protected virtual void ValidateIncomingBinaryNegotiation(BinaryNegotiation incomingNego) { if (incomingNego == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.NoBinaryNegoToReceive))); } incomingNego.Validate(this.NegotiationValueType); }
protected override void ValidateIncomingBinaryNegotiation(BinaryNegotiation incomingNego) { if (((incomingNego != null) && (incomingNego.ValueTypeUri != this.NegotiationValueType.Value)) && (base.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005)) { incomingNego.Validate(DXD.TrustDec2005Dictionary.TlsnegoValueTypeUri); } else { base.ValidateIncomingBinaryNegotiation(incomingNego); } }
internal void SetBinaryNegotiation(BinaryNegotiation negotiation) { if (negotiation == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("negotiation"); } if (this.IsReadOnly) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ObjectIsReadOnly))); } this.negotiationData = negotiation; }
protected override BodyWriter ProcessRequestSecurityToken(Message request, RequestSecurityToken requestSecurityToken, out SspiNegotiationTokenAuthenticatorState negotiationState) { if (request == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("request"); } if (requestSecurityToken == null) { throw TraceUtility.ThrowHelperArgumentNull("requestSecurityToken", request); } if (requestSecurityToken.RequestType != null && requestSecurityToken.RequestType != this.StandardsManager.TrustDriver.RequestTypeIssue) { throw TraceUtility.ThrowHelperWarning(new SecurityNegotiationException(SR.GetString(SR.InvalidRstRequestType, requestSecurityToken.RequestType)), request); } BinaryNegotiation incomingNego = requestSecurityToken.GetBinaryNegotiation(); ValidateIncomingBinaryNegotiation(incomingNego); negotiationState = CreateSspiState(incomingNego.GetNegotiationData(), incomingNego.ValueTypeUri); AddToDigest(negotiationState, requestSecurityToken); negotiationState.Context = requestSecurityToken.Context; if (requestSecurityToken.KeySize != 0) { WSTrust.Driver.ValidateRequestedKeySize(requestSecurityToken.KeySize, this.SecurityAlgorithmSuite); } negotiationState.RequestedKeySize = requestSecurityToken.KeySize; string appliesToName; string appliesToNamespace; requestSecurityToken.GetAppliesToQName(out appliesToName, out appliesToNamespace); if (appliesToName == AddressingStrings.EndpointReference && appliesToNamespace == request.Version.Addressing.Namespace) { DataContractSerializer serializer; if (request.Version.Addressing == AddressingVersion.WSAddressing10) { serializer = DataContractSerializerDefaults.CreateSerializer(typeof(EndpointAddress10), DataContractSerializerDefaults.MaxItemsInObjectGraph); negotiationState.AppliesTo = requestSecurityToken.GetAppliesTo <EndpointAddress10>(serializer).ToEndpointAddress(); } else if (request.Version.Addressing == AddressingVersion.WSAddressingAugust2004) { serializer = DataContractSerializerDefaults.CreateSerializer(typeof(EndpointAddressAugust2004), DataContractSerializerDefaults.MaxItemsInObjectGraph); negotiationState.AppliesTo = requestSecurityToken.GetAppliesTo <EndpointAddressAugust2004>(serializer).ToEndpointAddress(); } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new ProtocolException(SR.GetString(SR.AddressingVersionNotSupported, request.Version.Addressing))); } negotiationState.AppliesToSerializer = serializer; } return(ProcessNegotiation(negotiationState, request, incomingNego)); }
protected override void ValidateIncomingBinaryNegotiation(BinaryNegotiation incomingNego) { // Accept both strings for WSTrustFeb2005 if (incomingNego != null && incomingNego.ValueTypeUri != this.NegotiationValueType.Value && this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005) { incomingNego.Validate(DXD.TrustDec2005Dictionary.TlsnegoValueTypeUri); } else { base.ValidateIncomingBinaryNegotiation(incomingNego); } }
