mono/mcs/class/referencesource/System.ServiceModel/System/ServiceModel/Security/ReceiveSecurityHeader.cs

//----------------------------------------------------------
// Copyright (c) Microsoft Corporation.  All rights reserved.
//------------------------------------------------------------

namespace System.ServiceModel.Security
{
    using System.Collections.Generic;
    using System.Collections.ObjectModel;
    using System.Diagnostics;
    using System.IdentityModel.Policy;
    using System.IdentityModel.Selectors;
    using System.IdentityModel.Tokens;
    using System.Security.Authentication.ExtendedProtection;
    using System.Security.Cryptography.X509Certificates;
    using System.ServiceModel;
    using System.ServiceModel.Channels;
    using System.ServiceModel.Description;
    using System.ServiceModel.Security.Tokens;
    using System.ServiceModel.Diagnostics;
    using System.Runtime;
    using System.Xml;
    using ISignatureValueSecurityElement = System.IdentityModel.ISignatureValueSecurityElement;
    using SignatureResourcePool = System.IdentityModel.SignatureResourcePool;
    using SignedXml = System.IdentityModel.SignedXml;
    using System.Runtime.Diagnostics;
    using System.ServiceModel.Diagnostics.Application;

    abstract class ReceiveSecurityHeader : SecurityHeader
    {
        // client->server symmetric binding case: only primaryTokenAuthenticator is set
        // server->client symmetric binding case: only primary token is set
        // asymmetric binding case: primaryTokenAuthenticator and wrapping token is set

        SecurityTokenAuthenticator primaryTokenAuthenticator;
        bool allowFirstTokenMismatch;
        SecurityToken outOfBandPrimaryToken;
        IList<SecurityToken> outOfBandPrimaryTokenCollection;
        SecurityTokenParameters primaryTokenParameters;
        TokenTracker primaryTokenTracker;
        SecurityToken wrappingToken;
        SecurityTokenParameters wrappingTokenParameters;
        SecurityToken expectedEncryptionToken;
        SecurityTokenParameters expectedEncryptionTokenParameters;
        SecurityTokenAuthenticator derivedTokenAuthenticator;
        // assumes that the caller has done the check for uniqueness of types
        IList<SupportingTokenAuthenticatorSpecification> supportingTokenAuthenticators;
        ChannelBinding channelBinding;
        ExtendedProtectionPolicy extendedProtectionPolicy;

        bool expectEncryption = true;
        // caller should precompute and set expectations
        bool expectBasicTokens;
        bool expectSignedTokens;
        bool expectEndorsingTokens;
        bool expectSignature = true;
        bool requireSignedPrimaryToken;
        bool expectSignatureConfirmation;
        // maps from token to wire form (for basic and signed), and also tracks operations done
        // maps from supporting token parameter to the operations done for that token type
        List<TokenTracker> supportingTokenTrackers;

        SignatureConfirmations receivedSignatureValues;
        SignatureConfirmations receivedSignatureConfirmations;
        List<SecurityTokenAuthenticator> allowedAuthenticators;

        SecurityTokenAuthenticator pendingSupportingTokenAuthenticator;

        WrappedKeySecurityToken wrappedKeyToken;
        Collection<SecurityToken> basicTokens;
        Collection<SecurityToken> signedTokens;
        Collection<SecurityToken> endorsingTokens;
        Collection<SecurityToken> signedEndorsingTokens;
        Dictionary<SecurityToken, ReadOnlyCollection<IAuthorizationPolicy>> tokenPoliciesMapping;
        List<SecurityTokenAuthenticator> wrappedKeyAuthenticator;
        SecurityTimestamp timestamp;
        SecurityHeaderTokenResolver universalTokenResolver;
        SecurityHeaderTokenResolver primaryTokenResolver;
        ReadOnlyCollection<SecurityTokenResolver> outOfBandTokenResolver;
        SecurityTokenResolver combinedUniversalTokenResolver;
        SecurityTokenResolver combinedPrimaryTokenResolver;

        readonly int headerIndex;
        XmlAttributeHolder[] securityElementAttributes;
        OrderTracker orderTracker = new OrderTracker();
        OperationTracker signatureTracker = new OperationTracker();
        OperationTracker encryptionTracker = new OperationTracker();

        ReceiveSecurityHeaderElementManager elementManager;

        int maxDerivedKeys;
        int numDerivedKeys;
        int maxDerivedKeyLength;
        bool enforceDerivedKeyRequirement = true;

        NonceCache nonceCache;
        TimeSpan replayWindow;
        TimeSpan clockSkew;
        byte[] primarySignatureValue;
        TimeoutHelper timeoutHelper;
        SecurityVerifiedMessage securityVerifiedMessage;
        long maxReceivedMessageSize = TransportDefaults.MaxReceivedMessageSize;
        XmlDictionaryReaderQuotas readerQuotas;
        MessageProtectionOrder protectionOrder;
        bool hasAtLeastOneSupportingTokenExpectedToBeSigned;
        bool hasEndorsingOrSignedEndorsingSupportingTokens;
        SignatureResourcePool resourcePool;
        bool replayDetectionEnabled = false;

        bool hasAtLeastOneItemInsideSecurityHeaderEncrypted = false;

        const int AppendPosition = -1;

        EventTraceActivity eventTraceActivity;

        protected ReceiveSecurityHeader(Message message, string actor, bool mustUnderstand, bool relay,
            SecurityStandardsManager standardsManager,
            SecurityAlgorithmSuite algorithmSuite,
            int headerIndex,
            MessageDirection direction)
            : base(message, actor, mustUnderstand, relay, standardsManager, algorithmSuite, direction)
        {
            this.headerIndex = headerIndex;
            this.elementManager = new ReceiveSecurityHeaderElementManager(this);
        }

        public Collection<SecurityToken> BasicSupportingTokens
        {
            get
            {
                return this.basicTokens;
            }
        }

        public Collection<SecurityToken> SignedSupportingTokens
        {
            get
            {
                return this.signedTokens;
            }
        }

        public Collection<SecurityToken> EndorsingSupportingTokens
        {
            get
            {
                return this.endorsingTokens;
            }
        }

        public ReceiveSecurityHeaderElementManager ElementManager
        {
            get
            {
                return this.elementManager;
            }
        }

        public Collection<SecurityToken> SignedEndorsingSupportingTokens
        {
            get
            {
                return this.signedEndorsingTokens;
            }
        }

        public SecurityTokenAuthenticator DerivedTokenAuthenticator
        {
            get
            {
                return this.derivedTokenAuthenticator;
            }
            set
            {
                ThrowIfProcessingStarted();
                this.derivedTokenAuthenticator = value;
            }
        }

        public List<SecurityTokenAuthenticator> WrappedKeySecurityTokenAuthenticator
        {
            get
            {
                return this.wrappedKeyAuthenticator;
            }
            set
            {
                ThrowIfProcessingStarted();
                this.wrappedKeyAuthenticator = value;
            }
        }

        public bool EnforceDerivedKeyRequirement
        {
            get
            {
                return this.enforceDerivedKeyRequirement;
            }
            set
            {
                ThrowIfProcessingStarted();
                this.enforceDerivedKeyRequirement = value;
            }
        }

        public byte[] PrimarySignatureValue
        {
            get { return this.primarySignatureValue; }
        }

        public bool EncryptBeforeSignMode
        {
            get { return this.orderTracker.EncryptBeforeSignMode; }
        }

        public SecurityToken EncryptionToken
        {
            get { return this.encryptionTracker.Token; }
        }

        public bool ExpectBasicTokens
        {
            get { return this.expectBasicTokens; }
            set
            {
                ThrowIfProcessingStarted();
                this.expectBasicTokens = value;
            }
        }

        public bool ReplayDetectionEnabled
        {
            get { return this.replayDetectionEnabled; }
            set
            {
                ThrowIfProcessingStarted();
                this.replayDetectionEnabled = value;
            }
        }

        public bool ExpectEncryption
        {
            get { return this.expectEncryption; }
            set
            {
                ThrowIfProcessingStarted();
                this.expectEncryption = value;
            }
        }

        public bool ExpectSignature
        {
            get { return this.expectSignature; }
            set
            {
                ThrowIfProcessingStarted();
                this.expectSignature = value;
            }
        }

        public bool ExpectSignatureConfirmation
        {
            get { return this.expectSignatureConfirmation; }
            set
            {
                ThrowIfProcessingStarted();
                this.expectSignatureConfirmation = value;
            }
        }

        public bool ExpectSignedTokens
        {
            get { return this.expectSignedTokens; }
            set
            {
                ThrowIfProcessingStarted();
                this.expectSignedTokens = value;
            }
        }

        public bool RequireSignedPrimaryToken
        {
            get { return this.requireSignedPrimaryToken; }
            set
            {
                ThrowIfProcessingStarted();
                this.requireSignedPrimaryToken = value;
            }
        }

        public bool ExpectEndorsingTokens
        {
            get { return this.expectEndorsingTokens; }
            set
            {
                ThrowIfProcessingStarted();
                this.expectEndorsingTokens = value;
            }
        }

        public bool HasAtLeastOneItemInsideSecurityHeaderEncrypted
        {
            get { return this.hasAtLeastOneItemInsideSecurityHeaderEncrypted; }
            set { this.hasAtLeastOneItemInsideSecurityHeaderEncrypted = value; }
        }

        public SecurityHeaderTokenResolver PrimaryTokenResolver
        {
            get
            {
                return this.primaryTokenResolver;
            }
        }

        public SecurityTokenResolver CombinedUniversalTokenResolver
        {
            get { return this.combinedUniversalTokenResolver; }
        }

        public SecurityTokenResolver CombinedPrimaryTokenResolver
        {
            get { return this.combinedPrimaryTokenResolver; }
        }

        protected EventTraceActivity EventTraceActivity
        {
            get
            {
                if (this.eventTraceActivity == null && FxTrace.Trace.IsEnd2EndActivityTracingEnabled)
                {
                    this.eventTraceActivity = EventTraceActivityHelper.TryExtractActivity((OperationContext.Current != null) ? OperationContext.Current.IncomingMessage : null);
                }

