private SupportingTokenParameters(SupportingTokenParameters source)
{
endorsing = new ParamList(source.endorsing);
signed = new ParamList(source.signed);
signed_encrypted = new ParamList(source.signed_encrypted);
signed_endorsing = new ParamList(source.signed_endorsing);
}
private SupportingTokenParameters(SupportingTokenParameters other)
{
this.signed = new Collection <SecurityTokenParameters>();
this.signedEncrypted = new Collection <SecurityTokenParameters>();
this.endorsing = new Collection <SecurityTokenParameters>();
this.signedEndorsing = new Collection <SecurityTokenParameters>();
if (other == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("other");
}
foreach (SecurityTokenParameters parameters in other.signed)
{
this.signed.Add(parameters.Clone());
}
foreach (SecurityTokenParameters parameters2 in other.signedEncrypted)
{
this.signedEncrypted.Add(parameters2.Clone());
}
foreach (SecurityTokenParameters parameters3 in other.endorsing)
{
this.endorsing.Add(parameters3.Clone());
}
foreach (SecurityTokenParameters parameters4 in other.signedEndorsing)
{
this.signedEndorsing.Add(parameters4.Clone());
}
}
private SupportingTokenParameters (SupportingTokenParameters source)
{
endorsing = new ParamList (source.endorsing);
signed = new ParamList (source.signed);
signed_encrypted= new ParamList (source.signed_encrypted);
signed_endorsing = new ParamList (source.signed_endorsing);
}
private SupportingTokenParameters(SupportingTokenParameters other)
{
if (other == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(other));
}
foreach (SecurityTokenParameters p in other.Signed)
{
Signed.Add((SecurityTokenParameters)p.Clone());
}
foreach (SecurityTokenParameters p in other.SignedEncrypted)
{
SignedEncrypted.Add((SecurityTokenParameters)p.Clone());
}
foreach (SecurityTokenParameters p in other.Endorsing)
{
Endorsing.Add((SecurityTokenParameters)p.Clone());
}
foreach (SecurityTokenParameters p in other._signedEndorsing)
{
_signedEndorsing.Add((SecurityTokenParameters)p.Clone());
}
}
private SupportingTokenParameters(SupportingTokenParameters other)
{
this.signed = new Collection<SecurityTokenParameters>();
this.signedEncrypted = new Collection<SecurityTokenParameters>();
this.endorsing = new Collection<SecurityTokenParameters>();
this.signedEndorsing = new Collection<SecurityTokenParameters>();
if (other == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("other");
}
foreach (SecurityTokenParameters parameters in other.signed)
{
this.signed.Add(parameters.Clone());
}
foreach (SecurityTokenParameters parameters2 in other.signedEncrypted)
{
this.signedEncrypted.Add(parameters2.Clone());
}
foreach (SecurityTokenParameters parameters3 in other.endorsing)
{
this.endorsing.Add(parameters3.Clone());
}
foreach (SecurityTokenParameters parameters4 in other.signedEndorsing)
{
this.signedEndorsing.Add(parameters4.Clone());
}
}
public void DefaultItems ()
{
SupportingTokenParameters p = new SupportingTokenParameters ();
Assert.AreEqual (0, p.Endorsing.Count, "#1");
Assert.AreEqual (0, p.Signed.Count, "#2");
Assert.AreEqual (0, p.SignedEncrypted.Count, "#3");
Assert.AreEqual (0, p.SignedEndorsing.Count, "#4");
}
public SupportingTokenParameters Clone()
{
SupportingTokenParameters parameters = this.CloneCore();
if (parameters == null || parameters.GetType() != this.GetType())
{
}
return(parameters);
}
public static void AssertSupportingTokenParameters (
int endorsing, int signed, int signedEncrypted, int signedEndorsing,
SupportingTokenParameters tp, string label)
{
Assert.IsNotNull (tp, label + " IsNotNull");
Assert.AreEqual (endorsing, tp.Endorsing.Count, label + ".Endoring.Count");
Assert.AreEqual (signed, tp.Signed.Count, label + ".Signed.Count");
