Beispiel #1
0
        public static TransportSecurityBindingElement CreateIssuedTokenOverTransportBindingElement(IssuedSecurityTokenParameters issuedTokenParameters)
        {
            if (issuedTokenParameters == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("issuedTokenParameters");
            }

            issuedTokenParameters.RequireDerivedKeys = false;
            TransportSecurityBindingElement result = new TransportSecurityBindingElement();

            if (issuedTokenParameters.KeyType == SecurityKeyType.BearerKey)
            {
                result.EndpointSupportingTokenParameters.Signed.Add(issuedTokenParameters);
                result.MessageSecurityVersion = MessageSecurityVersion.WSSXDefault;
            }
            else
            {
                result.EndpointSupportingTokenParameters.Endorsing.Add(issuedTokenParameters);
                result.MessageSecurityVersion = MessageSecurityVersion.Default;
            }
            result.LocalClientSettings.DetectReplays = false;
            result.IncludeTimestamp = true;

            return(result);
        }
Beispiel #2
0
        static public SecurityBindingElement CreateSecureConversationBindingElement(SecurityBindingElement bootstrapSecurity, bool requireCancellation, ChannelProtectionRequirements bootstrapProtectionRequirements)
        {
            if (bootstrapSecurity == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(bootstrapSecurity));
            }

            SecurityBindingElement result;

            if (bootstrapSecurity is TransportSecurityBindingElement)
            {
                // there is no need to do replay detection or key derivation for transport bindings
                var primary      = new TransportSecurityBindingElement();
                var scParameters = new SecureConversationSecurityTokenParameters(
                    bootstrapSecurity,
                    requireCancellation,
                    bootstrapProtectionRequirements);
                scParameters.RequireDerivedKeys = false;
                primary.EndpointSupportingTokenParameters.Endorsing.Add(
                    scParameters);
                primary.LocalClientSettings.DetectReplays = false;
                primary.IncludeTimestamp = true;
                result = primary;
            }
            else // Symmetric- or AsymmetricSecurityBindingElement
            {
                throw ExceptionHelper.PlatformNotSupported();
            }

            return(result);
        }
Beispiel #3
0
        static public TransportSecurityBindingElement CreateCertificateOverTransportBindingElement(MessageSecurityVersion version)
        {
            if (version == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(version));
            }
            X509KeyIdentifierClauseType x509ReferenceType;

            if (version.SecurityVersion == SecurityVersion.WSSecurity10)
            {
                x509ReferenceType = X509KeyIdentifierClauseType.Any;
            }
            else
            {
                x509ReferenceType = X509KeyIdentifierClauseType.Thumbprint;
            }

            TransportSecurityBindingElement result         = new TransportSecurityBindingElement();
            X509SecurityTokenParameters     x509Parameters = new X509SecurityTokenParameters(
                x509ReferenceType,
                SecurityTokenInclusionMode.AlwaysToRecipient,
                false);

            result.EndpointSupportingTokenParameters.Endorsing.Add(
                x509Parameters
                );
            result.IncludeTimestamp = true;
            result.LocalClientSettings.DetectReplays = false;
            //result.LocalServiceSettings.DetectReplays = false;
            result.MessageSecurityVersion = version;

            return(result);
        }
Beispiel #4
0
        private bool TryImportTransportSecurityBindingElement(MetadataImporter importer, PolicyConversionContext policyContext, out SecurityBindingElement sbe)
        {
            TransportSecurityBindingElement binding = null;
            WSSecurityPolicy policy;

