mono/mcs/class/referencesource/System.ServiceModel/System/ServiceModel/Security/SecurityAlgorithmSuite.cs

//------------------------------------------------------------
// Copyright (c) Microsoft Corporation.  All rights reserved.
//------------------------------------------------------------
namespace System.ServiceModel.Security
{
    using System.Collections.Generic;
    using System.ServiceModel.Channels;
    using System.ServiceModel;
    using System.Collections.ObjectModel;
    using System.IdentityModel.Claims;
    using System.IdentityModel.Policy;
    using System.IdentityModel.Tokens;
    using System.IdentityModel.Selectors;
    using System.Security.Cryptography;
    using System.ServiceModel.Security.Tokens;
    
    using System.Text;
    using System.Runtime.Serialization;
    using System.Xml;
    using System.ComponentModel;

    [TypeConverter(typeof(System.ServiceModel.Configuration.SecurityAlgorithmSuiteConverter))]
    public abstract class SecurityAlgorithmSuite
    {
        static SecurityAlgorithmSuite basic256;
        static SecurityAlgorithmSuite basic192;
        static SecurityAlgorithmSuite basic128;
        static SecurityAlgorithmSuite tripleDes;
        static SecurityAlgorithmSuite basic256Rsa15;
        static SecurityAlgorithmSuite basic192Rsa15;
        static SecurityAlgorithmSuite basic128Rsa15;
        static SecurityAlgorithmSuite tripleDesRsa15;
        static SecurityAlgorithmSuite basic256Sha256;
        static SecurityAlgorithmSuite basic192Sha256;
        static SecurityAlgorithmSuite basic128Sha256;
        static SecurityAlgorithmSuite tripleDesSha256;
        static SecurityAlgorithmSuite basic256Sha256Rsa15;
        static SecurityAlgorithmSuite basic192Sha256Rsa15;
        static SecurityAlgorithmSuite basic128Sha256Rsa15;
        static SecurityAlgorithmSuite tripleDesSha256Rsa15;

        static internal SecurityAlgorithmSuite KerberosDefault
        {
            get
            {
                return Basic128;
            }
        }
        static public SecurityAlgorithmSuite Default
        {
            get
            {
                return Basic256;
            }
        }

        static public SecurityAlgorithmSuite Basic256
        {
            get
            {
                if (basic256 == null)
                    basic256 = new Basic256SecurityAlgorithmSuite();
                return basic256;
            }
        }
        static public SecurityAlgorithmSuite Basic192
        {
            get
            {
                if (basic192 == null)
                    basic192 = new Basic192SecurityAlgorithmSuite();
                return basic192;
            }
        }
        static public SecurityAlgorithmSuite Basic128
        {
            get
            {
                if (basic128 == null)
                    basic128 = new Basic128SecurityAlgorithmSuite();
                return basic128;
            }
        }
        static public SecurityAlgorithmSuite TripleDes
        {
            get
            {
                if (tripleDes == null)
                    tripleDes = new TripleDesSecurityAlgorithmSuite();
                return tripleDes;
            }
        }
        static public SecurityAlgorithmSuite Basic256Rsa15
        {
            get
            {
                if (basic256Rsa15 == null)
                    basic256Rsa15 = new Basic256Rsa15SecurityAlgorithmSuite();
                return basic256Rsa15;
            }
        }
        static public SecurityAlgorithmSuite Basic192Rsa15
        {
            get
            {
                if (basic192Rsa15 == null)
                    basic192Rsa15 = new Basic192Rsa15SecurityAlgorithmSuite();
                return basic192Rsa15;
            }
        }
        static public SecurityAlgorithmSuite Basic128Rsa15
        {
            get
            {
                if (basic128Rsa15 == null)
                    basic128Rsa15 = new Basic128Rsa15SecurityAlgorithmSuite();
                return basic128Rsa15;
            }
        }
        static public SecurityAlgorithmSuite TripleDesRsa15
        {
            get
            {
                if (tripleDesRsa15 == null)
                    tripleDesRsa15 = new TripleDesRsa15SecurityAlgorithmSuite();
                return tripleDesRsa15;
            }
        }

