public IssuedTokenWSTrustBinding(Binding issuerBinding, EndpointAddress issuerAddress, SecurityMode mode, TrustVersion version, SecurityKeyType keyType, SecurityAlgorithmSuite algorithmSuite, string tokenType, IEnumerable<ClaimTypeRequirement> claimTypeRequirements, EndpointAddress issuerMetadataAddress)
: base(mode, version)
{
this._claimTypeRequirements = new Collection<ClaimTypeRequirement>();
if ((SecurityMode.Message != mode) && (SecurityMode.TransportWithMessageCredential != mode))
{
throw new InvalidOperationException("ID3226");
}
if ((this._keyType == SecurityKeyType.BearerKey) && (version == TrustVersion.WSTrustFeb2005))
{
throw new InvalidOperationException("ID3267");
}
this._keyType = keyType;
this._algorithmSuite = algorithmSuite;
this._tokenType = tokenType;
this._issuerBinding = issuerBinding;
this._issuerAddress = issuerAddress;
this._issuerMetadataAddress = issuerMetadataAddress;
if (claimTypeRequirements != null)
{
foreach (ClaimTypeRequirement requirement in claimTypeRequirements)
{
this._claimTypeRequirements.Add(requirement);
}
}
}
internal static void Validate(SecurityKeyType value)
{
if (!IsDefined(value))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidEnumArgumentException("value", (int) value, typeof(SecurityKeyType)));
}
}
internal static void Validate(SecurityKeyType value)
{
if (!IsDefined(value))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidEnumArgumentException("value", (int)value, typeof(SecurityKeyType)));
}
}
public IssuedTokenWSTrustBinding(Binding issuerBinding, EndpointAddress issuerAddress, SecurityMode mode, TrustVersion version, SecurityKeyType keyType, SecurityAlgorithmSuite algorithmSuite, string tokenType, IEnumerable <ClaimTypeRequirement> claimTypeRequirements, EndpointAddress issuerMetadataAddress)
: base(mode, version)
{
this._claimTypeRequirements = new Collection <ClaimTypeRequirement>();
if ((SecurityMode.Message != mode) && (SecurityMode.TransportWithMessageCredential != mode))
{
throw new InvalidOperationException("ID3226");
}
if ((this._keyType == SecurityKeyType.BearerKey) && (version == TrustVersion.WSTrustFeb2005))
{
throw new InvalidOperationException("ID3267");
}
this._keyType = keyType;
this._algorithmSuite = algorithmSuite;
this._tokenType = tokenType;
this._issuerBinding = issuerBinding;
this._issuerAddress = issuerAddress;
this._issuerMetadataAddress = issuerMetadataAddress;
if (claimTypeRequirements != null)
{
foreach (ClaimTypeRequirement requirement in claimTypeRequirements)
{
this._claimTypeRequirements.Add(requirement);
}
}
}
private Binding GetCustomBinding(SecurityKeyType securityKeyType)
{
var ws2007FederationHttpBinding =
GetWS2007FederationHttpBinding(securityKeyType);
var customBinding = new CustomBinding(
ws2007FederationHttpBinding.CreateBindingElements());
foreach (var e in customBinding.Elements)
{
if (e is MessageEncodingBindingElement)
{
((TextMessageEncodingBindingElement)e).MessageVersion =
MessageVersion.Soap11;
}
if (e is SecurityBindingElement)
{
((TransportSecurityBindingElement)
e).AllowInsecureTransport = true;
((TransportSecurityBindingElement)
e).EnableUnsecuredResponse = true;
((TransportSecurityBindingElement)
e).IncludeTimestamp = true;
}
if (e is HttpsTransportBindingElement)
{
((HttpsTransportBindingElement)e).AllowCookies = true;
}
}
return(customBinding);
}
internal static bool IsDefined(SecurityKeyType value)
{
Type type = typeof(GenericXmlSecurityToken).Assembly.GetType("System.IdentityModel.Tokens.SecurityKeyTypeHelper");
object[] objArray = new object[] { value };
return((bool)InvokeHelper.InvokeStaticMethod(type, "IsDefined", objArray));
}
void SetIssuedTokenKeyType(SecurityBindingElement sbe)
{
#if DESKTOP
// Set the keyType for building the template for IssuedToken binding.
