Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / infocard / Service / managed / Microsoft / InfoCards / EncryptionUtility.cs / 1 / EncryptionUtility.cs
//------------------------------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
//-----------------------------------------------------------------------------
namespace Microsoft.InfoCards
{
using System;
using System.IdentityModel.Selectors;
using System.IdentityModel.Tokens;
using System.ServiceModel.Security.Tokens;
using System.ServiceModel;
using System.ServiceModel.Security;
using System.IO;
using System.Security.Cryptography.X509Certificates;
using System.Security.Cryptography.Xml;
using System.Xml;
using System.Security.Principal;
using System.Security.Cryptography;
using System.Text;
using System.Globalization;
using IDT = Microsoft.InfoCards.Diagnostics.InfoCardTrace;
//
// Summary
// This class provides utility function to enable encryption of tokens
//
internal sealed class EncryptionUtility
{
private EncryptionUtility()
{
}
//
// Summary
// Encrypt a security token
//
// Parameters
// tokenToBeEncrypted - The security token that needs to be encrypted
// cert - The certificate of the party to which the token is to be encrypted
// encryptingAlgorithm - The algorithm to use for encryption
//
public static XmlElement EncryptSecurityToken( SecurityToken tokenToBeEncrypted, X509Certificate2 cert,
string encryptingAlgorithm, string asymmetricKeyWrapAlgorithm, ProtocolProfile profile )
{
//
// create the stream for data to be encrypted
//
MemoryStream streamToBeEncrypted = new MemoryStream();
XmlDictionaryWriter writer = XmlDictionaryWriter.CreateDictionaryWriter( new XmlTextWriter( new StreamWriter( streamToBeEncrypted ) ) );
profile.TokenSerializer.WriteToken( writer, tokenToBeEncrypted );
writer.Flush();
streamToBeEncrypted.Seek( 0, SeekOrigin.Begin );
return EncryptToken( streamToBeEncrypted, cert, encryptingAlgorithm, asymmetricKeyWrapAlgorithm, profile );
}
//
// Summary
// Encrypt a security token
//
// Parameters
// elem - The security token element that needs to be encrypted
// cert - The certificate of the party to which the token is to be encrypted
// encryptingAlgorithm - The algorithm to use for encryption
// keyWrapAlgorithm - Symmetric P ==> rasoaep. Asymmetric P ==> as specified
//
public static XmlElement EncryptSecurityToken( XmlElement elem, X509Certificate2 cert,
string encryptingAlgorithm, string asymmetricKeyWrapAlgorithm, ProtocolProfile profile )
{
//
// create the stream for data to be encrypted
//
MemoryStream streamToBeEncrypted = new MemoryStream();
XmlDictionaryWriter writer = XmlDictionaryWriter.CreateDictionaryWriter( new XmlTextWriter( new StreamWriter( streamToBeEncrypted ) ) );
elem.WriteTo( writer );
writer.Flush();
streamToBeEncrypted.Seek( 0, SeekOrigin.Begin );
return EncryptToken( streamToBeEncrypted, cert, encryptingAlgorithm, asymmetricKeyWrapAlgorithm, profile );
}
//
// Summary
// Encrypt a security token
//
// Parameters
// streamToBeEncrypted - The security token stream that needs to be encrypted
// cert - The certificate of the party to which the token is to be encrypted
