2 // WrappedKeySecurityToken.cs
5 // Atsushi Enomoto <atsushi@ximian.com>
7 // Copyright (C) 2006 Novell, Inc. http://www.novell.com
9 // Permission is hereby granted, free of charge, to any person obtaining
10 // a copy of this software and associated documentation files (the
11 // "Software"), to deal in the Software without restriction, including
12 // without limitation the rights to use, copy, modify, merge, publish,
13 // distribute, sublicense, and/or sell copies of the Software, and to
14 // permit persons to whom the Software is furnished to do so, subject to
15 // the following conditions:
17 // The above copyright notice and this permission notice shall be
18 // included in all copies or substantial portions of the Software.
20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 using System.Collections.ObjectModel;
30 using System.Security.Cryptography;
31 using System.Security.Cryptography.Xml;
33 using System.IdentityModel.Policy;
34 using System.IdentityModel.Tokens;
36 namespace System.ServiceModel.Security.Tokens
38 public class WrappedKeySecurityToken : SecurityToken
44 SecurityToken wrap_token;
45 SecurityKeyIdentifier wrap_token_ref;
46 DateTime valid_from = DateTime.Now.ToUniversalTime ();
47 ReadOnlyCollection<SecurityKey> keys;
48 ReferenceList reference_list;
51 public WrappedKeySecurityToken (
54 string wrappingAlgorithm,
55 SecurityToken wrappingToken,
56 SecurityKeyIdentifier wrappingTokenReference)
59 throw new ArgumentNullException ("id");
60 if (keyToWrap == null)
61 throw new ArgumentNullException ("keyToWrap");
62 if (wrappingAlgorithm == null)
63 throw new ArgumentNullException ("wrappingAlgorithm");
64 if (wrappingToken == null)
65 throw new ArgumentNullException ("wrappingToken");
69 wrap_alg = wrappingAlgorithm;
70 wrap_token = wrappingToken;
71 wrap_token_ref = wrappingTokenReference;
72 Collection<SecurityKey> l = new Collection<SecurityKey> ();
73 foreach (SecurityKey sk in wrappingToken.SecurityKeys) {
74 if (sk.IsSupportedAlgorithm (wrappingAlgorithm)) {
75 wrapped_key = sk.EncryptKey (wrappingAlgorithm, keyToWrap);
76 l.Add (new InMemorySymmetricSecurityKey (keyToWrap));
80 keys = new ReadOnlyCollection<SecurityKey> (l);
81 if (wrapped_key == null)
82 throw new ArgumentException (String.Format ("None of the security keys in the argument token supports specified wrapping algorithm '{0}'", wrappingAlgorithm));
85 internal byte [] RawKey {
86 get { return raw_key; }
89 // It is kind of compromised solution to output
90 // ReferenceList inside e:EncryptedKey and might disappear
91 // when non-wrapped key is represented by another token type.
92 internal ReferenceList ReferenceList {
93 get { return reference_list; }
94 set { reference_list = value; }
97 public override DateTime ValidFrom {
98 get { return valid_from; }
101 public override DateTime ValidTo {
102 get { return DateTime.MaxValue.AddDays (-1); }
105 public override string Id {
109 public override ReadOnlyCollection<SecurityKey> SecurityKeys {
113 public string WrappingAlgorithm {
114 get { return wrap_alg; }
117 public SecurityToken WrappingToken {
118 get { return wrap_token; }
121 public SecurityKeyIdentifier WrappingTokenReference {
122 get { return wrap_token_ref; }
125 public byte [] GetWrappedKey ()
127 return (byte []) wrapped_key.Clone ();
130 internal void SetWrappedKey (byte [] value)
132 wrapped_key = (byte []) value.Clone ();
136 public override bool CanCreateKeyIdentifierClause<T> ()
139 foreach (SecurityKeyIdentifierClause k in WrappingTokenReference) {
140 Type t = k.GetType ();
141 if (t == typeof (T) || t.IsSubclassOf (typeof (T)))
149 public override T CreateKeyIdentifierClause<T> ()
152 foreach (SecurityKeyIdentifierClause k in WrappingTokenReference) {
153 Type t = k.GetType ();
154 if (t == typeof (T) || t.IsSubclassOf (typeof (T)))
158 throw new NotSupportedException (String.Format ("WrappedKeySecurityToken cannot create '{0}'", typeof (T)));
161 public override bool MatchesKeyIdentifierClause (SecurityKeyIdentifierClause keyIdentifierClause)
163 LocalIdKeyIdentifierClause lkic = keyIdentifierClause as LocalIdKeyIdentifierClause;
164 if (lkic != null && lkic.LocalId == Id)
167 InternalEncryptedKeyIdentifierClause khic = keyIdentifierClause as InternalEncryptedKeyIdentifierClause;
169 keyhash = SHA1.Create ().ComputeHash (wrapped_key);
170 if (khic != null && khic.Matches (keyhash))