File: System\ServiceModel\Security\Tokens\WrappedKeySecurityToken.cs
Project: ndp\cdf\src\WCF\IdentityModel\System.IdentityModel.csproj (System.IdentityModel)
//------------------------------------------------------------
// Copyright (c) Microsoft Corporation.  All rights reserved.
//------------------------------------------------------------
 
namespace System.ServiceModel.Security.Tokens
{
    using System.Collections.ObjectModel;
    using System.IdentityModel;
    using System.IdentityModel.Tokens;
    using System.Runtime.CompilerServices;
    using System.Security.Cryptography;
    using System.ServiceModel.Security;
    using System.Xml;
 
    [TypeForwardedFrom("System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089")]
    public class WrappedKeySecurityToken : SecurityToken
    {
        string id;
        DateTime effectiveTime;
 
        EncryptedKey encryptedKey;
        ReadOnlyCollection<SecurityKey> securityKey;
        byte[] wrappedKey;
        string wrappingAlgorithm;
        ISspiNegotiation wrappingSspiContext;
        SecurityToken wrappingToken;
        SecurityKey wrappingSecurityKey;
        SecurityKeyIdentifier wrappingTokenReference;
        bool serializeCarriedKeyName;
        byte[] wrappedKeyHash;
        XmlDictionaryString wrappingAlgorithmDictionaryString;
 
        // sender use
        internal WrappedKeySecurityToken(string id, byte[] keyToWrap, ISspiNegotiation wrappingSspiContext)
            : this(id, keyToWrap, (wrappingSspiContext != null) ? (wrappingSspiContext.KeyEncryptionAlgorithm) : null, wrappingSspiContext, null)
        {
        }
 
        // sender use
        public WrappedKeySecurityToken(string id, byte[] keyToWrap, string wrappingAlgorithm, SecurityToken wrappingToken, SecurityKeyIdentifier wrappingTokenReference)
            : this(id, keyToWrap, wrappingAlgorithm, null, wrappingToken, wrappingTokenReference)
        {
        }
 
        internal WrappedKeySecurityToken(string id, byte[] keyToWrap, string wrappingAlgorithm, XmlDictionaryString wrappingAlgorithmDictionaryString, SecurityToken wrappingToken, SecurityKeyIdentifier wrappingTokenReference)
            : this(id, keyToWrap, wrappingAlgorithm, wrappingAlgorithmDictionaryString, wrappingToken, wrappingTokenReference, null, null)
        {
        }
 
        // direct receiver use, chained sender use
        internal WrappedKeySecurityToken(string id, byte[] keyToWrap, string wrappingAlgorithm, ISspiNegotiation wrappingSspiContext, byte[] wrappedKey)
            : this(id, keyToWrap, wrappingAlgorithm, null)
        {
            if (wrappingSspiContext == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("wrappingSspiContext");
            }
            this.wrappingSspiContext = wrappingSspiContext;
            if (wrappedKey == null)
            {
                this.wrappedKey = wrappingSspiContext.Encrypt(keyToWrap);
            }
            else
            {
                this.wrappedKey = wrappedKey;
            }
            this.serializeCarriedKeyName = false;
        }
 
        // receiver use
        internal WrappedKeySecurityToken(string id, byte[] keyToWrap, string wrappingAlgorithm, SecurityToken wrappingToken, SecurityKeyIdentifier wrappingTokenReference, byte[] wrappedKey, SecurityKey wrappingSecurityKey)
            : this(id, keyToWrap, wrappingAlgorithm, null, wrappingToken, wrappingTokenReference, wrappedKey, wrappingSecurityKey)
        {
        }
 
        WrappedKeySecurityToken(string id, byte[] keyToWrap, string wrappingAlgorithm, XmlDictionaryString wrappingAlgorithmDictionaryString, SecurityToken wrappingToken, SecurityKeyIdentifier wrappingTokenReference, byte[] wrappedKey, SecurityKey wrappingSecurityKey)
            : this(id, keyToWrap, wrappingAlgorithm, wrappingAlgorithmDictionaryString)
        {
            if (wrappingToken == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("wrappingToken");
            }
            this.wrappingToken = wrappingToken;
            this.wrappingTokenReference = wrappingTokenReference;
            if (wrappedKey == null)
            {
                this.wrappedKey = SecurityUtils.EncryptKey(wrappingToken, wrappingAlgorithm, keyToWrap);
            }
            else
            {
                this.wrappedKey = wrappedKey;
            }
            this.wrappingSecurityKey = wrappingSecurityKey;
            this.serializeCarriedKeyName = true;
        }
 