                return this.eventTraceActivity;
            }
        }

        protected void VerifySignatureEncryption()
        {
            if ((this.protectionOrder == MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature) &&
                (!this.orderTracker.AllSignaturesEncrypted))
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(
                                SR.GetString(SR.PrimarySignatureIsRequiredToBeEncrypted)));
            }
        }

        internal int HeaderIndex
        {
            get { return this.headerIndex; }
        }

        internal long MaxReceivedMessageSize
        {
            get
            {
                return this.maxReceivedMessageSize;
            }
            set
            {
                ThrowIfProcessingStarted();
                this.maxReceivedMessageSize = value;
            }
        }

        internal XmlDictionaryReaderQuotas ReaderQuotas
        {
            get { return this.readerQuotas; }
            set
            {
                ThrowIfProcessingStarted();

                if (value == null)
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value");

                this.readerQuotas = value;
            }
        }

        public override string Name
        {
            get { return this.StandardsManager.SecurityVersion.HeaderName.Value; }
        }

        public override string Namespace
        {
            get { return this.StandardsManager.SecurityVersion.HeaderNamespace.Value; }
        }

        public Message ProcessedMessage
        {
            get { return this.Message; }
        }

        public MessagePartSpecification RequiredEncryptionParts
        {
            get { return this.encryptionTracker.Parts; }
            set
            {
                ThrowIfProcessingStarted();
                if (value == null)
                {
                    throw TraceUtility.ThrowHelperError(new ArgumentNullException("value"), this.Message);
                }
                if (!value.IsReadOnly)
                {
                    throw TraceUtility.ThrowHelperError(new InvalidOperationException(
                        SR.GetString(SR.MessagePartSpecificationMustBeImmutable)), this.Message);
                }
                this.encryptionTracker.Parts = value;
            }
        }

        public MessagePartSpecification RequiredSignatureParts
        {
            get { return this.signatureTracker.Parts; }
            set
            {
                ThrowIfProcessingStarted();
                if (value == null)
                {
                    throw TraceUtility.ThrowHelperError(new ArgumentNullException("value"), this.Message);
                }
                if (!value.IsReadOnly)
                {
                    throw TraceUtility.ThrowHelperError(new InvalidOperationException(
                        SR.GetString(SR.MessagePartSpecificationMustBeImmutable)), this.Message);
                }
                this.signatureTracker.Parts = value;
            }
        }

        protected SignatureResourcePool ResourcePool
        {
            get
            {
                if (this.resourcePool == null)
                {
                    this.resourcePool = new SignatureResourcePool();
                }
                return this.resourcePool;
            }
        }

        internal SecurityVerifiedMessage SecurityVerifiedMessage
        {
            get
            {
                return this.securityVerifiedMessage;
            }
        }

        public SecurityToken SignatureToken
        {
            get { return this.signatureTracker.Token; }
        }

        public Dictionary<SecurityToken, ReadOnlyCollection<IAuthorizationPolicy>> SecurityTokenAuthorizationPoliciesMapping
        {
            get
            {
                if (this.tokenPoliciesMapping == null)
                {
                    this.tokenPoliciesMapping = new Dictionary<SecurityToken, ReadOnlyCollection<IAuthorizationPolicy>>();
                }
                return this.tokenPoliciesMapping;
            }
        }

        public SecurityTimestamp Timestamp
        {
            get { return this.timestamp; }
        }

        public int MaxDerivedKeyLength
        {
            get
            {
                return this.maxDerivedKeyLength;
            }
        }

        internal XmlDictionaryReader CreateSecurityHeaderReader()
        {
            return this.securityVerifiedMessage.GetReaderAtSecurityHeader();
        }

        public SignatureConfirmations GetSentSignatureConfirmations()
        {
            return this.receivedSignatureConfirmations;
        }

        public void ConfigureSymmetricBindingServerReceiveHeader(SecurityTokenAuthenticator primaryTokenAuthenticator, SecurityTokenParameters primaryTokenParameters, IList<SupportingTokenAuthenticatorSpecification> supportingTokenAuthenticators)
        {
            this.primaryTokenAuthenticator = primaryTokenAuthenticator;
            this.primaryTokenParameters = primaryTokenParameters;
            this.supportingTokenAuthenticators = supportingTokenAuthenticators;
        }

        // encrypted key case
        public void ConfigureSymmetricBindingServerReceiveHeader(SecurityToken wrappingToken, SecurityTokenParameters wrappingTokenParameters, IList<SupportingTokenAuthenticatorSpecification> supportingTokenAuthenticators)
        {
            this.wrappingToken = wrappingToken;
            this.wrappingTokenParameters = wrappingTokenParameters;
            this.supportingTokenAuthenticators = supportingTokenAuthenticators;
        }

        public void ConfigureAsymmetricBindingServerReceiveHeader(SecurityTokenAuthenticator primaryTokenAuthenticator, SecurityTokenParameters primaryTokenParameters, SecurityToken wrappingToken, SecurityTokenParameters wrappingTokenParameters, IList<SupportingTokenAuthenticatorSpecification> supportingTokenAuthenticators)
        {
            this.primaryTokenAuthenticator = primaryTokenAuthenticator;
            this.primaryTokenParameters = primaryTokenParameters;
            this.wrappingToken = wrappingToken;
            this.wrappingTokenParameters = wrappingTokenParameters;
            this.supportingTokenAuthenticators = supportingTokenAuthenticators;
        }

        public void ConfigureTransportBindingServerReceiveHeader(IList<SupportingTokenAuthenticatorSpecification> supportingTokenAuthenticators)
        {
            this.supportingTokenAuthenticators = supportingTokenAuthenticators;
        }

        public void ConfigureAsymmetricBindingClientReceiveHeader(SecurityToken primaryToken, SecurityTokenParameters primaryTokenParameters, SecurityToken encryptionToken, SecurityTokenParameters encryptionTokenParameters, SecurityTokenAuthenticator primaryTokenAuthenticator)
        {
            this.outOfBandPrimaryToken = primaryToken;
            this.primaryTokenParameters = primaryTokenParameters;
            this.primaryTokenAuthenticator = primaryTokenAuthenticator;
            this.allowFirstTokenMismatch = primaryTokenAuthenticator != null;
            if (encryptionToken != null && !SecurityUtils.HasSymmetricSecurityKey(encryptionToken))
            {
                this.wrappingToken = encryptionToken;
                this.wrappingTokenParameters = encryptionTokenParameters;
            }
            else
            {
                this.expectedEncryptionToken = encryptionToken;
                this.expectedEncryptionTokenParameters = encryptionTokenParameters;
            }
        }

        public void ConfigureSymmetricBindingClientReceiveHeader(SecurityToken primaryToken, SecurityTokenParameters primaryTokenParameters)
        {
            this.outOfBandPrimaryToken = primaryToken;
            this.primaryTokenParameters = primaryTokenParameters;
        }

        public void ConfigureSymmetricBindingClientReceiveHeader(IList<SecurityToken> primaryTokens, SecurityTokenParameters primaryTokenParameters)
        {
            this.outOfBandPrimaryTokenCollection = primaryTokens;
            this.primaryTokenParameters = primaryTokenParameters;
        }

        public void ConfigureOutOfBandTokenResolver(ReadOnlyCollection<SecurityTokenResolver> outOfBandResolvers)
        {
            if (outOfBandResolvers == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("outOfBandResolvers");
            if (outOfBandResolvers.Count == 0)
            {
                return;
            }
            this.outOfBandTokenResolver = outOfBandResolvers;
        }

        protected abstract EncryptedData ReadSecurityHeaderEncryptedItem(XmlDictionaryReader reader, bool readXmlreferenceKeyInfoClause);

        protected abstract byte[] DecryptSecurityHeaderElement(EncryptedData encryptedData, WrappedKeySecurityToken wrappedKeyToken, out SecurityToken encryptionToken);

        protected abstract WrappedKeySecurityToken DecryptWrappedKey(XmlDictionaryReader reader);

        public SignatureConfirmations GetSentSignatureValues()
        {
            return this.receivedSignatureValues;
        }

        protected abstract bool IsReaderAtEncryptedKey(XmlDictionaryReader reader);

        protected abstract bool IsReaderAtEncryptedData(XmlDictionaryReader reader);

        protected abstract bool IsReaderAtReferenceList(XmlDictionaryReader reader);

        protected abstract bool IsReaderAtSignature(XmlDictionaryReader reader);

        protected abstract bool IsReaderAtSecurityTokenReference(XmlDictionaryReader reader);

        protected abstract void OnDecryptionOfSecurityHeaderItemRequiringReferenceListEntry(string id);

        void MarkHeaderAsUnderstood()
        {
            // header decryption does not reorder or delete headers
            MessageHeaderInfo header = this.Message.Headers[this.headerIndex];
            Fx.Assert(header.Name == this.Name && header.Namespace == this.Namespace && header.Actor == this.Actor, "security header index mismatch");
            Message.Headers.UnderstoodHeaders.Add(header);
        }

        protected override void OnWriteStartHeader(XmlDictionaryWriter writer, MessageVersion messageVersion)
        {
            this.StandardsManager.SecurityVersion.WriteStartHeader(writer);
            XmlAttributeHolder[] attributes = this.securityElementAttributes;
            for (int i = 0; i < attributes.Length; ++i)
            {
                writer.WriteAttributeString(attributes[i].Prefix, attributes[i].LocalName, attributes[i].NamespaceUri, attributes[i].Value);
            }
        }

        protected override void OnWriteHeaderContents(XmlDictionaryWriter writer, MessageVersion messageVersion)
        {
            XmlDictionaryReader securityHeaderReader = GetReaderAtSecurityHeader();
            securityHeaderReader.ReadStartElement();
            for (int i = 0; i < this.ElementManager.Count; ++i)
            {
                ReceiveSecurityHeaderEntry entry;
                this.ElementManager.GetElementEntry(i, out entry);
                XmlDictionaryReader reader = null;
                if (entry.encrypted)
                {
                    reader = this.ElementManager.GetReader(i, false);
                    writer.WriteNode(reader, false);
                    reader.Close();
                    securityHeaderReader.Skip();
                }
                else
                {
                    writer.WriteNode(securityHeaderReader, false);
                }
            }
            securityHeaderReader.Close();
        }

