeWrittenWithoutEncryption)), this.Message);
            } 

            if (this.elementContainer.Timestamp != null && this.Layout != SecurityHeaderLayout.LaxTimestampLast) 
            { 
                this.StandardsManager.WSUtilitySpecificationVersion.WriteTimestamp(writer, this.elementContainer.Timestamp);
            } 
            if (elementContainer.PrerequisiteToken != null)
            {
                this.StandardsManager.SecurityTokenSerializer.WriteToken(writer, elementContainer.PrerequisiteToken);
            } 
            if (elementContainer.SourceSigningToken != null && ShouldSerializeToken(this.signingTokenParameters, this.MessageDirection))
            { 
                this.StandardsManager.SecurityTokenSerializer.WriteToken(writer, elementContainer.SourceSigningToken); 
            }
            if (elementContainer.DerivedSigningToken != null) 
            {
                this.StandardsManager.SecurityTokenSerializer.WriteToken(writer, elementContainer.DerivedSigningToken);
            }
            if (elementContainer.SourceEncryptionToken != null && elementContainer.SourceEncryptionToken != elementContainer.SourceSigningToken && ShouldSerializeToken(encryptingTokenParameters, this.MessageDirection)) 
            {
                this.StandardsManager.SecurityTokenSerializer.WriteToken(writer, elementContainer.SourceEncryptionToken); 
            } 
            if (elementContainer.WrappedEncryptionToken != null)
            { 
                this.StandardsManager.SecurityTokenSerializer.WriteToken(writer, elementContainer.WrappedEncryptionToken);
            }
            if (elementContainer.DerivedEncryptionToken != null)
            { 
                this.StandardsManager.SecurityTokenSerializer.WriteToken(writer, elementContainer.DerivedEncryptionToken);
            } 
            if (this.SignThenEncrypt) 
            {
                if (elementContainer.ReferenceList != null) 
                {
                    elementContainer.ReferenceList.WriteTo(writer, ServiceModelDictionaryManager.Instance);
                }
            } 
            SecurityToken[] signedTokens = elementContainer.GetSignedSupportingTokens();
            if (signedTokens != null) 
            { 
                for (int i = 0; i < signedTokens.Length; ++i)
                { 
                    this.StandardsManager.SecurityTokenSerializer.WriteToken(writer, signedTokens[i]);
                }
            }
            SendSecurityHeaderElement[] basicTokens = elementContainer.GetBasicSupportingTokens(); 
            if (basicTokens != null)
            { 
                for (int i = 0; i < basicTokens.Length; ++i) 
                {
                    basicTokens[i].Item.WriteTo(writer, ServiceModelDictionaryManager.Instance); 
                }
            }
            SecurityToken[] endorsingTokens = elementContainer.GetEndorsingSupportingTokens();
            if (endorsingTokens != null) 
            {
                for (int i = 0; i < endorsingTokens.Length; ++i) 
                { 
                    if (ShouldSerializeToken(endorsingTokenParameters[i], this.MessageDirection))
                    { 
                        this.StandardsManager.SecurityTokenSerializer.WriteToken(writer, endorsingTokens[i]);
                    }
                }
            } 
            SecurityToken[] endorsingDerivedTokens = elementContainer.GetEndorsingDerivedSupportingTokens();
            if (endorsingDerivedTokens != null) 
            { 
                for (int i = 0; i < endorsingDerivedTokens.Length; ++i)
                { 
                    this.StandardsManager.SecurityTokenSerializer.WriteToken(writer, endorsingDerivedTokens[i]);
                }
            }
            SecurityToken[] signedEndorsingTokens = elementContainer.GetSignedEndorsingSupportingTokens(); 
            if (signedEndorsingTokens != null)
            { 
                for (int i = 0; i < signedEndorsingTokens.Length; ++i) 
                {
                    this.StandardsManager.SecurityTokenSerializer.WriteToken(writer, signedEndorsingTokens[i]); 
                }
            }
            SecurityToken[] signedEndorsingDerivedTokens = elementContainer.GetSignedEndorsingDerivedSupportingTokens();
            if (signedEndorsingDerivedTokens != null) 
            {
                for (int i = 0; i < signedEndorsingDerivedTokens.Length; ++i) 
                { 
                    this.StandardsManager.SecurityTokenSerializer.WriteToken(writer, signedEndorsingDerivedTokens[i]);
                } 
            }
            SendSecurityHeaderElement[] signatureConfirmations = elementContainer.GetSignatureConfirmations();
            if (signatureConfirmations != null)
            { 
                for (int i = 0; i < signatureConfirmations.Length; ++i)
                { 
                    signatureConfirmations[i].Item.WriteTo(writer, ServiceModelDictionaryManager.Instance); 
                }
            } 
            if (elementContainer.PrimarySignature != null && elementContainer.PrimarySignature.Item != null)
            {
                elementContainer.PrimarySignature.Item.WriteTo(writer, ServiceModelDictionaryManager.Instance);
            } 
            SendSecurityHeaderElement[] endorsingSignatures = elementContainer.GetEndorsingSignatures();
            if (endorsingSignatures != null) 
            { 
                for (int i = 0; i < endorsingSignatures.Length; ++i)
                { 
                    endorsingSignatures[i].Item.WriteTo(writer, ServiceModelDictionaryManager.Instance);
                }
            }
            if (!this.SignThenEncrypt) 
            {
                if (elementContainer.ReferenceList != null) 
                { 
                    elementContainer.ReferenceList.WriteTo(writer, ServiceModelDictionaryManager.Instance);
                } 
            }
            if (this.elementContainer.Timestamp != null && this.Layout == SecurityHeaderLayout.LaxTimestampLast)
            {
                this.StandardsManager.WSUtilitySpecificationVersion.WriteTimestamp(writer, this.elementContainer.Timestamp); 
            }
        } 
 
