public SslStreamSecurityUpgradeInitiator(SslStreamSecurityUpgradeProvider parent, EndpointAddress remoteAddress, Uri via) : base("application/ssl-tls", remoteAddress, via)
 {
     SecurityTokenResolver resolver;
     this.parent = parent;
     InitiatorServiceModelSecurityTokenRequirement tokenRequirement = new InitiatorServiceModelSecurityTokenRequirement {
         TokenType = SecurityTokenTypes.X509Certificate,
         RequireCryptographicToken = true,
         KeyUsage = SecurityKeyUsage.Exchange,
         TargetAddress = remoteAddress,
         Via = via,
         TransportScheme = this.parent.Scheme
     };
     this.serverCertificateAuthenticator = parent.ClientSecurityTokenManager.CreateSecurityTokenAuthenticator(tokenRequirement, out resolver);
     if (parent.RequireClientCertificate)
     {
         InitiatorServiceModelSecurityTokenRequirement requirement2 = new InitiatorServiceModelSecurityTokenRequirement {
             TokenType = SecurityTokenTypes.X509Certificate,
             RequireCryptographicToken = true,
             KeyUsage = SecurityKeyUsage.Signature,
             TargetAddress = remoteAddress,
             Via = via,
             TransportScheme = this.parent.Scheme
         };
         this.clientCertificateProvider = parent.ClientSecurityTokenManager.CreateSecurityTokenProvider(requirement2);
         if (this.clientCertificateProvider == null)
         {
             throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("ClientCredentialsUnableToCreateLocalTokenProvider", new object[] { requirement2 })));
         }
     }
 }
 public SecurityTokenProviderContainer(SecurityTokenProvider tokenProvider)
 {
     if (tokenProvider == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenProvider");
     }
     this.tokenProvider = tokenProvider;
 }
 public ProviderBackedSecurityToken(SecurityTokenProvider tokenProvider, TimeSpan timeout)
 {
     if (tokenProvider == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("tokenProvider"));
     }
     this._tokenProvider = tokenProvider;
     this._timeout = timeout;
 }
 public SupportingTokenProviderSpecification(SecurityTokenProvider tokenProvider, SecurityTokenAttachmentMode attachmentMode, SecurityTokenParameters tokenParameters)
 {
     if (tokenProvider == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenProvider");
     }
     SecurityTokenAttachmentModeHelper.Validate(attachmentMode);
     if (tokenParameters == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenParameters");
     }
     _tokenProvider = tokenProvider;
     _tokenAttachmentMode = attachmentMode;
     _tokenParameters = tokenParameters;
 }
 public override void OnAbort()
 {
     if (this.serverTokenProvider != null)
     {
         System.ServiceModel.Security.SecurityUtils.AbortTokenProviderIfRequired(this.serverTokenProvider);
         this.serverTokenProvider = null;
     }
     if (this.clientTokenAuthenticator != null)
     {
         System.ServiceModel.Security.SecurityUtils.AbortTokenAuthenticatorIfRequired(this.clientTokenAuthenticator);
         this.clientTokenAuthenticator = null;
     }
     if (this.serverToken != null)
     {
         this.serverToken = null;
     }
     base.OnAbort();
 }
 public override void OnClose(TimeSpan timeout)
 {
     TimeoutHelper helper = new TimeoutHelper(timeout);
     if (this.serverTokenProvider != null)
     {
         System.ServiceModel.Security.SecurityUtils.CloseTokenProviderIfRequired(this.serverTokenProvider, helper.RemainingTime());
         this.serverTokenProvider = null;
     }
     if (this.clientTokenAuthenticator != null)
     {
         System.ServiceModel.Security.SecurityUtils.CloseTokenAuthenticatorIfRequired(this.clientTokenAuthenticator, helper.RemainingTime());
         this.clientTokenAuthenticator = null;
     }
     if (this.serverToken != null)
     {
         this.serverToken = null;
     }
     base.OnClose(helper.RemainingTime());
 }
        public override void OnOpen(TimeSpan timeout)
        {
            TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);
            base.OnOpen(timeoutHelper.RemainingTime());
            if (this.Factory.ActAsInitiator)
            {
                if (this.Factory.ApplyIntegrity)
                {
                    InitiatorServiceModelSecurityTokenRequirement requirement = CreateInitiatorSecurityTokenRequirement();
                    this.Factory.CryptoTokenParameters.InitializeSecurityTokenRequirement(requirement);
                    requirement.KeyUsage = SecurityKeyUsage.Signature;
                    requirement.Properties[ServiceModelSecurityTokenRequirement.MessageDirectionProperty] = MessageDirection.Output;
                    this.initiatorCryptoTokenProvider = this.Factory.SecurityTokenManager.CreateSecurityTokenProvider(requirement);
                    SecurityUtils.OpenTokenProviderIfRequired(this.initiatorCryptoTokenProvider, timeoutHelper.RemainingTime());
                }
                if (this.Factory.RequireIntegrity || this.Factory.ApplyConfidentiality)
                {
                    InitiatorServiceModelSecurityTokenRequirement providerRequirement = CreateInitiatorSecurityTokenRequirement();
                    this.Factory.AsymmetricTokenParameters.InitializeSecurityTokenRequirement(providerRequirement);
                    providerRequirement.KeyUsage = SecurityKeyUsage.Exchange;
                    providerRequirement.Properties[ServiceModelSecurityTokenRequirement.MessageDirectionProperty] = (this.Factory.ApplyConfidentiality) ? MessageDirection.Output : MessageDirection.Input;
                    this.initiatorAsymmetricTokenProvider = this.Factory.SecurityTokenManager.CreateSecurityTokenProvider(providerRequirement);
                    SecurityUtils.OpenTokenProviderIfRequired(this.initiatorAsymmetricTokenProvider, timeoutHelper.RemainingTime());