        XmlDictionaryReader GetReaderAtSecurityHeader()
        {
            XmlDictionaryReader reader = this.SecurityVerifiedMessage.GetReaderAtFirstHeader();
            for (int i = 0; i < this.HeaderIndex; ++i)
            {
                reader.Skip();
            }

            return reader;
        }

        Collection<SecurityToken> EnsureSupportingTokens(ref Collection<SecurityToken> list)
        {
            if (list == null)
                list = new Collection<SecurityToken>();
            return list;
        }

        void VerifySupportingToken(TokenTracker tracker)
        {
            if (tracker == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tracker");

            Fx.Assert(tracker.spec != null, "Supporting token trackers cannot have null specification.");

            SupportingTokenAuthenticatorSpecification spec = tracker.spec;

            if (tracker.token == null)
            {
                if (spec.IsTokenOptional)
                    return;
                else
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.GetString(SR.SupportingTokenNotProvided, spec.TokenParameters, spec.SecurityTokenAttachmentMode)));
            }
            switch (spec.SecurityTokenAttachmentMode)
            {
                case SecurityTokenAttachmentMode.Endorsing:
                    if (!tracker.IsEndorsing)
                    {
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.GetString(SR.SupportingTokenIsNotEndorsing, spec.TokenParameters)));
                    }
                    if (this.EnforceDerivedKeyRequirement && spec.TokenParameters.RequireDerivedKeys && !spec.TokenParameters.HasAsymmetricKey && !tracker.IsDerivedFrom)
                    {
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.GetString(SR.SupportingSignatureIsNotDerivedFrom, spec.TokenParameters)));
                    }
                    EnsureSupportingTokens(ref endorsingTokens).Add(tracker.token);
                    break;
                case SecurityTokenAttachmentMode.Signed:
                    if (!tracker.IsSigned && this.RequireMessageProtection)
                    {
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.GetString(SR.SupportingTokenIsNotSigned, spec.TokenParameters)));
                    }
                    EnsureSupportingTokens(ref signedTokens).Add(tracker.token);
                    break;
                case SecurityTokenAttachmentMode.SignedEncrypted:
                    if (!tracker.IsSigned && this.RequireMessageProtection)
                    {
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.GetString(SR.SupportingTokenIsNotSigned, spec.TokenParameters)));
                    }
                    if (!tracker.IsEncrypted && this.RequireMessageProtection)
                    {
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.GetString(SR.SupportingTokenIsNotEncrypted, spec.TokenParameters)));
                    }
                    EnsureSupportingTokens(ref basicTokens).Add(tracker.token);
                    break;
                case SecurityTokenAttachmentMode.SignedEndorsing:
                    if (!tracker.IsSigned && this.RequireMessageProtection)
                    {
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.GetString(SR.SupportingTokenIsNotSigned, spec.TokenParameters)));
                    }
                    if (!tracker.IsEndorsing)
                    {
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.GetString(SR.SupportingTokenIsNotEndorsing, spec.TokenParameters)));
                    }
                    if (this.EnforceDerivedKeyRequirement && spec.TokenParameters.RequireDerivedKeys && !spec.TokenParameters.HasAsymmetricKey && !tracker.IsDerivedFrom)
                    {
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.GetString(SR.SupportingSignatureIsNotDerivedFrom, spec.TokenParameters)));
                    }
                    EnsureSupportingTokens(ref signedEndorsingTokens).Add(tracker.token);
                    break;

                default:
                    Fx.Assert("Unknown token attachment mode " + spec.SecurityTokenAttachmentMode);
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.UnknownTokenAttachmentMode, spec.SecurityTokenAttachmentMode)));
            }
        }

        // replay detection done if enableReplayDetection is set to true.
        public void SetTimeParameters(NonceCache nonceCache, TimeSpan replayWindow, TimeSpan clockSkew)
        {
            this.nonceCache = nonceCache;
            this.replayWindow = replayWindow;
            this.clockSkew = clockSkew;
        }

        public void Process(TimeSpan timeout, ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy)
        {
            Fx.Assert(this.ReaderQuotas != null, "Reader quotas must be set before processing");
            MessageProtectionOrder actualProtectionOrder = this.protectionOrder;
            bool wasProtectionOrderDowngraded = false;
            if (this.protectionOrder == MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature)
            {
                if (this.RequiredEncryptionParts == null || !this.RequiredEncryptionParts.IsBodyIncluded)
                {
                    // Let's downgrade for now. If after signature verification we find a header that 
                    // is signed and encrypted, we will check for signature encryption too.
                    actualProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
                    wasProtectionOrderDowngraded = true;
                }
            }

            this.channelBinding = channelBinding;
            this.extendedProtectionPolicy = extendedProtectionPolicy;
            this.orderTracker.SetRequiredProtectionOrder(actualProtectionOrder);

            SetProcessingStarted();
            this.timeoutHelper = new TimeoutHelper(timeout);
            this.Message = this.securityVerifiedMessage = new SecurityVerifiedMessage(this.Message, this);
            XmlDictionaryReader reader = CreateSecurityHeaderReader();
            reader.MoveToStartElement();
            if (reader.IsEmptyElement)
            {
                throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SecurityHeaderIsEmpty)), this.Message);
            }
            if (this.RequireMessageProtection)
            {
                this.securityElementAttributes = XmlAttributeHolder.ReadAttributes(reader);
            }
            else
            {
                this.securityElementAttributes = XmlAttributeHolder.emptyArray;
            }
            reader.ReadStartElement();

            if (this.primaryTokenParameters != null)
            {
                this.primaryTokenTracker = new TokenTracker(null, this.outOfBandPrimaryToken, this.allowFirstTokenMismatch);
            }
            // universalTokenResolver is used for resolving tokens
            universalTokenResolver = new SecurityHeaderTokenResolver(this);
            // primary token resolver is used for resolving primary signature and decryption
            primaryTokenResolver = new SecurityHeaderTokenResolver(this);
            if (this.outOfBandPrimaryToken != null)
            {
                universalTokenResolver.Add(this.outOfBandPrimaryToken, SecurityTokenReferenceStyle.External, this.primaryTokenParameters);
                primaryTokenResolver.Add(this.outOfBandPrimaryToken, SecurityTokenReferenceStyle.External, this.primaryTokenParameters);
            }
            else if (this.outOfBandPrimaryTokenCollection != null)
            {
                for (int i = 0; i < this.outOfBandPrimaryTokenCollection.Count; ++i)
                {
                    universalTokenResolver.Add(this.outOfBandPrimaryTokenCollection[i], SecurityTokenReferenceStyle.External, this.primaryTokenParameters);
                    primaryTokenResolver.Add(this.outOfBandPrimaryTokenCollection[i], SecurityTokenReferenceStyle.External, this.primaryTokenParameters);
                }
            }
            if (this.wrappingToken != null)
            {
                universalTokenResolver.ExpectedWrapper = this.wrappingToken;
                universalTokenResolver.ExpectedWrapperTokenParameters = this.wrappingTokenParameters;
                primaryTokenResolver.ExpectedWrapper = this.wrappingToken;
                primaryTokenResolver.ExpectedWrapperTokenParameters = this.wrappingTokenParameters;
            }
            else if (expectedEncryptionToken != null)
            {
                universalTokenResolver.Add(expectedEncryptionToken, SecurityTokenReferenceStyle.External, expectedEncryptionTokenParameters);
                primaryTokenResolver.Add(expectedEncryptionToken, SecurityTokenReferenceStyle.External, expectedEncryptionTokenParameters);
            }

            if (this.outOfBandTokenResolver == null)
            {
                this.combinedUniversalTokenResolver = this.universalTokenResolver;
                this.combinedPrimaryTokenResolver = this.primaryTokenResolver;
            }
            else
            {
                this.combinedUniversalTokenResolver = new AggregateSecurityHeaderTokenResolver(this.universalTokenResolver, this.outOfBandTokenResolver);
                this.combinedPrimaryTokenResolver = new AggregateSecurityHeaderTokenResolver(this.primaryTokenResolver, this.outOfBandTokenResolver);
            }

            allowedAuthenticators = new List<SecurityTokenAuthenticator>();
            if (this.primaryTokenAuthenticator != null)
            {
                allowedAuthenticators.Add(this.primaryTokenAuthenticator);
            }
            if (this.DerivedTokenAuthenticator != null)
            {
                allowedAuthenticators.Add(this.DerivedTokenAuthenticator);
            }
            pendingSupportingTokenAuthenticator = null;
            int numSupportingTokensRequiringDerivation = 0;
            if (this.supportingTokenAuthenticators != null && this.supportingTokenAuthenticators.Count > 0)
            {
                this.supportingTokenTrackers = new List<TokenTracker>(this.supportingTokenAuthenticators.Count);
                for (int i = 0; i < this.supportingTokenAuthenticators.Count; ++i)
                {
                    SupportingTokenAuthenticatorSpecification spec = this.supportingTokenAuthenticators[i];
                    switch (spec.SecurityTokenAttachmentMode)
                    {
                        case SecurityTokenAttachmentMode.Endorsing:
                            this.hasEndorsingOrSignedEndorsingSupportingTokens = true;
                            break;
                        case SecurityTokenAttachmentMode.Signed:
                            this.hasAtLeastOneSupportingTokenExpectedToBeSigned = true;
                            break;
                        case SecurityTokenAttachmentMode.SignedEndorsing:
                            this.hasEndorsingOrSignedEndorsingSupportingTokens = true;
                            this.hasAtLeastOneSupportingTokenExpectedToBeSigned = true;
                            break;
                        case SecurityTokenAttachmentMode.SignedEncrypted:
                            this.hasAtLeastOneSupportingTokenExpectedToBeSigned = true;
                            break;
                    }

                    if ((this.primaryTokenAuthenticator != null) && (this.primaryTokenAuthenticator.GetType().Equals(spec.TokenAuthenticator.GetType())))
                    {
                        pendingSupportingTokenAuthenticator = spec.TokenAuthenticator;
                    }
                    else
                    {
                        allowedAuthenticators.Add(spec.TokenAuthenticator);
                    }
                    if (spec.TokenParameters.RequireDerivedKeys && !spec.TokenParameters.HasAsymmetricKey &&
                        (spec.SecurityTokenAttachmentMode == SecurityTokenAttachmentMode.Endorsing || spec.SecurityTokenAttachmentMode == SecurityTokenAttachmentMode.SignedEndorsing))
                    {
                        ++numSupportingTokensRequiringDerivation;
                    }
                    this.supportingTokenTrackers.Add(new TokenTracker(spec));
                }
            }

            if (this.DerivedTokenAuthenticator != null)
            {
                // we expect key derivation. Compute quotas for derived keys
                int maxKeyDerivationLengthInBits = this.AlgorithmSuite.DefaultEncryptionKeyDerivationLength >= this.AlgorithmSuite.DefaultSignatureKeyDerivationLength ?
                    this.AlgorithmSuite.DefaultEncryptionKeyDerivationLength : this.AlgorithmSuite.DefaultSignatureKeyDerivationLength;
                this.maxDerivedKeyLength = maxKeyDerivationLengthInBits / 8;
                // the upper bound of derived keys is (1 for primary signature + 1 for encryption + supporting token signatures requiring derivation)*2
                // the multiplication by 2 is to take care of interop scenarios that may arise that require more derived keys than the lower bound.
                this.maxDerivedKeys = (1 + 1 + numSupportingTokensRequiringDerivation) * 2;
            }

