internal static void Validate(SecurityKeyEntropyMode value)
{
if (!IsDefined(value))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidEnumArgumentException("value", (int) value, typeof(SecurityKeyEntropyMode)));
}
}
internal static void Validate(SecurityKeyEntropyMode value)
{
if (!IsDefined(value))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidEnumArgumentException("value", (int)value, typeof(SecurityKeyEntropyMode)));
}
}
internal SecurityBindingElement(SecurityBindingElement elementToBeCloned)
: base(elementToBeCloned)
{
if (elementToBeCloned == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(elementToBeCloned));
}
_defaultAlgorithmSuite = elementToBeCloned._defaultAlgorithmSuite;
IncludeTimestamp = elementToBeCloned.IncludeTimestamp;
_keyEntropyMode = elementToBeCloned._keyEntropyMode;
_messageSecurityVersion = elementToBeCloned._messageSecurityVersion;
_securityHeaderLayout = elementToBeCloned._securityHeaderLayout;
EndpointSupportingTokenParameters = elementToBeCloned.EndpointSupportingTokenParameters.Clone();
OptionalEndpointSupportingTokenParameters = elementToBeCloned.OptionalEndpointSupportingTokenParameters.Clone();
_operationSupportingTokenParameters = new Dictionary <string, SupportingTokenParameters>();
foreach (string key in elementToBeCloned._operationSupportingTokenParameters.Keys)
{
_operationSupportingTokenParameters[key] = elementToBeCloned._operationSupportingTokenParameters[key].Clone();
}
_optionalOperationSupportingTokenParameters = new Dictionary <string, SupportingTokenParameters>();
foreach (string key in elementToBeCloned._optionalOperationSupportingTokenParameters.Keys)
{
_optionalOperationSupportingTokenParameters[key] = elementToBeCloned._optionalOperationSupportingTokenParameters[key].Clone();
}
LocalClientSettings = elementToBeCloned.LocalClientSettings.Clone();
MaxReceivedMessageSize = elementToBeCloned.MaxReceivedMessageSize;
ReaderQuotas = elementToBeCloned.ReaderQuotas;
EnableUnsecuredResponse = elementToBeCloned.EnableUnsecuredResponse;
}
internal SecurityBindingElement(SecurityBindingElement elementToBeCloned)
: base(elementToBeCloned)
{
if (elementToBeCloned == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(elementToBeCloned));
}
_defaultAlgorithmSuite = elementToBeCloned._defaultAlgorithmSuite;
IncludeTimestamp = elementToBeCloned.IncludeTimestamp;
_keyEntropyMode = elementToBeCloned._keyEntropyMode;
_messageSecurityVersion = elementToBeCloned._messageSecurityVersion;
_securityHeaderLayout = elementToBeCloned._securityHeaderLayout;
EndpointSupportingTokenParameters = (SupportingTokenParameters)elementToBeCloned.EndpointSupportingTokenParameters.Clone();
OptionalEndpointSupportingTokenParameters = (SupportingTokenParameters)elementToBeCloned.OptionalEndpointSupportingTokenParameters.Clone();
_operationSupportingTokenParameters = new Dictionary <string, SupportingTokenParameters>();
foreach (string key in elementToBeCloned._operationSupportingTokenParameters.Keys)
{
_operationSupportingTokenParameters[key] = (SupportingTokenParameters)elementToBeCloned._operationSupportingTokenParameters[key].Clone();
}
_optionalOperationSupportingTokenParameters = new Dictionary <string, SupportingTokenParameters>();
foreach (string key in elementToBeCloned._optionalOperationSupportingTokenParameters.Keys)
{
_optionalOperationSupportingTokenParameters[key] = (SupportingTokenParameters)elementToBeCloned._optionalOperationSupportingTokenParameters[key].Clone();