        public Message SetupExecution()
        { 
            ThrowIfProcessingStarted();
            SetProcessingStarted();

            bool signBody = false; 
            if (this.elementContainer.SourceSigningToken != null)
            { 
                if (this.signatureParts == null) 
                {
                    throw TraceUtility.ThrowHelperError(new ArgumentNullException("SignatureParts"), this.Message); 
                }
                signBody = this.signatureParts.IsBodyIncluded;
            }
 
            bool encryptBody = false;
            if (this.elementContainer.SourceEncryptionToken != null) 
            { 
                if (this.encryptionParts == null)
                { 
                    throw TraceUtility.ThrowHelperError(new ArgumentNullException("EncryptionParts"), this.Message);
                }
                encryptBody = this.encryptionParts.IsBodyIncluded;
            } 

            SecurityAppliedMessage message = new SecurityAppliedMessage(this.Message, this, signBody, encryptBody); 
            this.Message = message; 
            return message;
        } 

        SecurityTokenReferenceStyle GetTokenReferenceStyle(SecurityTokenParameters parameters)
        {
            return (ShouldSerializeToken(parameters, this.MessageDirection)) ? SecurityTokenReferenceStyle.Internal : SecurityTokenReferenceStyle.External; 
        }
 
        void StartSignature() 
        {
            if (this.elementContainer.SourceSigningToken == null) 
            {
                return;
            }
 
            // determine the key identifier clause to use for the source
            SecurityTokenReferenceStyle sourceSigningKeyReferenceStyle = GetTokenReferenceStyle(this.signingTokenParameters); 
            SecurityKeyIdentifierClause sourceSigningKeyIdentifierClause = this.signingTokenParameters.CreateKeyIdentifierClause(this.elementContainer.SourceSigningToken, sourceSigningKeyReferenceStyle); 
            if (sourceSigningKeyIdentifierClause == null)
            { 
                throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.TokenManagerCannotCreateTokenReference)), this.Message);
            }

            SecurityToken signingToken; 
            SecurityKeyIdentifierClause signingKeyIdentifierClause;
 