// The reason is the different supporting token is defined depending on keyType.
if (sbe.EndpointSupportingTokenParameters.Endorsing.Count > 0 &&
sbe.EndpointSupportingTokenParameters.Endorsing[0] is IssuedSecurityTokenParameters)
{
this.templateKeyType = ((IssuedSecurityTokenParameters)sbe.EndpointSupportingTokenParameters.Endorsing[0]).KeyType;
}
else if (sbe.EndpointSupportingTokenParameters.Signed.Count > 0 &&
sbe.EndpointSupportingTokenParameters.Signed[0] is IssuedSecurityTokenParameters)
{
this.templateKeyType = ((IssuedSecurityTokenParameters)sbe.EndpointSupportingTokenParameters.Signed[0]).KeyType;
}
else if (sbe.EndpointSupportingTokenParameters.SignedEncrypted.Count > 0 &&
sbe.EndpointSupportingTokenParameters.SignedEncrypted[0] is IssuedSecurityTokenParameters)
{
this.templateKeyType = ((IssuedSecurityTokenParameters)sbe.EndpointSupportingTokenParameters.SignedEncrypted[0]).KeyType;
}
else
{
this.templateKeyType = IssuedSecurityTokenParameters.defaultKeyType;
}
#endif
}
private void AddAlgorithmParameters(SecurityAlgorithmSuite algorithmSuite, TrustVersion trustVersion, SecurityKeyType keyType, ref IssuedSecurityTokenParameters issuedParameters)
{
issuedParameters.AdditionalRequestParameters.Insert(0, this.CreateEncryptionAlgorithmElement(algorithmSuite.DefaultEncryptionAlgorithm));
issuedParameters.AdditionalRequestParameters.Insert(0, this.CreateCanonicalizationAlgorithmElement(algorithmSuite.DefaultCanonicalizationAlgorithm));
string signatureAlgorithm = null;
string encryptionAlgorithm = null;
switch (keyType)
{
case SecurityKeyType.SymmetricKey:
signatureAlgorithm = algorithmSuite.DefaultSymmetricSignatureAlgorithm;
encryptionAlgorithm = algorithmSuite.DefaultEncryptionAlgorithm;
break;
case SecurityKeyType.AsymmetricKey:
signatureAlgorithm = algorithmSuite.DefaultAsymmetricSignatureAlgorithm;
encryptionAlgorithm = algorithmSuite.DefaultAsymmetricKeyWrapAlgorithm;
break;
case SecurityKeyType.BearerKey:
return;
default:
throw new ArgumentOutOfRangeException("keyType");
}
issuedParameters.AdditionalRequestParameters.Insert(0, this.CreateSignWithElement(signatureAlgorithm));
issuedParameters.AdditionalRequestParameters.Insert(0, this.CreateEncryptWithElement(encryptionAlgorithm));
if (trustVersion != TrustVersion.WSTrustFeb2005)
{
issuedParameters.AdditionalRequestParameters.Insert(0, CreateKeyWrapAlgorithmElement(algorithmSuite.DefaultAsymmetricKeyWrapAlgorithm));
}
}
internal static void Validate(SecurityKeyType value)
{
if (!IsDefined(value))
{
throw Fx.Exception.AsError(new InvalidEnumArgumentException("value", (int)value,
typeof(SecurityKeyType)));
}
}
internal static bool IsDefined(SecurityKeyType value)
{
if ((value != SecurityKeyType.SymmetricKey) && (value != SecurityKeyType.AsymmetricKey))
{
return(value == SecurityKeyType.BearerKey);
}
return(true);
}
internal static bool IsDefined(SecurityKeyType value)
{
if ((value != SecurityKeyType.SymmetricKey) && (value != SecurityKeyType.AsymmetricKey))
{
return (value == SecurityKeyType.BearerKey);
}
return true;
}
internal static void Validate(SecurityKeyType value)
{
if (!IsDefined(value))
{
throw Fx.Exception.AsError(new InvalidEnumArgumentException("value", (int)value,
typeof(SecurityKeyType)));
}
}
public FederatedMessageSecurityOverHttp()
{
negotiateServiceCredential = DefaultNegotiateServiceCredential;
algorithmSuite = SecurityAlgorithmSuite.Default;
issuedKeyType = DefaultIssuedKeyType;
claimTypeRequirements = new Collection<ClaimTypeRequirement>();
tokenRequestParameters = new Collection<XmlElement>();
establishSecurityContext = DefaultEstablishSecurityContext;
}
public FederatedMessageSecurityOverHttp()
{
_negotiateServiceCredential = DefaultNegotiateServiceCredential;
_algorithmSuite = SecurityAlgorithmSuite.Default;
_issuedKeyType = DefaultIssuedKeyType;
_claimTypeRequirements = new Collection <ClaimTypeRequirement>();
_tokenRequestParameters = new Collection <XmlElement>();
_establishSecurityContext = DefaultEstablishSecurityContext;
}
public override XmlElement CreateKeyTypeElement(SecurityKeyType keyType)
{
if (keyType == SecurityKeyType.BearerKey)
