/// <summary> /// Intercepts the request, storing the unfinished signatures. /// </summary> /// <param name="message"></param> public override void InterceptRequest(InterceptorMessage message) { try { Headers headers = new Headers(message); SequenceHeader sequenceHeader = headers.SequenceHeader; string messageId = string.Empty; if (message.IsFault) { // ? nothing to do?? } else if (sequenceHeader == null) { // ? nothing to do?? } else if (sequenceHeader.IsLastMessage) { // ? nothing to do?? } else { messageId = headers.MessageId.ToString(); UnfinishedSignatureValidationProof unfinishedSignature = new UnfinishedSignatureValidationProof(headers); //System.Diagnostics.Debug.WriteLine("\n\n\nAdding unfinished signature - id:" + messageId + ";unfinished signature validation proof: " + unfinishedSignature.SignatureValidationProof + "\n\n\n"); this.unfinishedSignaturesValidationProofStore.Add(messageId, sequenceHeader, unfinishedSignature); } } catch (Exception ex) { throw ex; } }
private void InterceptedAcknowledgementResponse(InterceptorMessage message, Headers headers) { lock (signatureLock) { SequenceAcknowledgementHeader sequenceAcknowledgementHeader = headers.SequenceAcknowledgement; string identityName = message.Properties.Security.ServiceSecurityContext.PrimaryIdentity.Name; int index = identityName.LastIndexOf(';'); string certificateSubject = identityName.Substring(0, index); // Try to get the messages that have been acked in the RM session. If none exists return. List <UnfinishedSignatureValidationProof> ackedMessages = null; //System.Diagnostics.Debug.WriteLine("InterceptedAcknowledgementResponse sequenceID" + sequenceAcknowledgementHeader.SequenceId); if (this.unfinishedSignaturesValidationProofStore.TryGetValueFromSequenceAcknowledgementHeader(sequenceAcknowledgementHeader, out ackedMessages)) { // message foreach (UnfinishedSignatureValidationProof ackedMessage in ackedMessages) { SignatureValidationProof signatureValidationProof = ackedMessage.SignatureValidationProof; if (!signatureValidationProof.Completed) { signatureValidationProof.CompleteValidation(certificateSubject); } } } } }
/// <summary> /// Intercepts the response, finishing the signatures and adds it to the /// message. /// </summary> /// <param name="message"></param> public override void InterceptResponse(InterceptorMessage message) { try { //System.Diagnostics.Debug.Write("Intercepting the response - "); Headers headers = new Headers(message); SequenceAcknowledgementHeader sequenceAcknowledgement = headers.SequenceAcknowledgement; if (message.IsFault) { } else if (headers.SequenceHeader == null) { } else if (headers.RelatesTo != null) { this.InterceptedMessageResponse(message, headers); } if (sequenceAcknowledgement != null) { this.InterceptedAcknowledgementResponse(message, headers); } } catch (Exception ex) { throw ex; } }
private static Dictionary <string, string> GetKeywords(InterceptorMessage interceptorMessage) { Dictionary <string, string> keywords = new Dictionary <string, string>(); System.ServiceModel.Channels.Message wcfMessage = interceptorMessage.GetMessage(); keywords.Add("messageaction", wcfMessage.Headers.Action); return(keywords); }
public override void InterceptResponse(InterceptorMessage interceptorMessage) { try { Console.WriteLine("{0} : Received: {1} from '{2}'", DateTime.Now, interceptorMessage.GetHeaders().Action, interceptorMessage.GetHeaders().From); } catch (Exception e) { Console.WriteLine("Console.WriteLine Interceptor failed: " + e); } }
/// <summary> /// Constructor that takes the interceptor message as parameter. /// </summary> /// <param name="message"></param> public Headers(InterceptorMessage message) { MessageHeaders headers = message.GetHeaders(); _messageId = headers.MessageId; _relatesTo = headers.RelatesTo; _isCreateSequence = headers.Action.Contains("CreateSequence"); _isCreateSequenceResponse = headers.Action.Contains("CreateSequenceResponse"); SetHeaders(headers); }
public override void InterceptRequest(InterceptorMessage interceptorMessage) { // Get the message, uncopied Message msg = interceptorMessage.GetMessage(); // Extract headers and switch sender for receiver _senderPartyIdentifier = ExtractHeaderValue(msg, _receiverPartyIdentifierHeaderName.Name, _receiverPartyIdentifierHeaderName.Namespace, DefaultReceiverPartyIdentifier); _senderPartyIdentifierType = ExtractHeaderValue(msg, _receiverPartyIdentifierTypeHeaderName.Name, _receiverPartyIdentifierTypeHeaderName.Namespace, "other"); _receiverPartyIdentifier = ExtractHeaderValue(msg, _senderPartyIdentifierHeaderName.Name, _senderPartyIdentifierHeaderName.Namespace, DefaultSenderPartyIdentifier); _receiverPartyIdentifierType = ExtractHeaderValue(msg, _senderPartyIdentifierTypeHeaderName.Name, _senderPartyIdentifierTypeHeaderName.Namespace, "other"); }