Assert.AreEqual (signedEncrypted, tp.SignedEncrypted.Count, label + ".SignedEncrypted.Count");
Assert.AreEqual (signedEndorsing, tp.SignedEndorsing.Count, label + ".SignedEndorsing.Count");
}
private SupportingTokenParameters(SupportingTokenParameters other)
{
if (other == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("other");
foreach (SecurityTokenParameters p in other._signed)
_signed.Add((SecurityTokenParameters)p.Clone());
foreach (SecurityTokenParameters p in other._signedEncrypted)
_signedEncrypted.Add((SecurityTokenParameters)p.Clone());
foreach (SecurityTokenParameters p in other._endorsing)
_endorsing.Add((SecurityTokenParameters)p.Clone());
foreach (SecurityTokenParameters p in other._signedEndorsing)
_signedEndorsing.Add((SecurityTokenParameters)p.Clone());
}
public SupportingTokenParameters Clone()
{
SupportingTokenParameters parameters = this.CloneCore();
if (parameters == null || parameters.GetType() != this.GetType())
{
TraceUtility.TraceEvent(
TraceEventType.Error,
TraceCode.Security,
SR.GetString(SR.CloneNotImplementedCorrectly, new object[] { this.GetType(), (parameters != null) ? parameters.ToString() : "null" }));
}
return(parameters);
}
void ImportOperationScopeSupportingTokensPolicy(MetadataImporter importer, PolicyConversionContext policyContext, SecurityBindingElement binding)
{
foreach (OperationDescription operation in policyContext.Contract.Operations)
{
string requestAction = null;
foreach (MessageDescription message in operation.Messages)
{
if (message.Direction == MessageDirection.Input)
{
requestAction = message.Action;
break;
}
}
SupportingTokenParameters requirements = new SupportingTokenParameters();
SupportingTokenParameters optionalRequirements = new SupportingTokenParameters();
ICollection<XmlElement> operationBindingAssertions = policyContext.GetOperationBindingAssertions(operation);
this.ImportSupportingTokenAssertions(importer, policyContext, operationBindingAssertions, requirements, optionalRequirements);
if (requirements.Endorsing.Count > 0
|| requirements.Signed.Count > 0
|| requirements.SignedEncrypted.Count > 0
|| requirements.SignedEndorsing.Count > 0)
{
if (requestAction != null)
{
binding.OperationSupportingTokenParameters[requestAction] = requirements;
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.CannotImportSupportingTokensForOperationWithoutRequestAction)));
}
}
if (optionalRequirements.Endorsing.Count > 0
|| optionalRequirements.Signed.Count > 0
|| optionalRequirements.SignedEncrypted.Count > 0
|| optionalRequirements.SignedEndorsing.Count > 0)
{
if (requestAction != null)
{
binding.OptionalOperationSupportingTokenParameters[requestAction] = optionalRequirements;
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.CannotImportSupportingTokensForOperationWithoutRequestAction)));
}
}
}
}
SupportingTokenParameters(SupportingTokenParameters other)
{
if (other == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("other");
}
foreach (SecurityTokenParameters p in other.signed)
{
this.signed.Add((SecurityTokenParameters)p.Clone());
}
foreach (SecurityTokenParameters p in other.signedEncrypted)
{
this.signedEncrypted.Add((SecurityTokenParameters)p.Clone());
}
foreach (SecurityTokenParameters p in other.endorsing)
{
this.endorsing.Add((SecurityTokenParameters)p.Clone());
}
foreach (SecurityTokenParameters p in other.signedEndorsing)
{
this.signedEndorsing.Add((SecurityTokenParameters)p.Clone());
}
}
void ImportSupportingTokenAssertions(MetadataImporter importer, PolicyConversionContext policyContext, ICollection<XmlElement> assertions, SupportingTokenParameters requirements, SupportingTokenParameters optionalRequirements)
{
WSSecurityPolicy securityPolicy;
