public override XmlElement CreateWsspSecureConversationTokenAssertion(MetadataExporter exporter, SecureConversationSecurityTokenParameters parameters)
{
XmlElement tokenAssertion = this.CreateWsspAssertion("SecureConversationToken");
this.SetIncludeTokenValue(tokenAssertion, parameters.InclusionMode);
tokenAssertion.AppendChild(this.CreateWspPolicyWrapper(exporter, new XmlElement[] { this.CreateWsspRequireDerivedKeysAssertion(parameters.RequireDerivedKeys), this.CreateWsspMustNotSendCancelAssertion(parameters.RequireCancellation), this.CreateWsspBootstrapPolicyAssertion(exporter, parameters.BootstrapSecurityBindingElement), this.CreateWsspMustNotSendAmendAssertion(), (!parameters.RequireCancellation || !parameters.CanRenewSession) ? this.CreateWsspMustNotSendRenewAssertion() : null }));
return tokenAssertion;
}
protected SecureConversationSecurityTokenParameters(SecureConversationSecurityTokenParameters source)
: base(source)
{
this.element = (SecurityBindingElement)source.element.Clone();
this.cancellable = source.cancellable;
this.requirements = new ChannelProtectionRequirements(default_channel_protection_requirements);
}
void InitializeSecureConversationParameters(SecureConversationSecurityTokenParameters sc, bool initializeNestedBindings)
{
SetPropertyValueIfNotDefaultValue(ConfigurationStrings.RequireSecurityContextCancellation, sc.RequireCancellation);
this.CanRenewSecurityContextToken = sc.CanRenewSession; // can't use default value optimization here because ApplyConfiguration relies on the runtime default instead, which is the opposite of the config default
if (sc.BootstrapSecurityBindingElement != null)
{
this.SecureConversationBootstrap.InitializeFrom(sc.BootstrapSecurityBindingElement, initializeNestedBindings);
}
}
protected SecureConversationSecurityTokenParameters(SecureConversationSecurityTokenParameters other)
: base(other)
{
this.element = (SecurityBindingElement)other.element.Clone();
this.cancellable = other.cancellable;
#if !MOBILE && !XAMMAC_4_5
this.requirements = new ChannelProtectionRequirements(default_channel_protection_requirements);
#endif
}
protected SecureConversationSecurityTokenParameters(SecureConversationSecurityTokenParameters other)
: base(other)
{
_requireCancellation = other._requireCancellation;
_canRenewSession = other._canRenewSession;
if (other._bootstrapSecurityBindingElement != null)
_bootstrapSecurityBindingElement = (SecurityBindingElement)other._bootstrapSecurityBindingElement.Clone();
if (other._issuerBindingContext != null)
_issuerBindingContext = other._issuerBindingContext.Clone();
}
protected SecureConversationSecurityTokenParameters(SecureConversationSecurityTokenParameters other)
: base(other)
{
this.requireCancellation = other.requireCancellation;
this.canRenewSession = other.canRenewSession;
if (other.bootstrapSecurityBindingElement != null)
this.bootstrapSecurityBindingElement = (SecurityBindingElement)other.bootstrapSecurityBindingElement.Clone();
if (other.bootstrapProtectionRequirements != null)
this.bootstrapProtectionRequirements = new ChannelProtectionRequirements(other.bootstrapProtectionRequirements);
if (other.issuerBindingContext != null)
this.issuerBindingContext = other.issuerBindingContext.Clone();
}
private void InitializeSecureConversationParameters(SecureConversationSecurityTokenParameters sc, bool initializeNestedBindings)
{
base.RequireSecurityContextCancellation = sc.RequireCancellation;
if (!sc.CanRenewSession)
{
base.CanRenewSecurityContextToken = sc.CanRenewSession;
}
if (sc.BootstrapSecurityBindingElement != null)
{
this.SecureConversationBootstrap.InitializeFrom(sc.BootstrapSecurityBindingElement, initializeNestedBindings);
}
}
protected SecureConversationSecurityTokenParameters(SecureConversationSecurityTokenParameters other)
: base(other)
{
_requireCancellation = other._requireCancellation;
_canRenewSession = other._canRenewSession;
if (other._bootstrapSecurityBindingElement != null)
{
_bootstrapSecurityBindingElement = (SecurityBindingElement)other._bootstrapSecurityBindingElement.Clone();
}
if (other._issuerBindingContext != null)
{
_issuerBindingContext = other._issuerBindingContext.Clone();
}
}
protected SecureConversationSecurityTokenParameters(SecureConversationSecurityTokenParameters other)
: base(other)
{
this.requireCancellation = other.requireCancellation;
this.canRenewSession = other.canRenewSession;
if (other.bootstrapSecurityBindingElement != null)
{
this.bootstrapSecurityBindingElement = (SecurityBindingElement)other.bootstrapSecurityBindingElement.Clone();