protected override BodyWriter ProcessRequestSecurityToken(Message request, RequestSecurityToken requestSecurityToken, out SspiNegotiationTokenAuthenticatorState negotiationState) { string str; string str2; if (request == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("request"); } if (requestSecurityToken == null) { throw TraceUtility.ThrowHelperArgumentNull("requestSecurityToken", request); } if ((requestSecurityToken.RequestType != null) && (requestSecurityToken.RequestType != base.StandardsManager.TrustDriver.RequestTypeIssue)) { throw TraceUtility.ThrowHelperWarning(new SecurityNegotiationException(System.ServiceModel.SR.GetString("InvalidRstRequestType", new object[] { requestSecurityToken.RequestType })), request); } BinaryNegotiation binaryNegotiation = requestSecurityToken.GetBinaryNegotiation(); this.ValidateIncomingBinaryNegotiation(binaryNegotiation); negotiationState = this.CreateSspiState(binaryNegotiation.GetNegotiationData(), binaryNegotiation.ValueTypeUri); AddToDigest(negotiationState, requestSecurityToken); negotiationState.Context = requestSecurityToken.Context; if (requestSecurityToken.KeySize != 0) { WSTrust.Driver.ValidateRequestedKeySize(requestSecurityToken.KeySize, base.SecurityAlgorithmSuite); } negotiationState.RequestedKeySize = requestSecurityToken.KeySize; requestSecurityToken.GetAppliesToQName(out str, out str2); if ((str == "EndpointReference") && (str2 == request.Version.Addressing.Namespace)) { DataContractSerializer serializer; if (request.Version.Addressing == AddressingVersion.WSAddressing10) { serializer = DataContractSerializerDefaults.CreateSerializer(typeof(EndpointAddress10), 0x10000); negotiationState.AppliesTo = requestSecurityToken.GetAppliesTo <EndpointAddress10>(serializer).ToEndpointAddress(); } else { if (request.Version.Addressing != AddressingVersion.WSAddressingAugust2004) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ProtocolException(System.ServiceModel.SR.GetString("AddressingVersionNotSupported", new object[] { request.Version.Addressing }))); } serializer = DataContractSerializerDefaults.CreateSerializer(typeof(EndpointAddressAugust2004), 0x10000); negotiationState.AppliesTo = requestSecurityToken.GetAppliesTo <EndpointAddressAugust2004>(serializer).ToEndpointAddress(); } negotiationState.AppliesToSerializer = serializer; } return(this.ProcessNegotiation(negotiationState, request, binaryNegotiation)); }
protected override BodyWriter ProcessRequestSecurityTokenResponse(SspiNegotiationTokenAuthenticatorState negotiationState, Message request, RequestSecurityTokenResponse requestSecurityTokenResponse) { if (request == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("request"); } if (requestSecurityTokenResponse == null) { throw TraceUtility.ThrowHelperArgumentNull("requestSecurityTokenResponse", request); } if (requestSecurityTokenResponse.Context != negotiationState.Context) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.BadSecurityNegotiationContext)), request); } AddToDigest(negotiationState, requestSecurityTokenResponse, true); BinaryNegotiation incomingNego = requestSecurityTokenResponse.GetBinaryNegotiation(); ValidateIncomingBinaryNegotiation(incomingNego); return(ProcessNegotiation(negotiationState, request, incomingNego)); }
