protected override IChannelFactory <IAsyncRequestChannel> GetNegotiationChannelFactory(IChannelFactory <IAsyncRequestChannel> transportChannelFactory, ChannelBuilder channelBuilder)
        {
            ISecurityCapabilities      securityCapabilities = _bootstrapSecurityBindingElement.GetProperty <ISecurityCapabilities>(IssuerBindingContext);
            SecurityCredentialsManager securityCredentials  = IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>();

            if (securityCredentials == null)
            {
                securityCredentials = ClientCredentials.CreateDefaultCredentials();
            }

            _bootstrapSecurityBindingElement.ReaderQuotas = IssuerBindingContext.GetInnerProperty <XmlDictionaryReaderQuotas>();
            if (_bootstrapSecurityBindingElement.ReaderQuotas == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.EncodingBindingElementDoesNotHandleReaderQuotas));
            }

            TransportBindingElement transportBindingElement = IssuerBindingContext.RemainingBindingElements.Find <TransportBindingElement>();

            if (transportBindingElement != null)
            {
                _bootstrapSecurityBindingElement.MaxReceivedMessageSize = transportBindingElement.MaxReceivedMessageSize;
            }

            SecurityProtocolFactory securityProtocolFactory = _bootstrapSecurityBindingElement.CreateSecurityProtocolFactory <IAsyncRequestChannel>(IssuerBindingContext.Clone(), securityCredentials, false, IssuerBindingContext.Clone());

            return(new SecurityChannelFactory <IAsyncRequestChannel>(
                       securityCapabilities, IssuerBindingContext, channelBuilder, securityProtocolFactory, transportChannelFactory));
        }
Ejemplo n.º 2
0
 internal SecurityProtocolFactory(SecurityProtocolFactory factory)
     : this()
 {
     if (factory == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("factory");
     }
     this.actAsInitiator         = factory.actAsInitiator;
     this.addTimestamp           = factory.addTimestamp;
     this.detectReplays          = factory.detectReplays;
     this.incomingAlgorithmSuite = factory.incomingAlgorithmSuite;
     this.maxCachedNonces        = factory.maxCachedNonces;
     this.maxClockSkew           = factory.maxClockSkew;
     this.outgoingAlgorithmSuite = factory.outgoingAlgorithmSuite;
     this.replayWindow           = factory.replayWindow;
     // this.channelSupportingTokenAuthenticatorSpecification = (ICollection<SupportingTokenAuthenticatorSpecification>) new Collection<SupportingTokenAuthenticatorSpecification>((IList<SupportingTokenAuthenticatorSpecification>) new List<SupportingTokenAuthenticatorSpecification>((IEnumerable<SupportingTokenAuthenticatorSpecification>) factory.channelSupportingTokenAuthenticatorSpecification));
     // this.scopedSupportingTokenAuthenticatorSpecification = new Dictionary<string, ICollection<SupportingTokenAuthenticatorSpecification>>((IDictionary<string, ICollection<SupportingTokenAuthenticatorSpecification>>) factory.scopedSupportingTokenAuthenticatorSpecification);
     this.standardsManager = factory.standardsManager;
     // this.timestampValidityDuration = factory.timestampValidityDuration;
     // this.auditLogLocation = factory.auditLogLocation;
     // this.suppressAuditFailure = factory.suppressAuditFailure;
     // this.serviceAuthorizationAuditLevel = factory.serviceAuthorizationAuditLevel;
     // this.messageAuthenticationAuditLevel = factory.messageAuthenticationAuditLevel;
     if (factory.securityBindingElement != null)
     {
         this.securityBindingElement = (SecurityBindingElement)factory.securityBindingElement.Clone();
     }
     this.securityTokenManager = factory.securityTokenManager;
     this.privacyNoticeUri     = factory.privacyNoticeUri;
     this.privacyNoticeVersion = factory.privacyNoticeVersion;
     //  this.endpointFilterTable = factory.endpointFilterTable;
     this.extendedProtectionPolicy = factory.extendedProtectionPolicy;
     this.nonceCache = factory.nonceCache;
 }
Ejemplo n.º 3
0
 protected SecurityProtocol(SecurityProtocolFactory factory, EndpointAddress target, Uri via)
 {
     SecurityProtocolFactory = factory;
     Target = target;
     Via    = via;
     CommunicationObject = new WrapperSecurityCommunicationObject(this);
 }
Ejemplo n.º 4
0
 protected ClientSecurityChannel(ChannelManagerBase factory, System.ServiceModel.Security.SecurityProtocolFactory securityProtocolFactory, UChannel innerChannel, EndpointAddress to, Uri via) : base(factory, innerChannel)
 {
     this.to  = to;
     this.via = via;
     this.securityProtocolFactory = securityProtocolFactory;
     this.channelParameters       = new ChannelParameterCollection(this);
 }
Ejemplo n.º 5
0
        internal SecurityProtocolFactory(SecurityProtocolFactory factory)
            : this()
        {
            if (factory == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("factory");
            }

