Exemple #1
0
        IssuedSecurityTokenProvider CreateIssuedProviderBase(SecurityTokenRequirement r)
        {
            IssuedSecurityTokenProvider p =
                new IssuedSecurityTokenProvider();

            p.TargetAddress = r.GetProperty <EndpointAddress> (ReqType.TargetAddressProperty);

            // FIXME: use it somewhere, probably to build
            // IssuerBinding. However, there is also IssuerBinding
            // property. SecureConversationSecurityBindingElement
            // as well.
            SecurityBindingElement sbe =
                r.GetProperty <SecurityBindingElement> (ReqType.SecurityBindingElementProperty);

            // I doubt the binding is acquired this way ...
            Binding binding;

            if (!r.TryGetProperty <Binding> (ReqType.IssuerBindingProperty, out binding))
            {
                binding = new CustomBinding(sbe,
                                            new TextMessageEncodingBindingElement(),
                                            new HttpTransportBindingElement());
            }
            p.IssuerBinding = binding;

            // not sure if it is used only for this purpose though ...
            BindingContext ctx = r.GetProperty <BindingContext> (ReqType.IssuerBindingContextProperty);

            foreach (IEndpointBehavior b in ctx.BindingParameters.FindAll <IEndpointBehavior> ())
            {
                p.IssuerChannelBehaviors.Add(b);
            }

            SecurityTokenVersion ver =
                r.GetProperty <SecurityTokenVersion> (ReqType.MessageSecurityVersionProperty);

            p.SecurityTokenSerializer =
                CreateSecurityTokenSerializer(ver);

            // seems like they are optional here ... (but possibly
            // used later)
            EndpointAddress address;

            if (!r.TryGetProperty <EndpointAddress> (ReqType.IssuerAddressProperty, out address))
            {
                address = p.TargetAddress;
            }
            p.IssuerAddress = address;

            // It is somehow not checked as mandatory ...
            SecurityAlgorithmSuite suite = null;

            r.TryGetProperty <SecurityAlgorithmSuite> (ReqType.SecurityAlgorithmSuiteProperty, out suite);
            p.SecurityAlgorithmSuite = suite;

            return(p);
        }
 public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement)
 {
     if (base.IsIssuedSecurityTokenRequirement(tokenRequirement))
     {
         EndpointAddress property = tokenRequirement.GetProperty <EndpointAddress>(ServiceModelSecurityTokenRequirement.TargetAddressProperty);
         IssuedSecurityTokenParameters parameters = tokenRequirement.GetProperty <IssuedSecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty);
         return(InfoCardHelper.CreateTokenProviderForNextLeg(tokenRequirement, property, parameters.IssuerAddress, this.m_relyingPartyIssuer, this, this.m_infocardChannelParameter));
     }
     return(base.CreateSecurityTokenProvider(tokenRequirement));
 }
Exemple #3
0
        void InitializeAuthenticatorCommunicationObject(AuthenticatorCommunicationObject p, SecurityTokenRequirement r)
        {
            p.ListenUri = r.GetProperty <Uri> (ReqType.ListenUriProperty);

            // FIXME: use it somewhere, probably to build
            // IssuerBinding. However, there is also IssuerBinding
            // property. SecureConversationSecurityBindingElement
            // as well.
            SecurityBindingElement sbe =
                r.GetProperty <SecurityBindingElement> (ReqType.SecurityBindingElementProperty);

            p.SecurityBindingElement = sbe;

            /*
             *                      // I doubt the binding is acquired this way ...
             *                      Binding binding;
             *                      if (!r.TryGetProperty<Binding> (ReqType.IssuerBindingProperty, out binding))
             *                              binding = new CustomBinding (
             *                                      new TextMessageEncodingBindingElement (),
             *                                      new HttpTransportBindingElement ());
             *                      p.IssuerBinding = binding;
             *
             *                      // not sure if it is used only for this purpose though ...
             *                      BindingContext ctx = r.GetProperty<BindingContext> (ReqType.IssuerBindingContextProperty);
             *                      foreach (IEndpointBehavior b in ctx.BindingParameters.FindAll<IEndpointBehavior> ())
             *                              p.IssuerChannelBehaviors.Add (b);
             */

