Ejemplos de código de AsymmetricSecurityBindingElement.SetKeyDerivation en C# (CSharp)

Ejemplo n.º 1

0

Mostrar archivo

        /// <summary>
        /// Returns a custom wcf binding that will create a SOAP request
        /// compatible with the Simple Order API Service
        /// </summary>
        protected static CustomBinding getWCFCustomBinding(Configuration config)
        {
            //Setup custom binding with HTTPS + Body Signing
            CustomBinding currentBinding = new CustomBinding();

            //Sign the body
            AsymmetricSecurityBindingElement asec = (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);

            asec.SetKeyDerivation(false);
            asec.IncludeTimestamp        = false;
            asec.EnableUnsecuredResponse = true;
            asec.SecurityHeaderLayout    = SecurityHeaderLayout.Lax;

            if (config.UseSignedAndEncrypted)
            {
                asec.LocalClientSettings.IdentityVerifier = new CustomeIdentityVerifier();
                asec.RecipientTokenParameters             = new System.ServiceModel.Security.Tokens.X509SecurityTokenParameters {
                    InclusionMode = SecurityTokenInclusionMode.Once
                };
                asec.MessageProtectionOrder = System.ServiceModel.Security.MessageProtectionOrder.SignBeforeEncrypt;
                asec.EndpointSupportingTokenParameters.SignedEncrypted.Add(new System.ServiceModel.Security.Tokens.X509SecurityTokenParameters());
                asec.SetKeyDerivation(false);
            }

            //Use custom encoder to strip unsigned timestamp in response
            CustomTextMessageBindingElement textBindingElement = new CustomTextMessageBindingElement();


            //Setup https transport
            HttpsTransportBindingElement httpsTransport = new HttpsTransportBindingElement();

            httpsTransport.RequireClientCertificate = true;
            httpsTransport.AuthenticationScheme     = AuthenticationSchemes.Anonymous;
            httpsTransport.MaxReceivedMessageSize   = 2147483647;
            httpsTransport.UseDefaultWebProxy       = false;

            //Setup Proxy if needed
            if (mProxy != null)
            {
                WebRequest.DefaultWebProxy        = mProxy;
                httpsTransport.UseDefaultWebProxy = true;
            }


            //Bind in order (Security layer, message layer, transport layer)
            currentBinding.Elements.Add(asec);
            currentBinding.Elements.Add(textBindingElement);
            currentBinding.Elements.Add(httpsTransport);
            return(currentBinding);
        }

Ejemplo n.º 2

0

Mostrar archivo

        private SecurityBindingElement CreateSecurity()
        {
            AsymmetricSecurityBindingElement security = new AsymmetricSecurityBindingElement();

            X509SecurityTokenParameters clientToken = new X509SecurityTokenParameters();

            clientToken.X509ReferenceStyle    = X509KeyIdentifierClauseType.Any;
            clientToken.InclusionMode         = SecurityTokenInclusionMode.AlwaysToRecipient;
            clientToken.RequireDerivedKeys    = false;
            clientToken.ReferenceStyle        = SecurityTokenReferenceStyle.Internal;
            security.InitiatorTokenParameters = clientToken; //Creates an _unsigned_ binary token + signature that references the other binary token.

            X509SecurityTokenParameters serverToken = new X509SecurityTokenParameters();

            serverToken.X509ReferenceStyle    = X509KeyIdentifierClauseType.Any;
            serverToken.InclusionMode         = SecurityTokenInclusionMode.Never;
            serverToken.RequireDerivedKeys    = false;
            serverToken.ReferenceStyle        = SecurityTokenReferenceStyle.External;
            security.RecipientTokenParameters = serverToken;                    //Only to make asymetric binding work

            security.EndpointSupportingTokenParameters.Signed.Add(clientToken); //Create a signed binary token + signature that does _not_ references other binary token.
            //Later on the unsigned binary token is removed and the non referecing signature is removed.  The signed token and referencing signature are linked.

            security.EnableUnsecuredResponse = true;
            security.IncludeTimestamp        = true;
            security.SecurityHeaderLayout    = SecurityHeaderLayout.Lax;
            security.DefaultAlgorithmSuite   = SecurityAlgorithmSuite.Basic256;
            security.MessageSecurityVersion  = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
            security.SetKeyDerivation(false);

            return(security);
        }

Ejemplo n.º 3

0

Mostrar archivo

Archivo: source.cs Proyecto: ruo2012/samples-1

        //<snippet1>
        public Binding CreateClientBinding()
        {
            AsymmetricSecurityBindingElement abe =
                (AsymmetricSecurityBindingElement)SecurityBindingElement.
                CreateMutualCertificateBindingElement(
                    MessageSecurityVersion.
                    WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);

            abe.SetKeyDerivation(false);