protected override BodyWriter ProcessRequestSecurityTokenResponse(SspiNegotiationTokenAuthenticatorState negotiationState, Message request, RequestSecurityTokenResponse requestSecurityTokenResponse) { if (request == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("request"); } if (requestSecurityTokenResponse == null) { throw TraceUtility.ThrowHelperArgumentNull("requestSecurityTokenResponse", request); } if (requestSecurityTokenResponse.Context != negotiationState.Context) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("BadSecurityNegotiationContext")), request); } AddToDigest(negotiationState, requestSecurityTokenResponse, true); BinaryNegotiation binaryNegotiation = requestSecurityTokenResponse.GetBinaryNegotiation(); this.ValidateIncomingBinaryNegotiation(binaryNegotiation); return(this.ProcessNegotiation(negotiationState, request, binaryNegotiation)); }
protected override void ValidateIncomingBinaryNegotiation(BinaryNegotiation incomingNego) { if (((incomingNego != null) && (incomingNego.ValueTypeUri != this.NegotiationValueType.Value)) && (base.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005)) { incomingNego.Validate(DXD.TrustDec2005Dictionary.TlsnegoValueTypeUri); } else { base.ValidateIncomingBinaryNegotiation(incomingNego); } }
BodyWriter ProcessNegotiation(SspiNegotiationTokenAuthenticatorState negotiationState, Message incomingMessage, BinaryNegotiation incomingNego) { ISspiNegotiation sspiNegotiation = negotiationState.SspiNegotiation; byte[] outgoingBlob = sspiNegotiation.GetOutgoingBlob(incomingNego.GetNegotiationData(), SecurityUtils.GetChannelBindingFromMessage(incomingMessage), this.extendedProtectionPolicy); if (sspiNegotiation.IsValidContext == false) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.InvalidSspiNegotiation)), incomingMessage); } // if there is no blob to send back the nego must be complete from the server side if (outgoingBlob == null && sspiNegotiation.IsCompleted == false) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.NoBinaryNegoToSend)), incomingMessage); } BinaryNegotiation outgoingBinaryNegotiation; if (outgoingBlob != null) { outgoingBinaryNegotiation = GetOutgoingBinaryNegotiation(sspiNegotiation, outgoingBlob); } else { outgoingBinaryNegotiation = null; } BodyWriter replyBody; if (sspiNegotiation.IsCompleted) { ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies = ValidateSspiNegotiation(sspiNegotiation); SecurityContextSecurityToken serviceToken; WrappedKeySecurityToken proofToken; int issuedKeySize; IssueServiceToken(negotiationState, authorizationPolicies, out serviceToken, out proofToken, out issuedKeySize); negotiationState.SetServiceToken(serviceToken); SecurityKeyIdentifierClause externalTokenReference = this.IssuedSecurityTokenParameters.CreateKeyIdentifierClause(serviceToken, SecurityTokenReferenceStyle.External); SecurityKeyIdentifierClause internalTokenReference = this.IssuedSecurityTokenParameters.CreateKeyIdentifierClause(serviceToken, SecurityTokenReferenceStyle.Internal); RequestSecurityTokenResponse dummyRstr = new RequestSecurityTokenResponse(this.StandardsManager); dummyRstr.Context = negotiationState.Context; dummyRstr.KeySize = issuedKeySize; dummyRstr.TokenType = this.SecurityContextTokenUri; if (outgoingBinaryNegotiation != null) { dummyRstr.SetBinaryNegotiation(outgoingBinaryNegotiation); } dummyRstr.RequestedUnattachedReference = externalTokenReference; dummyRstr.RequestedAttachedReference = internalTokenReference; dummyRstr.SetLifetime(serviceToken.ValidFrom, serviceToken.ValidTo); if (negotiationState.AppliesTo != null) { if (incomingMessage.Version.Addressing == AddressingVersion.WSAddressing10) { dummyRstr.SetAppliesTo <EndpointAddress10>(EndpointAddress10.FromEndpointAddress( negotiationState.AppliesTo), negotiationState.AppliesToSerializer); } else if (incomingMessage.Version.Addressing == AddressingVersion.WSAddressingAugust2004) { dummyRstr.SetAppliesTo <EndpointAddressAugust2004>(EndpointAddressAugust2004.FromEndpointAddress( negotiationState.AppliesTo), negotiationState.AppliesToSerializer); } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new ProtocolException(SR.GetString(SR.AddressingVersionNotSupported, incomingMessage.Version.Addressing))); } } dummyRstr.MakeReadOnly(); AddToDigest(negotiationState, dummyRstr, false); RequestSecurityTokenResponse negotiationRstr = new RequestSecurityTokenResponse(this.StandardsManager); negotiationRstr.RequestedSecurityToken = serviceToken; negotiationRstr.RequestedProofToken = proofToken; negotiationRstr.Context = negotiationState.Context; negotiationRstr.KeySize = issuedKeySize; negotiationRstr.TokenType = this.SecurityContextTokenUri; if (outgoingBinaryNegotiation != null) { negotiationRstr.SetBinaryNegotiation(outgoingBinaryNegotiation); } negotiationRstr.RequestedAttachedReference = internalTokenReference; negotiationRstr.RequestedUnattachedReference = externalTokenReference; if (negotiationState.AppliesTo != null) { if (incomingMessage.Version.Addressing == AddressingVersion.WSAddressing10) { negotiationRstr.SetAppliesTo <EndpointAddress10>( EndpointAddress10.FromEndpointAddress(negotiationState.AppliesTo), negotiationState.AppliesToSerializer); } else if (incomingMessage.Version.Addressing == AddressingVersion.WSAddressingAugust2004) { negotiationRstr.SetAppliesTo <EndpointAddressAugust2004>( EndpointAddressAugust2004.FromEndpointAddress(negotiationState.AppliesTo), negotiationState.AppliesToSerializer); } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new ProtocolException(SR.GetString(SR.AddressingVersionNotSupported, incomingMessage.Version.Addressing))); } } negotiationRstr.MakeReadOnly(); byte[] authenticator = ComputeAuthenticator(negotiationState, serviceToken.GetKeyBytes()); RequestSecurityTokenResponse authenticatorRstr = new RequestSecurityTokenResponse(this.StandardsManager); authenticatorRstr.Context = negotiationState.Context; authenticatorRstr.SetAuthenticator(authenticator); authenticatorRstr.MakeReadOnly(); List <RequestSecurityTokenResponse> rstrList = new List <RequestSecurityTokenResponse>(2); rstrList.Add(negotiationRstr); rstrList.Add(authenticatorRstr); replyBody = new RequestSecurityTokenResponseCollection(rstrList, this.StandardsManager); } else { RequestSecurityTokenResponse rstr = new RequestSecurityTokenResponse(this.StandardsManager); rstr.Context = negotiationState.Context; rstr.SetBinaryNegotiation(outgoingBinaryNegotiation); rstr.MakeReadOnly(); AddToDigest(negotiationState, rstr, false); replyBody = rstr; } return(replyBody); }
protected override void ValidateIncomingBinaryNegotiation(BinaryNegotiation incomingNego) { // Accept both strings for WSTrustFeb2005 if (incomingNego != null && incomingNego.ValueTypeUri != this.NegotiationValueType.Value && this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005) { incomingNego.Validate(DXD.TrustDec2005Dictionary.TlsnegoValueTypeUri); } else { base.ValidateIncomingBinaryNegotiation(incomingNego); } }
private void ValidateIncomingBinaryNegotiation(BinaryNegotiation incomingNego) { incomingNego.Validate(this.NegotiationValueType); }
protected override BodyWriter GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState) { byte[] negotiationData; try { IssuanceTokenProviderBase <SspiNegotiationTokenProviderState> .ThrowIfFault(incomingMessage, base.TargetAddress); } catch (FaultException exception) { if (!exception.Code.IsSenderFault) { throw; } if (!(exception.Code.SubCode.Name == "FailedAuthentication") && !