internal override SecurityProtocolFactory CreateSecurityProtocolFactory <TChannel>(BindingContext context, SecurityCredentialsManager credentialsManager, bool isForService, BindingContext issuerBindingContext)
{
if (context == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
}
if (credentialsManager == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("credentialsManager");
}
if (this.InitiatorTokenParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.AsymmetricSecurityBindingElementNeedsInitiatorTokenParameters, this.ToString())));
}
if (this.RecipientTokenParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.AsymmetricSecurityBindingElementNeedsRecipientTokenParameters, this.ToString())));
}
bool isDuplexSecurity = !this.isCertificateSignatureBinding && (typeof(IDuplexChannel) == typeof(TChannel) || typeof(IDuplexSessionChannel) == typeof(TChannel));
SecurityProtocolFactory protocolFactory;
AsymmetricSecurityProtocolFactory forward = new AsymmetricSecurityProtocolFactory();
forward.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, isForService));
forward.RequireConfidentiality = this.HasProtectionRequirements(forward.ProtectionRequirements.IncomingEncryptionParts);
forward.RequireIntegrity = this.HasProtectionRequirements(forward.ProtectionRequirements.IncomingSignatureParts);
if (this.isCertificateSignatureBinding)
{
if (isForService)
{
forward.ApplyIntegrity = forward.ApplyConfidentiality = false;
}
else
{
forward.ApplyConfidentiality = forward.RequireIntegrity = false;
}
}
else
{
forward.ApplyIntegrity = this.HasProtectionRequirements(forward.ProtectionRequirements.OutgoingSignatureParts);
forward.ApplyConfidentiality = this.HasProtectionRequirements(forward.ProtectionRequirements.OutgoingEncryptionParts);
}
if (isForService)
{
base.ApplyAuditBehaviorSettings(context, forward);
if (forward.RequireConfidentiality || (!this.isCertificateSignatureBinding && forward.ApplyIntegrity))
{
forward.AsymmetricTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone();
}
else
{
forward.AsymmetricTokenParameters = null;
}
forward.CryptoTokenParameters = this.InitiatorTokenParameters.Clone();
SetIssuerBindingContextIfRequired(forward.CryptoTokenParameters, issuerBindingContext);
}
else
{
if (forward.ApplyConfidentiality || (!this.isCertificateSignatureBinding && forward.RequireIntegrity))
{
forward.AsymmetricTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone();
}
else
{
forward.AsymmetricTokenParameters = null;
}
forward.CryptoTokenParameters = this.InitiatorTokenParameters.Clone();
SetIssuerBindingContextIfRequired(forward.CryptoTokenParameters, issuerBindingContext);
}
if (isDuplexSecurity)
{
if (isForService)
{
forward.ApplyConfidentiality = forward.ApplyIntegrity = false;
}
else
{
forward.RequireIntegrity = forward.RequireConfidentiality = false;
}
}
else
{
if (!isForService)
{
forward.AllowSerializedSigningTokenOnReply = this.AllowSerializedSigningTokenOnReply;
}
}
forward.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
forward.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
forward.MessageProtectionOrder = this.MessageProtectionOrder;
base.ConfigureProtocolFactory(forward, credentialsManager, isForService, issuerBindingContext, context.Binding);
if (!forward.RequireIntegrity)
{
forward.DetectReplays = false;
}
if (isDuplexSecurity)
{
AsymmetricSecurityProtocolFactory reverse = new AsymmetricSecurityProtocolFactory();
if (isForService)
{
reverse.AsymmetricTokenParameters = this.InitiatorTokenParameters.Clone();
reverse.AsymmetricTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External;
reverse.AsymmetricTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never;
reverse.CryptoTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone();