if (WSSecurityPolicy.TryGetSecurityPolicyDriver(assertions, out securityPolicy))
{
securityPolicy.TryImportWsspSupportingTokensAssertion(
importer,
policyContext,
assertions,
requirements.Signed,
requirements.SignedEncrypted,
requirements.Endorsing,
requirements.SignedEndorsing,
optionalRequirements.Signed,
optionalRequirements.SignedEncrypted,
optionalRequirements.Endorsing,
optionalRequirements.SignedEndorsing);
}
}
void ValidateTokensByParameters (SupportingTokenParameters supp, List<SupportingTokenInfo> tokens, bool optional)
{
ValidateTokensByParameters (supp.Endorsing, tokens, optional, SecurityTokenAttachmentMode.Endorsing);
ValidateTokensByParameters (supp.Signed, tokens, optional, SecurityTokenAttachmentMode.Signed);
ValidateTokensByParameters (supp.SignedEndorsing, tokens, optional, SecurityTokenAttachmentMode.SignedEndorsing);
ValidateTokensByParameters (supp.SignedEncrypted, tokens, optional, SecurityTokenAttachmentMode.SignedEncrypted);
}
void CollectSupportingTokensCore (
SupportingTokenInfoCollection l,
SupportingTokenParameters s,
bool required)
{
foreach (SecurityTokenParameters p in s.Signed)
l.Add (new SupportingTokenInfo (GetSigningToken (p), SecurityTokenAttachmentMode.Signed, required));
foreach (SecurityTokenParameters p in s.Endorsing)
l.Add (new SupportingTokenInfo (GetSigningToken (p), SecurityTokenAttachmentMode.Endorsing, required));
foreach (SecurityTokenParameters p in s.SignedEndorsing)
l.Add (new SupportingTokenInfo (GetSigningToken (p), SecurityTokenAttachmentMode.SignedEndorsing, required));
foreach (SecurityTokenParameters p in s.SignedEncrypted)
l.Add (new SupportingTokenInfo (GetSigningToken (p), SecurityTokenAttachmentMode.SignedEncrypted, required));
}
private void AddSupportingTokenProviders(SupportingTokenParameters supportingTokenParameters, bool isOptional, IList<SupportingTokenProviderSpecification> providerSpecList)
{
for (int i = 0; i < supportingTokenParameters.Endorsing.Count; i++)
{
SecurityTokenRequirement tokenRequirement = this.CreateInitiatorSecurityTokenRequirement(supportingTokenParameters.Endorsing[i], SecurityTokenAttachmentMode.Endorsing);
try
{
SupportingTokenProviderSpecification item = new SupportingTokenProviderSpecification(this.factory.SecurityTokenManager.CreateSecurityTokenProvider(tokenRequirement), SecurityTokenAttachmentMode.Endorsing, supportingTokenParameters.Endorsing[i]);
providerSpecList.Add(item);
}
catch (Exception exception)
{
if (!isOptional || Fx.IsFatal(exception))
{
throw;
}
}
}
for (int j = 0; j < supportingTokenParameters.SignedEndorsing.Count; j++)
{
SecurityTokenRequirement requirement2 = this.CreateInitiatorSecurityTokenRequirement(supportingTokenParameters.SignedEndorsing[j], SecurityTokenAttachmentMode.SignedEndorsing);
try
{
SupportingTokenProviderSpecification specification2 = new SupportingTokenProviderSpecification(this.factory.SecurityTokenManager.CreateSecurityTokenProvider(requirement2), SecurityTokenAttachmentMode.SignedEndorsing, supportingTokenParameters.SignedEndorsing[j]);
providerSpecList.Add(specification2);
}
catch (Exception exception2)
{
if (!isOptional || Fx.IsFatal(exception2))
{
throw;
}
}
}
for (int k = 0; k < supportingTokenParameters.SignedEncrypted.Count; k++)
{
SecurityTokenRequirement requirement3 = this.CreateInitiatorSecurityTokenRequirement(supportingTokenParameters.SignedEncrypted[k], SecurityTokenAttachmentMode.SignedEncrypted);
try
{
SupportingTokenProviderSpecification specification3 = new SupportingTokenProviderSpecification(this.factory.SecurityTokenManager.CreateSecurityTokenProvider(requirement3), SecurityTokenAttachmentMode.SignedEncrypted, supportingTokenParameters.SignedEncrypted[k]);
