Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / infocard / Service / managed / Microsoft / InfoCards / EncryptionUtility.cs / 1 / EncryptionUtility.cs
//------------------------------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
//-----------------------------------------------------------------------------
namespace Microsoft.InfoCards
{
using System;
using System.IdentityModel.Selectors;
using System.IdentityModel.Tokens;
using System.ServiceModel.Security.Tokens;
using System.ServiceModel;
using System.ServiceModel.Security;
using System.IO;
using System.Security.Cryptography.X509Certificates;
using System.Security.Cryptography.Xml;
using System.Xml;
using System.Security.Principal;
using System.Security.Cryptography;
using System.Text;
using System.Globalization;
using IDT = Microsoft.InfoCards.Diagnostics.InfoCardTrace;
//
// Summary
// This class provides utility function to enable encryption of tokens
//
internal sealed class EncryptionUtility
{
private EncryptionUtility()
{
}
//
// Summary
// Encrypt a security token
//
// Parameters
// tokenToBeEncrypted - The security token that needs to be encrypted
// cert - The certificate of the party to which the token is to be encrypted
// encryptingAlgorithm - The algorithm to use for encryption
//
public static XmlElement EncryptSecurityToken( SecurityToken tokenToBeEncrypted, X509Certificate2 cert,
string encryptingAlgorithm, string asymmetricKeyWrapAlgorithm, ProtocolProfile profile )
{
//
// create the stream for data to be encrypted
//
MemoryStream streamToBeEncrypted = new MemoryStream();
XmlDictionaryWriter writer = XmlDictionaryWriter.CreateDictionaryWriter( new XmlTextWriter( new StreamWriter( streamToBeEncrypted ) ) );
profile.TokenSerializer.WriteToken( writer, tokenToBeEncrypted );
writer.Flush();
streamToBeEncrypted.Seek( 0, SeekOrigin.Begin );
return EncryptToken( streamToBeEncrypted, cert, encryptingAlgorithm, asymmetricKeyWrapAlgorithm, profile );
}
//
// Summary
// Encrypt a security token
//
// Parameters
// elem - The security token element that needs to be encrypted
// cert - The certificate of the party to which the token is to be encrypted
// encryptingAlgorithm - The algorithm to use for encryption
// keyWrapAlgorithm - Symmetric P ==> rasoaep. Asymmetric P ==> as specified
//
public static XmlElement EncryptSecurityToken( XmlElement elem, X509Certificate2 cert,
string encryptingAlgorithm, string asymmetricKeyWrapAlgorithm, ProtocolProfile profile )
{
//
// create the stream for data to be encrypted
//
MemoryStream streamToBeEncrypted = new MemoryStream();
XmlDictionaryWriter writer = XmlDictionaryWriter.CreateDictionaryWriter( new XmlTextWriter( new StreamWriter( streamToBeEncrypted ) ) );
elem.WriteTo( writer );
writer.Flush();
streamToBeEncrypted.Seek( 0, SeekOrigin.Begin );
return EncryptToken( streamToBeEncrypted, cert, encryptingAlgorithm, asymmetricKeyWrapAlgorithm, profile );
}
//
// Summary
// Encrypt a security token
//
// Parameters
// streamToBeEncrypted - The security token stream that needs to be encrypted
// cert - The certificate of the party to which the token is to be encrypted
// encryptingAlgorithm - The algorithm to use for encryption
// keyWrapAlgorithm - Symmetric P ==> rasoaep. Asymmetric P ==> as specified
//
private static XmlElement EncryptToken( MemoryStream streamToBeEncrypted, X509Certificate2 cert,
string encryptingAlgorithm, string asymmetricKeyWrapAlgorithm, ProtocolProfile profile )
{
IDT.TraceDebug( "Encrypting the security token" );
IDT.ThrowInvalidArgumentConditional( String.IsNullOrEmpty( encryptingAlgorithm ), "encryptingAlgorithm" );
IDT.ThrowInvalidArgumentConditional( null == cert, "cert" );
IDT.TraceDebug( "Encrypting issued token with {0} algorithm", encryptingAlgorithm );
IDT.TraceDebug( "Encrypting issued token with {0} certificate", cert.FriendlyName );
SecurityToken encryptingToken = new X509SecurityToken( cert, "id" );
SecurityAlgorithmSuite suite = SecurityAlgorithmSuite.Default;
switch( encryptingAlgorithm )
{
case SecurityAlgorithms.Aes128Encryption:
suite = SecurityAlgorithmSuite.Basic128;
break;
case SecurityAlgorithms.Aes192Encryption:
suite = SecurityAlgorithmSuite.Basic192;
break;
case SecurityAlgorithms.Aes256Encryption:
suite = SecurityAlgorithmSuite.Basic256;
break;
case SecurityAlgorithms.TripleDesEncryption:
suite = SecurityAlgorithmSuite.TripleDes;
break;
default:
throw IDT.ThrowHelperError( new TokenCreationException(
SR.GetString( SR.UnsupportedEncryptionAlgorithm, encryptingAlgorithm ) ) );
}
//
// create the keys to be used for encryption
//
SecurityKeyIdentifier encryptingKeyIdentifier = new SecurityKeyIdentifier( encryptingToken.CreateKeyIdentifierClause() );
