private static MessagePartSpecification ExtractMessageParts(string action,
ScopedMessagePartSpecification scopedParts, bool isForSignature)
{
MessagePartSpecification parts = null;
if (scopedParts.TryGetParts(action, out parts))
{
return(parts);
}
else if (scopedParts.TryGetParts(MessageHeaders.WildcardAction, out parts))
{
return(parts);
}
// send back a fault indication that the action is unknown
SecurityVersion wss = MessageSecurityVersion.Default.SecurityVersion;
FaultCode subCode = new FaultCode(wss.InvalidSecurityFaultCode.Value, wss.HeaderNamespace.Value);
FaultCode senderCode = FaultCode.CreateSenderFaultCode(subCode);
FaultReason reason = new FaultReason(SR.Format(SR.InvalidOrUnrecognizedAction, action), System.Globalization.CultureInfo.CurrentCulture);
MessageFault fault = MessageFault.CreateFault(senderCode, reason);
if (isForSignature)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.Format(SR.NoSignaturePartsSpecified, action), null, fault));
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.Format(SR.NoEncryptionPartsSpecified, action), null, fault));
}
}
public static MessageSecurityTokenVersion GetSecurityTokenVersion(SecurityVersion version, bool emitBspAttributes)
{
if (version == SecurityVersion.WSSecurity10)
{
if (emitBspAttributes)
{
return(WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005BasicSecurityProfile10);
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
}
else if (version == SecurityVersion.WSSecurity11)
{
if (emitBspAttributes)
{
return(WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005BasicSecurityProfile10);
}
else
{
return(WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005);
}
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
}
MessageSecurityTokenVersion(SecurityVersion securityVersion, TrustVersion trustVersion, SecureConversationVersion secureConversationVersion, string toString, bool emitBspRequiredAttributes, params string[] supportedSpecs)
: base()
{
this.emitBspRequiredAttributes = emitBspRequiredAttributes;
this.supportedSpecs = new ReadOnlyCollection<string>(supportedSpecs);
this.toString = toString;
this.securityVersion = securityVersion;
this.trustVersion = trustVersion;
this.secureConversationVersion = secureConversationVersion;
}
public SignatureConfirmationElement(string id, byte[] signatureValue, SecurityVersion version)
{
if (id == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(id));
}
if (signatureValue == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(signatureValue));
}
this.id = id;
this.signatureValue = signatureValue;
this.version = version;
}
internal bool TryGetSecurityContextIds(Message message, string[] actors, bool isStrictMode, ICollection <UniqueId> results)
{
if (results == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(results));
}
SecureConversationDriver driver = SecureConversationDriver;
int securityHeaderIndex = SecurityVersion.FindIndexOfSecurityHeader(message, actors);
if (securityHeaderIndex < 0)
{
return(false);
}
bool addedContextIds = false;
using (XmlDictionaryReader reader = message.Headers.GetReaderAtHeader(securityHeaderIndex))
{
if (!reader.IsStartElement())
{
return(false);
}
if (reader.IsEmptyElement)
{
return(false);
}
reader.ReadStartElement();
while (reader.IsStartElement())
{
if (driver.IsAtSecurityContextToken(reader))
{
results.Add(driver.GetSecurityContextTokenId(reader));
addedContextIds = true;
if (isStrictMode)
{
break;
}
}
else
{
reader.Skip();
}
}
}
return(addedContextIds);
}
public SignatureConfirmationElement(string id, byte[] signatureValue, SecurityVersion version)
{
Id = id ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(id));
_signatureValue = signatureValue ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(signatureValue));
_version = version;
}
public WSKeyInfoSerializer(bool emitBspRequiredAttributes, DictionaryManager dictionaryManager, TrustDictionary trustDictionary, SecurityTokenSerializer innerSecurityTokenSerializer, SecurityVersion securityVersion, SecureConversationVersion secureConversationVersion)
: base(emitBspRequiredAttributes, dictionaryManager, trustDictionary, innerSecurityTokenSerializer, CreateAdditionalEntries(securityVersion, secureConversationVersion))
{
}
static Func <KeyInfoSerializer, IEnumerable <SecurityTokenSerializer.SerializerEntries> > CreateAdditionalEntries(SecurityVersion securityVersion, SecureConversationVersion secureConversationVersion)
{
return((KeyInfoSerializer keyInfoSerializer) =>
{
List <SecurityTokenSerializer.SerializerEntries> serializerEntries = new List <SecurityTokenSerializer.SerializerEntries>();
if (securityVersion == SecurityVersion.WSSecurity10)
{
serializerEntries.Add(new CoreWCF.IdentityModel.Tokens.WSSecurityJan2004(keyInfoSerializer));
}
else if (securityVersion == SecurityVersion.WSSecurity11)
{
serializerEntries.Add(new CoreWCF.IdentityModel.Tokens.WSSecurityXXX2005(keyInfoSerializer));
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("securityVersion", SR.Format(SR.MessageSecurityVersionOutOfRange)));
}
if (secureConversationVersion == SecureConversationVersion.WSSecureConversationFeb2005)
{
serializerEntries.Add(new WSSecureConversationFeb2005(keyInfoSerializer));
}
