protected override SecurityProtocolCorrelationState VerifyIncomingMessageCore(ref Message message, string actor, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
{
SessionSymmetricMessageSecurityProtocolFactory factory = this.Factory;
IList <SupportingTokenAuthenticatorSpecification> dummyAuthenticators;
ReceiveSecurityHeader securityHeader = ConfigureReceiveSecurityHeader(message, string.Empty, correlationStates, this.requireDerivedKeys ? this.sessionStandardsManager : null, out dummyAuthenticators);
List <SecurityToken> sessionTokens = GetIncomingSessionTokens();
securityHeader.ConfigureSymmetricBindingClientReceiveHeader(sessionTokens, this.Factory.SecurityTokenParameters);
// do not enforce the key derivation requirement for CancelResponse due to WSE interop
securityHeader.EnforceDerivedKeyRequirement = (message.Headers.Action != factory.StandardsManager.SecureConversationDriver.CloseResponseAction.Value);
ProcessSecurityHeader(securityHeader, ref message, null, timeout, correlationStates);
SecurityToken signingToken = securityHeader.SignatureToken;
// verify that the signing token was one of the session tokens
bool isSessionToken = false;
for (int i = 0; i < sessionTokens.Count; ++i)
{
if (Object.ReferenceEquals(signingToken, sessionTokens[i]))
{
isSessionToken = true;
break;
}
}
if (!isSessionToken)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.GetString(SR.NoSessionTokenPresentInMessage)));
}
if (factory.RequireIntegrity)
{
ReadOnlyCollection <IAuthorizationPolicy> signingTokenPolicies = this.sessionTokenAuthenticator.ValidateToken(signingToken);
DoIdentityCheckAndAttachInitiatorSecurityProperty(message, signingToken, signingTokenPolicies);
}
return(null);
}
protected override SecurityProtocolCorrelationState VerifyIncomingMessageCore(ref Message message, string actor, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
{
IList <SupportingTokenAuthenticatorSpecification> list;
SessionSymmetricMessageSecurityProtocolFactory factory = this.Factory;
ReceiveSecurityHeader securityHeader = base.ConfigureReceiveSecurityHeader(message, string.Empty, correlationStates, this.requireDerivedKeys ? this.sessionStandardsManager : null, out list);
List <SecurityToken> incomingSessionTokens = this.GetIncomingSessionTokens();
securityHeader.ConfigureSymmetricBindingClientReceiveHeader(incomingSessionTokens, this.Factory.SecurityTokenParameters);
securityHeader.EnforceDerivedKeyRequirement = message.Headers.Action != factory.StandardsManager.SecureConversationDriver.CloseResponseAction.Value;
base.ProcessSecurityHeader(securityHeader, ref message, null, timeout, correlationStates);
SecurityToken signatureToken = securityHeader.SignatureToken;
bool flag = false;
for (int i = 0; i < incomingSessionTokens.Count; i++)
{
if (object.ReferenceEquals(signatureToken, incomingSessionTokens[i]))
{
flag = true;
break;
}
}
if (!flag)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(System.ServiceModel.SR.GetString("NoSessionTokenPresentInMessage")));
}
if (factory.RequireIntegrity)
{
ReadOnlyCollection <IAuthorizationPolicy> protectionTokenPolicies = this.sessionTokenAuthenticator.ValidateToken(signatureToken);
base.DoIdentityCheckAndAttachInitiatorSecurityProperty(message, signatureToken, protectionTokenPolicies);
}
return(null);
}
protected override SecurityProtocolCorrelationState VerifyIncomingMessageCore(ref Message message, string actor, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
{
SymmetricSecurityProtocolFactory factory = this.Factory;
IList <SupportingTokenAuthenticatorSpecification> supportingAuthenticators;
TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);
ReceiveSecurityHeader securityHeader = ConfigureReceiveSecurityHeader(message, string.Empty, correlationStates, out supportingAuthenticators);
SecurityToken requiredReplySigningToken = null;
if (this.Factory.ActAsInitiator)
{
// set the outofband protection token
SecurityTokenParameters outOfBandTokenParameters;
SecurityToken outOfBandToken = GetCorrelationToken(correlationStates, out outOfBandTokenParameters);
securityHeader.ConfigureSymmetricBindingClientReceiveHeader(outOfBandToken, outOfBandTokenParameters);
requiredReplySigningToken = outOfBandToken;
}
else
{
if (factory.RecipientSymmetricTokenAuthenticator != null)
{
securityHeader.ConfigureSymmetricBindingServerReceiveHeader(this.Factory.RecipientSymmetricTokenAuthenticator, this.Factory.SecurityTokenParameters, supportingAuthenticators);
}
else
{
securityHeader.ConfigureSymmetricBindingServerReceiveHeader(this.Factory.RecipientAsymmetricTokenProvider.GetToken(timeoutHelper.RemainingTime()), this.Factory.SecurityTokenParameters, supportingAuthenticators);