            SecurityTokenVersion ver =
                r.GetProperty <SecurityTokenVersion> (ReqType.MessageSecurityVersionProperty);

            p.SecurityTokenSerializer =
                CreateSecurityTokenSerializer(ver);

            /*
             *                      // seems like they are optional here ... (but possibly
             *                      // used later)
             *                      EndpointAddress address;
             *                      if (!r.TryGetProperty<EndpointAddress> (ReqType.IssuerAddressProperty, out address))
             *                              address = p.TargetAddress;
             *                      p.IssuerAddress = address;
             */

            // It is somehow not checked as mandatory ...
            SecurityAlgorithmSuite suite = null;

            r.TryGetProperty <SecurityAlgorithmSuite> (ReqType.SecurityAlgorithmSuiteProperty, out suite);
            p.SecurityAlgorithmSuite = suite;
        }
Exemple #4
0
        public override SecurityTokenProvider CreateSecurityTokenProvider(
            SecurityTokenRequirement tokenRequirement)
        {
            // Return your implementation of the SecurityTokenProvider based on the
            // tokenRequirement argument.
            SecurityTokenProvider result;
            if (tokenRequirement.TokenType == SecurityTokenTypes.X509Certificate)
            {
                MessageDirection direction = tokenRequirement.GetProperty<MessageDirection>(
                    ServiceModelSecurityTokenRequirement.MessageDirectionProperty);
                if (direction == MessageDirection.Output)
                {
                    result = new MySecurityTokenProvider(credentials.ClientCertificate.Certificate);
                }
                else
                {
                    result = base.CreateSecurityTokenProvider(tokenRequirement);
                }
            }
            else
            {
                result = base.CreateSecurityTokenProvider(tokenRequirement);
            }

            return result;
        }
Exemple #5
0
        public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator
            (SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver)
        {
            // Return your implementation of the SecurityTokenProvider based on the
            // tokenRequirement argument.
            SecurityTokenAuthenticator result;

            if (tokenRequirement.TokenType == SecurityTokenTypes.UserName)
            {
                MessageDirection direction = tokenRequirement.GetProperty <MessageDirection>
                                                 (ServiceModelSecurityTokenRequirement.MessageDirectionProperty);
                if (direction == MessageDirection.Input)
                {
                    outOfBandTokenResolver = null;
                    result = new MySecurityTokenAuthenticator();
                }
                else
                {
                    result = base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver);
                }
            }
            else
            {
                result = base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver);
            }

            return(result);
        }
		public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator
			(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver)
		{
			// Return your implementation of the SecurityTokenProvider based on the 
			// tokenRequirement argument.
			SecurityTokenAuthenticator result;
			if (tokenRequirement.TokenType == SecurityTokenTypes.UserName)
			{
				MessageDirection direction = tokenRequirement.GetProperty<MessageDirection>
					(ServiceModelSecurityTokenRequirement.MessageDirectionProperty);
				if (direction == MessageDirection.Input)
				{
					outOfBandTokenResolver = null;
					result = new MySecurityTokenAuthenticator();
				}
				else
				{
					result = base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver);
				}
			}
			else
			{
				result = base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver);
			}

			return result;
		}
        public override SecurityTokenProvider CreateSecurityTokenProvider(
            SecurityTokenRequirement requirement)
        {
            SecurityTokenProvider result = null;
            if (requirement.TokenType == SecurityTokenTypes.X509Certificate)
            {
                var direction = requirement.GetProperty<MessageDirection>(ServiceModelSecurityTokenRequirement.MessageDirectionProperty);

