internal override SecurityProtocolFactory CreateSecurityProtocolFactory <TChannel>(BindingContext context, SecurityCredentialsManager credentialsManager, bool isForService, BindingContext issuerBindingContext)
{
if (context == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(context));
}
if (credentialsManager == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(credentialsManager));
}
TransportSecurityProtocolFactory protocolFactory = new TransportSecurityProtocolFactory();
base.ConfigureProtocolFactory(protocolFactory, credentialsManager, isForService, issuerBindingContext, context.Binding);
protocolFactory.DetectReplays = false;
return(protocolFactory);
}
internal override SecurityProtocolFactory CreateSecurityProtocolFactory <TChannel>(BindingContext context, SecurityCredentialsManager credentialsManager, bool isForService, BindingContext issuerBindingContext)
{
if (context == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
}
if (credentialsManager == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("credentialsManager");
}
TransportSecurityProtocolFactory factory = new TransportSecurityProtocolFactory();
if (isForService)
{
base.ApplyAuditBehaviorSettings(context, factory);
}
base.ConfigureProtocolFactory(factory, credentialsManager, isForService, issuerBindingContext, context.Binding);
factory.DetectReplays = false;
return(factory);
}
internal override SecurityProtocolFactory CreateSecurityProtocolFactory <TChannel>(BindingContext context, SecurityCredentialsManager credentialsManager, bool isForService, BindingContext issuerBindingContext)
{
if (context == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
}
if (credentialsManager == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("credentialsManager");
}
#if FEATURE_CORECLR
throw new NotImplementedException("TransportSecurityProtocolFactory not supported in .NET Core");
#else
TransportSecurityProtocolFactory securityProtocolFactory = new TransportSecurityProtocolFactory();
if (isForService)
{
this.ApplyAuditBehaviorSettings(context, (SecurityProtocolFactory)securityProtocolFactory);
}
this.ConfigureProtocolFactory((SecurityProtocolFactory)securityProtocolFactory, credentialsManager, isForService, issuerBindingContext, (Binding)context.Binding);
securityProtocolFactory.DetectReplays = false;
return((SecurityProtocolFactory)securityProtocolFactory);
#endif
}
protected override IServiceDispatcher BuildServiceDispatcherCore <TChannel>(BindingContext context, IServiceDispatcher serviceDispatcher)
{
SecurityServiceDispatcher securityServiceDispatcher = new SecurityServiceDispatcher(context, serviceDispatcher);
SecurityCredentialsManager credentialsManager = serviceDispatcher.Host.Description.Behaviors.Find <SecurityCredentialsManager>();
if (credentialsManager == null)
{
credentialsManager = ServiceCredentials.CreateDefaultCredentials();
}
SecureConversationSecurityTokenParameters scParameters;
if (EndpointSupportingTokenParameters.Endorsing.Count > 0)
{
scParameters = EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters;
}
else
{
scParameters = null;
}
bool requireDemuxer = RequiresChannelDemuxer();
ChannelBuilder channelBuilder = new ChannelBuilder(context, requireDemuxer);
if (requireDemuxer)
{
ApplyPropertiesOnDemuxer(channelBuilder, context);
}
BindingContext issuerBindingContext = context.Clone();
issuerBindingContext.BindingParameters.Add(credentialsManager);
if (scParameters != null)
{
if (scParameters.BootstrapSecurityBindingElement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.SecureConversationSecurityTokenParametersRequireBootstrapBinding)));
}
AddDemuxerForSecureConversation(channelBuilder, issuerBindingContext);
if (scParameters.RequireCancellation)
{
SessionSymmetricTransportSecurityProtocolFactory sessionFactory = new SessionSymmetricTransportSecurityProtocolFactory
