1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
//----------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
//------------------------------------------------------------
namespace System.ServiceModel.Security
{
using System.ServiceModel.Channels;
using System.ServiceModel.Security.Tokens;
using System.Xml;
using SignedXml = System.IdentityModel.SignedXml;
using StandardSignedInfo = System.IdentityModel.StandardSignedInfo;
class LaxModeSecurityHeaderElementInferenceEngine : SecurityHeaderElementInferenceEngine
{
static LaxModeSecurityHeaderElementInferenceEngine instance = new LaxModeSecurityHeaderElementInferenceEngine();
protected LaxModeSecurityHeaderElementInferenceEngine() { }
internal static LaxModeSecurityHeaderElementInferenceEngine Instance
{
get { return instance; }
}
public override void ExecuteProcessingPasses(ReceiveSecurityHeader securityHeader, XmlDictionaryReader reader)
{
// pass 1
securityHeader.ExecuteReadingPass(reader);
// pass 1.5
securityHeader.ExecuteDerivedKeyTokenStubPass(false);
// pass 2
securityHeader.ExecuteSubheaderDecryptionPass();
// pass 2.5
securityHeader.ExecuteDerivedKeyTokenStubPass(true);
// layout-specific inferences
MarkElements(securityHeader.ElementManager, securityHeader.RequireMessageProtection);
// pass 3
securityHeader.ExecuteSignatureEncryptionProcessingPass();
}
public override void MarkElements(ReceiveSecurityHeaderElementManager elementManager, bool messageSecurityMode)
{
bool primarySignatureFound = false;
for (int position = 0; position < elementManager.Count; position++)
{
ReceiveSecurityHeaderEntry entry;
elementManager.GetElementEntry(position, out entry);
if (entry.elementCategory == ReceiveSecurityHeaderElementCategory.Signature)
{
if (!messageSecurityMode)
{
elementManager.SetBindingMode(position, ReceiveSecurityHeaderBindingModes.Endorsing);
continue;
}
SignedXml signedXml = (SignedXml)entry.element;
StandardSignedInfo signedInfo = (StandardSignedInfo)signedXml.Signature.SignedInfo;
bool targetsSignature = false;
if (signedInfo.ReferenceCount == 1)
{
string uri = signedInfo[0].Uri;
string id;
if (uri != null && uri.Length > 1 && uri[0] == '#')
{
id = uri.Substring(1);
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(
new MessageSecurityException(SR.GetString(SR.UnableToResolveReferenceUriForSignature, uri)));
}
for (int j = 0; j < elementManager.Count; j++)
{
ReceiveSecurityHeaderEntry inner;
elementManager.GetElementEntry(j, out inner);
if (j != position && inner.elementCategory == ReceiveSecurityHeaderElementCategory.Signature && inner.id == id)
{
targetsSignature = true;
break;
}
}
}
if (targetsSignature)
{
elementManager.SetBindingMode(position, ReceiveSecurityHeaderBindingModes.Endorsing);
continue;
}
else
{
if (primarySignatureFound)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.AtMostOnePrimarySignatureInReceiveSecurityHeader)));
}
primarySignatureFound = true;
elementManager.SetBindingMode(position, ReceiveSecurityHeaderBindingModes.Primary);
continue;
}
}
}
}
}
}
|