}
if (other.bootstrapProtectionRequirements != null)
{
this.bootstrapProtectionRequirements = new ChannelProtectionRequirements(other.bootstrapProtectionRequirements);
}
if (other.issuerBindingContext != null)
{
this.issuerBindingContext = other.issuerBindingContext.Clone();
}
}
public virtual bool TryImportWsspSecureConversationTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters)
{
parameters = null;
SecurityTokenInclusionMode inclusionMode;
Collection<Collection<XmlElement>> alternatives;
if (IsWsspAssertion(assertion, SecureConversationTokenName)
&& TryGetIncludeTokenValue(assertion, out inclusionMode))
{
if (TryGetNestedPolicyAlternatives(importer, assertion, out alternatives))
{
foreach (Collection<XmlElement> alternative in alternatives)
{
SecureConversationSecurityTokenParameters sc = new SecureConversationSecurityTokenParameters();
parameters = sc;
bool requireCancellation;
if (TryImportWsspRequireDerivedKeysAssertion(alternative, sc)
&& TryImportWsspMustNotSendCancelAssertion(alternative, out requireCancellation)
&& TryImportWsspBootstrapPolicyAssertion(importer, alternative, sc)
&& alternative.Count == 0)
{
sc.RequireCancellation = requireCancellation;
sc.InclusionMode = inclusionMode;
break;
}
else
{
parameters = null;
}
}
}
else
{
parameters = new SecureConversationSecurityTokenParameters();
parameters.InclusionMode = inclusionMode;
parameters.RequireDerivedKeys = false;
}
}
return parameters != null;
}
public virtual XmlElement CreateWsspSecureConversationTokenAssertion(MetadataExporter exporter, SecureConversationSecurityTokenParameters parameters)
{
XmlElement result = CreateWsspAssertion(SecureConversationTokenName);
SetIncludeTokenValue(result, parameters.InclusionMode);
result.AppendChild(
CreateWspPolicyWrapper(
exporter,
CreateWsspRequireDerivedKeysAssertion(parameters.RequireDerivedKeys),
CreateWsspMustNotSendCancelAssertion(parameters.RequireCancellation),
CreateWsspBootstrapPolicyAssertion(exporter, parameters.BootstrapSecurityBindingElement)
));
return result;
}
public virtual bool TryImportWsspBootstrapPolicyAssertion(MetadataImporter importer, ICollection<XmlElement> assertions, SecureConversationSecurityTokenParameters parameters)
{
bool result = false;
XmlElement assertion;
Collection<Collection<XmlElement>> alternatives;
if (TryImportWsspAssertion(assertions, BootstrapPolicyName, out assertion)
&& TryGetNestedPolicyAlternatives(importer, assertion, out alternatives))
{
BindingElementCollection bindingElements;
importer.State[SecurityBindingElementImporter.InSecureConversationBootstrapBindingImportMode] = SecurityBindingElementImporter.InSecureConversationBootstrapBindingImportMode;
try
{
bindingElements = importer.ImportPolicy(NullServiceEndpoint, alternatives);
if (importer.State.ContainsKey(SecurityBindingElementImporter.SecureConversationBootstrapEncryptionRequirements))
{
MessagePartSpecification encryption = (MessagePartSpecification)importer.State[SecurityBindingElementImporter.SecureConversationBootstrapEncryptionRequirements];
if (encryption.IsBodyIncluded != true)
{
importer.Errors.Add(new MetadataConversionError(SR.GetString(SR.UnsupportedSecureConversationBootstrapProtectionRequirements), false));
bindingElements = null;
}
}
if (importer.State.ContainsKey(SecurityBindingElementImporter.SecureConversationBootstrapSignatureRequirements))
{
MessagePartSpecification signature = (MessagePartSpecification)importer.State[SecurityBindingElementImporter.SecureConversationBootstrapSignatureRequirements];
if (signature.IsBodyIncluded != true)
{
importer.Errors.Add(new MetadataConversionError(SR.GetString(SR.UnsupportedSecureConversationBootstrapProtectionRequirements), false));
bindingElements = null;
}
}
}
finally
{
importer.State.Remove(SecurityBindingElementImporter.InSecureConversationBootstrapBindingImportMode);
if (importer.State.ContainsKey(SecurityBindingElementImporter.SecureConversationBootstrapEncryptionRequirements))
importer.State.Remove(SecurityBindingElementImporter.SecureConversationBootstrapEncryptionRequirements);
if (importer.State.ContainsKey(SecurityBindingElementImporter.SecureConversationBootstrapSignatureRequirements))
importer.State.Remove(SecurityBindingElementImporter.SecureConversationBootstrapSignatureRequirements);
}
if (bindingElements != null)
{
parameters.BootstrapSecurityBindingElement = bindingElements.Find<SecurityBindingElement>();
return true;
}
else
{
parameters.BootstrapSecurityBindingElement = null;
return true; // Consider returning false here.
