WSSecurityOneDotZeroSendSecurityHeader.cs source code in C# .NET

Source code for the .NET framework in C#

                        

Code:

/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / Security / WSSecurityOneDotZeroSendSecurityHeader.cs / 1 / WSSecurityOneDotZeroSendSecurityHeader.cs

                            //---------------------------------------------------------- 
// Copyright (c) Microsoft Corporation.  All rights reserved.
//-----------------------------------------------------------

namespace System.ServiceModel.Security 
{
    using System.Collections.Generic; 
    using System.ServiceModel.Channels; 
    using System.ServiceModel;
    using System.ServiceModel.Description; 
    using System.Diagnostics;
    using System.IO;
    using System.IdentityModel.Claims;
    using System.IdentityModel.Policy; 
    using System.IdentityModel.Tokens;
    using System.IdentityModel.Selectors; 
    using System.ServiceModel.Security.Tokens; 
    using System.Security.Cryptography;
    using System.Text; 
    using System.Xml;
    using System.ServiceModel.Diagnostics;

    using ExclusiveCanonicalizationTransform = System.IdentityModel.ExclusiveCanonicalizationTransform; 
    using HashStream = System.IdentityModel.HashStream;
    using PreDigestedSignedInfo = System.IdentityModel.PreDigestedSignedInfo; 
    using SignedInfo = System.IdentityModel.SignedInfo; 
    using SignedXml = System.IdentityModel.SignedXml;
    using StandardSignedInfo = System.IdentityModel.StandardSignedInfo; 
    using Reference = System.IdentityModel.Reference;
    using ISecurityElement = System.IdentityModel.ISecurityElement;
    using ISignatureValueSecurityElement = System.IdentityModel.ISignatureValueSecurityElement;
    using IPrefixGenerator = System.IdentityModel.IPrefixGenerator; 

    class WSSecurityOneDotZeroSendSecurityHeader : SendSecurityHeader 
    { 
        HashStream hashStream;
        PreDigestedSignedInfo signedInfo; 
        SignedXml signedXml;
        SecurityKey signatureKey;
        MessagePartSpecification effectiveSignatureParts;
 
        SymmetricAlgorithm encryptingSymmetricAlgorithm;
        ReferenceList referenceList; 
        SecurityKeyIdentifier encryptionKeyIdentifier; 

        bool hasSignedEncryptedMessagePart; 

        // For Transport Secrity we have to sign the 'To' header with the
        // supporting tokens.
        byte[] toHeaderHash = null; 
        string toHeaderId = null;
 
        public WSSecurityOneDotZeroSendSecurityHeader(Message message, string actor, bool mustUnderstand, bool relay, 
            SecurityStandardsManager standardsManager,
            SecurityAlgorithmSuite algorithmSuite, 
            MessageDirection direction)
            : base(message, actor, mustUnderstand, relay, standardsManager, algorithmSuite, direction)
        {
        } 

        protected string EncryptionAlgorithm 
        { 
            get { return this.AlgorithmSuite.DefaultEncryptionAlgorithm; }
        } 

        protected XmlDictionaryString EncryptionAlgorithmDictionaryString
        {
            get { return this.AlgorithmSuite.DefaultEncryptionAlgorithmDictionaryString; } 
        }
 
        protected override bool HasSignedEncryptedMessagePart 
        {
            get 
            {
                return this.hasSignedEncryptedMessagePart;
            }
        } 

        void AddEncryptionReference(MessageHeader header, string headerId, IPrefixGenerator prefixGenerator, bool sign, 
            out MemoryStream plainTextStream, out string encryptedDataId) 
        {
            plainTextStream = new MemoryStream(); 
            XmlDictionaryWriter encryptingWriter = XmlDictionaryWriter.CreateTextWriter(plainTextStream);
            if (sign)
            {
                AddSignatureReference(header, headerId, prefixGenerator, encryptingWriter); 
            }
            else 
            { 
                header.WriteHeader(encryptingWriter, this.Version);
                encryptingWriter.Flush(); 
            }
            encryptedDataId = this.GenerateId();
            referenceList.AddReferredId(encryptedDataId);
        } 

        void AddSignatureReference(SecurityToken token) 
        { 
            if (token.Id == null)
            { 
                throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.ElementToSignMustHaveId)), this.Message);
            }