        static public SecurityAlgorithmSuite Basic256Sha256
        {
            get
            {
                if (basic256Sha256 == null)
                    basic256Sha256 = new Basic256Sha256SecurityAlgorithmSuite();
                return basic256Sha256;
            }
        }
        static public SecurityAlgorithmSuite Basic192Sha256
        {
            get
            {
                if (basic192Sha256 == null)
                    basic192Sha256 = new Basic192Sha256SecurityAlgorithmSuite();
                return basic192Sha256;
            }
        }
        static public SecurityAlgorithmSuite Basic128Sha256
        {
            get
            {
                if (basic128Sha256 == null)
                    basic128Sha256 = new Basic128Sha256SecurityAlgorithmSuite();
                return basic128Sha256;
            }
        }
        static public SecurityAlgorithmSuite TripleDesSha256
        {
            get
            {
                if (tripleDesSha256 == null)
                    tripleDesSha256 = new TripleDesSha256SecurityAlgorithmSuite();
                return tripleDesSha256;
            }
        }
        static public SecurityAlgorithmSuite Basic256Sha256Rsa15
        {
            get
            {
                if (basic256Sha256Rsa15 == null)
                    basic256Sha256Rsa15 = new Basic256Sha256Rsa15SecurityAlgorithmSuite();
                return basic256Sha256Rsa15;
            }
        }
        static public SecurityAlgorithmSuite Basic192Sha256Rsa15
        {
            get
            {
                if (basic192Sha256Rsa15 == null)
                    basic192Sha256Rsa15 = new Basic192Sha256Rsa15SecurityAlgorithmSuite();
                return basic192Sha256Rsa15;
            }
        }
        static public SecurityAlgorithmSuite Basic128Sha256Rsa15
        {
            get
            {
                if (basic128Sha256Rsa15 == null)
                    basic128Sha256Rsa15 = new Basic128Sha256Rsa15SecurityAlgorithmSuite();
                return basic128Sha256Rsa15;
            }
        }
        static public SecurityAlgorithmSuite TripleDesSha256Rsa15
        {
            get
            {
                if (tripleDesSha256Rsa15 == null)
                    tripleDesSha256Rsa15 = new TripleDesSha256Rsa15SecurityAlgorithmSuite();
                return tripleDesSha256Rsa15;
            }
        }
       
        public abstract string DefaultCanonicalizationAlgorithm { get; }
        public abstract string DefaultDigestAlgorithm { get; }
        public abstract string DefaultEncryptionAlgorithm { get; }
        public abstract int DefaultEncryptionKeyDerivationLength { get; }
        public abstract string DefaultSymmetricKeyWrapAlgorithm { get; }
        public abstract string DefaultAsymmetricKeyWrapAlgorithm { get; }
        public abstract string DefaultSymmetricSignatureAlgorithm { get; }
        public abstract string DefaultAsymmetricSignatureAlgorithm { get; }
        public abstract int DefaultSignatureKeyDerivationLength { get; }
        public abstract int DefaultSymmetricKeyLength { get; }

        internal virtual XmlDictionaryString DefaultCanonicalizationAlgorithmDictionaryString { get { return null; } }
        internal virtual XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return null; } }
        internal virtual XmlDictionaryString DefaultEncryptionAlgorithmDictionaryString { get { return null; } }
        internal virtual XmlDictionaryString DefaultSymmetricKeyWrapAlgorithmDictionaryString { get { return null; } }
        internal virtual XmlDictionaryString DefaultAsymmetricKeyWrapAlgorithmDictionaryString { get { return null; } }
        internal virtual XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return null; } }
        internal virtual XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return null; } }