            SecurityHeaderElementInferenceEngine engine = SecurityHeaderElementInferenceEngine.GetInferenceEngine(this.Layout);
            engine.ExecuteProcessingPasses(this, reader);
            if (this.RequireMessageProtection)
            {
                this.ElementManager.EnsureAllRequiredSecurityHeaderTargetsWereProtected();
                ExecuteMessageProtectionPass(this.hasAtLeastOneSupportingTokenExpectedToBeSigned);
                if (this.RequiredSignatureParts != null && this.SignatureToken == null)
                {
                    throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.RequiredSignatureMissing)), this.Message);
                }
            }

            EnsureDecryptionComplete();

            this.signatureTracker.SetDerivationSourceIfRequired();
            this.encryptionTracker.SetDerivationSourceIfRequired();
            if (this.EncryptionToken != null)
            {
                if (wrappingToken != null)
                {
                    if (!(this.EncryptionToken is WrappedKeySecurityToken) || ((WrappedKeySecurityToken)this.EncryptionToken).WrappingToken != this.wrappingToken)
                    {
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.GetString(SR.EncryptedKeyWasNotEncryptedWithTheRequiredEncryptingToken, this.wrappingToken)));
                    }
                }
                else if (expectedEncryptionToken != null)
                {
                    if (this.EncryptionToken != expectedEncryptionToken)
                    {
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.GetString(SR.MessageWasNotEncryptedWithTheRequiredEncryptingToken)));
                    }
                }
                else if (this.SignatureToken != null && this.EncryptionToken != this.SignatureToken)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.GetString(SR.SignatureAndEncryptionTokenMismatch, this.SignatureToken, this.EncryptionToken)));
                }
            }

            // ensure that the primary signature was signed with derived keys if required
            if (this.EnforceDerivedKeyRequirement)
            {
                if (this.SignatureToken != null)
                {
                    if (this.primaryTokenParameters != null)
                    {
                        if (this.primaryTokenParameters.RequireDerivedKeys && !this.primaryTokenParameters.HasAsymmetricKey && !this.primaryTokenTracker.IsDerivedFrom)
                        {
                            throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.GetString(SR.PrimarySignatureWasNotSignedByDerivedKey, this.primaryTokenParameters)));
                        }
                    }
                    else if (this.wrappingTokenParameters != null && this.wrappingTokenParameters.RequireDerivedKeys)
                    {
                        if (!this.signatureTracker.IsDerivedToken)
                        {
                            throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.GetString(SR.PrimarySignatureWasNotSignedByDerivedWrappedKey, this.wrappingTokenParameters)));
                        }
                    }
                }

                // verify that the encryption is using key derivation
                if (this.EncryptionToken != null)
                {
                    if (wrappingTokenParameters != null)
                    {
                        if (wrappingTokenParameters.RequireDerivedKeys && !this.encryptionTracker.IsDerivedToken)
                        {
                            throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.GetString(SR.MessageWasNotEncryptedByDerivedWrappedKey, this.wrappingTokenParameters)));
                        }
                    }
                    else if (expectedEncryptionTokenParameters != null)
                    {
                        if (expectedEncryptionTokenParameters.RequireDerivedKeys && !this.encryptionTracker.IsDerivedToken)
                        {
                            throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.GetString(SR.MessageWasNotEncryptedByDerivedEncryptionToken, this.expectedEncryptionTokenParameters)));
                        }
                    }
                    else if (primaryTokenParameters != null && !primaryTokenParameters.HasAsymmetricKey && primaryTokenParameters.RequireDerivedKeys && !this.encryptionTracker.IsDerivedToken)
                    {
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.GetString(SR.MessageWasNotEncryptedByDerivedEncryptionToken, this.primaryTokenParameters)));
                    }
                }
            }

            if (wasProtectionOrderDowngraded && (this.BasicSupportingTokens != null) && (this.BasicSupportingTokens.Count > 0))
            {
                // Basic tokens are always signed and encrypted. So check if Signatures 
                // are encrypted as well.
                this.VerifySignatureEncryption();
            }

            // verify all supporting token parameters have their requirements met
            if (this.supportingTokenTrackers != null)
            {
                for (int i = 0; i < this.supportingTokenTrackers.Count; ++i)
                {
                    VerifySupportingToken(this.supportingTokenTrackers[i]);
                }
            }

            if (this.replayDetectionEnabled)
            {
                if (this.timestamp == null)
                {
                    throw TraceUtility.ThrowHelperError(new MessageSecurityException(
                        SR.GetString(SR.NoTimestampAvailableInSecurityHeaderToDoReplayDetection)), this.Message);
                }
                if (this.primarySignatureValue == null)
                {
                    throw TraceUtility.ThrowHelperError(new MessageSecurityException(
                        SR.GetString(SR.NoSignatureAvailableInSecurityHeaderToDoReplayDetection)), this.Message);
                }

                AddNonce(this.nonceCache, this.primarySignatureValue);

                // if replay detection is on, redo creation range checks to ensure full coverage
                this.timestamp.ValidateFreshness(this.replayWindow, this.clockSkew);
            }

            if (this.ExpectSignatureConfirmation)
            {
                this.ElementManager.VerifySignatureConfirmationWasFound();
            }

            MarkHeaderAsUnderstood();
        }

        static void AddNonce(NonceCache cache, byte[] nonce)
        {
            if (!cache.TryAddNonce(nonce))
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.InvalidOrReplayedNonce), true));
            }
        }

        static void CheckNonce(NonceCache cache, byte[] nonce)
        {
            if (cache.CheckNonce(nonce))
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.InvalidOrReplayedNonce), true));
            }
        }

        protected abstract void EnsureDecryptionComplete();

        protected abstract void ExecuteMessageProtectionPass(bool hasAtLeastOneSupportingTokenExpectedToBeSigned);

        internal void ExecuteSignatureEncryptionProcessingPass()
        {
            for (int position = 0; position < this.elementManager.Count; position++)
            {
                ReceiveSecurityHeaderEntry entry;
                this.elementManager.GetElementEntry(position, out entry);
                switch (entry.elementCategory)
                {
                    case ReceiveSecurityHeaderElementCategory.Signature:
                        if (entry.bindingMode == ReceiveSecurityHeaderBindingModes.Primary)
                        {
                            ProcessPrimarySignature((SignedXml)entry.element, entry.encrypted);
                        }
                        else
                        {
                            ProcessSupportingSignature((SignedXml)entry.element, entry.encrypted);
                        }
                        break;
                    case ReceiveSecurityHeaderElementCategory.ReferenceList:
                        ProcessReferenceList((ReferenceList)entry.element);
                        break;
                    case ReceiveSecurityHeaderElementCategory.Token:
                        WrappedKeySecurityToken wrappedKeyToken = entry.element as WrappedKeySecurityToken;
                        if ((wrappedKeyToken != null) && (wrappedKeyToken.ReferenceList != null))
                        {
                            Fx.Assert(this.Layout != SecurityHeaderLayout.Strict, "Invalid Calling sequence. This method assumes it will be called only during Lax mode.");
                            // ExecuteSignatureEncryptionProcessingPass is called only durng Lax mode. In this
                            // case when we have a EncryptedKey with a ReferencList inside it, we would not 
                            // have processed the ReferenceList during reading pass. Process this here.
                            ProcessReferenceList(wrappedKeyToken.ReferenceList, wrappedKeyToken);
                        }
                        break;
                    case ReceiveSecurityHeaderElementCategory.Timestamp:
                    case ReceiveSecurityHeaderElementCategory.EncryptedKey:
                    case ReceiveSecurityHeaderElementCategory.EncryptedData:
                    case ReceiveSecurityHeaderElementCategory.SignatureConfirmation:
                    case ReceiveSecurityHeaderElementCategory.SecurityTokenReference:
                        // no op
                        break;
                    default:
                        Fx.Assert("invalid element category");
                        break;
                }
            }
        }

        internal void ExecuteSubheaderDecryptionPass()
        {
            for (int position = 0; position < this.elementManager.Count; position++)
            {
                if (this.elementManager.GetElementCategory(position) == ReceiveSecurityHeaderElementCategory.EncryptedData)
                {
                    EncryptedData encryptedData = this.elementManager.GetElement<EncryptedData>(position);
                    bool dummy = false;
                    ProcessEncryptedData(encryptedData, this.timeoutHelper.RemainingTime(), position, false, ref dummy);
                }
            }
        }