                if (direction == MessageDirection.Output)
                {
                    if (requirement.KeyUsage == SecurityKeyUsage.Signature)
                        result = new X509SecurityTokenProvider(this._credentials.ClientSigningCertificate);
                    else
                        result = new X509SecurityTokenProvider(this._credentials.ServiceEncryptingCertificate);
                }
                else
                {
                    if (requirement.KeyUsage == SecurityKeyUsage.Signature)
                        result = new X509SecurityTokenProvider(this._credentials.ServiceSigningCertificate);
                    else
                        result = new X509SecurityTokenProvider(_credentials.ClientEncryptingCertificate);
                }
            }
            else
            {
                result = base.CreateSecurityTokenProvider(requirement);
            }

            return result;
        }
Exemple #8
0
        public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement)
        {
            SecurityTokenProvider result = null;

            if (tokenRequirement.TokenType == SecurityTokenTypes.X509Certificate)
            {
                MessageDirection direction = tokenRequirement.GetProperty <MessageDirection>(ServiceModelSecurityTokenRequirement.MessageDirectionProperty);
                if (direction == MessageDirection.Input)
                {
                    if (tokenRequirement.KeyUsage == SecurityKeyUsage.Exchange)
                    {
                        result = new CustomX509SecurityTokenProvider(credentials.ServiceCertificate.Certificate);
                    }
                }
                else
                {
                    if (tokenRequirement.KeyUsage == SecurityKeyUsage.Signature)
                    {
                        result = new CustomX509SecurityTokenProvider(credentials.ServiceCertificate.Certificate);
                    }
                }
            }

            if (result == null)
            {
                result = base.CreateSecurityTokenProvider(tokenRequirement);
            }
            return(result);
        }
        /// <summary>
        /// Creates a <see cref="WsTrustRequest"/> from the <see cref="WSTrustTokenParameters"/>
        /// </summary>
        /// <returns></returns>
        protected virtual WsTrustRequest CreateWsTrustRequest()
        {
            EndpointAddress target = SecurityTokenRequirement.GetProperty <EndpointAddress>(TargetAddressProperty);

            int    keySize;
            string keyType;

            switch (WSTrustTokenParameters.KeyType)
            {
            case SecurityKeyType.AsymmetricKey:
                keySize = DefaultPublicKeySize;
                keyType = _requestSerializationContext.TrustKeyTypes.PublicKey;
                break;

            case SecurityKeyType.SymmetricKey:
                keySize = _securityAlgorithmSuite.DefaultSymmetricKeyLength;
                keyType = _requestSerializationContext.TrustKeyTypes.Symmetric;
                break;

            case SecurityKeyType.BearerKey:
                keySize = 0;
                keyType = _requestSerializationContext.TrustKeyTypes.Bearer;
                break;

            default:
                throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new NotSupportedException(LogHelper.FormatInvariant("KeyType is not supported: {0}", WSTrustTokenParameters.KeyType)), System.Diagnostics.Tracing.EventLevel.Error);
            }

            Entropy entropy = null;

            if (WSTrustTokenParameters.KeyType != SecurityKeyType.BearerKey &&
                (KeyEntropyMode == SecurityKeyEntropyMode.ClientEntropy || KeyEntropyMode == SecurityKeyEntropyMode.CombinedEntropy))
            {
                byte[] entropyBytes = new byte[keySize / 8];
                Psha1KeyGenerator.FillRandomBytes(entropyBytes);
                entropy = new Entropy(new BinarySecret(entropyBytes));
            }

            var trustRequest = new WsTrustRequest(_requestSerializationContext.TrustActions.Issue)
            {
                AppliesTo      = new AppliesTo(new EndpointReference(target.Uri.OriginalString)),
                Context        = RequestContext,
                KeySizeInBits  = keySize,
                KeyType        = keyType,
                WsTrustVersion = _requestSerializationContext.TrustVersion
            };