            X509SecurityTokenParameters istp =
                abe.InitiatorTokenParameters as X509SecurityTokenParameters;

            if (istp != null)
            {
                istp.X509ReferenceStyle =
                    X509KeyIdentifierClauseType.IssuerSerial;
            }
            X509SecurityTokenParameters rstp =
                abe.RecipientTokenParameters as X509SecurityTokenParameters;

            if (rstp != null)
            {
                rstp.X509ReferenceStyle =
                    X509KeyIdentifierClauseType.IssuerSerial;
            }

            HttpTransportBindingElement transport =
                new HttpTransportBindingElement();

            return(new CustomBinding(abe, transport));
        }

Ejemplo n.º 4

0

Mostrar archivo

        public void ClientInitiatorHasNoKeysCore(bool deriveKeys, MessageProtectionOrder order)
        {
            AsymmetricSecurityBindingElement sbe =
                new AsymmetricSecurityBindingElement();

            sbe.InitiatorTokenParameters =
                new UserNameSecurityTokenParameters();
            sbe.RecipientTokenParameters =
                new X509SecurityTokenParameters();
            sbe.SetKeyDerivation(deriveKeys);
            sbe.MessageProtectionOrder = order;
            TransportBindingElement tbe = new HandlerTransportBindingElement(delegate(Message input) {
                // funky, but .NET does not raise an error
                // until it writes the message to somewhere.
                // That is, it won't raise an error if this
                // HandlerTransportBindingElement does not
                // write the input message to somewhere.
                // It is an obvious bug.
                input.WriteMessage(XmlWriter.Create(TextWriter.Null));
                throw new Exception();
            });
            CustomBinding   binding = new CustomBinding(sbe, tbe);
            EndpointAddress address = new EndpointAddress(
                new Uri("stream:dummy"),
                new X509CertificateEndpointIdentity(cert2));
            CalcProxy proxy = new CalcProxy(binding, address);

            proxy.ClientCredentials.UserName.UserName = "******";
            proxy.Open();
            // Until here the wrong parameters are not checked.
            proxy.Sum(1, 2);
        }

Ejemplo n.º 5

0

Mostrar archivo

        public override BindingElementCollection CreateBindingElements()
        {
            var transport =
                _useHttps
                    ? new HttpsTransportBindingElement()
                    : new HttpTransportBindingElement();

            if (_maxReceivedMessageSize.HasValue)
            {
                transport.MaxReceivedMessageSize =
                    _maxReceivedMessageSize.Value;
            }

            var encoding = new TextMessageEncodingBindingElement();

            // [OIO IDWS SOAP 1.1] requires SOAP 1.2 and WS-Adressing 1.0
            encoding.MessageVersion = MessageVersion.Soap12WSAddressing10;

            // AlwaysToInitiator is required by the [OIO IDWS SOAP 1.1] profile. This specifies that the server certificate must be embedded in the response.
            var recipientTokenParameters = new X509SecurityTokenParameters(
                X509KeyIdentifierClauseType.Any,
                SecurityTokenInclusionMode.AlwaysToInitiator);

            var initiatorTokenParameters =
                new CustomizedIssuedSecurityTokenParameters(
                    "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
                    );

            initiatorTokenParameters.UseStrTransform = true;

            var asymmetric = new AsymmetricSecurityBindingElement(recipientTokenParameters, initiatorTokenParameters);

            // Must be true in order for client to accept embedded server certificates instead of references. This is required by the [OIO IDWS SOAP 1.1] profile.
            // However, the client must still specify the server certificate explicitly.
            // Have not figured out how the client can use the embedded server certificate and make trust to it through a CA certificate and a CN (Common Name). This way the client should not need the server certificate.
            asymmetric.AllowSerializedSigningTokenOnReply = true;

            // No need for derived keys when both parties has a certificate. Also OIO-IDWS-SOAP does not make use of derived keys.
            asymmetric.SetKeyDerivation(false);

            // Include token (encrypted assertion from NemLog-in STS) in signature
            asymmetric.ProtectTokens = true;

            // Specifies that WCF can send and receive unsecured responses to secured requests.
            // Concrete this means that SOAP faults are send unencrypted. [OIO IDWS SOAP 1.1] does not specify whether or not SOAP faults can be encrypted but it looks like they should not be encrypted.
            // If encrypted the client is not able to process the encrypted SOAP fault if client is not setup correctly.
            // setting EnableUnsecuredResponse to true makes normal responses unsigned and processed by the client without error. This is not what we want :)
            //asymmetric.EnableUnsecuredResponse = true;

            var elements = new BindingElementCollection();

            elements.Add(asymmetric);
            elements.Add(encoding);
            elements.Add(transport);

            return(elements);
        }

Ejemplo n.º 6

0

Mostrar archivo

Archivo: samplesvc7.cs Proyecto: stanasse/olive

    public static void Main()
    {
        AsymmetricSecurityBindingElement sbe =
            new AsymmetricSecurityBindingElement();