            _actAsInitiator         = factory._actAsInitiator;
            _addTimestamp           = factory._addTimestamp;
            _detectReplays          = factory._detectReplays;
            _incomingAlgorithmSuite = factory._incomingAlgorithmSuite;
            _maxCachedNonces        = factory._maxCachedNonces;
            _maxClockSkew           = factory._maxClockSkew;
            _outgoingAlgorithmSuite = factory._outgoingAlgorithmSuite;
            _replayWindow           = factory._replayWindow;
            _channelSupportingTokenAuthenticatorSpecification = new Collection <SupportingTokenAuthenticatorSpecification>(new List <SupportingTokenAuthenticatorSpecification>(factory._channelSupportingTokenAuthenticatorSpecification));
            _scopedSupportingTokenAuthenticatorSpecification  = new Dictionary <string, ICollection <SupportingTokenAuthenticatorSpecification> >(factory._scopedSupportingTokenAuthenticatorSpecification);
            _standardsManager                = factory._standardsManager;
            _timestampValidityDuration       = factory._timestampValidityDuration;
            _auditLogLocation                = factory._auditLogLocation;
            _suppressAuditFailure            = factory._suppressAuditFailure;
            _serviceAuthorizationAuditLevel  = factory._serviceAuthorizationAuditLevel;
            _messageAuthenticationAuditLevel = factory._messageAuthenticationAuditLevel;
            if (factory._securityBindingElement != null)
            {
                _securityBindingElement = (SecurityBindingElement)factory._securityBindingElement.Clone();
            }
            _securityTokenManager     = factory._securityTokenManager;
            _privacyNoticeUri         = factory._privacyNoticeUri;
            _privacyNoticeVersion     = factory._privacyNoticeVersion;
            _extendedProtectionPolicy = factory._extendedProtectionPolicy;
            _nonceCache = factory._nonceCache;
        }
Ejemplo n.º 6
0
 public SecurityListenerSettingsLifetimeManager(SecurityProtocolFactory securityProtocolFactory, SecuritySessionServerSettings sessionSettings, bool sessionMode, IChannelListener innerListener)
 {
     this.securityProtocolFactory = securityProtocolFactory;
     this.sessionSettings         = sessionSettings;
     this.sessionMode             = sessionMode;
     this.innerListener           = innerListener;
     this.referenceCount          = 1;
 }
Ejemplo n.º 7
0
 private void CloseProtocolFactory(bool aborted, TimeSpan timeout)
 {
     if ((this.securityProtocolFactory != null) && !this.SessionMode)
     {
         this.securityProtocolFactory.Close(aborted, timeout);
         this.securityProtocolFactory = null;
     }
 }
Ejemplo n.º 8
0
 public SecurityListenerSettingsLifetimeManager(SecurityProtocolFactory securityProtocolFactory, SecuritySessionServerSettings sessionSettings, bool sessionMode, IChannelListener innerListener)
 {
     this.securityProtocolFactory = securityProtocolFactory;
     this.sessionSettings         = sessionSettings;
     this.sessionMode             = sessionMode;
     this.innerListener           = innerListener;
     // have a reference right from the start so that the state can be aborted before open
     referenceCount = 1;
 }
        protected override SecurityProtocol OnCreateSecurityProtocol(EndpointAddress target, Uri via, object listenerSecurityState, TimeSpan timeout)
        {
            SecurityProtocolFactory protocolFactoryForOutgoingMessages = this.ProtocolFactoryForOutgoingMessages;
            SecurityProtocolFactory protocolFactoryForIncomingMessages = this.ProtocolFactoryForIncomingMessages;
            TimeoutHelper           helper           = new TimeoutHelper(timeout);
            SecurityProtocol        outgoingProtocol = (protocolFactoryForOutgoingMessages == null) ? null : protocolFactoryForOutgoingMessages.CreateSecurityProtocol(target, via, listenerSecurityState, false, helper.RemainingTime());

            return(new DuplexSecurityProtocol(outgoingProtocol, (protocolFactoryForIncomingMessages == null) ? null : protocolFactoryForIncomingMessages.CreateSecurityProtocol(null, null, listenerSecurityState, false, helper.RemainingTime())));
        }
        protected override SecurityProtocol OnCreateSecurityProtocol(EndpointAddress target, Uri via, object listenerSecurityState, TimeSpan timeout)
        {
            SecurityProtocolFactory outgoingFactory = this.ProtocolFactoryForOutgoingMessages;
            SecurityProtocolFactory incomingFactory = this.ProtocolFactoryForIncomingMessages;
            TimeoutHelper           timeoutHelper   = new TimeoutHelper(timeout);
            SecurityProtocol        outgoing        = outgoingFactory == null ? null : outgoingFactory.CreateSecurityProtocol(target, via, listenerSecurityState, false, timeoutHelper.RemainingTime());
            SecurityProtocol        incoming        = incomingFactory == null ? null : incomingFactory.CreateSecurityProtocol(null, null, listenerSecurityState, false, timeoutHelper.RemainingTime());

            return(new DuplexSecurityProtocol(outgoing, incoming));
        }
        public override EndpointIdentity GetIdentityOfSelf()
        {
            SecurityProtocolFactory protocolFactoryForIncomingMessages = this.ProtocolFactoryForIncomingMessages;

            if (protocolFactoryForIncomingMessages != null)
            {
                return(protocolFactoryForIncomingMessages.GetIdentityOfSelf());
            }
            return(base.GetIdentityOfSelf());
        }
 void Open(SecurityProtocolFactory factory, bool actAsInitiator, string propertyName, TimeSpan timeout)
 {
     if (factory != null)
     {
         factory.Open(actAsInitiator, timeout);
     }
     else if (this.RequireSecurityOnBothDuplexDirections)
     {
         OnPropertySettingsError(propertyName, true);
     }
 }
        public override EndpointIdentity GetIdentityOfSelf()
        {
            SecurityProtocolFactory factory = this.ProtocolFactoryForIncomingMessages;

            if (factory != null)
            {
                return(factory.GetIdentityOfSelf());
            }
            else
            {
                return(base.GetIdentityOfSelf());
            }
        }
        internal IChannelListener <TChannel> BuildNegotiationChannelListener <TChannel>(BindingContext context)
            where TChannel : class, IChannel
        {
            SecurityCredentialsManager securityCredentials = this.IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>();

            if (securityCredentials == null)
            {
                securityCredentials = ServiceCredentials.CreateDefaultCredentials();
            }

            this.bootstrapSecurityBindingElement.ReaderQuotas = context.GetInnerProperty <XmlDictionaryReaderQuotas>();
            if (this.bootstrapSecurityBindingElement.ReaderQuotas == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.EncodingBindingElementDoesNotHandleReaderQuotas)));
            }

