You've already forked linux-packaging-mono
							
							
		
			
	
	
		
			242 lines
		
	
	
		
			8.9 KiB
		
	
	
	
		
			C#
		
	
	
	
	
	
		
		
			
		
	
	
			242 lines
		
	
	
		
			8.9 KiB
		
	
	
	
		
			C#
		
	
	
	
	
	
|   | //------------------------------------------------------------ | ||
|  | // Copyright (c) Microsoft Corporation.  All rights reserved. | ||
|  | //------------------------------------------------------------ | ||
|  | 
 | ||
|  | namespace System.ServiceModel.Security.Tokens | ||
|  | { | ||
|  |     using System.Collections.ObjectModel; | ||
|  |     using System.IdentityModel; | ||
|  |     using System.IdentityModel.Tokens; | ||
|  |     using System.Runtime.CompilerServices; | ||
|  |     using System.Security.Cryptography; | ||
|  |     using System.ServiceModel.Security; | ||
|  |     using System.Xml; | ||
|  | 
 | ||
|  |     [TypeForwardedFrom("System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089")] | ||
|  |     public class WrappedKeySecurityToken : SecurityToken | ||
|  |     { | ||
|  |         string id; | ||
|  |         DateTime effectiveTime; | ||
|  | 
 | ||
|  |         EncryptedKey encryptedKey; | ||
|  |         ReadOnlyCollection<SecurityKey> securityKey; | ||
|  |         byte[] wrappedKey; | ||
|  |         string wrappingAlgorithm; | ||
|  |         ISspiNegotiation wrappingSspiContext; | ||
|  |         SecurityToken wrappingToken; | ||
|  |         SecurityKey wrappingSecurityKey; | ||
|  |         SecurityKeyIdentifier wrappingTokenReference; | ||
|  |         bool serializeCarriedKeyName; | ||
|  |         byte[] wrappedKeyHash; | ||
|  |         XmlDictionaryString wrappingAlgorithmDictionaryString; | ||
|  | 
 | ||
|  |         // sender use | ||
|  |         internal WrappedKeySecurityToken(string id, byte[] keyToWrap, ISspiNegotiation wrappingSspiContext) | ||
|  |             : this(id, keyToWrap, (wrappingSspiContext != null) ? (wrappingSspiContext.KeyEncryptionAlgorithm) : null, wrappingSspiContext, null) | ||
|  |         { | ||
|  |         } | ||
|  | 
 | ||
|  |         // sender use | ||
|  |         public WrappedKeySecurityToken(string id, byte[] keyToWrap, string wrappingAlgorithm, SecurityToken wrappingToken, SecurityKeyIdentifier wrappingTokenReference) | ||
|  |             : this(id, keyToWrap, wrappingAlgorithm, null, wrappingToken, wrappingTokenReference) | ||
|  |         { | ||
|  |         } | ||
|  | 
 | ||
|  |         internal WrappedKeySecurityToken(string id, byte[] keyToWrap, string wrappingAlgorithm, XmlDictionaryString wrappingAlgorithmDictionaryString, SecurityToken wrappingToken, SecurityKeyIdentifier wrappingTokenReference) | ||
|  |             : this(id, keyToWrap, wrappingAlgorithm, wrappingAlgorithmDictionaryString, wrappingToken, wrappingTokenReference, null, null) | ||
|  |         { | ||
|  |         } | ||
|  | 
 | ||
|  |         // direct receiver use, chained sender use | ||
|  |         internal WrappedKeySecurityToken(string id, byte[] keyToWrap, string wrappingAlgorithm, ISspiNegotiation wrappingSspiContext, byte[] wrappedKey) | ||
|  |             : this(id, keyToWrap, wrappingAlgorithm, null) | ||
|  |         { | ||
|  |             if (wrappingSspiContext == null) | ||
|  |             { | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("wrappingSspiContext"); | ||
|  |             } | ||
|  |             this.wrappingSspiContext = wrappingSspiContext; | ||
|  |             if (wrappedKey == null) | ||
|  |             { | ||
|  |                 this.wrappedKey = wrappingSspiContext.Encrypt(keyToWrap); | ||
|  |             } | ||
|  |             else | ||
|  |             { | ||
|  |                 this.wrappedKey = wrappedKey; | ||
|  |             } | ||
|  |             this.serializeCarriedKeyName = false; | ||
|  |         } | ||
|  | 
 | ||
