internal override SecurityProtocolFactory CreateSecurityProtocolFactory <TChannel>(BindingContext context, SecurityCredentialsManager credentialsManager, bool isForService, BindingContext issuerBindingContext) { if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } if (credentialsManager == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("credentialsManager"); } if (this.InitiatorTokenParameters == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.AsymmetricSecurityBindingElementNeedsInitiatorTokenParameters, this.ToString()))); } if (this.RecipientTokenParameters == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.AsymmetricSecurityBindingElementNeedsRecipientTokenParameters, this.ToString()))); } bool isDuplexSecurity = !this.isCertificateSignatureBinding && (typeof(IDuplexChannel) == typeof(TChannel) || typeof(IDuplexSessionChannel) == typeof(TChannel)); SecurityProtocolFactory protocolFactory; AsymmetricSecurityProtocolFactory forward = new AsymmetricSecurityProtocolFactory(); forward.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, isForService)); forward.RequireConfidentiality = this.HasProtectionRequirements(forward.ProtectionRequirements.IncomingEncryptionParts); forward.RequireIntegrity = this.HasProtectionRequirements(forward.ProtectionRequirements.IncomingSignatureParts); if (this.isCertificateSignatureBinding) { if (isForService) { forward.ApplyIntegrity = forward.ApplyConfidentiality = false; } else { forward.ApplyConfidentiality = forward.RequireIntegrity = false; } } else { forward.ApplyIntegrity = this.HasProtectionRequirements(forward.ProtectionRequirements.OutgoingSignatureParts); forward.ApplyConfidentiality = this.HasProtectionRequirements(forward.ProtectionRequirements.OutgoingEncryptionParts); } if (isForService) { base.ApplyAuditBehaviorSettings(context, forward); if (forward.RequireConfidentiality || (!this.isCertificateSignatureBinding && forward.ApplyIntegrity)) { forward.AsymmetricTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone(); } else { forward.AsymmetricTokenParameters = null; } forward.CryptoTokenParameters = this.InitiatorTokenParameters.Clone(); SetIssuerBindingContextIfRequired(forward.CryptoTokenParameters, issuerBindingContext); } else { if (forward.ApplyConfidentiality || (!this.isCertificateSignatureBinding && forward.RequireIntegrity)) { forward.AsymmetricTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone(); } else { forward.AsymmetricTokenParameters = null; } forward.CryptoTokenParameters = this.InitiatorTokenParameters.Clone(); SetIssuerBindingContextIfRequired(forward.CryptoTokenParameters, issuerBindingContext); } if (isDuplexSecurity) { if (isForService) { forward.ApplyConfidentiality = forward.ApplyIntegrity = false; } else { forward.RequireIntegrity = forward.RequireConfidentiality = false; } } else { if (!isForService) { forward.AllowSerializedSigningTokenOnReply = this.AllowSerializedSigningTokenOnReply; } } forward.IdentityVerifier = this.LocalClientSettings.IdentityVerifier; forward.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation; forward.MessageProtectionOrder = this.MessageProtectionOrder; base.ConfigureProtocolFactory(forward, credentialsManager, isForService, issuerBindingContext, context.Binding); if (!forward.RequireIntegrity) { forward.DetectReplays = false; } if (isDuplexSecurity) { AsymmetricSecurityProtocolFactory reverse = new AsymmetricSecurityProtocolFactory(); if (isForService) { reverse.AsymmetricTokenParameters = this.InitiatorTokenParameters.Clone(); reverse.AsymmetricTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External; reverse.AsymmetricTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never; reverse.CryptoTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone(); reverse.CryptoTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal; reverse.CryptoTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient; reverse.IdentityVerifier = null; } else { reverse.AsymmetricTokenParameters = this.InitiatorTokenParameters.Clone(); reverse.AsymmetricTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External; reverse.AsymmetricTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never; reverse.CryptoTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone(); reverse.CryptoTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal; reverse.CryptoTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient; reverse.IdentityVerifier = this.LocalClientSettings.IdentityVerifier; } reverse.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation; reverse.MessageProtectionOrder = this.MessageProtectionOrder; reverse.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, isForService)); if (isForService) { reverse.ApplyConfidentiality = this.HasProtectionRequirements(reverse.ProtectionRequirements.OutgoingEncryptionParts); reverse.ApplyIntegrity = true; reverse.RequireIntegrity = reverse.RequireConfidentiality = false; } else { reverse.RequireConfidentiality = this.HasProtectionRequirements(reverse.ProtectionRequirements.IncomingEncryptionParts); reverse.RequireIntegrity = true; reverse.ApplyIntegrity = reverse.ApplyConfidentiality = false; } base.ConfigureProtocolFactory(reverse, credentialsManager, !isForService, issuerBindingContext, context.Binding); if (!reverse.RequireIntegrity) { reverse.DetectReplays = false; } // setup reverse here reverse.IsDuplexReply = true; DuplexSecurityProtocolFactory duplex = new DuplexSecurityProtocolFactory(); duplex.ForwardProtocolFactory = forward; duplex.ReverseProtocolFactory = reverse; protocolFactory = duplex; } else { protocolFactory = forward; } return(protocolFactory); }