            TransportBindingElement transportBindingElement = context.RemainingBindingElements.Find <TransportBindingElement>();

            if (transportBindingElement != null)
            {
                this.bootstrapSecurityBindingElement.MaxReceivedMessageSize = transportBindingElement.MaxReceivedMessageSize;
            }

            SecurityProtocolFactory        securityProtocolFactory = this.bootstrapSecurityBindingElement.CreateSecurityProtocolFactory <TChannel>(this.IssuerBindingContext.Clone(), securityCredentials, true, this.IssuerBindingContext.Clone());
            MessageSecurityProtocolFactory soapBindingFactory      = securityProtocolFactory as MessageSecurityProtocolFactory;

            if (soapBindingFactory != null)
            {
                soapBindingFactory.ApplyConfidentiality             = soapBindingFactory.ApplyIntegrity
                                                                    = soapBindingFactory.RequireConfidentiality = soapBindingFactory.RequireIntegrity = true;
                MessagePartSpecification bodyPart = new MessagePartSpecification(true);
                soapBindingFactory.ProtectionRequirements.OutgoingSignatureParts.AddParts(bodyPart, RequestSecurityTokenResponseAction);
                soapBindingFactory.ProtectionRequirements.OutgoingEncryptionParts.AddParts(bodyPart, RequestSecurityTokenResponseAction);
                soapBindingFactory.ProtectionRequirements.IncomingSignatureParts.AddParts(bodyPart, RequestSecurityTokenAction);
                soapBindingFactory.ProtectionRequirements.IncomingEncryptionParts.AddParts(bodyPart, RequestSecurityTokenAction);
            }

            SecurityChannelListener <TChannel> securityChannelListener =
                new SecurityChannelListener <TChannel>(this.bootstrapSecurityBindingElement, context);

            securityChannelListener.SecurityProtocolFactory = securityProtocolFactory;
            // do not send back unsecured faults over composite duplex
            securityChannelListener.SendUnsecuredFaults = !SecurityUtils.IsCompositeDuplexBinding(context);

            ChannelBuilder channelBuilder = new ChannelBuilder(context, true);

            securityChannelListener.InitializeListener(channelBuilder);
            this.shouldMatchRstWithEndpointFilter = SecurityUtils.ShouldMatchRstWithEndpointFilter(this.bootstrapSecurityBindingElement);
            return(securityChannelListener);
        }
Ejemplo n.º 15
0
        internal bool TryGetSupportingTokens(SecurityProtocolFactory factory, EndpointAddress target, Uri via, Message message, TimeSpan timeout, bool isBlockingCall, out IList <SupportingTokenSpecification> supportingTokens)
        {
            if (!factory.ActAsInitiator)
            {
                supportingTokens = null;
                return(true);
            }
            if (message == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("message");
            }
            TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);

            supportingTokens = null;
            IList <SupportingTokenProviderSpecification> supportingTokenProviders = this.GetSupportingTokenProviders(message.Headers.Action);

            if (supportingTokenProviders != null && supportingTokenProviders.Count > 0)
            {
                // dont do anything if blocking is not allowed
                if (!isBlockingCall)
                {
                    return(false);
                }

                supportingTokens = new Collection <SupportingTokenSpecification>();
                for (int i = 0; i < supportingTokenProviders.Count; ++i)
                {
                    SupportingTokenProviderSpecification spec = supportingTokenProviders[i];
                    SecurityToken supportingToken;
                    // The ProviderBackedSecurityToken was added in Win7 to allow KerberosRequestorSecurity
                    // to pass a channel binding to InitializeSecurityContext.
                    if ((this is TransportSecurityProtocol) && (spec.TokenParameters is KerberosSecurityTokenParameters))
                    {
                        supportingToken = new ProviderBackedSecurityToken(spec.TokenProvider, timeoutHelper.RemainingTime());
                    }
                    else
                    {
                        supportingToken = spec.TokenProvider.GetToken(timeoutHelper.RemainingTime());
                    }

                    supportingTokens.Add(new SupportingTokenSpecification(supportingToken, EmptyReadOnlyCollection <IAuthorizationPolicy> .Instance, spec.SecurityTokenAttachmentMode, spec.TokenParameters));
                }
            }
            // add any runtime supporting tokens
            AddMessageSupportingTokens(message, ref supportingTokens);

            return(true);
        }
Ejemplo n.º 16
0
        SendSecurityHeader CreateSendSecurityHeader(Message message, string actor, SecurityProtocolFactory factory, bool requireMessageProtection)
        {
            MessageDirection   transferDirection  = factory.ActAsInitiator ? MessageDirection.Input : MessageDirection.Output;
            SendSecurityHeader sendSecurityHeader = factory.StandardsManager.CreateSendSecurityHeader(
                message,
                actor, true, false,
                factory.OutgoingAlgorithmSuite, transferDirection);

            sendSecurityHeader.Layout = factory.SecurityHeaderLayout;
            sendSecurityHeader.RequireMessageProtection = requireMessageProtection;
            SetSecurityHeaderId(sendSecurityHeader, message);
            if (factory.AddTimestamp)
            {
                sendSecurityHeader.AddTimestamp(factory.TimestampValidityDuration);
            }