        protected SecurityAlgorithmSuite() { }

        public virtual bool IsCanonicalizationAlgorithmSupported(string algorithm) { return algorithm == DefaultCanonicalizationAlgorithm; }
        public virtual bool IsDigestAlgorithmSupported(string algorithm) { return algorithm == DefaultDigestAlgorithm; }
        public virtual bool IsEncryptionAlgorithmSupported(string algorithm) { return algorithm == DefaultEncryptionAlgorithm; }
        public virtual bool IsEncryptionKeyDerivationAlgorithmSupported(string algorithm) { return (algorithm == SecurityAlgorithms.Psha1KeyDerivation) || (algorithm == SecurityAlgorithms.Psha1KeyDerivationDec2005); }
        public virtual bool IsSymmetricKeyWrapAlgorithmSupported(string algorithm) { return algorithm == DefaultSymmetricKeyWrapAlgorithm; }
        public virtual bool IsAsymmetricKeyWrapAlgorithmSupported(string algorithm) { return algorithm == DefaultAsymmetricKeyWrapAlgorithm; }
        public virtual bool IsSymmetricSignatureAlgorithmSupported(string algorithm) { return algorithm == DefaultSymmetricSignatureAlgorithm; }
        public virtual bool IsAsymmetricSignatureAlgorithmSupported(string algorithm) { return algorithm == DefaultAsymmetricSignatureAlgorithm; }
        public virtual bool IsSignatureKeyDerivationAlgorithmSupported(string algorithm) { return (algorithm == SecurityAlgorithms.Psha1KeyDerivation) || (algorithm == SecurityAlgorithms.Psha1KeyDerivationDec2005); }
        public abstract bool IsSymmetricKeyLengthSupported(int length);
        public abstract bool IsAsymmetricKeyLengthSupported(int length);

        internal static bool IsRsaSHA256(SecurityAlgorithmSuite suite)
        {
            if ( suite == null )
                return false;

            return (suite == Basic128Sha256 || suite == Basic128Sha256Rsa15 || suite == Basic192Sha256 || suite == Basic192Sha256Rsa15 ||
                suite == Basic256Sha256 || suite == Basic256Sha256Rsa15 || suite == TripleDesSha256 || suite == TripleDesSha256Rsa15);
         
        }

        internal string GetEncryptionKeyDerivationAlgorithm(SecurityToken token, SecureConversationVersion version)
        {
            if (token == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token");

            string derivationAlgorithm = SecurityUtils.GetKeyDerivationAlgorithm(version);
            if (SecurityUtils.IsSupportedAlgorithm(derivationAlgorithm, token))
                return derivationAlgorithm;
            else
                return null;
        }

        internal int GetEncryptionKeyDerivationLength(SecurityToken token, SecureConversationVersion version)
        {
            if (token == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token");

            string derivationAlgorithm = SecurityUtils.GetKeyDerivationAlgorithm(version);
            if (SecurityUtils.IsSupportedAlgorithm(derivationAlgorithm, token))
            {
                if (this.DefaultEncryptionKeyDerivationLength % 8 != 0)
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentException(SR.GetString(SR.Psha1KeyLengthInvalid, this.DefaultEncryptionKeyDerivationLength)));

                return this.DefaultEncryptionKeyDerivationLength / 8;
            }
            else
                return 0;
        }

        internal void GetKeyWrapAlgorithm(SecurityToken token, out string keyWrapAlgorithm, out XmlDictionaryString keyWrapAlgorithmDictionaryString)
        {
            if (token == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token");

            if (SecurityUtils.IsSupportedAlgorithm(this.DefaultSymmetricKeyWrapAlgorithm, token))
            {
                keyWrapAlgorithm = this.DefaultSymmetricKeyWrapAlgorithm;
                keyWrapAlgorithmDictionaryString = this.DefaultSymmetricKeyWrapAlgorithmDictionaryString;
            }
            else
            {
                keyWrapAlgorithm = this.DefaultAsymmetricKeyWrapAlgorithm;
                keyWrapAlgorithmDictionaryString = this.DefaultAsymmetricKeyWrapAlgorithmDictionaryString;
            }
        }

        internal void GetSignatureAlgorithmAndKey(SecurityToken token, out string signatureAlgorithm, out SecurityKey key, out XmlDictionaryString signatureAlgorithmDictionaryString)
        {
            ReadOnlyCollection<SecurityKey> keys = token.SecurityKeys;
            if (keys == null || keys.Count == 0)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SigningTokenHasNoKeys, token)));
            }

            for (int i = 0; i < keys.Count; i++)
            {
                if (keys[i].IsSupportedAlgorithm(this.DefaultSymmetricSignatureAlgorithm))
                {
                    signatureAlgorithm = this.DefaultSymmetricSignatureAlgorithm;
                    signatureAlgorithmDictionaryString = this.DefaultSymmetricSignatureAlgorithmDictionaryString;
                    key = keys[i];
                    return;
                }
                else if (keys[i].IsSupportedAlgorithm(this.DefaultAsymmetricSignatureAlgorithm))
                {
                    signatureAlgorithm = this.DefaultAsymmetricSignatureAlgorithm;
                    signatureAlgorithmDictionaryString = this.DefaultAsymmetricSignatureAlgorithmDictionaryString;
                    key = keys[i];
                    return;
                }
            }

            throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SigningTokenHasNoKeysSupportingTheAlgorithmSuite, token, this)));
        }

        internal string GetSignatureKeyDerivationAlgorithm(SecurityToken token, SecureConversationVersion version)
        {
            if (token == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token");

            string derivationAlgorithm = SecurityUtils.GetKeyDerivationAlgorithm(version);
            if (SecurityUtils.IsSupportedAlgorithm(derivationAlgorithm, token))
                return derivationAlgorithm;
            else
                return null;
        }

        internal int GetSignatureKeyDerivationLength(SecurityToken token, SecureConversationVersion version)
        {
            if (token == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token");

            string derivationAlgorithm = SecurityUtils.GetKeyDerivationAlgorithm(version);
            if (SecurityUtils.IsSupportedAlgorithm(derivationAlgorithm, token))
            {
                if (this.DefaultSignatureKeyDerivationLength % 8 != 0)
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentException(SR.GetString(SR.Psha1KeyLengthInvalid, this.DefaultSignatureKeyDerivationLength)));

                return this.DefaultSignatureKeyDerivationLength / 8;
            }
            else
                return 0;
        }

        internal void EnsureAcceptableSymmetricSignatureAlgorithm(string algorithm)
        {
            if (!IsSymmetricSignatureAlgorithmSupported(algorithm))
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SuiteDoesNotAcceptAlgorithm,
                    algorithm, "SymmetricSignature", this)));
            }
        }

        internal void EnsureAcceptableSignatureKeySize(SecurityKey securityKey, SecurityToken token)
        {
            AsymmetricSecurityKey asymmetricSecurityKey = securityKey as AsymmetricSecurityKey;
            if (asymmetricSecurityKey != null)
            {
                if (!IsAsymmetricKeyLengthSupported(asymmetricSecurityKey.KeySize))
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(
                        SR.GetString(SR.TokenDoesNotMeetKeySizeRequirements, this, token, asymmetricSecurityKey.KeySize)));
                }
            }
            else
            {
                SymmetricSecurityKey symmetricSecurityKey = securityKey as SymmetricSecurityKey;
                if (symmetricSecurityKey == null)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.UnknownICryptoType, symmetricSecurityKey)));
                }
                EnsureAcceptableSignatureSymmetricKeySize(symmetricSecurityKey, token);
            }
        }

        // Ensure acceptable signing symmetric key.
        // 1) if derived key, validate derived key against DefaultSignatureKeyDerivationLength and validate
        //    source key against DefaultSymmetricKeyLength
        // 2) if not derived key, validate key against DefaultSymmetricKeyLength
        internal void EnsureAcceptableSignatureSymmetricKeySize(SymmetricSecurityKey securityKey, SecurityToken token)
        {
            int keySize;
            DerivedKeySecurityToken dkt = token as DerivedKeySecurityToken;
            if (dkt != null)
            {
                token = dkt.TokenToDerive;
                keySize = ((SymmetricSecurityKey)token.SecurityKeys[0]).KeySize;

                // doing special case for derived key token signing length since
                // the sending side doesn't honor the algorithm suite. It used the DefaultSignatureKeyDerivationLength instead
                if (dkt.SecurityKeys[0].KeySize < this.DefaultSignatureKeyDerivationLength)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(
                        SR.GetString(SR.TokenDoesNotMeetKeySizeRequirements, this, dkt, dkt.SecurityKeys[0].KeySize)));
                }
            }
            else
            {
                keySize = securityKey.KeySize;
            }

            if (!IsSymmetricKeyLengthSupported(keySize))
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(
                    SR.GetString(SR.TokenDoesNotMeetKeySizeRequirements, this, token, keySize)));
            }
        }