securityHeader.WrappedKeySecurityTokenAuthenticator = this.Factory.WrappedKeySecurityTokenAuthenticator;
}
securityHeader.ConfigureOutOfBandTokenResolver(MergeOutOfBandResolvers(supportingAuthenticators, this.Factory.RecipientOutOfBandTokenResolverList));
}
ProcessSecurityHeader(securityHeader, ref message, requiredReplySigningToken, timeoutHelper.RemainingTime(), correlationStates);
SecurityToken signingToken = securityHeader.SignatureToken;
if (factory.RequireIntegrity)
{
if (factory.SecurityTokenParameters.HasAsymmetricKey)
{
// enforce that the signing token is a wrapped key token
EnsureWrappedToken(signingToken, message);
}
else
{
EnsureNonWrappedToken(signingToken, message);
}
if (factory.ActAsInitiator)
{
if (!factory.SecurityTokenParameters.HasAsymmetricKey)
{
ReadOnlyCollection <IAuthorizationPolicy> signingTokenPolicies = this.initiatorTokenAuthenticator.ValidateToken(signingToken);
DoIdentityCheckAndAttachInitiatorSecurityProperty(message, signingToken, signingTokenPolicies);
}
else
{
SecurityToken wrappingToken = (signingToken as WrappedKeySecurityToken).WrappingToken;
ReadOnlyCollection <IAuthorizationPolicy> wrappingTokenPolicies = this.initiatorTokenAuthenticator.ValidateToken(wrappingToken);
DoIdentityCheckAndAttachInitiatorSecurityProperty(message, signingToken, wrappingTokenPolicies);
}
}
else
{
AttachRecipientSecurityProperty(message, signingToken, this.Factory.SecurityTokenParameters.HasAsymmetricKey, securityHeader.BasicSupportingTokens, securityHeader.EndorsingSupportingTokens, securityHeader.SignedEndorsingSupportingTokens,
securityHeader.SignedSupportingTokens, securityHeader.SecurityTokenAuthorizationPoliciesMapping);
}
}
return(GetCorrelationState(signingToken, securityHeader));
}
protected override SecurityProtocolCorrelationState VerifyIncomingMessageCore(ref Message message, string actor, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
{
IList <SupportingTokenAuthenticatorSpecification> list;
SymmetricSecurityProtocolFactory factory = this.Factory;
TimeoutHelper helper = new TimeoutHelper(timeout);
ReceiveSecurityHeader securityHeader = base.ConfigureReceiveSecurityHeader(message, string.Empty, correlationStates, out list);
SecurityToken requiredSigningToken = null;
if (this.Factory.ActAsInitiator)
{
SecurityTokenParameters parameters;
SecurityToken correlationToken = this.GetCorrelationToken(correlationStates, out parameters);
securityHeader.ConfigureSymmetricBindingClientReceiveHeader(correlationToken, parameters);
requiredSigningToken = correlationToken;
}
else
{
if (factory.RecipientSymmetricTokenAuthenticator != null)
{
securityHeader.ConfigureSymmetricBindingServerReceiveHeader(this.Factory.RecipientSymmetricTokenAuthenticator, this.Factory.SecurityTokenParameters, list);
}
else
{
securityHeader.ConfigureSymmetricBindingServerReceiveHeader(this.Factory.RecipientAsymmetricTokenProvider.GetToken(helper.RemainingTime()), this.Factory.SecurityTokenParameters, list);
securityHeader.WrappedKeySecurityTokenAuthenticator = this.Factory.WrappedKeySecurityTokenAuthenticator;
}
securityHeader.ConfigureOutOfBandTokenResolver(base.MergeOutOfBandResolvers(list, this.Factory.RecipientOutOfBandTokenResolverList));
}
base.ProcessSecurityHeader(securityHeader, ref message, requiredSigningToken, helper.RemainingTime(), correlationStates);
SecurityToken signatureToken = securityHeader.SignatureToken;
if (factory.RequireIntegrity)
{
if (factory.SecurityTokenParameters.HasAsymmetricKey)
{
this.EnsureWrappedToken(signatureToken, message);
}
else
{
MessageSecurityProtocol.EnsureNonWrappedToken(signatureToken, message);
}
if (factory.ActAsInitiator)
{
if (!factory.SecurityTokenParameters.HasAsymmetricKey)
{
ReadOnlyCollection <IAuthorizationPolicy> protectionTokenPolicies = this.initiatorTokenAuthenticator.ValidateToken(signatureToken);
base.DoIdentityCheckAndAttachInitiatorSecurityProperty(message, signatureToken, protectionTokenPolicies);
}
else
{
SecurityToken wrappingToken = (signatureToken as WrappedKeySecurityToken).WrappingToken;
ReadOnlyCollection <IAuthorizationPolicy> onlys2 = this.initiatorTokenAuthenticator.ValidateToken(wrappingToken);
base.DoIdentityCheckAndAttachInitiatorSecurityProperty(message, signatureToken, onlys2);
}
}
else
{
base.AttachRecipientSecurityProperty(message, signatureToken, this.Factory.SecurityTokenParameters.HasAsymmetricKey, securityHeader.BasicSupportingTokens, securityHeader.EndorsingSupportingTokens, securityHeader.SignedEndorsingSupportingTokens, securityHeader.SignedSupportingTokens, securityHeader.SecurityTokenAuthorizationPoliciesMapping);
}
}
return(base.GetCorrelationState(signatureToken, securityHeader));
}