            HashStream hashStream = TakeHashStream(); 
            XmlDictionaryWriter utf8Writer = TakeUtf8Writer();
 
            utf8Writer.StartCanonicalization(hashStream, false, null); 
            this.StandardsManager.SecurityTokenSerializer.WriteToken(utf8Writer, token);
            utf8Writer.EndCanonicalization(); 

            this.signedInfo.AddReference(token.Id, hashStream.FlushHashAndGetValue());
        }
 
        void AddSignatureReference(SendSecurityHeaderElement[] elements)
        { 
            if (elements != null) 
            {
                for (int i = 0; i < elements.Length; ++i) 
                {
                    if (elements[i].Id == null)
                    {
                        throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.ElementToSignMustHaveId)), this.Message); 
                    }
 
                    HashStream hashStream = TakeHashStream(); 
                    XmlDictionaryWriter utf8Writer = TakeUtf8Writer();
                    utf8Writer.StartCanonicalization(hashStream, false, null);; 
                    elements[i].Item.WriteTo(utf8Writer, ServiceModelDictionaryManager.Instance);
                    utf8Writer.EndCanonicalization();

                    this.signedInfo.AddReference(elements[i].Id, hashStream.FlushHashAndGetValue()); 
                }
            } 
        } 

        void AddSignatureReference(SecurityToken[] tokens) 
        {
            if (tokens != null)
            {
                for (int i = 0; i < tokens.Length; ++i) 
                {
                    AddSignatureReference(tokens[i]); 
                } 
            }
        } 

        string GetSignatureHash(MessageHeader header, string headerId, IPrefixGenerator prefixGenerator, XmlDictionaryWriter writer, out byte[] hash)
        {
            HashStream hashStream = TakeHashStream(); 
            XmlDictionaryWriter effectiveWriter;
            XmlBuffer canonicalBuffer = null; 
 
            if (writer.CanCanonicalize)
            { 
                effectiveWriter = writer;
            }
            else
            { 
                canonicalBuffer = new XmlBuffer(int.MaxValue);
                effectiveWriter = canonicalBuffer.OpenSection(XmlDictionaryReaderQuotas.Max); 
            } 

            effectiveWriter.StartCanonicalization(hashStream, false, null); 

            header.WriteStartHeader(effectiveWriter, this.Version);
            if (headerId == null)
            { 
                headerId = GenerateId();
                this.StandardsManager.IdManager.WriteIdAttribute(effectiveWriter, headerId); 
            } 
            header.WriteHeaderContents(effectiveWriter, this.Version);
            effectiveWriter.WriteEndElement(); 
            effectiveWriter.EndCanonicalization();
            effectiveWriter.Flush();

            if (!ReferenceEquals(effectiveWriter, writer)) 
            {
                DiagnosticUtility.DebugAssert(canonicalBuffer != null, "Canonical buffer cannot be null."); 
                canonicalBuffer.CloseSection(); 
                canonicalBuffer.Close();
                XmlDictionaryReader dicReader = canonicalBuffer.GetReader(0); 
                writer.WriteNode(dicReader, false);
                dicReader.Close();
            }
 
            hash = hashStream.FlushHashAndGetValue();
 
            return headerId; 
        }
 
        void AddSignatureReference(MessageHeader header, string headerId, IPrefixGenerator prefixGenerator, XmlDictionaryWriter writer)
        {
            byte[] hashValue;
            headerId = GetSignatureHash(header, headerId, prefixGenerator, writer, out hashValue); 
            this.signedInfo.AddReference(headerId, hashValue);
        } 
 