// encryptingAlgorithm - The algorithm to use for encryption
// keyWrapAlgorithm - Symmetric P ==> rasoaep. Asymmetric P ==> as specified
//
private static XmlElement EncryptToken( MemoryStream streamToBeEncrypted, X509Certificate2 cert,
string encryptingAlgorithm, string asymmetricKeyWrapAlgorithm, ProtocolProfile profile )
{
IDT.TraceDebug( "Encrypting the security token" );
IDT.ThrowInvalidArgumentConditional( String.IsNullOrEmpty( encryptingAlgorithm ), "encryptingAlgorithm" );
IDT.ThrowInvalidArgumentConditional( null == cert, "cert" );
IDT.TraceDebug( "Encrypting issued token with {0} algorithm", encryptingAlgorithm );
IDT.TraceDebug( "Encrypting issued token with {0} certificate", cert.FriendlyName );
SecurityToken encryptingToken = new X509SecurityToken( cert, "id" );
SecurityAlgorithmSuite suite = SecurityAlgorithmSuite.Default;
switch( encryptingAlgorithm )
{
case SecurityAlgorithms.Aes128Encryption:
suite = SecurityAlgorithmSuite.Basic128;
break;
case SecurityAlgorithms.Aes192Encryption:
suite = SecurityAlgorithmSuite.Basic192;
break;
case SecurityAlgorithms.Aes256Encryption:
suite = SecurityAlgorithmSuite.Basic256;
break;
case SecurityAlgorithms.TripleDesEncryption:
suite = SecurityAlgorithmSuite.TripleDes;
break;
default:
throw IDT.ThrowHelperError( new TokenCreationException(
SR.GetString( SR.UnsupportedEncryptionAlgorithm, encryptingAlgorithm ) ) );
}
//
// create the keys to be used for encryption
//
SecurityKeyIdentifier encryptingKeyIdentifier = new SecurityKeyIdentifier( encryptingToken.CreateKeyIdentifierClause() );
int encryptedKeySize = suite.DefaultEncryptionKeyDerivationLength / 8;
byte[ ] keyToWrap = new byte[ encryptedKeySize ];
RNGCryptoServiceProvider random = new RNGCryptoServiceProvider();
random.GetNonZeroBytes( keyToWrap );
WrappedKeySecurityToken wrappedKeyToken = new WrappedKeySecurityToken( string.Empty,
keyToWrap, asymmetricKeyWrapAlgorithm, encryptingToken, encryptingKeyIdentifier );
SecurityKeyIdentifier keyIdentifier = new SecurityKeyIdentifier( new EncryptedKeyIdentifierClause( wrappedKeyToken.GetWrappedKey(),
wrappedKeyToken.WrappingAlgorithm, wrappedKeyToken.WrappingTokenReference ) );
SymmetricSecurityKey encryptingCrypto = ( SymmetricSecurityKey )wrappedKeyToken.SecurityKeys[ 0 ];
//
// Use the algorithm provided and encrypt the data
//
SymmetricAlgorithm algorithm = encryptingCrypto.GetSymmetricAlgorithm( encryptingAlgorithm );
EncryptedData encryptedData = new EncryptedData();
encryptedData.TokenSerializer = profile.TokenSerializer;
encryptedData.KeyIdentifier = keyIdentifier;
encryptedData.EncryptionMethod = encryptingAlgorithm;
encryptedData.Type = EncryptedXml.XmlEncElementUrl;
encryptedData.SetUpEncryption( algorithm, streamToBeEncrypted.GetBuffer(), 0, Convert.ToInt32( streamToBeEncrypted.Length ) );
//
// write the encrypted data to a memory stream
//
IDT.TraceDebug( "Writing encrypted token to memory stream" );
MemoryStream encryptedStream = new MemoryStream();
XmlDictionaryWriter writer = XmlDictionaryWriter.CreateDictionaryWriter( new XmlTextWriter( new StreamWriter( encryptedStream ) ) );