                    InitiatorServiceModelSecurityTokenRequirement authenticatorRequirement = CreateInitiatorSecurityTokenRequirement();
                    this.Factory.AsymmetricTokenParameters.InitializeSecurityTokenRequirement(authenticatorRequirement);
                    authenticatorRequirement.IsOutOfBandToken = !this.Factory.AllowSerializedSigningTokenOnReply;
                    authenticatorRequirement.KeyUsage = SecurityKeyUsage.Exchange;
                    authenticatorRequirement.Properties[ServiceModelSecurityTokenRequirement.MessageDirectionProperty] = (this.Factory.ApplyConfidentiality) ? MessageDirection.Output : MessageDirection.Input;
                    // Create authenticator (we dont support out of band resolvers on the client side
                    SecurityTokenResolver outOfBandTokenResolver;
                    this.initiatorAsymmetricTokenAuthenticator = this.Factory.SecurityTokenManager.CreateSecurityTokenAuthenticator(authenticatorRequirement, out outOfBandTokenResolver);
                    SecurityUtils.OpenTokenAuthenticatorIfRequired(this.initiatorAsymmetricTokenAuthenticator, timeoutHelper.RemainingTime());
                }
            }
        }
 public GetTwoTokensAndSetUpSecurityAsyncResult(Message m, MessageSecurityProtocol binding,
     SecurityTokenProvider primaryProvider, SecurityTokenProvider secondaryProvider, bool doIdentityChecks, SecurityTokenAuthenticator identityCheckAuthenticator,
     SecurityProtocolCorrelationState oldCorrelationState,
     TimeSpan timeout,
     AsyncCallback callback, object state)
     : base(m, binding, timeout, callback, state)
 {
     this.message = m;
     this.binding = binding;
     this.primaryProvider = primaryProvider;
     this.secondaryProvider = secondaryProvider;
     this.doIdentityChecks = doIdentityChecks;
     this.identityCheckAuthenticator = identityCheckAuthenticator;
     this.oldCorrelationState = oldCorrelationState;
 }
 protected SecurityToken GetTokenAndEnsureOutgoingIdentity(SecurityTokenProvider provider, bool isEncryptionOn, TimeSpan timeout, SecurityTokenAuthenticator authenticator)
 {
     SecurityToken token = GetToken(provider, this.Target, timeout);
     if (isEncryptionOn)
     {
         EnsureOutgoingIdentity(token, authenticator);
     }
     return token;
 }
 public SecureOutgoingMessageAsyncResult(Message m, SymmetricSecurityProtocol binding, SecurityTokenProvider provider, bool doIdentityChecks, SecurityTokenAuthenticator identityCheckAuthenticator, SecurityProtocolCorrelationState correlationState, TimeSpan timeout, AsyncCallback callback, object state) : base(m, binding, provider, doIdentityChecks, identityCheckAuthenticator, correlationState, timeout, callback, state)
 {
     this.symmetricBinding = binding;
     base.Start();
 }
 public override void OnOpen(TimeSpan timeout)
 {
     TimeoutHelper helper = new TimeoutHelper(timeout);
     base.OnOpen(helper.RemainingTime());
     if (this.Factory.ActAsInitiator)
     {
         SecurityTokenResolver resolver;
         InitiatorServiceModelSecurityTokenRequirement tokenRequirement = this.CreateInitiatorTokenRequirement();
         SecurityTokenProvider tokenProvider = this.Factory.SecurityTokenManager.CreateSecurityTokenProvider(tokenRequirement);
         System.ServiceModel.Security.SecurityUtils.OpenTokenProviderIfRequired(tokenProvider, helper.RemainingTime());
         if (this.Factory.SecurityTokenParameters.HasAsymmetricKey)
         {
             this.initiatorAsymmetricTokenProvider = tokenProvider;
         }
         else
         {
             this.initiatorSymmetricTokenProvider = tokenProvider;
         }
         InitiatorServiceModelSecurityTokenRequirement requirement2 = this.CreateInitiatorTokenRequirement();
         this.initiatorTokenAuthenticator = this.Factory.SecurityTokenManager.CreateSecurityTokenAuthenticator(requirement2, out resolver);
         System.ServiceModel.Security.SecurityUtils.OpenTokenAuthenticatorIfRequired(this.initiatorTokenAuthenticator, helper.RemainingTime());
     }
 }
        public override void OnOpen(TimeSpan timeout)
        {
            TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);
            base.OnOpen(timeoutHelper.RemainingTime());
            if (this.Factory.ActAsInitiator)
            {
                // 1. Create a token requirement for the provider
                InitiatorServiceModelSecurityTokenRequirement tokenProviderRequirement = CreateInitiatorTokenRequirement();