(exception.Code.SubCode.Name == "FailedAuthentication")) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("FailedSspiNegotiation"), exception), incomingMessage); } throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("AuthenticationOfClientFailed"), exception), incomingMessage); } RequestSecurityTokenResponse rstr = null; RequestSecurityTokenResponse authenticatorRstr = null; XmlDictionaryReader readerAtBodyContents = incomingMessage.GetReaderAtBodyContents(); using (readerAtBodyContents) { if (base.StandardsManager.TrustDriver.IsAtRequestSecurityTokenResponseCollection(readerAtBodyContents)) { using (IEnumerator <RequestSecurityTokenResponse> enumerator = base.StandardsManager.TrustDriver.CreateRequestSecurityTokenResponseCollection(readerAtBodyContents).RstrCollection.GetEnumerator()) { enumerator.MoveNext(); rstr = enumerator.Current; if (enumerator.MoveNext()) { authenticatorRstr = enumerator.Current; } } if (authenticatorRstr == null) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("AuthenticatorNotPresentInRSTRCollection")), incomingMessage); } if (authenticatorRstr.Context != rstr.Context) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("RSTRAuthenticatorHasBadContext")), incomingMessage); } this.AddToDigest(sspiState, rstr, true, true); } else if (base.StandardsManager.TrustDriver.IsAtRequestSecurityTokenResponse(readerAtBodyContents)) { rstr = RequestSecurityTokenResponse.CreateFrom(base.StandardsManager, readerAtBodyContents); this.AddToDigest(sspiState, rstr, true, false); } else { base.StandardsManager.TrustDriver.OnRSTRorRSTRCMissingException(); } incomingMessage.ReadFromBodyContentsToEnd(readerAtBodyContents); } if (rstr.Context != sspiState.Context) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("BadSecurityNegotiationContext")), incomingMessage); } BinaryNegotiation binaryNegotiation = rstr.GetBinaryNegotiation(); if (binaryNegotiation != null) { this.ValidateIncomingBinaryNegotiation(binaryNegotiation); negotiationData = binaryNegotiation.GetNegotiationData(); } else { negotiationData = null; } if ((negotiationData == null) && !sspiState.SspiNegotiation.IsCompleted) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("NoBinaryNegoToReceive")), incomingMessage); } if ((negotiationData == null) && sspiState.SspiNegotiation.IsCompleted) { this.OnNegotiationComplete(sspiState, rstr, authenticatorRstr); return(null); } byte[] outgoingBlob = sspiState.SspiNegotiation.GetOutgoingBlob(negotiationData, System.ServiceModel.Security.SecurityUtils.GetChannelBindingFromMessage(incomingMessage), null); if ((outgoingBlob == null) && !sspiState.SspiNegotiation.IsCompleted) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("NoBinaryNegoToSend")), incomingMessage); } if ((outgoingBlob == null) && sspiState.SspiNegotiation.IsCompleted) { this.OnNegotiationComplete(sspiState, rstr, authenticatorRstr); return(null); } return(this.PrepareRstr(sspiState, outgoingBlob)); }
protected override BodyWriter GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState) { try { ThrowIfFault(incomingMessage, this.TargetAddress); } catch (FaultException fault) { if (fault.Code.IsSenderFault) { if (fault.Code.SubCode.Name == TrustApr2004Strings.FailedAuthenticationFaultCode || fault.Code.SubCode.Name == TrustFeb2005Strings.FailedAuthenticationFaultCode) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.AuthenticationOfClientFailed), fault), incomingMessage); } throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.FailedSspiNegotiation), fault), incomingMessage); } else { throw; } } RequestSecurityTokenResponse negotiationRstr = null; RequestSecurityTokenResponse authenticatorRstr = null; XmlDictionaryReader bodyReader = incomingMessage.GetReaderAtBodyContents(); using (bodyReader) { if (this.StandardsManager.TrustDriver.IsAtRequestSecurityTokenResponseCollection(bodyReader)) { RequestSecurityTokenResponseCollection rstrCollection = this.StandardsManager.TrustDriver.CreateRequestSecurityTokenResponseCollection(bodyReader); using (IEnumerator <RequestSecurityTokenResponse> enumerator = rstrCollection.RstrCollection.GetEnumerator()) { enumerator.MoveNext(); negotiationRstr = enumerator.Current; if (enumerator.MoveNext()) { authenticatorRstr = enumerator.Current; } } if (authenticatorRstr == null) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.AuthenticatorNotPresentInRSTRCollection)), incomingMessage); } else if (authenticatorRstr.Context != negotiationRstr.Context) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.RSTRAuthenticatorHasBadContext)), incomingMessage); } AddToDigest(sspiState, negotiationRstr, true, true); } else if (this.StandardsManager.TrustDriver.IsAtRequestSecurityTokenResponse(bodyReader)) { negotiationRstr = RequestSecurityTokenResponse.CreateFrom(this.StandardsManager, bodyReader); AddToDigest(sspiState, negotiationRstr, true, false); } else { this.StandardsManager.TrustDriver.OnRSTRorRSTRCMissingException(); } incomingMessage.ReadFromBodyContentsToEnd(bodyReader); } if (negotiationRstr.Context != sspiState.Context) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.BadSecurityNegotiationContext)), incomingMessage); } BinaryNegotiation incomingBinaryNego = negotiationRstr.GetBinaryNegotiation(); byte[] incomingBlob; if (incomingBinaryNego != null) { ValidateIncomingBinaryNegotiation(incomingBinaryNego); incomingBlob = incomingBinaryNego.GetNegotiationData(); } else { incomingBlob = null; } BodyWriter nextMessageBody; if (incomingBlob == null && sspiState.SspiNegotiation.IsCompleted == false) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.NoBinaryNegoToReceive)), incomingMessage); } else if (incomingBlob == null && sspiState.SspiNegotiation.IsCompleted == true) { // the incoming RSTR must have the negotiated token OnNegotiationComplete(sspiState, negotiationRstr, authenticatorRstr); nextMessageBody = null; } else { // we got an incoming blob. Process it and see if there is an outgoing blob byte[] outgoingBlob = sspiState.SspiNegotiation.GetOutgoingBlob(incomingBlob, SecurityUtils.GetChannelBindingFromMessage(incomingMessage), null); if (outgoingBlob == null && sspiState.SspiNegotiation.IsCompleted == false) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.NoBinaryNegoToSend)), incomingMessage); } else if (outgoingBlob == null && sspiState.SspiNegotiation.IsCompleted == true) { // the incoming RSTR had the last blob. It must have the token too this.OnNegotiationComplete(sspiState, negotiationRstr, authenticatorRstr); nextMessageBody = null; } else { nextMessageBody = PrepareRstr(sspiState, outgoingBlob); } } return(nextMessageBody); }
private BodyWriter ProcessNegotiation(SspiNegotiationTokenAuthenticatorState negotiationState, Message incomingMessage, BinaryNegotiation incomingNego) { BinaryNegotiation outgoingBinaryNegotiation; ISspiNegotiation sspiNegotiation = negotiationState.SspiNegotiation; byte[] outgoingBlob = sspiNegotiation.GetOutgoingBlob(incomingNego.GetNegotiationData(), System.ServiceModel.Security.SecurityUtils.GetChannelBindingFromMessage(incomingMessage), this.extendedProtectionPolicy); if (!sspiNegotiation.IsValidContext) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("InvalidSspiNegotiation")), incomingMessage); } if ((outgoingBlob == null) && !sspiNegotiation.IsCompleted) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("NoBinaryNegoToSend")), incomingMessage); } if (outgoingBlob != null) { outgoingBinaryNegotiation = this.GetOutgoingBinaryNegotiation(sspiNegotiation, outgoingBlob); } else { outgoingBinaryNegotiation = null; } if (sspiNegotiation.IsCompleted) { SecurityContextSecurityToken token; WrappedKeySecurityToken