internal override SecurityProtocolFactory CreateSecurityProtocolFactory <TChannel>(BindingContext context, SecurityCredentialsManager credentialsManager, bool isForService, BindingContext issuerBindingContext)
        {
            if (context == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(context));
            }

            if (credentialsManager == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(credentialsManager));
            }

            TransportSecurityProtocolFactory protocolFactory = new TransportSecurityProtocolFactory();

            base.ConfigureProtocolFactory(protocolFactory, credentialsManager, isForService, issuerBindingContext, context.Binding);
            protocolFactory.DetectReplays = false;

            return(protocolFactory);
        }
        internal override SecurityProtocolFactory CreateSecurityProtocolFactory <TChannel>(BindingContext context, SecurityCredentialsManager credentialsManager, bool isForService, BindingContext issuerBindingContext)
        {
            if (context == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
            }
            if (credentialsManager == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("credentialsManager");
            }
            TransportSecurityProtocolFactory factory = new TransportSecurityProtocolFactory();

            if (isForService)
            {
                base.ApplyAuditBehaviorSettings(context, factory);
            }
            base.ConfigureProtocolFactory(factory, credentialsManager, isForService, issuerBindingContext, context.Binding);
            factory.DetectReplays = false;
            return(factory);
        }
Ejemplo n.º 3
0
        internal override SecurityProtocolFactory CreateSecurityProtocolFactory <TChannel>(BindingContext context, SecurityCredentialsManager credentialsManager, bool isForService, BindingContext issuerBindingContext)
        {
            if (context == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
            }
            if (credentialsManager == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("credentialsManager");
            }
#if FEATURE_CORECLR
            throw new NotImplementedException("TransportSecurityProtocolFactory not supported in .NET Core");
#else
            TransportSecurityProtocolFactory securityProtocolFactory = new TransportSecurityProtocolFactory();
            if (isForService)
            {
                this.ApplyAuditBehaviorSettings(context, (SecurityProtocolFactory)securityProtocolFactory);
            }
            this.ConfigureProtocolFactory((SecurityProtocolFactory)securityProtocolFactory, credentialsManager, isForService, issuerBindingContext, (Binding)context.Binding);
            securityProtocolFactory.DetectReplays = false;
            return((SecurityProtocolFactory)securityProtocolFactory);
#endif
        }
        protected override IServiceDispatcher BuildServiceDispatcherCore <TChannel>(BindingContext context, IServiceDispatcher serviceDispatcher)
        {
            SecurityServiceDispatcher  securityServiceDispatcher = new SecurityServiceDispatcher(context, serviceDispatcher);
            SecurityCredentialsManager credentialsManager        = serviceDispatcher.Host.Description.Behaviors.Find <SecurityCredentialsManager>();

            if (credentialsManager == null)
            {
                credentialsManager = ServiceCredentials.CreateDefaultCredentials();
            }

            SecureConversationSecurityTokenParameters scParameters;

            if (EndpointSupportingTokenParameters.Endorsing.Count > 0)
            {
                scParameters = EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters;
            }
            else
            {
                scParameters = null;
            }

            bool           requireDemuxer = RequiresChannelDemuxer();
            ChannelBuilder channelBuilder = new ChannelBuilder(context, requireDemuxer);

            if (requireDemuxer)
            {
                ApplyPropertiesOnDemuxer(channelBuilder, context);
            }

            BindingContext issuerBindingContext = context.Clone();

            issuerBindingContext.BindingParameters.Add(credentialsManager);
            if (scParameters != null)
            {
                if (scParameters.BootstrapSecurityBindingElement == null)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.SecureConversationSecurityTokenParametersRequireBootstrapBinding)));
                }