/// <summary> /// Incepts the request and punes the input. /// </summary> /// <param name="message"></param> public override void InterceptRequest(InterceptorMessage message) { try { XmlDocument body = message.GetBody(); CompiledXslt styleSheet = LoadStyleSheet(body); XmlDocument transformedBody = _xsltUtility.TransformXml(body, styleSheet); message.SetBody(transformedBody); if (_configuration.PropagateOriginalMessage) { OriginalBody orgBody = new OriginalBody(body); message.AddProperty(ServerXsltTransformationBindingExtensionElement.ORIGINALBODYPROPERTYNAME, orgBody); } } catch (Exception ex) { throw new XsltTransformFailedException(ex); } }
/// <summary> /// Overrides the abstract method and implements the basic intercept on a /// request. /// </summary> /// <param name="interceptorMessage"></param> public override void InterceptRequest(InterceptorMessage interceptorMessage) { try { X509Certificate2 certificate = interceptorMessage.Certificate; XmlDocument xmlDocument = interceptorMessage.GetBody(); DocumentTypeConfigSearcher searcher = new DocumentTypeConfigSearcher(); DocumentTypeConfig documentType = searcher.FindUniqueDocumentType(xmlDocument); bool authorised = _authoriser.Authorise(certificate, xmlDocument, documentType); if (!authorised) { throw new NotAuthorisedException(certificate, xmlDocument, documentType); } } catch (NotAuthorisedException) { throw; } catch (Exception ex) { throw new AuthorisationProcessFailedException(ex); } }
private void InterceptedMessageResponse(InterceptorMessage message, Headers headers) { lock (signatureLock) { SequenceHeader sequenceHeader = headers.SequenceHeader; string relatesTo = headers.RelatesTo.ToString(); // Try to get the unfinished signature validation proof. If none exists return. UnfinishedSignatureValidationProof unfinishedSignatureValidationProof = null; if (this.unfinishedSignaturesValidationProofStore.TryGetValueFromMessageId(relatesTo, out unfinishedSignatureValidationProof)) { // validation proof retrived //System.Diagnostics.Debug.WriteLine("InterceptedMessageResponse relatesTo " + relatesTo); SignatureValidationProof signatureValidationProof = unfinishedSignatureValidationProof.SignatureValidationProof; string signatureValidationProofKey = ClientSignatureValidationProofBindingExtensionElement.SignatureValidationProofKey; message.AddProperty(signatureValidationProofKey, signatureValidationProof); } } }
public override void InterceptRequest(InterceptorMessage interceptorMessage) { // Get the message, uncopied Message msg = interceptorMessage.GetMessage(); // If a property is set use that to find the header values if (msg.Properties.ContainsKey(PartyIdentifierHeaderSettings.MessagePropertyKey)) { PartyIdentifierHeaderSettings settings = (PartyIdentifierHeaderSettings)msg.Properties[PartyIdentifierHeaderSettings.MessagePropertyKey]; if (!string.IsNullOrEmpty(settings.SenderPartyHeaderValue)) { _senderPartyIdentifier = settings.SenderPartyHeaderValue; } if (!string.IsNullOrEmpty(settings.ReceiverPartyHeaderValue)) { _receiverPartyIdentifier = settings.ReceiverPartyHeaderValue; } _senderPartyIdentifierType = settings.SenderPartyKeyType; _receiverPartyIdentifierType = settings.ReceiverPartyKeyType; } // Add the headers msg.Headers.Add(MessageHeader.CreateHeader( _senderPartyIdentifierHeaderName.Name, _senderPartyIdentifierHeaderName.Namespace, _senderPartyIdentifier)); msg.Headers.Add(MessageHeader.CreateHeader( _senderPartyIdentifierTypeHeaderName.Name, _senderPartyIdentifierTypeHeaderName.Namespace, _senderPartyIdentifierType)); msg.Headers.Add(MessageHeader.CreateHeader( _receiverPartyIdentifierHeaderName.Name, _receiverPartyIdentifierHeaderName.Namespace, _receiverPartyIdentifier)); msg.Headers.Add(MessageHeader.CreateHeader( _receiverPartyIdentifierTypeHeaderName.Name, _receiverPartyIdentifierTypeHeaderName.Namespace, _receiverPartyIdentifierType)); }
/// <summary> /// Gets request /// </summary> /// <param name="message">message</param> public override void InterceptRequest(InterceptorMessage message) { string document = message.GetBodyAsString(); this.schemaValidator.Validate(document); }