}
LocalServiceSettings = (LocalServiceSecuritySettings)elementToBeCloned.LocalServiceSettings.Clone();
// this.internalDuplexBindingElement = elementToBeCloned.internalDuplexBindingElement;
MaxReceivedMessageSize = elementToBeCloned.MaxReceivedMessageSize;
ReaderQuotas = elementToBeCloned.ReaderQuotas;
DoNotEmitTrust = elementToBeCloned.DoNotEmitTrust;
AllowInsecureTransport = elementToBeCloned.AllowInsecureTransport;
EnableUnsecuredResponse = elementToBeCloned.EnableUnsecuredResponse;
SupportsExtendedProtectionPolicy = elementToBeCloned.SupportsExtendedProtectionPolicy;
ProtectTokens = elementToBeCloned.ProtectTokens;
}
public CoreFederatedTokenProvider(SafeFreeCredentials credentialsHandle) : base()
{
this.credentialsHandle = credentialsHandle;
this.channelBehaviors = new KeyedByTypeCollection <IEndpointBehavior>();
this.addTargetServiceAppliesTo = true;
this.keyEntropyMode = defaultKeyEntropyMode;
}
internal SecurityBindingElement(SecurityBindingElement elementToBeCloned)
: base(elementToBeCloned)
{
if (elementToBeCloned == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("elementToBeCloned");
}
this.defaultAlgorithmSuite = elementToBeCloned.defaultAlgorithmSuite;
this.includeTimestamp = elementToBeCloned.includeTimestamp;
this.keyEntropyMode = elementToBeCloned.keyEntropyMode;
this.messageSecurityVersion = elementToBeCloned.messageSecurityVersion;
this.securityHeaderLayout = elementToBeCloned.securityHeaderLayout;
this.endpointSupportingTokenParameters = (SupportingTokenParameters)elementToBeCloned.endpointSupportingTokenParameters.Clone();
this.optionalEndpointSupportingTokenParameters = (SupportingTokenParameters)elementToBeCloned.optionalEndpointSupportingTokenParameters.Clone();
this.operationSupportingTokenParameters = new Dictionary <string, SupportingTokenParameters>();
foreach (string key in elementToBeCloned.operationSupportingTokenParameters.Keys)
{
this.operationSupportingTokenParameters[key] = (SupportingTokenParameters)elementToBeCloned.operationSupportingTokenParameters[key].Clone();
}
this.optionalOperationSupportingTokenParameters = new Dictionary <string, SupportingTokenParameters>();
foreach (string key in elementToBeCloned.optionalOperationSupportingTokenParameters.Keys)
{
this.optionalOperationSupportingTokenParameters[key] = (SupportingTokenParameters)elementToBeCloned.optionalOperationSupportingTokenParameters[key].Clone();
}
this.localServiceSettings = (LocalServiceSecuritySettings)elementToBeCloned.localServiceSettings.Clone();
// this.internalDuplexBindingElement = elementToBeCloned.internalDuplexBindingElement;
this.maxReceivedMessageSize = elementToBeCloned.maxReceivedMessageSize;
this.readerQuotas = elementToBeCloned.readerQuotas;
this.doNotEmitTrust = elementToBeCloned.doNotEmitTrust;
this.allowInsecureTransport = elementToBeCloned.allowInsecureTransport;
this.enableUnsecuredResponse = elementToBeCloned.enableUnsecuredResponse;
this.supportsExtendedProtectionPolicy = elementToBeCloned.supportsExtendedProtectionPolicy;
this.protectTokens = elementToBeCloned.protectTokens;
}
internal IssuedTokenClientCredential(IssuedTokenClientCredential other)
{
this.defaultKeyEntropyMode = SecurityKeyEntropyMode.CombinedEntropy;
this.cacheIssuedTokens = true;
this.maxIssuedTokenCachingTime = IssuanceTokenProviderBase <SspiNegotiationTokenProviderState> .DefaultClientMaxTokenCachingTime;
this.issuedTokenRenewalThresholdPercentage = 60;
this.defaultKeyEntropyMode = other.defaultKeyEntropyMode;