providerSpecList.Add(specification3);
}
catch (Exception exception3)
{
if (!isOptional || Fx.IsFatal(exception3))
{
throw;
}
}
}
for (int m = 0; m < supportingTokenParameters.Signed.Count; m++)
{
SecurityTokenRequirement requirement4 = this.CreateInitiatorSecurityTokenRequirement(supportingTokenParameters.Signed[m], SecurityTokenAttachmentMode.Signed);
try
{
SupportingTokenProviderSpecification specification4 = new SupportingTokenProviderSpecification(this.factory.SecurityTokenManager.CreateSecurityTokenProvider(requirement4), SecurityTokenAttachmentMode.Signed, supportingTokenParameters.Signed[m]);
providerSpecList.Add(specification4);
}
catch (Exception exception4)
{
if (!isOptional || Fx.IsFatal(exception4))
{
throw;
}
}
}
}
private void ImportOperationScopeSupportingTokensPolicy(MetadataImporter importer, PolicyConversionContext policyContext, SecurityBindingElement binding)
{
foreach (OperationDescription description in policyContext.Contract.Operations)
{
string action = null;
foreach (MessageDescription description2 in description.Messages)
{
if (description2.Direction == MessageDirection.Input)
{
action = description2.Action;
break;
}
}
SupportingTokenParameters requirements = new SupportingTokenParameters();
SupportingTokenParameters optionalRequirements = new SupportingTokenParameters();
ICollection<XmlElement> operationBindingAssertions = policyContext.GetOperationBindingAssertions(description);
this.ImportSupportingTokenAssertions(importer, policyContext, operationBindingAssertions, requirements, optionalRequirements);
if (((requirements.Endorsing.Count > 0) || (requirements.Signed.Count > 0)) || ((requirements.SignedEncrypted.Count > 0) || (requirements.SignedEndorsing.Count > 0)))
{
if (action == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("CannotImportSupportingTokensForOperationWithoutRequestAction")));
}
binding.OperationSupportingTokenParameters[action] = requirements;
}
if (((optionalRequirements.Endorsing.Count > 0) || (optionalRequirements.Signed.Count > 0)) || ((optionalRequirements.SignedEncrypted.Count > 0) || (optionalRequirements.SignedEndorsing.Count > 0)))
{
if (action == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("CannotImportSupportingTokensForOperationWithoutRequestAction")));
}
binding.OptionalOperationSupportingTokenParameters[action] = optionalRequirements;
}
}
}
private static ServiceHost StartSTS(Type type, string stsLabel, Uri baseAddress, Uri baseMexAddress)
{
// Create the service host
Uri stsAddress = new Uri(baseAddress.AbsoluteUri + "/" + stsLabel);
ServiceHost serviceHost = new ServiceHost(type, stsAddress);
// Don't require derived keys for the issue method
ServiceEndpoint stsEndpoint = serviceHost.Description.Endpoints.Find(typeof(nl.telin.authep.sts.IWSTrustContract));
BindingElementCollection bindingElements = stsEndpoint.Binding.CreateBindingElements();
SecurityBindingElement sbe = bindingElements.Find<SecurityBindingElement>();
RsaSecurityTokenParameters rsaParams = new RsaSecurityTokenParameters();
rsaParams.InclusionMode = SecurityTokenInclusionMode.Never;
rsaParams.RequireDerivedKeys = false;
SupportingTokenParameters requirements = new SupportingTokenParameters();
requirements.Endorsing.Add(rsaParams);
sbe.OptionalOperationSupportingTokenParameters.Add(nl.telin.authep.sts.Constants.WSTrust.Actions.Issue, requirements);
stsEndpoint.Binding = new CustomBinding(bindingElements);
serviceHost.Credentials.ServiceCertificate.Certificate = SigningCertificate;
// Add an https mex listener
string mexAddress = baseMexAddress.AbsoluteUri + "/" + stsLabel + "/mex";
serviceHost.AddServiceEndpoint(ServiceMetadataBehavior.MexContractName, MetadataExchangeBindings.CreateMexHttpsBinding(), mexAddress);