/// <summary> /// Certificate validator /// </summary> /// <param name="interceptorMessage">InterceptorMessage to validate</param> public void Validate(InterceptorMessage interceptorMessage) { this.logger.Trace("Certificate validation."); // Get the certificate from the message X509Certificate2 certificate = null; try { certificate = interceptorMessage.Certificate; if (certificate == null) { throw new FailedToGetCertificateSubjectException(interceptorMessage); } //Check if the certificate is valid (Activated, and not expired, and from trusted root) this.validator.Validate(certificate); this.logger.Debug(string.Format("Certificate '{0}' has parsed the trusted validate.", certificate.SubjectName.Name)); } catch (CertificateExpiredException ex) { if (certificate != null) { this.logger.Warn(string.Format("Certificate '{0}' is expired.", certificate.SubjectName.Name)); } else { this.logger.Warn("Unknown certificate is expired."); } throw new InterceptorChannelWrapperException(OiosiFaultCode.Sender, OiosiInnerFaultCode.SignatureNotValidFault, ex); } catch (CertificateNotActiveException ex) { if (certificate != null) { this.logger.Warn(string.Format("Certificate '{0}' is not activated.", certificate.SubjectName.Name)); } else { this.logger.Warn("Unknown certificate is not activated."); } throw new InterceptorChannelWrapperException(OiosiFaultCode.Sender, OiosiInnerFaultCode.SignatureNotValidFault, ex); } catch (CertificateRootNotTrustedException ex) { if (certificate != null) { this.logger.Warn(string.Format("The root certificate for certificate '{0}' is not trusted.", certificate.SubjectName.Name)); } else { this.logger.Warn("The root certificate for a unknown certificate is not trusted."); } throw new InterceptorChannelWrapperException(OiosiFaultCode.Sender, OiosiInnerFaultCode.SignatureNotValidFault, ex); } catch (FailedToGetCertificateSubjectException) { if (certificate != null) { this.logger.Warn(string.Format("Subject for certificate '{0}' was not found.", certificate.SubjectName.Name)); } else { this.logger.Warn("Subject for unknown certificate was not found."); } throw; } catch (Exception ex) { if (certificate != null) { this.logger.Warn(string.Format("The certificate '{0}' was rejected.", certificate.SubjectName.Name)); } else { this.logger.Warn("Unknown certificate was rejected."); } this.logger.Debug("Security validate the foces certificate", ex); throw new InterceptorChannelWrapperException(OiosiFaultCode.Receiver, OiosiInnerFaultCode.InternalSystemFailureFault, "The client certificate is invalid."); } this.logger.Trace("Security validate the foces certificate - Finish."); }
/// <summary> /// Validating interceptors must implement this interface. interceptorMessage is the /// wrapped intercepted message from the response. Not in use in the asynchronous profile /// </summary> /// <param name="interceptorMessage">Wrapped intercepted message</param> public abstract void InterceptResponse(InterceptorMessage interceptorMessage);
/// <summary> /// Validating interceptors must implement this interface. interceptorMessage is the /// wrapped intercepted message from the request. /// </summary> /// <param name="interceptorMessage">Wrapped intercepted message</param> public abstract void InterceptRequest(InterceptorMessage interceptorMessage);
/// <summary> /// Response schema validation is not a part of the first release. /// </summary> /// <param name="message"></param> /// <returns></returns> public override void InterceptResponse(InterceptorMessage message) { }
/// <summary> /// Gets request /// </summary> /// <param name="message">message</param> public override void InterceptRequest(InterceptorMessage message) { this.certificateValidator.Validate(message); }
/* /// <summary> * /// Overrides the method to validate the binding element order. * /// </summary> * /// <typeparam name="TChannel"></typeparam> * /// <param name="context"></param> * /// <returns></returns> * public override IChannelListener<TChannel> BuildChannelListener<TChannel>(BindingContext context) * { * BindingElementCollection bindingElements = context.Binding.Elements; * this.stackCheck.Check(bindingElements); * return base.BuildChannelListener<TChannel>(context); * }*/ /// <summary> /// Intercept requests and creates the proof of validation interception before /// attaching it to the message. /// </summary> /// <param name="interceptorMessage"></param> public override void InterceptRequest(InterceptorMessage