            if (SecurityTokenRequirement.TokenType != null)
            {
                trustRequest.TokenType = SecurityTokenRequirement.TokenType;
            }

            if (entropy != null)
            {
                trustRequest.Entropy = entropy;
                trustRequest.ComputedKeyAlgorithm = _requestSerializationContext.TrustKeyTypes.PSHA1;
            }

            return(trustRequest);
        }
 public static bool TryCreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement, ClientCredentialsSecurityTokenManager clientCredentialsTokenManager, out SecurityTokenProvider provider)
 {
     if (tokenRequirement == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenRequirement");
     }
     if (clientCredentialsTokenManager == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("clientCredentialsTokenManager");
     }
     provider = null;
     if ((clientCredentialsTokenManager.ClientCredentials.SupportInteractive && ((null == clientCredentialsTokenManager.ClientCredentials.IssuedToken.LocalIssuerAddress) || (clientCredentialsTokenManager.ClientCredentials.IssuedToken.LocalIssuerBinding == null))) && clientCredentialsTokenManager.IsIssuedSecurityTokenRequirement(tokenRequirement))
     {
         ChannelParameterCollection parameters;
         Uri uri;
         int num;
         InfoCardChannelParameter infocardChannelParameter = null;
         if (tokenRequirement.TryGetProperty <ChannelParameterCollection>(ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty, out parameters))
         {
             foreach (object obj2 in parameters)
             {
                 if (obj2 is InfoCardChannelParameter)
                 {
                     infocardChannelParameter = (InfoCardChannelParameter)obj2;
                     break;
                 }
             }
         }
         if ((infocardChannelParameter == null) || !infocardChannelParameter.RequiresInfoCard)
         {
             return(false);
         }
         EndpointAddress property = tokenRequirement.GetProperty <EndpointAddress>(ServiceModelSecurityTokenRequirement.TargetAddressProperty);
         IssuedSecurityTokenParameters parameters2 = tokenRequirement.GetProperty <IssuedSecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty);
         if (!tokenRequirement.TryGetProperty <Uri>(ServiceModelSecurityTokenRequirement.PrivacyNoticeUriProperty, out uri))
         {
             uri = null;
         }
         if (!tokenRequirement.TryGetProperty <int>(ServiceModelSecurityTokenRequirement.PrivacyNoticeVersionProperty, out num))
         {
             num = 0;
         }
         provider = CreateTokenProviderForNextLeg(tokenRequirement, property, parameters2.IssuerAddress, infocardChannelParameter.RelyingPartyIssuer, clientCredentialsTokenManager, infocardChannelParameter);
     }
     return(provider != null);
 }
Exemple #11
0
 public WSTrustChannelSecurityTokenProvider(SecurityTokenRequirement tokenRequirement)
 {
     SecurityTokenRequirement = tokenRequirement ?? throw new ArgumentNullException(nameof(tokenRequirement));
     SecurityTokenRequirement.TryGetProperty(SecurityAlgorithmSuiteProperty, out _securityAlgorithmSuite);
     WSTrustTokenParameters = SecurityTokenRequirement.GetProperty <IssuedSecurityTokenParameters>(IssuedSecurityTokenParametersProperty) as WSTrustTokenParameters;
     InitializeKeyEntropyMode();
     SetInboundSerializationContext();
     RequestContext = string.IsNullOrEmpty(WSTrustTokenParameters.RequestContext) ? Guid.NewGuid().ToString() : WSTrustTokenParameters.RequestContext;
 }
Exemple #12
0
        /// <summary>
        /// Instantiates a <see cref="WSTrustChannelSecurityTokenProvider"/> that describe the parameters for a WSTrust request.
        /// </summary>
        /// <param name="tokenRequirement">the <see cref="SecurityTokenRequirement"/> that must contain a <see cref="WSTrustTokenParameters"/> as the <see cref="IssuedSecurityTokenParameters"/> property.</param>
        /// <exception cref="ArgumentNullException">thrown if <paramref name="tokenRequirement"/> is null.</exception>
        /// <exception cref="ArgumentException">thrown if <see cref="SecurityTokenRequirement.GetProperty{TValue}(string)"/> (IssuedSecurityTokenParameters) is not a <see cref="WSTrustTokenParameters"/>.</exception>
        public WSTrustChannelSecurityTokenProvider(SecurityTokenRequirement tokenRequirement)
        {
            SecurityTokenRequirement = tokenRequirement ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new ArgumentNullException(nameof(tokenRequirement)), EventLevel.Error);
            SecurityTokenRequirement.TryGetProperty(SecurityAlgorithmSuiteProperty, out _securityAlgorithmSuite);