this.cacheIssuedTokens = other.cacheIssuedTokens;
this.issuedTokenRenewalThresholdPercentage = other.issuedTokenRenewalThresholdPercentage;
this.maxIssuedTokenCachingTime = other.maxIssuedTokenCachingTime;
this.localIssuerAddress = other.localIssuerAddress;
this.localIssuerBinding = (other.localIssuerBinding != null) ? new CustomBinding(other.localIssuerBinding) : null;
if (other.localIssuerChannelBehaviors != null)
{
this.localIssuerChannelBehaviors = this.GetBehaviorCollection(other.localIssuerChannelBehaviors);
}
if (other.issuerChannelBehaviors != null)
{
this.issuerChannelBehaviors = new Dictionary <Uri, KeyedByTypeCollection <IEndpointBehavior> >();
foreach (Uri uri in other.issuerChannelBehaviors.Keys)
{
this.issuerChannelBehaviors.Add(uri, this.GetBehaviorCollection(other.issuerChannelBehaviors[uri]));
}
}
this.isReadOnly = other.isReadOnly;
}
internal IssuedTokenClientCredential()
{
this.defaultKeyEntropyMode = SecurityKeyEntropyMode.CombinedEntropy;
this.cacheIssuedTokens = true;
this.maxIssuedTokenCachingTime = IssuanceTokenProviderBase <SspiNegotiationTokenProviderState> .DefaultClientMaxTokenCachingTime;
this.issuedTokenRenewalThresholdPercentage = 60;
}
public SecuritySessionSecurityTokenProvider(SafeFreeCredentials credentialsHandle)
: base()
{
this.credentialsHandle = credentialsHandle;
this.standardsManager = SecurityStandardsManager.DefaultInstance;
this.keyEntropyMode = AcceleratedTokenProvider.defaultKeyEntropyMode;
}
internal static bool IsDefined(SecurityKeyEntropyMode value)
{
if ((value != SecurityKeyEntropyMode.ClientEntropy) && (value != SecurityKeyEntropyMode.ServerEntropy))
{
return(value == SecurityKeyEntropyMode.CombinedEntropy);
}
return(true);
}
internal static bool IsDefined(SecurityKeyEntropyMode value)
{
if ((value != SecurityKeyEntropyMode.ClientEntropy) && (value != SecurityKeyEntropyMode.ServerEntropy))
{
return (value == SecurityKeyEntropyMode.CombinedEntropy);
}
return true;
}
public static void AssertSymmetricSecurityBindingElement(
SecurityAlgorithmSuite algorithm,
bool includeTimestamp,
SecurityKeyEntropyMode keyEntropyMode,
MessageProtectionOrder messageProtectionOrder,
MessageSecurityVersion messageSecurityVersion,
bool requireSignatureConfirmation,
SecurityHeaderLayout securityHeaderLayout,
// EndpointSupportingTokenParameters
int endorsing, int signed, int signedEncrypted, int signedEndorsing,
// ProtectionTokenParameters
bool hasProtectionTokenParameters,
SecurityTokenInclusionMode protectionTokenInclusionMode,
SecurityTokenReferenceStyle protectionTokenReferenceStyle,
bool protectionTokenRequireDerivedKeys,
// LocalClientSettings
bool cacheCookies,
int renewalThresholdPercentage,
bool detectReplays,
SymmetricSecurityBindingElement be, string label)
{
AssertSecurityBindingElement(
algorithm,
includeTimestamp,
keyEntropyMode,
messageSecurityVersion,
securityHeaderLayout,
// EndpointSupportingTokenParameters
endorsing, signed, signedEncrypted, signedEndorsing,
// LocalClientSettings
cacheCookies,
renewalThresholdPercentage,
detectReplays,
be, label);
Assert.AreEqual(messageProtectionOrder, be.MessageProtectionOrder, label + ".MessageProtectionOrder");
Assert.AreEqual(requireSignatureConfirmation, be.RequireSignatureConfirmation, label + ".RequireSignatureConfirmation");
if (!hasProtectionTokenParameters)
{
Assert.IsNull(be.ProtectionTokenParameters, label + ".ProtectionTokenParameters (null)");
}
else
{
AssertSecurityTokenParameters(
