SecurityTokenProvider CreateTlsnegoTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement, bool requireClientCertificate)
{
EndpointAddress targetAddress = initiatorRequirement.TargetAddress;
if (targetAddress == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenRequirementDoesNotSpecifyTargetAddress, initiatorRequirement));
}
SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement;
if (securityBindingElement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenProviderRequiresSecurityBindingElement, initiatorRequirement));
}
SspiIssuanceChannelParameter sspiChannelParameter = GetSspiIssuanceChannelParameter(initiatorRequirement);
bool negotiateTokenOnOpen = sspiChannelParameter != null && sspiChannelParameter.GetTokenOnOpen;
LocalClientSecuritySettings localClientSettings = securityBindingElement.LocalClientSettings;
BindingContext issuerBindingContext = initiatorRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty);
TlsnegoTokenProvider tlsnegoTokenProvider = new TlsnegoTokenProvider();
tlsnegoTokenProvider.IssuerAddress = initiatorRequirement.IssuerAddress;
tlsnegoTokenProvider.NegotiateTokenOnOpen = negotiateTokenOnOpen;
tlsnegoTokenProvider.CacheServiceTokens = negotiateTokenOnOpen || localClientSettings.CacheCookies;
if (requireClientCertificate)
{
tlsnegoTokenProvider.ClientTokenProvider = this.CreateTlsnegoClientX509TokenProvider(initiatorRequirement);
}
tlsnegoTokenProvider.IssuerBindingContext = issuerBindingContext;
tlsnegoTokenProvider.ApplicationProtectionRequirements = (issuerBindingContext != null) ? issuerBindingContext.BindingParameters.Find <ChannelProtectionRequirements>() : null;
tlsnegoTokenProvider.MaxServiceTokenCachingTime = localClientSettings.MaxCookieCachingTime;
tlsnegoTokenProvider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite;
tlsnegoTokenProvider.ServerTokenAuthenticator = this.CreateTlsnegoServerX509TokenAuthenticator(initiatorRequirement);
tlsnegoTokenProvider.ServiceTokenValidityThresholdPercentage = localClientSettings.CookieRenewalThresholdPercentage;
tlsnegoTokenProvider.StandardsManager = SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this);
tlsnegoTokenProvider.TargetAddress = initiatorRequirement.TargetAddress;
tlsnegoTokenProvider.Via = initiatorRequirement.GetPropertyOrDefault <Uri>(InitiatorServiceModelSecurityTokenRequirement.ViaProperty, null);
return(tlsnegoTokenProvider);
}
private SecurityTokenProvider CreateTlsnegoTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement, bool requireClientCertificate)
{
if (initiatorRequirement.TargetAddress == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenRequirementDoesNotSpecifyTargetAddress", new object[] { initiatorRequirement }));
}
SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement;
if (securityBindingElement == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenProviderRequiresSecurityBindingElement", new object[] { initiatorRequirement }));
}
SspiIssuanceChannelParameter sspiIssuanceChannelParameter = this.GetSspiIssuanceChannelParameter(initiatorRequirement);
bool flag = (sspiIssuanceChannelParameter != null) && sspiIssuanceChannelParameter.GetTokenOnOpen;
LocalClientSecuritySettings localClientSettings = securityBindingElement.LocalClientSettings;
BindingContext property = initiatorRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty);
TlsnegoTokenProvider provider = new TlsnegoTokenProvider {
IssuerAddress = initiatorRequirement.IssuerAddress,
NegotiateTokenOnOpen = flag,
CacheServiceTokens = flag || localClientSettings.CacheCookies
};
if (requireClientCertificate)
{
provider.ClientTokenProvider = this.CreateTlsnegoClientX509TokenProvider(initiatorRequirement);
}
provider.IssuerBindingContext = property;
provider.ApplicationProtectionRequirements = (property != null) ? property.BindingParameters.Find <ChannelProtectionRequirements>() : null;
provider.MaxServiceTokenCachingTime = localClientSettings.MaxCookieCachingTime;
provider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite;
provider.ServerTokenAuthenticator = this.CreateTlsnegoServerX509TokenAuthenticator(initiatorRequirement);
provider.ServiceTokenValidityThresholdPercentage = localClientSettings.CookieRenewalThresholdPercentage;
provider.StandardsManager = System.ServiceModel.Security.SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this);
provider.TargetAddress = initiatorRequirement.TargetAddress;
provider.Via = initiatorRequirement.GetPropertyOrDefault <Uri>(ServiceModelSecurityTokenRequirement.ViaProperty, null);
return(provider);
}