        internal void ExecuteReadingPass(XmlDictionaryReader reader)
        {
            int position = 0;
            while (reader.IsStartElement())
            {
                if (IsReaderAtSignature(reader))
                {
                    ReadSignature(reader, AppendPosition, null);
                }
                else if (IsReaderAtReferenceList(reader))
                {
                    ReadReferenceList(reader);
                }
                else if (this.StandardsManager.WSUtilitySpecificationVersion.IsReaderAtTimestamp(reader))
                {
                    ReadTimestamp(reader);
                }
                else if (IsReaderAtEncryptedKey(reader))
                {
                    ReadEncryptedKey(reader, false);
                }
                else if (IsReaderAtEncryptedData(reader))
                {
                    ReadEncryptedData(reader);
                }
                else if (this.StandardsManager.SecurityVersion.IsReaderAtSignatureConfirmation(reader))
                {
                    ReadSignatureConfirmation(reader, AppendPosition, null);
                }
                else if (IsReaderAtSecurityTokenReference(reader))
                {
                    ReadSecurityTokenReference(reader);
                }
                else
                {
                    ReadToken(reader, AppendPosition, null, null, null, this.timeoutHelper.RemainingTime());
                }
                position++;
            }

            reader.ReadEndElement(); // wsse:Security
            reader.Close();
        }

        internal void ExecuteFullPass(XmlDictionaryReader reader)
        {
            bool primarySignatureFound = !this.RequireMessageProtection;
            int position = 0;
            while (reader.IsStartElement())
            {
                if (IsReaderAtSignature(reader))
                {
                    SignedXml signedXml = ReadSignature(reader, AppendPosition, null);
                    if (primarySignatureFound)
                    {
                        this.elementManager.SetBindingMode(position, ReceiveSecurityHeaderBindingModes.Endorsing);
                        ProcessSupportingSignature(signedXml, false);
                    }
                    else
                    {
                        primarySignatureFound = true;
                        this.elementManager.SetBindingMode(position, ReceiveSecurityHeaderBindingModes.Primary);
                        ProcessPrimarySignature(signedXml, false);
                    }
                }
                else if (IsReaderAtReferenceList(reader))
                {
                    ReferenceList referenceList = ReadReferenceList(reader);
                    ProcessReferenceList(referenceList);
                }
                else if (this.StandardsManager.WSUtilitySpecificationVersion.IsReaderAtTimestamp(reader))
                {
                    ReadTimestamp(reader);
                }
                else if (IsReaderAtEncryptedKey(reader))
                {
                    ReadEncryptedKey(reader, true);
                }
                else if (IsReaderAtEncryptedData(reader))
                {
                    EncryptedData encryptedData = ReadEncryptedData(reader);
                    ProcessEncryptedData(encryptedData, this.timeoutHelper.RemainingTime(), position, true, ref primarySignatureFound);
                }
                else if (this.StandardsManager.SecurityVersion.IsReaderAtSignatureConfirmation(reader))
                {
                    ReadSignatureConfirmation(reader, AppendPosition, null);
                }
                else if (IsReaderAtSecurityTokenReference(reader))
                {
                    ReadSecurityTokenReference(reader);
                }
                else
                {
                    ReadToken(reader, AppendPosition, null, null, null, this.timeoutHelper.RemainingTime());
                }
                position++;
            }

            reader.ReadEndElement(); // wsse:Security
            reader.Close();
        }

        internal void EnsureDerivedKeyLimitNotReached()
        {
            ++this.numDerivedKeys;
            if (this.numDerivedKeys > this.maxDerivedKeys)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.GetString(SR.DerivedKeyLimitExceeded, maxDerivedKeys)));
            }
        }

        internal void ExecuteDerivedKeyTokenStubPass(bool isFinalPass)
        {
            for (int position = 0; position < this.elementManager.Count; position++)
            {
                if (this.elementManager.GetElementCategory(position) == ReceiveSecurityHeaderElementCategory.Token)
                {
                    DerivedKeySecurityTokenStub stub = this.elementManager.GetElement(position) as DerivedKeySecurityTokenStub;
                    if (stub != null)
                    {
                        SecurityToken sourceToken = null;
                        this.universalTokenResolver.TryResolveToken(stub.TokenToDeriveIdentifier, out sourceToken);
                        if (sourceToken != null)
                        {
                            EnsureDerivedKeyLimitNotReached();
                            DerivedKeySecurityToken derivedKeyToken = stub.CreateToken(sourceToken, this.maxDerivedKeyLength);
                            this.elementManager.SetElement(position, derivedKeyToken);
                            AddDerivedKeyTokenToResolvers(derivedKeyToken);
                        }
                        else if (isFinalPass)
                        {
                            throw TraceUtility.ThrowHelperError(new MessageSecurityException(
                                SR.GetString(SR.UnableToResolveKeyInfoClauseInDerivedKeyToken, stub.TokenToDeriveIdentifier)), this.Message);
                        }
                    }
                }
            }
        }

        SecurityToken GetRootToken(SecurityToken token)
        {
            if (token is DerivedKeySecurityToken)
            {
                return ((DerivedKeySecurityToken)token).TokenToDerive;
            }
            else
            {
                return token;
            }
        }

        void RecordEncryptionTokenAndRemoveReferenceListEntry(string id, SecurityToken encryptionToken)
        {
            if (id == null)
            {
                throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.MissingIdInEncryptedElement)), this.Message);
            }

            OnDecryptionOfSecurityHeaderItemRequiringReferenceListEntry(id);
            RecordEncryptionToken(encryptionToken);
        }

        EncryptedData ReadEncryptedData(XmlDictionaryReader reader)
        {
            EncryptedData encryptedData = ReadSecurityHeaderEncryptedItem(reader, this.MessageDirection == MessageDirection.Output);

            this.elementManager.AppendEncryptedData(encryptedData);
            return encryptedData;
        }

        internal XmlDictionaryReader CreateDecryptedReader(byte[] decryptedBuffer)
        {
            return ContextImportHelper.CreateSplicedReader(
                decryptedBuffer,
                this.SecurityVerifiedMessage.GetEnvelopeAttributes(),
                this.SecurityVerifiedMessage.GetHeaderAttributes(),
                this.securityElementAttributes,
                this.ReaderQuotas
                );
        }

        void ProcessEncryptedData(EncryptedData encryptedData, TimeSpan timeout, int position, bool eagerMode, ref bool primarySignatureFound)
        {
            if (TD.EncryptedDataProcessingStartIsEnabled())
            {
                TD.EncryptedDataProcessingStart(this.EventTraceActivity);
            }

            string id = encryptedData.Id;

            SecurityToken encryptionToken;
            byte[] decryptedBuffer = DecryptSecurityHeaderElement(encryptedData, this.wrappedKeyToken, out encryptionToken);

            XmlDictionaryReader decryptedReader = CreateDecryptedReader(decryptedBuffer);

            if (IsReaderAtSignature(decryptedReader))
            {
                RecordEncryptionTokenAndRemoveReferenceListEntry(id, encryptionToken);
                SignedXml signedXml = ReadSignature(decryptedReader, position, decryptedBuffer);
                if (eagerMode)
                {
                    if (primarySignatureFound)
                    {
                        this.elementManager.SetBindingMode(position, ReceiveSecurityHeaderBindingModes.Endorsing);
                        ProcessSupportingSignature(signedXml, true);
                    }
                    else
                    {
                        primarySignatureFound = true;
                        this.elementManager.SetBindingMode(position, ReceiveSecurityHeaderBindingModes.Primary);
                        ProcessPrimarySignature(signedXml, true);
                    }
                }
            }
            else if (this.StandardsManager.SecurityVersion.IsReaderAtSignatureConfirmation(decryptedReader))
            {
                RecordEncryptionTokenAndRemoveReferenceListEntry(id, encryptionToken);
                ReadSignatureConfirmation(decryptedReader, position, decryptedBuffer);
            }
            else
            {
                if (IsReaderAtEncryptedData(decryptedReader))
                {

                    // The purpose of this code is to process a token that arrived at a client as encryptedData.

                    // This is a common scenario for supporting tokens.

                    // We pass readXmlReferenceKeyIdentifierClause as false here because we do not expect the client 
                    // to receive an encrypted token for itself from the service. The encrypted token is encrypted for some other service. 
                    // Hence we assume that the KeyInfoClause entry in it is not an XMLReference entry that the client is supposed to understand.

                    // What if the service sends its authentication token as an EncryptedData to the client?

                    EncryptedData ed = ReadSecurityHeaderEncryptedItem(decryptedReader, false);
                    SecurityToken securityToken;
                    byte[] db = DecryptSecurityHeaderElement(ed, this.wrappedKeyToken, out securityToken);
                    XmlDictionaryReader dr = CreateDecryptedReader(db);


                    // read the actual token and put it into the system
                    ReadToken(dr, position, db, encryptionToken, id, timeout);

                    ReceiveSecurityHeaderEntry rshe;
                    this.ElementManager.GetElementEntry(position, out rshe);

                    // In EncryptBeforeSignMode, we have encrypted the outer token, remember the right id.
                    // The reason why I have both id's is in that case that one or the other is passed
                    // we won't have a problem with which one.  SHP accounting should ensure each item has 
                    // the correct hash.
                    if (this.EncryptBeforeSignMode)
                    {
                        rshe.encryptedFormId = encryptedData.Id;
                        rshe.encryptedFormWsuId = encryptedData.WsuId;
                    }
                    else
                    {
                        rshe.encryptedFormId = ed.Id;
                        rshe.encryptedFormWsuId = ed.WsuId;
                    }

                    rshe.decryptedBuffer = decryptedBuffer;

                    // setting this to true, will allow a different id match in ReceiveSecurityHeaderEntry.Match
                    // to one of the ids set above as the token id will not match what the signature reference is looking for.

                    rshe.doubleEncrypted = true;

                    this.ElementManager.ReplaceHeaderEntry(position, rshe);
                }
                else
                    ReadToken(decryptedReader, position, decryptedBuffer, encryptionToken, id, timeout);
            }

            if (TD.EncryptedDataProcessingSuccessIsEnabled())
            {
                TD.EncryptedDataProcessingSuccess(this.EventTraceActivity);
            }
        }

        void ReadEncryptedKey(XmlDictionaryReader reader, bool processReferenceListIfPresent)
        {
            this.orderTracker.OnEncryptedKey();

