public void InitiateHandShake()
{
IPeerNeighbor neighbor = host;
Message reply = null;
Fx.Assert(host != null, "Cannot initiate security handshake without a host!");
//send the RST message.
using (OperationContextScope scope = new OperationContextScope(new OperationContext((ServiceHostBase)null)))
{
PeerHashToken token = this.securityManager.GetSelfToken();
Message request = Message.CreateMessage(MessageVersion.Soap12WSAddressing10, TrustFeb2005Strings.RequestSecurityToken, new PeerRequestSecurityToken(token));
bool fatal = false;
try
{
reply = neighbor.RequestSecurityToken(request);
if (!(reply != null))
{
throw Fx.AssertAndThrow("SecurityHandshake return empty message!");
}
ProcessRstr(neighbor, reply, PeerSecurityManager.FindClaim(ServiceSecurityContext.Current));
}
catch (Exception e)
{
if (Fx.IsFatal(e))
{
fatal = true;
throw;
}
DiagnosticUtility.TraceHandledException(e, TraceEventType.Information);
this.state = PeerAuthState.Failed;
if (DiagnosticUtility.ShouldTraceError)
{
ServiceSecurityContext context = ServiceSecurityContext.Current;
ClaimSet claimSet = null;
if (context != null && context.AuthorizationContext != null && context.AuthorizationContext.ClaimSets != null && context.AuthorizationContext.ClaimSets.Count > 0)
{
claimSet = context.AuthorizationContext.ClaimSets[0];
}
PeerAuthenticationFailureTraceRecord record = new PeerAuthenticationFailureTraceRecord(
meshId,
neighbor.ListenAddress.EndpointAddress.ToString(),
claimSet,
e);
TraceUtility.TraceEvent(TraceEventType.Error,
TraceCode.PeerNodeAuthenticationFailure, SR.GetString(SR.TraceCodePeerNodeAuthenticationFailure),
record, this, null);
}
neighbor.Abort(PeerCloseReason.AuthenticationFailure, PeerCloseInitiator.LocalNode);
}
finally
{
if (!fatal)
{
request.Close();
}
}
}
}
public override bool Equals(object token)
{
PeerHashToken that = token as PeerHashToken;
if (that == null)
{
return(false);
}
if (Object.ReferenceEquals(that, this))
{
return(true);
}
if (this.authenticator != null && that.authenticator != null && this.authenticator.Length == that.authenticator.Length)
{
for (int i = 0; i < this.authenticator.Length; i++)
{
if (this.authenticator[i] != that.authenticator[i])
{
return(false);
}
}
return(true);
}
return(false);
}
public PeerRequestSecurityToken(PeerHashToken token)
: base()
{
this.token = token;
this.TokenType = PeerHashToken.TokenTypeString;
this.RequestType = PeerHashToken.RequestTypeString;
}
public static PeerHashToken CreateHashTokenFrom(Message message)
{
PeerHashToken invalid = PeerHashToken.Invalid;
RequestSecurityTokenResponse response = RequestSecurityTokenResponse.CreateFrom(message.GetReaderAtBodyContents(), MessageSecurityVersion.Default, new PeerSecurityTokenSerializer());
if (string.Compare(response.TokenType, "http://schemas.microsoft.com/net/2006/05/peer/peerhashtoken", StringComparison.OrdinalIgnoreCase) == 0)
{
XmlElement requestSecurityTokenResponseXml = response.RequestSecurityTokenResponseXml;
if (requestSecurityTokenResponseXml == null)
{
return(invalid);
}
foreach (XmlElement element2 in requestSecurityTokenResponseXml.ChildNodes)
{
if (PeerRequestSecurityToken.CompareWithNS(element2.LocalName, element2.NamespaceURI, "Status", "http://schemas.xmlsoap.org/ws/2005/02/trust"))
{
if (element2.ChildNodes.Count == 1)
{
XmlElement element = element2.ChildNodes[0] as XmlElement;
if (PeerRequestSecurityToken.CompareWithNS(element.LocalName, element.NamespaceURI, "Code", "http://schemas.xmlsoap.org/ws/2005/02/trust") && (string.Compare(XmlHelper.ReadTextElementAsTrimmedString(element), "http://schemas.xmlsoap.org/ws/2005/02/trust/status/valid", StringComparison.OrdinalIgnoreCase) != 0))
{
return(invalid);
}
}
}
else if (PeerRequestSecurityToken.CompareWithNS(element2.LocalName, element2.NamespaceURI, "RequestedSecurityToken", "http://schemas.xmlsoap.org/ws/2005/02/trust"))
{
return(PeerHashToken.CreateFrom(element2));
}
}
}
return(invalid);
}
public void InitiateHandShake()
{
IPeerNeighbor host = this.host;