                AddDemuxerForSecureConversation(channelBuilder, issuerBindingContext);

                if (scParameters.RequireCancellation)
                {
                    SessionSymmetricTransportSecurityProtocolFactory sessionFactory = new SessionSymmetricTransportSecurityProtocolFactory
                    {
                        // base.ApplyAuditBehaviorSettings(context, sessionFactory);
                        SecurityTokenParameters = scParameters.Clone()
                    };
                    ((SecureConversationSecurityTokenParameters)sessionFactory.SecurityTokenParameters).IssuerBindingContext = issuerBindingContext;
                    EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
                    try
                    {
                        ConfigureProtocolFactory(sessionFactory, credentialsManager, true, issuerBindingContext, context.Binding);
                    }
                    finally
                    {
                        EndpointSupportingTokenParameters.Endorsing.Insert(0, scParameters);
                    }

                    securityServiceDispatcher.SessionMode = true;
                    securityServiceDispatcher.SessionServerSettings.InactivityTimeout             = LocalServiceSettings.InactivityTimeout;
                    securityServiceDispatcher.SessionServerSettings.KeyRolloverInterval           = LocalServiceSettings.SessionKeyRolloverInterval;
                    securityServiceDispatcher.SessionServerSettings.MaximumPendingSessions        = LocalServiceSettings.MaxPendingSessions;
                    securityServiceDispatcher.SessionServerSettings.MaximumKeyRenewalInterval     = LocalServiceSettings.SessionKeyRenewalInterval;
                    securityServiceDispatcher.SessionServerSettings.TolerateTransportFailures     = LocalServiceSettings.ReconnectTransportOnFailure;
                    securityServiceDispatcher.SessionServerSettings.CanRenewSession               = scParameters.CanRenewSession;
                    securityServiceDispatcher.SessionServerSettings.IssuedSecurityTokenParameters = scParameters.Clone();
                    ((SecureConversationSecurityTokenParameters)securityServiceDispatcher.SessionServerSettings.IssuedSecurityTokenParameters).IssuerBindingContext = issuerBindingContext;
                    securityServiceDispatcher.SessionServerSettings.SecurityStandardsManager = sessionFactory.StandardsManager;
                    securityServiceDispatcher.SessionServerSettings.SessionProtocolFactory   = sessionFactory;
                    securityServiceDispatcher.SecurityProtocolFactory = sessionFactory;

                    // pass in the error handler for handling unknown security sessions - dont do this if the underlying channel is duplex since sending
                    // back faults in response to badly secured requests over duplex can result in DoS.
                    if (context.BindingParameters != null && context.BindingParameters.Find <IChannelDemuxFailureHandler>() == null &&
                        !IsUnderlyingDispatcherDuplex <TChannel>(context))
                    {
                        context.BindingParameters.Add(new SecuritySessionServerSettings.SecuritySessionDemuxFailureHandler(sessionFactory.StandardsManager));
                    }
                }
                else
                {
                    //TODO later
                    TransportSecurityProtocolFactory protocolFactory = new TransportSecurityProtocolFactory();
                    // base.ApplyAuditBehaviorSettings(context, protocolFactory);
                    EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
                    try
                    {
                        ConfigureProtocolFactory(protocolFactory, credentialsManager, true, issuerBindingContext, context.Binding);
                        SecureConversationSecurityTokenParameters acceleratedTokenParameters = (SecureConversationSecurityTokenParameters)scParameters.Clone();
                        acceleratedTokenParameters.IssuerBindingContext = issuerBindingContext;
                        protocolFactory.SecurityBindingElement.EndpointSupportingTokenParameters.Endorsing.Insert(0, acceleratedTokenParameters);
                    }
                    finally
                    {
                        EndpointSupportingTokenParameters.Endorsing.Insert(0, scParameters);
                    }

                    securityServiceDispatcher.SecurityProtocolFactory = protocolFactory;
                }
            }
            else
            {
                SecurityProtocolFactory protocolFactory = CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, true, issuerBindingContext);
                securityServiceDispatcher.SecurityProtocolFactory = protocolFactory;
            }
            securityServiceDispatcher.InitializeSecurityDispatcher(channelBuilder, typeof(TChannel));
            //return channelListener;
            channelBuilder.BuildServiceDispatcher <TChannel>(context, securityServiceDispatcher);
            return(securityServiceDispatcher);
        }
Ejemplo n.º 5
0
 internal TransportSecurityProtocolFactory(TransportSecurityProtocolFactory factory) : base(factory)
 {
 }
        protected override IChannelListener <TChannel> BuildChannelListenerCore <TChannel>(BindingContext context) where TChannel : class, IChannel
        {
            SecureConversationSecurityTokenParameters parameters;
            SecurityChannelListener <TChannel>        listener = new SecurityChannelListener <TChannel>(this, context);
            SecurityCredentialsManager credentialsManager      = context.BindingParameters.Find <SecurityCredentialsManager>();

