protected SecurityTokenAuthenticator CreateSecureConversationTokenAuthenticator(RecipientServiceModelSecurityTokenRequirement recipientRequirement, bool preserveBootstrapTokens, out SecurityTokenResolver sctResolver)
{
SecurityBindingElement securityBindingElement = recipientRequirement.SecurityBindingElement;
if (securityBindingElement == null)
{
throw CoreWCF.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.Format(SR.TokenAuthenticatorRequiresSecurityBindingElement, (object)recipientRequirement));
}
bool flag = !recipientRequirement.SupportSecurityContextCancellation;
LocalServiceSecuritySettings localServiceSettings = securityBindingElement.LocalServiceSettings;
IMessageFilterTable <EndpointAddress> propertyOrDefault = recipientRequirement.GetPropertyOrDefault <IMessageFilterTable <EndpointAddress> >(ServiceModelSecurityTokenRequirement.EndpointFilterTableProperty, (IMessageFilterTable <EndpointAddress>)null);
if (!flag)
{
sctResolver = (SecurityTokenResolver) new SecurityContextSecurityTokenResolver(int.MaxValue, false);
return((SecurityTokenAuthenticator) new SecuritySessionSecurityTokenAuthenticator()
{
BootstrapSecurityBindingElement = SecurityUtils.GetIssuerSecurityBindingElement((ServiceModelSecurityTokenRequirement)recipientRequirement),
IssuedSecurityTokenParameters = recipientRequirement.GetProperty <SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty),
IssuedTokenCache = (ISecurityContextSecurityTokenCache)sctResolver,
IssuerBindingContext = recipientRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty),
KeyEntropyMode = securityBindingElement.KeyEntropyMode,
ListenUri = recipientRequirement.ListenUri,
SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite,
SessionTokenLifetime = TimeSpan.MaxValue,
KeyRenewalInterval = securityBindingElement.LocalServiceSettings.SessionKeyRenewalInterval,
StandardsManager = SecurityUtils.CreateSecurityStandardsManager((SecurityTokenRequirement)recipientRequirement, (SecurityTokenManager)this),
EndpointFilterTable = propertyOrDefault,
MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations,
NegotiationTimeout = localServiceSettings.NegotiationTimeout,
PreserveBootstrapTokens = preserveBootstrapTokens
});
}
throw new NotImplementedException();
/* TODO later
* sctResolver = (SecurityTokenResolver)new SecurityContextSecurityTokenResolver(localServiceSettings.MaxCachedCookies, true, localServiceSettings.MaxClockSkew);
* AcceleratedTokenAuthenticator tokenAuthenticator = new AcceleratedTokenAuthenticator();
* tokenAuthenticator.BootstrapSecurityBindingElement = SecurityUtils.GetIssuerSecurityBindingElement((ServiceModelSecurityTokenRequirement)recipientRequirement);
* tokenAuthenticator.KeyEntropyMode = securityBindingElement.KeyEntropyMode;
* tokenAuthenticator.EncryptStateInServiceToken = true;
* tokenAuthenticator.IssuedSecurityTokenParameters = recipientRequirement.GetProperty<SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty);
* tokenAuthenticator.IssuedTokenCache = (ISecurityContextSecurityTokenCache)sctResolver;
* tokenAuthenticator.IssuerBindingContext = recipientRequirement.GetProperty<BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty);
* tokenAuthenticator.ListenUri = recipientRequirement.ListenUri;
* tokenAuthenticator.SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite;
* tokenAuthenticator.StandardsManager = SecurityUtils.CreateSecurityStandardsManager((SecurityTokenRequirement)recipientRequirement, (SecurityTokenManager)this);
* tokenAuthenticator.SecurityStateEncoder = this.parent.SecureConversationAuthentication.SecurityStateEncoder;
* tokenAuthenticator.KnownTypes = (IList<System.Type>)this.parent.SecureConversationAuthentication.SecurityContextClaimTypes;
* tokenAuthenticator.PreserveBootstrapTokens = preserveBootstrapTokens;
* tokenAuthenticator.MaximumCachedNegotiationState = localServiceSettings.MaxStatefulNegotiations;
* tokenAuthenticator.NegotiationTimeout = localServiceSettings.NegotiationTimeout;
* tokenAuthenticator.ServiceTokenLifetime = localServiceSettings.IssuedCookieLifetime;
* tokenAuthenticator.MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations;
* tokenAuthenticator.AuditLogLocation = recipientRequirement.AuditLogLocation;
* tokenAuthenticator.SuppressAuditFailure = recipientRequirement.SuppressAuditFailure;
* tokenAuthenticator.MessageAuthenticationAuditLevel = recipientRequirement.MessageAuthenticationAuditLevel;
* tokenAuthenticator.EndpointFilterTable = propertyOrDefault;
* return (SecurityTokenAuthenticator)tokenAuthenticator;*/
}
private void ValidateTable(IMessageFilterTable <TFilterData> table)
{
if (base.GetType().IsInstanceOfType(table))
