private SslStreamSecurityUpgradeProvider(IDefaultCommunicationTimeouts timeouts, SecurityTokenProvider serverTokenProvider, bool requireClientCertificate, SecurityTokenAuthenticator clientCertificateAuthenticator, string scheme, IdentityVerifier identityVerifier, SslProtocols sslProtocols) : base(timeouts) { _serverTokenProvider = serverTokenProvider; _requireClientCertificate = requireClientCertificate; _clientCertificateAuthenticator = clientCertificateAuthenticator; _identityVerifier = identityVerifier; _scheme = scheme; _sslProtocols = sslProtocols; }
private SslStreamSecurityUpgradeProvider(IDefaultCommunicationTimeouts timeouts, SecurityTokenProvider serverTokenProvider, bool requireClientCertificate, SecurityTokenAuthenticator clientCertificateAuthenticator, string scheme, IdentityVerifier identityVerifier, SslProtocols sslProtocols) : base(timeouts) { _serverTokenProvider = serverTokenProvider; RequireClientCertificate = requireClientCertificate; _clientCertificateAuthenticator = clientCertificateAuthenticator; IdentityVerifier = identityVerifier; Scheme = scheme; SslProtocols = sslProtocols; ClientSecurityTokenManager = null; // Used for client but there's public api which need this and the compiler complains it's never assigned }
private SecurityTokenProvider CreateAndOpenCertificateTokenProvider(EndpointAddress target, Uri via, ChannelParameterCollection channelParameters, TimeSpan timeout) { if (!this.RequireClientCertificate) { return(null); } SecurityTokenProvider tokenProvider = TransportSecurityHelpers.GetCertificateTokenProvider(base.SecurityTokenManager, target, via, this.Scheme, channelParameters); System.ServiceModel.Security.SecurityUtils.OpenTokenProviderIfRequired(tokenProvider, timeout); return(tokenProvider); }
public GetOneTokenAndSetUpSecurityAsyncResult(Message m, MessageSecurityProtocol binding, SecurityTokenProvider provider, bool doIdentityChecks, SecurityTokenAuthenticator identityCheckAuthenticator, SecurityProtocolCorrelationState oldCorrelationState, TimeSpan timeout, AsyncCallback callback, object state) : base(m, binding, timeout, callback, state) { this.message = m; this.binding = binding; this.provider = provider; this.doIdentityChecks = doIdentityChecks; this.oldCorrelationState = oldCorrelationState; this.identityCheckAuthenticator = identityCheckAuthenticator; }
internal void Open(string propertyName, bool requiredForForwardDirection, SecurityTokenProvider provider, TimeSpan timeout) { if (provider != null) { SecurityUtils.OpenTokenProviderIfRequiredAsync(provider, new TimeoutHelper(timeout).GetCancellationToken()); } else { OnPropertySettingsError(propertyName, requiredForForwardDirection); } }
public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { if (tokenRequirement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenRequirement"); } SecurityTokenProvider result = null; if (tokenRequirement is RecipientServiceModelSecurityTokenRequirement && tokenRequirement.TokenType == SecurityTokenTypes.X509Certificate && tokenRequirement.KeyUsage == SecurityKeyUsage.Exchange) { // this is the uncorrelated duplex case if (_parent.ClientCertificate.Certificate == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.ClientCertificateNotProvidedOnClientCredentials))); } result = new X509SecurityTokenProvider(_parent.ClientCertificate.Certificate); } else if (tokenRequirement is InitiatorServiceModelSecurityTokenRequirement) { InitiatorServiceModelSecurityTokenRequirement initiatorRequirement = tokenRequirement as InitiatorServiceModelSecurityTokenRequirement; string tokenType = initiatorRequirement.TokenType; if (IsIssuedSecurityTokenRequirement(initiatorRequirement)) { throw ExceptionHelper.PlatformNotSupported("CreateSecurityTokenProvider (IsIssuedSecurityTokenRequirement(initiatorRequirement)"); } else if (tokenType == SecurityTokenTypes.X509Certificate) { if (initiatorRequirement.Properties.ContainsKey(SecurityTokenRequirement.KeyUsageProperty) && initiatorRequirement.KeyUsage == SecurityKeyUsage.Exchange) { throw ExceptionHelper.PlatformNotSupported("CreateSecurityTokenProvider X509Certificate - SecurityKeyUsage.Exchange"); } else { if (_parent.ClientCertificate.Certificate == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.ClientCertificateNotProvidedOnClientCredentials))); } result = new X509SecurityTokenProvider(_parent.ClientCertificate.Certificate); } } else if (tokenType == SecurityTokenTypes.UserName) { throw ExceptionHelper.PlatformNotSupported("CreateSecurityTokenProvider SecurityTokenTypes.Username"); } } if ((result == null) && !tokenRequirement.IsOptionalToken) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.Format(SR.SecurityTokenManagerCannotCreateProviderForRequirement, tokenRequirement))); } return(result); }