int encryptedKeySize = suite.DefaultEncryptionKeyDerivationLength / 8;
byte[ ] keyToWrap = new byte[ encryptedKeySize ];
RNGCryptoServiceProvider random = new RNGCryptoServiceProvider();
random.GetNonZeroBytes( keyToWrap );
WrappedKeySecurityToken wrappedKeyToken = new WrappedKeySecurityToken( string.Empty,
keyToWrap, asymmetricKeyWrapAlgorithm, encryptingToken, encryptingKeyIdentifier );
SecurityKeyIdentifier keyIdentifier = new SecurityKeyIdentifier( new EncryptedKeyIdentifierClause( wrappedKeyToken.GetWrappedKey(),
wrappedKeyToken.WrappingAlgorithm, wrappedKeyToken.WrappingTokenReference ) );
SymmetricSecurityKey encryptingCrypto = ( SymmetricSecurityKey )wrappedKeyToken.SecurityKeys[ 0 ];
//
// Use the algorithm provided and encrypt the data
//
SymmetricAlgorithm algorithm = encryptingCrypto.GetSymmetricAlgorithm( encryptingAlgorithm );
EncryptedData encryptedData = new EncryptedData();
encryptedData.TokenSerializer = profile.TokenSerializer;
encryptedData.KeyIdentifier = keyIdentifier;
encryptedData.EncryptionMethod = encryptingAlgorithm;
encryptedData.Type = EncryptedXml.XmlEncElementUrl;
encryptedData.SetUpEncryption( algorithm, streamToBeEncrypted.GetBuffer(), 0, Convert.ToInt32( streamToBeEncrypted.Length ) );
//
// write the encrypted data to a memory stream
//
IDT.TraceDebug( "Writing encrypted token to memory stream" );
MemoryStream encryptedStream = new MemoryStream();
XmlDictionaryWriter writer = XmlDictionaryWriter.CreateDictionaryWriter( new XmlTextWriter( new StreamWriter( encryptedStream ) ) );
encryptedData.WriteTo( writer );
writer.Flush();
encryptedStream.Seek( 0, SeekOrigin.Begin );
//
// Create an XmlElement for the encrypted data
//
XmlDocument doc = new XmlDocument();
XmlElement tokenXml = ( XmlElement )doc.ReadNode( Utility.CreateReaderWithQuotas( encryptedStream ) );
Array.Clear(
streamToBeEncrypted.GetBuffer(),
0,
Convert.ToInt32( streamToBeEncrypted.Length ) );
Array.Clear(
encryptedStream.GetBuffer(),
0,
Convert.ToInt32( encryptedStream.Length ) );
streamToBeEncrypted.Close();
encryptedStream.Close();
return tokenXml;
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- CodeExporter.cs
- EntitySqlException.cs
- PointConverter.cs
- OciHandle.cs
- FilterQueryOptionExpression.cs
- MembershipAdapter.cs
- ClientFormsAuthenticationCredentials.cs
- FrameworkContentElement.cs
- IsolatedStorageFilePermission.cs
- TreeViewImageIndexConverter.cs
- DefaultHttpHandler.cs
- InfoCardAsymmetricCrypto.cs
- HierarchicalDataBoundControl.cs
- DataGridViewRowsAddedEventArgs.cs
- UITypeEditor.cs
- URI.cs
- MobileControlBuilder.cs
- DataContractSerializerOperationGenerator.cs
- DesignBindingPicker.cs
- DefaultAssemblyResolver.cs
- HtmlToClrEventProxy.cs
- XamlSerializerUtil.cs
- DataTableMappingCollection.cs
- Page.cs
- MemberAssignmentAnalysis.cs
- TerminatorSinks.cs
- ContentFilePart.cs
- HandleCollector.cs
- EventListener.cs
- OutputCacheModule.cs
- TypeConverterHelper.cs
- FormatterServices.cs
- XmlSchemaInferenceException.cs
- ImageSourceValueSerializer.cs
- XPathArrayIterator.cs
- Vector3dCollection.cs
- TagPrefixCollection.cs
- BinaryConverter.cs
- DataGridViewElement.cs
- DomainUpDown.cs
- RawStylusInputCustomData.cs
- StylusCaptureWithinProperty.cs
- RadioButtonAutomationPeer.cs
- HttpSocketManager.cs
- DbConnectionPoolCounters.cs
- AndMessageFilterTable.cs
- FlowDocumentFormatter.cs
- QilXmlWriter.cs
- Monitor.cs
- TableLayoutStyleCollection.cs
- RefreshEventArgs.cs
- LocalBuilder.cs
- ProtectedProviderSettings.cs
- ListViewInsertionMark.cs
- StructuralType.cs
- Matrix3DValueSerializer.cs
- BinaryUtilClasses.cs
- TabPage.cs
- ListViewAutomationPeer.cs
- PaperSize.cs
- KnownBoxes.cs
- ServiceDesigner.xaml.cs
- FontNamesConverter.cs
- RequestCacheEntry.cs
- VoiceInfo.cs
- ComboBox.cs
- DataGridItemAutomationPeer.cs
- Confirm.cs
- PageEventArgs.cs
- CodeDesigner.cs
- SchemaElementDecl.cs
- XPathMultyIterator.cs
- SamlNameIdentifierClaimResource.cs
- Latin1Encoding.cs
- XmlSchemaSimpleContentExtension.cs
- ScopeElement.cs
- DateTimePicker.cs
- PageParserFilter.cs
- AccessibleObject.cs
- ListArgumentProvider.cs
- CodeSnippetStatement.cs
- ManifestBasedResourceGroveler.cs
- UnsafeNativeMethods.cs
- RawTextInputReport.cs
- KoreanCalendar.cs
- TimeoutValidationAttribute.cs
- HttpProfileGroupBase.cs
- Property.cs
- PageHandlerFactory.cs
- TimeStampChecker.cs
- Marshal.cs
- TableNameAttribute.cs
- TextDecoration.cs
- DataServiceKeyAttribute.cs
- ManifestResourceInfo.cs
- XmlSchemaInclude.cs
- MenuAutomationPeer.cs
- AgileSafeNativeMemoryHandle.cs
- ButtonFieldBase.cs
- DynamicRendererThreadManager.cs