            IssuedSecurityTokenParameters issuedSecurityTokenParameters = SecurityTokenRequirement.GetProperty <IssuedSecurityTokenParameters>(IssuedSecurityTokenParametersProperty);

            WSTrustTokenParameters = issuedSecurityTokenParameters as WSTrustTokenParameters;
            if (WSTrustTokenParameters == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new ArgumentException(LogHelper.FormatInvariant(SR.GetResourceString(SR.IssuedSecurityTokenParametersIncorrectType), issuedSecurityTokenParameters), nameof(tokenRequirement)), EventLevel.Error);
            }

            _communicationObject = new WrapperSecurityCommunicationObject(this);
        }
        /// <summary>
        /// Instantiates a <see cref="WSTrustChannelSecurityTokenProvider"/> that describe the parameters for a WSTrust request.
        /// </summary>
        /// <param name="tokenRequirement">the <see cref="SecurityTokenRequirement"/> that must contain a <see cref="WSTrustTokenParameters"/> as the <see cref="IssuedSecurityTokenParameters"/> property.</param>
        /// <exception cref="ArgumentNullException">thrown if <paramref name="tokenRequirement"/> is null.</exception>
        /// <exception cref="ArgumentException">thrown if <see cref="SecurityTokenRequirement.GetProperty{TValue}(string)"/> (IssuedSecurityTokenParameters) is not a <see cref="WSTrustTokenParameters"/>.</exception>
        public WSTrustChannelSecurityTokenProvider(SecurityTokenRequirement tokenRequirement)
        {
            SecurityTokenRequirement = tokenRequirement ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new ArgumentNullException(nameof(tokenRequirement)), System.Diagnostics.Tracing.EventLevel.Error);
            SecurityTokenRequirement.TryGetProperty(SecurityAlgorithmSuiteProperty, out _securityAlgorithmSuite);

            IssuedSecurityTokenParameters issuedSecurityTokenParameters = SecurityTokenRequirement.GetProperty <IssuedSecurityTokenParameters>(IssuedSecurityTokenParametersProperty);

            WSTrustTokenParameters = issuedSecurityTokenParameters as WSTrustTokenParameters;
            if (WSTrustTokenParameters == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new ArgumentException(LogHelper.FormatInvariant("tokenRequirement.GetProperty<IssuedSecurityTokenParameters> must be of type: WSTrustTokenParameters. Was: '{0}.", issuedSecurityTokenParameters), nameof(tokenRequirement)), System.Diagnostics.Tracing.EventLevel.Error);
            }

            InitializeKeyEntropyMode();
            SetInboundSerializationContext();
            RequestContext = string.IsNullOrEmpty(WSTrustTokenParameters.RequestContext) ? Guid.NewGuid().ToString() : WSTrustTokenParameters.RequestContext;
        }
Exemple #14
0
        public override SecurityTokenProvider CreateSecurityTokenProvider(
            SecurityTokenRequirement requirement)
        {
            SecurityTokenProvider result = null;