internal void Open(string propertyName, bool requiredForForwardDirection, SecurityTokenProvider provider, TimeSpan timeout) { if (provider != null) { SecurityUtils.OpenTokenProviderIfRequired(provider, timeout); } else { OnPropertySettingsError(propertyName, requiredForForwardDirection); } }
public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { ServiceModelSecurityTokenRequirement requirement = tokenRequirement as ServiceModelSecurityTokenRequirement; if (requirement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenRequirement"); } if (this.IsX509TokenRequirement(requirement)) { X509CertificateValidator validator; if (this.IsForConnectionValidator(requirement)) { SecurityTokenProvider provider = null; if (this.ssc != null) { provider = new X509SecurityTokenProvider(this.ssc.GetX509Certificate()); } else if (this.delegateManager != null) { requirement.Properties[SecurityTokenRequirement.PeerAuthenticationMode] = SecurityMode.Transport; requirement.TransportScheme = "net.p2p"; provider = this.delegateManager.CreateSecurityTokenProvider(tokenRequirement); } else if (this.credential.Certificate != null) { provider = new X509SecurityTokenProvider(this.credential.Certificate); } if ((provider == null) && (this.mode == PeerAuthenticationMode.Password)) { this.ssc = this.parent.GetCertificate(); provider = new X509SecurityTokenProvider(this.ssc.GetX509Certificate()); } return(provider); } if (this.delegateManager != null) { requirement.TransportScheme = "net.p2p"; requirement.Properties[SecurityTokenRequirement.PeerAuthenticationMode] = SecurityMode.Message; return(this.delegateManager.CreateSecurityTokenProvider(tokenRequirement)); } if (!this.credential.MessageSenderAuthentication.TryGetCertificateValidator(out validator)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("TokenType"); } return(new PeerX509TokenProvider(validator, this.credential.Certificate)); } if (!this.IsPasswordTokenRequirement(requirement)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("TokenType"); } return(this.GetPasswordTokenProvider()); }
static T GetToken <T>(SecurityTokenProvider tokenProvider, TimeSpan timeout) where T : SecurityToken { SecurityToken result = tokenProvider.GetToken(timeout); if ((result != null) && !(result is T)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString( SR.InvalidTokenProvided, tokenProvider.GetType(), typeof(T)))); } return(result as T); }
private static async Task <T> GetTokenAsync <T>(SecurityTokenProvider tokenProvider, TimeSpan timeout) where T : SecurityToken { SecurityToken result = await tokenProvider.GetTokenAsync(timeout); if ((result != null) && !(result is T)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format( SR.InvalidTokenProvided, tokenProvider.GetType(), typeof(T)))); } return(result as T); }
internal SecurityTokenProvider CreateAndOpenCertificateTokenProvider(EndpointAddress target, Uri via, ChannelParameterCollection channelParameters, TimeSpan timeout) { if (!RequireClientCertificate) { return(null); } SecurityTokenProvider certificateProvider = TransportSecurityHelpers.GetCertificateTokenProvider( SecurityTokenManager, target, via, Scheme, channelParameters); SecurityUtils.OpenTokenProviderIfRequired(certificateProvider, timeout); return(certificateProvider); }
/// <summary> /// Constructor to create an instance of this class. /// </summary> /// <param name="securityToken">SecurityToken that represents the SecurityTokenElement element.</param> public ProviderBackedSecurityToken(SecurityTokenProvider tokenProvider, TimeSpan timeout) { _lock = new object(); if (tokenProvider == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException(nameof(tokenProvider))); } TokenProvider = tokenProvider; _timeout = timeout; }