        // Ensure acceptable decrypting symmetric key.
        // 1) if derived key, validate derived key against DefaultEncryptionKeyDerivationLength and validate
        //    source key against DefaultSymmetricKeyLength
        // 2) if not derived key, validate key against DefaultSymmetricKeyLength
        internal void EnsureAcceptableDecryptionSymmetricKeySize(SymmetricSecurityKey securityKey, SecurityToken token)
        {
            int keySize;
            DerivedKeySecurityToken dkt = token as DerivedKeySecurityToken;
            if (dkt != null)
            {
                token = dkt.TokenToDerive;
                keySize = ((SymmetricSecurityKey)token.SecurityKeys[0]).KeySize;

                // doing special case for derived key token signing length since
                // the sending side doesn't honor the algorithm suite. It used the DefaultSignatureKeyDerivationLength instead
                if (dkt.SecurityKeys[0].KeySize < this.DefaultEncryptionKeyDerivationLength)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(
                        SR.GetString(SR.TokenDoesNotMeetKeySizeRequirements, this, dkt, dkt.SecurityKeys[0].KeySize)));
                }
            }
            else
            {
                keySize = securityKey.KeySize;
            }

            if (!IsSymmetricKeyLengthSupported(keySize))
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(
                    SR.GetString(SR.TokenDoesNotMeetKeySizeRequirements, this, token, keySize)));
            }
        }

        internal void EnsureAcceptableSignatureAlgorithm(SecurityKey verificationKey, string algorithm)
        {
            InMemorySymmetricSecurityKey symmeticKey = verificationKey as InMemorySymmetricSecurityKey;
            if (symmeticKey != null)
            {
                this.EnsureAcceptableSymmetricSignatureAlgorithm(algorithm);
            }
            else
            {
                AsymmetricSecurityKey asymmetricKey = verificationKey as AsymmetricSecurityKey;
                if (asymmetricKey == null)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.UnknownICryptoType, verificationKey)));
                }

                this.EnsureAcceptableAsymmetricSignatureAlgorithm(algorithm);
            }
        }

        internal void EnsureAcceptableAsymmetricSignatureAlgorithm(string algorithm)
        {
            if (!IsAsymmetricSignatureAlgorithmSupported(algorithm))
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SuiteDoesNotAcceptAlgorithm,
                    algorithm, "AsymmetricSignature", this)));
            }
        }

        internal void EnsureAcceptableKeyWrapAlgorithm(string algorithm, bool isAsymmetric)
        {
            if (isAsymmetric)
            {
                if (!IsAsymmetricKeyWrapAlgorithmSupported(algorithm))
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SuiteDoesNotAcceptAlgorithm,
                        algorithm, "AsymmetricKeyWrap", this)));
                }
            }
            else
            {
                if (!IsSymmetricKeyWrapAlgorithmSupported(algorithm))
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SuiteDoesNotAcceptAlgorithm,
                        algorithm, "SymmetricKeyWrap", this)));
                }
            }
        }

        internal void EnsureAcceptableEncryptionAlgorithm(string algorithm)
        {
            if (!IsEncryptionAlgorithmSupported(algorithm))
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SuiteDoesNotAcceptAlgorithm,
                    algorithm, "Encryption", this)));
            }
        }

        internal void EnsureAcceptableSignatureKeyDerivationAlgorithm(string algorithm)
        {
            if (!IsSignatureKeyDerivationAlgorithmSupported(algorithm))
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SuiteDoesNotAcceptAlgorithm,
                    algorithm, "SignatureKeyDerivation", this)));
            }
        }

        internal void EnsureAcceptableEncryptionKeyDerivationAlgorithm(string algorithm)
        {
            if (!IsEncryptionKeyDerivationAlgorithmSupported(algorithm))
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SuiteDoesNotAcceptAlgorithm,
                    algorithm, "EncryptionKeyDerivation", this)));
            }
        }

        internal void EnsureAcceptableDigestAlgorithm(string algorithm)
        {
            if (!IsDigestAlgorithmSupported(algorithm))
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SuiteDoesNotAcceptAlgorithm,
                    algorithm, "Digest", this)));
            }
        }

