// if any changes are made to this method, please reflect them in the corresponding TryCrete() method
internal SecurityBindingElement CreateMessageSecurity(bool isSecureTransportMode)
{
SecurityBindingElement result;
if (isSecureTransportMode)
{
MessageSecurityVersion version = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
switch (_clientCredentialType)
{
case BasicHttpMessageCredentialType.Certificate:
result = SecurityBindingElement.CreateCertificateOverTransportBindingElement(version);
break;
case BasicHttpMessageCredentialType.UserName:
result = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
result.MessageSecurityVersion = version;
break;
default:
Fx.Assert("Unsupported basic http message credential type");
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.Format(SR.UnsupportedSecuritySetting, "Mode", BasicHttpSecurityMode.Message)));
//if (_clientCredentialType != BasicHttpMessageCredentialType.Certificate)
//{
// throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.BasicHttpMessageSecurityRequiresCertificate)));
//}
//result = SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10, true);
}
result.DefaultAlgorithmSuite = AlgorithmSuite;
result.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
result.SetKeyDerivation(false);
// result.DoNotEmitTrust = true;
return(result);
}
internal SecurityBindingElement CreateMessageSecurity(bool isReliableSessionEnabled, MessageSecurityVersion version)
{
if (this.mode == SecurityMode.Message || this.mode == SecurityMode.TransportWithMessageCredential)
{
return(this.messageSecurity.CreateSecurityBindingElement(this.Mode == SecurityMode.TransportWithMessageCredential, isReliableSessionEnabled, version));
}
else
{
return(null);
}
}
public SecurityBindingElement CreateSecurityBindingElement(bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version)
{
if (isReliableSession && !IsSecureConversationEnabled())
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.SecureConversationRequiredByReliableSession)));
}
SecurityBindingElement result;
bool isKerberosSelected = false;
SecurityBindingElement oneShotSecurity;
if (isSecureTransportMode)
{
switch (_clientCredentialType)
{
case MessageCredentialType.None:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.ClientCredentialTypeMustBeSpecifiedForMixedMode)));
case MessageCredentialType.UserName:
oneShotSecurity = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
break;
case MessageCredentialType.Certificate:
oneShotSecurity = SecurityBindingElement.CreateCertificateOverTransportBindingElement();
break;
//case MessageCredentialType.Windows:
// oneShotSecurity = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement(true);
// break;
//case MessageCredentialType.IssuedToken:
// oneShotSecurity = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspAttributes: true)), this.algorithmSuite));
// break;
default:
Fx.Assert("unknown ClientCredentialType");
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
if (IsSecureConversationEnabled())
{
result = SecurityBindingElement.CreateSecureConversationBindingElement(oneShotSecurity, true);
}
else
{
result = oneShotSecurity;
}
}
else
{
throw new PlatformNotSupportedException();
//TODO
//if (negotiateServiceCredential)
//{
// switch (this.clientCredentialType)
// {
// case MessageCredentialType.None:
// oneShotSecurity = SecurityBindingElement.CreateSslNegotiationBindingElement(false, true);
// break;
// case MessageCredentialType.UserName:
// oneShotSecurity = SecurityBindingElement.CreateUserNameForSslBindingElement(true);
// break;
// case MessageCredentialType.Certificate:
// oneShotSecurity = SecurityBindingElement.CreateSslNegotiationBindingElement(true, true);
// break;
// case MessageCredentialType.Windows:
// oneShotSecurity = SecurityBindingElement.CreateSspiNegotiationBindingElement(true);
// break;
// case MessageCredentialType.IssuedToken:
// oneShotSecurity = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspAttributes: true)), this.algorithmSuite), true);
// break;
// default:
// Fx.Assert("unknown ClientCredentialType");
// throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
// }
//}
//else
//{
// switch (this.clientCredentialType)
// {
// case MessageCredentialType.None:
// oneShotSecurity = SecurityBindingElement.CreateAnonymousForCertificateBindingElement();
// break;
// case MessageCredentialType.UserName:
// oneShotSecurity = SecurityBindingElement.CreateUserNameForCertificateBindingElement();
// break;
// case MessageCredentialType.Certificate:
// oneShotSecurity = SecurityBindingElement.CreateMutualCertificateBindingElement();
// break;
// case MessageCredentialType.Windows:
// oneShotSecurity = SecurityBindingElement.CreateKerberosBindingElement();
// isKerberosSelected = true;
// break;
// case MessageCredentialType.IssuedToken:
// oneShotSecurity = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspAttributes: true)), this.algorithmSuite));
// break;
// default:
// Fx.Assert("unknown ClientCredentialType");
// throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
// }
//}
//if (IsSecureConversationEnabled())
//{
// result = SecurityBindingElement.CreateSecureConversationBindingElement(oneShotSecurity, true);
//}
//else
//{
// result = oneShotSecurity;
//}
}
// set the algorithm suite and issued token params if required
if (WasAlgorithmSuiteSet || (!isKerberosSelected))
{
result.DefaultAlgorithmSuite = oneShotSecurity.DefaultAlgorithmSuite = AlgorithmSuite;
}
else if (isKerberosSelected)
{
result.DefaultAlgorithmSuite = oneShotSecurity.DefaultAlgorithmSuite = SecurityAlgorithmSuite.KerberosDefault;
}
result.IncludeTimestamp = true;
oneShotSecurity.MessageSecurityVersion = version;
result.MessageSecurityVersion = version;
if (!isReliableSession)
{
result.LocalServiceSettings.ReconnectTransportOnFailure = false;
}
else
{
result.LocalServiceSettings.ReconnectTransportOnFailure = true;
}
if (IsSecureConversationEnabled())
{
oneShotSecurity.LocalServiceSettings.IssuedCookieLifetime = s_defaultServerIssuedTransitionTokenLifetime;
//TODO SpNego when port, remove above and enable below.
// issue the transition SCT for a short duration only
// oneShotSecurity.LocalServiceSettings.IssuedCookieLifetime = SpnegoTokenAuthenticator.defaultServerIssuedTransitionTokenLifetime;
}
return(result);
}