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("FilterBadTableType")));
}
}
internal SecurityProtocolFactory(SecurityProtocolFactory factory) : this()
{
if (factory == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(factory));
}
ActAsInitiator = factory.ActAsInitiator;
_addTimestamp = factory._addTimestamp;
_detectReplays = factory._detectReplays;
_incomingAlgorithmSuite = factory._incomingAlgorithmSuite;
_maxCachedNonces = factory._maxCachedNonces;
_maxClockSkew = factory._maxClockSkew;
_outgoingAlgorithmSuite = factory._outgoingAlgorithmSuite;
_replayWindow = factory._replayWindow;
ChannelSupportingTokenAuthenticatorSpecification = new Collection <SupportingTokenAuthenticatorSpecification>(new List <SupportingTokenAuthenticatorSpecification>(factory.ChannelSupportingTokenAuthenticatorSpecification));
ScopedSupportingTokenAuthenticatorSpecification = new Dictionary <string, ICollection <SupportingTokenAuthenticatorSpecification> >(factory.ScopedSupportingTokenAuthenticatorSpecification);
_standardsManager = factory._standardsManager;
_timestampValidityDuration = factory._timestampValidityDuration;
// this.auditLogLocation = factory.auditLogLocation;
_suppressAuditFailure = factory._suppressAuditFailure;
// this.serviceAuthorizationAuditLevel = factory.serviceAuthorizationAuditLevel;
// this.messageAuthenticationAuditLevel = factory.messageAuthenticationAuditLevel;
if (factory._securityBindingElement != null)
{
_securityBindingElement = (SecurityBindingElement)factory._securityBindingElement.Clone();
}
_securityTokenManager = factory._securityTokenManager;
_privacyNoticeUri = factory._privacyNoticeUri;
_privacyNoticeVersion = factory._privacyNoticeVersion;
_endpointFilterTable = factory._endpointFilterTable;
ExtendedProtectionPolicy = factory.ExtendedProtectionPolicy;
_nonceCache = factory._nonceCache;
}
internal SecurityProtocolFactory(SecurityProtocolFactory factory) : this()
{
if (factory == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("factory");
}
this.actAsInitiator = factory.actAsInitiator;
this.addTimestamp = factory.addTimestamp;
this.detectReplays = factory.detectReplays;
this.incomingAlgorithmSuite = factory.incomingAlgorithmSuite;
this.maxCachedNonces = factory.maxCachedNonces;
this.maxClockSkew = factory.maxClockSkew;
this.outgoingAlgorithmSuite = factory.outgoingAlgorithmSuite;
this.replayWindow = factory.replayWindow;
this.channelSupportingTokenAuthenticatorSpecification = new Collection <SupportingTokenAuthenticatorSpecification>(new List <SupportingTokenAuthenticatorSpecification>(factory.channelSupportingTokenAuthenticatorSpecification));
this.scopedSupportingTokenAuthenticatorSpecification = new Dictionary <string, ICollection <SupportingTokenAuthenticatorSpecification> >(factory.scopedSupportingTokenAuthenticatorSpecification);
this.standardsManager = factory.standardsManager;
this.timestampValidityDuration = factory.timestampValidityDuration;
this.auditLogLocation = factory.auditLogLocation;
this.suppressAuditFailure = factory.suppressAuditFailure;
this.serviceAuthorizationAuditLevel = factory.serviceAuthorizationAuditLevel;
this.messageAuthenticationAuditLevel = factory.messageAuthenticationAuditLevel;
if (factory.securityBindingElement != null)
{
this.securityBindingElement = (System.ServiceModel.Channels.SecurityBindingElement)factory.securityBindingElement.Clone();
}
this.securityTokenManager = factory.securityTokenManager;
this.privacyNoticeUri = factory.privacyNoticeUri;
this.privacyNoticeVersion = factory.privacyNoticeVersion;
this.endpointFilterTable = factory.endpointFilterTable;
this.extendedProtectionPolicy = factory.extendedProtectionPolicy;
}
protected SecurityTokenAuthenticator CreateSecureConversationTokenAuthenticator(RecipientServiceModelSecurityTokenRequirement recipientRequirement, bool preserveBootstrapTokens, out SecurityTokenResolver sctResolver)
{
SecurityBindingElement securityBindingElement = recipientRequirement.SecurityBindingElement;
if (securityBindingElement == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenAuthenticatorRequiresSecurityBindingElement", new object[] { recipientRequirement }));
}
bool flag = !recipientRequirement.SupportSecurityContextCancellation;
LocalServiceSecuritySettings localServiceSettings = securityBindingElement.LocalServiceSettings;
IMessageFilterTable <EndpointAddress> propertyOrDefault = recipientRequirement.GetPropertyOrDefault <IMessageFilterTable <EndpointAddress> >(ServiceModelSecurityTokenRequirement.EndpointFilterTableProperty, null);
if (!flag)
{
sctResolver = new SecurityContextSecurityTokenResolver(0x7fffffff, false);
return(new SecuritySessionSecurityTokenAuthenticator {