        void ApplySecurityAndWriteHeader(MessageHeader header, string headerId, XmlDictionaryWriter writer, IPrefixGenerator prefixGenerator)
        { 
            if (!this.RequireMessageProtection && this.ShouldSignToHeader)
            {
                if ((header.Name == XD.AddressingDictionary.To.Value) &&
                    (header.Namespace == this.Message.Version.Addressing.Namespace)) 
                {
                    if (this.toHeaderHash == null) 
                    { 
                        byte[] headerHash;
                        headerId = GetSignatureHash(header, headerId, prefixGenerator, writer, out headerHash); 
                        this.toHeaderHash = headerHash;
                        this.toHeaderId = headerId;
                    }
                    else 
                        // More than one 'To' header is specified in the message.
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.TransportSecuredMessageHasMoreThanOneToHeader))); 
 
                    return;
                } 
            }

            MessagePartProtectionMode protectionMode = GetProtectionMode(header);
            MemoryStream plainTextStream; 
            string encryptedDataId;
            switch (protectionMode) 
            { 
                case MessagePartProtectionMode.None:
                    header.WriteHeader(writer, this.Version); 
                    return;
                case MessagePartProtectionMode.Sign:
                    AddSignatureReference(header, headerId, prefixGenerator, writer);
                    return; 
                case MessagePartProtectionMode.SignThenEncrypt:
                    AddEncryptionReference(header, headerId, prefixGenerator, true, out plainTextStream, out encryptedDataId); 
                    EncryptAndWriteHeader(header, encryptedDataId, plainTextStream, writer); 
                    this.hasSignedEncryptedMessagePart = true;
                    return; 
                case MessagePartProtectionMode.Encrypt:
                    AddEncryptionReference(header, headerId, prefixGenerator, false, out plainTextStream, out encryptedDataId);
                    EncryptAndWriteHeader(header, encryptedDataId, plainTextStream, writer);
                    return; 
                case MessagePartProtectionMode.EncryptThenSign:
                    AddEncryptionReference(header, headerId, prefixGenerator, false, out plainTextStream, out encryptedDataId); 
                    EncryptedHeader encryptedHeader = EncryptHeader( 
                        header, this.encryptingSymmetricAlgorithm, this.encryptionKeyIdentifier, this.Version, encryptedDataId, plainTextStream);
                    AddSignatureReference(encryptedHeader, encryptedDataId, prefixGenerator, writer); 
                    return;
                default:
                    DiagnosticUtility.DebugAssert("Invalid MessagePartProtectionMode");
                    return; 
            }
        } 
 
        public override void ApplySecurityAndWriteHeaders(MessageHeaders headers, XmlDictionaryWriter writer, IPrefixGenerator prefixGenerator)
        { 
            string[] headerIds;
            if (this.RequireMessageProtection || this.ShouldSignToHeader)
            {
                headerIds = headers.GetHeaderAttributes(UtilityStrings.IdAttribute, 
                    this.StandardsManager.IdManager.DefaultIdNamespaceUri);
            } 
            else 
            {
                headerIds = null; 
            }
            for (int i = 0; i < headers.Count; i++)
            {
                MessageHeader header = headers.GetMessageHeader(i); 
                if (this.Version.Addressing == AddressingVersion.None && header.Namespace == AddressingVersion.None.Namespace)
                { 
                    continue; 
                }
 
                if (header != this)
                {
                    ApplySecurityAndWriteHeader(header, headerIds == null ? null : headerIds[i], writer, prefixGenerator);
                } 
            }
        } 
 
        static bool CanCanonicalizeAndFragment(XmlDictionaryWriter writer)
        { 
            if (!writer.CanCanonicalize)
            {
                return false;
            } 
            IFragmentCapableXmlDictionaryWriter fragmentingWriter = writer as IFragmentCapableXmlDictionaryWriter;
            return fragmentingWriter != null && fragmentingWriter.CanFragment; 
        } 