            sendSecurityHeader.StreamBufferManager = factory.StreamBufferManager;
            return(sendSecurityHeader);
        }
        internal IChannelListener <TChannel> BuildNegotiationChannelListener <TChannel>(BindingContext context) where TChannel : class, IChannel
        {
            SecurityCredentialsManager credentialsManager = base.IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>();

            if (credentialsManager == null)
            {
                credentialsManager = ServiceCredentials.CreateDefaultCredentials();
            }
            this.bootstrapSecurityBindingElement.ReaderQuotas = context.GetInnerProperty <XmlDictionaryReaderQuotas>();
            if (this.bootstrapSecurityBindingElement.ReaderQuotas == null)
            {
                throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("EncodingBindingElementDoesNotHandleReaderQuotas")));
            }
            TransportBindingElement element = context.RemainingBindingElements.Find <TransportBindingElement>();

            if (element != null)
            {
                this.bootstrapSecurityBindingElement.MaxReceivedMessageSize = element.MaxReceivedMessageSize;
            }
            SecurityProtocolFactory        factory  = this.bootstrapSecurityBindingElement.CreateSecurityProtocolFactory <TChannel>(base.IssuerBindingContext.Clone(), credentialsManager, true, base.IssuerBindingContext.Clone());
            MessageSecurityProtocolFactory factory2 = factory as MessageSecurityProtocolFactory;

            if (factory2 != null)
            {
                factory2.ApplyConfidentiality = factory2.ApplyIntegrity = factory2.RequireConfidentiality = factory2.RequireIntegrity = true;
                MessagePartSpecification parts = new MessagePartSpecification(true);
                factory2.ProtectionRequirements.OutgoingSignatureParts.AddParts(parts, this.RequestSecurityTokenResponseAction);
                factory2.ProtectionRequirements.OutgoingEncryptionParts.AddParts(parts, this.RequestSecurityTokenResponseAction);
                factory2.ProtectionRequirements.IncomingSignatureParts.AddParts(parts, this.RequestSecurityTokenAction);
                factory2.ProtectionRequirements.IncomingEncryptionParts.AddParts(parts, this.RequestSecurityTokenAction);
            }
            SecurityChannelListener <TChannel> listener = new SecurityChannelListener <TChannel>(this.bootstrapSecurityBindingElement, context)
            {
                SecurityProtocolFactory = factory,
                SendUnsecuredFaults     = !System.ServiceModel.Security.SecurityUtils.IsCompositeDuplexBinding(context)
            };
            ChannelBuilder channelBuilder = new ChannelBuilder(context, true);

            listener.InitializeListener(channelBuilder);
            this.shouldMatchRstWithEndpointFilter = System.ServiceModel.Security.SecurityUtils.ShouldMatchRstWithEndpointFilter(this.bootstrapSecurityBindingElement);
            return(listener);
        }
Ejemplo n.º 18
0
        protected override IChannelFactory <IRequestChannel> GetNegotiationChannelFactory(IChannelFactory <IRequestChannel> transportChannelFactory, ChannelBuilder channelBuilder)
        {
            ISecurityCapabilities      securityCapabilities = this.bootstrapSecurityBindingElement.GetProperty <ISecurityCapabilities>(this.IssuerBindingContext);
            SecurityCredentialsManager securityCredentials  = this.IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>();

            if (securityCredentials == null)
            {
                securityCredentials = ClientCredentials.CreateDefaultCredentials();
            }

            this.bootstrapSecurityBindingElement.ReaderQuotas = this.IssuerBindingContext.GetInnerProperty <XmlDictionaryReaderQuotas>();
            if (this.bootstrapSecurityBindingElement.ReaderQuotas == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.EncodingBindingElementDoesNotHandleReaderQuotas)));
            }

            TransportBindingElement transportBindingElement = this.IssuerBindingContext.RemainingBindingElements.Find <TransportBindingElement>();

            if (transportBindingElement != null)
            {
                this.bootstrapSecurityBindingElement.MaxReceivedMessageSize = transportBindingElement.MaxReceivedMessageSize;
            }

            SecurityProtocolFactory        securityProtocolFactory = this.bootstrapSecurityBindingElement.CreateSecurityProtocolFactory <IRequestChannel>(this.IssuerBindingContext.Clone(), securityCredentials, false, this.IssuerBindingContext.Clone());
            MessageSecurityProtocolFactory soapBindingFactory      = (securityProtocolFactory as MessageSecurityProtocolFactory);

            if (soapBindingFactory != null)
            {
                soapBindingFactory.ApplyConfidentiality             = soapBindingFactory.ApplyIntegrity
                                                                    = soapBindingFactory.RequireConfidentiality = soapBindingFactory.RequireIntegrity = true;

                MessagePartSpecification bodyPart = new MessagePartSpecification(true);
                soapBindingFactory.ProtectionRequirements.IncomingSignatureParts.AddParts(bodyPart, RequestSecurityTokenAction);
                soapBindingFactory.ProtectionRequirements.IncomingEncryptionParts.AddParts(bodyPart, RequestSecurityTokenAction);
                soapBindingFactory.ProtectionRequirements.OutgoingSignatureParts.AddParts(bodyPart, RequestSecurityTokenResponseAction);
                soapBindingFactory.ProtectionRequirements.OutgoingEncryptionParts.AddParts(bodyPart, RequestSecurityTokenResponseAction);
            }
            securityProtocolFactory.PrivacyNoticeUri     = this.PrivacyNoticeUri;
            securityProtocolFactory.PrivacyNoticeVersion = this.PrivacyNoticeVersion;
            return(new SecurityChannelFactory <IRequestChannel>(
                       securityCapabilities, this.IssuerBindingContext, channelBuilder, securityProtocolFactory, transportChannelFactory));
        }
Ejemplo n.º 19
0
        internal SecurityProtocolFactory(SecurityProtocolFactory factory) : this()
        {
            if (factory == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(factory));
            }