|  |         // receiver use | ||
|  |         internal WrappedKeySecurityToken(string id, byte[] keyToWrap, string wrappingAlgorithm, SecurityToken wrappingToken, SecurityKeyIdentifier wrappingTokenReference, byte[] wrappedKey, SecurityKey wrappingSecurityKey) | ||
|  |             : this(id, keyToWrap, wrappingAlgorithm, null, wrappingToken, wrappingTokenReference, wrappedKey, wrappingSecurityKey) | ||
|  |         { | ||
|  |         } | ||
|  | 
 | ||
|  |         WrappedKeySecurityToken(string id, byte[] keyToWrap, string wrappingAlgorithm, XmlDictionaryString wrappingAlgorithmDictionaryString, SecurityToken wrappingToken, SecurityKeyIdentifier wrappingTokenReference, byte[] wrappedKey, SecurityKey wrappingSecurityKey) | ||
|  |             : this(id, keyToWrap, wrappingAlgorithm, wrappingAlgorithmDictionaryString) | ||
|  |         { | ||
|  |             if (wrappingToken == null) | ||
|  |             { | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("wrappingToken"); | ||
|  |             } | ||
|  |             this.wrappingToken = wrappingToken; | ||
|  |             this.wrappingTokenReference = wrappingTokenReference; | ||
|  |             if (wrappedKey == null) | ||
|  |             { | ||
|  |                 this.wrappedKey = SecurityUtils.EncryptKey(wrappingToken, wrappingAlgorithm, keyToWrap); | ||
|  |             } | ||
|  |             else | ||
|  |             { | ||
|  |                 this.wrappedKey = wrappedKey; | ||
|  |             } | ||
|  |             this.wrappingSecurityKey = wrappingSecurityKey; | ||
|  |             this.serializeCarriedKeyName = true; | ||
|  |         } | ||
|  | 
 | ||
|  |         WrappedKeySecurityToken(string id, byte[] keyToWrap, string wrappingAlgorithm, XmlDictionaryString wrappingAlgorithmDictionaryString) | ||
|  |         { | ||
|  |             if (id == null) | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("id"); | ||
|  |             if (wrappingAlgorithm == null) | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("wrappingAlgorithm"); | ||
|  |             if (keyToWrap == null) | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityKeyToWrap"); | ||
|  | 
 | ||
|  |             this.id = id; | ||
|  |             this.effectiveTime = DateTime.UtcNow; | ||
|  |             this.securityKey = SecurityUtils.CreateSymmetricSecurityKeys(keyToWrap); | ||
|  |             this.wrappingAlgorithm = wrappingAlgorithm; | ||
|  |             this.wrappingAlgorithmDictionaryString = wrappingAlgorithmDictionaryString; | ||
|  |         } | ||
|  | 
 | ||
|  |         public override string Id | ||
|  |         { | ||
|  |             get { return this.id; } | ||
|  |         } | ||
|  | 
 | ||
|  |         public override DateTime ValidFrom | ||
|  |         { | ||
|  |             get { return this.effectiveTime; } | ||
|  |         } | ||
|  | 
 | ||
|  |         public override DateTime ValidTo | ||
|  |         { | ||
|  |             // Never expire | ||
|  |             get { return DateTime.MaxValue; } | ||
|  |         } | ||
|  | 
 | ||
|  |         internal EncryptedKey EncryptedKey | ||
|  |         { | ||
|  |             get { return this.encryptedKey; } | ||
|  |             set { this.encryptedKey = value; } | ||
|  |         } | ||
|  | 
 | ||
|  |         internal ReferenceList ReferenceList | ||
|  |         { | ||
|  |             get | ||
|  |             { | ||
|  |                 return this.encryptedKey == null ? null : this.encryptedKey.ReferenceList; | ||
|  |             } | ||
|  |         } | ||
|  | 
 | ||
|  |         public string WrappingAlgorithm | ||
|  |         { | ||
|  |             get { return this.wrappingAlgorithm; } | ||
|  |         } | ||
|  | 
 | ||
|  |         internal SecurityKey WrappingSecurityKey | ||
|  |         { | ||