{
// base.ApplyAuditBehaviorSettings(context, sessionFactory);
SecurityTokenParameters = scParameters.Clone()
};
((SecureConversationSecurityTokenParameters)sessionFactory.SecurityTokenParameters).IssuerBindingContext = issuerBindingContext;
EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
try
{
ConfigureProtocolFactory(sessionFactory, credentialsManager, true, issuerBindingContext, context.Binding);
}
finally
{
EndpointSupportingTokenParameters.Endorsing.Insert(0, scParameters);
}
securityServiceDispatcher.SessionMode = true;
securityServiceDispatcher.SessionServerSettings.InactivityTimeout = LocalServiceSettings.InactivityTimeout;
securityServiceDispatcher.SessionServerSettings.KeyRolloverInterval = LocalServiceSettings.SessionKeyRolloverInterval;
securityServiceDispatcher.SessionServerSettings.MaximumPendingSessions = LocalServiceSettings.MaxPendingSessions;
securityServiceDispatcher.SessionServerSettings.MaximumKeyRenewalInterval = LocalServiceSettings.SessionKeyRenewalInterval;
securityServiceDispatcher.SessionServerSettings.TolerateTransportFailures = LocalServiceSettings.ReconnectTransportOnFailure;
securityServiceDispatcher.SessionServerSettings.CanRenewSession = scParameters.CanRenewSession;
securityServiceDispatcher.SessionServerSettings.IssuedSecurityTokenParameters = scParameters.Clone();
((SecureConversationSecurityTokenParameters)securityServiceDispatcher.SessionServerSettings.IssuedSecurityTokenParameters).IssuerBindingContext = issuerBindingContext;
securityServiceDispatcher.SessionServerSettings.SecurityStandardsManager = sessionFactory.StandardsManager;
securityServiceDispatcher.SessionServerSettings.SessionProtocolFactory = sessionFactory;
securityServiceDispatcher.SecurityProtocolFactory = sessionFactory;
// pass in the error handler for handling unknown security sessions - dont do this if the underlying channel is duplex since sending
// back faults in response to badly secured requests over duplex can result in DoS.
if (context.BindingParameters != null && context.BindingParameters.Find <IChannelDemuxFailureHandler>() == null &&
!IsUnderlyingDispatcherDuplex <TChannel>(context))
{
context.BindingParameters.Add(new SecuritySessionServerSettings.SecuritySessionDemuxFailureHandler(sessionFactory.StandardsManager));
}
}
else
{
//TODO later
TransportSecurityProtocolFactory protocolFactory = new TransportSecurityProtocolFactory();
// base.ApplyAuditBehaviorSettings(context, protocolFactory);
EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
try
{
ConfigureProtocolFactory(protocolFactory, credentialsManager, true, issuerBindingContext, context.Binding);
SecureConversationSecurityTokenParameters acceleratedTokenParameters = (SecureConversationSecurityTokenParameters)scParameters.Clone();
acceleratedTokenParameters.IssuerBindingContext = issuerBindingContext;
protocolFactory.SecurityBindingElement.EndpointSupportingTokenParameters.Endorsing.Insert(0, acceleratedTokenParameters);
}
finally
{
EndpointSupportingTokenParameters.Endorsing.Insert(0, scParameters);
}
securityServiceDispatcher.SecurityProtocolFactory = protocolFactory;
}
}
else
{
SecurityProtocolFactory protocolFactory = CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, true, issuerBindingContext);
securityServiceDispatcher.SecurityProtocolFactory = protocolFactory;
}
securityServiceDispatcher.InitializeSecurityDispatcher(channelBuilder, typeof(TChannel));
//return channelListener;
channelBuilder.BuildServiceDispatcher <TChannel>(context, securityServiceDispatcher);
return(securityServiceDispatcher);
}
internal TransportSecurityProtocolFactory(TransportSecurityProtocolFactory factory) : base(factory)
{
}
protected override IChannelListener <TChannel> BuildChannelListenerCore <TChannel>(BindingContext context) where TChannel : class, IChannel
