internal override SecurityProtocolFactory CreateSecurityProtocolFactory <TChannel>(BindingContext context, SecurityCredentialsManager credentialsManager, bool isForService, BindingContext issuerBindingContext)
{
if (context == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
}
if (credentialsManager == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("credentialsManager");
}
if (this.InitiatorTokenParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("AsymmetricSecurityBindingElementNeedsInitiatorTokenParameters", new object[] { this.ToString() })));
}
if (this.RecipientTokenParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("AsymmetricSecurityBindingElementNeedsRecipientTokenParameters", new object[] { this.ToString() })));
}
bool flag = !this.isCertificateSignatureBinding && ((typeof(IDuplexChannel) == typeof(TChannel)) || (typeof(IDuplexSessionChannel) == typeof(TChannel)));
AsymmetricSecurityProtocolFactory factory = new AsymmetricSecurityProtocolFactory();
factory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, isForService));
factory.RequireConfidentiality = this.HasProtectionRequirements(factory.ProtectionRequirements.IncomingEncryptionParts);
factory.RequireIntegrity = this.HasProtectionRequirements(factory.ProtectionRequirements.IncomingSignatureParts);
if (this.isCertificateSignatureBinding)
{
if (isForService)
{
factory.ApplyIntegrity = factory.ApplyConfidentiality = false;
}
else
{
factory.ApplyConfidentiality = factory.RequireIntegrity = false;
}
}
else
{
factory.ApplyIntegrity = this.HasProtectionRequirements(factory.ProtectionRequirements.OutgoingSignatureParts);
factory.ApplyConfidentiality = this.HasProtectionRequirements(factory.ProtectionRequirements.OutgoingEncryptionParts);
}
if (isForService)
{
base.ApplyAuditBehaviorSettings(context, factory);
if (factory.RequireConfidentiality || (!this.isCertificateSignatureBinding && factory.ApplyIntegrity))
{
factory.AsymmetricTokenParameters = this.RecipientTokenParameters.Clone();
}
else
{
factory.AsymmetricTokenParameters = null;
}
factory.CryptoTokenParameters = this.InitiatorTokenParameters.Clone();
SecurityBindingElement.SetIssuerBindingContextIfRequired(factory.CryptoTokenParameters, issuerBindingContext);
}
else
{
if (factory.ApplyConfidentiality || (!this.isCertificateSignatureBinding && factory.RequireIntegrity))
{
factory.AsymmetricTokenParameters = this.RecipientTokenParameters.Clone();
}
else
{
factory.AsymmetricTokenParameters = null;
}
factory.CryptoTokenParameters = this.InitiatorTokenParameters.Clone();
SecurityBindingElement.SetIssuerBindingContextIfRequired(factory.CryptoTokenParameters, issuerBindingContext);
}
if (flag)
{
if (isForService)
{
factory.ApplyConfidentiality = factory.ApplyIntegrity = false;
}
else
{
factory.RequireIntegrity = factory.RequireConfidentiality = false;
}
}
else if (!isForService)
{
factory.AllowSerializedSigningTokenOnReply = this.AllowSerializedSigningTokenOnReply;
}
factory.IdentityVerifier = base.LocalClientSettings.IdentityVerifier;
factory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
factory.MessageProtectionOrder = this.MessageProtectionOrder;
base.ConfigureProtocolFactory(factory, credentialsManager, isForService, issuerBindingContext, context.Binding);
if (!factory.RequireIntegrity)
{
factory.DetectReplays = false;
}
if (!flag)
{
return(factory);
}
AsymmetricSecurityProtocolFactory factory3 = new AsymmetricSecurityProtocolFactory();
if (isForService)
{
factory3.AsymmetricTokenParameters = this.InitiatorTokenParameters.Clone();
factory3.AsymmetricTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External;
factory3.AsymmetricTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never;
factory3.CryptoTokenParameters = this.RecipientTokenParameters.Clone();
factory3.CryptoTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
factory3.CryptoTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
factory3.IdentityVerifier = null;
}
else
{
factory3.AsymmetricTokenParameters = this.InitiatorTokenParameters.Clone();
factory3.AsymmetricTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External;
factory3.AsymmetricTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never;
factory3.CryptoTokenParameters = this.RecipientTokenParameters.Clone();
factory3.CryptoTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
factory3.CryptoTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
factory3.IdentityVerifier = base.LocalClientSettings.IdentityVerifier;
}
factory3.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
factory3.MessageProtectionOrder = this.MessageProtectionOrder;
factory3.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, isForService));
if (isForService)
{
factory3.ApplyConfidentiality = this.HasProtectionRequirements(factory3.ProtectionRequirements.OutgoingEncryptionParts);
factory3.ApplyIntegrity = true;
factory3.RequireIntegrity = factory3.RequireConfidentiality = false;
}
else
{
factory3.RequireConfidentiality = this.HasProtectionRequirements(factory3.ProtectionRequirements.IncomingEncryptionParts);
factory3.RequireIntegrity = true;
factory3.ApplyIntegrity = factory3.ApplyConfidentiality = false;
}
base.ConfigureProtocolFactory(factory3, credentialsManager, !isForService, issuerBindingContext, context.Binding);
if (!factory3.RequireIntegrity)
{
factory3.DetectReplays = false;
}
factory3.IsDuplexReply = true;
return(new DuplexSecurityProtocolFactory {
ForwardProtocolFactory = factory, ReverseProtocolFactory = factory3
});
}
public AsymmetricSecurityProtocol(AsymmetricSecurityProtocolFactory factory,
EndpointAddress target, Uri via)