reverse.CryptoTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
reverse.CryptoTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
reverse.IdentityVerifier = null;
}
else
{
reverse.AsymmetricTokenParameters = this.InitiatorTokenParameters.Clone();
reverse.AsymmetricTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External;
reverse.AsymmetricTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never;
reverse.CryptoTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone();
reverse.CryptoTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
reverse.CryptoTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
reverse.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
}
reverse.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
reverse.MessageProtectionOrder = this.MessageProtectionOrder;
reverse.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, isForService));
if (isForService)
{
reverse.ApplyConfidentiality = this.HasProtectionRequirements(reverse.ProtectionRequirements.OutgoingEncryptionParts);
reverse.ApplyIntegrity = true;
reverse.RequireIntegrity = reverse.RequireConfidentiality = false;
}
else
{
reverse.RequireConfidentiality = this.HasProtectionRequirements(reverse.ProtectionRequirements.IncomingEncryptionParts);
reverse.RequireIntegrity = true;
reverse.ApplyIntegrity = reverse.ApplyConfidentiality = false;
}
base.ConfigureProtocolFactory(reverse, credentialsManager, !isForService, issuerBindingContext, context.Binding);
if (!reverse.RequireIntegrity)
{
reverse.DetectReplays = false;
}
// setup reverse here
reverse.IsDuplexReply = true;
DuplexSecurityProtocolFactory duplex = new DuplexSecurityProtocolFactory();
duplex.ForwardProtocolFactory = forward;
duplex.ReverseProtocolFactory = reverse;
protocolFactory = duplex;
}
else
{
protocolFactory = forward;
}
return(protocolFactory);
}
void CreateSecurityProtocolFactory()
{
SecurityProtocolFactory incomingProtocolFactory;
SecurityProtocolFactory outgoingProtocolFactory;
ChannelProtectionRequirements protectionRequirements;
lock (ThisLock)
{
if (null != securityProtocolFactory)
{
return;
}
TimeoutHelper timeoutHelper = new TimeoutHelper(ServiceDefaults.SendTimeout);
if (!enableSigning)
{
outgoingProtocolFactory = new PeerDoNothingSecurityProtocolFactory();
incomingProtocolFactory = new PeerDoNothingSecurityProtocolFactory();
}
else
{
X509Certificate2 cert = credManager.Certificate;
if (cert != null)
{
SecurityBindingElement securityBindingElement = SecurityBindingElement.CreateCertificateSignatureBindingElement();
securityBindingElement.ReaderQuotas = this.readerQuotas;
BindingParameterCollection bpc = new BindingParameterCollection();
if (protection == null)
{
protectionRequirements = new ChannelProtectionRequirements();
}
else
{
protectionRequirements = new ChannelProtectionRequirements(protection);
}
ApplySigningRequirements(protectionRequirements.IncomingSignatureParts);
ApplySigningRequirements(protectionRequirements.OutgoingSignatureParts);
bpc.Add(protectionRequirements);
bpc.Add(this.auditBehavior);
bpc.Add(credManager);
BindingContext context = new BindingContext(new CustomBinding(securityBindingElement), bpc);
outgoingProtocolFactory = securityBindingElement.CreateSecurityProtocolFactory <IOutputChannel>(context, credManager, false, null);
}
else
{
outgoingProtocolFactory = new PeerDoNothingSecurityProtocolFactory();
}
SecurityTokenResolver resolver;
X509SecurityTokenAuthenticator auth = tokenManager.CreateSecurityTokenAuthenticator(PeerSecurityCredentialsManager.PeerClientSecurityTokenManager.CreateRequirement(SecurityTokenTypes.X509Certificate, true), out resolver) as X509SecurityTokenAuthenticator;
if (auth != null)
{
SecurityBindingElement securityBindingElement = SecurityBindingElement.CreateCertificateSignatureBindingElement();
