protected SecurityTokenParameters(SecurityTokenParameters other)
{
if (other == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("other");
_requireDerivedKeys = other._requireDerivedKeys;
}
public SupportingTokenSpecification(SecurityToken token, ReadOnlyCollection<IAuthorizationPolicy> tokenPolicies, SecurityTokenAttachmentMode attachmentMode, SecurityTokenParameters tokenParameters)
: base(token, tokenPolicies)
{
SecurityTokenAttachmentModeHelper.Validate(attachmentMode);
_tokenAttachmentMode = attachmentMode;
_tokenParameters = tokenParameters;
}
protected SecurityTokenParameters (SecurityTokenParameters other)
{
inclusion_mode = other.inclusion_mode;
reference_style = other.reference_style;
require_derived_keys = other.require_derived_keys;
issuer_binding_context = other.issuer_binding_context != null ? other.issuer_binding_context.Clone () : null;
}
protected override void InitializeNestedTokenParameterSettings(SecurityTokenParameters sp, bool initializeNestedBindings)
{
if (sp is SecureConversationSecurityTokenParameters)
this.InitializeSecureConversationParameters((SecureConversationSecurityTokenParameters)sp, initializeNestedBindings);
else
base.InitializeNestedTokenParameterSettings(sp, initializeNestedBindings);
}
public override void OnOpen(TimeSpan timeout)
{
TimeoutHelper helper = new TimeoutHelper(timeout);
base.OnOpen(helper.RemainingTime());
if (this.tokenParameters == null)
{
base.OnPropertySettingsError("SecurityTokenParameters", true);
}
if (!base.ActAsInitiator)
{
SecurityTokenRequirement tokenRequirement = this.CreateRecipientTokenRequirement();
SecurityTokenResolver outOfBandTokenResolver = null;
if (this.SecurityTokenParameters.HasAsymmetricKey)
{
this.recipientAsymmetricTokenProvider = base.SecurityTokenManager.CreateSecurityTokenProvider(tokenRequirement);
}
else
{
this.recipientSymmetricTokenAuthenticator = base.SecurityTokenManager.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver);
}
if ((this.RecipientSymmetricTokenAuthenticator != null) && (this.RecipientAsymmetricTokenProvider != null))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentException(System.ServiceModel.SR.GetString("OnlyOneOfEncryptedKeyOrSymmetricBindingCanBeSelected")));
}
if (outOfBandTokenResolver != null)
{
Collection <SecurityTokenResolver> list = new Collection <SecurityTokenResolver> {
outOfBandTokenResolver
};
this.recipientOutOfBandTokenResolverList = new ReadOnlyCollection <SecurityTokenResolver>(list);
}
else
{
this.recipientOutOfBandTokenResolverList = EmptyReadOnlyCollection <SecurityTokenResolver> .Instance;
}
if (this.RecipientAsymmetricTokenProvider != null)
{
base.Open("RecipientAsymmetricTokenProvider", true, this.RecipientAsymmetricTokenProvider, helper.RemainingTime());
}
else
{
base.Open("RecipientSymmetricTokenAuthenticator", true, this.RecipientSymmetricTokenAuthenticator, helper.RemainingTime());
}
}
if (this.tokenParameters.RequireDerivedKeys)
{
base.ExpectKeyDerivation = true;
}
if (this.tokenParameters.HasAsymmetricKey)
{
this.protectionTokenParameters = new WrappedKeySecurityTokenParameters();
this.protectionTokenParameters.RequireDerivedKeys = this.SecurityTokenParameters.RequireDerivedKeys;
}
else
{
this.protectionTokenParameters = this.tokenParameters;
}
}
public void Add(SecurityToken token, SecurityTokenReferenceStyle allowedReferenceStyle, SecurityTokenParameters tokenParameters)
{
if (token == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token");
}
if ((allowedReferenceStyle == SecurityTokenReferenceStyle.External) && (tokenParameters == null))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("ResolvingExternalTokensRequireSecurityTokenParameters"));
}