            WrappedKeySecurityToken wrappedKeyToken = DecryptWrappedKey(reader);
            if (wrappedKeyToken.WrappingToken != this.wrappingToken)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.GetString(SR.EncryptedKeyWasNotEncryptedWithTheRequiredEncryptingToken, this.wrappingToken)));
            }
            this.universalTokenResolver.Add(wrappedKeyToken);
            this.primaryTokenResolver.Add(wrappedKeyToken);
            if (wrappedKeyToken.ReferenceList != null)
            {
                if (!this.EncryptedKeyContainsReferenceList)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.EncryptedKeyWithReferenceListNotAllowed)));
                }
                if (!this.ExpectEncryption)
                {
                    throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.EncryptionNotExpected)), this.Message);
                }
                if (processReferenceListIfPresent)
                {
                    ProcessReferenceList(wrappedKeyToken.ReferenceList, wrappedKeyToken);
                }
                this.wrappedKeyToken = wrappedKeyToken;
            }
            this.elementManager.AppendToken(wrappedKeyToken, ReceiveSecurityHeaderBindingModes.Primary, null);
        }

        ReferenceList ReadReferenceList(XmlDictionaryReader reader)
        {
            if (!this.ExpectEncryption)
            {
                throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.EncryptionNotExpected)), this.Message);
            }
            ReferenceList referenceList = ReadReferenceListCore(reader);
            this.elementManager.AppendReferenceList(referenceList);
            return referenceList;
        }

        protected abstract ReferenceList ReadReferenceListCore(XmlDictionaryReader reader);

        void ProcessReferenceList(ReferenceList referenceList)
        {
            ProcessReferenceList(referenceList, null);
        }

        void ProcessReferenceList(ReferenceList referenceList, WrappedKeySecurityToken wrappedKeyToken)
        {
            this.orderTracker.OnProcessReferenceList();
            ProcessReferenceListCore(referenceList, wrappedKeyToken);
        }

        protected abstract void ProcessReferenceListCore(ReferenceList referenceList, WrappedKeySecurityToken wrappedKeyToken);

        SignedXml ReadSignature(XmlDictionaryReader reader, int position, byte[] decryptedBuffer)
        {
            Fx.Assert((position == AppendPosition) == (decryptedBuffer == null), "inconsistent position, decryptedBuffer parameters");
            if (!this.ExpectSignature)
            {
                throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SignatureNotExpected)), this.Message);
            }
            SignedXml signedXml = ReadSignatureCore(reader);
            signedXml.Signature.SignedInfo.ReaderProvider = this.ElementManager;
            int readerIndex;
            if (decryptedBuffer == null)
            {
                this.elementManager.AppendSignature(signedXml);
                readerIndex = this.elementManager.Count - 1;
            }
            else
            {
                this.elementManager.SetSignatureAfterDecryption(position, signedXml, decryptedBuffer);
                readerIndex = position;
            }
            signedXml.Signature.SignedInfo.SignatureReaderProviderCallbackContext = (object)(readerIndex);
            return signedXml;
        }

        protected abstract void ReadSecurityTokenReference(XmlDictionaryReader reader);

        void ProcessPrimarySignature(SignedXml signedXml, bool isFromDecryptedSource)
        {
            this.orderTracker.OnProcessSignature(isFromDecryptedSource);

            this.primarySignatureValue = signedXml.GetSignatureValue();
            if (this.replayDetectionEnabled)
            {
                CheckNonce(this.nonceCache, this.primarySignatureValue);
            }

            SecurityToken signingToken = VerifySignature(signedXml, true, this.primaryTokenResolver, null, null);
            // verify that the signing token is the same as the primary token
            SecurityToken rootSigningToken = GetRootToken(signingToken);
            bool isDerivedKeySignature = signingToken is DerivedKeySecurityToken;
            if (this.primaryTokenTracker != null)
            {
                this.primaryTokenTracker.RecordToken(rootSigningToken);
                this.primaryTokenTracker.IsDerivedFrom = isDerivedKeySignature;
            }
            this.AddIncomingSignatureValue(signedXml.GetSignatureValue(), isFromDecryptedSource);
        }

        void ReadSignatureConfirmation(XmlDictionaryReader reader, int position, byte[] decryptedBuffer)
        {
            Fx.Assert((position == AppendPosition) == (decryptedBuffer == null), "inconsistent position, decryptedBuffer parameters");
            if (!this.ExpectSignatureConfirmation)
            {
                throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SignatureConfirmationsNotExpected)), this.Message);
            }
            if (this.orderTracker.PrimarySignatureDone)
            {
                throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SignatureConfirmationsOccursAfterPrimarySignature)), this.Message);
            }
            ISignatureValueSecurityElement sigConfElement = this.StandardsManager.SecurityVersion.ReadSignatureConfirmation(reader);
            if (decryptedBuffer == null)
            {
                this.AddIncomingSignatureConfirmation(sigConfElement.GetSignatureValue(), false);
                this.elementManager.AppendSignatureConfirmation(sigConfElement);
            }
            else
            {
                this.AddIncomingSignatureConfirmation(sigConfElement.GetSignatureValue(), true);
                this.elementManager.SetSignatureConfirmationAfterDecryption(position, sigConfElement, decryptedBuffer);
            }
        }

        TokenTracker GetSupportingTokenTracker(SecurityToken token)
        {
            if (this.supportingTokenTrackers == null)
                return null;
            for (int i = 0; i < this.supportingTokenTrackers.Count; ++i)
            {
                if (supportingTokenTrackers[i].token == token)
                    return supportingTokenTrackers[i];
            }
            return null;
        }

        protected TokenTracker GetSupportingTokenTracker(SecurityTokenAuthenticator tokenAuthenticator, out SupportingTokenAuthenticatorSpecification spec)
        {
            spec = null;
            if (this.supportingTokenAuthenticators == null)
                return null;
            for (int i = 0; i < this.supportingTokenAuthenticators.Count; ++i)
            {
                if (supportingTokenAuthenticators[i].TokenAuthenticator == tokenAuthenticator)
                {
                    spec = supportingTokenAuthenticators[i];
                    return supportingTokenTrackers[i];
                }
            }
            return null;
        }

        protected TAuthenticator FindAllowedAuthenticator<TAuthenticator>(bool removeIfPresent)
            where TAuthenticator : SecurityTokenAuthenticator
        {
            if (this.allowedAuthenticators == null)
            {
                return null;
            }
            for (int i = 0; i < this.allowedAuthenticators.Count; ++i)
            {
                if (allowedAuthenticators[i] is TAuthenticator)
                {
                    TAuthenticator result = (TAuthenticator)allowedAuthenticators[i];
                    if (removeIfPresent)
                    {
                        this.allowedAuthenticators.RemoveAt(i);
                    }
                    return result;
                }
            }
            return null;
        }

        void ProcessSupportingSignature(SignedXml signedXml, bool isFromDecryptedSource)
        {
            if (!this.ExpectEndorsingTokens)
            {
                throw TraceUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SupportingTokenSignaturesNotExpected)), this.Message);
            }
            string id;
            XmlDictionaryReader reader;
            object signatureTarget;
            if (!this.RequireMessageProtection)
            {
                if (this.timestamp == null)
                {
                    throw TraceUtility.ThrowHelperError(new MessageSecurityException(
                        SR.GetString(SR.SigningWithoutPrimarySignatureRequiresTimestamp)), this.Message);
                }
                reader = null;
                id = this.timestamp.Id;
                // We would have pre-computed the timestamp digest, if the transport reader
                // was capable of canonicalization. If we were not able to compute the digest
                // before hand then the signature verification step will get a new reader
                // and will recompute the digest.
                signatureTarget = null;
            }
            else
            {
                this.elementManager.GetPrimarySignature(out reader, out id);
                if (reader == null)
                {
                    throw TraceUtility.ThrowHelperError(new MessageSecurityException(
                        SR.GetString(SR.NoPrimarySignatureAvailableForSupportingTokenSignatureVerification)), this.Message);
                }
                signatureTarget = reader;
            }
            SecurityToken signingToken = VerifySignature(signedXml, false, this.universalTokenResolver, signatureTarget, id);
            if (reader != null)
            {
                reader.Close();
            }
            if (signingToken == null)
            {
                throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SignatureVerificationFailed)), this.Message);
            }
            SecurityToken rootSigningToken = GetRootToken(signingToken);
            TokenTracker tracker = GetSupportingTokenTracker(rootSigningToken);
            if (tracker == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.GetString(SR.UnknownSupportingToken, signingToken)));
            }

            if (tracker.AlreadyReadEndorsingSignature)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.MoreThanOneSupportingSignature, signingToken)));

            tracker.IsEndorsing = true;
            tracker.AlreadyReadEndorsingSignature = true;
            tracker.IsDerivedFrom = (signingToken is DerivedKeySecurityToken);
            AddIncomingSignatureValue(signedXml.GetSignatureValue(), isFromDecryptedSource);
        }

        void ReadTimestamp(XmlDictionaryReader reader)
        {
            if (this.timestamp != null)
            {
                throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.DuplicateTimestampInSecurityHeader)), this.Message);
            }
            bool expectTimestampToBeSigned = this.RequireMessageProtection || this.hasEndorsingOrSignedEndorsingSupportingTokens;
            string expectedDigestAlgorithm = expectTimestampToBeSigned ? this.AlgorithmSuite.DefaultDigestAlgorithm : null;
            SignatureResourcePool resourcePool = expectTimestampToBeSigned ? this.ResourcePool : null;
            this.timestamp = this.StandardsManager.WSUtilitySpecificationVersion.ReadTimestamp(reader, expectedDigestAlgorithm, resourcePool);
            this.timestamp.ValidateRangeAndFreshness(this.replayWindow, this.clockSkew);
            this.elementManager.AppendTimestamp(this.timestamp);
        }

        bool IsPrimaryToken(SecurityToken token)
        {
            bool result = (token == outOfBandPrimaryToken
                || (primaryTokenTracker != null && token == primaryTokenTracker.token)
                || (token == expectedEncryptionToken)
                || ((token is WrappedKeySecurityToken) && ((WrappedKeySecurityToken)token).WrappingToken == this.wrappingToken));
            if (!result && this.outOfBandPrimaryTokenCollection != null)
            {
                for (int i = 0; i < this.outOfBandPrimaryTokenCollection.Count; ++i)
                {
                    if (this.outOfBandPrimaryTokenCollection[i] == token)
                    {
                        result = true;
                        break;
                    }
                }
            }
            return result;
        }

        void ReadToken(XmlDictionaryReader reader, int position, byte[] decryptedBuffer,
            SecurityToken encryptionToken, string idInEncryptedForm, TimeSpan timeout)
        {
            Fx.Assert((position == AppendPosition) == (decryptedBuffer == null), "inconsistent position, decryptedBuffer parameters");
            Fx.Assert((position == AppendPosition) == (encryptionToken == null), "inconsistent position, encryptionToken parameters");
            string localName = reader.LocalName;
            string namespaceUri = reader.NamespaceURI;
            string valueType = reader.GetAttribute(XD.SecurityJan2004Dictionary.ValueType, null);