BootstrapSecurityBindingElement = System.ServiceModel.Security.SecurityUtils.GetIssuerSecurityBindingElement(recipientRequirement), IssuedSecurityTokenParameters = recipientRequirement.GetProperty <SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty), IssuedTokenCache = (ISecurityContextSecurityTokenCache)sctResolver, IssuerBindingContext = recipientRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty), KeyEntropyMode = securityBindingElement.KeyEntropyMode, ListenUri = recipientRequirement.ListenUri, SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite, SessionTokenLifetime = TimeSpan.MaxValue, KeyRenewalInterval = securityBindingElement.LocalServiceSettings.SessionKeyRenewalInterval, StandardsManager = System.ServiceModel.Security.SecurityUtils.CreateSecurityStandardsManager(recipientRequirement, this), EndpointFilterTable = propertyOrDefault, MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations, NegotiationTimeout = localServiceSettings.NegotiationTimeout, PreserveBootstrapTokens = preserveBootstrapTokens
});
}
sctResolver = new SecurityContextSecurityTokenResolver(localServiceSettings.MaxCachedCookies, true, localServiceSettings.MaxClockSkew);
return(new AcceleratedTokenAuthenticator {
BootstrapSecurityBindingElement = System.ServiceModel.Security.SecurityUtils.GetIssuerSecurityBindingElement(recipientRequirement), KeyEntropyMode = securityBindingElement.KeyEntropyMode, EncryptStateInServiceToken = true, IssuedSecurityTokenParameters = recipientRequirement.GetProperty <SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty), IssuedTokenCache = (ISecurityContextSecurityTokenCache)sctResolver, IssuerBindingContext = recipientRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty), ListenUri = recipientRequirement.ListenUri, SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite, StandardsManager = System.ServiceModel.Security.SecurityUtils.CreateSecurityStandardsManager(recipientRequirement, this), SecurityStateEncoder = this.parent.SecureConversationAuthentication.SecurityStateEncoder, KnownTypes = this.parent.SecureConversationAuthentication.SecurityContextClaimTypes, PreserveBootstrapTokens = preserveBootstrapTokens, MaximumCachedNegotiationState = localServiceSettings.MaxStatefulNegotiations, NegotiationTimeout = localServiceSettings.NegotiationTimeout, ServiceTokenLifetime = localServiceSettings.IssuedCookieLifetime, MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations,
AuditLogLocation = recipientRequirement.AuditLogLocation, SuppressAuditFailure = recipientRequirement.SuppressAuditFailure, MessageAuthenticationAuditLevel = recipientRequirement.MessageAuthenticationAuditLevel, EndpointFilterTable = propertyOrDefault
});
}
public void Add(MessageFilter filter, TFilterData data, int priority)
{
if (filter == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("filter");
}
if (this.filters.ContainsKey(filter))
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("filter", System.ServiceModel.SR.GetString("FilterExists"));
}
System.Type key = filter.GetType();
System.Type type2 = null;
IMessageFilterTable <TFilterData> table = null;
if (!this.filterTypeMappings.TryGetValue(key, out type2))
{
table = this.CreateFilterTable(filter);
this.ValidateTable(table);
this.filterTypeMappings.Add(key, table.GetType());
FilterTableEntry <TFilterData> item = new FilterTableEntry <TFilterData>(priority, table);
int index = this.tables.IndexOf(item);
if (index >= 0)
{
table = this.tables[index].table;
}
else
{
this.tables.Add(item);
}
table.Add(filter, data);
}
else
{
for (int i = 0; i < this.tables.Count; i++)
{
if ((this.tables[i].priority == priority) && this.tables[i].table.GetType().Equals(type2))
{
table = this.tables[i].table;
break;
}
}
if (table == null)
{
table = this.CreateFilterTable(filter);
this.ValidateTable(table);
if (!table.GetType().Equals(type2))
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("FilterTableTypeMismatch")));
}
table.Add(filter, data);
this.tables.Add(new FilterTableEntry <TFilterData>(priority, table));
}
else
{
table.Add(filter, data);
}
}
this.filters.Add(filter, data);
}
void ValidateTable(IMessageFilterTable <TFilterData> table)
{
Type t = this.GetType();
if (t.IsInstanceOfType(table))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.FilterBadTableType)));
}
}
protected virtual IMessageFilterTable <TFilterData> CreateFilterTable(MessageFilter filter)
{
IMessageFilterTable <TFilterData> table = filter.CreateFilterTable <TFilterData>();
if (table == null)
{
return(new SequentialMessageFilterTable <TFilterData>());
}
return(table);
}
internal bool GetMatchingValue(Message message, out TFilterData data, out bool addressMatched)
{
bool dataSet = false;
int pri = int.MinValue;
data = default(TFilterData);
