internal override SecurityProtocolFactory CreateSecurityProtocolFactory <TChannel>(BindingContext context, SecurityCredentialsManager credentialsManager, bool isForService, BindingContext issuerBindingContext)
        {
            if (context == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
            }
            if (credentialsManager == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("credentialsManager");
            }

            if (this.InitiatorTokenParameters == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.AsymmetricSecurityBindingElementNeedsInitiatorTokenParameters, this.ToString())));
            }
            if (this.RecipientTokenParameters == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.AsymmetricSecurityBindingElementNeedsRecipientTokenParameters, this.ToString())));
            }

            bool isDuplexSecurity = !this.isCertificateSignatureBinding && (typeof(IDuplexChannel) == typeof(TChannel) || typeof(IDuplexSessionChannel) == typeof(TChannel));

            SecurityProtocolFactory protocolFactory;

            AsymmetricSecurityProtocolFactory forward = new AsymmetricSecurityProtocolFactory();

            forward.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, isForService));
            forward.RequireConfidentiality = this.HasProtectionRequirements(forward.ProtectionRequirements.IncomingEncryptionParts);
            forward.RequireIntegrity       = this.HasProtectionRequirements(forward.ProtectionRequirements.IncomingSignatureParts);
            if (this.isCertificateSignatureBinding)
            {
                if (isForService)
                {
                    forward.ApplyIntegrity = forward.ApplyConfidentiality = false;
                }
                else
                {
                    forward.ApplyConfidentiality = forward.RequireIntegrity = false;
                }
            }
            else
            {
                forward.ApplyIntegrity       = this.HasProtectionRequirements(forward.ProtectionRequirements.OutgoingSignatureParts);
                forward.ApplyConfidentiality = this.HasProtectionRequirements(forward.ProtectionRequirements.OutgoingEncryptionParts);
            }
            if (isForService)
            {
                base.ApplyAuditBehaviorSettings(context, forward);
                if (forward.RequireConfidentiality || (!this.isCertificateSignatureBinding && forward.ApplyIntegrity))
                {
                    forward.AsymmetricTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone();
                }
                else
                {
                    forward.AsymmetricTokenParameters = null;
                }
                forward.CryptoTokenParameters = this.InitiatorTokenParameters.Clone();
                SetIssuerBindingContextIfRequired(forward.CryptoTokenParameters, issuerBindingContext);
            }
            else
            {
                if (forward.ApplyConfidentiality || (!this.isCertificateSignatureBinding && forward.RequireIntegrity))
                {
                    forward.AsymmetricTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone();
                }
                else
                {
                    forward.AsymmetricTokenParameters = null;
                }
                forward.CryptoTokenParameters = this.InitiatorTokenParameters.Clone();
                SetIssuerBindingContextIfRequired(forward.CryptoTokenParameters, issuerBindingContext);
            }
            if (isDuplexSecurity)
            {
                if (isForService)
                {
                    forward.ApplyConfidentiality = forward.ApplyIntegrity = false;
                }
                else
                {
                    forward.RequireIntegrity = forward.RequireConfidentiality = false;
                }
            }
            else
            {
                if (!isForService)
                {
                    forward.AllowSerializedSigningTokenOnReply = this.AllowSerializedSigningTokenOnReply;
                }
            }

            forward.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
            forward.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
            forward.MessageProtectionOrder         = this.MessageProtectionOrder;
            base.ConfigureProtocolFactory(forward, credentialsManager, isForService, issuerBindingContext, context.Binding);
            if (!forward.RequireIntegrity)
            {
                forward.DetectReplays = false;
            }