}
}
return result;
}
public MySecureConversationSecurityTokenParameters (SecureConversationSecurityTokenParameters clone)
: base (clone)
{
}
public void GetPropertySecurityCapabilities ()
{
ISecurityCapabilities c;
RsaSecurityTokenParameters rsa =
new RsaSecurityTokenParameters ();
UserNameSecurityTokenParameters user =
new UserNameSecurityTokenParameters ();
X509SecurityTokenParameters x509 =
new X509SecurityTokenParameters ();
SecureConversationSecurityTokenParameters sc1 =
new SecureConversationSecurityTokenParameters ();
sc1.BootstrapSecurityBindingElement =
new SymmetricSecurityBindingElement (); // empty
SecureConversationSecurityTokenParameters sc2 =
new SecureConversationSecurityTokenParameters ();
sc2.BootstrapSecurityBindingElement =
new SymmetricSecurityBindingElement (x509);
SecureConversationSecurityTokenParameters sc3 =
new SecureConversationSecurityTokenParameters ();
sc3.BootstrapSecurityBindingElement =
new AsymmetricSecurityBindingElement (null, x509);
SecureConversationSecurityTokenParameters sc4 =
new SecureConversationSecurityTokenParameters ();
sc4.BootstrapSecurityBindingElement =
new AsymmetricSecurityBindingElement (x509, null);
// no parameters
c = GetSecurityCapabilities (
new SymmetricSecurityBindingElement ());
AssertSecurityCapabilities (
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
false, false, false, c, "#1");
// x509 parameters for both
c = GetSecurityCapabilities (
new SymmetricSecurityBindingElement (x509));
AssertSecurityCapabilities (
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
true, true, true, c, "#2");
// no initiator parameters
c = GetSecurityCapabilities (
new AsymmetricSecurityBindingElement (x509, null));
AssertSecurityCapabilities (
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
false, false, true, c, "#3");
// no recipient parameters
c = GetSecurityCapabilities (
new AsymmetricSecurityBindingElement (null, x509));
AssertSecurityCapabilities (
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
true, true, false, c, "#4");
// initiator does not support identity
c = GetSecurityCapabilities (
new AsymmetricSecurityBindingElement (x509, rsa));
AssertSecurityCapabilities (
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
true, false, true, c, "#5");
// recipient does not support server auth
c = GetSecurityCapabilities (
new AsymmetricSecurityBindingElement (user, x509));
AssertSecurityCapabilities (
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
true, true, false, c, "#6");
// secureconv with no symm. bootstrap params
c = GetSecurityCapabilities (
new SymmetricSecurityBindingElement (sc1));
AssertSecurityCapabilities (
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
false, false, false, c, "#7");
// secureconv with x509 symm. bootstrap params
c = GetSecurityCapabilities (
new SymmetricSecurityBindingElement (sc2));
AssertSecurityCapabilities (
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
true, true, true, c, "#8");
// secureconv with x509 initiator bootstrap params
c = GetSecurityCapabilities (
new SymmetricSecurityBindingElement (sc3));
AssertSecurityCapabilities (
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
true, true, false, c, "#9");
// secureconv with x509 recipient bootstrap params
c = GetSecurityCapabilities (
new SymmetricSecurityBindingElement (sc4));
AssertSecurityCapabilities (
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
false, false, true, c, "#10");
// FIXME: find out such cases that returns other ProtectionLevel values.