                // 2. Create a provider
                SecurityTokenProvider tokenProvider = this.Factory.SecurityTokenManager.CreateSecurityTokenProvider(tokenProviderRequirement);
                SecurityUtils.OpenTokenProviderIfRequired(tokenProvider, timeoutHelper.RemainingTime());
                if (this.Factory.SecurityTokenParameters.HasAsymmetricKey)
                {
                    this.initiatorAsymmetricTokenProvider = tokenProvider;
                }
                else
                {
                    this.initiatorSymmetricTokenProvider = tokenProvider;
                }

                // 3. Create a token requirement for authenticator
                InitiatorServiceModelSecurityTokenRequirement tokenAuthenticatorRequirement = CreateInitiatorTokenRequirement();

                // 4. Create authenticator (we dont support out of band resolvers on the client side
                SecurityTokenResolver outOfBandTokenResolver;
                this.initiatorTokenAuthenticator = this.Factory.SecurityTokenManager.CreateSecurityTokenAuthenticator(tokenAuthenticatorRequirement, out outOfBandTokenResolver);
                SecurityUtils.OpenTokenAuthenticatorIfRequired(this.initiatorTokenAuthenticator, timeoutHelper.RemainingTime());
            }
        }
        internal static SecurityToken GetToken(SecurityTokenProvider provider, EndpointAddress target, TimeSpan timeout)
        {
            if (provider == null)
            {
                // should this be an ArgumentNullException ?
                // throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("provider"));
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.TokenProviderCannotGetTokensForTarget, target)));
            }

            SecurityToken token = null;

            try
            {
                token = provider.GetToken(timeout);
            }
            catch (SecurityTokenException exception)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.TokenProviderCannotGetTokensForTarget, target), exception));
            }
            catch (SecurityNegotiationException sne)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.TokenProviderCannotGetTokensForTarget, target), sne));
            }