protectionTokenInclusionMode,
protectionTokenReferenceStyle,
protectionTokenRequireDerivedKeys,
be.ProtectionTokenParameters, label + ".ProtectionTokenParameters");
}
}
internal SecurityBindingElement()
: base()
{
_messageSecurityVersion = MessageSecurityVersion.Default;
_keyEntropyMode = AcceleratedTokenProvider.defaultKeyEntropyMode;
IncludeTimestamp = defaultIncludeTimestamp;
_defaultAlgorithmSuite = defaultDefaultAlgorithmSuite;
LocalClientSettings = new LocalClientSecuritySettings();
EndpointSupportingTokenParameters = new SupportingTokenParameters();
OptionalEndpointSupportingTokenParameters = new SupportingTokenParameters();
_operationSupportingTokenParameters = new Dictionary <string, SupportingTokenParameters>();
_optionalOperationSupportingTokenParameters = new Dictionary <string, SupportingTokenParameters>();
_securityHeaderLayout = SecurityProtocolFactory.defaultSecurityHeaderLayout;
}
internal SecurityBindingElement()
: base()
{
_messageSecurityVersion = MessageSecurityVersion.Default;
_keyEntropyMode = SecurityKeyEntropyMode.CombinedEntropy; // AcceleratedTokenProvider.defaultKeyEntropyMode;
IncludeTimestamp = DefaultIncludeTimestamp;
_defaultAlgorithmSuite = s_defaultDefaultAlgorithmSuite;
LocalServiceSettings = new LocalServiceSecuritySettings();
EndpointSupportingTokenParameters = new SupportingTokenParameters();
OptionalEndpointSupportingTokenParameters = new SupportingTokenParameters();
_operationSupportingTokenParameters = new Dictionary <string, SupportingTokenParameters>();
_optionalOperationSupportingTokenParameters = new Dictionary <string, SupportingTokenParameters>();
_securityHeaderLayout = SecurityHeaderLayout.Strict; // SecurityProtocolFactory.defaultSecurityHeaderLayout;
AllowInsecureTransport = DefaultAllowInsecureTransport;
EnableUnsecuredResponse = DefaultEnableUnsecuredResponse;
ProtectTokens = DefaultProtectTokens;
}
internal IssuedTokenClientCredential(IssuedTokenClientCredential other)
{
this.defaultKeyEntropyMode = other.defaultKeyEntropyMode;
this.cacheIssuedTokens = other.cacheIssuedTokens;
this.issuedTokenRenewalThresholdPercentage = other.issuedTokenRenewalThresholdPercentage;
this.maxIssuedTokenCachingTime = other.maxIssuedTokenCachingTime;
this.localIssuerAddress = other.localIssuerAddress;
this.localIssuerBinding = (other.localIssuerBinding != null) ? new CustomBinding(other.localIssuerBinding) : null;
if (other.localIssuerChannelBehaviors != null)
this.localIssuerChannelBehaviors = GetBehaviorCollection(other.localIssuerChannelBehaviors);
if (other.issuerChannelBehaviors != null)
{
this.issuerChannelBehaviors = new Dictionary<Uri, KeyedByTypeCollection<IEndpointBehavior>>();
foreach (Uri uri in other.issuerChannelBehaviors.Keys)
{
this.issuerChannelBehaviors.Add(uri, GetBehaviorCollection(other.issuerChannelBehaviors[uri]));
}
}
this.isReadOnly = other.isReadOnly;
}
//<snippet2>
// This method configures the IssuedToken property of the Credentials property of a proxy/channel factory
public static void ConfigureIssuedTokenClientCredentials(ChannelFactory cf, bool cacheTokens,
TimeSpan tokenCacheTime, int renewalPercentage,
SecurityKeyEntropyMode entropyMode
)
{
if (cf == null)
{
throw new ArgumentNullException("ChannelFactory");
}
// Set the CacheIssuedTokens property
cf.Credentials.IssuedToken.CacheIssuedTokens = cacheTokens;
// Set the MaxIssuedTokenCachingTime property
cf.Credentials.IssuedToken.MaxIssuedTokenCachingTime = tokenCacheTime;
