/// <summary>
/// Begins an asynchronous write operation.
/// </summary>
public IAsyncResult BeginWriteMessage(ArraySegment <byte> buffer, int timeout, AsyncCallback callback, object state)
{
BufferCollection chunksToSend = new BufferCollection();
chunksToSend.Add(buffer);
return(BeginWriteMessage(chunksToSend, timeout, callback, state));
}
/// <summary>
/// Returns ownership of the buffers stored in the stream.
/// </summary>
/// <param name="owner">The owner.</param>
/// <returns></returns>
public BufferCollection GetBuffers(string owner)
{
BufferCollection buffers = new BufferCollection(m_buffers.Count);
for (int ii = 0; ii < m_buffers.Count; ii++)
{
m_bufferManager.TransferBuffer(m_buffers[ii].Array, owner);
buffers.Add(new ArraySegment <byte>(m_buffers[ii].Array, m_buffers[ii].Offset, GetBufferCount(ii)));
}
m_buffers.Clear();
return(buffers);
}
/// <summary>
/// Secures the message using the security token.
/// </summary>
protected BufferCollection WriteSymmetricMessage(
uint messageType,
uint requestId,
ChannelToken token,
object messageBody,
bool isRequest,
out bool limitsExceeded)
{
limitsExceeded = false;
bool success = false;
BufferCollection chunksToProcess = null;
try
{
// calculate chunk sizes.
int maxCipherTextSize = SendBufferSize - TcpMessageLimits.SymmetricHeaderSize;
int maxCipherBlocks = maxCipherTextSize / EncryptionBlockSize;
int maxPlainTextSize = maxCipherBlocks * EncryptionBlockSize;
int maxPayloadSize = maxPlainTextSize - SymmetricSignatureSize - 1 - TcpMessageLimits.SequenceHeaderSize;
int headerSize = TcpMessageLimits.SymmetricHeaderSize + TcpMessageLimits.SequenceHeaderSize;
// write the body to stream.
ArraySegmentStream ostrm = new ArraySegmentStream(
BufferManager,
SendBufferSize,
headerSize,
maxPayloadSize);
// check for encodeable body.
IEncodeable encodeable = messageBody as IEncodeable;
if (encodeable != null)
{
// debug code used to verify that message aborts are handled correctly.
// int maxMessageSize = Quotas.MessageContext.MaxMessageSize;
// Quotas.MessageContext.MaxMessageSize = Int32.MaxValue;
BinaryEncoder.EncodeMessage(encodeable, ostrm, Quotas.MessageContext);
// Quotas.MessageContext.MaxMessageSize = maxMessageSize;
}
// check for raw bytes.
ArraySegment <byte>?rawBytes = messageBody as ArraySegment <byte>?;
if (rawBytes != null)
{
BinaryEncoder encoder = new BinaryEncoder(ostrm, Quotas.MessageContext);
encoder.WriteRawBytes(rawBytes.Value.Array, rawBytes.Value.Offset, rawBytes.Value.Count);
encoder.Close();
}
chunksToProcess = ostrm.GetBuffers("WriteSymmetricMessage");
// ensure there is at least one chunk.
if (chunksToProcess.Count == 0)
{
byte[] buffer = BufferManager.TakeBuffer(SendBufferSize, "WriteSymmetricMessage");
chunksToProcess.Add(new ArraySegment <byte>(buffer, 0, 0));
}
BufferCollection chunksToSend = new BufferCollection(chunksToProcess.Capacity);
int messageSize = 0;
for (int ii = 0; ii < chunksToProcess.Count; ii++)
{
ArraySegment <byte> chunkToProcess = chunksToProcess[ii];
// nothing more to do if limits exceeded.
if (limitsExceeded)
{
BufferManager.ReturnBuffer(chunkToProcess.Array, "WriteSymmetricMessage");
continue;
}
MemoryStream strm = new MemoryStream(chunkToProcess.Array, 0, SendBufferSize);
BinaryEncoder encoder = new BinaryEncoder(strm, Quotas.MessageContext);
// check if the message needs to be aborted.
if (MessageLimitsExceeded(isRequest, messageSize + chunkToProcess.Count - headerSize, ii + 1))
{
encoder.WriteUInt32(null, messageType | TcpMessageType.Abort);
// replace the body in the chunk with an error message.