this.EnsureCapacityToAddToken();
this.tokens[this.tokenCount++] = new SecurityTokenEntry(token, tokenParameters, allowedReferenceStyle);
}
private WrappedKeySecurityToken CreateWrappedKeyToken(SecurityToken wrappingToken, SecurityTokenParameters wrappingTokenParameters, SecurityTokenReferenceStyle wrappingTokenReferenceStyle)
{
int keyLength = Math.Max(0x80, this.Factory.OutgoingAlgorithmSuite.DefaultSymmetricKeyLength);
CryptoHelper.ValidateSymmetricKeyLength(keyLength, this.Factory.OutgoingAlgorithmSuite);
byte[] buffer = new byte[keyLength / 8];
CryptoHelper.FillRandomBytes(buffer);
string id = System.ServiceModel.Security.SecurityUtils.GenerateId();
string defaultAsymmetricKeyWrapAlgorithm = this.Factory.OutgoingAlgorithmSuite.DefaultAsymmetricKeyWrapAlgorithm;
SecurityKeyIdentifierClause clause = wrappingTokenParameters.CreateKeyIdentifierClause(wrappingToken, wrappingTokenReferenceStyle);
SecurityKeyIdentifier wrappingTokenReference = new SecurityKeyIdentifier();
wrappingTokenReference.Add(clause);
return new WrappedKeySecurityToken(id, buffer, defaultAsymmetricKeyWrapAlgorithm, wrappingToken, wrappingTokenReference);
}
public static void AssertSecurityTokenParameters (
SecurityTokenInclusionMode protectionTokenInclusionMode,
SecurityTokenReferenceStyle protectionTokenReferenceStyle,
bool protectionTokenRequireDerivedKeys,
SecurityTokenParameters tp, string label)
{
Assert.IsNotNull (tp, label + " IsNotNull");
Assert.AreEqual (protectionTokenInclusionMode,
tp.InclusionMode, label + ".InclusionMode");
Assert.AreEqual (protectionTokenReferenceStyle,
tp.ReferenceStyle, label + ".ReferenceStyle");
Assert.AreEqual (protectionTokenRequireDerivedKeys,
tp.RequireDerivedKeys, label + ".RequireDerivedKeys");
}
public SupportingTokenProviderSpecification(SecurityTokenProvider tokenProvider, SecurityTokenAttachmentMode attachmentMode, SecurityTokenParameters tokenParameters)
{
if (tokenProvider == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenProvider");
}
SecurityTokenAttachmentModeHelper.Validate(attachmentMode);
if (tokenParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenParameters");
}
_tokenProvider = tokenProvider;
_tokenAttachmentMode = attachmentMode;
_tokenParameters = tokenParameters;
}
private void GetTokensForOutgoingMessages(out SecurityToken signingToken, out SecurityToken encryptionToken, out SecurityTokenParameters tokenParameters)
{
lock (this.ThisLock)
{
if (this.requireDerivedKeys)
{
signingToken = this.derivedSignatureToken;
encryptionToken = this.derivedEncryptionToken;
}
else
{
signingToken = encryptionToken = this.outgoingSessionToken;
}
}
tokenParameters = this.Factory.GetTokenParameters();
}
void CheckForCookie(SecurityTokenParameters tokenParameters, ServiceEndpoint endpoint)
{
bool cookie = false;
SecureConversationSecurityTokenParameters sc = tokenParameters as SecureConversationSecurityTokenParameters;
if (sc != null && sc.RequireCancellation == false)
cookie = true;
SspiSecurityTokenParameters sspi = tokenParameters as SspiSecurityTokenParameters;
if (sspi != null && sspi.RequireCancellation == false)
cookie = true;
SspiSecurityTokenParameters ssl = tokenParameters as SspiSecurityTokenParameters;
if (ssl != null && ssl.RequireCancellation == false)
cookie = true;
if (cookie)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.RequireNonCookieMode, endpoint.Binding.Name, endpoint.Binding.Namespace)));
}
internal SupportingTokenAuthenticatorSpecification(SecurityTokenAuthenticator tokenAuthenticator, SecurityTokenResolver securityTokenResolver, System.ServiceModel.Security.SecurityTokenAttachmentMode attachmentMode, SecurityTokenParameters tokenParameters, bool isTokenOptional)
{