// Set the IssuedTokenRenewalThresholdPercentage property
cf.Credentials.IssuedToken.IssuedTokenRenewalThresholdPercentage = renewalPercentage;
// Set the DefaulyKeyEntropyMode property
cf.Credentials.IssuedToken.DefaultKeyEntropyMode = entropyMode;
}
internal IssuedTokenClientCredential(IssuedTokenClientCredential other)
{
this.defaultKeyEntropyMode = other.defaultKeyEntropyMode;
this.cacheIssuedTokens = other.cacheIssuedTokens;
this.issuedTokenRenewalThresholdPercentage = other.issuedTokenRenewalThresholdPercentage;
this.maxIssuedTokenCachingTime = other.maxIssuedTokenCachingTime;
this.localIssuerAddress = other.localIssuerAddress;
this.localIssuerBinding = (other.localIssuerBinding != null) ? new CustomBinding(other.localIssuerBinding) : null;
if (other.localIssuerChannelBehaviors != null)
{
this.localIssuerChannelBehaviors = GetBehaviorCollection(other.localIssuerChannelBehaviors);
}
if (other.issuerChannelBehaviors != null)
{
this.issuerChannelBehaviors = new Dictionary <Uri, KeyedByTypeCollection <IEndpointBehavior> >();
foreach (Uri uri in other.issuerChannelBehaviors.Keys)
{
this.issuerChannelBehaviors.Add(uri, GetBehaviorCollection(other.issuerChannelBehaviors[uri]));
}
}
this.isReadOnly = other.isReadOnly;
}
public AcceleratedTokenAuthenticator()
: base()
{
keyEntropyMode = AcceleratedTokenProvider.defaultKeyEntropyMode;
}
public GenericXmlSecurityToken GetIssuedToken(SecurityTokenResolver resolver, IList <SecurityTokenAuthenticator> allowedAuthenticators, SecurityKeyEntropyMode keyEntropyMode, byte[] requestorEntropy, string expectedTokenType,
ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies)
{
return(this.GetIssuedToken(resolver, allowedAuthenticators, keyEntropyMode, requestorEntropy, expectedTokenType, authorizationPolicies, 0, false));
}
public virtual GenericXmlSecurityToken GetIssuedToken(SecurityTokenResolver resolver, IList <SecurityTokenAuthenticator> allowedAuthenticators, SecurityKeyEntropyMode keyEntropyMode, byte[] requestorEntropy, string expectedTokenType,
ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies, int defaultKeySize, bool isBearerKeyType)
{
if (!this.isReceiver)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ItemAvailableInDeserializedRSTROnly, "GetIssuedToken")));
}
return(this.standardsManager.TrustDriver.GetIssuedToken(this, resolver, allowedAuthenticators, keyEntropyMode, requestorEntropy, expectedTokenType, authorizationPolicies, defaultKeySize, isBearerKeyType));
}
public virtual XmlElement CreateWsspRequireServerEntropyAssertion(SecurityKeyEntropyMode keyEntropyMode)
{
if ((keyEntropyMode != SecurityKeyEntropyMode.ServerEntropy) && (keyEntropyMode != SecurityKeyEntropyMode.CombinedEntropy))
{
return null;
}
return this.CreateWsspAssertion("RequireServerEntropy");
}
internal static bool IsDefined(SecurityKeyEntropyMode value)
{
return(value == SecurityKeyEntropyMode.ClientEntropy ||
value == SecurityKeyEntropyMode.ServerEntropy ||
value == SecurityKeyEntropyMode.CombinedEntropy);
}
public static void AssertAsymmetricSecurityBindingElement (
SecurityAlgorithmSuite algorithm,
bool includeTimestamp,
SecurityKeyEntropyMode keyEntropyMode,
MessageProtectionOrder messageProtectionOrder,
MessageSecurityVersion messageSecurityVersion,
bool requireSignatureConfirmation,
SecurityHeaderLayout securityHeaderLayout,
// EndpointSupportingTokenParameters
int endorsing, int signed, int signedEncrypted, int signedEndorsing,
// InitiatorTokenParameters
bool hasInitiatorTokenParameters,