BinaryEncoder errorEncoder = new BinaryEncoder(
chunkToProcess.Array,
chunkToProcess.Offset,
chunkToProcess.Count,
Quotas.MessageContext);
WriteErrorMessageBody(errorEncoder, (isRequest) ? StatusCodes.BadRequestTooLarge : StatusCodes.BadResponseTooLarge);
int size = errorEncoder.Close();
chunkToProcess = new ArraySegment <byte>(chunkToProcess.Array, chunkToProcess.Offset, size);
limitsExceeded = true;
}
// check if the message is complete.
else if (ii == chunksToProcess.Count - 1)
{
encoder.WriteUInt32(null, messageType | TcpMessageType.Final);
}
// more chunks to follow.
else
{
encoder.WriteUInt32(null, messageType | TcpMessageType.Intermediate);
}
int count = 0;
count += TcpMessageLimits.SequenceHeaderSize;
count += chunkToProcess.Count;
count += SymmetricSignatureSize;
// calculate the padding.
int padding = 0;
if (SecurityMode == MessageSecurityMode.SignAndEncrypt)
{
// reserve one byte for the padding size.
count++;
if (count % EncryptionBlockSize != 0)
{
padding = EncryptionBlockSize - (count % EncryptionBlockSize);
}
count += padding;
}
count += TcpMessageLimits.SymmetricHeaderSize;
encoder.WriteUInt32(null, (uint)count);
encoder.WriteUInt32(null, ChannelId);
encoder.WriteUInt32(null, token.TokenId);
uint sequenceNumber = GetNewSequenceNumber();
encoder.WriteUInt32(null, sequenceNumber);
encoder.WriteUInt32(null, requestId);
// skip body.
strm.Seek(chunkToProcess.Count, SeekOrigin.Current);
// update message size count.
messageSize += chunkToProcess.Count;
// write padding.
if (SecurityMode == MessageSecurityMode.SignAndEncrypt)
{
for (int jj = 0; jj <= padding; jj++)
{
encoder.WriteByte(null, (byte)padding);
}
}
if (SecurityMode != MessageSecurityMode.None)
{
// calculate and write signature.
byte[] signature = Sign(token, new ArraySegment <byte>(chunkToProcess.Array, 0, encoder.Position), isRequest);
if (signature != null)
{
encoder.WriteRawBytes(signature, 0, signature.Length);
}
}
if (SecurityMode == MessageSecurityMode.SignAndEncrypt)
{
// encrypt the data.
ArraySegment <byte> dataToEncrypt = new ArraySegment <byte>(chunkToProcess.Array, TcpMessageLimits.SymmetricHeaderSize, encoder.Position - TcpMessageLimits.SymmetricHeaderSize);
Encrypt(token, dataToEncrypt, isRequest);
}
// add the header into chunk.
chunksToSend.Add(new ArraySegment <byte>(chunkToProcess.Array, 0, encoder.Position));
}
// ensure the buffers don't get cleaned up on exit.
success = true;
return(chunksToSend);
}
finally
{
if (!success)
{
if (chunksToProcess != null)
{
chunksToProcess.Release(BufferManager, "WriteSymmetricMessage");
}
}
}
}
/// <summary>
/// Sends a OpenSecureChannel request.
/// </summary>
protected BufferCollection WriteAsymmetricMessage(
uint messageType,
uint requestId,
X509Certificate2 senderCertificate,
X509Certificate2Collection senderCertificateChain,
X509Certificate2 receiverCertificate,
ArraySegment <byte> messageBody)
{
bool success = false;
BufferCollection chunksToSend = new BufferCollection();
byte[] buffer = BufferManager.TakeBuffer(SendBufferSize, "WriteAsymmetricMessage");
try
{
BinaryEncoder encoder = new BinaryEncoder(buffer, 0, SendBufferSize, Quotas.MessageContext);
int headerSize = 0;
if (senderCertificateChain != null && senderCertificateChain.Count > 0)
{
int senderCertificateSize = 0;
WriteAsymmetricMessageHeader(
encoder,
messageType | TcpMessageType.Intermediate,
ChannelId,
SecurityPolicyUri,
senderCertificate,
senderCertificateChain,
receiverCertificate,
out senderCertificateSize);
headerSize = GetAsymmetricHeaderSize(SecurityPolicyUri, senderCertificate, senderCertificateSize);
}
else
{
WriteAsymmetricMessageHeader(
encoder,
messageType | TcpMessageType.Intermediate,
ChannelId,
SecurityPolicyUri,
senderCertificate,
receiverCertificate);
headerSize = GetAsymmetricHeaderSize(SecurityPolicyUri, senderCertificate);
}
int signatureSize = GetAsymmetricSignatureSize(senderCertificate);
// save the header.