if (tokenAuthenticator == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenAuthenticator");
}
SecurityTokenAttachmentModeHelper.Validate(attachmentMode);
if (tokenParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenParameters");
}
this.tokenAuthenticator = tokenAuthenticator;
this.tokenResolver = securityTokenResolver;
this.tokenAttachmentMode = attachmentMode;
this.tokenParameters = tokenParameters;
this.isTokenOptional = isTokenOptional;
}
public void AddEndorsingSupportingToken(SecurityToken token, SecurityTokenParameters parameters)
{
if (token == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token");
}
if (parameters == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("parameters");
}
base.ThrowIfProcessingStarted();
this.elementContainer.AddEndorsingSupportingToken(token);
if (!(token is ProviderBackedSecurityToken))
{
this.shouldSignToHeader |= !base.RequireMessageProtection && (System.ServiceModel.Security.SecurityUtils.GetSecurityKey<AsymmetricSecurityKey>(token) != null);
}
this.AddParameters(ref this.endorsingTokenParameters, parameters);
}
public void AddBasicSupportingToken(SecurityToken token, SecurityTokenParameters parameters)
{
if (token == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token");
}
if (parameters == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("parameters");
}
base.ThrowIfProcessingStarted();
SendSecurityHeaderElement tokenElement = new SendSecurityHeaderElement(token.Id, new TokenElement(token, base.StandardsManager)) {
MarkedForEncryption = true
};
this.elementContainer.AddBasicSupportingToken(tokenElement);
this.hasEncryptedTokens = true;
this.hasSignedTokens = true;
this.AddParameters(ref this.basicSupportingTokenParameters, parameters);
}
public virtual XmlElement CreateTokenAssertion(MetadataExporter exporter, SecurityTokenParameters parameters, bool isOptional)
{
if (parameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("parameters");
}
XmlElement result;
if (parameters is KerberosSecurityTokenParameters)
{
result = CreateWsspKerberosTokenAssertion(exporter, (KerberosSecurityTokenParameters)parameters);
}
else if (parameters is X509SecurityTokenParameters)
{
result = CreateWsspX509TokenAssertion(exporter, (X509SecurityTokenParameters)parameters);
}
else if (parameters is UserNameSecurityTokenParameters)
{
result = CreateWsspUsernameTokenAssertion(exporter, (UserNameSecurityTokenParameters)parameters);
}
else if (parameters is IssuedSecurityTokenParameters)
{
result = CreateWsspIssuedTokenAssertion(exporter, (IssuedSecurityTokenParameters)parameters);
}
else if (parameters is SspiSecurityTokenParameters)
{
result = CreateWsspSpnegoContextTokenAssertion(exporter, (SspiSecurityTokenParameters)parameters);
}
else if (parameters is SslSecurityTokenParameters)
{
result = CreateMsspSslContextTokenAssertion(exporter, (SslSecurityTokenParameters)parameters);
}
else if (parameters is SecureConversationSecurityTokenParameters)
{
result = CreateWsspSecureConversationTokenAssertion(exporter, (SecureConversationSecurityTokenParameters)parameters);
}
else if (parameters is RsaSecurityTokenParameters)
{
result = CreateWsspRsaTokenAssertion((RsaSecurityTokenParameters)parameters);
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("parameters"));
}
if (result != null && isOptional)
{
result.SetAttribute(OptionalName, exporter.PolicyVersion.Namespace, TrueName);
}
return result;
}
public virtual XmlElement CreateTokenAssertion(MetadataExporter exporter, SecurityTokenParameters parameters)
{
return CreateTokenAssertion(exporter, parameters, false);
}
public virtual XmlElement CreateWsspRecipientTokenAssertion(MetadataExporter exporter, SecurityTokenParameters parameters)