// Disable CRL
serviceHost.Credentials.IssuedTokenAuthentication.RevocationMode = X509RevocationMode.NoCheck;
// Open the service
serviceHost.Open();
// Display the endpoints
foreach (ChannelDispatcher cd in serviceHost.ChannelDispatchers)
{
foreach (EndpointDispatcher ed in cd.Endpoints)
{
Console.WriteLine("Listener = {0}, State = {1}", ed.EndpointAddress.ToString(), cd.State.ToString());
}
}
return serviceHost;
}
void AddSupportingTokenProviders(SupportingTokenParameters supportingTokenParameters, bool isOptional, IList<SupportingTokenProviderSpecification> providerSpecList)
{
for (int i = 0; i < supportingTokenParameters.Endorsing.Count; ++i)
{
SecurityTokenRequirement requirement = this.CreateInitiatorSecurityTokenRequirement(supportingTokenParameters.Endorsing[i], SecurityTokenAttachmentMode.Endorsing);
try
{
if (isOptional)
{
requirement.IsOptionalToken = true;
}
System.IdentityModel.Selectors.SecurityTokenProvider provider = this.factory.SecurityTokenManager.CreateSecurityTokenProvider(requirement);
if (provider == null)
{
continue;
}
SupportingTokenProviderSpecification providerSpec = new SupportingTokenProviderSpecification(provider, SecurityTokenAttachmentMode.Endorsing, supportingTokenParameters.Endorsing[i]);
providerSpecList.Add(providerSpec);
}
catch (Exception e)
{
if (!isOptional || Fx.IsFatal(e))
{
throw;
}
}
}
for (int i = 0; i < supportingTokenParameters.SignedEndorsing.Count; ++i)
{
SecurityTokenRequirement requirement = this.CreateInitiatorSecurityTokenRequirement(supportingTokenParameters.SignedEndorsing[i], SecurityTokenAttachmentMode.SignedEndorsing);
try
{
if (isOptional)
{
requirement.IsOptionalToken = true;
}
System.IdentityModel.Selectors.SecurityTokenProvider provider = this.factory.SecurityTokenManager.CreateSecurityTokenProvider(requirement);
if (provider == null)
{
continue;
}
SupportingTokenProviderSpecification providerSpec = new SupportingTokenProviderSpecification(provider, SecurityTokenAttachmentMode.SignedEndorsing, supportingTokenParameters.SignedEndorsing[i]);
providerSpecList.Add(providerSpec);
}
catch (Exception e)
{
if (!isOptional || Fx.IsFatal(e))
{
throw;
}
}
}
for (int i = 0; i < supportingTokenParameters.SignedEncrypted.Count; ++i)
{
SecurityTokenRequirement requirement = this.CreateInitiatorSecurityTokenRequirement(supportingTokenParameters.SignedEncrypted[i], SecurityTokenAttachmentMode.SignedEncrypted);
try
{
if (isOptional)
{
requirement.IsOptionalToken = true;
}
System.IdentityModel.Selectors.SecurityTokenProvider provider = this.factory.SecurityTokenManager.CreateSecurityTokenProvider(requirement);
if (provider == null)
{
continue;
}
SupportingTokenProviderSpecification providerSpec = new SupportingTokenProviderSpecification(provider, SecurityTokenAttachmentMode.SignedEncrypted, supportingTokenParameters.SignedEncrypted[i]);
providerSpecList.Add(providerSpec);
}
catch (Exception e)
{
if (!isOptional || Fx.IsFatal(e))
{
throw;
}
}
}
for (int i = 0; i < supportingTokenParameters.Signed.Count; ++i)
{
SecurityTokenRequirement requirement = this.CreateInitiatorSecurityTokenRequirement(supportingTokenParameters.Signed[i], SecurityTokenAttachmentMode.Signed);
try
{
if (isOptional)
{
requirement.IsOptionalToken = true;
}
System.IdentityModel.Selectors.SecurityTokenProvider provider = this.factory.SecurityTokenManager.CreateSecurityTokenProvider(requirement);
if (provider == null)
{
continue;
}
SupportingTokenProviderSpecification providerSpec = new SupportingTokenProviderSpecification(provider, SecurityTokenAttachmentMode.Signed, supportingTokenParameters.Signed[i]);
providerSpecList.Add(providerSpec);
}
catch (Exception e)
{
if (!isOptional || Fx.IsFatal(e))
{
throw;
}
}
}
}