encryptedData.WriteTo( writer );
writer.Flush();
encryptedStream.Seek( 0, SeekOrigin.Begin );
//
// Create an XmlElement for the encrypted data
//
XmlDocument doc = new XmlDocument();
XmlElement tokenXml = ( XmlElement )doc.ReadNode( Utility.CreateReaderWithQuotas( encryptedStream ) );
Array.Clear(
streamToBeEncrypted.GetBuffer(),
0,
Convert.ToInt32( streamToBeEncrypted.Length ) );
Array.Clear(
encryptedStream.GetBuffer(),
0,
Convert.ToInt32( encryptedStream.Length ) );
streamToBeEncrypted.Close();
encryptedStream.Close();
return tokenXml;
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- ObjectRef.cs
- SHA1Managed.cs
- InitiatorServiceModelSecurityTokenRequirement.cs
- TabletDevice.cs
- NotifyParentPropertyAttribute.cs
- MetadataArtifactLoaderComposite.cs
- DotNetATv1WindowsLogEntrySerializer.cs
- ProgressBar.cs
- XmlDigitalSignatureProcessor.cs
- SchemaInfo.cs
- VirtualPathData.cs
- DataMemberConverter.cs
- BufferedStream.cs
- EventTrigger.cs
- autovalidator.cs
- ThreadExceptionEvent.cs
- SynchronizedDisposablePool.cs
- AnnotationService.cs
- RectangleGeometry.cs
- UserControlDesigner.cs
- InfoCardRSAOAEPKeyExchangeDeformatter.cs
- ConfigXmlDocument.cs
- PropertyIDSet.cs
- SqlBuffer.cs
- StyleTypedPropertyAttribute.cs
- sqlpipe.cs
- FontFamily.cs
- TreeNodeCollectionEditorDialog.cs
- ConditionalAttribute.cs
- Panel.cs
- Baml2006Reader.cs
- ArraySubsetEnumerator.cs
- TreeViewItem.cs
- PasswordDeriveBytes.cs
- QilInvokeEarlyBound.cs
- PtsPage.cs
- mongolianshape.cs
- DataControlButton.cs
- DockPanel.cs
- CodeGenerator.cs
- XmlEventCache.cs
- ProtocolImporter.cs
- RelatedPropertyManager.cs
- DesignerAdapterAttribute.cs
- Application.cs
- DecimalStorage.cs
- KerberosTokenFactoryCredential.cs
- OperationPickerDialog.designer.cs
- WebPartPersonalization.cs
- CategoryNameCollection.cs
- LogSwitch.cs
- EntityDataSourceWrapperCollection.cs
- LoginUtil.cs
- WebPartsPersonalization.cs
- FactoryMaker.cs
- CodeVariableReferenceExpression.cs
- ApplicationDirectoryMembershipCondition.cs
- AuthenticationConfig.cs
- ServiceProviders.cs
- ExponentialEase.cs
- ToolStripRenderer.cs
- SignedInfo.cs
- GridViewDeleteEventArgs.cs
- PersonalizationStateInfoCollection.cs
- HierarchicalDataSourceConverter.cs
- GradientSpreadMethodValidation.cs
- ToolboxDataAttribute.cs
- RootBrowserWindowProxy.cs
- HtmlInputImage.cs
- CodeCatchClause.cs
- CharacterHit.cs
- SwitchAttribute.cs
- RequestQueryParser.cs
- ConfigurationStrings.cs
- FormattedTextSymbols.cs
- ChangeTracker.cs
- ByteStreamGeometryContext.cs
- GZipDecoder.cs
- SiteMap.cs
- _NestedSingleAsyncResult.cs
- ProviderException.cs
- unitconverter.cs
- ResourceLoader.cs
- TraceHandlerErrorFormatter.cs
- ForAllOperator.cs
- QueryContinueDragEvent.cs
- PeerNodeTraceRecord.cs
- ConstructorExpr.cs
- HealthMonitoringSection.cs
- WebPartRestoreVerb.cs
- TreeViewDesigner.cs
- SmiEventSink_DeferedProcessing.cs
- SynchronizingStream.cs
- EmulateRecognizeCompletedEventArgs.cs
- AddInProcess.cs
- CTreeGenerator.cs
- ExceptionRoutedEventArgs.cs
- SqlCacheDependency.cs
- MappingItemCollection.cs
- WebPartUserCapability.cs