{
XmlElement result = CreateWsspAssertion(RecipientTokenName);
result.AppendChild(
CreateWspPolicyWrapper(
exporter,
CreateTokenAssertion(exporter, parameters)
));
return result;
}
public virtual bool TryImportWsspIssuedTokenAssertion(MetadataImporter importer, PolicyConversionContext policyContext, XmlElement assertion, out SecurityTokenParameters parameters)
{
parameters = null;
SecurityTokenInclusionMode inclusionMode;
Collection<Collection<XmlElement>> alternatives;
EndpointAddress issuer;
EndpointAddress issuerMetadata;
Collection<XmlElement> requestSecurityTokenTemplate;
if (IsWsspAssertion(assertion, IssuedTokenName)
&& TryGetIncludeTokenValue(assertion, out inclusionMode)
&& TryGetIssuer(assertion, out issuer, out issuerMetadata)
&& TryGetRequestSecurityTokenTemplate(assertion, out requestSecurityTokenTemplate))
{
if (TryGetNestedPolicyAlternatives(importer, assertion, out alternatives))
{
foreach (Collection<XmlElement> alternative in alternatives)
{
IssuedSecurityTokenParameters issued = new IssuedSecurityTokenParameters();
parameters = issued;
if (TryImportWsspRequireDerivedKeysAssertion(alternative, issued)
&& TryImportReferenceStyleAssertion(alternative, issued)
&& alternative.Count == 0)
{
issued.InclusionMode = inclusionMode;
issued.IssuerAddress = issuer;
issued.IssuerMetadataAddress = issuerMetadata;
issued.SetRequestParameters(requestSecurityTokenTemplate, this.TrustDriver);
TokenIssuerPolicyResolver policyResolver = new TokenIssuerPolicyResolver(this.TrustDriver);
policyResolver.ResolveTokenIssuerPolicy(importer, policyContext, issued);
break;
}
else
{
parameters = null;
}
}
}
else
{
IssuedSecurityTokenParameters issued = new IssuedSecurityTokenParameters();
parameters = issued;
issued.InclusionMode = inclusionMode;
issued.IssuerAddress = issuer;
issued.IssuerMetadataAddress = issuerMetadata;
issued.SetRequestParameters(requestSecurityTokenTemplate, this.TrustDriver);
issued.RequireDerivedKeys = false;
}
}
return parameters != null;
}
public virtual bool TryImportWsspUsernameTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters)
{
parameters = null;
SecurityTokenInclusionMode inclusionMode;
Collection<Collection<XmlElement>> alternatives;
if (IsWsspAssertion(assertion, UsernameTokenName)
&& TryGetIncludeTokenValue(assertion, out inclusionMode))
{
if (TryGetNestedPolicyAlternatives(importer, assertion, out alternatives))
{
foreach (Collection<XmlElement> alternative in alternatives)
{
if (TryImportWsspAssertion(alternative, WssUsernameToken10Name)
&& alternative.Count == 0)
{
parameters = new UserNameSecurityTokenParameters();
parameters.InclusionMode = inclusionMode;
break;
}
}
}
else
{
parameters = new UserNameSecurityTokenParameters();
parameters.InclusionMode = inclusionMode;
}
}
return parameters != null;
}
public virtual bool TryImportWsspKerberosTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters)
{
parameters = null;
SecurityTokenInclusionMode inclusionMode;
Collection<Collection<XmlElement>> alternatives;
if (IsWsspAssertion(assertion, KerberosTokenName)
&& TryGetIncludeTokenValue(assertion, out inclusionMode))
{
if (TryGetNestedPolicyAlternatives(importer, assertion, out alternatives))
{
foreach (Collection<XmlElement> alternative in alternatives)
{
parameters = new KerberosSecurityTokenParameters();
if (TryImportWsspRequireDerivedKeysAssertion(alternative, parameters)
&& TryImportWsspAssertion(alternative, WssGssKerberosV5ApReqToken11Name, true)
&& alternative.Count == 0)
{
parameters.InclusionMode = inclusionMode;
break;
}
else
{
parameters = null;
}
}
}
else
{
parameters = new KerberosSecurityTokenParameters();
parameters.RequireDerivedKeys = false;