else if (secureConversationVersion == SecureConversationVersion.WSSecureConversation13)
{
serializerEntries.Add(new WSSecureConversationDec2005(keyInfoSerializer));
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
return serializerEntries;
});
}
public WSSecurityTokenSerializer(SecurityVersion securityVersion, TrustVersion trustVersion, SecureConversationVersion secureConversationVersion, bool emitBspRequiredAttributes, SamlSerializer samlSerializer, SecurityStateEncoder securityStateEncoder, IEnumerable <Type> knownTypes,
int maximumKeyDerivationOffset, int maximumKeyDerivationLabelLength, int maximumKeyDerivationNonceLength)
{
if (maximumKeyDerivationOffset < 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException(nameof(maximumKeyDerivationOffset), SR.ValueMustBeNonNegative));
}
if (maximumKeyDerivationLabelLength < 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException(nameof(maximumKeyDerivationLabelLength), SR.ValueMustBeNonNegative));
}
if (maximumKeyDerivationNonceLength <= 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException(nameof(maximumKeyDerivationNonceLength), SR.ValueMustBeGreaterThanZero));
}
SecurityVersion = securityVersion ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException(nameof(securityVersion)));
EmitBspRequiredAttributes = emitBspRequiredAttributes;
MaximumKeyDerivationOffset = maximumKeyDerivationOffset;
MaximumKeyDerivationNonceLength = maximumKeyDerivationNonceLength;
MaximumKeyDerivationLabelLength = maximumKeyDerivationLabelLength;
_serializerEntries = new List <SerializerEntries>();
if (secureConversationVersion == SecureConversationVersion.WSSecureConversationFeb2005)
{
_secureConversation = new WSSecureConversationFeb2005(this, securityStateEncoder, knownTypes, maximumKeyDerivationOffset, maximumKeyDerivationLabelLength, maximumKeyDerivationNonceLength);
}
else if (secureConversationVersion == SecureConversationVersion.WSSecureConversation13)
{
_secureConversation = new WSSecureConversationDec2005(this, securityStateEncoder, knownTypes, maximumKeyDerivationOffset, maximumKeyDerivationLabelLength, maximumKeyDerivationNonceLength);
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
if (securityVersion == SecurityVersion.WSSecurity10)
{
_serializerEntries.Add(new WSSecurityJan2004(this, samlSerializer));
}
else if (securityVersion == SecurityVersion.WSSecurity11)
{
_serializerEntries.Add(new WSSecurityXXX2005(this, samlSerializer));
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException(nameof(securityVersion), SR.MessageSecurityVersionOutOfRange));
}
_serializerEntries.Add(_secureConversation);
//TODO later
TrustDictionary trustDictionary;
if (trustVersion == TrustVersion.WSTrustFeb2005)
{
_serializerEntries.Add(new WSTrustFeb2005(this));
trustDictionary = DXD.TrustDec2005Dictionary;
}
else if (trustVersion == TrustVersion.WSTrust13)
{
_serializerEntries.Add(new WSTrustDec2005(this));
trustDictionary = DXD.TrustDec2005Dictionary;
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
_tokenEntries = new List <TokenEntry>();
for (int i = 0; i < _serializerEntries.Count; ++i)
{
SerializerEntries serializerEntry = _serializerEntries[i];
serializerEntry.PopulateTokenEntries(_tokenEntries);
}
DictionaryManager dictionaryManager = new DictionaryManager(ServiceModelDictionary.CurrentVersion)
{
SecureConversationDec2005Dictionary = DXD.SecureConversationDec2005Dictionary,
SecurityAlgorithmDec2005Dictionary = DXD.SecurityAlgorithmDec2005Dictionary
};
_keyInfoSerializer = new WSKeyInfoSerializer(EmitBspRequiredAttributes, dictionaryManager, trustDictionary, this, securityVersion, secureConversationVersion);
}
public WSSecurityTokenSerializer(SecurityVersion securityVersion, bool emitBspRequiredAttributes, SamlSerializer samlSerializer, SecurityStateEncoder securityStateEncoder, IEnumerable <Type> knownTypes,
int maximumKeyDerivationOffset, int maximumKeyDerivationLabelLength, int maximumKeyDerivationNonceLength)
: this(securityVersion, TrustVersion.Default, SecureConversationVersion.Default, emitBspRequiredAttributes, samlSerializer, securityStateEncoder, knownTypes, maximumKeyDerivationOffset, maximumKeyDerivationLabelLength, maximumKeyDerivationNonceLength)
{
}
public WSSecurityTokenSerializer(SecurityVersion securityVersion, bool emitBspRequiredAttributes, SamlSerializer samlSerializer)
: this(securityVersion, emitBspRequiredAttributes, samlSerializer, null, null)
{
}
public WSSecurityTokenSerializer(SecurityVersion securityVersion)
: this(securityVersion, false)
{
}
internal bool DoesMessageContainSecurityHeader(Message message)
{
return(SecurityVersion.DoesMessageContainSecurityHeader(message));
}
internal ReceiveSecurityHeader TryCreateReceiveSecurityHeader(Message message,
string actor,
SecurityAlgorithmSuite algorithmSuite, MessageDirection direction)
{
return(SecurityVersion.TryCreateReceiveSecurityHeader(message, actor, this, algorithmSuite, direction));
}
internal SendSecurityHeader CreateSendSecurityHeader(Message message,
string actor, bool mustUnderstand, bool relay,
SecurityAlgorithmSuite algorithmSuite, MessageDirection direction)
{
return(SecurityVersion.CreateSendSecurityHeader(message, actor, mustUnderstand, relay, this, algorithmSuite, direction));
}