            if (credentialsManager == null)
            {
                credentialsManager = ServiceCredentials.CreateDefaultCredentials();
            }
            if (base.EndpointSupportingTokenParameters.Endorsing.Count > 0)
            {
                parameters = base.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters;
            }
            else
            {
                parameters = null;
            }
            bool           addChannelDemuxerIfRequired = this.RequiresChannelDemuxer();
            ChannelBuilder builder = new ChannelBuilder(context, addChannelDemuxerIfRequired);

            if (addChannelDemuxerIfRequired)
            {
                base.ApplyPropertiesOnDemuxer(builder, context);
            }
            BindingContext secureConversationBindingContext = context.Clone();

            if (parameters != null)
            {
                if (parameters.BootstrapSecurityBindingElement == null)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("SecureConversationSecurityTokenParametersRequireBootstrapBinding")));
                }
                base.AddDemuxerForSecureConversation(builder, secureConversationBindingContext);
                if (parameters.RequireCancellation)
                {
                    SessionSymmetricTransportSecurityProtocolFactory factory = new SessionSymmetricTransportSecurityProtocolFactory();
                    base.ApplyAuditBehaviorSettings(context, factory);
                    factory.SecurityTokenParameters = parameters.Clone();
                    ((SecureConversationSecurityTokenParameters)factory.SecurityTokenParameters).IssuerBindingContext = secureConversationBindingContext;
                    base.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
                    try
                    {
                        base.ConfigureProtocolFactory(factory, credentialsManager, true, secureConversationBindingContext, context.Binding);
                    }
                    finally
                    {
                        base.EndpointSupportingTokenParameters.Endorsing.Insert(0, parameters);
                    }
                    listener.SessionMode = true;
                    listener.SessionServerSettings.InactivityTimeout             = base.LocalServiceSettings.InactivityTimeout;
                    listener.SessionServerSettings.KeyRolloverInterval           = base.LocalServiceSettings.SessionKeyRolloverInterval;
                    listener.SessionServerSettings.MaximumPendingSessions        = base.LocalServiceSettings.MaxPendingSessions;
                    listener.SessionServerSettings.MaximumKeyRenewalInterval     = base.LocalServiceSettings.SessionKeyRenewalInterval;
                    listener.SessionServerSettings.TolerateTransportFailures     = base.LocalServiceSettings.ReconnectTransportOnFailure;
                    listener.SessionServerSettings.CanRenewSession               = parameters.CanRenewSession;
                    listener.SessionServerSettings.IssuedSecurityTokenParameters = parameters.Clone();
                    ((SecureConversationSecurityTokenParameters)listener.SessionServerSettings.IssuedSecurityTokenParameters).IssuerBindingContext = secureConversationBindingContext;
                    listener.SessionServerSettings.SecurityStandardsManager = factory.StandardsManager;
                    listener.SessionServerSettings.SessionProtocolFactory   = factory;
                    if (((context.BindingParameters != null) && (context.BindingParameters.Find <IChannelDemuxFailureHandler>() == null)) && !base.IsUnderlyingListenerDuplex <TChannel>(context))
                    {
                        context.BindingParameters.Add(new SecuritySessionServerSettings.SecuritySessionDemuxFailureHandler(factory.StandardsManager));
                    }
                }
                else
                {
                    TransportSecurityProtocolFactory factory2 = new TransportSecurityProtocolFactory();
                    base.ApplyAuditBehaviorSettings(context, factory2);
                    base.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
                    try
                    {
                        base.ConfigureProtocolFactory(factory2, credentialsManager, true, secureConversationBindingContext, context.Binding);
                        SecureConversationSecurityTokenParameters item = (SecureConversationSecurityTokenParameters)parameters.Clone();
                        item.IssuerBindingContext = secureConversationBindingContext;
                        factory2.SecurityBindingElement.EndpointSupportingTokenParameters.Endorsing.Insert(0, item);
                    }
                    finally
                    {
                        base.EndpointSupportingTokenParameters.Endorsing.Insert(0, parameters);
                    }
                    listener.SecurityProtocolFactory = factory2;
                }
            }
            else
            {
                SecurityProtocolFactory factory3 = this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, true, secureConversationBindingContext);
                listener.SecurityProtocolFactory = factory3;
            }
            listener.InitializeListener(builder);
            return(listener);
        }
        protected override IChannelFactory <TChannel> BuildChannelFactoryCore <TChannel>(BindingContext context)
        {
            ISecurityCapabilities      property           = this.GetProperty <ISecurityCapabilities>(context);
            SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>();

