public override XmlElement CreateMsspSslContextTokenAssertion(MetadataExporter exporter, SslSecurityTokenParameters parameters)
{
XmlElement tokenAssertion = this.CreateMsspAssertion("SslContextToken");
this.SetIncludeTokenValue(tokenAssertion, parameters.InclusionMode);
tokenAssertion.AppendChild(this.CreateWspPolicyWrapper(exporter, new XmlElement[] { this.CreateWsspRequireDerivedKeysAssertion(parameters.RequireDerivedKeys), this.CreateWsspMustNotSendCancelAssertion(false), this.CreateMsspRequireClientCertificateAssertion(parameters.RequireClientCertificate), this.CreateWsspMustNotSendAmendAssertion(), this.CreateWsspMustNotSendRenewAssertion() }));
return tokenAssertion;
}
protected SslSecurityTokenParameters(SslSecurityTokenParameters other) : base(other)
{
this.requireClientCertificate = other.requireClientCertificate;
this.requireCancellation = other.requireCancellation;
if (other.issuerBindingContext != null)
{
this.issuerBindingContext = other.issuerBindingContext.Clone();
}
}
protected SslSecurityTokenParameters(SslSecurityTokenParameters other)
: base(other)
{
this.requireClientCertificate = other.requireClientCertificate;
this.requireCancellation = other.requireCancellation;
if (other.issuerBindingContext != null)
{
this.issuerBindingContext = other.issuerBindingContext.Clone();
}
}
public virtual bool TryImportMsspSslContextTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters)
{
parameters = null;
SecurityTokenInclusionMode inclusionMode;
Collection<Collection<XmlElement>> alternatives;
if (IsMsspAssertion(assertion, SslContextTokenName)
&& TryGetIncludeTokenValue(assertion, out inclusionMode))
{
if (TryGetNestedPolicyAlternatives(importer, assertion, out alternatives))
{
foreach (Collection<XmlElement> alternative in alternatives)
{
SslSecurityTokenParameters ssl = new SslSecurityTokenParameters();
parameters = ssl;
bool requireCancellation;
if (TryImportWsspRequireDerivedKeysAssertion(alternative, ssl)
&& TryImportWsspMustNotSendCancelAssertion(alternative, out requireCancellation)
&& TryImportMsspRequireClientCertificateAssertion(alternative, ssl)
&& alternative.Count == 0)
{
ssl.RequireCancellation = requireCancellation;
ssl.InclusionMode = inclusionMode;
break;
}
else
{
parameters = null;
}
}
}
else
{
parameters = new SslSecurityTokenParameters();
parameters.RequireDerivedKeys = false;
parameters.InclusionMode = inclusionMode;
}
}
return parameters != null;
}
public virtual XmlElement CreateMsspSslContextTokenAssertion(MetadataExporter exporter, SslSecurityTokenParameters parameters)
{
XmlElement result = CreateMsspAssertion(SslContextTokenName);
SetIncludeTokenValue(result, parameters.InclusionMode);
result.AppendChild(
CreateWspPolicyWrapper(
exporter,
CreateWsspRequireDerivedKeysAssertion(parameters.RequireDerivedKeys),
CreateWsspMustNotSendCancelAssertion(parameters.RequireCancellation),
CreateMsspRequireClientCertificateAssertion(parameters.RequireClientCertificate)
));
return result;
}
public virtual bool TryImportMsspRequireClientCertificateAssertion(ICollection<XmlElement> assertions, SslSecurityTokenParameters parameters)
{
parameters.RequireClientCertificate = TryImportMsspAssertion(assertions, RequireClientCertificateName);
return true;
}
protected SslSecurityTokenParameters (SslSecurityTokenParameters source)
: base (source)
{
cert = source.cert;
cancel = source.cancel;
}
public virtual bool TryImportMsspSslContextTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters)
{
SecurityTokenInclusionMode mode;
parameters = null;