            if (requirement.TokenType == SecurityTokenTypes.X509Certificate)
            {
                MessageDirection direction = requirement.
                                             GetProperty <MessageDirection>(
                    ServiceModelSecurityTokenRequirement.
                    MessageDirectionProperty);
                if (direction == MessageDirection.Input)
                {
                    if (requirement.KeyUsage == SecurityKeyUsage.Exchange)
                    {
                        result = new X509SecurityTokenProvider(
                            credentials.ServiceEncryptingCertificate);
                    }
                    else
                    {
                        result = new X509SecurityTokenProvider(
                            credentials.ClientSigningCertificate);
                    }
                }
                else
                {
                    if (requirement.KeyUsage == SecurityKeyUsage.Signature)
                    {
                        result = new X509SecurityTokenProvider(
                            credentials.ServiceSigningCertificate);
                    }
                    else
                    {
                        result = new X509SecurityTokenProvider(
                            credentials.ClientEncryptingCertificate);
                    }
                }
            }
            else
            {
                result = base.CreateSecurityTokenProvider(requirement);
            }
            return(result);
        }
Exemple #15
0
        internal static SecurityStandardsManager CreateSecurityStandardsManager(SecurityTokenRequirement requirement, SecurityTokenManager tokenManager)
        {
            MessageSecurityTokenVersion securityVersion = (MessageSecurityTokenVersion)requirement.GetProperty <MessageSecurityTokenVersion>(ServiceModelSecurityTokenRequirement.MessageSecurityVersionProperty);

            if (securityVersion == MessageSecurityTokenVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005BasicSecurityProfile10)
            {
                return(CreateSecurityStandardsManager(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10, tokenManager));
            }
            if (securityVersion == MessageSecurityTokenVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005)
            {
                return(CreateSecurityStandardsManager(MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11, tokenManager));
            }
            if (securityVersion == MessageSecurityTokenVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005BasicSecurityProfile10)
            {
                return(CreateSecurityStandardsManager(MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10, tokenManager));
            }
            if (securityVersion == MessageSecurityTokenVersion.WSSecurity10WSTrust13WSSecureConversation13BasicSecurityProfile10)
            {
                return(CreateSecurityStandardsManager(MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10, tokenManager));
            }
            if (securityVersion == MessageSecurityTokenVersion.WSSecurity11WSTrust13WSSecureConversation13)
            {
                return(CreateSecurityStandardsManager(MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12, tokenManager));
            }
            if (securityVersion == MessageSecurityTokenVersion.WSSecurity11WSTrust13WSSecureConversation13BasicSecurityProfile10)
            {
                return(CreateSecurityStandardsManager(MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10, tokenManager));
            }
            throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
        }
Exemple #16
0
        // Summary:
        //  If interactive support is requested and an IssuedSecurityTokenParameters is specified this method
        //  will return an instance of an InfoCardTokenProvider.
        //  Otherwise this method defers to the base implementation.
        //
        // Parameters
        //  parameters  - The security token parameters associated with this ChannelFactory.
        //
        // Note
        //  The target and issuer information will not be available in this call
        //
        public static bool TryCreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement, ClientCredentialsSecurityTokenManager clientCredentialsTokenManager, out SecurityTokenProvider provider)
        {
            if (tokenRequirement == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenRequirement");
            }
            if (clientCredentialsTokenManager == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("clientCredentialsTokenManager");
            }

            provider = null;

            if (!clientCredentialsTokenManager.ClientCredentials.SupportInteractive ||
                (null != clientCredentialsTokenManager.ClientCredentials.IssuedToken.LocalIssuerAddress && null != clientCredentialsTokenManager.ClientCredentials.IssuedToken.LocalIssuerBinding) ||
                !clientCredentialsTokenManager.IsIssuedSecurityTokenRequirement(tokenRequirement)
                )
            {
                //IDT.TraceDebug("ICARDTOKPROV: Non Issued SecurityToken requirement submitted to InfoCardClientCredentialsSecurityTokenManager:\n{0}", tokenRequirement);
                //IDT.TraceDebug("ICARDTOKPROV: Defering to the base class to create the token provider");
            }
            else
            {
                ChannelParameterCollection channelParameter;
                InfoCardChannelParameter   infocardChannelParameter = null;
                if (tokenRequirement.TryGetProperty <ChannelParameterCollection>(ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty, out channelParameter))
                {
                    foreach (object obj in channelParameter)
                    {
                        if (obj is InfoCardChannelParameter)
                        {
                            infocardChannelParameter = (InfoCardChannelParameter)obj;
                            break;
                        }
                    }
                }