parameters.InclusionMode = inclusionMode;
}
}
return parameters != null;
}
public virtual bool TryImportWsspSecureConversationTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters)
{
parameters = null;
SecurityTokenInclusionMode inclusionMode;
Collection<Collection<XmlElement>> alternatives;
if (IsWsspAssertion(assertion, SecureConversationTokenName)
&& TryGetIncludeTokenValue(assertion, out inclusionMode))
{
if (TryGetNestedPolicyAlternatives(importer, assertion, out alternatives))
{
foreach (Collection<XmlElement> alternative in alternatives)
{
SecureConversationSecurityTokenParameters sc = new SecureConversationSecurityTokenParameters();
parameters = sc;
bool requireCancellation;
if (TryImportWsspRequireDerivedKeysAssertion(alternative, sc)
&& TryImportWsspMustNotSendCancelAssertion(alternative, out requireCancellation)
&& TryImportWsspBootstrapPolicyAssertion(importer, alternative, sc)
&& alternative.Count == 0)
{
sc.RequireCancellation = requireCancellation;
sc.InclusionMode = inclusionMode;
break;
}
else
{
parameters = null;
}
}
}
else
{
parameters = new SecureConversationSecurityTokenParameters();
parameters.InclusionMode = inclusionMode;
parameters.RequireDerivedKeys = false;
}
}
return parameters != null;
}
private SecurityToken GetInitiatorToken(SecurityToken providerToken, Message message, TimeSpan timeout, out SecurityTokenParameters tokenParameters, out SecurityToken prerequisiteWrappingToken)
{
SecurityToken token;
tokenParameters = null;
prerequisiteWrappingToken = null;
if (this.Factory.SecurityTokenParameters.HasAsymmetricKey)
{
SecurityToken wrappingToken = providerToken;
bool flag = SendSecurityHeader.ShouldSerializeToken(this.Factory.SecurityTokenParameters, MessageDirection.Input);
if (flag)
{
prerequisiteWrappingToken = wrappingToken;
}
token = this.CreateWrappedKeyToken(wrappingToken, this.Factory.SecurityTokenParameters, flag ? SecurityTokenReferenceStyle.Internal : SecurityTokenReferenceStyle.External);
}
else
{
token = providerToken;
}
tokenParameters = this.Factory.GetProtectionTokenParameters();
return token;
}
public SupportingTokenSpecification(SecurityToken token, ReadOnlyCollection <IAuthorizationPolicy> tokenPolicies, System.ServiceModel.Security.SecurityTokenAttachmentMode attachmentMode, System.ServiceModel.Security.Tokens.SecurityTokenParameters tokenParameters) : base(token, tokenPolicies)
{
SecurityTokenAttachmentModeHelper.Validate(attachmentMode);
this.tokenAttachmentMode = attachmentMode;
this.tokenParameters = tokenParameters;
}
public virtual bool TryImportTokenAssertion(MetadataImporter importer, PolicyConversionContext policyContext, Collection<XmlElement> assertions, out SecurityTokenParameters parameters, out bool isOptional)
{
parameters = null;
isOptional = false;
if (assertions.Count >= 1)
{
XmlElement tokenAssertion = assertions[0];
if (TryImportWsspKerberosTokenAssertion(importer, tokenAssertion, out parameters)
|| TryImportWsspX509TokenAssertion(importer, tokenAssertion, out parameters)
|| TryImportWsspUsernameTokenAssertion(importer, tokenAssertion, out parameters)
|| TryImportWsspIssuedTokenAssertion(importer, policyContext, tokenAssertion, out parameters)
|| TryImportWsspSpnegoContextTokenAssertion(importer, tokenAssertion, out parameters)
|| TryImportMsspSslContextTokenAssertion(importer, tokenAssertion, out parameters)
|| TryImportWsspSecureConversationTokenAssertion(importer, tokenAssertion, out parameters)
|| TryImportWsspRsaTokenAssertion(importer, tokenAssertion, out parameters))
{
string optionalAttribute = tokenAssertion.GetAttribute(OptionalName, WspNamespace);
if (String.IsNullOrEmpty(optionalAttribute))
{