SecurityTokenInclusionMode initiatorTokenInclusionMode,
SecurityTokenReferenceStyle initiatorTokenReferenceStyle,
bool initiatorTokenRequireDerivedKeys,
// RecipientTokenParameters
bool hasRecipientTokenParameters,
SecurityTokenInclusionMode recipientTokenInclusionMode,
SecurityTokenReferenceStyle recipientTokenReferenceStyle,
bool recipientTokenRequireDerivedKeys,
// LocalClientSettings
bool cacheCookies,
int renewalThresholdPercentage,
bool detectReplays,
AsymmetricSecurityBindingElement be, string label)
{
AssertSecurityBindingElement (
algorithm,
includeTimestamp,
keyEntropyMode,
messageSecurityVersion,
securityHeaderLayout,
// EndpointSupportingTokenParameters
endorsing, signed, signedEncrypted, signedEndorsing,
// LocalClientSettings
cacheCookies,
renewalThresholdPercentage,
detectReplays,
be, label);
Assert.AreEqual (messageProtectionOrder, be.MessageProtectionOrder, label + ".MessageProtectionOrder");
Assert.AreEqual (requireSignatureConfirmation, be.RequireSignatureConfirmation, label + ".RequireSignatureConfirmation");
if (!hasInitiatorTokenParameters)
Assert.IsNull (be.InitiatorTokenParameters, label + ".InitiatorTokenParameters (null)");
else
AssertSecurityTokenParameters (
initiatorTokenInclusionMode,
initiatorTokenReferenceStyle,
initiatorTokenRequireDerivedKeys,
be.InitiatorTokenParameters, label + ".InitiatorTokenParameters");
if (!hasRecipientTokenParameters)
Assert.IsNull (be.RecipientTokenParameters, label + ".RecipientTokenParameters (null)");
else
AssertSecurityTokenParameters (
recipientTokenInclusionMode,
recipientTokenReferenceStyle,
recipientTokenRequireDerivedKeys,
be.RecipientTokenParameters, label + ".RecipientTokenParameters");
}
public static void AssertSecurityBindingElement(
SecurityAlgorithmSuite algorithm,
bool includeTimestamp,
SecurityKeyEntropyMode keyEntropyMode,
MessageSecurityVersion messageSecurityVersion,
SecurityHeaderLayout securityHeaderLayout,
// EndpointSupportingTokenParameters
int endorsing, int signed, int signedEncrypted, int signedEndorsing,
// LocalClientSettings
bool cacheCookies,
int renewalThresholdPercentage,
bool detectReplays,
SecurityBindingElement be, string label)
{
Assert.AreEqual(algorithm, be.DefaultAlgorithmSuite, label + ".DefaultAlgorithmSuite");
Assert.AreEqual(includeTimestamp, be.IncludeTimestamp, label + ".KeyEntropyMode");
Assert.AreEqual(keyEntropyMode,
be.KeyEntropyMode, label + "#3");
Assert.AreEqual(messageSecurityVersion,
be.MessageSecurityVersion, label + ".MessageSecurityVersion");
Assert.AreEqual(securityHeaderLayout,
be.SecurityHeaderLayout, label + ".SecurityHeaderLayout");
// FIXME: they should be extracted step by step...
// EndpointSupportingTokenParameters
SupportingTokenParameters tp = be.EndpointSupportingTokenParameters;
AssertSupportingTokenParameters(
endorsing, signed, signedEncrypted, signedEndorsing,
tp, label + ".Endpoint");
// OptionalEndpointSupportingTokenParameters
tp = be.OptionalEndpointSupportingTokenParameters;
Assert.IsNotNull(tp, label + "#3-0");
Assert.AreEqual(0, tp.Endorsing.Count, label + "#3-1");
Assert.AreEqual(0, tp.Signed.Count, label + "#3-2");
Assert.AreEqual(0, tp.SignedEncrypted.Count, label + "#3-3");
Assert.AreEqual(0, tp.SignedEndorsing.Count, label + "#3-4");
// OperationSupportingTokenParameters
IDictionary <string, SupportingTokenParameters> oper = be.OperationSupportingTokenParameters;
Assert.IsNotNull(oper, label + "#4-1");
Assert.AreEqual(0, oper.Count, label + "#4-2");