interceptorMessage) { this.logger.Trace("Security validate the foces certificate."); try { Headers headers = new Headers(interceptorMessage); if (interceptorMessage.IsFault) { // do nothing } else if (headers.IsCreateSequence) { // do nothing } else if (headers.SequenceHeader == null) { // do nothing } else if (headers.SequenceHeader.IsLastMessage) { // do nothing } else { // Get the certificate from the message X509Certificate2 certificate; try { certificate = interceptorMessage.Certificate; } catch { throw new FailedToGetCertificateSubjectException(interceptorMessage); } // now we must revocate check the certificate OcesX509Certificate ocesCertificate = new OcesX509Certificate(certificate); RevocationResponse response = ocesCertificate.CheckRevocationStatus(revocationLookup); if (response.Exception != null) { string msg; try { msg = response.Exception.Message; } catch (Exception ex) { this.logger.Debug("Error finding the correct error message.", ex); msg = "unknown"; } this.logger.Warn(string.Format("The certificate '{0}' revocation check failed. Reason is: ", ocesCertificate.Certificate.SubjectName.Name, msg)); // some error checking the certificate // make sure the error is of the correct type, and throw it // note - if the original exception was not a communikation exception, it is wraped in a communikation exception if (response.Exception is CertificateRevokedTimeoutException) { throw new CertificateRevokedValidationFailedException(response.Exception); } else if (response.Exception is CertificateRevokedException) { throw response.Exception; } else if (response.Exception is CertificateRevokedValidationFailedException) { throw response.Exception; } else if (response.Exception is CheckCertificateOcspUnexpectedException) { throw new CertificateRevokedValidationFailedException(response.Exception); } else if (response.Exception is CheckCertificateRevokedUnexpectedException) { throw new CertificateRevokedValidationFailedException(response.Exception); } else { throw new CertificateRevokedValidationFailedException(response.Exception); } } else { // no exception - all good so far switch (response.RevocationCheckStatus) { case RevocationCheckStatus.AllChecksPassed: { // all good this.logger.Debug(string.Format("Certificate '{0}' has parsed the revocation validate.", certificate.SubjectName.Name)); SignatureValidationProof signatureValidationProof = new SignatureValidationProof(certificate.Subject); interceptorMessage.AddProperty(ServerSignatureValidationProofBindingExtensionElement.SignatureValidationProofKey, signatureValidationProof); break; } case RevocationCheckStatus.CertificateRevoked: { this.logger.Warn(string.Format("The certificate '{0}' is revoked.", ocesCertificate.Certificate.SubjectName.Name)); throw new CertificateRevokedException(); //break; } default: { this.logger.Warn(string.Format("The certificate '{0}' failed in revocation check - reason unknown", ocesCertificate.Certificate.SubjectName.Name)); throw new CertificateRevokedValidationFailedException("The certificate failed in revocation check - reason unknown."); //break; } } } } } catch (FailedToGetCertificateSubjectException) { // exception is of the correct type - rethrowing it throw; } /* catch (CertificateRevokedTimeoutException e) * { * // exception is of the correct type - rethrowing it * throw new CertificateRevokedValidationFailedException(e); * }*/ catch (CertificateRevokedException) { // exception is of the correct type - rethrowing it throw; } catch (CertificateRevokedValidationFailedException) { // exception is of the correct type - rethrowing it throw; } /* catch (CheckCertificateOcspUnexpectedException) * { * // exception is of the correct type - rethrowing it * throw; * }*/ /* catch (CheckCertificateRevokedUnexpectedException) * { * // exception is of the correct type - rethrowing it * throw; * }*/ catch (Exception ex) { this.logger.Debug("Security validate the foces certificate", ex); throw new CertificateRevokedValidationFailedException(ex); } this.logger.Trace("Security validate the foces certificate - Finish."); }
/// <summary> /// Constructor that takes the interceptor message that did not contain a certificate /// subject. /// </summary> /// <param name="interceptorMessage"></param> public FailedToGetCertificateSubjectException(InterceptorMessage interceptorMessage) : base(OiosiFaultCode.Sender, OiosiInnerFaultCode.SignatureNotValidFault, GetKeywords(interceptorMessage)) { }