        //sbe.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
        //sbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11;
        //sbe.RequireSignatureConfirmation = true;

        //sbe.LocalServiceSettings.DetectReplays = false;
        //sbe.IncludeTimestamp = false;

        sbe.RecipientTokenParameters =
            new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.Never);
        sbe.InitiatorTokenParameters =
            new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.AlwaysToRecipient);
        X509SecurityTokenParameters p =
            new X509SecurityTokenParameters(X509KeyIdentifierClauseType.IssuerSerial, SecurityTokenInclusionMode.AlwaysToRecipient);

        p.RequireDerivedKeys = false;
        //sbe.EndpointSupportingTokenParameters.Endorsing.Add (p);
        sbe.SetKeyDerivation(false);
        sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
        ServiceHost host = new ServiceHost(typeof(Foo));
        HttpTransportBindingElement hbe =
            new HttpTransportBindingElement();
        CustomBinding binding = new CustomBinding(sbe, hbe);

        binding.ReceiveTimeout = TimeSpan.FromSeconds(5);
        host.AddServiceEndpoint("IFoo",
                                binding, new Uri("http://localhost:8080"));
        ServiceCredentials cred = new ServiceCredentials();

        cred.ServiceCertificate.Certificate =
            new X509Certificate2("test.pfx", "mono");
        cred.ClientCertificate.Authentication.CertificateValidationMode =
            X509CertificateValidationMode.None;
        host.Description.Behaviors.Add(cred);
        host.Description.Behaviors.Find <ServiceDebugBehavior> ()
        .IncludeExceptionDetailInFaults = true;
        foreach (ServiceEndpoint se in host.Description.Endpoints)
        {
            se.Behaviors.Add(new StdErrInspectionBehavior());
        }
        ServiceMetadataBehavior smb = new ServiceMetadataBehavior();

        smb.HttpGetEnabled = true;
        smb.HttpGetUrl     = new Uri("http://localhost:8080/wsdl");
        host.Description.Behaviors.Add(smb);
        host.Open();
        Console.WriteLine("Hit [CR] key to close ...");
        Console.ReadLine();
        host.Close();
    }

Ejemplo n.º 7

0

Mostrar archivo

Archivo: samplesvc8.cs Proyecto: alesliehughes/olive

	public static void Main ()
	{
		AsymmetricSecurityBindingElement sbe =
			new AsymmetricSecurityBindingElement ();
		//sbe.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
		//sbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11;
		//sbe.RequireSignatureConfirmation = true;

		//sbe.LocalServiceSettings.DetectReplays = false;
		//sbe.IncludeTimestamp = false;

		sbe.RecipientTokenParameters =
			new X509SecurityTokenParameters (X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.Never);
		sbe.InitiatorTokenParameters = 
			new X509SecurityTokenParameters (X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.AlwaysToRecipient);
		X509SecurityTokenParameters p =
			new X509SecurityTokenParameters (X509KeyIdentifierClauseType.IssuerSerial, SecurityTokenInclusionMode.AlwaysToRecipient);
		p.RequireDerivedKeys = false;
		//sbe.EndpointSupportingTokenParameters.Endorsing.Add (p);
		UserNameSecurityTokenParameters up =
			new UserNameSecurityTokenParameters ();
		sbe.EndpointSupportingTokenParameters.Signed.Add (up);
		sbe.SetKeyDerivation (false);
		sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
		ServiceHost host = new ServiceHost (typeof (Foo));
		HttpTransportBindingElement hbe =
			new HttpTransportBindingElement ();
		CustomBinding binding = new CustomBinding (sbe, hbe);
		binding.ReceiveTimeout = TimeSpan.FromSeconds (5);
		host.AddServiceEndpoint ("IFoo",
			binding, new Uri ("http://localhost:8080"));
		ServiceCredentials cred = new ServiceCredentials ();
		cred.ServiceCertificate.Certificate =
			new X509Certificate2 ("test.pfx", "mono");
		cred.ClientCertificate.Authentication.CertificateValidationMode =
			X509CertificateValidationMode.None;
		cred.UserNameAuthentication.UserNamePasswordValidationMode =
			UserNamePasswordValidationMode.Custom;
		cred.UserNameAuthentication.CustomUserNamePasswordValidator =
			UserNamePasswordValidator.None;
		host.Description.Behaviors.Add (cred);
		host.Description.Behaviors.Find<ServiceDebugBehavior> ()
			.IncludeExceptionDetailInFaults = true;
		foreach (ServiceEndpoint se in host.Description.Endpoints)
			se.Behaviors.Add (new StdErrInspectionBehavior ());
		ServiceMetadataBehavior smb = new ServiceMetadataBehavior ();
		smb.HttpGetEnabled = true;
		smb.HttpGetUrl = new Uri ("http://localhost:8080/wsdl");
		host.Description.Behaviors.Add (smb);
		host.Open ();
		Console.WriteLine ("Hit [CR] key to close ...");
		Console.ReadLine ();
		host.Close ();
	}