            if (isDuplexSecurity)
            {
                AsymmetricSecurityProtocolFactory reverse = new AsymmetricSecurityProtocolFactory();
                if (isForService)
                {
                    reverse.AsymmetricTokenParameters = this.InitiatorTokenParameters.Clone();
                    reverse.AsymmetricTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External;
                    reverse.AsymmetricTokenParameters.InclusionMode  = SecurityTokenInclusionMode.Never;
                    reverse.CryptoTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone();
                    reverse.CryptoTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
                    reverse.CryptoTokenParameters.InclusionMode  = SecurityTokenInclusionMode.AlwaysToRecipient;
                    reverse.IdentityVerifier = null;
                }
                else
                {
                    reverse.AsymmetricTokenParameters = this.InitiatorTokenParameters.Clone();
                    reverse.AsymmetricTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External;
                    reverse.AsymmetricTokenParameters.InclusionMode  = SecurityTokenInclusionMode.Never;
                    reverse.CryptoTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone();
                    reverse.CryptoTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
                    reverse.CryptoTokenParameters.InclusionMode  = SecurityTokenInclusionMode.AlwaysToRecipient;
                    reverse.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
                }
                reverse.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
                reverse.MessageProtectionOrder         = this.MessageProtectionOrder;
                reverse.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, isForService));
                if (isForService)
                {
                    reverse.ApplyConfidentiality = this.HasProtectionRequirements(reverse.ProtectionRequirements.OutgoingEncryptionParts);
                    reverse.ApplyIntegrity       = true;
                    reverse.RequireIntegrity     = reverse.RequireConfidentiality = false;
                }
                else
                {
                    reverse.RequireConfidentiality = this.HasProtectionRequirements(reverse.ProtectionRequirements.IncomingEncryptionParts);
                    reverse.RequireIntegrity       = true;
                    reverse.ApplyIntegrity         = reverse.ApplyConfidentiality = false;
                }
                base.ConfigureProtocolFactory(reverse, credentialsManager, !isForService, issuerBindingContext, context.Binding);
                if (!reverse.RequireIntegrity)
                {
                    reverse.DetectReplays = false;
                }

                // setup reverse here
                reverse.IsDuplexReply = true;

                DuplexSecurityProtocolFactory duplex = new DuplexSecurityProtocolFactory();
                duplex.ForwardProtocolFactory = forward;
                duplex.ReverseProtocolFactory = reverse;
                protocolFactory = duplex;
            }
            else
            {
                protocolFactory = forward;
            }

            return(protocolFactory);
        }
Esempio n. 2
0
        void CreateSecurityProtocolFactory()
        {
            SecurityProtocolFactory       incomingProtocolFactory;
            SecurityProtocolFactory       outgoingProtocolFactory;
            ChannelProtectionRequirements protectionRequirements;

            lock (ThisLock)
            {
                if (null != securityProtocolFactory)
                {
                    return;
                }

                TimeoutHelper timeoutHelper = new TimeoutHelper(ServiceDefaults.SendTimeout);
                if (!enableSigning)
                {
                    outgoingProtocolFactory = new PeerDoNothingSecurityProtocolFactory();
                    incomingProtocolFactory = new PeerDoNothingSecurityProtocolFactory();
                }
                else
                {
                    X509Certificate2 cert = credManager.Certificate;
                    if (cert != null)
                    {
                        SecurityBindingElement securityBindingElement = SecurityBindingElement.CreateCertificateSignatureBindingElement();
                        securityBindingElement.ReaderQuotas = this.readerQuotas;
                        BindingParameterCollection bpc = new BindingParameterCollection();
                        if (protection == null)
                        {
                            protectionRequirements = new ChannelProtectionRequirements();
                        }
                        else
                        {
                            protectionRequirements = new ChannelProtectionRequirements(protection);
                        }
                        ApplySigningRequirements(protectionRequirements.IncomingSignatureParts);
                        ApplySigningRequirements(protectionRequirements.OutgoingSignatureParts);

                        bpc.Add(protectionRequirements);
                        bpc.Add(this.auditBehavior);
                        bpc.Add(credManager);
                        BindingContext context = new BindingContext(new CustomBinding(securityBindingElement), bpc);
                        outgoingProtocolFactory = securityBindingElement.CreateSecurityProtocolFactory <IOutputChannel>(context, credManager, false, null);
                    }
                    else
                    {
                        outgoingProtocolFactory = new PeerDoNothingSecurityProtocolFactory();
                    }
                    SecurityTokenResolver          resolver;
                    X509SecurityTokenAuthenticator auth = tokenManager.CreateSecurityTokenAuthenticator(PeerSecurityCredentialsManager.PeerClientSecurityTokenManager.CreateRequirement(SecurityTokenTypes.X509Certificate, true), out resolver) as X509SecurityTokenAuthenticator;
                    if (auth != null)
                    {
                        SecurityBindingElement securityBindingElement = SecurityBindingElement.CreateCertificateSignatureBindingElement();
                        securityBindingElement.ReaderQuotas = this.readerQuotas;
                        BindingParameterCollection bpc = new BindingParameterCollection();
                        if (protection == null)
                        {
                            protectionRequirements = new ChannelProtectionRequirements();
                        }
                        else
                        {
                            protectionRequirements = new ChannelProtectionRequirements(protection);
                        }
                        ApplySigningRequirements(protectionRequirements.IncomingSignatureParts);
                        ApplySigningRequirements(protectionRequirements.OutgoingSignatureParts);