{
XmlDocument document = new XmlDocument();
XmlElement element = document.CreateElement(this.DriverDictionary.Prefix.Value, this.DriverDictionary.KeyType.Value, this.DriverDictionary.Namespace.Value);
element.AppendChild(document.CreateTextNode(DXD.TrustDec2005Dictionary.BearerKeyType.Value));
return(element);
}
return(base.CreateKeyTypeElement(keyType));
}
public override XmlElement CreateKeyTypeElement(SecurityKeyType keyType)
{
if (keyType == SecurityKeyType.BearerKey)
{
XmlDocument document = new XmlDocument();
XmlElement element = document.CreateElement(this.DriverDictionary.Prefix.Value, this.DriverDictionary.KeyType.Value, this.DriverDictionary.Namespace.Value);
element.AppendChild(document.CreateTextNode(DXD.TrustDec2005Dictionary.BearerKeyType.Value));
return element;
}
return base.CreateKeyTypeElement(keyType);
}
private Binding GetWS2007FederationHttpBinding(
SecurityKeyType securityKeyType)
{
var binding = new WS2007FederationHttpBinding(
WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.NegotiateServiceCredential = false;
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.IssuedKeyType = securityKeyType;
return(binding);
}
internal IssuedSecurityTokenParameters Create(bool createTemplateOnly, SecurityKeyType templateKeyType)
{
IssuedSecurityTokenParameters parameters = new IssuedSecurityTokenParameters();
if (!createTemplateOnly)
{
this.ApplyConfiguration(parameters);
return(parameters);
}
parameters.KeyType = templateKeyType;
return(parameters);
}
public override bool TryParseKeyTypeElement(XmlElement element, out SecurityKeyType keyType)
{
if (element == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("element");
}
if (((element.LocalName == this.DriverDictionary.KeyType.Value) && (element.NamespaceURI == this.DriverDictionary.Namespace.Value)) && (element.InnerText == DXD.TrustDec2005Dictionary.BearerKeyType.Value))
{
keyType = SecurityKeyType.BearerKey;
return(true);
}
return(base.TryParseKeyTypeElement(element, out keyType));
}
internal IssuedSecurityTokenParameters Create(bool createTemplateOnly, SecurityKeyType templateKeyType)
{
IssuedSecurityTokenParameters result = new IssuedSecurityTokenParameters();
if (!createTemplateOnly)
{
this.ApplyConfiguration(result);
}
else
{
result.KeyType = templateKeyType;
}
return(result);
}
public static void Get_EnumMembers()
{
SecurityKeyType sk = SecurityKeyType.SymmetricKey;
Assert.Equal(SecurityKeyType.SymmetricKey, sk);
SecurityKeyType ak = SecurityKeyType.AsymmetricKey;
Assert.Equal(SecurityKeyType.AsymmetricKey, ak);
SecurityKeyType bk = SecurityKeyType.BearerKey;
Assert.Equal(SecurityKeyType.BearerKey, bk);
}
public override bool TryParseKeyTypeElement(XmlElement element, out SecurityKeyType keyType)
{
if (element == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("element");
if (element.LocalName == this.DriverDictionary.KeyType.Value
&& element.NamespaceURI == this.DriverDictionary.Namespace.Value
&& element.InnerText == DXD.TrustDec2005Dictionary.BearerKeyType.Value)
{
keyType = SecurityKeyType.BearerKey;
return true;
}
return base.TryParseKeyTypeElement(element, out keyType);
}
public override XmlElement CreateKeyTypeElement(SecurityKeyType keyType)
{
if (keyType == SecurityKeyType.SymmetricKey)
{
return(CreateSymmetricKeyTypeElement());
}
else if (keyType == SecurityKeyType.AsymmetricKey)
{
return(CreatePublicKeyTypeElement());
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(string.Format(SRServiceModel.UnableToCreateKeyTypeElementForUnknownKeyType, keyType.ToString())));
}
}
bool TryGetKeyType(out SecurityKeyType keyType)
{
if (this.requestProperties != null)
{
for (int i = 0; i < this.requestProperties.Count; ++i)
{
if (this.StandardsManager.TrustDriver.TryParseKeyTypeElement(this.requestProperties[i], out keyType))
{
return(true);
}
}
}
keyType = SecurityKeyType.SymmetricKey;
return(false);
}
private void SetIssuedTokenKeyType(SecurityBindingElement sbe)
{
if ((sbe.EndpointSupportingTokenParameters.Endorsing.Count > 0) && (sbe.EndpointSupportingTokenParameters.Endorsing[0] is IssuedSecurityTokenParameters))
{
