public void Add(ChannelProtectionRequirements protectionRequirements, bool channelScopeOnly)
{
if (protectionRequirements == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(protectionRequirements));
}
if (protectionRequirements.IncomingSignatureParts != null)
{
IncomingSignatureParts.AddParts(protectionRequirements.IncomingSignatureParts.ChannelParts);
}
if (protectionRequirements.IncomingEncryptionParts != null)
{
IncomingEncryptionParts.AddParts(protectionRequirements.IncomingEncryptionParts.ChannelParts);
}
if (protectionRequirements.OutgoingSignatureParts != null)
{
OutgoingSignatureParts.AddParts(protectionRequirements.OutgoingSignatureParts.ChannelParts);
}
if (protectionRequirements.OutgoingEncryptionParts != null)
{
OutgoingEncryptionParts.AddParts(protectionRequirements.OutgoingEncryptionParts.ChannelParts);
}
if (!channelScopeOnly)
{
AddActionParts(IncomingSignatureParts, protectionRequirements.IncomingSignatureParts);
AddActionParts(IncomingEncryptionParts, protectionRequirements.IncomingEncryptionParts);
AddActionParts(OutgoingSignatureParts, protectionRequirements.OutgoingSignatureParts);
AddActionParts(OutgoingEncryptionParts, protectionRequirements.OutgoingEncryptionParts);
}
}
internal static ChannelProtectionRequirements CreateFromContractAndUnionResponseProtectionRequirements(ContractDescription contract, ISecurityCapabilities bindingElement)
{
var contractRequirements = CreateFromContract(contract, bindingElement.SupportedRequestProtectionLevel, bindingElement.SupportedResponseProtectionLevel);
var result = new ChannelProtectionRequirements();
result.OutgoingEncryptionParts.AddParts(UnionMessagePartSpecifications(contractRequirements.OutgoingEncryptionParts), MessageHeaders.WildcardAction);
result.OutgoingSignatureParts.AddParts(UnionMessagePartSpecifications(contractRequirements.OutgoingSignatureParts), MessageHeaders.WildcardAction);
contractRequirements.IncomingEncryptionParts.CopyTo(result.IncomingEncryptionParts);
contractRequirements.IncomingSignatureParts.CopyTo(result.IncomingSignatureParts);
return(result);
}
internal ChannelProtectionRequirements(ChannelProtectionRequirements other, ProtectionLevel newBodyProtectionLevel)
{
if (other == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(other));
}
IncomingSignatureParts = new ScopedMessagePartSpecification(other.IncomingSignatureParts, newBodyProtectionLevel != ProtectionLevel.None);
IncomingEncryptionParts = new ScopedMessagePartSpecification(other.IncomingEncryptionParts, newBodyProtectionLevel == ProtectionLevel.EncryptAndSign);
OutgoingSignatureParts = new ScopedMessagePartSpecification(other.OutgoingSignatureParts, newBodyProtectionLevel != ProtectionLevel.None);
OutgoingEncryptionParts = new ScopedMessagePartSpecification(other.OutgoingEncryptionParts, newBodyProtectionLevel == ProtectionLevel.EncryptAndSign);
}
public ChannelProtectionRequirements(ChannelProtectionRequirements other)
{
if (other == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(other));
}
IncomingSignatureParts = new ScopedMessagePartSpecification(other.IncomingSignatureParts);
IncomingEncryptionParts = new ScopedMessagePartSpecification(other.IncomingEncryptionParts);
OutgoingSignatureParts = new ScopedMessagePartSpecification(other.OutgoingSignatureParts);
OutgoingEncryptionParts = new ScopedMessagePartSpecification(other.OutgoingEncryptionParts);
}
internal MessageSecurityProtocolFactory(MessageSecurityProtocolFactory factory)
: base(factory)
{
if (factory == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(factory));
}
this.applyIntegrity = factory.applyIntegrity;
this.applyConfidentiality = factory.applyConfidentiality;
this.identityVerifier = factory.identityVerifier;
this.protectionRequirements = new ChannelProtectionRequirements(factory.protectionRequirements);
this.messageProtectionOrder = factory.messageProtectionOrder;
this.requireIntegrity = factory.requireIntegrity;
this.requireConfidentiality = factory.requireConfidentiality;
this.doRequestSignatureConfirmation = factory.doRequestSignatureConfirmation;
}
public void Add(ChannelProtectionRequirements protectionRequirements)
{
Add(protectionRequirements, false);
}
static void AddFaultProtectionRequirements(FaultDescriptionCollection faults, ChannelProtectionRequirements requirements, ProtectionLevel defaultProtectionLevel, bool addToIncoming)
{
if (faults == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(faults));
}
if (requirements == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(requirements));
}
foreach (var fault in faults)
{
var signedParts = new MessagePartSpecification();
var encryptedParts = new MessagePartSpecification();
var p = defaultProtectionLevel; // FaultDescription.HasProtectionLevel currently is always false
//ProtectionLevel p = fault.HasProtectionLevel ? fault.ProtectionLevel : defaultProtectionLevel;
if (p != ProtectionLevel.None)
{
signedParts.IsBodyIncluded = true;
if (p == ProtectionLevel.EncryptAndSign)
{
encryptedParts.IsBodyIncluded = true;