: base(factory, target, via)
{
}
internal override SecurityProtocolFactory CreateSecurityProtocolFactory <TChannel>(BindingContext context, SecurityCredentialsManager credentialsManager, bool isForService, BindingContext issuerBindingContext)
{
if (context == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
}
if (credentialsManager == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("credentialsManager");
}
if (this.InitiatorTokenParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.AsymmetricSecurityBindingElementNeedsInitiatorTokenParameters, this.ToString())));
}
if (this.RecipientTokenParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.AsymmetricSecurityBindingElementNeedsRecipientTokenParameters, this.ToString())));
}
bool isDuplexSecurity = !this.isCertificateSignatureBinding && (typeof(IDuplexChannel) == typeof(TChannel) || typeof(IDuplexSessionChannel) == typeof(TChannel));
SecurityProtocolFactory protocolFactory;
AsymmetricSecurityProtocolFactory forward = new AsymmetricSecurityProtocolFactory();
forward.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, isForService));
forward.RequireConfidentiality = this.HasProtectionRequirements(forward.ProtectionRequirements.IncomingEncryptionParts);
forward.RequireIntegrity = this.HasProtectionRequirements(forward.ProtectionRequirements.IncomingSignatureParts);
if (this.isCertificateSignatureBinding)
{
if (isForService)
{
forward.ApplyIntegrity = forward.ApplyConfidentiality = false;
}
else
{
forward.ApplyConfidentiality = forward.RequireIntegrity = false;
}
}
else
{
forward.ApplyIntegrity = this.HasProtectionRequirements(forward.ProtectionRequirements.OutgoingSignatureParts);
forward.ApplyConfidentiality = this.HasProtectionRequirements(forward.ProtectionRequirements.OutgoingEncryptionParts);
}
if (isForService)
{
base.ApplyAuditBehaviorSettings(context, forward);
if (forward.RequireConfidentiality || (!this.isCertificateSignatureBinding && forward.ApplyIntegrity))
{
forward.AsymmetricTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone();
}
else
{
forward.AsymmetricTokenParameters = null;
}
forward.CryptoTokenParameters = this.InitiatorTokenParameters.Clone();
SetIssuerBindingContextIfRequired(forward.CryptoTokenParameters, issuerBindingContext);
}
else
{
if (forward.ApplyConfidentiality || (!this.isCertificateSignatureBinding && forward.RequireIntegrity))
{
forward.AsymmetricTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone();
}
else
{
forward.AsymmetricTokenParameters = null;
}
forward.CryptoTokenParameters = this.InitiatorTokenParameters.Clone();
SetIssuerBindingContextIfRequired(forward.CryptoTokenParameters, issuerBindingContext);
}
if (isDuplexSecurity)
{
if (isForService)
{
forward.ApplyConfidentiality = forward.ApplyIntegrity = false;
}
else
{
forward.RequireIntegrity = forward.RequireConfidentiality = false;
}
}
else
{
if (!isForService)
{
forward.AllowSerializedSigningTokenOnReply = this.AllowSerializedSigningTokenOnReply;
}
}
forward.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
forward.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
forward.MessageProtectionOrder = this.MessageProtectionOrder;
base.ConfigureProtocolFactory(forward, credentialsManager, isForService, issuerBindingContext, context.Binding);
if (!forward.RequireIntegrity)
{
forward.DetectReplays = false;
}
if (isDuplexSecurity)
{
AsymmetricSecurityProtocolFactory reverse = new AsymmetricSecurityProtocolFactory();
if (isForService)
{
reverse.AsymmetricTokenParameters = this.InitiatorTokenParameters.Clone();
reverse.AsymmetricTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External;
reverse.AsymmetricTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never;
reverse.CryptoTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone();
reverse.CryptoTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
reverse.CryptoTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
reverse.IdentityVerifier = null;
}
else
{
reverse.AsymmetricTokenParameters = this.InitiatorTokenParameters.Clone();
reverse.AsymmetricTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External;
reverse.AsymmetricTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never;
reverse.CryptoTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone();
reverse.CryptoTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
reverse.CryptoTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
reverse.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
}
reverse.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
reverse.MessageProtectionOrder = this.MessageProtectionOrder;
reverse.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, isForService));
if (isForService)
{
reverse.ApplyConfidentiality = this.HasProtectionRequirements(reverse.ProtectionRequirements.OutgoingEncryptionParts);
reverse.ApplyIntegrity = true;
reverse.RequireIntegrity = reverse.RequireConfidentiality = false;
}
else
{
reverse.RequireConfidentiality = this.HasProtectionRequirements(reverse.ProtectionRequirements.IncomingEncryptionParts);
reverse.RequireIntegrity = true;
reverse.ApplyIntegrity = reverse.ApplyConfidentiality = false;
}
base.ConfigureProtocolFactory(reverse, credentialsManager, !isForService, issuerBindingContext, context.Binding);
if (!reverse.RequireIntegrity)
{
reverse.DetectReplays = false;
}
// setup reverse here
reverse.IsDuplexReply = true;
DuplexSecurityProtocolFactory duplex = new DuplexSecurityProtocolFactory();
duplex.ForwardProtocolFactory = forward;
duplex.ReverseProtocolFactory = reverse;
protocolFactory = duplex;
}
else
{
protocolFactory = forward;
}
return(protocolFactory);
}