            return token;
        }
 internal static SecurityToken GetToken(SecurityTokenProvider provider, EndpointAddress target, TimeSpan timeout)
 {
     if (provider == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("TokenProviderCannotGetTokensForTarget", new object[] { target })));
     }
     SecurityToken token = null;
     try
     {
         token = provider.GetToken(timeout);
     }
     catch (SecurityTokenException exception)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("TokenProviderCannotGetTokensForTarget", new object[] { target }), exception));
     }
     catch (SecurityNegotiationException exception2)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("TokenProviderCannotGetTokensForTarget", new object[] { target }), exception2));
     }
     return token;
 }
 bool CardSpaceTryCreateSecurityTokenProviderStub(SecurityTokenRequirement tokenRequirement, ClientCredentialsSecurityTokenManager clientCredentialsTokenManager, out SecurityTokenProvider provider)
 {
     return InfoCardHelper.TryCreateSecurityTokenProvider(tokenRequirement, clientCredentialsTokenManager, out provider);
 }
Example #16
0
 void AddSupportingTokenProviders(SupportingTokenParameters supportingTokenParameters, bool isOptional, IList <SupportingTokenProviderSpecification> providerSpecList)
 {
     for (int i = 0; i < supportingTokenParameters.Endorsing.Count; ++i)
     {
         SecurityTokenRequirement requirement = this.CreateInitiatorSecurityTokenRequirement(supportingTokenParameters.Endorsing[i], SecurityTokenAttachmentMode.Endorsing);
         try
         {
             if (isOptional)
             {
                 requirement.IsOptionalToken = true;
             }
             System.IdentityModel.Selectors.SecurityTokenProvider provider = this.factory.SecurityTokenManager.CreateSecurityTokenProvider(requirement);
             if (provider == null)
             {
                 continue;
             }
             SupportingTokenProviderSpecification providerSpec = new SupportingTokenProviderSpecification(provider, SecurityTokenAttachmentMode.Endorsing, supportingTokenParameters.Endorsing[i]);
             providerSpecList.Add(providerSpec);
         }
         catch (Exception e)
         {
             if (!isOptional || Fx.IsFatal(e))
             {
                 throw;
             }
         }
     }
     for (int i = 0; i < supportingTokenParameters.SignedEndorsing.Count; ++i)
     {
         SecurityTokenRequirement requirement = this.CreateInitiatorSecurityTokenRequirement(supportingTokenParameters.SignedEndorsing[i], SecurityTokenAttachmentMode.SignedEndorsing);
         try
         {
             if (isOptional)
             {
                 requirement.IsOptionalToken = true;
             }
             System.IdentityModel.Selectors.SecurityTokenProvider provider = this.factory.SecurityTokenManager.CreateSecurityTokenProvider(requirement);
             if (provider == null)
             {
                 continue;
             }
             SupportingTokenProviderSpecification providerSpec = new SupportingTokenProviderSpecification(provider, SecurityTokenAttachmentMode.SignedEndorsing, supportingTokenParameters.SignedEndorsing[i]);
             providerSpecList.Add(providerSpec);
         }
         catch (Exception e)
         {
             if (!isOptional || Fx.IsFatal(e))
             {
                 throw;
             }
         }
     }
     for (int i = 0; i < supportingTokenParameters.SignedEncrypted.Count; ++i)
     {
         SecurityTokenRequirement requirement = this.CreateInitiatorSecurityTokenRequirement(supportingTokenParameters.SignedEncrypted[i], SecurityTokenAttachmentMode.SignedEncrypted);
         try
         {
             if (isOptional)
             {
                 requirement.IsOptionalToken = true;
             }
             System.IdentityModel.Selectors.SecurityTokenProvider provider = this.factory.SecurityTokenManager.CreateSecurityTokenProvider(requirement);
             if (provider == null)
             {
                 continue;
             }
             SupportingTokenProviderSpecification providerSpec = new SupportingTokenProviderSpecification(provider, SecurityTokenAttachmentMode.SignedEncrypted, supportingTokenParameters.SignedEncrypted[i]);
             providerSpecList.Add(providerSpec);
         }
         catch (Exception e)
         {
             if (!isOptional || Fx.IsFatal(e))
             {
                 throw;
             }
         }
     }
     for (int i = 0; i < supportingTokenParameters.Signed.Count; ++i)
     {
         SecurityTokenRequirement requirement = this.CreateInitiatorSecurityTokenRequirement(supportingTokenParameters.Signed[i], SecurityTokenAttachmentMode.Signed);
         try
         {
             if (isOptional)
             {
                 requirement.IsOptionalToken = true;
             }
             System.IdentityModel.Selectors.SecurityTokenProvider provider = this.factory.SecurityTokenManager.CreateSecurityTokenProvider(requirement);
             if (provider == null)
             {
                 continue;
             }
             SupportingTokenProviderSpecification providerSpec = new SupportingTokenProviderSpecification(provider, SecurityTokenAttachmentMode.Signed, supportingTokenParameters.Signed[i]);
             providerSpecList.Add(providerSpec);
         }
         catch (Exception e)
         {
             if (!isOptional || Fx.IsFatal(e))
             {
                 throw;
             }
         }
     }
 }