            if (credentialsManager == null)
            {
                credentialsManager = ClientCredentials.CreateDefaultCredentials();
            }
            SecureConversationSecurityTokenParameters item = null;

            if (base.EndpointSupportingTokenParameters.Endorsing.Count > 0)
            {
                item = base.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters;
            }
            bool           addChannelDemuxerIfRequired = this.RequiresChannelDemuxer();
            ChannelBuilder builder = new ChannelBuilder(context, addChannelDemuxerIfRequired);

            if (addChannelDemuxerIfRequired)
            {
                base.ApplyPropertiesOnDemuxer(builder, context);
            }
            BindingContext issuerBindingContext = context.Clone();

            if (item != null)
            {
                if (item.BootstrapSecurityBindingElement == null)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("SecureConversationSecurityTokenParametersRequireBootstrapBinding")));
                }
                item.IssuerBindingContext = issuerBindingContext;
                if (item.RequireCancellation)
                {
                    SessionSymmetricTransportSecurityProtocolFactory factory2 = new SessionSymmetricTransportSecurityProtocolFactory {
                        SecurityTokenParameters = item.Clone()
                    };
                    ((SecureConversationSecurityTokenParameters)factory2.SecurityTokenParameters).IssuerBindingContext = issuerBindingContext;
                    base.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
                    try
                    {
                        base.ConfigureProtocolFactory(factory2, credentialsManager, false, issuerBindingContext, context.Binding);
                    }
                    finally
                    {
                        base.EndpointSupportingTokenParameters.Endorsing.Insert(0, item);
                    }
                    SecuritySessionClientSettings <TChannel> sessionClientSettings = new SecuritySessionClientSettings <TChannel> {
                        ChannelBuilder                = builder,
                        KeyRenewalInterval            = base.LocalClientSettings.SessionKeyRenewalInterval,
                        KeyRolloverInterval           = base.LocalClientSettings.SessionKeyRolloverInterval,
                        TolerateTransportFailures     = base.LocalClientSettings.ReconnectTransportOnFailure,
                        CanRenewSession               = item.CanRenewSession,
                        IssuedSecurityTokenParameters = item.Clone()
                    };
                    ((SecureConversationSecurityTokenParameters)sessionClientSettings.IssuedSecurityTokenParameters).IssuerBindingContext = issuerBindingContext;
                    sessionClientSettings.SecurityStandardsManager = factory2.StandardsManager;
                    sessionClientSettings.SessionProtocolFactory   = factory2;
                    return(new SecurityChannelFactory <TChannel>(property, context, sessionClientSettings));
                }
                TransportSecurityProtocolFactory factory = new TransportSecurityProtocolFactory();
                base.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
                try
                {
                    base.ConfigureProtocolFactory(factory, credentialsManager, false, issuerBindingContext, context.Binding);
                    SecureConversationSecurityTokenParameters parameters2 = (SecureConversationSecurityTokenParameters)item.Clone();
                    parameters2.IssuerBindingContext = issuerBindingContext;
                    factory.SecurityBindingElement.EndpointSupportingTokenParameters.Endorsing.Insert(0, parameters2);
                }
                finally
                {
                    base.EndpointSupportingTokenParameters.Endorsing.Insert(0, item);
                }
                return(new SecurityChannelFactory <TChannel>(property, context, builder, factory));
            }
            return(new SecurityChannelFactory <TChannel>(property, context, builder, this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, false, issuerBindingContext)));
        }
 internal TransportSecurityProtocolFactory(TransportSecurityProtocolFactory factory)
     : base(factory)
 {
 }
        protected override IChannelFactory <TChannel> BuildChannelFactoryCore <TChannel>(BindingContext context)
        {
            ISecurityCapabilities      securityCapabilities = this.GetProperty <ISecurityCapabilities>(context);
            SecurityCredentialsManager credentialsManager   = context.BindingParameters.Find <SecurityCredentialsManager>();

            if (credentialsManager == null)
            {
                credentialsManager = ClientCredentials.CreateDefaultCredentials();
            }