public void CreateProviderAnonSslNoBindingElement() { InitiatorServiceModelSecurityTokenRequirement r = new InitiatorServiceModelSecurityTokenRequirement(); r.TokenType = ServiceModelSecurityTokenTypes.AnonymousSslnego; r.TargetAddress = new EndpointAddress("http://localhost:8080"); SecurityTokenProvider p = def_c.CreateSecurityTokenProvider(r); Assert.IsNotNull(p, "#1"); }
private static async Task <T> GetTokenAsync <T>(SecurityTokenProvider tokenProvider, CancellationToken cancellationToken) where T : SecurityToken { SecurityToken result = await tokenProvider.GetTokenAsync(cancellationToken); if ((result != null) && !(result is T)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(string.Format( SRServiceModel.InvalidTokenProvided, tokenProvider.GetType(), typeof(T)))); } return(result as T); }
public void IssueToken_CalledOnContract_CallsChannelIssue() { // Arrange var securityTokenProvider = new SecurityTokenProvider(); var channelContract = MockRepository.GenerateMock <IWSTrustChannelContract>(); var actAsToken = MockRepository.GenerateStub <SecurityToken>(); // Act securityTokenProvider.IssueToken(channelContract, "http://localhost/service", actAsToken); // Assert channelContract.AssertWasCalled(x => x.Issue(Arg <RequestSecurityToken> .Is.Anything, out Arg <RequestSecurityTokenResponse> .Out(null).Dummy)); }
public void CreateChannel_WhenCalled_ReturnsChannel() { // Arrange var securityTokenProvider = new SecurityTokenProvider(); var issuerBinding = new WS2007HttpBinding(); var issuerEndpointAddress = new EndpointAddress("http://localhost/issuer"); // Act var actual = securityTokenProvider.CreateChannel(issuerBinding, issuerEndpointAddress); // Assert Assert.IsNotNull(actual); }
public void CreateProviderAnonSsl(bool useTransport) { InitiatorServiceModelSecurityTokenRequirement r = GetAnonSslProviderRequirement(useTransport); SecurityTokenProvider p = def_c.CreateSecurityTokenProvider(r); Assert.IsNotNull(p, "#1"); ICommunicationObject comm = p as ICommunicationObject; Assert.IsNotNull(comm, "#2"); }
public void IssueToken_WS2007HttpBindingIsNotSet_Throws() { // Arrange var securityTokenProvider = new SecurityTokenProvider(); var binding = MockRepository.GenerateStub <WS2007FederationHttpBinding>(); var actAsToken = MockRepository.GenerateStub <SecurityToken>(); // Act // Assert var ex = Assert.Throws <ApplicationException>(() => securityTokenProvider.IssueToken(binding, "http://localhost/service", actAsToken)); Assert.AreEqual("Unable to get WS2007HttpBinding", ex.Message); }
public void CreateProviderAnonSslNoIssuerBindingContext() { InitiatorServiceModelSecurityTokenRequirement r = new InitiatorServiceModelSecurityTokenRequirement(); // r.TokenType = ServiceModelSecurityTokenTypes.AnonymousSslnego; new MySslSecurityTokenParameters().InitRequirement(r); r.TargetAddress = new EndpointAddress("http://localhost:8080"); r.SecurityBindingElement = new SymmetricSecurityBindingElement(); SecurityTokenProvider p = def_c.CreateSecurityTokenProvider(r); Assert.IsNotNull(p, "#1"); }
protected override void OnOpen(TimeSpan timeout) { TimeoutHelper helper = new TimeoutHelper(timeout); System.ServiceModel.Security.SecurityUtils.OpenTokenAuthenticatorIfRequired(this.ClientCertificateAuthenticator, helper.RemainingTime()); if (this.serverTokenProvider != null) { System.ServiceModel.Security.SecurityUtils.OpenTokenProviderIfRequired(this.serverTokenProvider, helper.RemainingTime()); SecurityToken token = this.serverTokenProvider.GetToken(timeout); this.SetupServerCertificate(token); System.ServiceModel.Security.SecurityUtils.CloseTokenProviderIfRequired(this.serverTokenProvider, helper.RemainingTime()); this.serverTokenProvider = null; } }
public override void OnAbort() { if (this.clientTokenProvider != null) { System.ServiceModel.Security.SecurityUtils.AbortTokenProviderIfRequired(this.ClientTokenProvider); this.clientTokenProvider = null; } if (this.serverTokenAuthenticator != null) { System.ServiceModel.Security.SecurityUtils.AbortTokenAuthenticatorIfRequired(this.ServerTokenAuthenticator); this.serverTokenAuthenticator = null; } base.OnAbort(); }