Ejemplo n.º 8

0

Mostrar archivo

Archivo: UCCProxyFactory.cs Proyecto: ergun598/WcfService

        public static NCIServiceWCFClient CreateNCIServiceClient(Uri uri)
        {
            UCCProxyFactory.ClientCertificatePath     = HostingEnvironment.MapPath(@"~/App_Data/isbank_test_private.pfx");
            UCCProxyFactory.ServiceCertificatePath    = HostingEnvironment.MapPath(@"~/App_Data/ucc_test_public.cer");
            UCCProxyFactory.ClientCertificatePassword = "******";

            System.Net.ServicePointManager.Expect100Continue = false;

            if (string.IsNullOrEmpty(ClientCertificatePath) || string.IsNullOrEmpty(ServiceCertificatePath))
            {
                throw new InvalidOperationException("You should specify certificates path first");
            }

            if (string.IsNullOrEmpty(ClientCertificatePassword))
            {
                throw new InvalidOperationException("You should specify ClientCertificatePassword");
            }

            clientCertificate  = new X509Certificate2(ClientCertificatePath, ClientCertificatePassword);
            serviceCertificate = new X509Certificate2(ServiceCertificatePath);

            endpointIdentity = new X509CertificateEndpointIdentity(serviceCertificate, new X509Certificate2Collection(clientCertificate));
            EndpointAddress ea = new EndpointAddress(uri, endpointIdentity);

            CustomBinding cb = new CustomBinding();

            cb.CloseTimeout = new TimeSpan(50000000);
            TextMessageEncodingBindingElement messageBindingElement = new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8);
            HttpTransportBindingElement       nciTransport          = new HttpTransportBindingElement();

            nciTransport.MaxReceivedMessageSize = 5000000;                       //115000000;
            messageBindingElement.ReaderQuotas.MaxStringContentLength = 1200000; //11200000;
            AsymmetricSecurityBindingElement abe = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);;

            abe.AllowSerializedSigningTokenOnReply = true;
            abe.MessageProtectionOrder             = System.ServiceModel.Security.MessageProtectionOrder.SignBeforeEncrypt;
            abe.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic128Rsa15;
            abe.SetKeyDerivation(false);
            cb.Elements.Add(abe);
            cb.Elements.Add(messageBindingElement);
            cb.Elements.Add(nciTransport);
            NCIServiceWCFClient nciClient = new NCIServiceWCFClient(cb, ea);

            nciClient.ClientCredentials.ServiceCertificate.DefaultCertificate = serviceCertificate;
            nciClient.ClientCredentials.ClientCertificate.Certificate         = clientCertificate;
            nciClient.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;

            return(nciClient);
        }

Ejemplo n.º 9

0

Mostrar archivo

Archivo: samplecli8.cs Proyecto: stanasse/olive

    static void Run()
    {
        AsymmetricSecurityBindingElement sbe =
            new AsymmetricSecurityBindingElement();
        //sbe.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
        //sbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11;
        //sbe.RequireSignatureConfirmation = true;

        //sbe.LocalClientSettings.DetectReplays = false;
        //sbe.IncludeTimestamp = false;

        X509SecurityTokenParameters p =
            new X509SecurityTokenParameters(X509KeyIdentifierClauseType.IssuerSerial, SecurityTokenInclusionMode.AlwaysToRecipient);

        p.RequireDerivedKeys = false;
        //sbe.EndpointSupportingTokenParameters.Endorsing.Add (p);
        UserNameSecurityTokenParameters up =
            new UserNameSecurityTokenParameters();

        sbe.EndpointSupportingTokenParameters.Signed.Add(up);
        sbe.RecipientTokenParameters =
            new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.Never);
        sbe.InitiatorTokenParameters =
            new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.AlwaysToRecipient);
        sbe.SetKeyDerivation(false);
        sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
        HttpTransportBindingElement hbe =
            new HttpTransportBindingElement();
        CustomBinding    binding = new CustomBinding(new XBE(), sbe, hbe);
        X509Certificate2 cert    = new X509Certificate2("test.pfx", "mono");
        X509Certificate2 cert2   = new X509Certificate2("test2.pfx", "mono");
        FooProxy         proxy   = new FooProxy(binding,
                                                new EndpointAddress(new Uri("http://localhost:8080"), new X509CertificateEndpointIdentity(cert)));

        //proxy.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
        proxy.ClientCredentials.UserName.UserName             = "******";
        proxy.ClientCredentials.ClientCertificate.Certificate = cert2;
        proxy.Endpoint.Behaviors.Add(new StdErrInspectionBehavior());
        proxy.Open();
        Console.WriteLine(proxy.Echo("TEST FOR ECHO"));
    }

Ejemplo n.º 10

0

Mostrar archivo

        private CustomBinding CreatePullBinding()
        {
            CustomBinding pullBinding = new CustomBinding();

            pullBinding.Name = "ePUAPBinding";