            SecurityTokenAuthenticator usedTokenAuthenticator;
            SecurityToken token = ReadToken(reader, this.CombinedUniversalTokenResolver, allowedAuthenticators, out usedTokenAuthenticator);
            if (token == null)
            {
                throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.TokenManagerCouldNotReadToken, localName, namespaceUri, valueType)), this.Message);
            }
            DerivedKeySecurityToken derivedKeyToken = token as DerivedKeySecurityToken;
            if (derivedKeyToken != null)
            {
                EnsureDerivedKeyLimitNotReached();
                derivedKeyToken.InitializeDerivedKey(this.maxDerivedKeyLength);
            }

            if ((usedTokenAuthenticator is SspiNegotiationTokenAuthenticator) ||
                (usedTokenAuthenticator == this.primaryTokenAuthenticator))
            {
                this.allowedAuthenticators.Remove(usedTokenAuthenticator);
            }

            ReceiveSecurityHeaderBindingModes mode;
            TokenTracker supportingTokenTracker = null;
            if (usedTokenAuthenticator == this.primaryTokenAuthenticator)
            {
                // this is the primary token. Add to resolver as such
                this.universalTokenResolver.Add(token, SecurityTokenReferenceStyle.Internal, this.primaryTokenParameters);
                this.primaryTokenResolver.Add(token, SecurityTokenReferenceStyle.Internal, this.primaryTokenParameters);
                if (this.pendingSupportingTokenAuthenticator != null)
                {
                    this.allowedAuthenticators.Add(this.pendingSupportingTokenAuthenticator);
                    this.pendingSupportingTokenAuthenticator = null;
                }
                this.primaryTokenTracker.RecordToken(token);
                mode = ReceiveSecurityHeaderBindingModes.Primary;
            }
            else if (usedTokenAuthenticator == this.DerivedTokenAuthenticator)
            {
                if (token is DerivedKeySecurityTokenStub)
                {
                    if (this.Layout == SecurityHeaderLayout.Strict)
                    {
                        DerivedKeySecurityTokenStub tmpToken = (DerivedKeySecurityTokenStub)token;
                        throw TraceUtility.ThrowHelperError(new MessageSecurityException(
                            SR.GetString(SR.UnableToResolveKeyInfoClauseInDerivedKeyToken, tmpToken.TokenToDeriveIdentifier)), this.Message);
                    }
                }
                else
                {
                    AddDerivedKeyTokenToResolvers(token);
                }
                mode = ReceiveSecurityHeaderBindingModes.Unknown;
            }
            else
            {
                SupportingTokenAuthenticatorSpecification supportingTokenSpec;
                supportingTokenTracker = GetSupportingTokenTracker(usedTokenAuthenticator, out supportingTokenSpec);
                if (supportingTokenTracker == null)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.GetString(SR.UnknownTokenAuthenticatorUsedInTokenProcessing, usedTokenAuthenticator)));
                }
                if (supportingTokenTracker.token != null)
                {
                    supportingTokenTracker = new TokenTracker(supportingTokenSpec);
                    this.supportingTokenTrackers.Add(supportingTokenTracker);
                }

                supportingTokenTracker.RecordToken(token);
                if (encryptionToken != null)
                {
                    supportingTokenTracker.IsEncrypted = true;
                }

                bool isBasic;
                bool isSignedButNotBasic;
                SecurityTokenAttachmentModeHelper.Categorize(supportingTokenSpec.SecurityTokenAttachmentMode,
                   out isBasic, out isSignedButNotBasic, out mode);
                if (isBasic)
                {
                    if (!this.ExpectBasicTokens)
                    {
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.GetString(SR.BasicTokenNotExpected)));
                    }

                    // only basic tokens have to be part of the reference list. Encrypted Saml tokens dont for example
                    if (this.RequireMessageProtection && encryptionToken != null)
                    {
                        RecordEncryptionTokenAndRemoveReferenceListEntry(idInEncryptedForm, encryptionToken);
                    }
                }
                if (isSignedButNotBasic && !this.ExpectSignedTokens)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.GetString(SR.SignedSupportingTokenNotExpected)));
                }
                this.universalTokenResolver.Add(token, SecurityTokenReferenceStyle.Internal, supportingTokenSpec.TokenParameters);
            }
            if (position == AppendPosition)
            {
                this.elementManager.AppendToken(token, mode, supportingTokenTracker);
            }
            else
            {
                this.elementManager.SetTokenAfterDecryption(position, token, mode, decryptedBuffer, supportingTokenTracker);
            }
        }

        SecurityToken ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver, IList<SecurityTokenAuthenticator> allowedTokenAuthenticators, out SecurityTokenAuthenticator usedTokenAuthenticator)
        {
            SecurityToken token = this.StandardsManager.SecurityTokenSerializer.ReadToken(reader, tokenResolver);
            if (token is DerivedKeySecurityTokenStub)
            {
                if (this.DerivedTokenAuthenticator == null)
                {
                    // No Authenticator registered for DerivedKeySecurityToken
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(
                        SR.GetString(SR.UnableToFindTokenAuthenticator, typeof(DerivedKeySecurityToken))));
                }

                // This is just the stub. Nothing to Validate. Set the usedTokenAuthenticator to 
                // DerivedKeySecurityTokenAuthenticator.
                usedTokenAuthenticator = this.DerivedTokenAuthenticator;
                return token;
            }

            for (int i = 0; i < allowedTokenAuthenticators.Count; ++i)
            {
                SecurityTokenAuthenticator tokenAuthenticator = allowedTokenAuthenticators[i];
                if (tokenAuthenticator.CanValidateToken(token))
                {
                    ReadOnlyCollection<IAuthorizationPolicy> authorizationPolicies;
                    ServiceCredentialsSecurityTokenManager.KerberosSecurityTokenAuthenticatorWrapper kerbTokenAuthenticator =
                            tokenAuthenticator as ServiceCredentialsSecurityTokenManager.KerberosSecurityTokenAuthenticatorWrapper;
                    if (kerbTokenAuthenticator != null)
                    {
                        authorizationPolicies = kerbTokenAuthenticator.ValidateToken(token, this.channelBinding, this.extendedProtectionPolicy);
                    }
                    else
                    {
                        authorizationPolicies = tokenAuthenticator.ValidateToken(token);
                    }
                    SecurityTokenAuthorizationPoliciesMapping.Add(token, authorizationPolicies);
                    usedTokenAuthenticator = tokenAuthenticator;
                    return token;
                }
            }

            throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(
                SR.GetString(SR.UnableToFindTokenAuthenticator, token.GetType())));
        }


        void AddDerivedKeyTokenToResolvers(SecurityToken token)
        {
            this.universalTokenResolver.Add(token);
            // add it to the primary token resolver only if its root is primary
            SecurityToken rootToken = GetRootToken(token);
            if (IsPrimaryToken(rootToken))
            {
                primaryTokenResolver.Add(token);
            }
        }

        void AddIncomingSignatureConfirmation(byte[] signatureValue, bool isFromDecryptedSource)
        {
            if (this.MaintainSignatureConfirmationState)
            {
                if (this.receivedSignatureConfirmations == null)
                {
                    this.receivedSignatureConfirmations = new SignatureConfirmations();
                }
                this.receivedSignatureConfirmations.AddConfirmation(signatureValue, isFromDecryptedSource);
            }
        }

        void AddIncomingSignatureValue(byte[] signatureValue, bool isFromDecryptedSource)
        {
            // cache incoming signatures only on the server side
            if (this.MaintainSignatureConfirmationState && !this.ExpectSignatureConfirmation)
            {
                if (this.receivedSignatureValues == null)
                {
                    this.receivedSignatureValues = new SignatureConfirmations();
                }
                this.receivedSignatureValues.AddConfirmation(signatureValue, isFromDecryptedSource);
            }
        }

        protected void RecordEncryptionToken(SecurityToken token)
        {
            this.encryptionTracker.RecordToken(token);
        }

        protected void RecordSignatureToken(SecurityToken token)
        {
            this.signatureTracker.RecordToken(token);
        }

        public void SetRequiredProtectionOrder(MessageProtectionOrder protectionOrder)
        {
            ThrowIfProcessingStarted();
            this.protectionOrder = protectionOrder;
        }

        protected abstract SignedXml ReadSignatureCore(XmlDictionaryReader signatureReader);

        protected abstract SecurityToken VerifySignature(SignedXml signedXml, bool isPrimarySignature,
            SecurityHeaderTokenResolver resolver, object signatureTarget, string id);

        protected abstract bool TryDeleteReferenceListEntry(string id);

        struct OrderTracker
        {
            static readonly ReceiverProcessingOrder[] stateTransitionTableOnDecrypt = new ReceiverProcessingOrder[]
                {
                    ReceiverProcessingOrder.Decrypt, ReceiverProcessingOrder.VerifyDecrypt, ReceiverProcessingOrder.Decrypt,
                    ReceiverProcessingOrder.Mixed, ReceiverProcessingOrder.VerifyDecrypt, ReceiverProcessingOrder.Mixed
                };
            static readonly ReceiverProcessingOrder[] stateTransitionTableOnVerify = new ReceiverProcessingOrder[]
                {
                    ReceiverProcessingOrder.Verify, ReceiverProcessingOrder.Verify, ReceiverProcessingOrder.DecryptVerify,
                    ReceiverProcessingOrder.DecryptVerify, ReceiverProcessingOrder.Mixed, ReceiverProcessingOrder.Mixed
                };