            ActAsInitiator          = factory.ActAsInitiator;
            _addTimestamp           = factory._addTimestamp;
            _detectReplays          = factory._detectReplays;
            _incomingAlgorithmSuite = factory._incomingAlgorithmSuite;
            _maxCachedNonces        = factory._maxCachedNonces;
            _maxClockSkew           = factory._maxClockSkew;
            _outgoingAlgorithmSuite = factory._outgoingAlgorithmSuite;
            _replayWindow           = factory._replayWindow;
            _channelSupportingTokenAuthenticatorSpecification = new Collection <SupportingTokenAuthenticatorSpecification>(new List <SupportingTokenAuthenticatorSpecification>(factory._channelSupportingTokenAuthenticatorSpecification));
            _standardsManager          = factory._standardsManager;
            _timestampValidityDuration = factory._timestampValidityDuration;
            _securityBindingElement    = (SecurityBindingElement)factory._securityBindingElement?.Clone();
            _securityTokenManager      = factory._securityTokenManager;
            _nonceCache = factory._nonceCache;
        }
Ejemplo n.º 20
0
        protected override IChannelFactory <IRequestChannel> GetNegotiationChannelFactory(IChannelFactory <IRequestChannel> transportChannelFactory, ChannelBuilder channelBuilder)
        {
            ISecurityCapabilities      property           = this.bootstrapSecurityBindingElement.GetProperty <ISecurityCapabilities>(base.IssuerBindingContext);
            SecurityCredentialsManager credentialsManager = base.IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>();

            if (credentialsManager == null)
            {
                credentialsManager = ClientCredentials.CreateDefaultCredentials();
            }
            this.bootstrapSecurityBindingElement.ReaderQuotas = base.IssuerBindingContext.GetInnerProperty <XmlDictionaryReaderQuotas>();
            if (this.bootstrapSecurityBindingElement.ReaderQuotas == null)
            {
                throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("EncodingBindingElementDoesNotHandleReaderQuotas")));
            }
            TransportBindingElement element = base.IssuerBindingContext.RemainingBindingElements.Find <TransportBindingElement>();

            if (element != null)
            {
                this.bootstrapSecurityBindingElement.MaxReceivedMessageSize = element.MaxReceivedMessageSize;
            }
            SecurityProtocolFactory        protocolFactory = this.bootstrapSecurityBindingElement.CreateSecurityProtocolFactory <IRequestChannel>(base.IssuerBindingContext.Clone(), credentialsManager, false, base.IssuerBindingContext.Clone());
            MessageSecurityProtocolFactory factory2        = protocolFactory as MessageSecurityProtocolFactory;

            if (factory2 != null)
            {
                factory2.ApplyConfidentiality = factory2.ApplyIntegrity = factory2.RequireConfidentiality = factory2.RequireIntegrity = true;
                MessagePartSpecification parts = new MessagePartSpecification(true);
                factory2.ProtectionRequirements.IncomingSignatureParts.AddParts(parts, this.RequestSecurityTokenAction);
                factory2.ProtectionRequirements.IncomingEncryptionParts.AddParts(parts, this.RequestSecurityTokenAction);
                factory2.ProtectionRequirements.OutgoingSignatureParts.AddParts(parts, this.RequestSecurityTokenResponseAction);
                factory2.ProtectionRequirements.OutgoingEncryptionParts.AddParts(parts, this.RequestSecurityTokenResponseAction);
            }
            protocolFactory.PrivacyNoticeUri     = this.PrivacyNoticeUri;
            protocolFactory.PrivacyNoticeVersion = this.PrivacyNoticeVersion;
            return(new SecurityChannelFactory <IRequestChannel>(property, base.IssuerBindingContext, channelBuilder, protocolFactory, transportChannelFactory));
        }
Ejemplo n.º 21
0
        private void InitializeFactories()
        {
            ISecurityCapabilities      securityCapabilities = BootstrapSecurityBindingElement.GetProperty <ISecurityCapabilities>(IssuerBindingContext);
            SecurityCredentialsManager securityCredentials  = IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>();

            if (securityCredentials == null)
            {
                securityCredentials = ClientCredentials.CreateDefaultCredentials();
            }

            BindingContext context = IssuerBindingContext;

            _bootstrapSecurityBindingElement.ReaderQuotas = context.GetInnerProperty <XmlDictionaryReaderQuotas>();
            if (_bootstrapSecurityBindingElement.ReaderQuotas == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.EncodingBindingElementDoesNotHandleReaderQuotas));
            }

            TransportBindingElement transportBindingElement = context.RemainingBindingElements.Find <TransportBindingElement>();

            if (transportBindingElement != null)
            {
                _bootstrapSecurityBindingElement.MaxReceivedMessageSize = transportBindingElement.MaxReceivedMessageSize;
            }

            SecurityProtocolFactory securityProtocolFactory = BootstrapSecurityBindingElement.CreateSecurityProtocolFactory <IRequestChannel>(IssuerBindingContext.Clone(), securityCredentials, false, IssuerBindingContext.Clone());

            if (_localAddress != null)
            {
                MessageFilter issueAndRenewFilter = new SessionActionFilter(_standardsManager, IssueResponseAction.Value, RenewResponseAction.Value);
                context.BindingParameters.Add(new LocalAddressProvider(_localAddress, issueAndRenewFilter));
            }

            ChannelBuilder  channelBuilder = new ChannelBuilder(context, true);
            IChannelFactory innerChannelFactory;