            SecurityBindingElement sBElement = SecurityBindingElement.CreateMutualCertificateBindingElement(
                MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10);

            AsymmetricSecurityBindingElement bindingAsymetryczny = (AsymmetricSecurityBindingElement)sBElement;

            bindingAsymetryczny.SetKeyDerivation(true);

            bindingAsymetryczny.EnableUnsecuredResponse = false;

            bindingAsymetryczny.AllowInsecureTransport = false;

            bindingAsymetryczny.AllowSerializedSigningTokenOnReply = true;

            bindingAsymetryczny.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic192Rsa15;

            bindingAsymetryczny.IncludeTimestamp = true;

            bindingAsymetryczny.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;

            pullBinding.Elements.Clear();

            pullBinding.Elements.Add(bindingAsymetryczny);

            pullBinding.Elements.Add(new TextMessageEncodingBindingElement()
            {
                MessageVersion = MessageVersion.CreateVersion(EnvelopeVersion.Soap11, AddressingVersion.None), WriteEncoding = new UTF8Encoding()
            });

            HttpsTransportBindingElement httpsbinding = new HttpsTransportBindingElement();

            pullBinding.Elements.Add(httpsbinding);

            return(pullBinding);
        }

Ejemplo n.º 11

0

Mostrar archivo

Archivo: BaseClient.cs Proyecto: sachinvisa/cybersource-sdk-dotnet

        /// <summary>
        /// Returns a custom wcf binding that will create a SOAP request
        /// compatible with the Simple Order API Service
        /// </summary>
        protected static CustomBinding getWCFCustomBinding()
        {
            //Setup custom binding with HTTPS + Body Signing
            CustomBinding currentBinding = new CustomBinding();

            //Sign the body
            AsymmetricSecurityBindingElement asec = (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);

            asec.SetKeyDerivation(false);
            asec.IncludeTimestamp        = false;
            asec.EnableUnsecuredResponse = true;
            asec.SecurityHeaderLayout    = SecurityHeaderLayout.Lax;

            //Use custom encoder to strip unsigned timestamp in response
            CustomTextMessageBindingElement textBindingElement = new CustomTextMessageBindingElement();


            //Setup https transport
            HttpsTransportBindingElement httpsTransport = new HttpsTransportBindingElement();

            httpsTransport.RequireClientCertificate = true;
            httpsTransport.AuthenticationScheme     = AuthenticationSchemes.Anonymous;
            httpsTransport.MaxReceivedMessageSize   = 2147483647;
            httpsTransport.UseDefaultWebProxy       = false;

            //Setup Proxy if needed
            if (mProxy != null)
            {
                WebRequest.DefaultWebProxy        = mProxy;
                httpsTransport.UseDefaultWebProxy = true;
            }


            //Bind in order (Security layer, message layer, transport layer)
            currentBinding.Elements.Add(asec);
            currentBinding.Elements.Add(textBindingElement);
            currentBinding.Elements.Add(httpsTransport);
            return(currentBinding);
        }

Ejemplo n.º 12

0

Mostrar archivo

        public void SetKeyDerivation()
        {
            AsymmetricSecurityBindingElement be;
            X509SecurityTokenParameters      p, p2;

            be = new AsymmetricSecurityBindingElement();
            p  = new X509SecurityTokenParameters();
            p2 = new X509SecurityTokenParameters();
            be.InitiatorTokenParameters = p;
            be.RecipientTokenParameters = p2;
            be.SetKeyDerivation(false);
            Assert.AreEqual(false, p.RequireDerivedKeys, "#1");
            Assert.AreEqual(false, p2.RequireDerivedKeys, "#2");

            be = new AsymmetricSecurityBindingElement();
            p  = new X509SecurityTokenParameters();
            p2 = new X509SecurityTokenParameters();
            be.SetKeyDerivation(false);              // set in prior - makes no sense
            be.InitiatorTokenParameters = p;
            be.RecipientTokenParameters = p2;
            Assert.AreEqual(true, p.RequireDerivedKeys, "#3");
            Assert.AreEqual(true, p2.RequireDerivedKeys, "#4");
        }

Ejemplo n.º 13

0

Mostrar archivo

Archivo: WspCustomSecuredBinding.cs Proyecto: gtkrug/gfipm-ws-ms.net

        private SecurityBindingElement CreateWSS10SecurityBindingElement()
        {
            AsymmetricSecurityBindingElement secBindingElement = new AsymmetricSecurityBindingElement();

            secBindingElement.SecurityHeaderLayout = SecurityHeaderLayout.Lax;

            secBindingElement.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256;
            secBindingElement.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
            secBindingElement.IncludeTimestamp = true;
            secBindingElement.SetKeyDerivation(false);
            secBindingElement.AllowSerializedSigningTokenOnReply = true;
            secBindingElement.RequireSignatureConfirmation = false;