addressMatched = false;
for (int i = 0; i < this.tables.Count; ++i)
{
// Watch for the end of a bucket
if (pri > this.tables[i].priority && dataSet)
{
break;
}
pri = this.tables[i].priority;
bool matchResult;
TFilterData currentData;
IMessageFilterTable <TFilterData> table = this.tables[i].table;
AndMessageFilterTable <TFilterData> andTable = table as AndMessageFilterTable <TFilterData>;
if (andTable != null)
{
bool addressResult;
matchResult = andTable.GetMatchingValue(message, out currentData, out addressResult);
addressMatched |= addressResult;
}
else
{
matchResult = table.GetMatchingValue(message, out currentData);
}
if (matchResult)
{
if (dataSet)
{
throw TraceUtility.ThrowHelperError(new MultipleFilterMatchesException(SR.GetString(SR.FilterMultipleMatches), null, null), message);
}
addressMatched = true;
data = currentData;
dataSet = true;
}
}
return(dataSet);
}
internal bool GetMatchingValue(Message message, out TFilterData data, out bool addressMatched)
{
bool flag = false;
int priority = -2147483648;
data = default(TFilterData);
addressMatched = false;
for (int i = 0; i < this.tables.Count; i++)
{
bool matchingValue;
TFilterData local;
if ((priority > this.tables[i].priority) && flag)
{
return(flag);
}
priority = this.tables[i].priority;
IMessageFilterTable <TFilterData> table = this.tables[i].table;
AndMessageFilterTable <TFilterData> table2 = table as AndMessageFilterTable <TFilterData>;
if (table2 != null)
{
bool flag3;
matchingValue = table2.GetMatchingValue(message, out local, out flag3);
addressMatched |= flag3;
}
else
{
matchingValue = table.GetMatchingValue(message, out local);
}
if (matchingValue)
{
if (flag)
{
throw TraceUtility.ThrowHelperError(new MultipleFilterMatchesException(System.ServiceModel.SR.GetString("FilterMultipleMatches"), null, null), message);
}
addressMatched = true;
data = local;
flag = true;
}
}
return(flag);
}
public override IChannelListener <TChannel> BuildChannelListener <TChannel>(BindingContext context) where TChannel : class, IChannel
{
if (context == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
}
this.VerifyTransportMode(context);
this.SetSecuritySettings(context);
IMessageFilterTable <EndpointAddress> table = context.BindingParameters.Find <IMessageFilterTable <EndpointAddress> >();
InternalDuplexBindingElement.AddDuplexListenerSupport(context, ref this.internalDuplexBindingElement);
if (typeof(TChannel) == typeof(IInputSessionChannel))
{
ReliableChannelListenerBase <IInputSessionChannel> base2 = null;
if (context.CanBuildInnerChannelListener <IReplySessionChannel>())
{
base2 = new ReliableInputListenerOverReplySession(this, context);
}
else if (context.CanBuildInnerChannelListener <IReplyChannel>())
{
base2 = new ReliableInputListenerOverReply(this, context);
}
else if (context.CanBuildInnerChannelListener <IDuplexSessionChannel>())
{
base2 = new ReliableInputListenerOverDuplexSession(this, context);
}
else if (context.CanBuildInnerChannelListener <IDuplexChannel>())
{
base2 = new ReliableInputListenerOverDuplex(this, context);
}
if (base2 != null)
{
base2.LocalAddresses = table;
return((IChannelListener <TChannel>)base2);
}
}
else if (typeof(TChannel) == typeof(IDuplexSessionChannel))
{
ReliableChannelListenerBase <IDuplexSessionChannel> base3 = null;
if (context.CanBuildInnerChannelListener <IDuplexSessionChannel>())
{
base3 = new ReliableDuplexListenerOverDuplexSession(this, context);
}
else if (context.CanBuildInnerChannelListener <IDuplexChannel>())
{
base3 = new ReliableDuplexListenerOverDuplex(this, context);
}
if (base3 != null)
{
base3.LocalAddresses = table;
return((IChannelListener <TChannel>)base3);
}
}
else if (typeof(TChannel) == typeof(IReplySessionChannel))
{
ReliableChannelListenerBase <IReplySessionChannel> base4 = null;
if (context.CanBuildInnerChannelListener <IReplySessionChannel>())
{
base4 = new ReliableReplyListenerOverReplySession(this, context);
}
else if (context.CanBuildInnerChannelListener <IReplyChannel>())
{
base4 = new ReliableReplyListenerOverReply(this, context);
}
if (base4 != null)
{
base4.LocalAddresses = table;
return((IChannelListener <TChannel>)base4);
}
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("TChannel", System.ServiceModel.SR.GetString("ChannelTypeNotSupported", new object[] { typeof(TChannel) }));
}
internal FilterTableEntry(int pri, IMessageFilterTable <TFilterData> t)
{
this.priority = pri;
this.table = t;
}
protected SecurityTokenAuthenticator CreateSecureConversationTokenAuthenticator(RecipientServiceModelSecurityTokenRequirement recipientRequirement, bool preserveBootstrapTokens, out SecurityTokenResolver sctResolver)
{
SecurityBindingElement securityBindingElement = recipientRequirement.SecurityBindingElement;