this.templateKeyType = ((IssuedSecurityTokenParameters)sbe.EndpointSupportingTokenParameters.Endorsing[0]).KeyType;
}
else if ((sbe.EndpointSupportingTokenParameters.Signed.Count > 0) && (sbe.EndpointSupportingTokenParameters.Signed[0] is IssuedSecurityTokenParameters))
{
this.templateKeyType = ((IssuedSecurityTokenParameters)sbe.EndpointSupportingTokenParameters.Signed[0]).KeyType;
}
else if ((sbe.EndpointSupportingTokenParameters.SignedEncrypted.Count > 0) && (sbe.EndpointSupportingTokenParameters.SignedEncrypted[0] is IssuedSecurityTokenParameters))
{
this.templateKeyType = ((IssuedSecurityTokenParameters)sbe.EndpointSupportingTokenParameters.SignedEncrypted[0]).KeyType;
}
else
{
this.templateKeyType = SecurityKeyType.SymmetricKey;
}
}
public override bool TryParseKeyTypeElement(XmlElement element, out SecurityKeyType keyType)
{
if (element == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("element");
}
if (TryParseSymmetricKeyElement(element))
{
keyType = SecurityKeyType.SymmetricKey;
return(true);
}
else if (TryParsePublicKeyElement(element))
{
keyType = SecurityKeyType.AsymmetricKey;
return(true);
}
keyType = SecurityKeyType.SymmetricKey;
return(false);
}
private void AddAlgorithmParameters(SecurityAlgorithmSuite algorithmSuite, TrustVersion trustVersion,
SecurityKeyType keyType, ref IssuedSecurityTokenParameters issuedParameters)
{
issuedParameters.AdditionalRequestParameters.Insert(0,
CreateEncryptionAlgorithmElement(algorithmSuite.DefaultEncryptionAlgorithm));
issuedParameters.AdditionalRequestParameters.Insert(0,
CreateCanonicalizationAlgorithmElement(algorithmSuite.DefaultCanonicalizationAlgorithm));
string signatureAlgorithm = null;
string encryptionAlgorithm = null;
switch (keyType)
{
case SecurityKeyType.SymmetricKey:
signatureAlgorithm = algorithmSuite.DefaultSymmetricSignatureAlgorithm;
encryptionAlgorithm = algorithmSuite.DefaultEncryptionAlgorithm;
break;
case SecurityKeyType.AsymmetricKey:
signatureAlgorithm = algorithmSuite.DefaultAsymmetricSignatureAlgorithm;
encryptionAlgorithm = algorithmSuite.DefaultAsymmetricKeyWrapAlgorithm;
break;
case SecurityKeyType.BearerKey:
return;
default:
throw new ArgumentOutOfRangeException("keyType");
}
issuedParameters.AdditionalRequestParameters.Insert(0, CreateSignWithElement(signatureAlgorithm));
issuedParameters.AdditionalRequestParameters.Insert(0, CreateEncryptWithElement(encryptionAlgorithm));
if (trustVersion != TrustVersion.WSTrustFeb2005)
{
issuedParameters.AdditionalRequestParameters.Insert(0,
CreateKeyWrapAlgorithmElement(algorithmSuite.DefaultAsymmetricKeyWrapAlgorithm));
}
}
public override void OnOpen(TimeSpan timeout)
{
if (this.IssuerAddress == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.StsAddressNotSet, this.TargetAddress)));
}
if (this.IssuerBinding == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.StsBindingNotSet, this.IssuerAddress)));
}
if (this.SecurityAlgorithmSuite == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SecurityAlgorithmSuiteNotSet, typeof(IssuedSecurityTokenProvider))));
}
this.channelFactory = this.StandardsManager.TrustDriver.CreateFederationProxy(this.IssuerAddress, this.IssuerBinding, this.IssuerChannelBehaviors);
this.messageVersion = this.IssuerBinding.MessageVersion;
// if an appliesTo is specified in the request properties, then do not add the target service EPR as
// appliesTo
for (int i = 0; i < this.requestProperties.Count; ++i)
{
if (this.StandardsManager.TrustDriver.IsAppliesTo(this.requestProperties[i].LocalName, this.requestProperties[i].NamespaceURI))
{
this.addTargetServiceAppliesTo = false;
break;
}
}
this.isKeyTypePresentInRstProperties = TryGetKeyType(out this.keyType);
if (!this.isKeyTypePresentInRstProperties)
{
this.keyType = SecurityKeyType.SymmetricKey;
}
this.isKeySizePresentInRstProperties = TryGetKeySize(out this.keySize);
if (!this.isKeySizePresentInRstProperties && this.keyType != SecurityKeyType.BearerKey)
{
this.keySize = (this.keyType == SecurityKeyType.SymmetricKey) ? this.SecurityAlgorithmSuite.DefaultSymmetricKeyLength : this.defaultPublicKeySize;
}
base.OnOpen(timeout);
}