            // if the underlying transport does not support request/reply, wrap it inside
            // a service channel factory.
            if (channelBuilder.CanBuildChannelFactory <IRequestChannel>())
            {
                innerChannelFactory            = channelBuilder.BuildChannelFactory <IRequestChannel>();
                _requiresManualReplyAddressing = true;
            }
            else
            {
                ClientRuntime clientRuntime = new ClientRuntime("RequestSecuritySession", NamingHelper.DefaultNamespace);
                clientRuntime.UseSynchronizationContext    = false;
                clientRuntime.AddTransactionFlowProperties = false;
                clientRuntime.ValidateMustUnderstand       = false;
                ServiceChannelFactory serviceChannelFactory = ServiceChannelFactory.BuildChannelFactory(channelBuilder, clientRuntime);

                ClientOperation issueOperation = new ClientOperation(serviceChannelFactory.ClientRuntime, "Issue", IssueAction.Value);
                issueOperation.Formatter = s_operationFormatter;
                serviceChannelFactory.ClientRuntime.Operations.Add(issueOperation);

                ClientOperation renewOperation = new ClientOperation(serviceChannelFactory.ClientRuntime, "Renew", RenewAction.Value);
                renewOperation.Formatter = s_operationFormatter;
                serviceChannelFactory.ClientRuntime.Operations.Add(renewOperation);
                innerChannelFactory            = new RequestChannelFactory(serviceChannelFactory);
                _requiresManualReplyAddressing = false;
            }

            SecurityChannelFactory <IAsyncRequestChannel> securityChannelFactory = new SecurityChannelFactory <IAsyncRequestChannel>(
                securityCapabilities, IssuerBindingContext, channelBuilder, securityProtocolFactory, innerChannelFactory);

            // attach the ExtendedProtectionPolicy to the securityProtcolFactory so it will be
            // available when building the channel.
            if (transportBindingElement != null)
            {
                if (securityChannelFactory.SecurityProtocolFactory != null)
                {
                    securityChannelFactory.SecurityProtocolFactory.ExtendedProtectionPolicy = transportBindingElement.GetProperty <ExtendedProtectionPolicy>(context);
                }
            }

            _rstChannelFactory = securityChannelFactory;
            MessageVersion     = securityChannelFactory.MessageVersion;
        }
 public DuplexSecurityProtocolFactory(SecurityProtocolFactory forwardProtocolFactory, SecurityProtocolFactory reverseProtocolFactory)
     : this()
 {
     this.forwardProtocolFactory = forwardProtocolFactory;
     this.reverseProtocolFactory = reverseProtocolFactory;
 }
Ejemplo n.º 23
0
 protected SendSecurityHeader CreateSendSecurityHeader(Message message, string actor, SecurityProtocolFactory factory)
 {
     return(CreateSendSecurityHeader(message, actor, factory, true));
 }
Ejemplo n.º 24
0
 protected SendSecurityHeader CreateSendSecurityHeaderForTransportProtocol(Message message, string actor, SecurityProtocolFactory factory)
 {
     return(CreateSendSecurityHeader(message, actor, factory, false));
 }
Ejemplo n.º 25
0
        internal async Task <IList <SupportingTokenSpecification> > TryGetSupportingTokensAsync(SecurityProtocolFactory factory, EndpointAddress target, Uri via, Message message, TimeSpan timeout)
        {
            IList <SupportingTokenSpecification> supportingTokens = null;

            if (!factory.ActAsInitiator)
            {
                return(null);
            }

            if (message == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(message));
            }

            TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);
            IList <SupportingTokenProviderSpecification> supportingTokenProviders = GetSupportingTokenProviders(message.Headers.Action);

            if (supportingTokenProviders != null && supportingTokenProviders.Count > 0)
            {
                supportingTokens = new Collection <SupportingTokenSpecification>();
                for (int i = 0; i < supportingTokenProviders.Count; ++i)
                {
                    SupportingTokenProviderSpecification spec = supportingTokenProviders[i];
                    SecurityToken supportingToken;
                    supportingToken = await spec.TokenProvider.GetTokenAsync(timeoutHelper.RemainingTime());

                    supportingTokens.Add(new SupportingTokenSpecification(supportingToken, EmptyReadOnlyCollection <IAuthorizationPolicy> .Instance, spec.SecurityTokenAttachmentMode, spec.TokenParameters));
                }
            }

            // add any runtime supporting tokens
            AddMessageSupportingTokens(message, ref supportingTokens);
            return(supportingTokens);
        }
Ejemplo n.º 26
0
 public SecurityChannelFactory(ISecurityCapabilities securityCapabilities, BindingContext context, System.ServiceModel.Channels.ChannelBuilder channelBuilder, System.ServiceModel.Security.SecurityProtocolFactory protocolFactory, IChannelFactory innerChannelFactory) : this(securityCapabilities, context, channelBuilder, innerChannelFactory)
 {
     this.securityProtocolFactory = protocolFactory;
 }
Ejemplo n.º 27
0
 public SecurityChannelFactory(ISecurityCapabilities securityCapabilities, BindingContext context, System.ServiceModel.Channels.ChannelBuilder channelBuilder, System.ServiceModel.Security.SecurityProtocolFactory protocolFactory) : this(securityCapabilities, context, channelBuilder, protocolFactory, channelBuilder.BuildChannelFactory <TChannel>())
 {
 }
Ejemplo n.º 28
0
 internal SecurityChannelFactory(Binding binding, System.ServiceModel.Security.SecurityProtocolFactory protocolFactory, IChannelFactory innerChannelFactory) : base(binding, innerChannelFactory)
 {
     this.securityProtocolFactory = protocolFactory;
 }
Ejemplo n.º 29
0
        private void InitializeFactories()
        {
            IChannelFactory <IRequestChannel> factory3;
            ISecurityCapabilities             property           = this.BootstrapSecurityBindingElement.GetProperty <ISecurityCapabilities>(this.IssuerBindingContext);
            SecurityCredentialsManager        credentialsManager = this.IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>();