        WrappedKeySecurityToken(string id, byte[] keyToWrap, string wrappingAlgorithm, XmlDictionaryString wrappingAlgorithmDictionaryString)
        {
            if (id == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("id");
            if (wrappingAlgorithm == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("wrappingAlgorithm");
            if (keyToWrap == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityKeyToWrap");
 
            this.id = id;
            this.effectiveTime = DateTime.UtcNow;
            this.securityKey = SecurityUtils.CreateSymmetricSecurityKeys(keyToWrap);
            this.wrappingAlgorithm = wrappingAlgorithm;
            this.wrappingAlgorithmDictionaryString = wrappingAlgorithmDictionaryString;
        }
 
        public override string Id
        {
            get { return this.id; }
        }
 
        public override DateTime ValidFrom
        {
            get { return this.effectiveTime; }
        }
 
        public override DateTime ValidTo
        {
            // Never expire
            get { return DateTime.MaxValue; }
        }
 
        internal EncryptedKey EncryptedKey
        {
            get { return this.encryptedKey; }
            set { this.encryptedKey = value; }
        }
 
        internal ReferenceList ReferenceList
        {
            get
            {
                return this.encryptedKey == null ? null : this.encryptedKey.ReferenceList;
            }
        }
 
        public string WrappingAlgorithm
        {
            get { return this.wrappingAlgorithm; }
        }
 
        internal SecurityKey WrappingSecurityKey
        {
            get { return this.wrappingSecurityKey; }
        }
 
        public SecurityToken WrappingToken
        {
            get { return this.wrappingToken; }
        }
 
        public SecurityKeyIdentifier WrappingTokenReference
        {
            get { return this.wrappingTokenReference; }
        }
 
        internal string CarriedKeyName
        {
            get { return null; }
        }
 
        public override ReadOnlyCollection<SecurityKey> SecurityKeys
        {
            get { return this.securityKey; }
        }
 
        internal byte[] GetHash()
        {
            if (this.wrappedKeyHash == null)
            {
                EnsureEncryptedKeySetUp();
                using (HashAlgorithm hash = CryptoHelper.NewSha1HashAlgorithm())
                {
                    this.wrappedKeyHash = hash.ComputeHash(this.encryptedKey.GetWrappedKey());
                }
            }
            return wrappedKeyHash;
        }
 
        public byte[] GetWrappedKey()
        {
            return SecurityUtils.CloneBuffer(this.wrappedKey);
        }
 
        internal void EnsureEncryptedKeySetUp()
        {
            if (this.encryptedKey == null)
            {
                EncryptedKey ek = new EncryptedKey();
                ek.Id = this.Id;
                if (this.serializeCarriedKeyName)
                {
                    ek.CarriedKeyName = this.CarriedKeyName;
                }
                else
                {
                    ek.CarriedKeyName = null;
                }
                ek.EncryptionMethod = this.WrappingAlgorithm;
                ek.EncryptionMethodDictionaryString = this.wrappingAlgorithmDictionaryString;
                ek.SetUpKeyWrap(this.wrappedKey);
                if (this.WrappingTokenReference != null)
                {
                    ek.KeyIdentifier = this.WrappingTokenReference;
                }
                this.encryptedKey = ek;
            }
        }
 
        public override bool CanCreateKeyIdentifierClause<T>()
        {
            if (typeof(T) == typeof(EncryptedKeyHashIdentifierClause))
                return true;
 
            return base.CanCreateKeyIdentifierClause<T>();
        }
 
        public override T CreateKeyIdentifierClause<T>()
        {
            if (typeof(T) == typeof(EncryptedKeyHashIdentifierClause))
                return new EncryptedKeyHashIdentifierClause(GetHash()) as T;
 
            return base.CreateKeyIdentifierClause<T>();
        }
 
        public override bool MatchesKeyIdentifierClause(SecurityKeyIdentifierClause keyIdentifierClause)
        {
            EncryptedKeyHashIdentifierClause encKeyIdentifierClause = keyIdentifierClause as EncryptedKeyHashIdentifierClause;
            if (encKeyIdentifierClause != null)
                return encKeyIdentifierClause.Matches(GetHash());
 
            return base.MatchesKeyIdentifierClause(keyIdentifierClause);
        }
    }
}