/// <summary>Initializes a new instance of the <see cref="T:System.ServiceModel.Security.Tokens.IssuedSecurityTokenParameters" /> class.</summary>
/// <param name="other">The other instance of this class.</param>
/// <exception cref="T:System.ArgumentNullException">
/// <paramref name="other" /> is null.</exception>
protected IssuedSecurityTokenParameters(IssuedSecurityTokenParameters other)
: base((SecurityTokenParameters)other)
{
this.defaultMessageSecurityVersion = other.defaultMessageSecurityVersion;
this.issuerAddress = other.issuerAddress;
this.keyType = other.keyType;
this.tokenType = other.tokenType;
this.keySize = other.keySize;
this.useStrTransform = other.useStrTransform;
foreach (XmlNode requestParameter in other.additionalRequestParameters)
{
this.additionalRequestParameters.Add((XmlElement)requestParameter.Clone());
}
foreach (ClaimTypeRequirement claimTypeRequirement in other.claimTypeRequirements)
{
this.claimTypeRequirements.Add(claimTypeRequirement);
}
if (other.issuerBinding != null)
{
this.issuerBinding = (Binding) new CustomBinding(other.issuerBinding);
}
this.issuerMetadataAddress = other.issuerMetadataAddress;
}
public override void OnOpen(TimeSpan timeout)
{
if (base.IssuerAddress == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("StsAddressNotSet", new object[] { base.TargetAddress })));
}
if (this.IssuerBinding == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("StsBindingNotSet", new object[] { base.IssuerAddress })));
}
if (base.SecurityAlgorithmSuite == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("SecurityAlgorithmSuiteNotSet", new object[] { typeof(IssuedSecurityTokenProvider) })));
}
this.channelFactory = base.StandardsManager.TrustDriver.CreateFederationProxy(base.IssuerAddress, this.IssuerBinding, this.IssuerChannelBehaviors);
this.messageVersion = this.IssuerBinding.MessageVersion;
for (int i = 0; i < this.requestProperties.Count; i++)
{
if (base.StandardsManager.TrustDriver.IsAppliesTo(this.requestProperties[i].LocalName, this.requestProperties[i].NamespaceURI))
{
this.addTargetServiceAppliesTo = false;
break;
}
}
this.isKeyTypePresentInRstProperties = this.TryGetKeyType(out this.keyType);
if (!this.isKeyTypePresentInRstProperties)
{
this.keyType = SecurityKeyType.SymmetricKey;
}
this.isKeySizePresentInRstProperties = this.TryGetKeySize(out this.keySize);
if (!this.isKeySizePresentInRstProperties && (this.keyType != SecurityKeyType.BearerKey))
{
this.keySize = (this.keyType == SecurityKeyType.SymmetricKey) ? base.SecurityAlgorithmSuite.DefaultSymmetricKeyLength : this.defaultPublicKeySize;
}
base.OnOpen(timeout);
}
protected IssuedSecurityTokenParameters(IssuedSecurityTokenParameters other) : base(other)
{
this.additionalRequestParameters = new Collection <XmlElement>();
this.alternativeIssuerEndpoints = new Collection <AlternativeIssuerEndpoint>();
this.claimTypeRequirements = new Collection <ClaimTypeRequirement>();
this.defaultMessageSecurityVersion = other.defaultMessageSecurityVersion;
this.issuerAddress = other.issuerAddress;
this.keyType = other.keyType;
this.tokenType = other.tokenType;
this.keySize = other.keySize;
foreach (XmlElement element in other.additionalRequestParameters)
{
this.additionalRequestParameters.Add((XmlElement)element.Clone());
}
foreach (ClaimTypeRequirement requirement in other.claimTypeRequirements)
{
this.claimTypeRequirements.Add(requirement);
}
if (other.issuerBinding != null)
{
this.issuerBinding = new CustomBinding(other.issuerBinding);
}
this.issuerMetadataAddress = other.issuerMetadataAddress;
}
protected IssuedSecurityTokenParameters(IssuedSecurityTokenParameters other)
: base(other)
{
_defaultMessageSecurityVersion = other._defaultMessageSecurityVersion;
_issuerAddress = other._issuerAddress;
_keyType = other._keyType;
_tokenType = other._tokenType;
_keySize = other._keySize;
_useStrTransform = other._useStrTransform;
foreach (XmlElement parameter in other._additionalRequestParameters)
{
_additionalRequestParameters.Add((XmlElement)parameter.Clone());
}
foreach (ClaimTypeRequirement c in other._claimTypeRequirements)
{
_claimTypeRequirements.Add(c);