optionalAttribute = tokenAssertion.GetAttribute(OptionalName, Wsp15Namespace);
}
try
{
isOptional = XmlUtil.IsTrue(optionalAttribute);
}
catch ( Exception e )
{
if (Fx.IsFatal(e))
throw;
if (e is NullReferenceException)
throw;
importer.Errors.Add(new MetadataConversionError(SR.GetString(SR.UnsupportedBooleanAttribute, OptionalName, e.Message), false));
return false;
}
assertions.RemoveAt(0);
}
}
return (parameters != null);
}
public virtual bool TryImportWsspRequireDerivedKeysAssertion(ICollection<XmlElement> assertions, SecurityTokenParameters parameters)
{
parameters.RequireDerivedKeys = TryImportWsspAssertion(assertions, RequireDerivedKeysName);
return true;
}
protected SecurityTokenParameters(SecurityTokenParameters other)
{
}
public virtual bool TryImportWsspX509TokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters)
{
parameters = null;
SecurityTokenInclusionMode inclusionMode;
Collection<Collection<XmlElement>> alternatives;
if (IsWsspAssertion(assertion, X509TokenName)
&& TryGetIncludeTokenValue(assertion, out inclusionMode))
{
if (TryGetNestedPolicyAlternatives(importer, assertion, out alternatives))
{
foreach (Collection<XmlElement> alternative in alternatives)
{
X509SecurityTokenParameters x509 = new X509SecurityTokenParameters();
parameters = x509;
if (TryImportWsspRequireDerivedKeysAssertion(alternative, x509)
&& TryImportX509ReferenceStyleAssertion(alternative, x509)
&& TryImportWsspAssertion(alternative, WssX509V3Token10Name, true)
&& alternative.Count == 0)
{
parameters.InclusionMode = inclusionMode;
break;
}
else
{
parameters = null;
}
}
}
else
{
parameters = new X509SecurityTokenParameters();
parameters.RequireDerivedKeys = false;
parameters.InclusionMode = inclusionMode;
}
}
return parameters != null;
}
protected override void WriteSecurityTokenReferencyEntry(XmlDictionaryWriter writer, SecurityToken securityToken, SecurityTokenParameters securityTokenParameters)
{
SecurityKeyIdentifierClause keyIdentifierClause = null;
// Given a token this method writes its corresponding security token reference entry in the security header
// 1. If the token parameters is an issuedSecurityTokenParamter
// 2. If UseStrTransform is enabled on it.
IssuedSecurityTokenParameters issuedSecurityTokenParameters = securityTokenParameters as IssuedSecurityTokenParameters;
if (issuedSecurityTokenParameters == null || !issuedSecurityTokenParameters.UseStrTransform)
return;
if (this.ElementContainer.TryGetIdentifierClauseFromSecurityToken(securityToken, out keyIdentifierClause))
{
if (keyIdentifierClause != null && !String.IsNullOrEmpty(keyIdentifierClause.Id))
{
WrappedXmlDictionaryWriter wrappedLocalWriter = new WrappedXmlDictionaryWriter(writer, keyIdentifierClause.Id);
this.StandardsManager.SecurityTokenSerializer.WriteKeyIdentifierClause(wrappedLocalWriter, keyIdentifierClause);
}
else
throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.TokenManagerCannotCreateTokenReference)), this.Message);
}
}
public virtual bool TryImportWsspRsaTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters)
{
parameters = null;
SecurityTokenInclusionMode inclusionMode;
Collection<Collection<XmlElement>> alternatives;
if (IsMsspAssertion(assertion, RsaTokenName)
&& TryGetIncludeTokenValue(assertion, out inclusionMode)
&& TryGetNestedPolicyAlternatives(importer, assertion, out alternatives) == false)
{
parameters = new RsaSecurityTokenParameters();
parameters.InclusionMode = inclusionMode;
}
return parameters != null;
}
void AddPrimaryTokenSignatureReference(SecurityToken token, SecurityTokenParameters securityTokenParameters)
{
// Currently we only support signing the primary token if the primary token is an issued token and protectTokens knob is set to true.