// OptionalOperationSupportingTokenParameters
oper = be.OptionalOperationSupportingTokenParameters;
Assert.IsNotNull(oper, label + "#5-1");
Assert.AreEqual(0, oper.Count, label + "#5-2");
// LocalClientSettings
LocalClientSecuritySettings lc =
be.LocalClientSettings;
AssertLocalClientSecuritySettings(
cacheCookies,
renewalThresholdPercentage,
detectReplays,
lc, "");
// FIXME: IdentityVerifier
Assert.AreEqual(TimeSpan.FromMinutes(5), lc.MaxClockSkew, label + "#7-5");
Assert.AreEqual(TimeSpan.MaxValue, lc.MaxCookieCachingTime, label + "#7-6");
Assert.AreEqual(true, lc.ReconnectTransportOnFailure, label + "#7-7");
Assert.AreEqual(900000, lc.ReplayCacheSize, label + "#7-8");
Assert.AreEqual(TimeSpan.FromMinutes(5), lc.ReplayWindow, label + "#7-9");
Assert.AreEqual(TimeSpan.FromHours(10), lc.SessionKeyRenewalInterval, label + "#7-10");
Assert.AreEqual(TimeSpan.FromMinutes(5), lc.SessionKeyRolloverInterval, label + "#7-11");
Assert.AreEqual(TimeSpan.FromMinutes(5), lc.TimestampValidityDuration, label + "#7-12");
// FIXME: LocalServiceSettings
}
// RSTR specific method
public abstract GenericXmlSecurityToken GetIssuedToken(RequestSecurityTokenResponse rstr, SecurityTokenResolver resolver, IList <SecurityTokenAuthenticator> allowedAuthenticators, SecurityKeyEntropyMode keyEntropyMode, byte[] requestorEntropy,
string expectedTokenType, ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies, int defaultKeySize, bool isBearerKeyType);
public SecuritySessionSecurityTokenProvider(SafeFreeCredentials credentialsHandle)
{
this.credentialsHandle = credentialsHandle;
this.standardsManager = SecurityStandardsManager.DefaultInstance;
this.keyEntropyMode = SecurityKeyEntropyMode.CombinedEntropy;
}
public abstract XmlElement CreateWsspTrustAssertion(MetadataExporter exporter, SecurityKeyEntropyMode keyEntropyMode);
protected XmlElement CreateWsspTrustAssertion(string trustName, MetadataExporter exporter, SecurityKeyEntropyMode keyEntropyMode)
{
XmlElement element = this.CreateWsspAssertion(trustName);
element.AppendChild(this.CreateWspPolicyWrapper(exporter, new XmlElement[] { this.CreateWsspAssertion("MustSupportIssuedTokens"), this.CreateWsspRequireClientEntropyAssertion(keyEntropyMode), this.CreateWsspRequireServerEntropyAssertion(keyEntropyMode) }));
return element;
}
public override XmlElement CreateWsspTrustAssertion(MetadataExporter exporter, SecurityKeyEntropyMode keyEntropyMode)
{
return(base.CreateWsspTrustAssertion("Trust13", exporter, keyEntropyMode));
}
public static void AssertSecurityBindingElement (
SecurityAlgorithmSuite algorithm,
bool includeTimestamp,
SecurityKeyEntropyMode keyEntropyMode,
MessageSecurityVersion messageSecurityVersion,
SecurityHeaderLayout securityHeaderLayout,
// EndpointSupportingTokenParameters
int endorsing, int signed, int signedEncrypted, int signedEndorsing,
// LocalClientSettings
bool cacheCookies,
int renewalThresholdPercentage,
bool detectReplays,
SecurityBindingElement be, string label)
{
Assert.AreEqual (algorithm, be.DefaultAlgorithmSuite, label + ".DefaultAlgorithmSuite");
Assert.AreEqual (includeTimestamp, be.IncludeTimestamp, label + ".KeyEntropyMode");
Assert.AreEqual (keyEntropyMode,
be.KeyEntropyMode, label + "#3");
Assert.AreEqual (messageSecurityVersion,
be.MessageSecurityVersion, label + ".MessageSecurityVersion");
Assert.AreEqual (securityHeaderLayout,
be.SecurityHeaderLayout, label + ".SecurityHeaderLayout");
// FIXME: they should be extracted step by step...