{
SecureConversationSecurityTokenParameters parameters;
SecurityChannelListener <TChannel> listener = new SecurityChannelListener <TChannel>(this, context);
SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>();
if (credentialsManager == null)
{
credentialsManager = ServiceCredentials.CreateDefaultCredentials();
}
if (base.EndpointSupportingTokenParameters.Endorsing.Count > 0)
{
parameters = base.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters;
}
else
{
parameters = null;
}
bool addChannelDemuxerIfRequired = this.RequiresChannelDemuxer();
ChannelBuilder builder = new ChannelBuilder(context, addChannelDemuxerIfRequired);
if (addChannelDemuxerIfRequired)
{
base.ApplyPropertiesOnDemuxer(builder, context);
}
BindingContext secureConversationBindingContext = context.Clone();
if (parameters != null)
{
if (parameters.BootstrapSecurityBindingElement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("SecureConversationSecurityTokenParametersRequireBootstrapBinding")));
}
base.AddDemuxerForSecureConversation(builder, secureConversationBindingContext);
if (parameters.RequireCancellation)
{
SessionSymmetricTransportSecurityProtocolFactory factory = new SessionSymmetricTransportSecurityProtocolFactory();
base.ApplyAuditBehaviorSettings(context, factory);
factory.SecurityTokenParameters = parameters.Clone();
((SecureConversationSecurityTokenParameters)factory.SecurityTokenParameters).IssuerBindingContext = secureConversationBindingContext;
base.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
try
{
base.ConfigureProtocolFactory(factory, credentialsManager, true, secureConversationBindingContext, context.Binding);
}
finally
{
base.EndpointSupportingTokenParameters.Endorsing.Insert(0, parameters);
}
listener.SessionMode = true;
listener.SessionServerSettings.InactivityTimeout = base.LocalServiceSettings.InactivityTimeout;
listener.SessionServerSettings.KeyRolloverInterval = base.LocalServiceSettings.SessionKeyRolloverInterval;
listener.SessionServerSettings.MaximumPendingSessions = base.LocalServiceSettings.MaxPendingSessions;
listener.SessionServerSettings.MaximumKeyRenewalInterval = base.LocalServiceSettings.SessionKeyRenewalInterval;
listener.SessionServerSettings.TolerateTransportFailures = base.LocalServiceSettings.ReconnectTransportOnFailure;
listener.SessionServerSettings.CanRenewSession = parameters.CanRenewSession;
listener.SessionServerSettings.IssuedSecurityTokenParameters = parameters.Clone();
((SecureConversationSecurityTokenParameters)listener.SessionServerSettings.IssuedSecurityTokenParameters).IssuerBindingContext = secureConversationBindingContext;
listener.SessionServerSettings.SecurityStandardsManager = factory.StandardsManager;
listener.SessionServerSettings.SessionProtocolFactory = factory;
if (((context.BindingParameters != null) && (context.BindingParameters.Find <IChannelDemuxFailureHandler>() == null)) && !base.IsUnderlyingListenerDuplex <TChannel>(context))
{
context.BindingParameters.Add(new SecuritySessionServerSettings.SecuritySessionDemuxFailureHandler(factory.StandardsManager));
}
}
else
{
TransportSecurityProtocolFactory factory2 = new TransportSecurityProtocolFactory();
base.ApplyAuditBehaviorSettings(context, factory2);
base.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
try
{
base.ConfigureProtocolFactory(factory2, credentialsManager, true, secureConversationBindingContext, context.Binding);
SecureConversationSecurityTokenParameters item = (SecureConversationSecurityTokenParameters)parameters.Clone();
item.IssuerBindingContext = secureConversationBindingContext;
factory2.SecurityBindingElement.EndpointSupportingTokenParameters.Endorsing.Insert(0, item);
}
finally
{
base.EndpointSupportingTokenParameters.Endorsing.Insert(0, parameters);
}
listener.SecurityProtocolFactory = factory2;