ArraySegment <byte> header = new ArraySegment <byte>(buffer, 0, headerSize);
// calculate the space available.
int plainTextBlockSize = GetPlainTextBlockSize(receiverCertificate);
int cipherTextBlockSize = GetCipherTextBlockSize(receiverCertificate);
int maxCipherTextSize = SendBufferSize - headerSize;
int maxCipherBlocks = maxCipherTextSize / cipherTextBlockSize;
int maxPlainTextSize = maxCipherBlocks * plainTextBlockSize;
int maxPayloadSize = maxPlainTextSize - signatureSize - 1 - TcpMessageLimits.SequenceHeaderSize;
int bytesToWrite = messageBody.Count;
int startOfBytes = messageBody.Offset;
while (bytesToWrite > 0)
{
encoder.WriteUInt32(null, GetNewSequenceNumber());
encoder.WriteUInt32(null, requestId);
int payloadSize = bytesToWrite;
if (payloadSize > maxPayloadSize)
{
payloadSize = maxPayloadSize;
}
else
{
UpdateMessageType(buffer, 0, messageType | TcpMessageType.Final);
}
// write the message body.
encoder.WriteRawBytes(messageBody.Array, messageBody.Offset + startOfBytes, payloadSize);
// calculate the amount of plain text to encrypt.
int plainTextSize = encoder.Position - headerSize + signatureSize;
// calculate the padding.
int padding = 0;
if (SecurityMode != MessageSecurityMode.None)
{
if (CertificateFactory.GetRSAPublicKeySize(receiverCertificate) <= TcpMessageLimits.KeySizeExtraPadding)
{
// need to reserve one byte for the padding.
plainTextSize++;
if (plainTextSize % plainTextBlockSize != 0)
{
padding = plainTextBlockSize - (plainTextSize % plainTextBlockSize);
}
encoder.WriteByte(null, (byte)padding);
for (int ii = 0; ii < padding; ii++)
{
encoder.WriteByte(null, (byte)padding);
}
}
else
{
// need to reserve one byte for the padding.
plainTextSize++;
// need to reserve one byte for the extrapadding.
plainTextSize++;
if (plainTextSize % plainTextBlockSize != 0)
{
padding = plainTextBlockSize - (plainTextSize % plainTextBlockSize);
}
byte paddingSize = (byte)(padding & 0xff);
byte extraPaddingByte = (byte)((padding >> 8) & 0xff);
encoder.WriteByte(null, paddingSize);
for (int ii = 0; ii < padding; ii++)
{
encoder.WriteByte(null, (byte)paddingSize);
}
encoder.WriteByte(null, extraPaddingByte);
}
// update the plaintext size with the padding size.
plainTextSize += padding;
}
// calculate the number of block to encrypt.
int encryptedBlocks = plainTextSize / plainTextBlockSize;
// calculate the size of the encrypted data.
int cipherTextSize = encryptedBlocks * cipherTextBlockSize;
// put the message size after encryption into the header.
UpdateMessageSize(buffer, 0, cipherTextSize + headerSize);
// write the signature.
byte[] signature = Sign(new ArraySegment <byte>(buffer, 0, encoder.Position), senderCertificate);
if (signature != null)
{
encoder.WriteRawBytes(signature, 0, signature.Length);
}
int messageSize = encoder.Close();
// encrypt the data.
ArraySegment <byte> encryptedBuffer = Encrypt(
new ArraySegment <byte>(buffer, headerSize, messageSize - headerSize),
header,
receiverCertificate);
// check for math errors due to code bugs.
if (encryptedBuffer.Count != cipherTextSize + headerSize)
{
throw new InvalidDataException("Actual message size is not the same as the predicted message size.");
}
// save chunk.
chunksToSend.Add(encryptedBuffer);
bytesToWrite -= payloadSize;
startOfBytes += payloadSize;
// reset the encoder to write the plaintext for the next chunk into the same buffer.
if (bytesToWrite > 0)
{
MemoryStream ostrm = new MemoryStream(buffer, 0, SendBufferSize);
ostrm.Seek(header.Count, SeekOrigin.Current);
encoder = new BinaryEncoder(ostrm, Quotas.MessageContext);
}
}
// ensure the buffers don't get clean up on exit.
success = true;
return(chunksToSend);
}
catch (Exception ex)
{
throw new Exception("Could not write async message", ex);
}
finally
{
BufferManager.ReturnBuffer(buffer, "WriteAsymmetricMessage");
if (!success)
{
chunksToSend.Release(BufferManager, "WriteAsymmetricMessage");
}
}
}