                        bpc.Add(protectionRequirements);
                        bpc.Add(this.auditBehavior);
                        bpc.Add(credManager);
                        BindingContext context = new BindingContext(new CustomBinding(securityBindingElement), bpc);
                        incomingProtocolFactory = securityBindingElement.CreateSecurityProtocolFactory <IOutputChannel>(context, credManager, true, null);
                    }
                    else
                    {
                        incomingProtocolFactory = new PeerDoNothingSecurityProtocolFactory();
                    }
                }
                DuplexSecurityProtocolFactory tempFactory = new DuplexSecurityProtocolFactory(outgoingProtocolFactory, incomingProtocolFactory);
                tempFactory.Open(true, timeoutHelper.RemainingTime());
                securityProtocolFactory = tempFactory;
            }
        }
Esempio n. 3
0
 private void CreateSecurityProtocolFactory()
 {
     lock (this.ThisLock)
     {
         if (this.securityProtocolFactory == null)
         {
             SecurityProtocolFactory factory;
             SecurityProtocolFactory factory2;
             TimeoutHelper           helper = new TimeoutHelper(ServiceDefaults.SendTimeout);
             if (!this.enableSigning)
             {
                 factory2 = new PeerDoNothingSecurityProtocolFactory();
                 factory  = new PeerDoNothingSecurityProtocolFactory();
             }
             else
             {
                 ChannelProtectionRequirements requirements;
                 SecurityTokenResolver         resolver;
                 if (this.credManager.Certificate != null)
                 {
                     SecurityBindingElement element = SecurityBindingElement.CreateCertificateSignatureBindingElement();
                     element.ReaderQuotas = this.readerQuotas;
                     BindingParameterCollection parameters = new BindingParameterCollection();
                     if (this.protection == null)
                     {
                         requirements = new ChannelProtectionRequirements();
                     }
                     else
                     {
                         requirements = new ChannelProtectionRequirements(this.protection);
                     }
                     this.ApplySigningRequirements(requirements.IncomingSignatureParts);
                     this.ApplySigningRequirements(requirements.OutgoingSignatureParts);
                     parameters.Add(requirements);
                     parameters.Add(this.auditBehavior);
                     parameters.Add(this.credManager);
                     BindingContext context = new BindingContext(new CustomBinding(new BindingElement[] { element }), parameters);
                     factory2 = element.CreateSecurityProtocolFactory <IOutputChannel>(context, this.credManager, false, null);
                 }
                 else
                 {
                     factory2 = new PeerDoNothingSecurityProtocolFactory();
                 }
                 if (this.tokenManager.CreateSecurityTokenAuthenticator(PeerSecurityCredentialsManager.PeerClientSecurityTokenManager.CreateRequirement(SecurityTokenTypes.X509Certificate, true), out resolver) is X509SecurityTokenAuthenticator)
                 {
                     SecurityBindingElement element2 = SecurityBindingElement.CreateCertificateSignatureBindingElement();
                     element2.ReaderQuotas = this.readerQuotas;
                     BindingParameterCollection parameters2 = new BindingParameterCollection();
                     if (this.protection == null)
                     {
                         requirements = new ChannelProtectionRequirements();
                     }
                     else
                     {
                         requirements = new ChannelProtectionRequirements(this.protection);
                     }
                     this.ApplySigningRequirements(requirements.IncomingSignatureParts);
                     this.ApplySigningRequirements(requirements.OutgoingSignatureParts);
                     parameters2.Add(requirements);
                     parameters2.Add(this.auditBehavior);
                     parameters2.Add(this.credManager);
                     BindingContext context2 = new BindingContext(new CustomBinding(new BindingElement[] { element2 }), parameters2);
                     factory = element2.CreateSecurityProtocolFactory <IOutputChannel>(context2, this.credManager, true, null);
                 }
                 else
                 {
                     factory = new PeerDoNothingSecurityProtocolFactory();
                 }
             }
             DuplexSecurityProtocolFactory factory3 = new DuplexSecurityProtocolFactory(factory2, factory);
             factory3.Open(true, helper.RemainingTime());
             this.securityProtocolFactory = factory3;
         }
     }
 }