            // determine if a token needs to be derived 
            if (this.signingTokenParameters.RequireDerivedKeys && !this.signingTokenParameters.HasAsymmetricKey)
            { 
                string derivationAlgorithm = this.AlgorithmSuite.GetSignatureKeyDerivationAlgorithm(this.elementContainer.SourceSigningToken, this.StandardsManager.MessageSecurityVersion.SecureConversationVersion);
                string expectedDerivationAlgorithm = SecurityUtils.GetKeyDerivationAlgorithm(this.StandardsManager.MessageSecurityVersion.SecureConversationVersion);
                if (derivationAlgorithm == expectedDerivationAlgorithm)
                { 
                    DerivedKeySecurityToken derivedSigningToken = new DerivedKeySecurityToken(-1, 0, this.AlgorithmSuite.GetSignatureKeyDerivationLength(this.elementContainer.SourceSigningToken, this.StandardsManager.MessageSecurityVersion.SecureConversationVersion), null, DerivedKeySecurityToken.DefaultNonceLength, this.elementContainer.SourceSigningToken,
                        sourceSigningKeyIdentifierClause, derivationAlgorithm, GenerateId()); 
                    signingToken = this.elementContainer.DerivedSigningToken = derivedSigningToken; 
                    signingKeyIdentifierClause = new LocalIdKeyIdentifierClause(signingToken.Id);
                } 
                else
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.UnsupportedCryptoAlgorithm, derivationAlgorithm)));
                } 
            }
            else 
            { 
                signingToken = elementContainer.SourceSigningToken;
                signingKeyIdentifierClause = sourceSigningKeyIdentifierClause; 
            }

            SecurityKeyIdentifier signingKeyIdentifier = new SecurityKeyIdentifier(signingKeyIdentifierClause);
 
            if (signatureConfirmationsToSend != null && signatureConfirmationsToSend.Count > 0)
            { 
                ISecurityElement[] signatureConfirmationElements; 
                signatureConfirmationElements = CreateSignatureConfirmationElements(signatureConfirmationsToSend);
                for (int i = 0; i < signatureConfirmationElements.Length; ++i) 
                {
                    SendSecurityHeaderElement sigConfElement = new SendSecurityHeaderElement(signatureConfirmationElements[i].Id, signatureConfirmationElements[i]);
                    sigConfElement.MarkedForEncryption = signatureConfirmationsToSend.IsMarkedForEncryption;
                    this.elementContainer.AddSignatureConfirmation(sigConfElement); 
                }
            } 
 
            bool generateTargettablePrimarySignature = ((this.endorsingTokenParameters != null) || (this.signedEndorsingTokenParameters != null));
            this.StartPrimarySignatureCore(signingToken, signingKeyIdentifier, this.signatureParts, generateTargettablePrimarySignature); 
        }

        void CompleteSignature()
        { 
            ISignatureValueSecurityElement signedXml = this.CompletePrimarySignatureCore(
                elementContainer.GetSignatureConfirmations(), elementContainer.GetSignedEndorsingSupportingTokens(), 
                elementContainer.GetSignedSupportingTokens(), elementContainer.GetBasicSupportingTokens()); 
            if (signedXml == null)
            { 
                return;
            }
            this.elementContainer.PrimarySignature = new SendSecurityHeaderElement(signedXml.Id, signedXml);
            this.elementContainer.PrimarySignature.MarkedForEncryption = this.encryptSignature; 
            AddGeneratedSignatureValue(signedXml.GetSignatureValue(), this.EncryptPrimarySignature);
            this.primarySignatureDone = true; 
            this.primarySignatureValue = signedXml.GetSignatureValue(); 
        }
 
        protected abstract void StartPrimarySignatureCore(SecurityToken token, SecurityKeyIdentifier identifier, MessagePartSpecification signatureParts, bool generateTargettablePrimarySignature);

        protected abstract ISignatureValueSecurityElement CompletePrimarySignatureCore(SendSecurityHeaderElement[] signatureConfirmations,
            SecurityToken[] signedEndorsingTokens, SecurityToken[] signedTokens, SendSecurityHeaderElement[] basicTokens); 

        protected abstract ISignatureValueSecurityElement CreateSupportingSignature(SecurityToken token, SecurityKeyIdentifier identifier); 
 
        protected abstract ISignatureValueSecurityElement CreateSupportingSignature(SecurityToken token, SecurityKeyIdentifier identifier, ISecurityElement primarySignature);
 