securityBindingElement.ReaderQuotas = this.readerQuotas;
BindingParameterCollection bpc = new BindingParameterCollection();
if (protection == null)
{
protectionRequirements = new ChannelProtectionRequirements();
}
else
{
protectionRequirements = new ChannelProtectionRequirements(protection);
}
ApplySigningRequirements(protectionRequirements.IncomingSignatureParts);
ApplySigningRequirements(protectionRequirements.OutgoingSignatureParts);
bpc.Add(protectionRequirements);
bpc.Add(this.auditBehavior);
bpc.Add(credManager);
BindingContext context = new BindingContext(new CustomBinding(securityBindingElement), bpc);
incomingProtocolFactory = securityBindingElement.CreateSecurityProtocolFactory <IOutputChannel>(context, credManager, true, null);
}
else
{
incomingProtocolFactory = new PeerDoNothingSecurityProtocolFactory();
}
}
DuplexSecurityProtocolFactory tempFactory = new DuplexSecurityProtocolFactory(outgoingProtocolFactory, incomingProtocolFactory);
tempFactory.Open(true, timeoutHelper.RemainingTime());
securityProtocolFactory = tempFactory;
}
}
private void CreateSecurityProtocolFactory()
{
lock (this.ThisLock)
{
if (this.securityProtocolFactory == null)
{
SecurityProtocolFactory factory;
SecurityProtocolFactory factory2;
TimeoutHelper helper = new TimeoutHelper(ServiceDefaults.SendTimeout);
if (!this.enableSigning)
{
factory2 = new PeerDoNothingSecurityProtocolFactory();
factory = new PeerDoNothingSecurityProtocolFactory();
}
else
{
ChannelProtectionRequirements requirements;
SecurityTokenResolver resolver;
if (this.credManager.Certificate != null)
{
SecurityBindingElement element = SecurityBindingElement.CreateCertificateSignatureBindingElement();
element.ReaderQuotas = this.readerQuotas;
BindingParameterCollection parameters = new BindingParameterCollection();
if (this.protection == null)
{
requirements = new ChannelProtectionRequirements();
}
else
{
requirements = new ChannelProtectionRequirements(this.protection);
}
this.ApplySigningRequirements(requirements.IncomingSignatureParts);
this.ApplySigningRequirements(requirements.OutgoingSignatureParts);
parameters.Add(requirements);
parameters.Add(this.auditBehavior);
parameters.Add(this.credManager);
BindingContext context = new BindingContext(new CustomBinding(new BindingElement[] { element }), parameters);
factory2 = element.CreateSecurityProtocolFactory <IOutputChannel>(context, this.credManager, false, null);
}
else
{
factory2 = new PeerDoNothingSecurityProtocolFactory();
}
if (this.tokenManager.CreateSecurityTokenAuthenticator(PeerSecurityCredentialsManager.PeerClientSecurityTokenManager.CreateRequirement(SecurityTokenTypes.X509Certificate, true), out resolver) is X509SecurityTokenAuthenticator)
{
SecurityBindingElement element2 = SecurityBindingElement.CreateCertificateSignatureBindingElement();
element2.ReaderQuotas = this.readerQuotas;
BindingParameterCollection parameters2 = new BindingParameterCollection();
if (this.protection == null)
{
requirements = new ChannelProtectionRequirements();
}
else
{
requirements = new ChannelProtectionRequirements(this.protection);
}
this.ApplySigningRequirements(requirements.IncomingSignatureParts);
this.ApplySigningRequirements(requirements.OutgoingSignatureParts);
parameters2.Add(requirements);
parameters2.Add(this.auditBehavior);
parameters2.Add(this.credManager);
BindingContext context2 = new BindingContext(new CustomBinding(new BindingElement[] { element2 }), parameters2);
factory = element2.CreateSecurityProtocolFactory <IOutputChannel>(context2, this.credManager, true, null);
}
else
{
factory = new PeerDoNothingSecurityProtocolFactory();
}
}
DuplexSecurityProtocolFactory factory3 = new DuplexSecurityProtocolFactory(factory2, factory);
factory3.Open(true, helper.RemainingTime());
this.securityProtocolFactory = factory3;
}
}
}