}
if (other._issuerBinding != null)
{
_issuerBinding = new CustomBinding(other._issuerBinding);
}
_issuerMetadataAddress = other._issuerMetadataAddress;
}
internal void AddAlgorithmParameters(SecurityAlgorithmSuite algorithmSuite, SecurityStandardsManager standardsManager, SecurityKeyType issuedKeyType)
{
this.additionalRequestParameters.Insert(0, standardsManager.TrustDriver.CreateEncryptionAlgorithmElement(algorithmSuite.DefaultEncryptionAlgorithm));
this.additionalRequestParameters.Insert(0, standardsManager.TrustDriver.CreateCanonicalizationAlgorithmElement(algorithmSuite.DefaultCanonicalizationAlgorithm));
if (this.keyType != SecurityKeyType.BearerKey)
{
string defaultEncryptionAlgorithm;
string signatureAlgorithm = (this.keyType == SecurityKeyType.SymmetricKey) ? algorithmSuite.DefaultSymmetricSignatureAlgorithm : algorithmSuite.DefaultAsymmetricSignatureAlgorithm;
this.additionalRequestParameters.Insert(0, standardsManager.TrustDriver.CreateSignWithElement(signatureAlgorithm));
if (issuedKeyType == SecurityKeyType.SymmetricKey)
{
defaultEncryptionAlgorithm = algorithmSuite.DefaultEncryptionAlgorithm;
}
else
{
defaultEncryptionAlgorithm = algorithmSuite.DefaultAsymmetricKeyWrapAlgorithm;
}
this.additionalRequestParameters.Insert(0, standardsManager.TrustDriver.CreateEncryptWithElement(defaultEncryptionAlgorithm));
if (standardsManager.TrustVersion != TrustVersion.WSTrustFeb2005)
{
this.additionalRequestParameters.Insert(0, ((WSTrustDec2005.DriverDec2005) standardsManager.TrustDriver).CreateKeyWrapAlgorithmElement(algorithmSuite.DefaultAsymmetricKeyWrapAlgorithm));
}
}
}
protected IssuedSecurityTokenParameters(IssuedSecurityTokenParameters other)
: base(other)
{
this.defaultMessageSecurityVersion = other.defaultMessageSecurityVersion;
this.issuerAddress = other.issuerAddress;
this.keyType = other.keyType;
this.tokenType = other.tokenType;
this.keySize = other.keySize;
this.useStrTransform = other.useStrTransform;
foreach (XmlElement parameter in other.additionalRequestParameters)
{
this.additionalRequestParameters.Add((XmlElement)parameter.Clone());
}
foreach (ClaimTypeRequirement c in other.claimTypeRequirements)
{
this.claimTypeRequirements.Add(c);
}
if (other.issuerBinding != null)
{
this.issuerBinding = new CustomBinding(other.issuerBinding);
}
this.issuerMetadataAddress = other.issuerMetadataAddress;
}
protected IssuedSecurityTokenParameters(IssuedSecurityTokenParameters other) : base(other)
{
this.additionalRequestParameters = new Collection<XmlElement>();
this.alternativeIssuerEndpoints = new Collection<AlternativeIssuerEndpoint>();
this.claimTypeRequirements = new Collection<ClaimTypeRequirement>();
this.defaultMessageSecurityVersion = other.defaultMessageSecurityVersion;
this.issuerAddress = other.issuerAddress;
this.keyType = other.keyType;
this.tokenType = other.tokenType;
this.keySize = other.keySize;
foreach (XmlElement element in other.additionalRequestParameters)
{
this.additionalRequestParameters.Add((XmlElement) element.Clone());
}
foreach (ClaimTypeRequirement requirement in other.claimTypeRequirements)
{
this.claimTypeRequirements.Add(requirement);
}
if (other.issuerBinding != null)
{
this.issuerBinding = new CustomBinding(other.issuerBinding);
}
this.issuerMetadataAddress = other.issuerMetadataAddress;
}
public abstract bool TryParseKeyTypeElement(XmlElement element, out SecurityKeyType keyType);
public abstract XmlElement CreateKeyTypeElement(SecurityKeyType keyType);
internal void AddAlgorithmParameters(SecurityAlgorithmSuite algorithmSuite, SecurityStandardsManager standardsManager, SecurityKeyType issuedKeyType)
{
this._additionalRequestParameters.Insert(0, standardsManager.TrustDriver.CreateEncryptionAlgorithmElement(algorithmSuite.DefaultEncryptionAlgorithm));
this._additionalRequestParameters.Insert(0, standardsManager.TrustDriver.CreateCanonicalizationAlgorithmElement(algorithmSuite.DefaultCanonicalizationAlgorithm));
if (this._keyType == SecurityKeyType.BearerKey)
{
// As the client does not have a proof token in the Bearer case
// we don't have any specific algorithms to request for.