    }

    public class Basic256SecurityAlgorithmSuite : SecurityAlgorithmSuite
    {
        public Basic256SecurityAlgorithmSuite() : base() { }

        public override string DefaultCanonicalizationAlgorithm { get { return DefaultCanonicalizationAlgorithmDictionaryString.Value; } }
        public override string DefaultDigestAlgorithm { get { return DefaultDigestAlgorithmDictionaryString.Value; } }
        public override string DefaultEncryptionAlgorithm { get { return DefaultEncryptionAlgorithmDictionaryString.Value; } }
        public override int DefaultEncryptionKeyDerivationLength { get { return 256; } }
        public override string DefaultSymmetricKeyWrapAlgorithm { get { return DefaultSymmetricKeyWrapAlgorithmDictionaryString.Value; } }
        public override string DefaultAsymmetricKeyWrapAlgorithm { get { return DefaultAsymmetricKeyWrapAlgorithmDictionaryString.Value; } }
        public override string DefaultSymmetricSignatureAlgorithm { get { return DefaultSymmetricSignatureAlgorithmDictionaryString.Value; } }
        public override string DefaultAsymmetricSignatureAlgorithm { get { return DefaultAsymmetricSignatureAlgorithmDictionaryString.Value; } }
        public override int DefaultSignatureKeyDerivationLength { get { return 192; } }
        public override int DefaultSymmetricKeyLength { get { return 256; } }
        public override bool IsSymmetricKeyLengthSupported(int length) { return length == 256; }
        public override bool IsAsymmetricKeyLengthSupported(int length) { return length >= 1024 && length <= 4096; }

        internal override XmlDictionaryString DefaultCanonicalizationAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.ExclusiveC14n; } }
        internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha1Digest; } }
        internal override XmlDictionaryString DefaultEncryptionAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Aes256Encryption; } }
        internal override XmlDictionaryString DefaultSymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Aes256KeyWrap; } }
        internal override XmlDictionaryString DefaultAsymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaOaepKeyWrap; } }
        internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha1Signature; } }
        internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha1Signature; } }

        public override string ToString()
        {
            return "Basic256";
        }
    }

    public class Basic192SecurityAlgorithmSuite : SecurityAlgorithmSuite
    {
        public Basic192SecurityAlgorithmSuite() : base() { }

        public override string DefaultCanonicalizationAlgorithm { get { return DefaultCanonicalizationAlgorithmDictionaryString.Value; } }
        public override string DefaultDigestAlgorithm { get { return DefaultDigestAlgorithmDictionaryString.Value; } }
        public override string DefaultEncryptionAlgorithm { get { return DefaultEncryptionAlgorithmDictionaryString.Value; } }
        public override int DefaultEncryptionKeyDerivationLength { get { return 192; } }
        public override string DefaultSymmetricKeyWrapAlgorithm { get { return DefaultSymmetricKeyWrapAlgorithmDictionaryString.Value; } }
        public override string DefaultAsymmetricKeyWrapAlgorithm { get { return DefaultAsymmetricKeyWrapAlgorithmDictionaryString.Value; } }
        public override string DefaultSymmetricSignatureAlgorithm { get { return DefaultSymmetricSignatureAlgorithmDictionaryString.Value; } }
        public override string DefaultAsymmetricSignatureAlgorithm { get { return DefaultAsymmetricSignatureAlgorithmDictionaryString.Value; } }
        public override int DefaultSignatureKeyDerivationLength { get { return 192; } }
        public override int DefaultSymmetricKeyLength { get { return 192; } }
        public override bool IsSymmetricKeyLengthSupported(int length) { return length >= 192 && length <= 256; }
        public override bool IsAsymmetricKeyLengthSupported(int length) { return length >= 1024 && length <= 4096; }

        internal override XmlDictionaryString DefaultCanonicalizationAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.ExclusiveC14n; } }
        internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha1Digest; } }
        internal override XmlDictionaryString DefaultEncryptionAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Aes192Encryption; } }
        internal override XmlDictionaryString DefaultSymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Aes192KeyWrap; } }
        internal override XmlDictionaryString DefaultAsymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaOaepKeyWrap; } }
        internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha1Signature; } }
        internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha1Signature; } }

        public override string ToString()
        {
            return "Basic192";
        }
    }

    public class Basic128SecurityAlgorithmSuite : SecurityAlgorithmSuite
    {
        public Basic128SecurityAlgorithmSuite() : base() { }