|  |             get { return this.wrappingSecurityKey; } | ||
|  |         } | ||
|  | 
 | ||
|  |         public SecurityToken WrappingToken | ||
|  |         { | ||
|  |             get { return this.wrappingToken; } | ||
|  |         } | ||
|  | 
 | ||
|  |         public SecurityKeyIdentifier WrappingTokenReference | ||
|  |         { | ||
|  |             get { return this.wrappingTokenReference; } | ||
|  |         } | ||
|  | 
 | ||
|  |         internal string CarriedKeyName | ||
|  |         { | ||
|  |             get { return null; } | ||
|  |         } | ||
|  | 
 | ||
|  |         public override ReadOnlyCollection<SecurityKey> SecurityKeys | ||
|  |         { | ||
|  |             get { return this.securityKey; } | ||
|  |         } | ||
|  | 
 | ||
|  |         internal byte[] GetHash() | ||
|  |         { | ||
|  |             if (this.wrappedKeyHash == null) | ||
|  |             { | ||
|  |                 EnsureEncryptedKeySetUp(); | ||
|  |                 using (HashAlgorithm hash = CryptoHelper.NewSha1HashAlgorithm()) | ||
|  |                 { | ||
|  |                     this.wrappedKeyHash = hash.ComputeHash(this.encryptedKey.GetWrappedKey()); | ||
|  |                 } | ||
|  |             } | ||
|  |             return wrappedKeyHash; | ||
|  |         } | ||
|  | 
 | ||
|  |         public byte[] GetWrappedKey() | ||
|  |         { | ||
|  |             return SecurityUtils.CloneBuffer(this.wrappedKey); | ||
|  |         } | ||
|  | 
 | ||
|  |         internal void EnsureEncryptedKeySetUp() | ||
|  |         { | ||
|  |             if (this.encryptedKey == null) | ||
|  |             { | ||
|  |                 EncryptedKey ek = new EncryptedKey(); | ||
|  |                 ek.Id = this.Id; | ||
|  |                 if (this.serializeCarriedKeyName) | ||
|  |                 { | ||
|  |                     ek.CarriedKeyName = this.CarriedKeyName; | ||
|  |                 } | ||
|  |                 else | ||
|  |                 { | ||
|  |                     ek.CarriedKeyName = null; | ||
|  |                 } | ||
|  |                 ek.EncryptionMethod = this.WrappingAlgorithm; | ||
|  |                 ek.EncryptionMethodDictionaryString = this.wrappingAlgorithmDictionaryString; | ||
|  |                 ek.SetUpKeyWrap(this.wrappedKey); | ||
|  |                 if (this.WrappingTokenReference != null) | ||
|  |                 { | ||
|  |                     ek.KeyIdentifier = this.WrappingTokenReference; | ||
|  |                 } | ||
|  |                 this.encryptedKey = ek; | ||
|  |             } | ||
|  |         } | ||
|  | 
 | ||
|  |         public override bool CanCreateKeyIdentifierClause<T>() | ||
|  |         { | ||
|  |             if (typeof(T) == typeof(EncryptedKeyHashIdentifierClause)) | ||
|  |                 return true; | ||
|  | 
 | ||
|  |             return base.CanCreateKeyIdentifierClause<T>(); | ||
|  |         } | ||
|  | 
 | ||
|  |         public override T CreateKeyIdentifierClause<T>() | ||
|  |         { | ||
|  |             if (typeof(T) == typeof(EncryptedKeyHashIdentifierClause)) | ||
|  |                 return new EncryptedKeyHashIdentifierClause(GetHash()) as T; | ||
|  | 
 | ||
|  |             return base.CreateKeyIdentifierClause<T>(); | ||
|  |         } | ||
|  | 
 | ||
|  |         public override bool MatchesKeyIdentifierClause(SecurityKeyIdentifierClause keyIdentifierClause) | ||
|  |         { | ||
|  |             EncryptedKeyHashIdentifierClause encKeyIdentifierClause = keyIdentifierClause as EncryptedKeyHashIdentifierClause; | ||
|  |             if (encKeyIdentifierClause != null) | ||
|  |                 return encKeyIdentifierClause.Matches(GetHash()); | ||
|  | 
 | ||
|  |             return base.MatchesKeyIdentifierClause(keyIdentifierClause); | ||
|  |         } | ||
|  |     } | ||
|  | } |