return;
}
string signWithAlgorithm = (this._keyType == SecurityKeyType.SymmetricKey) ? algorithmSuite.DefaultSymmetricSignatureAlgorithm : algorithmSuite.DefaultAsymmetricSignatureAlgorithm;
this._additionalRequestParameters.Insert(0, standardsManager.TrustDriver.CreateSignWithElement(signWithAlgorithm));
string encryptWithAlgorithm;
if (issuedKeyType == SecurityKeyType.SymmetricKey)
{
encryptWithAlgorithm = algorithmSuite.DefaultEncryptionAlgorithm;
}
else
{
encryptWithAlgorithm = algorithmSuite.DefaultAsymmetricKeyWrapAlgorithm;
}
this._additionalRequestParameters.Insert(0, standardsManager.TrustDriver.CreateEncryptWithElement(encryptWithAlgorithm));
if (standardsManager.TrustVersion != TrustVersion.WSTrustFeb2005)
{
this._additionalRequestParameters.Insert(0, ((WSTrustDec2005.DriverDec2005)standardsManager.TrustDriver).CreateKeyWrapAlgorithmElement(algorithmSuite.DefaultAsymmetricKeyWrapAlgorithm));
}
return;
}
internal IssuedSecurityTokenParameters Create(bool createTemplateOnly, SecurityKeyType templateKeyType)
{
IssuedSecurityTokenParameters parameters = new IssuedSecurityTokenParameters();
if (!createTemplateOnly)
{
this.ApplyConfiguration(parameters);
return parameters;
}
parameters.KeyType = templateKeyType;
return parameters;
}
public IssuedTokenWSTrustBinding(Binding issuerBinding, EndpointAddress issuerAddress, SecurityKeyType keyType, SecurityAlgorithmSuite algorithmSuite, string tokenType, IEnumerable <ClaimTypeRequirement> claimTypeRequirements)
: this(issuerBinding, issuerAddress, SecurityMode.Message, TrustVersion.WSTrust13, keyType, algorithmSuite, tokenType, claimTypeRequirements, null)
{
}
/// <summary>
/// 기본 생성자
/// </summary>
public TripleDES()
{
keyType = SecurityKeyType.Login;
}
internal static bool IsDefined(SecurityKeyType value)
{
return (value == SecurityKeyType.SymmetricKey
|| value == SecurityKeyType.AsymmetricKey
|| value == SecurityKeyType.BearerKey);
}
internal IssuedSecurityTokenParameters Create(bool createTemplateOnly, SecurityKeyType templateKeyType)
{
IssuedSecurityTokenParameters result = new IssuedSecurityTokenParameters();
if (!createTemplateOnly)
{
this.ApplyConfiguration(result);
}
else
{
result.KeyType = templateKeyType;
}
return result;
}
private void SetIssuedTokenKeyType(SecurityBindingElement sbe)
{
if ((sbe.EndpointSupportingTokenParameters.Endorsing.Count > 0) && (sbe.EndpointSupportingTokenParameters.Endorsing[0] is IssuedSecurityTokenParameters))
{
this.templateKeyType = ((IssuedSecurityTokenParameters) sbe.EndpointSupportingTokenParameters.Endorsing[0]).KeyType;
}
else if ((sbe.EndpointSupportingTokenParameters.Signed.Count > 0) && (sbe.EndpointSupportingTokenParameters.Signed[0] is IssuedSecurityTokenParameters))
{
this.templateKeyType = ((IssuedSecurityTokenParameters) sbe.EndpointSupportingTokenParameters.Signed[0]).KeyType;
}
else if ((sbe.EndpointSupportingTokenParameters.SignedEncrypted.Count > 0) && (sbe.EndpointSupportingTokenParameters.SignedEncrypted[0] is IssuedSecurityTokenParameters))
{
this.templateKeyType = ((IssuedSecurityTokenParameters) sbe.EndpointSupportingTokenParameters.SignedEncrypted[0]).KeyType;
}
else
{
this.templateKeyType = SecurityKeyType.SymmetricKey;
}
}
public void AddAlgorithmParameters(SecurityAlgorithmSuite algorithmSuite, SecurityStandardsManager standardsManager, SecurityKeyType issuedKeyType)
{
this.additionalRequestParameters.Insert(0, standardsManager.TrustDriver.CreateEncryptionAlgorithmElement(algorithmSuite.DefaultEncryptionAlgorithm));
this.additionalRequestParameters.Insert(0, standardsManager.TrustDriver.CreateCanonicalizationAlgorithmElement(algorithmSuite.DefaultCanonicalizationAlgorithm));
if (this.keyType == SecurityKeyType.BearerKey)
{
return;
}
string signatureAlgorithm = this.keyType == SecurityKeyType.SymmetricKey ? algorithmSuite.DefaultSymmetricSignatureAlgorithm : algorithmSuite.DefaultAsymmetricSignatureAlgorithm;
this.additionalRequestParameters.Insert(0, standardsManager.TrustDriver.CreateSignWithElement(signatureAlgorithm));
string encryptionAlgorithm = issuedKeyType != SecurityKeyType.SymmetricKey ? algorithmSuite.DefaultAsymmetricKeyWrapAlgorithm : algorithmSuite.DefaultEncryptionAlgorithm;
this.additionalRequestParameters.Insert(0, standardsManager.TrustDriver.CreateEncryptWithElement(encryptionAlgorithm));
if (standardsManager.TrustVersion == TrustVersion.WSTrustFeb2005)
{
return;
}
this.additionalRequestParameters.Insert(0, ((WSTrustDec2005.DriverDec2005)standardsManager.TrustDriver).CreateKeyWrapAlgorithmElement(algorithmSuite.DefaultAsymmetricKeyWrapAlgorithm));
}
void SetIssuedTokenKeyType(SecurityBindingElement sbe)
{
// Set the keyType for building the template for IssuedToken binding.
