static void GetTokensCallback(IAsyncResult result)
{
if (result.CompletedSynchronously)
{
return;
}
CreateSspiStateAsyncResult typedResult = (CreateSspiStateAsyncResult)result.AsyncState;
try
{
SecurityToken token = typedResult.tlsTokenProvider.ClientTokenProvider.EndGetToken(result);
X509SecurityToken clientToken = TlsnegoTokenProvider.ValidateToken(token);
typedResult.sspiState = typedResult.tlsTokenProvider.CreateTlsSspiState(clientToken);
typedResult.Complete(false);
}
catch (Exception e)
{
if (Fx.IsFatal(e))
{
throw;
}
typedResult.Complete(false, e);
}
}
public CreateSspiStateAsyncResult(EndpointAddress target, Uri via, TlsnegoTokenProvider tlsTokenProvider, TimeSpan timeout, AsyncCallback callback, object state) : base(callback, state)
{
this.tlsTokenProvider = tlsTokenProvider;
IAsyncResult result = this.tlsTokenProvider.ClientTokenProvider.BeginGetToken(timeout, getTokensCallback, this);
if (result.CompletedSynchronously)
{
X509SecurityToken token = TlsnegoTokenProvider.ValidateToken(this.tlsTokenProvider.ClientTokenProvider.EndGetToken(result));
this.sspiState = this.tlsTokenProvider.CreateTlsSspiState(token);
base.Complete(true);
}
}
private static void GetTokensCallback(IAsyncResult result)
{
if (!result.CompletedSynchronously)
{
TlsnegoTokenProvider.CreateSspiStateAsyncResult asyncState = (TlsnegoTokenProvider.CreateSspiStateAsyncResult)result.AsyncState;
try
{
X509SecurityToken token = TlsnegoTokenProvider.ValidateToken(asyncState.tlsTokenProvider.ClientTokenProvider.EndGetToken(result));
asyncState.sspiState = asyncState.tlsTokenProvider.CreateTlsSspiState(token);
asyncState.Complete(false);
}
catch (Exception exception)
{
if (Fx.IsFatal(exception))
{
throw;
}
asyncState.Complete(false, exception);
}
}
}
public CreateSspiStateAsyncResult(EndpointAddress target, Uri via, TlsnegoTokenProvider tlsTokenProvider, TimeSpan timeout, AsyncCallback callback, object state)
: base(callback, state)
{
this.tlsTokenProvider = tlsTokenProvider;
IAsyncResult result = this.tlsTokenProvider.ClientTokenProvider.BeginGetToken(timeout, getTokensCallback, this);
if (!result.CompletedSynchronously)
{
return;
}
SecurityToken token = this.tlsTokenProvider.ClientTokenProvider.EndGetToken(result);
X509SecurityToken clientToken = ValidateToken(token);
this.sspiState = this.tlsTokenProvider.CreateTlsSspiState(clientToken);
base.Complete(true);
}
SecurityTokenProvider CreateTlsnegoTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement, bool requireClientCertificate)
{
EndpointAddress targetAddress = initiatorRequirement.TargetAddress;
if (targetAddress == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenRequirementDoesNotSpecifyTargetAddress, initiatorRequirement));
}
SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement;
if (securityBindingElement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenProviderRequiresSecurityBindingElement, initiatorRequirement));
}
SspiIssuanceChannelParameter sspiChannelParameter = GetSspiIssuanceChannelParameter(initiatorRequirement);
bool negotiateTokenOnOpen = sspiChannelParameter != null && sspiChannelParameter.GetTokenOnOpen;
LocalClientSecuritySettings localClientSettings = securityBindingElement.LocalClientSettings;
BindingContext issuerBindingContext = initiatorRequirement.GetProperty<BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty);
TlsnegoTokenProvider tlsnegoTokenProvider = new TlsnegoTokenProvider();
tlsnegoTokenProvider.IssuerAddress = initiatorRequirement.IssuerAddress;
tlsnegoTokenProvider.NegotiateTokenOnOpen = negotiateTokenOnOpen;
tlsnegoTokenProvider.CacheServiceTokens = negotiateTokenOnOpen || localClientSettings.CacheCookies;
if (requireClientCertificate)
{
tlsnegoTokenProvider.ClientTokenProvider = this.CreateTlsnegoClientX509TokenProvider(initiatorRequirement);
}
tlsnegoTokenProvider.IssuerBindingContext = issuerBindingContext;
tlsnegoTokenProvider.ApplicationProtectionRequirements = (issuerBindingContext != null) ? issuerBindingContext.BindingParameters.Find<ChannelProtectionRequirements>() : null;
tlsnegoTokenProvider.MaxServiceTokenCachingTime = localClientSettings.MaxCookieCachingTime;
tlsnegoTokenProvider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite;
tlsnegoTokenProvider.ServerTokenAuthenticator = this.CreateTlsnegoServerX509TokenAuthenticator(initiatorRequirement);
tlsnegoTokenProvider.ServiceTokenValidityThresholdPercentage = localClientSettings.CookieRenewalThresholdPercentage;
tlsnegoTokenProvider.StandardsManager = SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this);
tlsnegoTokenProvider.TargetAddress = initiatorRequirement.TargetAddress;
tlsnegoTokenProvider.Via = initiatorRequirement.GetPropertyOrDefault<Uri>(InitiatorServiceModelSecurityTokenRequirement.ViaProperty, null);
return tlsnegoTokenProvider;
}
private SecurityTokenProvider CreateTlsnegoTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement, bool requireClientCertificate)
{
if (initiatorRequirement.TargetAddress == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenRequirementDoesNotSpecifyTargetAddress", new object[] { initiatorRequirement }));
}
SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement;
if (securityBindingElement == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenProviderRequiresSecurityBindingElement", new object[] { initiatorRequirement }));
}
SspiIssuanceChannelParameter sspiIssuanceChannelParameter = this.GetSspiIssuanceChannelParameter(initiatorRequirement);
bool flag = (sspiIssuanceChannelParameter != null) && sspiIssuanceChannelParameter.GetTokenOnOpen;
LocalClientSecuritySettings localClientSettings = securityBindingElement.LocalClientSettings;
BindingContext property = initiatorRequirement.GetProperty<BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty);
TlsnegoTokenProvider provider = new TlsnegoTokenProvider {
IssuerAddress = initiatorRequirement.IssuerAddress,
NegotiateTokenOnOpen = flag,
CacheServiceTokens = flag || localClientSettings.CacheCookies
};
if (requireClientCertificate)
{
provider.ClientTokenProvider = this.CreateTlsnegoClientX509TokenProvider(initiatorRequirement);
}
provider.IssuerBindingContext = property;
provider.ApplicationProtectionRequirements = (property != null) ? property.BindingParameters.Find<ChannelProtectionRequirements>() : null;
provider.MaxServiceTokenCachingTime = localClientSettings.MaxCookieCachingTime;
provider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite;
provider.ServerTokenAuthenticator = this.CreateTlsnegoServerX509TokenAuthenticator(initiatorRequirement);
provider.ServiceTokenValidityThresholdPercentage = localClientSettings.CookieRenewalThresholdPercentage;
provider.StandardsManager = System.ServiceModel.Security.SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this);
provider.TargetAddress = initiatorRequirement.TargetAddress;
provider.Via = initiatorRequirement.GetPropertyOrDefault<Uri>(ServiceModelSecurityTokenRequirement.ViaProperty, null);
return provider;
}
