void AppendNegotiationMessageXml(XmlReader reader, TlsServerSessionInfo tlsInfo)
{
XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform();
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
reader.MoveToContent();
doc.AppendChild(doc.ReadNode(reader));
t.LoadInput(doc);
MemoryStream stream = (MemoryStream)t.GetOutput();
byte [] bytes = stream.ToArray();
tlsInfo.Messages.Write(bytes, 0, bytes.Length);
}
// FIXME: use timeout
Message ProcessClientHello(Message request, TimeSpan timeout)
{
// FIXME: use correct buffer size
MessageBuffer buffer = request.CreateBufferedCopy(0x10000);
WSTrustRequestSecurityTokenReader reader =
new WSTrustRequestSecurityTokenReader(buffer.CreateMessage().GetReaderAtBodyContents(), SecurityTokenSerializer);
reader.Read();
if (sessions.ContainsKey(reader.Value.Context))
{
throw new SecurityNegotiationException(String.Format("The context '{0}' already exists in this SSL negotiation manager", reader.Value.Context));
}
// FIXME: it seems .NET retrieves X509 Certificate through CreateSecurityTokenProvider(somex509requirement).GetToken().SecurityKeys[0]
// (should result in X509AsymmetricSecurityKey) and continues tlsstart.
// That's not very required feature so I ignore it.
TlsServerSession tls = new TlsServerSession(owner.Manager.ServiceCredentials.ServiceCertificate.Certificate, owner.IsMutual);
TlsServerSessionInfo tlsInfo = new TlsServerSessionInfo(
reader.Value.Context, tls);
AppendNegotiationMessageXml(buffer.CreateMessage().GetReaderAtBodyContents(), tlsInfo);
tls.ProcessClientHello(reader.Value.BinaryExchange.Value);
WstRequestSecurityTokenResponse rstr =
new WstRequestSecurityTokenResponse(SecurityTokenSerializer);
rstr.Context = reader.Value.Context;
rstr.BinaryExchange = new WstBinaryExchange(Constants.WstBinaryExchangeValueTls);
rstr.BinaryExchange.Value = tls.ProcessServerHello();
Message reply = Message.CreateMessage(request.Version, Constants.WstIssueReplyAction, rstr);
reply.Headers.RelatesTo = request.Headers.MessageId;
// FIXME: use correct buffer size
buffer = reply.CreateBufferedCopy(0x10000);
AppendNegotiationMessageXml(buffer.CreateMessage().GetReaderAtBodyContents(), tlsInfo);
sessions [reader.Value.Context] = tlsInfo;
return(buffer.CreateMessage());
}
Message ProcessClientHello(Message request)
{
// FIXME: use correct buffer size
MessageBuffer buffer = request.CreateBufferedCopy(0x10000);
WSTrustRequestSecurityTokenReader reader =
new WSTrustRequestSecurityTokenReader(buffer.CreateMessage().GetReaderAtBodyContents(), SecurityTokenSerializer);
reader.Read();
if (sessions.ContainsKey(reader.Value.Context))
{
throw new SecurityNegotiationException(String.Format("The context '{0}' already exists in this SSL negotiation manager", reader.Value.Context));
}
TlsServerSession tls = new TlsServerSession(owner.Manager.ServiceCredentials.ServiceCertificate.Certificate, owner.IsMutual);
TlsServerSessionInfo tlsInfo = new TlsServerSessionInfo(
reader.Value.Context, tls);
AppendNegotiationMessageXml(buffer.CreateMessage().GetReaderAtBodyContents(), tlsInfo);
tls.ProcessClientHello(reader.Value.BinaryExchange.Value);
WstRequestSecurityTokenResponse rstr =
new WstRequestSecurityTokenResponse(SecurityTokenSerializer);
rstr.Context = reader.Value.Context;
rstr.BinaryExchange = new WstBinaryExchange(Constants.WstBinaryExchangeValueTls);
rstr.BinaryExchange.Value = tls.ProcessServerHello();
Message reply = Message.CreateMessage(request.Version, Constants.WstIssueReplyAction, rstr);
reply.Headers.RelatesTo = request.Headers.MessageId;
// FIXME: use correct buffer size
buffer = reply.CreateBufferedCopy(0x10000);
AppendNegotiationMessageXml(buffer.CreateMessage().GetReaderAtBodyContents(), tlsInfo);
sessions [reader.Value.Context] = tlsInfo;
return(buffer.CreateMessage());
}
Message ProcessClientHello (Message request)