            X509SecurityTokenParameters initiatorTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.IssuerSerial,
                SecurityTokenInclusionMode.AlwaysToRecipient);
            initiatorTokenParameters.RequireDerivedKeys = false;
            initiatorTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
            secBindingElement.InitiatorTokenParameters = initiatorTokenParameters;

            X509SecurityTokenParameters recipientTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.IssuerSerial,
                SecurityTokenInclusionMode.Never);
            recipientTokenParameters.RequireDerivedKeys = false;
            recipientTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never;
            secBindingElement.RecipientTokenParameters = recipientTokenParameters;

            //secBindingElement.EndpointSupportingTokenParameters.Signed.Add(issuedTokenParameters);
            //secBindingElement.EndpointSupportingTokenParameters.Endorsing.Add(protectTokenParameters);

            //secBindingElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12;
            secBindingElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;

            return secBindingElement;
        }

Ejemplo n.º 14

0

Mostrar archivo

Archivo: WspCustomSecuredBinding.cs Proyecto: gtkrug/gfipm-ws-ms.net

        private SecurityBindingElement CreateWSS11SecurityBindingElement()
        {
            AsymmetricSecurityBindingElement secBindingElement = new AsymmetricSecurityBindingElement();

            secBindingElement.SecurityHeaderLayout = SecurityHeaderLayout.Lax;

            // TEST
            //secBindingElement.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256Rsa15;
            secBindingElement.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256;

            secBindingElement.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
            secBindingElement.IncludeTimestamp = true;
            secBindingElement.SetKeyDerivation(false);
            secBindingElement.AllowSerializedSigningTokenOnReply = true;
            secBindingElement.RequireSignatureConfirmation = false;

            //WS2007HttpBinding stsBinding = new WS2007HttpBinding("wssuntBinding");
            //CustomBinding stsBinding = new CustomBinding("ADS-CustomSecureTransport");

            // TEMPORARILY DISABLED

            // .Net 3.5
            //string adsAddress = "http://ha50idp:8089/ADS-STS/Issue.svc";

            // .Net 4.0
            string adsAddress = "https://ha50idp:8543/ADS-STS/Issue.svc";

            //IssuedSecurityTokenParameters issuedTokenParameters = new IssuedSecurityTokenParameters("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0",
            //    new EndpointAddress(adsAddress), stsBinding);

            IssuedSecurityTokenParameters issuedTokenParameters = new IssuedSecurityTokenParameters("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");


            issuedTokenParameters.UseStrTransform = false;

            issuedTokenParameters.KeyType = SecurityKeyType.BearerKey;
            //issuedTokenParameters.KeyType = SecurityKeyType.AsymmetricKey;
            //issuedTokenParameters.KeyType = SecurityKeyType.SymmetricKey;

            // 256?
            //issuedTokenParameters.KeySize = 256;
            issuedTokenParameters.KeySize = 0;

            // .Net 3.5
            //string adsMexAddress = "http://ha50idp:8089/ADS-STS/Issue.svc/mex";

            // .Net 4.0
            //string adsMexAddress = "https://ha50idp:8543/ADS-STS/Issue.svc/mex";


            //issuedTokenParameters.IssuerMetadataAddress = new EndpointAddress(adsMexAddress);
            issuedTokenParameters.RequireDerivedKeys = false;
            issuedTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
            issuedTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
            //issuedTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External;

            // Claims
            //issuedTokenParameters.ClaimTypeRequirements.Add(new ClaimTypeRequirement("gfipm:2.0:user:SurName"));
            //issuedTokenParameters.ClaimTypeRequirements.Add(new ClaimTypeRequirement("gfipm:2.0:user:GivenName"));
            //issuedTokenParameters.ClaimTypeRequirements.Add(new ClaimTypeRequirement("gfipm:2.0:user:EmailAddressText"));
            //issuedTokenParameters.ClaimTypeRequirements.Add(new ClaimTypeRequirement("gfipm:2.0:user:TelephoneNumber"));
            //issuedTokenParameters.ClaimTypeRequirements.Add(new ClaimTypeRequirement("gfipm:2.0:user:FederationId"));


            // THis is a test
            //secBindingElement.EndpointSupportingTokenParameters.SignedEncrypted.Add(issuedTokenParameters);

            // This is the right one
            secBindingElement.EndpointSupportingTokenParameters.Signed.Add(issuedTokenParameters);

            //secBindingElement.EndpointSupportingTokenParameters.Endorsing.Add(issuedTokenParameters);
            
            // need to put this in configuration

            //X509KeyIdentifierClauseType keyIdClauseType = X509KeyIdentifierClauseType.Any;


            X509KeyIdentifierClauseType keyIdClauseType = X509KeyIdentifierClauseType.SubjectKeyIdentifier;

            //X509KeyIdentifierClauseType keyIdClauseType = X509KeyIdentifierClauseType.IssuerSerial;