        public override string DefaultCanonicalizationAlgorithm { get { return this.DefaultCanonicalizationAlgorithmDictionaryString.Value; } }
        public override string DefaultDigestAlgorithm { get { return this.DefaultDigestAlgorithmDictionaryString.Value; } }
        public override string DefaultEncryptionAlgorithm { get { return this.DefaultEncryptionAlgorithmDictionaryString.Value; } }
        public override int DefaultEncryptionKeyDerivationLength { get { return 128; } }
        public override string DefaultSymmetricKeyWrapAlgorithm { get { return this.DefaultSymmetricKeyWrapAlgorithmDictionaryString.Value; } }
        public override string DefaultAsymmetricKeyWrapAlgorithm { get { return this.DefaultAsymmetricKeyWrapAlgorithmDictionaryString.Value; } }
        public override string DefaultSymmetricSignatureAlgorithm { get { return this.DefaultSymmetricSignatureAlgorithmDictionaryString.Value; } }
        public override string DefaultAsymmetricSignatureAlgorithm { get { return this.DefaultAsymmetricSignatureAlgorithmDictionaryString.Value; } }
        public override int DefaultSignatureKeyDerivationLength { get { return 128; } }
        public override int DefaultSymmetricKeyLength { get { return 128; } }
        public override bool IsSymmetricKeyLengthSupported(int length) { return length >= 128 && length <= 256; }
        public override bool IsAsymmetricKeyLengthSupported(int length) { return length >= 1024 && length <= 4096; }

        internal override XmlDictionaryString DefaultCanonicalizationAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.ExclusiveC14n; } }
        internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha1Digest; } }
        internal override XmlDictionaryString DefaultEncryptionAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Aes128Encryption; } }
        internal override XmlDictionaryString DefaultSymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Aes128KeyWrap; } }
        internal override XmlDictionaryString DefaultAsymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaOaepKeyWrap; } }
        internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha1Signature; } }
        internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha1Signature; } }

        public override string ToString() 
        {
            return "Basic128";
        }
    }

    public class TripleDesSecurityAlgorithmSuite : SecurityAlgorithmSuite
    {
        public TripleDesSecurityAlgorithmSuite() : base() { }

        public override string DefaultCanonicalizationAlgorithm { get { return DefaultCanonicalizationAlgorithmDictionaryString.Value; } }
        public override string DefaultDigestAlgorithm { get { return DefaultDigestAlgorithmDictionaryString.Value; } }
        public override string DefaultEncryptionAlgorithm { get { return DefaultEncryptionAlgorithmDictionaryString.Value; } }
        public override int DefaultEncryptionKeyDerivationLength { get { return 192; } }
        public override string DefaultSymmetricKeyWrapAlgorithm { get { return DefaultSymmetricKeyWrapAlgorithmDictionaryString.Value; } }
        public override string DefaultAsymmetricKeyWrapAlgorithm { get { return this.DefaultAsymmetricKeyWrapAlgorithmDictionaryString.Value; } }

        public override string DefaultSymmetricSignatureAlgorithm { get { return DefaultSymmetricSignatureAlgorithmDictionaryString.Value; } }
        public override string DefaultAsymmetricSignatureAlgorithm { get { return DefaultAsymmetricSignatureAlgorithmDictionaryString.Value; } }
        public override int DefaultSignatureKeyDerivationLength { get { return 192; } }
        public override int DefaultSymmetricKeyLength { get { return 192; } }
        public override bool IsSymmetricKeyLengthSupported(int length) { return length >= 192 && length <= 256; }
        public override bool IsAsymmetricKeyLengthSupported(int length) { return length >= 1024 && length <= 4096; }

        internal override XmlDictionaryString DefaultCanonicalizationAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.ExclusiveC14n; } }
        internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha1Digest; } }
        internal override XmlDictionaryString DefaultEncryptionAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.TripleDesEncryption; } }
        internal override XmlDictionaryString DefaultSymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.TripleDesKeyWrap; } }
        internal override XmlDictionaryString DefaultAsymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaOaepKeyWrap; } }
        internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha1Signature; } }
        internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha1Signature; } }

        public override string ToString()
        {
            return "TripleDes";
        }
    }

    class Basic128Rsa15SecurityAlgorithmSuite : Basic128SecurityAlgorithmSuite
    {
        public Basic128Rsa15SecurityAlgorithmSuite() : base() { }

        internal override XmlDictionaryString DefaultAsymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaV15KeyWrap; } }

        public override string ToString()
        {
            return "Basic128Rsa15";
        }
    }