Message message = null;
using (new OperationContextScope(new OperationContext(null)))
{
PeerHashToken selfToken = this.securityManager.GetSelfToken();
Message request = Message.CreateMessage(MessageVersion.Soap12WSAddressing10, "RequestSecurityToken", (BodyWriter) new PeerRequestSecurityToken(selfToken));
bool flag = false;
try
{
message = host.RequestSecurityToken(request);
if (message == null)
{
throw Fx.AssertAndThrow("SecurityHandshake return empty message!");
}
this.ProcessRstr(host, message, PeerSecurityManager.FindClaim(ServiceSecurityContext.Current));
}
catch (Exception exception)
{
if (Fx.IsFatal(exception))
{
flag = true;
throw;
}
DiagnosticUtility.ExceptionUtility.TraceHandledException(exception, TraceEventType.Information);
this.state = PeerAuthState.Failed;
if (DiagnosticUtility.ShouldTraceError)
{
ServiceSecurityContext current = ServiceSecurityContext.Current;
ClaimSet claimSet = null;
if (((current != null) && (current.AuthorizationContext != null)) && ((current.AuthorizationContext.ClaimSets != null) && (current.AuthorizationContext.ClaimSets.Count > 0)))
{
claimSet = current.AuthorizationContext.ClaimSets[0];
}
PeerAuthenticationFailureTraceRecord extendedData = new PeerAuthenticationFailureTraceRecord(this.meshId, host.ListenAddress.EndpointAddress.ToString(), claimSet, exception);
TraceUtility.TraceEvent(TraceEventType.Error, 0x4004d, System.ServiceModel.SR.GetString("TraceCodePeerNodeAuthenticationFailure"), extendedData, this, null);
}
host.Abort(PeerCloseReason.AuthenticationFailure, PeerCloseInitiator.LocalNode);
}
finally
{
if (!flag)
{
request.Close();
}
}
}
}
public void ProcessRstr(IPeerNeighbor neighbor, Message message, Claim claim)
{
PeerHashToken token = PeerRequestSecurityTokenResponse.CreateHashTokenFrom(message);
if (!token.IsValid)
{
this.OnFailed(neighbor);
}
else if (!this.securityManager.GetExpectedTokenForClaim(claim).Equals(token))
{
this.OnFailed(neighbor);
}
else
{
this.OnAuthenticated();
}
}
public static PeerHashToken CreateHashTokenFrom(Message message)
{
PeerHashToken invalid = PeerHashToken.Invalid;
RequestSecurityToken token2 = RequestSecurityToken.CreateFrom(message.GetReaderAtBodyContents());
if (token2.RequestSecurityTokenXml != null)
{
foreach (System.Xml.XmlNode node in token2.RequestSecurityTokenXml.ChildNodes)
{
XmlElement child = (XmlElement)node;
if ((child != null) && CompareWithNS(child.LocalName, child.NamespaceURI, "RequestedSecurityToken", "http://schemas.xmlsoap.org/ws/2005/02/trust"))
{
invalid = PeerHashToken.CreateFrom(child);
}
}
}
return(invalid);
}
public Message ProcessRst(Message message, Claim claim)
{
IPeerNeighbor neighbor = host;
PeerRequestSecurityTokenResponse response = null;
Message reply = null;
lock (ThisLock)
{
if (this.state != PeerAuthState.Created || neighbor == null || neighbor.IsInitiator || neighbor.State != PeerNeighborState.Opened)
{
OnFailed(neighbor);
return(null);
}
}
try
{
PeerHashToken receivedToken = PeerRequestSecurityToken.CreateHashTokenFrom(message);
PeerHashToken expectedToken = securityManager.GetExpectedTokenForClaim(claim);
if (!expectedToken.Equals(receivedToken))
{
OnFailed(neighbor);
}
else
{
this.state = PeerAuthState.Authenticated;
PeerHashToken selfToken = securityManager.GetSelfToken();
response = new PeerRequestSecurityTokenResponse(selfToken);
reply = Message.CreateMessage(MessageVersion.Soap12WSAddressing10, TrustFeb2005Strings.RequestSecurityTokenResponse, response);
OnAuthenticated();
}
}
catch (Exception e)
{
if (Fx.IsFatal(e))
{
throw;
}
DiagnosticUtility.TraceHandledException(e, TraceEventType.Information);
OnFailed(neighbor);
}
return(reply);
}
public static PeerHashToken CreateHashTokenFrom(Message message)
{
PeerHashToken token = PeerHashToken.Invalid;
RequestSecurityTokenResponse response = RequestSecurityTokenResponse.CreateFrom(message.GetReaderAtBodyContents(), MessageSecurityVersion.Default, new PeerSecurityTokenSerializer());
if (String.Compare(response.TokenType, PeerHashToken.TokenTypeString, StringComparison.OrdinalIgnoreCase) != 0)