        public override void ApplyBodySecurity(XmlDictionaryWriter writer, IPrefixGenerator prefixGenerator) 
        {
            SecurityAppliedMessage message = this.SecurityAppliedMessage;
            EncryptedData encryptedData;
            HashStream hashStream; 
            switch (message.BodyProtectionMode)
            { 
                case MessagePartProtectionMode.None: 
                    return;
                case MessagePartProtectionMode.Sign: 
                    hashStream = TakeHashStream();
                    if (CanCanonicalizeAndFragment(writer))
                    {
                        message.WriteBodyToSignWithFragments(hashStream, false, null, writer); 
                    }
                    else 
                    { 
                        message.WriteBodyToSign(hashStream);
                    } 
                    this.signedInfo.AddReference(message.BodyId, hashStream.FlushHashAndGetValue());
                    return;
                case MessagePartProtectionMode.SignThenEncrypt:
                    hashStream = TakeHashStream(); 
                    encryptedData = CreateEncryptedDataForBody();
                    if (CanCanonicalizeAndFragment(writer)) 
                    { 
                        message.WriteBodyToSignThenEncryptWithFragments(hashStream, false, null, encryptedData, this.encryptingSymmetricAlgorithm, writer);
                    } 
                    else
                    {
                        message.WriteBodyToSignThenEncrypt(hashStream, encryptedData, this.encryptingSymmetricAlgorithm);
                    } 
                    this.signedInfo.AddReference(message.BodyId, hashStream.FlushHashAndGetValue());
                    this.referenceList.AddReferredId(encryptedData.Id); 
                    this.hasSignedEncryptedMessagePart = true; 
                    return;
                case MessagePartProtectionMode.Encrypt: 
                    encryptedData = CreateEncryptedDataForBody();
                    message.WriteBodyToEncrypt(encryptedData, this.encryptingSymmetricAlgorithm);
                    this.referenceList.AddReferredId(encryptedData.Id);
                    return; 
                case MessagePartProtectionMode.EncryptThenSign:
                    hashStream = TakeHashStream(); 
                    encryptedData = CreateEncryptedDataForBody(); 
                    message.WriteBodyToEncryptThenSign(hashStream, encryptedData, this.encryptingSymmetricAlgorithm);
                    this.signedInfo.AddReference(message.BodyId, hashStream.FlushHashAndGetValue()); 
                    this.referenceList.AddReferredId(encryptedData.Id);
                    return;
                default:
                    DiagnosticUtility.DebugAssert("Invalid MessagePartProtectionMode"); 
                    return;
            } 
        } 

        protected static MemoryStream CaptureToken(SecurityToken token, SecurityStandardsManager serializer) 
        {
            MemoryStream stream = new MemoryStream();
            XmlDictionaryWriter writer = XmlDictionaryWriter.CreateTextWriter(stream);
            serializer.SecurityTokenSerializer.WriteToken(writer, token); 
            writer.Flush();
            stream.Seek(0, SeekOrigin.Begin); 
            return stream; 
        }
 
        protected static MemoryStream CaptureSecurityElement(ISecurityElement element)
        {
            MemoryStream stream = new MemoryStream();
            XmlDictionaryWriter writer = XmlDictionaryWriter.CreateTextWriter(stream); 
            element.WriteTo(writer, ServiceModelDictionaryManager.Instance);
            writer.Flush(); 
            stream.Seek(0, SeekOrigin.Begin); 
            return stream;
        } 

        protected override ISecurityElement CompleteEncryptionCore(
            SendSecurityHeaderElement primarySignature,
            SendSecurityHeaderElement[] basicTokens, 
            SendSecurityHeaderElement[] signatureConfirmations,
            SendSecurityHeaderElement[] endorsingSignatures) 
        { 
            if (this.referenceList == null)
            { 
                return null;
            }

            if (primarySignature != null && primarySignature.Item != null && primarySignature.MarkedForEncryption) 
            {
                EncryptElement(primarySignature); 
            } 