            if (credentialsManager == null)
            {
                credentialsManager = ClientCredentials.CreateDefaultCredentials();
            }
            BindingContext issuerBindingContext = this.IssuerBindingContext;

            this.bootstrapSecurityBindingElement.ReaderQuotas = issuerBindingContext.GetInnerProperty <XmlDictionaryReaderQuotas>();
            if (this.bootstrapSecurityBindingElement.ReaderQuotas == null)
            {
                throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("EncodingBindingElementDoesNotHandleReaderQuotas")));
            }
            TransportBindingElement element = issuerBindingContext.RemainingBindingElements.Find <TransportBindingElement>();

            if (element != null)
            {
                this.bootstrapSecurityBindingElement.MaxReceivedMessageSize = element.MaxReceivedMessageSize;
            }
            SecurityProtocolFactory protocolFactory = this.BootstrapSecurityBindingElement.CreateSecurityProtocolFactory <IRequestChannel>(this.IssuerBindingContext.Clone(), credentialsManager, false, this.IssuerBindingContext.Clone());

            if (protocolFactory is MessageSecurityProtocolFactory)
            {
                MessageSecurityProtocolFactory factory2 = protocolFactory as MessageSecurityProtocolFactory;
                factory2.ApplyConfidentiality = factory2.ApplyIntegrity = factory2.RequireConfidentiality = factory2.RequireIntegrity = true;
                factory2.ProtectionRequirements.IncomingSignatureParts.ChannelParts.IsBodyIncluded = true;
                factory2.ProtectionRequirements.OutgoingSignatureParts.ChannelParts.IsBodyIncluded = true;
                MessagePartSpecification parts = new MessagePartSpecification(true);
                factory2.ProtectionRequirements.IncomingSignatureParts.AddParts(parts, this.IssueAction);
                factory2.ProtectionRequirements.IncomingEncryptionParts.AddParts(parts, this.IssueAction);
                factory2.ProtectionRequirements.IncomingSignatureParts.AddParts(parts, this.RenewAction);
                factory2.ProtectionRequirements.IncomingEncryptionParts.AddParts(parts, this.RenewAction);
                factory2.ProtectionRequirements.OutgoingSignatureParts.AddParts(parts, this.IssueResponseAction);
                factory2.ProtectionRequirements.OutgoingEncryptionParts.AddParts(parts, this.IssueResponseAction);
                factory2.ProtectionRequirements.OutgoingSignatureParts.AddParts(parts, this.RenewResponseAction);
                factory2.ProtectionRequirements.OutgoingEncryptionParts.AddParts(parts, this.RenewResponseAction);
            }
            protocolFactory.PrivacyNoticeUri     = this.PrivacyNoticeUri;
            protocolFactory.PrivacyNoticeVersion = this.privacyNoticeVersion;
            if (this.localAddress != null)
            {
                MessageFilter filter = new SessionActionFilter(this.standardsManager, new string[] { this.IssueResponseAction.Value, this.RenewResponseAction.Value });
                issuerBindingContext.BindingParameters.Add(new LocalAddressProvider(this.localAddress, filter));
            }
            ChannelBuilder channelBuilder = new ChannelBuilder(issuerBindingContext, true);

            if (channelBuilder.CanBuildChannelFactory <IRequestChannel>())
            {
                factory3 = channelBuilder.BuildChannelFactory <IRequestChannel>();
                this.requiresManualReplyAddressing = true;
            }
            else
            {
                ClientRuntime clientRuntime = new ClientRuntime("RequestSecuritySession", "http://tempuri.org/")
                {
                    UseSynchronizationContext    = false,
                    AddTransactionFlowProperties = false,
                    ValidateMustUnderstand       = false
                };
                ServiceChannelFactory serviceChannelFactory = ServiceChannelFactory.BuildChannelFactory(channelBuilder, clientRuntime);
                ClientOperation       item = new ClientOperation(serviceChannelFactory.ClientRuntime, "Issue", this.IssueAction.Value)
                {
                    Formatter = operationFormatter
                };
                serviceChannelFactory.ClientRuntime.Operations.Add(item);
                ClientOperation operation2 = new ClientOperation(serviceChannelFactory.ClientRuntime, "Renew", this.RenewAction.Value)
                {
                    Formatter = operationFormatter
                };
                serviceChannelFactory.ClientRuntime.Operations.Add(operation2);
                factory3 = new RequestChannelFactory(serviceChannelFactory);
                this.requiresManualReplyAddressing = false;
            }
            SecurityChannelFactory <IRequestChannel> factory5 = new SecurityChannelFactory <IRequestChannel>(property, this.IssuerBindingContext, channelBuilder, protocolFactory, factory3);

            if ((element != null) && (factory5.SecurityProtocolFactory != null))
            {
                factory5.SecurityProtocolFactory.ExtendedProtectionPolicy = element.GetProperty <ExtendedProtectionPolicy>(issuerBindingContext);
            }
            this.rstChannelFactory = factory5;
            this.messageVersion    = factory5.MessageVersion;
        }
        void InitializeFactories()
        {
            ISecurityCapabilities      securityCapabilities = this.BootstrapSecurityBindingElement.GetProperty <ISecurityCapabilities>(this.IssuerBindingContext);
            SecurityCredentialsManager securityCredentials  = this.IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>();

            if (securityCredentials == null)
            {
                securityCredentials = ClientCredentials.CreateDefaultCredentials();
            }
            BindingContext context = this.IssuerBindingContext;

            this.bootstrapSecurityBindingElement.ReaderQuotas = context.GetInnerProperty <XmlDictionaryReaderQuotas>();
            if (this.bootstrapSecurityBindingElement.ReaderQuotas == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.EncodingBindingElementDoesNotHandleReaderQuotas)));
            }
            TransportBindingElement transportBindingElement = context.RemainingBindingElements.Find <TransportBindingElement>();

            if (transportBindingElement != null)
            {
                this.bootstrapSecurityBindingElement.MaxReceivedMessageSize = transportBindingElement.MaxReceivedMessageSize;
            }