public static void Methods_Override() { var tokenManager = new SecurityTokenManagerImpl(); SecurityTokenVersionImpl tokenVersion = new SecurityTokenVersionImpl(); SecurityTokenRequirement tokenRequirement = new SecurityTokenRequirement(); SecurityTokenAuthenticator authenticator = tokenManager.CreateSecurityTokenAuthenticator(tokenRequirement, out SecurityTokenResolver resolver); SecurityTokenProvider provider = tokenManager.CreateSecurityTokenProvider(tokenRequirement); SecurityTokenSerializer serializer = tokenManager.CreateSecurityTokenSerializer(tokenVersion); Assert.IsType <SecurityTokenAuthenticatorImpl>(authenticator); Assert.IsType <SecurityTokenResolverImpl>(resolver); Assert.IsType <SecurityTokenProviderSyncImpl>(provider); Assert.IsType <SecurityTokenSerializerImpl>(serializer); }
public GetUserNameCredentialAsyncResult(SecurityTokenProviderContainer tokenProvider, TimeSpan timeout, AsyncCallback callback, object state) : base(callback, state) { if ((tokenProvider == null) || (tokenProvider.TokenProvider == null)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("NoUserNameTokenProvided"))); } this.tokenProvider = tokenProvider.TokenProvider; IAsyncResult result = this.tokenProvider.BeginGetToken(timeout, onGetToken, this); if (result.CompletedSynchronously) { this.CompleteGetToken(result); base.Complete(true); } }
protected override void OnOpen(TimeSpan timeout) { TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); SecurityUtils.OpenTokenAuthenticatorIfRequired(ClientCertificateAuthenticator, timeoutHelper.RemainingTime()); if (_serverTokenProvider != null) { SecurityUtils.OpenTokenProviderIfRequired(_serverTokenProvider, timeoutHelper.RemainingTime()); SecurityToken token = _serverTokenProvider.GetTokenAsync(timeoutHelper.RemainingTime()).GetAwaiter().GetResult(); SetupServerCertificate(token); SecurityUtils.CloseTokenProviderIfRequired(_serverTokenProvider, timeoutHelper.RemainingTime()); _serverTokenProvider = null; } }
public SupportingTokenProviderSpecification(SecurityTokenProvider tokenProvider, SecurityTokenAttachmentMode attachmentMode, SecurityTokenParameters tokenParameters) { if (tokenProvider == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenProvider"); } SecurityTokenAttachmentModeHelper.Validate(attachmentMode); if (tokenParameters == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenParameters"); } _tokenProvider = tokenProvider; _tokenAttachmentMode = attachmentMode; _tokenParameters = tokenParameters; }
public override void OnClose(TimeSpan timeout) { TimeoutHelper helper = new TimeoutHelper(timeout); if (this.clientTokenProvider != null) { System.ServiceModel.Security.SecurityUtils.CloseTokenProviderIfRequired(this.ClientTokenProvider, helper.RemainingTime()); this.clientTokenProvider = null; } if (this.serverTokenAuthenticator != null) { System.ServiceModel.Security.SecurityUtils.CloseTokenAuthenticatorIfRequired(this.ServerTokenAuthenticator, helper.RemainingTime()); this.serverTokenAuthenticator = null; } base.OnClose(helper.RemainingTime()); }
public override void OnAbort() { if (this.Factory.ActAsInitiator) { SecurityTokenProvider provider = this.initiatorSymmetricTokenProvider ?? this.initiatorAsymmetricTokenProvider; if (provider != null) { SecurityUtils.AbortTokenProviderIfRequired(provider); } if (this.initiatorTokenAuthenticator != null) { SecurityUtils.AbortTokenAuthenticatorIfRequired(this.initiatorTokenAuthenticator); } } base.OnAbort(); }
HttpWebRequest CreateHttpWebRequest(TimeSpan timeout) { TimeoutHelper helper = new TimeoutHelper(timeout); ChannelParameterCollection channelParameterCollection = new ChannelParameterCollection(); HttpWebRequest request; if (HttpChannelFactory <IDuplexSessionChannel> .MapIdentity(this.RemoteAddress, this.channelFactory.AuthenticationScheme)) { lock (ThisLock) { this.cleanupIdentity = HttpTransportSecurityHelpers.AddIdentityMapping(Via, RemoteAddress); } } this.channelFactory.CreateAndOpenTokenProviders( this.RemoteAddress, this.Via, channelParameterCollection, helper.RemainingTime(), out this.webRequestTokenProvider, out this.webRequestProxyTokenProvider); SecurityTokenContainer clientCertificateToken = null; HttpsChannelFactory <IDuplexSessionChannel> httpsChannelFactory = this.channelFactory as HttpsChannelFactory <IDuplexSessionChannel>; if (httpsChannelFactory != null && httpsChannelFactory.RequireClientCertificate) { SecurityTokenProvider certificateProvider = httpsChannelFactory.CreateAndOpenCertificateTokenProvider(this.RemoteAddress, this.Via, channelParameterCollection, helper.RemainingTime()); clientCertificateToken = httpsChannelFactory.GetCertificateSecurityToken(certificateProvider, this.RemoteAddress, this.Via, channelParameterCollection, ref helper); } request = this.channelFactory.GetWebRequest(this.RemoteAddress, this.Via, this.webRequestTokenProvider, this.webRequestProxyTokenProvider, clientCertificateToken, helper.RemainingTime(), true); // If a web socket connection factory is specified (for example, when using web sockets on pre-Win8 OS), // we're going to use the protocol version from it. At the moment, on pre-Win8 OS, the HttpWebRequest // created above doesn't have the version header specified. if (this.connectionFactory != null) { this.UseWebSocketVersionFromFactory(request); } this.webSocketKey = request.Headers[WebSocketHelper.SecWebSocketKey]; this.ConfigureHttpWebRequestHeader(request); request.Timeout = (int)helper.RemainingTime().TotalMilliseconds; return(request); }
public void CreateProviderAnonSsl() { RecipientServiceModelSecurityTokenRequirement r = new RecipientServiceModelSecurityTokenRequirement(); new MySslSecurityTokenParameters().InitRequirement(r); Assert.IsFalse(r.Properties.ContainsKey(ReqType.ChannelParametersCollectionProperty), "#1"); Assert.IsFalse(r.Properties.ContainsKey(ReqType.EndpointFilterTableProperty), "#2"); Assert.IsFalse(r.Properties.ContainsKey(ReqType.HttpAuthenticationSchemeProperty), "#3"); Assert.IsFalse(r.Properties.ContainsKey(ReqType.IsOutOfBandTokenProperty), "#4"); Assert.IsFalse(r.Properties.ContainsKey(ReqType.IssuerAddressProperty), "#5"); Assert.IsFalse(r.Properties.ContainsKey(ReqType.MessageDirectionProperty), "#6"); Assert.IsFalse(r.Properties.ContainsKey(ReqType.MessageSecurityVersionProperty), "#7"); //Assert.IsTrue (r.Properties.ContainsKey (SecurityTokenRequirement.PeerAuthenticationMode), "#8"); Assert.IsFalse(r.Properties.ContainsKey(ReqType.SecurityAlgorithmSuiteProperty), "#9"); Assert.IsFalse(r.Properties.ContainsKey(ReqType.SecurityBindingElementProperty), "#10"); Assert.IsFalse(r.Properties.ContainsKey(ReqType.SupportingTokenAttachmentModeProperty), "#11"); Assert.AreEqual(null, r.TransportScheme, "#12"); r.TokenType = ServiceModelSecurityTokenTypes.AnonymousSslnego; r.ListenUri = new Uri("http://localhost:8080"); r.SecurityBindingElement = new SymmetricSecurityBindingElement(); r.Properties [ReqType.IssuerBindingContextProperty] = new BindingContext(new CustomBinding(), new BindingParameterCollection()); r.MessageSecurityVersion = MessageSecurityVersion.Default.SecurityTokenVersion; r.Properties [ReqType.SecurityAlgorithmSuiteProperty] = SecurityAlgorithmSuite.Default; r.TransportScheme = "https"; r.Properties [ReqType.ChannelParametersCollectionProperty] = new ChannelParameterCollection(); r.Properties [ReqType.EndpointFilterTableProperty] = null; r.Properties [ReqType.HttpAuthenticationSchemeProperty] = AuthenticationSchemes.Anonymous; r.Properties [ReqType.IsOutOfBandTokenProperty] = true; r.Properties [ReqType.IssuerAddressProperty] = new EndpointAddress("http://localhost:9090"); // r.Properties [ReqType.MessageDirectionProperty] = MessageDirection.Input; r.Properties [ReqType.SecurityBindingElementProperty] = new SymmetricSecurityBindingElement(); r.Properties [ReqType.SupportingTokenAttachmentModeProperty] = SecurityTokenAttachmentMode.Signed; SecurityTokenProvider p = def_c.CreateSecurityTokenProvider(r); Assert.IsNotNull(p, "#1"); }
public void CreateProviderAnonSslError() { RecipientServiceModelSecurityTokenRequirement r = new RecipientServiceModelSecurityTokenRequirement(); r.TokenType = ServiceModelSecurityTokenTypes.AnonymousSslnego; r.ListenUri = new Uri("http://localhost:8080"); r.SecurityBindingElement = new SymmetricSecurityBindingElement(); r.Properties [ReqType.IssuerBindingContextProperty] = new BindingContext(new CustomBinding(), new BindingParameterCollection()); r.MessageSecurityVersion = MessageSecurityVersion.Default.SecurityTokenVersion; SecurityTokenProvider p = def_c.CreateSecurityTokenProvider(r); Assert.IsNotNull(p, "#1"); }