}
}
else
{
SecurityProtocolFactory factory3 = this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, true, secureConversationBindingContext);
listener.SecurityProtocolFactory = factory3;
}
listener.InitializeListener(builder);
return(listener);
}
protected override IChannelFactory <TChannel> BuildChannelFactoryCore <TChannel>(BindingContext context)
{
ISecurityCapabilities property = this.GetProperty <ISecurityCapabilities>(context);
SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>();
if (credentialsManager == null)
{
credentialsManager = ClientCredentials.CreateDefaultCredentials();
}
SecureConversationSecurityTokenParameters item = null;
if (base.EndpointSupportingTokenParameters.Endorsing.Count > 0)
{
item = base.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters;
}
bool addChannelDemuxerIfRequired = this.RequiresChannelDemuxer();
ChannelBuilder builder = new ChannelBuilder(context, addChannelDemuxerIfRequired);
if (addChannelDemuxerIfRequired)
{
base.ApplyPropertiesOnDemuxer(builder, context);
}
BindingContext issuerBindingContext = context.Clone();
if (item != null)
{
if (item.BootstrapSecurityBindingElement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("SecureConversationSecurityTokenParametersRequireBootstrapBinding")));
}
item.IssuerBindingContext = issuerBindingContext;
if (item.RequireCancellation)
{
SessionSymmetricTransportSecurityProtocolFactory factory2 = new SessionSymmetricTransportSecurityProtocolFactory {
SecurityTokenParameters = item.Clone()
};
((SecureConversationSecurityTokenParameters)factory2.SecurityTokenParameters).IssuerBindingContext = issuerBindingContext;
base.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
try
{
base.ConfigureProtocolFactory(factory2, credentialsManager, false, issuerBindingContext, context.Binding);
}
finally
{
base.EndpointSupportingTokenParameters.Endorsing.Insert(0, item);
}
SecuritySessionClientSettings <TChannel> sessionClientSettings = new SecuritySessionClientSettings <TChannel> {
ChannelBuilder = builder,
KeyRenewalInterval = base.LocalClientSettings.SessionKeyRenewalInterval,
KeyRolloverInterval = base.LocalClientSettings.SessionKeyRolloverInterval,
TolerateTransportFailures = base.LocalClientSettings.ReconnectTransportOnFailure,
CanRenewSession = item.CanRenewSession,
IssuedSecurityTokenParameters = item.Clone()
};
((SecureConversationSecurityTokenParameters)sessionClientSettings.IssuedSecurityTokenParameters).IssuerBindingContext = issuerBindingContext;
sessionClientSettings.SecurityStandardsManager = factory2.StandardsManager;
sessionClientSettings.SessionProtocolFactory = factory2;
return(new SecurityChannelFactory <TChannel>(property, context, sessionClientSettings));
}
TransportSecurityProtocolFactory factory = new TransportSecurityProtocolFactory();
base.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
try
{
base.ConfigureProtocolFactory(factory, credentialsManager, false, issuerBindingContext, context.Binding);
SecureConversationSecurityTokenParameters parameters2 = (SecureConversationSecurityTokenParameters)item.Clone();
parameters2.IssuerBindingContext = issuerBindingContext;
factory.SecurityBindingElement.EndpointSupportingTokenParameters.Endorsing.Insert(0, parameters2);
}
finally
{
base.EndpointSupportingTokenParameters.Endorsing.Insert(0, item);
}
return(new SecurityChannelFactory <TChannel>(property, context, builder, factory));
}
return(new SecurityChannelFactory <TChannel>(property, context, builder, this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, false, issuerBindingContext)));
}
internal TransportSecurityProtocolFactory(TransportSecurityProtocolFactory factory)
: base(factory)
{
}
protected override IChannelFactory <TChannel> BuildChannelFactoryCore <TChannel>(BindingContext context)
{