// The reason is the different supporting token is defined depending on keyType.
if (sbe.EndpointSupportingTokenParameters.Endorsing.Count > 0 &&
sbe.EndpointSupportingTokenParameters.Endorsing[0] is IssuedSecurityTokenParameters)
{
this.templateKeyType = ((IssuedSecurityTokenParameters)sbe.EndpointSupportingTokenParameters.Endorsing[0]).KeyType;
}
else if (sbe.EndpointSupportingTokenParameters.Signed.Count > 0 &&
sbe.EndpointSupportingTokenParameters.Signed[0] is IssuedSecurityTokenParameters)
{
this.templateKeyType = ((IssuedSecurityTokenParameters)sbe.EndpointSupportingTokenParameters.Signed[0]).KeyType;
}
else if (sbe.EndpointSupportingTokenParameters.SignedEncrypted.Count > 0 &&
sbe.EndpointSupportingTokenParameters.SignedEncrypted[0] is IssuedSecurityTokenParameters)
{
this.templateKeyType = ((IssuedSecurityTokenParameters)sbe.EndpointSupportingTokenParameters.SignedEncrypted[0]).KeyType;
}
else
{
this.templateKeyType = IssuedSecurityTokenParameters.defaultKeyType;
}
}
public virtual bool TryParseKeyTypeElement(XmlElement element, out SecurityKeyType keyType)
{
throw new NotImplementedException("TrustDriver.TryParseKeyTypeElement not implemented in .NET Core");
}
public TripleDES(SecurityKeyType keyType)
{
this.keyType = keyType;
useVersionChar = IsUseVersionChar(keyType);
}
internal void AddAlgorithmParameters(SecurityAlgorithmSuite algorithmSuite, SecurityStandardsManager standardsManager, SecurityKeyType issuedKeyType)
{
this.additionalRequestParameters.Insert(0, standardsManager.TrustDriver.CreateEncryptionAlgorithmElement(algorithmSuite.DefaultEncryptionAlgorithm));
this.additionalRequestParameters.Insert(0, standardsManager.TrustDriver.CreateCanonicalizationAlgorithmElement(algorithmSuite.DefaultCanonicalizationAlgorithm));
if (this.keyType == SecurityKeyType.BearerKey)
{
// As the client does not have a proof token in the Bearer case
// we don't have any specific algorithms to request for.
return;
}
string signWithAlgorithm = (this.keyType == SecurityKeyType.SymmetricKey) ? algorithmSuite.DefaultSymmetricSignatureAlgorithm : algorithmSuite.DefaultAsymmetricSignatureAlgorithm;
this.additionalRequestParameters.Insert(0, standardsManager.TrustDriver.CreateSignWithElement(signWithAlgorithm));
string encryptWithAlgorithm;
if (issuedKeyType == SecurityKeyType.SymmetricKey)
{
encryptWithAlgorithm = algorithmSuite.DefaultEncryptionAlgorithm;
}
else
{
encryptWithAlgorithm = algorithmSuite.DefaultAsymmetricKeyWrapAlgorithm;
}
this.additionalRequestParameters.Insert(0, standardsManager.TrustDriver.CreateEncryptWithElement(encryptWithAlgorithm));
if (standardsManager.TrustVersion != TrustVersion.WSTrustFeb2005)
{
this.additionalRequestParameters.Insert(0, ((WSTrustDec2005.DriverDec2005)standardsManager.TrustDriver).CreateKeyWrapAlgorithmElement(algorithmSuite.DefaultAsymmetricKeyWrapAlgorithm));
}
return;
}
public bool IsUseVersionChar(SecurityKeyType keyType)
{
return keyType == SecurityKeyType.Login
|| keyType == SecurityKeyType.APITicket;
}
public IssuedTokenWSTrustBinding(Binding issuerBinding, EndpointAddress issuerAddress, SecurityKeyType keyType, SecurityAlgorithmSuite algorithmSuite, string tokenType, IEnumerable<ClaimTypeRequirement> claimTypeRequirements)
: this(issuerBinding, issuerAddress, SecurityMode.Message, TrustVersion.WSTrust13, keyType, algorithmSuite, tokenType, claimTypeRequirements, null)
{ }