// We will get rid of the below check when we support all token types.
IssuedSecurityTokenParameters istp = securityTokenParameters as IssuedSecurityTokenParameters;
if (istp == null)
{
return;
}
bool strTransformEnabled = istp != null && istp.UseStrTransform;
SecurityKeyIdentifierClause keyIdentifierClause = null;
// Only if the primary token is included in the message that we sign it because WCF at present does not resolve externally referenced tokens.
// This means in the server's response
if (ShouldSerializeToken(securityTokenParameters, this.MessageDirection))
{
if (strTransformEnabled)
{
keyIdentifierClause = securityTokenParameters.CreateKeyIdentifierClause(token, GetTokenReferenceStyle(securityTokenParameters));
}
AddTokenSignatureReference(token, keyIdentifierClause, strTransformEnabled);
}
}
public virtual bool TryImportMsspSslContextTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters)
{
parameters = null;
SecurityTokenInclusionMode inclusionMode;
Collection<Collection<XmlElement>> alternatives;
if (IsMsspAssertion(assertion, SslContextTokenName)
&& TryGetIncludeTokenValue(assertion, out inclusionMode))
{
if (TryGetNestedPolicyAlternatives(importer, assertion, out alternatives))
{
foreach (Collection<XmlElement> alternative in alternatives)
{
SslSecurityTokenParameters ssl = new SslSecurityTokenParameters();
parameters = ssl;
bool requireCancellation;
if (TryImportWsspRequireDerivedKeysAssertion(alternative, ssl)
&& TryImportWsspMustNotSendCancelAssertion(alternative, out requireCancellation)
&& TryImportMsspRequireClientCertificateAssertion(alternative, ssl)
&& alternative.Count == 0)
{
ssl.RequireCancellation = requireCancellation;
ssl.InclusionMode = inclusionMode;
break;
}
else
{
parameters = null;
}
}
}
else
{
parameters = new SslSecurityTokenParameters();
parameters.RequireDerivedKeys = false;
parameters.InclusionMode = inclusionMode;
}
}
return parameters != null;
}
public virtual XmlElement CreateWsspProtectionTokenAssertion(MetadataExporter exporter, SecurityTokenParameters parameters)
{
XmlElement result = CreateWsspAssertion(ProtectionTokenName);
result.AppendChild(
CreateWspPolicyWrapper(
exporter,
CreateTokenAssertion(exporter, parameters)
));
_protectionTokenHasAsymmetricKey = parameters.HasAsymmetricKey;
return result;
}
void SetUpDelayedSecurityExecution(ref Message message, SecurityToken signingToken, SecurityToken encryptionToken,
SecurityTokenParameters tokenParameters, SecurityProtocolCorrelationState correlationState)
{
string actor = string.Empty;
SendSecurityHeader securityHeader = ConfigureSendSecurityHeader(message, actor, null, correlationState);
if (this.Factory.ApplyIntegrity)
{
securityHeader.SetSigningToken(signingToken, tokenParameters);
}
if (Factory.ApplyConfidentiality)
{
securityHeader.SetEncryptionToken(encryptionToken, tokenParameters);
}
message = securityHeader.SetupExecution();
}
protected SecurityTokenParameters(SecurityTokenParameters source)
{
}