            SecureConversationSecurityTokenParameters scParameters = null;

            if (this.EndpointSupportingTokenParameters.Endorsing.Count > 0)
            {
                scParameters = this.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters;
            }

            // This adds the demuxer element to the context

            bool           requireDemuxer = RequiresChannelDemuxer();
            ChannelBuilder channelBuilder = new ChannelBuilder(context, requireDemuxer);

            if (requireDemuxer)
            {
                ApplyPropertiesOnDemuxer(channelBuilder, context);
            }
            BindingContext issuerBindingContext = context.Clone();

            SecurityChannelFactory <TChannel> channelFactory;

            if (scParameters != null)
            {
                if (scParameters.BootstrapSecurityBindingElement == null)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SecureConversationSecurityTokenParametersRequireBootstrapBinding)));
                }

                scParameters.IssuerBindingContext = issuerBindingContext;
                if (scParameters.RequireCancellation)
                {
                    SessionSymmetricTransportSecurityProtocolFactory sessionFactory = new SessionSymmetricTransportSecurityProtocolFactory();
                    sessionFactory.SecurityTokenParameters = scParameters.Clone();
                    ((SecureConversationSecurityTokenParameters)sessionFactory.SecurityTokenParameters).IssuerBindingContext = issuerBindingContext;
                    this.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
                    try
                    {
                        base.ConfigureProtocolFactory(sessionFactory, credentialsManager, false, issuerBindingContext, context.Binding);
                    }
                    finally
                    {
                        this.EndpointSupportingTokenParameters.Endorsing.Insert(0, scParameters);
                    }

                    SecuritySessionClientSettings <TChannel> sessionClientSettings = new SecuritySessionClientSettings <TChannel>();
                    sessionClientSettings.ChannelBuilder                = channelBuilder;
                    sessionClientSettings.KeyRenewalInterval            = this.LocalClientSettings.SessionKeyRenewalInterval;
                    sessionClientSettings.KeyRolloverInterval           = this.LocalClientSettings.SessionKeyRolloverInterval;
                    sessionClientSettings.TolerateTransportFailures     = this.LocalClientSettings.ReconnectTransportOnFailure;
                    sessionClientSettings.CanRenewSession               = scParameters.CanRenewSession;
                    sessionClientSettings.IssuedSecurityTokenParameters = scParameters.Clone();
                    ((SecureConversationSecurityTokenParameters)sessionClientSettings.IssuedSecurityTokenParameters).IssuerBindingContext = issuerBindingContext;
                    sessionClientSettings.SecurityStandardsManager = sessionFactory.StandardsManager;
                    sessionClientSettings.SessionProtocolFactory   = sessionFactory;
                    channelFactory = new SecurityChannelFactory <TChannel>(securityCapabilities, context, sessionClientSettings);
                }
                else
                {
                    TransportSecurityProtocolFactory protocolFactory = new TransportSecurityProtocolFactory();
                    this.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
                    try
                    {
                        base.ConfigureProtocolFactory(protocolFactory, credentialsManager, false, issuerBindingContext, context.Binding);
                        SecureConversationSecurityTokenParameters acceleratedTokenParameters = (SecureConversationSecurityTokenParameters)scParameters.Clone();
                        acceleratedTokenParameters.IssuerBindingContext = issuerBindingContext;
                        protocolFactory.SecurityBindingElement.EndpointSupportingTokenParameters.Endorsing.Insert(0, acceleratedTokenParameters);
                    }
                    finally
                    {
                        this.EndpointSupportingTokenParameters.Endorsing.Insert(0, scParameters);
                    }

                    channelFactory = new SecurityChannelFactory <TChannel>(securityCapabilities, context, channelBuilder, protocolFactory);
                }
            }
            else
            {
                SecurityProtocolFactory protocolFactory = this.CreateSecurityProtocolFactory <TChannel>(
                    context, credentialsManager, false, issuerBindingContext);
                channelFactory = new SecurityChannelFactory <TChannel>(securityCapabilities, context, channelBuilder, protocolFactory);
            }

            return(channelFactory);
        }