            //X509KeyIdentifierClauseType keyIdClauseType = X509KeyIdentifierClauseType.Thumbprint;

            X509SecurityTokenParameters initiatorTokenParameters = new X509SecurityTokenParameters(keyIdClauseType,
                SecurityTokenInclusionMode.AlwaysToRecipient);
            initiatorTokenParameters.RequireDerivedKeys = false;
            initiatorTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;

            initiatorTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External;
            //initiatorTokenParameters.ReferenceStyle = (SecurityTokenReferenceStyle)X509KeyIdentifierClauseType.RawDataKeyIdentifier;
            secBindingElement.InitiatorTokenParameters = initiatorTokenParameters;

            X509SecurityTokenParameters recipientTokenParameters = new X509SecurityTokenParameters(keyIdClauseType,
                SecurityTokenInclusionMode.Never);
            recipientTokenParameters.RequireDerivedKeys = false;
            recipientTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never;
            recipientTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External;
            secBindingElement.RecipientTokenParameters = recipientTokenParameters;


            secBindingElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12;

            return secBindingElement;
        }

Ejemplo n.º 15

0

Mostrar archivo

Archivo: StsBinding.cs Proyecto: svn2github/ehi

        private SecurityBindingElement CreateSecurity()
        {
            AsymmetricSecurityBindingElement security = new AsymmetricSecurityBindingElement();

            X509SecurityTokenParameters clientToken = new X509SecurityTokenParameters();
            clientToken.X509ReferenceStyle = X509KeyIdentifierClauseType.Any;
            clientToken.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
            clientToken.RequireDerivedKeys = false;
            clientToken.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
            security.InitiatorTokenParameters = clientToken; //Creates an _unsigned_ binary token + signature that references the other binary token.

            X509SecurityTokenParameters serverToken = new X509SecurityTokenParameters();
            serverToken.X509ReferenceStyle = X509KeyIdentifierClauseType.Any;
            serverToken.InclusionMode = SecurityTokenInclusionMode.Never;
            serverToken.RequireDerivedKeys = false;
            serverToken.ReferenceStyle = SecurityTokenReferenceStyle.External;
            security.RecipientTokenParameters = serverToken; //Only to make asymetric binding work

            security.EndpointSupportingTokenParameters.Signed.Add(clientToken); //Create a signed binary token + signature that does _not_ references other binary token.
            //Later on the unsigned binary token is removed and the non referecing signature is removed.  The signed token and referencing signature are linked.

            security.EnableUnsecuredResponse = true;
            security.IncludeTimestamp = true;
            security.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
            security.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256;
            security.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
            security.SetKeyDerivation(false);

            return security;
        }

Ejemplo n.º 16

0

Mostrar archivo

Archivo: AsymmetricSecurityBindingElementTest.cs Proyecto: Profit0004/mono

		public void SetKeyDerivation ()
		{
			AsymmetricSecurityBindingElement be;
			X509SecurityTokenParameters p, p2;

			be = new AsymmetricSecurityBindingElement ();
			p = new X509SecurityTokenParameters ();
			p2 = new X509SecurityTokenParameters ();
			be.InitiatorTokenParameters = p;
			be.RecipientTokenParameters = p2;
			be.SetKeyDerivation (false);
			Assert.AreEqual (false, p.RequireDerivedKeys, "#1");
			Assert.AreEqual (false, p2.RequireDerivedKeys, "#2");

			be = new AsymmetricSecurityBindingElement ();
			p = new X509SecurityTokenParameters ();
			p2 = new X509SecurityTokenParameters ();
			be.SetKeyDerivation (false); // set in prior - makes no sense
			be.InitiatorTokenParameters = p;
			be.RecipientTokenParameters = p2;
			Assert.AreEqual (true, p.RequireDerivedKeys, "#3");
			Assert.AreEqual (true, p2.RequireDerivedKeys, "#4");
		}

Ejemplo n.º 17

0

Mostrar archivo

Archivo: AsymmetricSecurityBindingElementTest.cs Proyecto: Profit0004/mono

		public void ClientInitiatorHasNoKeysCore (bool deriveKeys, MessageProtectionOrder order)
		{
			AsymmetricSecurityBindingElement sbe =
				new AsymmetricSecurityBindingElement ();
			sbe.InitiatorTokenParameters =
				new UserNameSecurityTokenParameters ();
			sbe.RecipientTokenParameters =
				new X509SecurityTokenParameters ();
			sbe.SetKeyDerivation (deriveKeys);
			sbe.MessageProtectionOrder = order;
			TransportBindingElement tbe = new HandlerTransportBindingElement (delegate (Message input) {
				// funky, but .NET does not raise an error
				// until it writes the message to somewhere.
				// That is, it won't raise an error if this
				// HandlerTransportBindingElement does not
				// write the input message to somewhere.
				// It is an obvious bug.
				input.WriteMessage (XmlWriter.Create (TextWriter.Null));
				throw new Exception ();
			});
			CustomBinding binding = new CustomBinding (sbe, tbe);
			EndpointAddress address = new EndpointAddress (
				new Uri ("stream:dummy"),
				new X509CertificateEndpointIdentity (cert2));
			CalcProxy proxy = new CalcProxy (binding, address);
			proxy.ClientCredentials.UserName.UserName = "******";
			proxy.Open ();
			// Until here the wrong parameters are not checked.
			proxy.Sum (1, 2);
		}