            if (basicTokens != null) 
            {
                for (int i = 0; i < basicTokens.Length; ++i)
                {
                    if (basicTokens[i].MarkedForEncryption) 
                        EncryptElement(basicTokens[i]);
                } 
            } 

            if (signatureConfirmations != null) 
            {
                for (int i = 0; i < signatureConfirmations.Length; ++i)
                {
                    if (signatureConfirmations[i].MarkedForEncryption) 
                        EncryptElement(signatureConfirmations[i]);
                } 
            } 

            if (endorsingSignatures != null) 
            {
                for (int i = 0; i < endorsingSignatures.Length; ++i)
                {
                    if (endorsingSignatures[i].MarkedForEncryption) 
                        EncryptElement(endorsingSignatures[i]);
                } 
            } 

            try 
            {
                return this.referenceList.DataReferenceCount > 0 ? this.referenceList : null;
            }
            finally 
            {
                this.referenceList = null; 
                this.encryptingSymmetricAlgorithm = null; 
                this.encryptionKeyIdentifier = null;
            } 
        }

        protected override ISignatureValueSecurityElement CompletePrimarySignatureCore(
            SendSecurityHeaderElement[] signatureConfirmations, 
            SecurityToken[] signedEndorsingTokens,
            SecurityToken[] signedTokens, 
            SendSecurityHeaderElement[] basicTokens) 
        {
            if (this.signedXml == null) 
            {
                return null;
            }
 
            SecurityTimestamp timestamp = this.Timestamp;
            if (timestamp != null) 
            { 
                if (timestamp.Id == null)
                { 
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.TimestampToSignHasNoId)));
                }
                HashStream hashStream = TakeHashStream();
                this.StandardsManager.WSUtilitySpecificationVersion.WriteTimestampCanonicalForm( 
                    hashStream, timestamp, this.signedInfo.ResourcePool.TakeEncodingBuffer());
                signedInfo.AddReference(timestamp.Id, hashStream.FlushHashAndGetValue()); 
            } 

            if ((this.ShouldSignToHeader) && (this.signatureKey is AsymmetricSecurityKey) && (this.Version.Addressing != AddressingVersion.None)) 
            {
                if (this.toHeaderHash != null)
                    signedInfo.AddReference(this.toHeaderId, this.toHeaderHash);
                else 
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.TransportSecurityRequireToHeader)));
            } 
 
            AddSignatureReference(signatureConfirmations);
 
            if (this.RequireMessageProtection)
            {
                AddSignatureReference(signedEndorsingTokens);
                AddSignatureReference(signedTokens); 
                AddSignatureReference(basicTokens);
            } 
 
            if (this.signedInfo.ReferenceCount == 0)
            { 
                throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.NoPartsOfMessageMatchedPartsToSign)), this.Message);
            }
            try
            { 
                this.signedXml.ComputeSignature(this.signatureKey);
                return this.signedXml; 
            } 
            finally
            { 
                this.hashStream = null;
                this.signedInfo = null;
                this.signedXml = null;
                this.signatureKey = null; 
                this.effectiveSignatureParts = null;
            } 
        } 

        EncryptedData CreateEncryptedData() 
        {
            EncryptedData encryptedData = new EncryptedData();
            encryptedData.SecurityTokenSerializer = this.StandardsManager.SecurityTokenSerializer;
            encryptedData.KeyIdentifier = this.encryptionKeyIdentifier; 
            encryptedData.EncryptionMethod = this.EncryptionAlgorithm;
            encryptedData.EncryptionMethodDictionaryString = this.EncryptionAlgorithmDictionaryString; 
            return encryptedData; 
        }
 
        EncryptedData CreateEncryptedData(MemoryStream stream, string id, bool typeElement)
        {
            EncryptedData encryptedData = CreateEncryptedData();
            encryptedData.Id = id; 
            encryptedData.SetUpEncryption(this.encryptingSymmetricAlgorithm, new ArraySegment(stream.GetBuffer(), 0, (int) stream.Length));
            if (typeElement) 
            { 
                encryptedData.Type = EncryptedData.ElementType;
            } 
            return encryptedData;
        }