{
return(token);
}
XmlElement responseXml = response.RequestSecurityTokenResponseXml;
if (responseXml != null)
{
foreach (XmlElement child in responseXml.ChildNodes)
{
if (PeerRequestSecurityToken.CompareWithNS(child.LocalName, child.NamespaceURI, StatusString, TrustFeb2005Strings.Namespace))
{
if (child.ChildNodes.Count == 1)
{
XmlElement desc = (child.ChildNodes[0] as XmlElement);
if (PeerRequestSecurityToken.CompareWithNS(desc.LocalName, desc.NamespaceURI, CodeString, TrustFeb2005Strings.Namespace))
{
string code = XmlHelper.ReadTextElementAsTrimmedString(desc);
if (String.Compare(code, ValidString, StringComparison.OrdinalIgnoreCase) != 0)
{
break;
}
}
}
}
else if (PeerRequestSecurityToken.CompareWithNS(child.LocalName, child.NamespaceURI, TrustFeb2005Strings.RequestedSecurityToken, TrustFeb2005Strings.Namespace))
{
token = PeerHashToken.CreateFrom(child);
break;
}
}
}
return(token);
}
public static PeerHashToken CreateHashTokenFrom(Message message)
{
PeerHashToken token = PeerHashToken.Invalid;
XmlReader reader = message.GetReaderAtBodyContents();
RequestSecurityToken rst = RequestSecurityToken.CreateFrom(reader);
XmlElement rstXml = rst.RequestSecurityTokenXml;
if (rstXml != null)
{
//find the wrapper element
foreach (XmlNode node in rst.RequestSecurityTokenXml.ChildNodes)
{
XmlElement element = (XmlElement)node;
if (element == null || !PeerRequestSecurityToken.CompareWithNS(element.LocalName, element.NamespaceURI, PeerRequestSecurityToken.RequestedSecurityTokenElementName, TrustFeb2005Strings.Namespace))
{
continue;
}
token = PeerHashToken.CreateFrom(element);
}
}
return(token);
}
public Message ProcessRst(Message message, Claim claim)
{
IPeerNeighbor host = this.host;
PeerRequestSecurityTokenResponse response = null;
Message message2 = null;
lock (this.ThisLock)
{
if (((this.state != PeerAuthState.Created) || (host == null)) || (host.IsInitiator || (host.State != PeerNeighborState.Opened)))
{
this.OnFailed(host);
return(null);
}
}
try
{
PeerHashToken token = PeerRequestSecurityToken.CreateHashTokenFrom(message);
if (!this.securityManager.GetExpectedTokenForClaim(claim).Equals(token))
{
this.OnFailed(host);
return(message2);
}
this.state = PeerAuthState.Authenticated;
response = new PeerRequestSecurityTokenResponse(this.securityManager.GetSelfToken());
message2 = Message.CreateMessage(MessageVersion.Soap12WSAddressing10, "RequestSecurityTokenResponse", (BodyWriter)response);
this.OnAuthenticated();
}
catch (Exception exception)
{
if (Fx.IsFatal(exception))
{
throw;
}
DiagnosticUtility.ExceptionUtility.TraceHandledException(exception, TraceEventType.Information);
this.OnFailed(host);
}
return(message2);
}
public override bool Equals(object token)
{
PeerHashToken objA = token as PeerHashToken;
if (objA == null)
{
return(false);
}
if (!object.ReferenceEquals(objA, this))
{
if (((this.authenticator == null) || (objA.authenticator == null)) || (this.authenticator.Length != objA.authenticator.Length))
{
return(false);
}
for (int i = 0; i < this.authenticator.Length; i++)
{
if (this.authenticator[i] != objA.authenticator[i])
{
return(false);
}
}
}
return(true);
}
public static RequestSecurityTokenResponse CreateFrom(X509Certificate2 credential, string password)
{
PeerHashToken token = new PeerHashToken(credential, password);
return(new PeerRequestSecurityTokenResponse(token));
}
public PeerRequestSecurityTokenResponse(PeerHashToken token)
{
this.token = token;
this.isValid = (token != null && token.IsValid);
}
public static bool AuthenticateResponse(Claim claim, string password, Message message)
{
PeerHashToken request = PeerRequestSecurityTokenResponse.CreateHashTokenFrom(message);
return(request.Validate(claim, password));
}
public PeerRequestSecurityToken(PeerHashToken token)
{
this.token = token;
base.TokenType = "http://schemas.microsoft.com/net/2006/05/peer/peerhashtoken";
base.RequestType = "http://schemas.xmlsoap.org/ws/2005/02/trust/Validate";
}