        protected abstract void StartEncryptionCore(SecurityToken token, SecurityKeyIdentifier keyIdentifier);

        protected abstract ISecurityElement CompleteEncryptionCore(SendSecurityHeaderElement primarySignature,
            SendSecurityHeaderElement[] basicTokens, SendSecurityHeaderElement[] signatureConfirmations, SendSecurityHeaderElement[] endorsingSignatures); 

        void SignWithSupportingToken(SecurityToken token, SecurityKeyIdentifierClause identifierClause) 
        { 
            if (token == null)
            { 
                throw TraceUtility.ThrowHelperArgumentNull("token", this.Message);
            }
            if (identifierClause == null)
            { 
                throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.TokenManagerCannotCreateTokenReference)), this.Message);
            } 
            if (!this.RequireMessageProtection) 
            {
                if (this.elementContainer.Timestamp == null) 
                {
                    throw TraceUtility.ThrowHelperError(new InvalidOperationException(
                        SR.GetString(SR.SigningWithoutPrimarySignatureRequiresTimestamp)), this.Message);
                } 
            }
            else 
            { 
                if (!this.primarySignatureDone)
                { 
                    throw TraceUtility.ThrowHelperError(new InvalidOperationException(
                        SR.GetString(SR.PrimarySignatureMustBeComputedBeforeSupportingTokenSignatures)), this.Message);
                }
                if (this.elementContainer.PrimarySignature.Item == null) 
                {
                    throw TraceUtility.ThrowHelperError(new InvalidOperationException( 
                        SR.GetString(SR.SupportingTokenSignaturesNotExpected)), this.Message); 
                }
            } 

            SecurityKeyIdentifier identifier = new SecurityKeyIdentifier(identifierClause);
            ISignatureValueSecurityElement supportingSignature;
            if (!this.RequireMessageProtection) 
            {
                supportingSignature = CreateSupportingSignature(token, identifier); 
            } 
            else
            { 
                supportingSignature = CreateSupportingSignature(token, identifier, elementContainer.PrimarySignature.Item);
            }
            AddGeneratedSignatureValue(supportingSignature.GetSignatureValue(), encryptSignature);
            SendSecurityHeaderElement supportingSignatureElement = new SendSecurityHeaderElement(supportingSignature.Id, supportingSignature); 
            supportingSignatureElement.MarkedForEncryption = encryptSignature;
            this.elementContainer.AddEndorsingSignature(supportingSignatureElement); 
        } 