        EncryptedData CreateEncryptedDataForBody() 
        {
            EncryptedData encryptedData = CreateEncryptedData(); 
            encryptedData.Type = EncryptedData.ContentType; 
            return encryptedData;
        } 

        void EncryptAndWriteHeader(MessageHeader plainTextHeader, string id, MemoryStream stream, XmlDictionaryWriter writer)
        {
            EncryptedHeader encryptedHeader = EncryptHeader( 
                plainTextHeader,
                this.encryptingSymmetricAlgorithm, this.encryptionKeyIdentifier, this.Version, 
                id, stream); 
            encryptedHeader.WriteHeader(writer, this.Version);
        } 

        void EncryptElement(SendSecurityHeaderElement element)
        {
            string id = GenerateId(); 
            ISecurityElement encryptedElement = CreateEncryptedData(CaptureSecurityElement(element.Item), id, true);
            this.referenceList.AddReferredId(id); 
            element.Replace(id, encryptedElement); 
        }
 
        protected virtual EncryptedHeader EncryptHeader(MessageHeader plainTextHeader, SymmetricAlgorithm algorithm,
                SecurityKeyIdentifier keyIdentifier, MessageVersion version, string id, MemoryStream stream)
        {
            throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException( 
                SR.GetString(SR.HeaderEncryptionNotSupportedInWsSecurityJan2004, plainTextHeader.Name, plainTextHeader.Namespace)));
        } 
 
        HashStream TakeHashStream()
        { 
            HashStream hashStream = null;
            if (this.hashStream == null)
            {
                this.hashStream = hashStream = new HashStream(CryptoHelper.CreateHashAlgorithm(this.AlgorithmSuite.DefaultDigestAlgorithm)); 
            }
            else 
            { 
                hashStream = this.hashStream;;
                hashStream.Reset(); 
            }
            return hashStream;
        }
 
        XmlDictionaryWriter TakeUtf8Writer()
        { 
            return this.signedInfo.ResourcePool.TakeUtf8Writer(); 
        }
 
        MessagePartProtectionMode GetProtectionMode(MessageHeader header)
        {
            if (!this.RequireMessageProtection)
            { 
                return MessagePartProtectionMode.None;
            } 
            bool sign = this.signedInfo != null && this.effectiveSignatureParts.IsHeaderIncluded(header); 
            bool encrypt = this.referenceList != null && this.EncryptionParts.IsHeaderIncluded(header);
            return MessagePartProtectionModeHelper.GetProtectionMode(sign, encrypt, this.SignThenEncrypt); 
        }

        protected override void StartEncryptionCore(SecurityToken token, SecurityKeyIdentifier keyIdentifier)
        { 
            this.encryptingSymmetricAlgorithm = SecurityUtils.GetSymmetricAlgorithm(this.EncryptionAlgorithm, token);
            if (this.encryptingSymmetricAlgorithm == null) 
            { 
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(
                    SR.GetString(SR.UnableToCreateSymmetricAlgorithmFromToken, this.EncryptionAlgorithm))); 
            }
            this.encryptionKeyIdentifier = keyIdentifier;
            this.referenceList = new ReferenceList();
        } 