}
}
if (addToIncoming)
{
requirements.IncomingSignatureParts.AddParts(signedParts, fault.Action);
requirements.IncomingEncryptionParts.AddParts(encryptedParts, fault.Action);
}
else
{
requirements.OutgoingSignatureParts.AddParts(signedParts, fault.Action);
requirements.OutgoingEncryptionParts.AddParts(encryptedParts, fault.Action);
}
}
}
internal static ChannelProtectionRequirements CreateFromContract(ContractDescription contract, ProtectionLevel defaultRequestProtectionLevel, ProtectionLevel defaultResponseProtectionLevel)
{
if (contract == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(contract));
}
var requirements = new ChannelProtectionRequirements();
var contractScopeDefaultRequestProtectionLevel = ProtectionLevel.None;
var contractScopeDefaultResponseProtectionLevel = ProtectionLevel.None;
if (contract.HasProtectionLevel) // Currently always false
{
//contractScopeDefaultRequestProtectionLevel = contract.ProtectionLevel;
//contractScopeDefaultResponseProtectionLevel = contract.ProtectionLevel;
}
else
{
contractScopeDefaultRequestProtectionLevel = defaultRequestProtectionLevel;
contractScopeDefaultResponseProtectionLevel = defaultResponseProtectionLevel;
}
foreach (var operation in contract.Operations)
{
var operationScopeDefaultRequestProtectionLevel = ProtectionLevel.None;
var operationScopeDefaultResponseProtectionLevel = ProtectionLevel.None;
if (operation.HasProtectionLevel) // Currently always false
{
//operationScopeDefaultRequestProtectionLevel = operation.ProtectionLevel;
//operationScopeDefaultResponseProtectionLevel = operation.ProtectionLevel;
}
else
{
operationScopeDefaultRequestProtectionLevel = contractScopeDefaultRequestProtectionLevel;
operationScopeDefaultResponseProtectionLevel = contractScopeDefaultResponseProtectionLevel;
}
foreach (var message in operation.Messages)
{
var messageScopeDefaultProtectionLevel = ProtectionLevel.None;
if (message.HasProtectionLevel)
{
//messageScopeDefaultProtectionLevel = message.ProtectionLevel;
}
else if (message.Direction == MessageDirection.Input)
{
messageScopeDefaultProtectionLevel = operationScopeDefaultRequestProtectionLevel;
}
else
{
messageScopeDefaultProtectionLevel = operationScopeDefaultResponseProtectionLevel;
}
var signedParts = new MessagePartSpecification();
var encryptedParts = new MessagePartSpecification();
// determine header protection requirements for message
foreach (var header in message.Headers)
{
AddHeaderProtectionRequirements(header, signedParts, encryptedParts, messageScopeDefaultProtectionLevel);
}
// determine body protection requirements for message
ProtectionLevel bodyProtectionLevel;
if (message.Body.Parts.Count > 0)
{
// initialize the body protection level to none. all the body parts will be
// unioned to get the effective body protection level
bodyProtectionLevel = ProtectionLevel.None;
}
else if (message.Body.ReturnValue != null)
{
if (!(message.Body.ReturnValue.GetType().Equals(typeof(MessagePartDescription))))
{
Fx.Assert("Only body return values are supported currently");
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.OnlyBodyReturnValuesSupported));
}
bodyProtectionLevel = messageScopeDefaultProtectionLevel; // MessagePartDescription.HasProtectionLevel currently always false
//MessagePartDescription desc = message.Body.ReturnValue;
//bodyProtectionLevel = desc.HasProtectionLevel ? desc.ProtectionLevel : messageScopeDefaultProtectionLevel;
}
else
{
bodyProtectionLevel = messageScopeDefaultProtectionLevel;
}
// determine body protection requirements for message
if (message.Body.Parts.Count > 0)
{
foreach (var body in message.Body.Parts)
{
var partProtectionLevel = messageScopeDefaultProtectionLevel; // MessagePartDescription.HasProtectionLevel currently always false
//ProtectionLevel partProtectionLevel = body.HasProtectionLevel ? body.ProtectionLevel : messageScopeDefaultProtectionLevel;
bodyProtectionLevel = ProtectionLevelHelper.Max(bodyProtectionLevel, partProtectionLevel);
if (bodyProtectionLevel == ProtectionLevel.EncryptAndSign)
{
break;
}
}
}
if (bodyProtectionLevel != ProtectionLevel.None)
{
signedParts.IsBodyIncluded = true;
if (bodyProtectionLevel == ProtectionLevel.EncryptAndSign)
{
encryptedParts.IsBodyIncluded = true;
}
}
// add requirements for message
if (message.Direction == MessageDirection.Input)
{
requirements.IncomingSignatureParts.AddParts(signedParts, message.Action);
requirements.IncomingEncryptionParts.AddParts(encryptedParts, message.Action);
}
else
{
requirements.OutgoingSignatureParts.AddParts(signedParts, message.Action);
requirements.OutgoingEncryptionParts.AddParts(encryptedParts, message.Action);
}
}
if (operation.Faults != null)
{
if (operation.IsServerInitiated())
{
AddFaultProtectionRequirements(operation.Faults, requirements, operationScopeDefaultRequestProtectionLevel, true);
}
else
{
AddFaultProtectionRequirements(operation.Faults, requirements, operationScopeDefaultResponseProtectionLevel, false);
}
}
}
return(requirements);
}