    class Basic192Rsa15SecurityAlgorithmSuite : Basic192SecurityAlgorithmSuite
    {
        public Basic192Rsa15SecurityAlgorithmSuite() : base() { }

        internal override XmlDictionaryString DefaultAsymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaV15KeyWrap; } }

        public override string ToString()
        {
            return "Basic192Rsa15";
        }
    }

    class Basic256Rsa15SecurityAlgorithmSuite : Basic256SecurityAlgorithmSuite
    {
        public Basic256Rsa15SecurityAlgorithmSuite() : base() { }

        internal override XmlDictionaryString DefaultAsymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaV15KeyWrap; } }

        public override string ToString()
        {
            return "Basic256Rsa15";
        }
    }

    class TripleDesRsa15SecurityAlgorithmSuite : TripleDesSecurityAlgorithmSuite
    {
        public TripleDesRsa15SecurityAlgorithmSuite() : base() { }

        internal override XmlDictionaryString DefaultAsymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaV15KeyWrap; } }

        public override string ToString()
        {
            return "TripleDesRsa15";
        }
    }

    class Basic256Sha256SecurityAlgorithmSuite : Basic256SecurityAlgorithmSuite
    {
        public Basic256Sha256SecurityAlgorithmSuite() : base() { }

        internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha256Digest; } }
        internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha256Signature; } }
        internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha256Signature; } }

        public override string ToString()
        {
            return "Basic256Sha256";
        }
    }

    class Basic192Sha256SecurityAlgorithmSuite : Basic192SecurityAlgorithmSuite
    {
        public Basic192Sha256SecurityAlgorithmSuite() : base() { }

        internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha256Digest; } }
        internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha256Signature; } }
        internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha256Signature; } }

        public override string ToString()
        {
            return "Basic192Sha256";
        }
    }

    class Basic128Sha256SecurityAlgorithmSuite : Basic128SecurityAlgorithmSuite
    {
        public Basic128Sha256SecurityAlgorithmSuite() : base() { }

        internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha256Digest; } }
        internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha256Signature; } }
        internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha256Signature; } }

        public override string ToString()
        {
            return "Basic128Sha256";
        }
    }

    class TripleDesSha256SecurityAlgorithmSuite : TripleDesSecurityAlgorithmSuite
    {
        public TripleDesSha256SecurityAlgorithmSuite() : base() { }

        internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha256Digest; } }
        internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha256Signature; } }
        internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha256Signature; } }

        public override string ToString()
        {
            return "TripleDesSha256";
        }
    }

    class Basic256Sha256Rsa15SecurityAlgorithmSuite : Basic256Rsa15SecurityAlgorithmSuite
    {
        public Basic256Sha256Rsa15SecurityAlgorithmSuite() : base() { }

        internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha256Digest; } }
        internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha256Signature; } }
        internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha256Signature; } }

        public override string ToString()
        {
            return "Basic256Sha256Rsa15";
        }
    }

    class Basic192Sha256Rsa15SecurityAlgorithmSuite : Basic192Rsa15SecurityAlgorithmSuite
    {
        public Basic192Sha256Rsa15SecurityAlgorithmSuite() : base() { }

        internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha256Digest; } }
        internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha256Signature; } }
        internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha256Signature; } }

        public override string ToString()
        {
            return "Basic192Sha256Rsa15";
        }
    }

    class Basic128Sha256Rsa15SecurityAlgorithmSuite : Basic128Rsa15SecurityAlgorithmSuite
    {
        public Basic128Sha256Rsa15SecurityAlgorithmSuite() : base() { }

        internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha256Digest; } }
        internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha256Signature; } }
        internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha256Signature; } }

        public override string ToString()
        {
            return "Basic128Sha256Rsa15";
        }
    }

    class TripleDesSha256Rsa15SecurityAlgorithmSuite : TripleDesRsa15SecurityAlgorithmSuite
    {
        public TripleDesSha256Rsa15SecurityAlgorithmSuite() : base() { }

        internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha256Digest; } }
        internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha256Signature; } }
        internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha256Signature; } }

        public override string ToString()
        {
            return "TripleDesSha256Rsa15";
        }
    }
}