token2; int num; ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies = this.ValidateSspiNegotiation(sspiNegotiation); this.IssueServiceToken(negotiationState, authorizationPolicies, out token, out token2, out num); negotiationState.SetServiceToken(token); SecurityKeyIdentifierClause clause = base.IssuedSecurityTokenParameters.CreateKeyIdentifierClause(token, SecurityTokenReferenceStyle.External); SecurityKeyIdentifierClause clause2 = base.IssuedSecurityTokenParameters.CreateKeyIdentifierClause(token, SecurityTokenReferenceStyle.Internal); RequestSecurityTokenResponse response = new RequestSecurityTokenResponse(base.StandardsManager) { Context = negotiationState.Context, KeySize = num, TokenType = base.SecurityContextTokenUri }; if (outgoingBinaryNegotiation != null) { response.SetBinaryNegotiation(outgoingBinaryNegotiation); } response.RequestedUnattachedReference = clause; response.RequestedAttachedReference = clause2; response.SetLifetime(token.ValidFrom, token.ValidTo); if (negotiationState.AppliesTo != null) { if (incomingMessage.Version.Addressing != AddressingVersion.WSAddressing10) { if (incomingMessage.Version.Addressing != AddressingVersion.WSAddressingAugust2004) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ProtocolException(System.ServiceModel.SR.GetString("AddressingVersionNotSupported", new object[] { incomingMessage.Version.Addressing }))); } response.SetAppliesTo <EndpointAddressAugust2004>(EndpointAddressAugust2004.FromEndpointAddress(negotiationState.AppliesTo), negotiationState.AppliesToSerializer); } else { response.SetAppliesTo <EndpointAddress10>(EndpointAddress10.FromEndpointAddress(negotiationState.AppliesTo), negotiationState.AppliesToSerializer); } } response.MakeReadOnly(); AddToDigest(negotiationState, response, false); RequestSecurityTokenResponse response2 = new RequestSecurityTokenResponse(base.StandardsManager) { RequestedSecurityToken = token, RequestedProofToken = token2, Context = negotiationState.Context, KeySize = num, TokenType = base.SecurityContextTokenUri }; if (outgoingBinaryNegotiation != null) { response2.SetBinaryNegotiation(outgoingBinaryNegotiation); } response2.RequestedAttachedReference = clause2; response2.RequestedUnattachedReference = clause; if (negotiationState.AppliesTo != null) { if (incomingMessage.Version.Addressing != AddressingVersion.WSAddressing10) { if (incomingMessage.Version.Addressing != AddressingVersion.WSAddressingAugust2004) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ProtocolException(System.ServiceModel.SR.GetString("AddressingVersionNotSupported", new object[] { incomingMessage.Version.Addressing }))); } response2.SetAppliesTo <EndpointAddressAugust2004>(EndpointAddressAugust2004.FromEndpointAddress(negotiationState.AppliesTo), negotiationState.AppliesToSerializer); } else { response2.SetAppliesTo <EndpointAddress10>(EndpointAddress10.FromEndpointAddress(negotiationState.AppliesTo), negotiationState.AppliesToSerializer); } } response2.MakeReadOnly(); byte[] authenticator = ComputeAuthenticator(negotiationState, token.GetKeyBytes()); RequestSecurityTokenResponse response3 = new RequestSecurityTokenResponse(base.StandardsManager) { Context = negotiationState.Context }; response3.SetAuthenticator(authenticator); response3.MakeReadOnly(); return(new RequestSecurityTokenResponseCollection(new List <RequestSecurityTokenResponse>(2) { response2, response3 }, base.StandardsManager)); } RequestSecurityTokenResponse rstr = new RequestSecurityTokenResponse(base.StandardsManager) { Context = negotiationState.Context }; rstr.SetBinaryNegotiation(outgoingBinaryNegotiation); rstr.MakeReadOnly(); AddToDigest(negotiationState, rstr, false); return(rstr); }