ISecurityCapabilities securityCapabilities = this.GetProperty <ISecurityCapabilities>(context);
SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>();
if (credentialsManager == null)
{
credentialsManager = ClientCredentials.CreateDefaultCredentials();
}
SecureConversationSecurityTokenParameters scParameters = null;
if (this.EndpointSupportingTokenParameters.Endorsing.Count > 0)
{
scParameters = this.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters;
}
// This adds the demuxer element to the context
bool requireDemuxer = RequiresChannelDemuxer();
ChannelBuilder channelBuilder = new ChannelBuilder(context, requireDemuxer);
if (requireDemuxer)
{
ApplyPropertiesOnDemuxer(channelBuilder, context);
}
BindingContext issuerBindingContext = context.Clone();
SecurityChannelFactory <TChannel> channelFactory;
if (scParameters != null)
{
if (scParameters.BootstrapSecurityBindingElement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SecureConversationSecurityTokenParametersRequireBootstrapBinding)));
}
scParameters.IssuerBindingContext = issuerBindingContext;
if (scParameters.RequireCancellation)
{
SessionSymmetricTransportSecurityProtocolFactory sessionFactory = new SessionSymmetricTransportSecurityProtocolFactory();
sessionFactory.SecurityTokenParameters = scParameters.Clone();
((SecureConversationSecurityTokenParameters)sessionFactory.SecurityTokenParameters).IssuerBindingContext = issuerBindingContext;
this.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
try
{
base.ConfigureProtocolFactory(sessionFactory, credentialsManager, false, issuerBindingContext, context.Binding);
}
finally
{
this.EndpointSupportingTokenParameters.Endorsing.Insert(0, scParameters);
}
SecuritySessionClientSettings <TChannel> sessionClientSettings = new SecuritySessionClientSettings <TChannel>();
sessionClientSettings.ChannelBuilder = channelBuilder;
sessionClientSettings.KeyRenewalInterval = this.LocalClientSettings.SessionKeyRenewalInterval;
sessionClientSettings.KeyRolloverInterval = this.LocalClientSettings.SessionKeyRolloverInterval;
sessionClientSettings.TolerateTransportFailures = this.LocalClientSettings.ReconnectTransportOnFailure;
sessionClientSettings.CanRenewSession = scParameters.CanRenewSession;
sessionClientSettings.IssuedSecurityTokenParameters = scParameters.Clone();
((SecureConversationSecurityTokenParameters)sessionClientSettings.IssuedSecurityTokenParameters).IssuerBindingContext = issuerBindingContext;
sessionClientSettings.SecurityStandardsManager = sessionFactory.StandardsManager;
sessionClientSettings.SessionProtocolFactory = sessionFactory;
channelFactory = new SecurityChannelFactory <TChannel>(securityCapabilities, context, sessionClientSettings);
}
else
{
TransportSecurityProtocolFactory protocolFactory = new TransportSecurityProtocolFactory();
this.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
try
{
base.ConfigureProtocolFactory(protocolFactory, credentialsManager, false, issuerBindingContext, context.Binding);
SecureConversationSecurityTokenParameters acceleratedTokenParameters = (SecureConversationSecurityTokenParameters)scParameters.Clone();
acceleratedTokenParameters.IssuerBindingContext = issuerBindingContext;
protocolFactory.SecurityBindingElement.EndpointSupportingTokenParameters.Endorsing.Insert(0, acceleratedTokenParameters);
}
finally
{
this.EndpointSupportingTokenParameters.Endorsing.Insert(0, scParameters);
}
channelFactory = new SecurityChannelFactory <TChannel>(securityCapabilities, context, channelBuilder, protocolFactory);
}
}
else
{
SecurityProtocolFactory protocolFactory = this.CreateSecurityProtocolFactory <TChannel>(
context, credentialsManager, false, issuerBindingContext);
channelFactory = new SecurityChannelFactory <TChannel>(securityCapabilities, context, channelBuilder, protocolFactory);
}
return(channelFactory);
}