void CreateSecurityProtocolFactory() { SecurityProtocolFactory incomingProtocolFactory; SecurityProtocolFactory outgoingProtocolFactory; ChannelProtectionRequirements protectionRequirements; lock (ThisLock) { if (null != securityProtocolFactory) { return; } TimeoutHelper timeoutHelper = new TimeoutHelper(ServiceDefaults.SendTimeout); if (!enableSigning) { outgoingProtocolFactory = new PeerDoNothingSecurityProtocolFactory(); incomingProtocolFactory = new PeerDoNothingSecurityProtocolFactory(); } else { X509Certificate2 cert = credManager.Certificate; if (cert != null) { SecurityBindingElement securityBindingElement = SecurityBindingElement.CreateCertificateSignatureBindingElement(); securityBindingElement.ReaderQuotas = this.readerQuotas; BindingParameterCollection bpc = new BindingParameterCollection(); if (protection == null) { protectionRequirements = new ChannelProtectionRequirements(); } else { protectionRequirements = new ChannelProtectionRequirements(protection); } ApplySigningRequirements(protectionRequirements.IncomingSignatureParts); ApplySigningRequirements(protectionRequirements.OutgoingSignatureParts); bpc.Add(protectionRequirements); bpc.Add(this.auditBehavior); bpc.Add(credManager); BindingContext context = new BindingContext(new CustomBinding(securityBindingElement), bpc); outgoingProtocolFactory = securityBindingElement.CreateSecurityProtocolFactory <IOutputChannel>(context, credManager, false, null); } else { outgoingProtocolFactory = new PeerDoNothingSecurityProtocolFactory(); } SecurityTokenResolver resolver; X509SecurityTokenAuthenticator auth = tokenManager.CreateSecurityTokenAuthenticator(PeerSecurityCredentialsManager.PeerClientSecurityTokenManager.CreateRequirement(SecurityTokenTypes.X509Certificate, true), out resolver) as X509SecurityTokenAuthenticator; if (auth != null) { SecurityBindingElement securityBindingElement = SecurityBindingElement.CreateCertificateSignatureBindingElement(); securityBindingElement.ReaderQuotas = this.readerQuotas; BindingParameterCollection bpc = new BindingParameterCollection(); if (protection == null) { protectionRequirements = new ChannelProtectionRequirements(); } else { protectionRequirements = new ChannelProtectionRequirements(protection); } ApplySigningRequirements(protectionRequirements.IncomingSignatureParts); ApplySigningRequirements(protectionRequirements.OutgoingSignatureParts); bpc.Add(protectionRequirements); bpc.Add(this.auditBehavior); bpc.Add(credManager); BindingContext context = new BindingContext(new CustomBinding(securityBindingElement), bpc); incomingProtocolFactory = securityBindingElement.CreateSecurityProtocolFactory <IOutputChannel>(context, credManager, true, null); } else { incomingProtocolFactory = new PeerDoNothingSecurityProtocolFactory(); } } DuplexSecurityProtocolFactory tempFactory = new DuplexSecurityProtocolFactory(outgoingProtocolFactory, incomingProtocolFactory); tempFactory.Open(true, timeoutHelper.RemainingTime()); securityProtocolFactory = tempFactory; } }
private void CreateSecurityProtocolFactory() { lock (this.ThisLock) { if (this.securityProtocolFactory == null) { SecurityProtocolFactory factory; SecurityProtocolFactory factory2; TimeoutHelper helper = new TimeoutHelper(ServiceDefaults.SendTimeout); if (!this.enableSigning) { factory2 = new PeerDoNothingSecurityProtocolFactory(); factory = new PeerDoNothingSecurityProtocolFactory(); } else { ChannelProtectionRequirements requirements; SecurityTokenResolver resolver; if (this.credManager.Certificate != null) { SecurityBindingElement element = SecurityBindingElement.CreateCertificateSignatureBindingElement(); element.ReaderQuotas = this.readerQuotas; BindingParameterCollection parameters = new BindingParameterCollection(); if (this.protection == null) { requirements = new ChannelProtectionRequirements(); } else { requirements = new ChannelProtectionRequirements(this.protection); } this.ApplySigningRequirements(requirements.IncomingSignatureParts); this.ApplySigningRequirements(requirements.OutgoingSignatureParts); parameters.Add(requirements); parameters.Add(this.auditBehavior); parameters.Add(this.credManager); BindingContext context = new BindingContext(new CustomBinding(new BindingElement[] { element }), parameters); factory2 = element.CreateSecurityProtocolFactory <IOutputChannel>(context, this.credManager, false, null); } else { factory2 = new PeerDoNothingSecurityProtocolFactory(); } if (this.tokenManager.CreateSecurityTokenAuthenticator(PeerSecurityCredentialsManager.PeerClientSecurityTokenManager.CreateRequirement(SecurityTokenTypes.X509Certificate, true), out resolver) is X509SecurityTokenAuthenticator) { SecurityBindingElement element2 = SecurityBindingElement.CreateCertificateSignatureBindingElement(); element2.ReaderQuotas = this.readerQuotas; BindingParameterCollection parameters2 = new BindingParameterCollection(); if (this.protection == null) { requirements = new ChannelProtectionRequirements(); } else { requirements = new ChannelProtectionRequirements(this.protection); } this.ApplySigningRequirements(requirements.IncomingSignatureParts); this.ApplySigningRequirements(requirements.OutgoingSignatureParts); parameters2.Add(requirements); parameters2.Add(this.auditBehavior); parameters2.Add(this.credManager); BindingContext context2 = new BindingContext(new CustomBinding(new BindingElement[] { element2 }), parameters2); factory = element2.CreateSecurityProtocolFactory <IOutputChannel>(context2, this.credManager, true, null); } else { factory = new PeerDoNothingSecurityProtocolFactory(); } } DuplexSecurityProtocolFactory factory3 = new DuplexSecurityProtocolFactory(factory2, factory); factory3.Open(true, helper.RemainingTime()); this.securityProtocolFactory = factory3; } } }