            SecurityProtocolFactory securityProtocolFactory = this.BootstrapSecurityBindingElement.CreateSecurityProtocolFactory <IRequestChannel>(this.IssuerBindingContext.Clone(), securityCredentials, false, this.IssuerBindingContext.Clone());

            if (securityProtocolFactory is MessageSecurityProtocolFactory)
            {
                MessageSecurityProtocolFactory soapBindingFactory = securityProtocolFactory as MessageSecurityProtocolFactory;
                soapBindingFactory.ApplyConfidentiality             = soapBindingFactory.ApplyIntegrity
                                                                    = soapBindingFactory.RequireConfidentiality = soapBindingFactory.RequireIntegrity = true;

                soapBindingFactory.ProtectionRequirements.IncomingSignatureParts.ChannelParts.IsBodyIncluded = true;
                soapBindingFactory.ProtectionRequirements.OutgoingSignatureParts.ChannelParts.IsBodyIncluded = true;

                MessagePartSpecification bodyPart = new MessagePartSpecification(true);
                soapBindingFactory.ProtectionRequirements.IncomingSignatureParts.AddParts(bodyPart, IssueAction);
                soapBindingFactory.ProtectionRequirements.IncomingEncryptionParts.AddParts(bodyPart, IssueAction);
                soapBindingFactory.ProtectionRequirements.IncomingSignatureParts.AddParts(bodyPart, RenewAction);
                soapBindingFactory.ProtectionRequirements.IncomingEncryptionParts.AddParts(bodyPart, RenewAction);

                soapBindingFactory.ProtectionRequirements.OutgoingSignatureParts.AddParts(bodyPart, IssueResponseAction);
                soapBindingFactory.ProtectionRequirements.OutgoingEncryptionParts.AddParts(bodyPart, IssueResponseAction);
                soapBindingFactory.ProtectionRequirements.OutgoingSignatureParts.AddParts(bodyPart, RenewResponseAction);
                soapBindingFactory.ProtectionRequirements.OutgoingEncryptionParts.AddParts(bodyPart, RenewResponseAction);
            }
            securityProtocolFactory.PrivacyNoticeUri     = this.PrivacyNoticeUri;
            securityProtocolFactory.PrivacyNoticeVersion = this.privacyNoticeVersion;
            if (this.localAddress != null)
            {
                MessageFilter issueAndRenewFilter = new SessionActionFilter(this.standardsManager, this.IssueResponseAction.Value, this.RenewResponseAction.Value);
                context.BindingParameters.Add(new LocalAddressProvider(localAddress, issueAndRenewFilter));
            }
            ChannelBuilder channelBuilder = new ChannelBuilder(context, true);
            IChannelFactory <IRequestChannel> innerChannelFactory;

            // if the underlying transport does not support request/reply, wrap it inside
            // a service channel factory.
            if (channelBuilder.CanBuildChannelFactory <IRequestChannel>())
            {
                innerChannelFactory           = channelBuilder.BuildChannelFactory <IRequestChannel>();
                requiresManualReplyAddressing = true;
            }
            else
            {
                ClientRuntime clientRuntime = new ClientRuntime("RequestSecuritySession", NamingHelper.DefaultNamespace);
                clientRuntime.UseSynchronizationContext    = false;
                clientRuntime.AddTransactionFlowProperties = false;
                clientRuntime.ValidateMustUnderstand       = false;
                ServiceChannelFactory serviceChannelFactory = ServiceChannelFactory.BuildChannelFactory(channelBuilder, clientRuntime);

                ClientOperation issueOperation = new ClientOperation(serviceChannelFactory.ClientRuntime, "Issue", IssueAction.Value);
                issueOperation.Formatter = operationFormatter;
                serviceChannelFactory.ClientRuntime.Operations.Add(issueOperation);

                ClientOperation renewOperation = new ClientOperation(serviceChannelFactory.ClientRuntime, "Renew", RenewAction.Value);
                renewOperation.Formatter = operationFormatter;
                serviceChannelFactory.ClientRuntime.Operations.Add(renewOperation);
                innerChannelFactory           = new RequestChannelFactory(serviceChannelFactory);
                requiresManualReplyAddressing = false;
            }

            SecurityChannelFactory <IRequestChannel> securityChannelFactory = new SecurityChannelFactory <IRequestChannel>(
                securityCapabilities, this.IssuerBindingContext, channelBuilder, securityProtocolFactory, innerChannelFactory);

            // attach the ExtendedProtectionPolicy to the securityProtcolFactory so it will be
            // available when building the channel.
            if (transportBindingElement != null)
            {
                if (securityChannelFactory.SecurityProtocolFactory != null)
                {
                    securityChannelFactory.SecurityProtocolFactory.ExtendedProtectionPolicy = transportBindingElement.GetProperty <ExtendedProtectionPolicy>(context);
                }
            }

            this.rstChannelFactory = securityChannelFactory;
            this.messageVersion    = securityChannelFactory.MessageVersion;
        }