            const int MaxAllowedWrappedKeys = 1;

            int referenceListCount;
            ReceiverProcessingOrder state;
            int signatureCount;
            int unencryptedSignatureCount;
            int numWrappedKeys;
            MessageProtectionOrder protectionOrder;
            bool enforce;

            public bool AllSignaturesEncrypted
            {
                get { return this.unencryptedSignatureCount == 0; }
            }

            public bool EncryptBeforeSignMode
            {
                get { return this.enforce && this.protectionOrder == MessageProtectionOrder.EncryptBeforeSign; }
            }

            public bool EncryptBeforeSignOrderRequirementMet
            {
                get { return this.state != ReceiverProcessingOrder.DecryptVerify && this.state != ReceiverProcessingOrder.Mixed; }
            }

            public bool PrimarySignatureDone
            {
                get { return this.signatureCount > 0; }
            }

            public bool SignBeforeEncryptOrderRequirementMet
            {
                get { return this.state != ReceiverProcessingOrder.VerifyDecrypt && this.state != ReceiverProcessingOrder.Mixed; }
            }

            void EnforceProtectionOrder()
            {
                switch (this.protectionOrder)
                {
                    case MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature:
                        if (!this.AllSignaturesEncrypted)
                        {
                            throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(
                                SR.GetString(SR.PrimarySignatureIsRequiredToBeEncrypted)));
                        }
                        goto case MessageProtectionOrder.SignBeforeEncrypt;
                    case MessageProtectionOrder.SignBeforeEncrypt:
                        if (!this.SignBeforeEncryptOrderRequirementMet)
                        {
                            throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(
                                SR.GetString(SR.MessageProtectionOrderMismatch, this.protectionOrder)));
                        }
                        break;
                    case MessageProtectionOrder.EncryptBeforeSign:
                        if (!this.EncryptBeforeSignOrderRequirementMet)
                        {
                            throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(
                                SR.GetString(SR.MessageProtectionOrderMismatch, this.protectionOrder)));
                        }
                        break;
                    default:
                        Fx.Assert("");
                        break;
                }
            }

            public void OnProcessReferenceList()
            {
                Fx.Assert(this.enforce, "OrderTracker should have 'enforce' set to true.");
                if (this.referenceListCount > 0)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(
                        SR.GetString(SR.AtMostOneReferenceListIsSupportedWithDefaultPolicyCheck)));
                }
                this.referenceListCount++;
                this.state = stateTransitionTableOnDecrypt[(int)this.state];
                if (this.enforce)
                {
                    EnforceProtectionOrder();
                }
            }

            public void OnProcessSignature(bool isEncrypted)
            {
                Fx.Assert(this.enforce, "OrderTracker should have 'enforce' set to true.");
                if (this.signatureCount > 0)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.AtMostOneSignatureIsSupportedWithDefaultPolicyCheck)));
                }
                this.signatureCount++;
                if (!isEncrypted)
                {
                    this.unencryptedSignatureCount++;
                }
                this.state = stateTransitionTableOnVerify[(int)this.state];
                if (this.enforce)
                {
                    EnforceProtectionOrder();
                }
            }

            public void OnEncryptedKey()
            {
                Fx.Assert(this.enforce, "OrderTracker should have 'enforce' set to true.");

                if (this.numWrappedKeys == MaxAllowedWrappedKeys)
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.WrappedKeyLimitExceeded, this.numWrappedKeys)));

                this.numWrappedKeys++;
            }

            public void SetRequiredProtectionOrder(MessageProtectionOrder protectionOrder)
            {
                this.protectionOrder = protectionOrder;
                this.enforce = true;
            }

            enum ReceiverProcessingOrder : int
            {
                None = 0,
                Verify = 1,
                Decrypt = 2,
                DecryptVerify = 3,
                VerifyDecrypt = 4,
                Mixed = 5
            }
        }

        struct OperationTracker
        {
            MessagePartSpecification parts;
            SecurityToken token;
            bool isDerivedToken;

            public MessagePartSpecification Parts
            {
                get { return this.parts; }
                set { this.parts = value; }
            }

            public SecurityToken Token
            {
                get { return this.token; }
            }

            public bool IsDerivedToken
            {
                get { return this.isDerivedToken; }
            }

            public void RecordToken(SecurityToken token)
            {
                if (this.token == null)
                {
                    this.token = token;
                }
                else if (!ReferenceEquals(this.token, token))
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.MismatchInSecurityOperationToken)));
                }
            }

            public void SetDerivationSourceIfRequired()
            {
                DerivedKeySecurityToken derivedKeyToken = this.token as DerivedKeySecurityToken;
                if (derivedKeyToken != null)
                {
                    this.token = derivedKeyToken.TokenToDerive;
                    this.isDerivedToken = true;
                }
            }
        }
    }

    class TokenTracker
    {
        public SecurityToken token;
        public bool IsDerivedFrom;
        public bool IsSigned;
        public bool IsEncrypted;
        public bool IsEndorsing;
        public bool AlreadyReadEndorsingSignature;
        bool allowFirstTokenMismatch;
        public SupportingTokenAuthenticatorSpecification spec;

        public TokenTracker(SupportingTokenAuthenticatorSpecification spec)
            : this(spec, null, false)
        {
        }

        public TokenTracker(SupportingTokenAuthenticatorSpecification spec, SecurityToken token, bool allowFirstTokenMismatch)
        {
            this.spec = spec;
            this.token = token;
            this.allowFirstTokenMismatch = allowFirstTokenMismatch;
        }

        public void RecordToken(SecurityToken token)
        {
            if (this.token == null)
            {
                this.token = token;
            }
            else if (this.allowFirstTokenMismatch)
            {
                if (!AreTokensEqual(this.token, token))
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.MismatchInSecurityOperationToken)));
                }
                this.token = token;
                this.allowFirstTokenMismatch = false;
            }
            else if (!object.ReferenceEquals(this.token, token))
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.MismatchInSecurityOperationToken)));
            }
        }

        static bool AreTokensEqual(SecurityToken outOfBandToken, SecurityToken replyToken)
        {
            // we support the serialized reply token legacy feature only for X509 certificates.
            // in this case the thumbprint of the reply certificate must match the outofband certificate's thumbprint
            if ((outOfBandToken is X509SecurityToken) && (replyToken is X509SecurityToken))
            {
                byte[] outOfBandCertificateThumbprint = ((X509SecurityToken)outOfBandToken).Certificate.GetCertHash();
                byte[] replyCertificateThumbprint = ((X509SecurityToken)replyToken).Certificate.GetCertHash();
                return (CryptoHelper.IsEqual(outOfBandCertificateThumbprint, replyCertificateThumbprint));
            }
            else
            {
                return false;
            }
        }
    }

    class AggregateSecurityHeaderTokenResolver : System.IdentityModel.Tokens.AggregateTokenResolver
    {
        SecurityHeaderTokenResolver tokenResolver;

        public AggregateSecurityHeaderTokenResolver(SecurityHeaderTokenResolver tokenResolver, ReadOnlyCollection<SecurityTokenResolver> outOfBandTokenResolvers) :
            base(outOfBandTokenResolvers)
        {
            if (tokenResolver == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenResolver");

            this.tokenResolver = tokenResolver;            
        }

        protected override bool TryResolveSecurityKeyCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityKey key)
        {
            bool resolved = false;
            key = null;

            resolved = this.tokenResolver.TryResolveSecurityKey(keyIdentifierClause, false, out key);

            if (!resolved)
            {
                resolved = base.TryResolveSecurityKeyCore(keyIdentifierClause, out key);
            }

            if (!resolved)
            {
                resolved = SecurityUtils.TryCreateKeyFromIntrinsicKeyClause(keyIdentifierClause, this, out key);
            }

            return resolved;
        }

        protected override bool TryResolveTokenCore(SecurityKeyIdentifier keyIdentifier, out SecurityToken token)
        {
            bool resolved = false;
            token = null;

            resolved = this.tokenResolver.TryResolveToken(keyIdentifier, false, false, out token);

            if (!resolved)
            {
                resolved = base.TryResolveTokenCore(keyIdentifier, out token);
            }

            if (!resolved)
            {
                for (int i = 0; i < keyIdentifier.Count; ++i)
                {
                    if (this.TryResolveTokenFromIntrinsicKeyClause(keyIdentifier[i], out token))
                    {
                        resolved = true;
                        break;
                    }
                }
            }

            return resolved;
        }

        bool TryResolveTokenFromIntrinsicKeyClause(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityToken token)
        {
            token = null;
            if (keyIdentifierClause is RsaKeyIdentifierClause)
            {
                token = new RsaSecurityToken(((RsaKeyIdentifierClause)keyIdentifierClause).Rsa);
                return true;
            }
            else if (keyIdentifierClause is X509RawDataKeyIdentifierClause)
            {
                token = new X509SecurityToken(new X509Certificate2(((X509RawDataKeyIdentifierClause)keyIdentifierClause).GetX509RawData()), false);
                return true;
            }
            else if (keyIdentifierClause is EncryptedKeyIdentifierClause)
            {
                EncryptedKeyIdentifierClause keyClause = (EncryptedKeyIdentifierClause)keyIdentifierClause;
                SecurityKeyIdentifier wrappingTokenReference = keyClause.EncryptingKeyIdentifier;
                SecurityToken unwrappingToken;
                if (this.TryResolveToken(wrappingTokenReference, out unwrappingToken))
                {
                    token = SecurityUtils.CreateTokenFromEncryptedKeyClause(keyClause, unwrappingToken);
                    return true;
                }
            }
            return false;
        }

        protected override bool TryResolveTokenCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityToken token)
        {
            bool resolved = false;
            token = null;

            resolved = this.tokenResolver.TryResolveToken(keyIdentifierClause, false, false, out token);

            if (!resolved)
            {
                resolved = base.TryResolveTokenCore(keyIdentifierClause, out token);
            }

            if (!resolved)
            {
                resolved = TryResolveTokenFromIntrinsicKeyClause(keyIdentifierClause, out token);
            }

            return resolved;
        }
    }
}