if (securityBindingElement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenAuthenticatorRequiresSecurityBindingElement, recipientRequirement));
}
bool isCookieMode = !recipientRequirement.SupportSecurityContextCancellation;
LocalServiceSecuritySettings localServiceSettings = securityBindingElement.LocalServiceSettings;
IMessageFilterTable <EndpointAddress> endpointFilterTable = recipientRequirement.GetPropertyOrDefault <IMessageFilterTable <EndpointAddress> >(ServiceModelSecurityTokenRequirement.EndpointFilterTableProperty, null);
if (!isCookieMode)
{
sctResolver = new SecurityContextSecurityTokenResolver(Int32.MaxValue, false);
// remember this authenticator for future reference
SecuritySessionSecurityTokenAuthenticator authenticator = new SecuritySessionSecurityTokenAuthenticator();
authenticator.BootstrapSecurityBindingElement = SecurityUtils.GetIssuerSecurityBindingElement(recipientRequirement);
authenticator.IssuedSecurityTokenParameters = recipientRequirement.GetProperty <SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty);
authenticator.IssuedTokenCache = (ISecurityContextSecurityTokenCache)sctResolver;
authenticator.IssuerBindingContext = recipientRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty);
authenticator.KeyEntropyMode = securityBindingElement.KeyEntropyMode;
authenticator.ListenUri = recipientRequirement.ListenUri;
authenticator.SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite;
authenticator.SessionTokenLifetime = TimeSpan.MaxValue;
authenticator.KeyRenewalInterval = securityBindingElement.LocalServiceSettings.SessionKeyRenewalInterval;
authenticator.StandardsManager = SecurityUtils.CreateSecurityStandardsManager(recipientRequirement, this);
authenticator.EndpointFilterTable = endpointFilterTable;
authenticator.MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations;
authenticator.NegotiationTimeout = localServiceSettings.NegotiationTimeout;
authenticator.PreserveBootstrapTokens = preserveBootstrapTokens;
return(authenticator);
}
else
{
sctResolver = new SecurityContextSecurityTokenResolver(localServiceSettings.MaxCachedCookies, true, localServiceSettings.MaxClockSkew);
AcceleratedTokenAuthenticator authenticator = new AcceleratedTokenAuthenticator();
authenticator.BootstrapSecurityBindingElement = SecurityUtils.GetIssuerSecurityBindingElement(recipientRequirement);
authenticator.KeyEntropyMode = securityBindingElement.KeyEntropyMode;
authenticator.EncryptStateInServiceToken = true;
authenticator.IssuedSecurityTokenParameters = recipientRequirement.GetProperty <SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty);
authenticator.IssuedTokenCache = (ISecurityContextSecurityTokenCache)sctResolver;
authenticator.IssuerBindingContext = recipientRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty);
authenticator.ListenUri = recipientRequirement.ListenUri;
authenticator.SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite;
authenticator.StandardsManager = SecurityUtils.CreateSecurityStandardsManager(recipientRequirement, this);
authenticator.SecurityStateEncoder = parent.SecureConversationAuthentication.SecurityStateEncoder;
authenticator.KnownTypes = parent.SecureConversationAuthentication.SecurityContextClaimTypes;
authenticator.PreserveBootstrapTokens = preserveBootstrapTokens;
// local security quotas
authenticator.MaximumCachedNegotiationState = localServiceSettings.MaxStatefulNegotiations;
authenticator.NegotiationTimeout = localServiceSettings.NegotiationTimeout;
authenticator.ServiceTokenLifetime = localServiceSettings.IssuedCookieLifetime;
authenticator.MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations;
// audit settings
authenticator.AuditLogLocation = recipientRequirement.AuditLogLocation;
authenticator.SuppressAuditFailure = recipientRequirement.SuppressAuditFailure;
authenticator.MessageAuthenticationAuditLevel = recipientRequirement.MessageAuthenticationAuditLevel;
authenticator.EndpointFilterTable = endpointFilterTable;
return(authenticator);
}
}
public void Add(MessageFilter filter, TFilterData data, int priority)
{
if (filter == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(filter));
}
if (_filters.ContainsKey(filter))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(nameof(filter), SR.FilterExists);
}
Type filterType = filter.GetType();
IMessageFilterTable <TFilterData> table = null;
if (_filterTypeMappings.TryGetValue(filterType, out Type tableType))
{
for (int i = 0; i < _tables.Count; ++i)
{
if (_tables[i].priority == priority && _tables[i].table.GetType().Equals(tableType))
{
table = _tables[i].table;
break;
}
}
if (table == null)
{
table = CreateFilterTable(filter);