// EndpointSupportingTokenParameters
SupportingTokenParameters tp = be.EndpointSupportingTokenParameters;
AssertSupportingTokenParameters (
endorsing, signed, signedEncrypted, signedEndorsing,
tp, label + ".Endpoint");
// OptionalEndpointSupportingTokenParameters
tp = be.OptionalEndpointSupportingTokenParameters;
Assert.IsNotNull (tp, label + "#3-0");
Assert.AreEqual (0, tp.Endorsing.Count, label + "#3-1");
Assert.AreEqual (0, tp.Signed.Count, label + "#3-2");
Assert.AreEqual (0, tp.SignedEncrypted.Count, label + "#3-3");
Assert.AreEqual (0, tp.SignedEndorsing.Count, label + "#3-4");
// OperationSupportingTokenParameters
IDictionary<string,SupportingTokenParameters> oper = be.OperationSupportingTokenParameters;
Assert.IsNotNull (oper, label + "#4-1");
Assert.AreEqual (0, oper.Count, label + "#4-2");
// OptionalOperationSupportingTokenParameters
oper = be.OptionalOperationSupportingTokenParameters;
Assert.IsNotNull (oper, label + "#5-1");
Assert.AreEqual (0, oper.Count, label + "#5-2");
// LocalClientSettings
LocalClientSecuritySettings lc =
be.LocalClientSettings;
AssertLocalClientSecuritySettings (
cacheCookies,
renewalThresholdPercentage,
detectReplays,
lc, "");
// FIXME: IdentityVerifier
Assert.AreEqual (TimeSpan.FromMinutes (5), lc.MaxClockSkew, label + "#7-5");
Assert.AreEqual (TimeSpan.MaxValue, lc.MaxCookieCachingTime, label + "#7-6");
Assert.AreEqual (true, lc.ReconnectTransportOnFailure, label + "#7-7");
Assert.AreEqual (900000, lc.ReplayCacheSize, label + "#7-8");
Assert.AreEqual (TimeSpan.FromMinutes (5), lc.ReplayWindow, label + "#7-9");
Assert.AreEqual (TimeSpan.FromHours (10), lc.SessionKeyRenewalInterval, label + "#7-10");
Assert.AreEqual (TimeSpan.FromMinutes (5), lc.SessionKeyRolloverInterval, label + "#7-11");
Assert.AreEqual (TimeSpan.FromMinutes (5), lc.TimestampValidityDuration, label + "#7-12");
// FIXME: LocalServiceSettings
}
public static void TypeConvert_EnumToInt(int value, SecurityKeyEntropyMode sem)
{
Assert.Equal(value, (int)sem);
}
public virtual XmlElement CreateWsspRequireServerEntropyAssertion(SecurityKeyEntropyMode keyEntropyMode)
{
if (keyEntropyMode == SecurityKeyEntropyMode.ServerEntropy || keyEntropyMode == SecurityKeyEntropyMode.CombinedEntropy)
{
return CreateWsspAssertion(RequireServerEntropyName);
}
else
{
return null;
}
}
public override XmlElement CreateWsspTrustAssertion(MetadataExporter exporter, SecurityKeyEntropyMode keyEntropyMode)
{
return base.CreateWsspTrustAssertion("Trust10", exporter, keyEntropyMode);
}
protected XmlElement CreateWsspTrustAssertion(string trustName, MetadataExporter exporter, SecurityKeyEntropyMode keyEntropyMode)
{
XmlElement result = CreateWsspAssertion(trustName);
result.AppendChild(
CreateWspPolicyWrapper(
exporter,
CreateWsspAssertion(MustSupportIssuedTokensName),
CreateWsspRequireClientEntropyAssertion(keyEntropyMode),
CreateWsspRequireServerEntropyAssertion(keyEntropyMode)
));
return result;
}
public SecuritySessionSecurityTokenProvider()
: base()
{
_standardsManager = SecurityStandardsManager.DefaultInstance;
_keyEntropyMode = SecurityKeyEntropyMode.CombinedEntropy;
}
internal static bool IsDefined(SecurityKeyEntropyMode value)
{
return (value == SecurityKeyEntropyMode.ClientEntropy
|| value == SecurityKeyEntropyMode.ServerEntropy
|| value == SecurityKeyEntropyMode.CombinedEntropy);
}
public static void Set_EnumMembers(SecurityKeyEntropyMode skem)
{
SecurityKeyEntropyMode entropyMode = skem;
Assert.Equal(skem, entropyMode);
}