Ejemplo n.º 18

0

Mostrar archivo

Archivo: WspCustomSecuredBinding.cs Proyecto: gtkrug/gfipm-ws-ms.net

        private SecurityBindingElement CreateSecurityBindingElement()
        {
            CustomTextTraceSource ts = new CustomTextTraceSource("Common.WspCustomSecuredBinding.CreateSecurityBindingElement",
                "MyTraceSource", System.Diagnostics.SourceLevels.Information);

            AsymmetricSecurityBindingElement secBindingElement = new AsymmetricSecurityBindingElement();

            secBindingElement.SecurityHeaderLayout = SecurityHeaderLayout.Lax;

            //secBindingElement.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256;
            secBindingElement.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256Sha256;

            secBindingElement.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
            secBindingElement.IncludeTimestamp = true;
            secBindingElement.SetKeyDerivation(false);
            secBindingElement.AllowSerializedSigningTokenOnReply = true;

            secBindingElement.RequireSignatureConfirmation = true;

            // SAML assertion as a signed-encrypted supporting token
            IssuedSecurityTokenParameters issuedTokenParameters =
                new IssuedSecurityTokenParameters("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");

            // Compliance with WSS SAML Token Profile 1.1
            // Target .Net 3.5. Does not work with .Net 4
            issuedTokenParameters.UseStrTransform = _enableStrTransform;
            ts.TraceInformation("issuedTokenParameters.UseStrTransform = " + issuedTokenParameters.UseStrTransform.ToString());

            // Using bearer key type which means no proof key
            issuedTokenParameters.KeyType = SecurityKeyType.BearerKey;
            issuedTokenParameters.KeySize = 0;


            issuedTokenParameters.RequireDerivedKeys = false;
            issuedTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
            issuedTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
            //issuedTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External;

            // These claims are not really needed here. We are doing out of band requests!
            // Claims
            //issuedTokenParameters.ClaimTypeRequirements.Add(new ClaimTypeRequirement("gfipm:2.0:user:SurName"));
            //issuedTokenParameters.ClaimTypeRequirements.Add(new ClaimTypeRequirement("gfipm:2.0:user:GivenName"));
            //issuedTokenParameters.ClaimTypeRequirements.Add(new ClaimTypeRequirement("gfipm:2.0:user:EmailAddressText"));
            //issuedTokenParameters.ClaimTypeRequirements.Add(new ClaimTypeRequirement("gfipm:2.0:user:TelephoneNumber"));
            //issuedTokenParameters.ClaimTypeRequirements.Add(new ClaimTypeRequirement("gfipm:2.0:user:FederationId"));


            // GFIPM S2S 6.4 User Authorization - Encrypted GFIPM User Assertion
            //secBindingElement.EndpointSupportingTokenParameters.SignedEncrypted.Add(issuedTokenParameters);

            // For debug
            secBindingElement.EndpointSupportingTokenParameters.Signed.Add(issuedTokenParameters);

            X509KeyIdentifierClauseType keyIdClauseType = X509KeyIdentifierClauseType.Thumbprint;

            X509SecurityTokenParameters initiatorTokenParameters = new X509SecurityTokenParameters(keyIdClauseType,
                SecurityTokenInclusionMode.AlwaysToRecipient);
            initiatorTokenParameters.RequireDerivedKeys = false;
            initiatorTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;

            //initiatorTokenParameters.ReferenceStyle = (SecurityTokenReferenceStyle)X509KeyIdentifierClauseType.RawDataKeyIdentifier;
            secBindingElement.InitiatorTokenParameters = initiatorTokenParameters;

            X509SecurityTokenParameters recipientTokenParameters = new X509SecurityTokenParameters(keyIdClauseType,
                SecurityTokenInclusionMode.AlwaysToInitiator);
            recipientTokenParameters.RequireDerivedKeys = false;
            recipientTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToInitiator;
            //recipientTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External;
            secBindingElement.RecipientTokenParameters = recipientTokenParameters;

            secBindingElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;

            //Set the Custom IdentityVerifier
            secBindingElement.LocalClientSettings.IdentityVerifier = new Common.CustomIdentityVerifier();
            //////////////////////////////////////////////////////////
            
            return secBindingElement;
        }

Ejemplos de AsymmetricSecurityBindingElement.SetKeyDerivation en C# (CSharp)