ValidateTable(table);
if (!table.GetType().Equals(tableType))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.FilterTableTypeMismatch));
}
table.Add(filter, data);
_tables.Add(new FilterTableEntry(priority, table));
}
else
{
table.Add(filter, data);
}
}
else
{
table = CreateFilterTable(filter);
ValidateTable(table);
_filterTypeMappings.Add(filterType, table.GetType());
FilterTableEntry entry = new FilterTableEntry(priority, table);
int idx = _tables.IndexOf(entry);
if (idx >= 0)
{
table = _tables[idx].table;
}
else
{
_tables.Add(entry);
}
table.Add(filter, data);
}
_filters.Add(filter, data);
}
protected override IChannelListener <TChannel> BuildChannelListenerCore <TChannel>(BindingContext context)
{
SecurityChannelListener <TChannel> channelListener = new SecurityChannelListener <TChannel>(this, context);
SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>();
if (credentialsManager == null)
{
credentialsManager = ServiceCredentials.CreateDefaultCredentials();
}
// This adds the demuxer element to the context. We add a demuxer element only if the binding is configured to do
// secure conversation or negotiation
bool requireDemuxer = RequiresChannelDemuxer();
ChannelBuilder channelBuilder = new ChannelBuilder(context, requireDemuxer);
if (requireDemuxer)
{
ApplyPropertiesOnDemuxer(channelBuilder, context);
}
BindingContext issuerBindingContext = context.Clone();
if (this.ProtectionTokenParameters is SecureConversationSecurityTokenParameters)
{
SecureConversationSecurityTokenParameters scParameters = (SecureConversationSecurityTokenParameters)this.ProtectionTokenParameters;
if (scParameters.BootstrapSecurityBindingElement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SecureConversationSecurityTokenParametersRequireBootstrapBinding)));
}
BindingContext scIssuerBindingContext = issuerBindingContext.Clone();
scIssuerBindingContext.BindingParameters.Remove <ChannelProtectionRequirements>();
scIssuerBindingContext.BindingParameters.Add(scParameters.BootstrapProtectionRequirements);
IMessageFilterTable <EndpointAddress> endpointFilterTable = context.BindingParameters.Find <IMessageFilterTable <EndpointAddress> >();
AddDemuxerForSecureConversation(channelBuilder, scIssuerBindingContext);
if (scParameters.RequireCancellation)
{
SessionSymmetricMessageSecurityProtocolFactory sessionFactory = new SessionSymmetricMessageSecurityProtocolFactory();
base.ApplyAuditBehaviorSettings(context, sessionFactory);
sessionFactory.SecurityTokenParameters = scParameters.Clone();
((SecureConversationSecurityTokenParameters)sessionFactory.SecurityTokenParameters).IssuerBindingContext = scIssuerBindingContext;
sessionFactory.ApplyConfidentiality = true;
sessionFactory.RequireConfidentiality = true;
sessionFactory.ApplyIntegrity = true;
sessionFactory.RequireIntegrity = true;
sessionFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
sessionFactory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
sessionFactory.MessageProtectionOrder = this.MessageProtectionOrder;
sessionFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
sessionFactory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, true));
base.ConfigureProtocolFactory(sessionFactory, credentialsManager, true, issuerBindingContext, context.Binding);
channelListener.SessionMode = true;
channelListener.SessionServerSettings.InactivityTimeout = this.LocalServiceSettings.InactivityTimeout;
channelListener.SessionServerSettings.KeyRolloverInterval = this.LocalServiceSettings.SessionKeyRolloverInterval;
channelListener.SessionServerSettings.MaximumPendingSessions = this.LocalServiceSettings.MaxPendingSessions;
channelListener.SessionServerSettings.MaximumKeyRenewalInterval = this.LocalServiceSettings.SessionKeyRenewalInterval;
channelListener.SessionServerSettings.TolerateTransportFailures = this.LocalServiceSettings.ReconnectTransportOnFailure;
channelListener.SessionServerSettings.CanRenewSession = scParameters.CanRenewSession;
channelListener.SessionServerSettings.IssuedSecurityTokenParameters = scParameters.Clone();
((SecureConversationSecurityTokenParameters)channelListener.SessionServerSettings.IssuedSecurityTokenParameters).IssuerBindingContext = scIssuerBindingContext;
channelListener.SessionServerSettings.SecurityStandardsManager = sessionFactory.StandardsManager;
channelListener.SessionServerSettings.SessionProtocolFactory = sessionFactory;
channelListener.SessionServerSettings.SessionProtocolFactory.EndpointFilterTable = endpointFilterTable;
// pass in the error handler for handling unknown security sessions - dont do this if the underlying channel is duplex since sending
// back faults in response to badly secured requests over duplex can result in DoS.