                if (null == infocardChannelParameter || !infocardChannelParameter.RequiresInfoCard)
                {
                    return(false);
                }

                EndpointAddress target = tokenRequirement.GetProperty <EndpointAddress>(ServiceModelSecurityTokenRequirement.TargetAddressProperty);
                IssuedSecurityTokenParameters issuedTokenParameters = tokenRequirement.GetProperty <IssuedSecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty);

                Uri privacyNoticeLink;
                if (!tokenRequirement.TryGetProperty <Uri>(ServiceModelSecurityTokenRequirement.PrivacyNoticeUriProperty, out privacyNoticeLink))
                {
                    privacyNoticeLink = null;
                }

                int privacyNoticeVersion;
                if (!tokenRequirement.TryGetProperty <int>(ServiceModelSecurityTokenRequirement.PrivacyNoticeVersionProperty, out privacyNoticeVersion))
                {
                    privacyNoticeVersion = 0;
                }
                //
                // This analysis of this chain indicates that interactive support will be required
                // The InternalClientCredentials class handles that.
                //
                provider = CreateTokenProviderForNextLeg(tokenRequirement, target, issuedTokenParameters.IssuerAddress, infocardChannelParameter.RelyingPartyIssuer, clientCredentialsTokenManager, infocardChannelParameter);
            }

            return(provider != null);
        }
		IssuedSecurityTokenProvider CreateIssuedProviderBase (SecurityTokenRequirement r)
		{
			IssuedSecurityTokenProvider p =
				new IssuedSecurityTokenProvider ();

			p.TargetAddress = r.GetProperty<EndpointAddress> (ReqType.TargetAddressProperty);

			// FIXME: use it somewhere, probably to build 
			// IssuerBinding. However, there is also IssuerBinding 
			// property. SecureConversationSecurityBindingElement
			// as well.
			SecurityBindingElement sbe =
				r.GetProperty<SecurityBindingElement> (ReqType.SecurityBindingElementProperty);

			// I doubt the binding is acquired this way ...
			Binding binding;
			if (!r.TryGetProperty<Binding> (ReqType.IssuerBindingProperty, out binding))
				binding = new CustomBinding (sbe,
					new TextMessageEncodingBindingElement (),
					new HttpTransportBindingElement ());
			p.IssuerBinding = binding;

			// not sure if it is used only for this purpose though ...
			BindingContext ctx = r.GetProperty<BindingContext> (ReqType.IssuerBindingContextProperty);
			foreach (IEndpointBehavior b in ctx.BindingParameters.FindAll<IEndpointBehavior> ())
				p.IssuerChannelBehaviors.Add (b);

			SecurityTokenVersion ver =
				r.GetProperty<SecurityTokenVersion> (ReqType.MessageSecurityVersionProperty);
			p.SecurityTokenSerializer =
				CreateSecurityTokenSerializer (ver);

			// seems like they are optional here ... (but possibly
			// used later)
			EndpointAddress address;
			if (!r.TryGetProperty<EndpointAddress> (ReqType.IssuerAddressProperty, out address))
				address = p.TargetAddress;
			p.IssuerAddress = address;

			// It is somehow not checked as mandatory ...
			SecurityAlgorithmSuite suite = null;
			r.TryGetProperty<SecurityAlgorithmSuite> (ReqType.SecurityAlgorithmSuiteProperty, out suite);
			p.SecurityAlgorithmSuite = suite;

			return p;
		}