if (this.IsMsspAssertion(assertion, "SslContextToken") && this.TryGetIncludeTokenValue(assertion, out mode))
{
Collection<Collection<XmlElement>> collection;
if (this.TryGetNestedPolicyAlternatives(importer, assertion, out collection))
{
foreach (Collection<XmlElement> collection2 in collection)
{
bool flag;
SslSecurityTokenParameters parameters2 = new SslSecurityTokenParameters();
parameters = parameters2;
if ((this.TryImportWsspRequireDerivedKeysAssertion(collection2, parameters2) && this.TryImportWsspMustNotSendCancelAssertion(collection2, out flag)) && (this.TryImportMsspRequireClientCertificateAssertion(collection2, parameters2) && (collection2.Count == 0)))
{
parameters2.RequireCancellation = flag;
parameters2.InclusionMode = mode;
break;
}
parameters = null;
}
}
else
{
parameters = new SslSecurityTokenParameters();
parameters.RequireDerivedKeys = false;
parameters.InclusionMode = mode;
}
}
return (parameters != null);
}
public override bool TryImportMsspSslContextTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters)
{
parameters = null;
SecurityTokenInclusionMode inclusionMode;
Collection<Collection<XmlElement>> alternatives;
if (IsMsspAssertion(assertion, SslContextTokenName)
&& TryGetIncludeTokenValue(assertion, out inclusionMode))
{
if (TryGetNestedPolicyAlternatives(importer, assertion, out alternatives))
{
foreach (Collection<XmlElement> alternative in alternatives)
{
SslSecurityTokenParameters ssl = new SslSecurityTokenParameters();
parameters = ssl;
bool requireCancellation;
bool canRenewSession;
if (TryImportWsspRequireDerivedKeysAssertion(alternative, ssl)
&& TryImportWsspMustNotSendCancelAssertion(alternative, out requireCancellation)
&& TryImportWsspMustNotSendAmendAssertion(alternative)
// We do not support Renew for spnego and sslnego. Read the
// assertion if present and ignore it.
&& TryImportWsspMustNotSendRenewAssertion(alternative, out canRenewSession)
&& TryImportMsspRequireClientCertificateAssertion(alternative, ssl)
&& alternative.Count == 0)
{
// Client always set this to true to match the standardbinding.
// This setting on client has no effect for spnego and sslnego.
ssl.RequireCancellation = true;
ssl.InclusionMode = inclusionMode;
break;
}
else
{
parameters = null;
}
}
}
else
{
parameters = new SslSecurityTokenParameters();
parameters.RequireDerivedKeys = false;
parameters.InclusionMode = inclusionMode;
}
}
return parameters != null;
}
public override XmlElement CreateMsspSslContextTokenAssertion(MetadataExporter exporter, SslSecurityTokenParameters parameters)
{
XmlElement result = CreateMsspAssertion(SslContextTokenName);
SetIncludeTokenValue(result, parameters.InclusionMode);
result.AppendChild(
CreateWspPolicyWrapper(
exporter,
CreateWsspRequireDerivedKeysAssertion(parameters.RequireDerivedKeys),
// Always emit <sp:MustNotSendCancel/> for spnego and sslnego
CreateWsspMustNotSendCancelAssertion(false),
CreateMsspRequireClientCertificateAssertion(parameters.RequireClientCertificate),
CreateWsspMustNotSendAmendAssertion(),
CreateWsspMustNotSendRenewAssertion()
));
return result;
}
protected SslSecurityTokenParameters(SslSecurityTokenParameters other)
{
Contract.Requires(other != null);
}
protected SslSecurityTokenParameters(SslSecurityTokenParameters other)
: base(other)
{
cert = other.cert;
cancel = other.cancel;
}
protected SslSecurityTokenParameters(SslSecurityTokenParameters other)
{
Contract.Requires(other != null);
}
protected SslSecurityTokenParameters(SslSecurityTokenParameters source)
: base(source)
{
cert = source.cert;
cancel = source.cancel;
}