if (context.BindingParameters != null && context.BindingParameters.Find <IChannelDemuxFailureHandler>() == null &&
!IsUnderlyingListenerDuplex <TChannel>(context))
{
context.BindingParameters.Add(new SecuritySessionServerSettings.SecuritySessionDemuxFailureHandler(sessionFactory.StandardsManager));
}
}
else
{
SymmetricSecurityProtocolFactory protocolFactory = new SymmetricSecurityProtocolFactory();
base.ApplyAuditBehaviorSettings(context, protocolFactory);
protocolFactory.SecurityTokenParameters = scParameters.Clone();
((SecureConversationSecurityTokenParameters)protocolFactory.SecurityTokenParameters).IssuerBindingContext = scIssuerBindingContext;
protocolFactory.ApplyConfidentiality = true;
protocolFactory.RequireConfidentiality = true;
protocolFactory.ApplyIntegrity = true;
protocolFactory.RequireIntegrity = true;
protocolFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
protocolFactory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
protocolFactory.MessageProtectionOrder = this.MessageProtectionOrder;
protocolFactory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, true));
protocolFactory.EndpointFilterTable = endpointFilterTable;
base.ConfigureProtocolFactory(protocolFactory, credentialsManager, true, issuerBindingContext, context.Binding);
channelListener.SecurityProtocolFactory = protocolFactory;
}
}
else
{
SecurityProtocolFactory protocolFactory = this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, true, issuerBindingContext);
channelListener.SecurityProtocolFactory = protocolFactory;
}
channelListener.InitializeListener(channelBuilder);
return(channelListener);
}
protected override IChannelListener <TChannel> BuildChannelListenerCore <TChannel>(BindingContext context) where TChannel : class, IChannel
{
SecurityChannelListener <TChannel> listener = new SecurityChannelListener <TChannel>(this, context);
SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>();
if (credentialsManager == null)
{
credentialsManager = ServiceCredentials.CreateDefaultCredentials();
}
bool addChannelDemuxerIfRequired = this.RequiresChannelDemuxer();
ChannelBuilder builder = new ChannelBuilder(context, addChannelDemuxerIfRequired);
if (addChannelDemuxerIfRequired)
{
base.ApplyPropertiesOnDemuxer(builder, context);
}
BindingContext issuerBindingContext = context.Clone();
if (this.ProtectionTokenParameters is SecureConversationSecurityTokenParameters)
{
SecureConversationSecurityTokenParameters protectionTokenParameters = (SecureConversationSecurityTokenParameters)this.ProtectionTokenParameters;
if (protectionTokenParameters.BootstrapSecurityBindingElement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("SecureConversationSecurityTokenParametersRequireBootstrapBinding")));
}
BindingContext secureConversationBindingContext = issuerBindingContext.Clone();
secureConversationBindingContext.BindingParameters.Remove <ChannelProtectionRequirements>();
secureConversationBindingContext.BindingParameters.Add(protectionTokenParameters.BootstrapProtectionRequirements);
IMessageFilterTable <EndpointAddress> table = context.BindingParameters.Find <IMessageFilterTable <EndpointAddress> >();
base.AddDemuxerForSecureConversation(builder, secureConversationBindingContext);
if (protectionTokenParameters.RequireCancellation)
{
SessionSymmetricMessageSecurityProtocolFactory factory = new SessionSymmetricMessageSecurityProtocolFactory();
base.ApplyAuditBehaviorSettings(context, factory);
factory.SecurityTokenParameters = protectionTokenParameters.Clone();
((SecureConversationSecurityTokenParameters)factory.SecurityTokenParameters).IssuerBindingContext = secureConversationBindingContext;
factory.ApplyConfidentiality = true;
factory.RequireConfidentiality = true;
factory.ApplyIntegrity = true;
factory.RequireIntegrity = true;
factory.IdentityVerifier = base.LocalClientSettings.IdentityVerifier;
factory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
factory.MessageProtectionOrder = this.MessageProtectionOrder;
factory.IdentityVerifier = base.LocalClientSettings.IdentityVerifier;
factory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, true));
base.ConfigureProtocolFactory(factory, credentialsManager, true, issuerBindingContext, context.Binding);
listener.SessionMode = true;
listener.SessionServerSettings.InactivityTimeout = base.LocalServiceSettings.InactivityTimeout;
listener.SessionServerSettings.KeyRolloverInterval = base.LocalServiceSettings.SessionKeyRolloverInterval;
listener.SessionServerSettings.MaximumPendingSessions = base.LocalServiceSettings.MaxPendingSessions;
listener.SessionServerSettings.MaximumKeyRenewalInterval = base.LocalServiceSettings.SessionKeyRenewalInterval;
listener.SessionServerSettings.TolerateTransportFailures = base.LocalServiceSettings.ReconnectTransportOnFailure;
listener.SessionServerSettings.CanRenewSession = protectionTokenParameters.CanRenewSession;
listener.SessionServerSettings.IssuedSecurityTokenParameters = protectionTokenParameters.Clone();
((SecureConversationSecurityTokenParameters)listener.SessionServerSettings.IssuedSecurityTokenParameters).IssuerBindingContext = secureConversationBindingContext;
listener.SessionServerSettings.SecurityStandardsManager = factory.StandardsManager;
listener.SessionServerSettings.SessionProtocolFactory = factory;
listener.SessionServerSettings.SessionProtocolFactory.EndpointFilterTable = table;