            sbe = null;
            if (WSSecurityPolicy.TryGetSecurityPolicyDriver(policyContext.GetBindingAssertions(), out policy))
            {
                XmlElement element2;
                if (policy.TryImportWsspTransportBindingAssertion(importer, policyContext.GetBindingAssertions(), out binding, out element2))
                {
                    this.ImportEndpointScopeMessageBindingAssertions(importer, policyContext, binding);
                    this.ImportOperationScopeSupportingTokensPolicy(importer, policyContext, binding);
                    if (importer.State.ContainsKey("InSecureConversationBootstrapBindingImportMode"))
                    {
                        this.ImportMessageScopeProtectionPolicy(importer, policyContext);
                    }
                    if (HasSupportingTokens(binding) || binding.IncludeTimestamp)
                    {
                        sbe = binding;
                        policyContext.BindingElements.Add(binding);
                    }
                }
                else if (element2 != null)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("UnsupportedSecurityPolicyAssertion", new object[] { element2.OuterXml })));
                }
            }
            return(binding != null);
        }
Beispiel #5
0
        CreateUserNameOverTransportBindingElement()
        {
            var be = new TransportSecurityBindingElement();

#if !MOBILE && !XAMMAC_4_5 // FIXME: there should be whatever else to do for 2.1 instead.
            be.EndpointSupportingTokenParameters.SignedEncrypted.Add(new UserNameSecurityTokenParameters());
#endif
            return(be);
        }
Beispiel #6
0
        CreateCertificateOverTransportBindingElement(MessageSecurityVersion version)
        {
            var be = new TransportSecurityBindingElement()
            {
                MessageSecurityVersion = version
            };

            be.EndpointSupportingTokenParameters.SignedEncrypted.Add(new X509SecurityTokenParameters());
            return(be);
        }
Beispiel #7
0
        static public TransportSecurityBindingElement CreateUserNameOverTransportBindingElement()
        {
            var result = new TransportSecurityBindingElement();

            result.EndpointSupportingTokenParameters.SignedEncrypted.Add(
                new UserNameSecurityTokenParameters());
            result.IncludeTimestamp = true;
            result.LocalClientSettings.DetectReplays = false;
            return(result);
        }
Beispiel #8
0
        // isDualSecurityModeOnly is true if the binding has both message security and https security enabled.
        private bool TryImportTransportSecurityBindingElement(MetadataImporter importer, PolicyConversionContext policyContext, out SecurityBindingElement sbe, bool isDualSecurityModeOnly)
        {
            TransportSecurityBindingElement binding = null;
            XmlElement assertion;

            sbe = null;

            WSSecurityPolicy securityPolicy;

            if (WSSecurityPolicy.TryGetSecurityPolicyDriver(policyContext.GetBindingAssertions(), out securityPolicy))
            {
                if (securityPolicy.TryImportWsspTransportBindingAssertion(importer, policyContext.GetBindingAssertions(), out binding, out assertion))
                {
                    this.ImportEndpointScopeMessageBindingAssertions(importer, policyContext, binding);

                    // If it is not DualSecurityMode then it is Mixed mode. So we need to look for supporting tokens in the binding.
                    if (!isDualSecurityModeOnly)
                    {
                        this.ImportOperationScopeSupportingTokensPolicy(importer, policyContext, binding);
                        if (importer.State.ContainsKey(InSecureConversationBootstrapBindingImportMode))
                        {
                            this.ImportMessageScopeProtectionPolicy(importer, policyContext);
                        }

                        if (HasSupportingTokens(binding) || binding.IncludeTimestamp)
                        {
                            sbe = binding;
                            policyContext.BindingElements.Add(binding);
                        }
                    }
                }
                else if (assertion != null)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(string.Format(SRServiceModel.UnsupportedSecurityPolicyAssertion, assertion.OuterXml)));
                }
            }

            return(binding != null);
        }
Beispiel #9
0
 private TransportSecurityBindingElement(TransportSecurityBindingElement elementToBeCloned) : base(elementToBeCloned)
 {
 }
Beispiel #10
0
 TransportSecurityBindingElement(TransportSecurityBindingElement elementToBeCloned)
     : base(elementToBeCloned)
 {
     // empty
 }
Beispiel #11
0
 private TransportSecurityBindingElement(
     TransportSecurityBindingElement other)
     : base(other)
 {
     throw new NotImplementedException();
 }