        protected override void StartPrimarySignatureCore(SecurityToken token, 
            SecurityKeyIdentifier keyIdentifier, 
            MessagePartSpecification signatureParts,
            bool generateTargettableSignature) 
        {
            SecurityAlgorithmSuite suite = this.AlgorithmSuite;
            string canonicalizationAlgorithm = suite.DefaultCanonicalizationAlgorithm;
            XmlDictionaryString canonicalizationAlgorithmDictionaryString = suite.DefaultCanonicalizationAlgorithmDictionaryString; 
            if (canonicalizationAlgorithm != SecurityAlgorithms.ExclusiveC14n)
            { 
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( 
                    new MessageSecurityException(SR.GetString(SR.UnsupportedCanonicalizationAlgorithm, suite.DefaultCanonicalizationAlgorithm)));
            } 
            string signatureAlgorithm;
            XmlDictionaryString signatureAlgorithmDictionaryString;
            suite.GetSignatureAlgorithmAndKey(token, out signatureAlgorithm, out this.signatureKey, out signatureAlgorithmDictionaryString);
            string digestAlgorithm = suite.DefaultDigestAlgorithm; 
            XmlDictionaryString digestAlgorithmDictionaryString = suite.DefaultDigestAlgorithmDictionaryString;
            this.signedInfo = new PreDigestedSignedInfo(ServiceModelDictionaryManager.Instance, canonicalizationAlgorithm, canonicalizationAlgorithmDictionaryString, digestAlgorithm, digestAlgorithmDictionaryString, signatureAlgorithm, signatureAlgorithmDictionaryString); 
            this.signedXml = new SignedXml(this.signedInfo, ServiceModelDictionaryManager.Instance, this.StandardsManager.SecurityTokenSerializer); 
            if (keyIdentifier != null)
            { 
                this.signedXml.Signature.KeyIdentifier = keyIdentifier;
            }
            if (generateTargettableSignature)
            { 
                this.signedXml.Id = GenerateId();
            } 
            this.effectiveSignatureParts = signatureParts; 
            this.hashStream = this.signedInfo.ResourcePool.TakeHashStream(digestAlgorithm);
        } 

        protected override ISignatureValueSecurityElement CreateSupportingSignature(SecurityToken token, SecurityKeyIdentifier identifier)
        {
            StartPrimarySignatureCore(token, identifier, MessagePartSpecification.NoParts, false); 
            return CompletePrimarySignatureCore(null, null, null, null);
        } 
 
        protected override ISignatureValueSecurityElement CreateSupportingSignature(SecurityToken token, SecurityKeyIdentifier identifier, ISecurityElement elementToSign)
        { 
            SecurityAlgorithmSuite algorithmSuite = this.AlgorithmSuite;
            string signatureAlgorithm;
            XmlDictionaryString signatureAlgorithmDictionaryString;
            SecurityKey signatureKey; 
            algorithmSuite.GetSignatureAlgorithmAndKey(token, out signatureAlgorithm, out signatureKey, out signatureAlgorithmDictionaryString);
            SignedXml signedXml = new SignedXml(ServiceModelDictionaryManager.Instance, this.StandardsManager.SecurityTokenSerializer); 
            SignedInfo signedInfo = signedXml.Signature.SignedInfo; 
            signedInfo.CanonicalizationMethod = algorithmSuite.DefaultCanonicalizationAlgorithm;
            signedInfo.CanonicalizationMethodDictionaryString = algorithmSuite.DefaultCanonicalizationAlgorithmDictionaryString; 
            signedInfo.SignatureMethod = signatureAlgorithm;
            signedInfo.SignatureMethodDictionaryString = signatureAlgorithmDictionaryString;

            if (elementToSign.Id == null) 
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ElementToSignMustHaveId))); 
            } 
            Reference reference = new Reference(ServiceModelDictionaryManager.Instance, "#" + elementToSign.Id, elementToSign);
            reference.DigestMethod = algorithmSuite.DefaultDigestAlgorithm; 
            reference.DigestMethodDictionaryString = algorithmSuite.DefaultDigestAlgorithmDictionaryString;
            reference.AddTransform(new ExclusiveCanonicalizationTransform());
            ((StandardSignedInfo)signedInfo).AddReference(reference);
 
            signedXml.ComputeSignature(signatureKey);
            if (identifier != null) 
            { 
                signedXml.Signature.KeyIdentifier = identifier;
            } 
            return signedXml;
        }
    }
} 

// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.
                        

Link Menu

Network programming in C#, Network Programming in VB.NET, Network Programming in .NET
This book is available now!
Buy at Amazon US or
Buy at Amazon UK