if (((context.BindingParameters != null) && (context.BindingParameters.Find <IChannelDemuxFailureHandler>() == null)) && !base.IsUnderlyingListenerDuplex <TChannel>(context))
{
context.BindingParameters.Add(new SecuritySessionServerSettings.SecuritySessionDemuxFailureHandler(factory.StandardsManager));
}
}
else
{
SymmetricSecurityProtocolFactory factory2 = new SymmetricSecurityProtocolFactory();
base.ApplyAuditBehaviorSettings(context, factory2);
factory2.SecurityTokenParameters = protectionTokenParameters.Clone();
((SecureConversationSecurityTokenParameters)factory2.SecurityTokenParameters).IssuerBindingContext = secureConversationBindingContext;
factory2.ApplyConfidentiality = true;
factory2.RequireConfidentiality = true;
factory2.ApplyIntegrity = true;
factory2.RequireIntegrity = true;
factory2.IdentityVerifier = base.LocalClientSettings.IdentityVerifier;
factory2.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
factory2.MessageProtectionOrder = this.MessageProtectionOrder;
factory2.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, true));
factory2.EndpointFilterTable = table;
base.ConfigureProtocolFactory(factory2, credentialsManager, true, issuerBindingContext, context.Binding);
listener.SecurityProtocolFactory = factory2;
}
}
else
{
SecurityProtocolFactory factory3 = this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, true, issuerBindingContext);
listener.SecurityProtocolFactory = factory3;
}
listener.InitializeListener(builder);
return(listener);
}
public void Add(MessageFilter filter, TFilterData data, int priority)
{
if (filter == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("filter");
}
if (this.filters.ContainsKey(filter))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("filter", SR.GetString(SR.FilterExists));
}
#pragma warning suppress 56506 // [....], PreSharp generates a false warning here
Type filterType = filter.GetType();
Type tableType = null;
IMessageFilterTable <TFilterData> table = null;
if (this.filterTypeMappings.TryGetValue(filterType, out tableType))
{
for (int i = 0; i < this.tables.Count; ++i)
{
if (this.tables[i].priority == priority && this.tables[i].table.GetType().Equals(tableType))
{
table = this.tables[i].table;
break;
}
}
if (table == null)
{
table = CreateFilterTable(filter);
ValidateTable(table);
if (!table.GetType().Equals(tableType))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.FilterTableTypeMismatch)));
}
table.Add(filter, data);
this.tables.Add(new FilterTableEntry(priority, table));
}
else
{
table.Add(filter, data);
}
}
else
{
table = CreateFilterTable(filter);
ValidateTable(table);
this.filterTypeMappings.Add(filterType, table.GetType());
FilterTableEntry entry = new FilterTableEntry(priority, table);
int idx = this.tables.IndexOf(entry);
if (idx >= 0)
{
table = this.tables[idx].table;
}
else
{
this.tables.Add(entry);
}
table.Add(filter, data);
}
this.filters.Add(filter, data);
}
public override IChannelListener <TChannel> BuildChannelListener <TChannel>(BindingContext context)
{
if (context == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
}
this.VerifyTransportMode(context);
this.SetSecuritySettings(context);
#pragma warning suppress 56506 // BindingContext guarantees BindingParameters is never null.
IMessageFilterTable <EndpointAddress> table = context.BindingParameters.Find <IMessageFilterTable <EndpointAddress> >();
InternalDuplexBindingElement.AddDuplexListenerSupport(context, ref this.internalDuplexBindingElement);
if (typeof(TChannel) == typeof(IInputSessionChannel))
{
ReliableChannelListenerBase <IInputSessionChannel> listener = null;
if (context.CanBuildInnerChannelListener <IReplySessionChannel>())
{
listener = new ReliableInputListenerOverReplySession(this, context);
}
else if (context.CanBuildInnerChannelListener <IReplyChannel>())
{
listener = new ReliableInputListenerOverReply(this, context);
}
else if (context.CanBuildInnerChannelListener <IDuplexSessionChannel>())
{
listener = new ReliableInputListenerOverDuplexSession(this, context);
}
else if (context.CanBuildInnerChannelListener <IDuplexChannel>())
{
listener = new ReliableInputListenerOverDuplex(this, context);
}
if (listener != null)
{
listener.LocalAddresses = table;
return((IChannelListener <TChannel>)(object) listener);
}
}
else if (typeof(TChannel) == typeof(IDuplexSessionChannel))
{
ReliableChannelListenerBase <IDuplexSessionChannel> listener = null;
if (context.CanBuildInnerChannelListener <IDuplexSessionChannel>())
{
listener = new ReliableDuplexListenerOverDuplexSession(this, context);
}
else if (context.CanBuildInnerChannelListener <IDuplexChannel>())
{
listener = new ReliableDuplexListenerOverDuplex(this, context);
}
if (listener != null)
{
listener.LocalAddresses = table;
return((IChannelListener <TChannel>)(object) listener);
}
}
else if (typeof(TChannel) == typeof(IReplySessionChannel))
{
ReliableChannelListenerBase <IReplySessionChannel> listener = null;
if (context.CanBuildInnerChannelListener <IReplySessionChannel>())
{
listener = new ReliableReplyListenerOverReplySession(this, context);
}
else if (context.CanBuildInnerChannelListener <IReplyChannel>())
{
listener = new ReliableReplyListenerOverReply(this, context);
}
if (listener != null)
{
listener.LocalAddresses = table;
return((IChannelListener <TChannel>)(object) listener);
}
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("TChannel", SR.GetString(SR.ChannelTypeNotSupported, typeof(TChannel)));
}