}
protected SecureConversationSecurityTokenParameters (SecureConversationSecurityTokenParameters source)
: base (source)
{
this.element = (SecurityBindingElement) source.element.Clone ();
this.cancellable = source.cancellable;
#if !MOBILE && !XAMMAC_4_5
this.requirements = new ChannelProtectionRequirements (default_channel_protection_requirements);
#endif
}
protected SecureConversationSecurityTokenParameters(SecureConversationSecurityTokenParameters other)
{
Contract.Requires(other != null);
}
protected SecureConversationSecurityTokenParameters(SecureConversationSecurityTokenParameters other)
{
Contract.Requires(other != null);
}
public virtual bool TryImportWsspSecureConversationTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters)
{
SecurityTokenInclusionMode mode;
parameters = null;
if (this.IsWsspAssertion(assertion, "SecureConversationToken") && this.TryGetIncludeTokenValue(assertion, out mode))
{
Collection<Collection<XmlElement>> collection;
if (this.TryGetNestedPolicyAlternatives(importer, assertion, out collection))
{
foreach (Collection<XmlElement> collection2 in collection)
{
bool flag;
SecureConversationSecurityTokenParameters parameters2 = new SecureConversationSecurityTokenParameters();
parameters = parameters2;
if ((this.TryImportWsspRequireDerivedKeysAssertion(collection2, parameters2) && this.TryImportWsspMustNotSendCancelAssertion(collection2, out flag)) && (this.TryImportWsspBootstrapPolicyAssertion(importer, collection2, parameters2) && (collection2.Count == 0)))
{
parameters2.RequireCancellation = flag;
parameters2.InclusionMode = mode;
break;
}
parameters = null;
}
}
else
{
parameters = new SecureConversationSecurityTokenParameters();
parameters.InclusionMode = mode;
parameters.RequireDerivedKeys = false;
}
}
return (parameters != null);
}
public virtual bool TryImportWsspBootstrapPolicyAssertion(MetadataImporter importer, ICollection<XmlElement> assertions, SecureConversationSecurityTokenParameters parameters)
{
XmlElement element;
Collection<Collection<XmlElement>> collection;
BindingElementCollection elements;
bool flag = false;
if (!this.TryImportWsspAssertion(assertions, "BootstrapPolicy", out element) || !this.TryGetNestedPolicyAlternatives(importer, element, out collection))
{
return flag;
}
importer.State["InSecureConversationBootstrapBindingImportMode"] = "InSecureConversationBootstrapBindingImportMode";
try
{
elements = importer.ImportPolicy(NullServiceEndpoint, collection);
if (importer.State.ContainsKey("SecureConversationBootstrapEncryptionRequirements"))
{
MessagePartSpecification specification = (MessagePartSpecification) importer.State["SecureConversationBootstrapEncryptionRequirements"];
if (!specification.IsBodyIncluded)
{
importer.Errors.Add(new MetadataConversionError(System.ServiceModel.SR.GetString("UnsupportedSecureConversationBootstrapProtectionRequirements"), false));
elements = null;
}
}
if (importer.State.ContainsKey("SecureConversationBootstrapSignatureRequirements"))
{
MessagePartSpecification specification2 = (MessagePartSpecification) importer.State["SecureConversationBootstrapSignatureRequirements"];
if (!specification2.IsBodyIncluded)
{
importer.Errors.Add(new MetadataConversionError(System.ServiceModel.SR.GetString("UnsupportedSecureConversationBootstrapProtectionRequirements"), false));
elements = null;
}
}
}
finally
{
importer.State.Remove("InSecureConversationBootstrapBindingImportMode");
if (importer.State.ContainsKey("SecureConversationBootstrapEncryptionRequirements"))
{
importer.State.Remove("SecureConversationBootstrapEncryptionRequirements");
}
if (importer.State.ContainsKey("SecureConversationBootstrapSignatureRequirements"))
{
importer.State.Remove("SecureConversationBootstrapSignatureRequirements");
}
}
if (elements != null)
{
parameters.BootstrapSecurityBindingElement = elements.Find<SecurityBindingElement>();
return true;
}
parameters.BootstrapSecurityBindingElement = null;
return true;
}