        void SignWithSupportingTokens() 
        {
            SecurityToken[] endorsingTokens = this.elementContainer.GetEndorsingSupportingTokens();
            if (endorsingTokens != null)
            { 
                for (int i = 0; i < endorsingTokens.Length; ++i)
                { 
                    SecurityToken source = endorsingTokens[i]; 
                    SecurityKeyIdentifierClause sourceKeyClause = endorsingTokenParameters[i].CreateKeyIdentifierClause(source, GetTokenReferenceStyle(endorsingTokenParameters[i]));
                    if (sourceKeyClause == null) 
                    {
                        throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.TokenManagerCannotCreateTokenReference)), this.Message);
                    }
                    SecurityToken signingToken; 
                    SecurityKeyIdentifierClause signingKeyClause;
                    if (endorsingTokenParameters[i].RequireDerivedKeys && !endorsingTokenParameters[i].HasAsymmetricKey) 
                    { 
                        string derivationAlgorithm = SecurityUtils.GetKeyDerivationAlgorithm(this.StandardsManager.MessageSecurityVersion.SecureConversationVersion);
                        DerivedKeySecurityToken dkt = new DerivedKeySecurityToken(-1, 0, 
                            this.AlgorithmSuite.GetSignatureKeyDerivationLength(source, this.StandardsManager.MessageSecurityVersion.SecureConversationVersion), null,
                            DerivedKeySecurityToken.DefaultNonceLength, source, sourceKeyClause, derivationAlgorithm, GenerateId());
                        signingToken = dkt;
                        signingKeyClause = new LocalIdKeyIdentifierClause(dkt.Id); 
                        this.elementContainer.AddEndorsingDerivedSupportingToken(dkt);
                    } 
                    else 
                    {
                        signingToken = source; 
                        signingKeyClause = sourceKeyClause;
                    }
                    SignWithSupportingToken(signingToken, signingKeyClause);
                } 
            }
            SecurityToken[] signedEndorsingSupportingTokens = this.elementContainer.GetSignedEndorsingSupportingTokens(); 
            if (signedEndorsingSupportingTokens != null) 
            {
                for (int i = 0; i < signedEndorsingSupportingTokens.Length; ++i) 
                {
                    SecurityToken source = signedEndorsingSupportingTokens[i];
                    SecurityKeyIdentifierClause sourceKeyClause = signedEndorsingTokenParameters[i].CreateKeyIdentifierClause(source, GetTokenReferenceStyle(signedEndorsingTokenParameters[i]));
                    if (sourceKeyClause == null) 
                    {
                        throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.TokenManagerCannotCreateTokenReference)), this.Message); 
                    } 
                    SecurityToken signingToken;
                    SecurityKeyIdentifierClause signingKeyClause; 
                    if (signedEndorsingTokenParameters[i].RequireDerivedKeys && !signedEndorsingTokenParameters[i].HasAsymmetricKey)
                    {
                        string derivationAlgorithm = SecurityUtils.GetKeyDerivationAlgorithm(this.StandardsManager.MessageSecurityVersion.SecureConversationVersion);
                        DerivedKeySecurityToken dkt = new DerivedKeySecurityToken(-1, 0, 
                            this.AlgorithmSuite.GetSignatureKeyDerivationLength(source, this.StandardsManager.MessageSecurityVersion.SecureConversationVersion), null,
                            DerivedKeySecurityToken.DefaultNonceLength, source, sourceKeyClause, derivationAlgorithm, GenerateId()); 
                        signingToken = dkt; 
                        signingKeyClause = new LocalIdKeyIdentifierClause(dkt.Id);
                        this.elementContainer.AddSignedEndorsingDerivedSupportingToken(dkt); 
                    }
                    else
                    {
                        signingToken = source; 
                        signingKeyClause = sourceKeyClause;
                    } 
                    SignWithSupportingToken(signingToken, signingKeyClause); 
                }
            } 
        }

        XmlDictionaryString IMessageHeaderWithSharedNamespace.SharedNamespace
        { 
            get { return XD.UtilityDictionary.Namespace; }
        } 
 
        XmlDictionaryString IMessageHeaderWithSharedNamespace.SharedPrefix
        { 
            get { return XD.UtilityDictionary.Prefix; }
        }

        void AddGeneratedSignatureValue(byte[] signatureValue, bool wasEncrypted) 
        {
            // cache outgoing signatures only on the client side 
            if (this.MaintainSignatureConfirmationState && (this.signatureConfirmationsToSend == null)) 
            {
                if (this.signatureValuesGenerated == null) 
                {
                    this.signatureValuesGenerated = new SignatureConfirmations();
                }
                this.signatureValuesGenerated.AddConfirmation(signatureValue, wasEncrypted); 
            }
        } 
    } 

    class TokenElement : ISecurityElement 
    {
        SecurityStandardsManager standardsManager;
        SecurityToken token;
 
        public TokenElement(SecurityToken token, SecurityStandardsManager standardsManager)
        { 
            this.token = token; 
            this.standardsManager = standardsManager;
        } 

        public override bool Equals(object item)
        {
            TokenElement element = item as TokenElement; 
            return (element != null && this.token == element.token && this.standardsManager == element.standardsManager);
        } 
 
        public override int GetHashCode()
        { 
            return token.GetHashCode() ^ standardsManager.GetHashCode();
        }

        public bool HasId 
        {
            get { return true; } 
        } 

        public string Id 
        {
            get { return token.Id; }
        }
 
        public void WriteTo(XmlDictionaryWriter writer, DictionaryManager dictionaryManager)
        { 
            standardsManager.SecurityTokenSerializer.WriteToken(writer, token); 
        }
    } 
}

// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.


                        

Link Menu

Network programming in C#, Network Programming in VB.NET, Network Programming in .NET
This book is available now!
Buy at Amazon US or
Buy at Amazon UK