public static byte[] Decrypt(X509Certificate2 certificate, string securityPolicyUri, EncryptedData dataToDecrypt)
{
// check if nothing to do.
if (dataToDecrypt == null)
{
return null;
}
// nothing more to do if no encryption.
if (String.IsNullOrEmpty(securityPolicyUri))
{
return dataToDecrypt.Data;
}
// decrypt data.
switch (securityPolicyUri)
{
case SecurityPolicies.Basic256:
case SecurityPolicies.Basic256Sha256:
{
if (dataToDecrypt.Algorithm == SecurityAlgorithms.RsaOaep)
{
return RsaUtils.Decrypt(new ArraySegment<byte>(dataToDecrypt.Data), certificate, true);
}
break;
}
case SecurityPolicies.Basic128Rsa15:
{
if (dataToDecrypt.Algorithm == SecurityAlgorithms.Rsa15)
{
return RsaUtils.Decrypt(new ArraySegment<byte>(dataToDecrypt.Data), certificate, false);
}
break;
}
case SecurityPolicies.None:
{
if (String.IsNullOrEmpty(dataToDecrypt.Algorithm))
{
return dataToDecrypt.Data;
}
break;
}
default:
{
throw ServiceResultException.Create(
StatusCodes.BadSecurityPolicyRejected,
"Unsupported security policy: {0}",
securityPolicyUri);
}
}
throw ServiceResultException.Create(
StatusCodes.BadIdentityTokenInvalid,
"Unexpected encryption algorithm : {0}",
dataToDecrypt.Algorithm);
}