{
// FIXME: use correct buffer size
MessageBuffer buffer = request.CreateBufferedCopy (0x10000);
WSTrustRequestSecurityTokenReader reader =
new WSTrustRequestSecurityTokenReader (buffer.CreateMessage ().GetReaderAtBodyContents (), SecurityTokenSerializer);
reader.Read ();
if (sessions.ContainsKey (reader.Value.Context))
throw new SecurityNegotiationException (String.Format ("The context '{0}' already exists in this SSL negotiation manager", reader.Value.Context));
TlsServerSession tls = new TlsServerSession (owner.Manager.ServiceCredentials.ServiceCertificate.Certificate, owner.IsMutual);
TlsServerSessionInfo tlsInfo = new TlsServerSessionInfo (
reader.Value.Context, tls);
AppendNegotiationMessageXml (buffer.CreateMessage ().GetReaderAtBodyContents (), tlsInfo);
tls.ProcessClientHello (reader.Value.BinaryExchange.Value);
WstRequestSecurityTokenResponse rstr =
new WstRequestSecurityTokenResponse (SecurityTokenSerializer);
rstr.Context = reader.Value.Context;
rstr.BinaryExchange = new WstBinaryExchange (Constants.WstBinaryExchangeValueTls);
rstr.BinaryExchange.Value = tls.ProcessServerHello ();
Message reply = Message.CreateMessage (request.Version, Constants.WstIssueReplyAction, rstr);
reply.Headers.RelatesTo = request.Headers.MessageId;
// FIXME: use correct buffer size
buffer = reply.CreateBufferedCopy (0x10000);
AppendNegotiationMessageXml (buffer.CreateMessage ().GetReaderAtBodyContents (), tlsInfo);
sessions [reader.Value.Context] = tlsInfo;
return buffer.CreateMessage ();
}
void AppendNegotiationMessageXml (XmlReader reader, TlsServerSessionInfo tlsInfo)
{
XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform ();
XmlDocument doc = new XmlDocument ();
doc.PreserveWhitespace = true;
reader.MoveToContent ();
doc.AppendChild (doc.ReadNode (reader));
t.LoadInput (doc);
MemoryStream stream = (MemoryStream) t.GetOutput ();
byte [] bytes = stream.ToArray ();
tlsInfo.Messages.Write (bytes, 0, bytes.Length);
}
// FIXME: use timeout
Message ProcessClientHello (Message request, TimeSpan timeout)
{
// FIXME: use correct buffer size
MessageBuffer buffer = request.CreateBufferedCopy (0x10000);
WSTrustRequestSecurityTokenReader reader =
new WSTrustRequestSecurityTokenReader (buffer.CreateMessage ().GetReaderAtBodyContents (), SecurityTokenSerializer);
reader.Read ();
if (sessions.ContainsKey (reader.Value.Context))
throw new SecurityNegotiationException (String.Format ("The context '{0}' already exists in this SSL negotiation manager", reader.Value.Context));
// FIXME: it seems .NET retrieves X509 Certificate through CreateSecurityTokenProvider(somex509requirement).GetToken().SecurityKeys[0]
// (should result in X509AsymmetricSecurityKey) and continues tlsstart.
// That's not very required feature so I ignore it.
TlsServerSession tls = new TlsServerSession (owner.Manager.ServiceCredentials.ServiceCertificate.Certificate, owner.IsMutual);
TlsServerSessionInfo tlsInfo = new TlsServerSessionInfo (
reader.Value.Context, tls);
AppendNegotiationMessageXml (buffer.CreateMessage ().GetReaderAtBodyContents (), tlsInfo);
tls.ProcessClientHello (reader.Value.BinaryExchange.Value);
WstRequestSecurityTokenResponse rstr =
new WstRequestSecurityTokenResponse (SecurityTokenSerializer);
rstr.Context = reader.Value.Context;
rstr.BinaryExchange = new WstBinaryExchange (Constants.WstBinaryExchangeValueTls);
rstr.BinaryExchange.Value = tls.ProcessServerHello ();
Message reply = Message.CreateMessage (request.Version, Constants.WstIssueReplyAction, rstr);
reply.Headers.RelatesTo = request.Headers.MessageId;
// FIXME: use correct buffer size
buffer = reply.CreateBufferedCopy (0x10000);
AppendNegotiationMessageXml (buffer.CreateMessage ().GetReaderAtBodyContents (), tlsInfo);
sessions [reader.Value.Context] = tlsInfo;
return buffer.CreateMessage ();
}
