protected SecurityTokenAuthenticator CreateSecureConversationTokenAuthenticator(RecipientServiceModelSecurityTokenRequirement recipientRequirement, bool preserveBootstrapTokens, out SecurityTokenResolver sctResolver) { SecurityBindingElement securityBindingElement = recipientRequirement.SecurityBindingElement; if (securityBindingElement == null) { throw CoreWCF.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.Format(SR.TokenAuthenticatorRequiresSecurityBindingElement, (object)recipientRequirement)); } bool flag = !recipientRequirement.SupportSecurityContextCancellation; LocalServiceSecuritySettings localServiceSettings = securityBindingElement.LocalServiceSettings; IMessageFilterTable <EndpointAddress> propertyOrDefault = recipientRequirement.GetPropertyOrDefault <IMessageFilterTable <EndpointAddress> >(ServiceModelSecurityTokenRequirement.EndpointFilterTableProperty, (IMessageFilterTable <EndpointAddress>)null); if (!flag) { sctResolver = (SecurityTokenResolver) new SecurityContextSecurityTokenResolver(int.MaxValue, false); return((SecurityTokenAuthenticator) new SecuritySessionSecurityTokenAuthenticator() { BootstrapSecurityBindingElement = SecurityUtils.GetIssuerSecurityBindingElement((ServiceModelSecurityTokenRequirement)recipientRequirement), IssuedSecurityTokenParameters = recipientRequirement.GetProperty <SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty), IssuedTokenCache = (ISecurityContextSecurityTokenCache)sctResolver, IssuerBindingContext = recipientRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty), KeyEntropyMode = securityBindingElement.KeyEntropyMode, ListenUri = recipientRequirement.ListenUri, SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite, SessionTokenLifetime = TimeSpan.MaxValue, KeyRenewalInterval = securityBindingElement.LocalServiceSettings.SessionKeyRenewalInterval, StandardsManager = SecurityUtils.CreateSecurityStandardsManager((SecurityTokenRequirement)recipientRequirement, (SecurityTokenManager)this), EndpointFilterTable = propertyOrDefault, MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations, NegotiationTimeout = localServiceSettings.NegotiationTimeout, PreserveBootstrapTokens = preserveBootstrapTokens }); } throw new NotImplementedException(); /* TODO later * sctResolver = (SecurityTokenResolver)new SecurityContextSecurityTokenResolver(localServiceSettings.MaxCachedCookies, true, localServiceSettings.MaxClockSkew); * AcceleratedTokenAuthenticator tokenAuthenticator = new AcceleratedTokenAuthenticator(); * tokenAuthenticator.BootstrapSecurityBindingElement = SecurityUtils.GetIssuerSecurityBindingElement((ServiceModelSecurityTokenRequirement)recipientRequirement); * tokenAuthenticator.KeyEntropyMode = securityBindingElement.KeyEntropyMode; * tokenAuthenticator.EncryptStateInServiceToken = true; * tokenAuthenticator.IssuedSecurityTokenParameters = recipientRequirement.GetProperty<SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty); * tokenAuthenticator.IssuedTokenCache = (ISecurityContextSecurityTokenCache)sctResolver; * tokenAuthenticator.IssuerBindingContext = recipientRequirement.GetProperty<BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty); * tokenAuthenticator.ListenUri = recipientRequirement.ListenUri; * tokenAuthenticator.SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite; * tokenAuthenticator.StandardsManager = SecurityUtils.CreateSecurityStandardsManager((SecurityTokenRequirement)recipientRequirement, (SecurityTokenManager)this); * tokenAuthenticator.SecurityStateEncoder = this.parent.SecureConversationAuthentication.SecurityStateEncoder; * tokenAuthenticator.KnownTypes = (IList<System.Type>)this.parent.SecureConversationAuthentication.SecurityContextClaimTypes; * tokenAuthenticator.PreserveBootstrapTokens = preserveBootstrapTokens; * tokenAuthenticator.MaximumCachedNegotiationState = localServiceSettings.MaxStatefulNegotiations; * tokenAuthenticator.NegotiationTimeout = localServiceSettings.NegotiationTimeout; * tokenAuthenticator.ServiceTokenLifetime = localServiceSettings.IssuedCookieLifetime; * tokenAuthenticator.MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations; * tokenAuthenticator.AuditLogLocation = recipientRequirement.AuditLogLocation; * tokenAuthenticator.SuppressAuditFailure = recipientRequirement.SuppressAuditFailure; * tokenAuthenticator.MessageAuthenticationAuditLevel = recipientRequirement.MessageAuthenticationAuditLevel; * tokenAuthenticator.EndpointFilterTable = propertyOrDefault; * return (SecurityTokenAuthenticator)tokenAuthenticator;*/ }
private void ValidateTable(IMessageFilterTable <TFilterData> table) { if (base.GetType().IsInstanceOfType(table)) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("FilterBadTableType"))); } }
internal SecurityProtocolFactory(SecurityProtocolFactory factory) : this() { if (factory == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(factory)); } ActAsInitiator = factory.ActAsInitiator; _addTimestamp = factory._addTimestamp; _detectReplays = factory._detectReplays; _incomingAlgorithmSuite = factory._incomingAlgorithmSuite; _maxCachedNonces = factory._maxCachedNonces; _maxClockSkew = factory._maxClockSkew; _outgoingAlgorithmSuite = factory._outgoingAlgorithmSuite; _replayWindow = factory._replayWindow; ChannelSupportingTokenAuthenticatorSpecification = new Collection <SupportingTokenAuthenticatorSpecification>(new List <SupportingTokenAuthenticatorSpecification>(factory.ChannelSupportingTokenAuthenticatorSpecification)); ScopedSupportingTokenAuthenticatorSpecification = new Dictionary <string, ICollection <SupportingTokenAuthenticatorSpecification> >(factory.ScopedSupportingTokenAuthenticatorSpecification); _standardsManager = factory._standardsManager; _timestampValidityDuration = factory._timestampValidityDuration; // this.auditLogLocation = factory.auditLogLocation; _suppressAuditFailure = factory._suppressAuditFailure; // this.serviceAuthorizationAuditLevel = factory.serviceAuthorizationAuditLevel; // this.messageAuthenticationAuditLevel = factory.messageAuthenticationAuditLevel; if (factory._securityBindingElement != null) { _securityBindingElement = (SecurityBindingElement)factory._securityBindingElement.Clone(); } _securityTokenManager = factory._securityTokenManager; _privacyNoticeUri = factory._privacyNoticeUri; _privacyNoticeVersion = factory._privacyNoticeVersion; _endpointFilterTable = factory._endpointFilterTable; ExtendedProtectionPolicy = factory.ExtendedProtectionPolicy; _nonceCache = factory._nonceCache; }
internal SecurityProtocolFactory(SecurityProtocolFactory factory) : this() { if (factory == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("factory"); } this.actAsInitiator = factory.actAsInitiator; this.addTimestamp = factory.addTimestamp; this.detectReplays = factory.detectReplays; this.incomingAlgorithmSuite = factory.incomingAlgorithmSuite; this.maxCachedNonces = factory.maxCachedNonces; this.maxClockSkew = factory.maxClockSkew; this.outgoingAlgorithmSuite = factory.outgoingAlgorithmSuite; this.replayWindow = factory.replayWindow; this.channelSupportingTokenAuthenticatorSpecification = new Collection <SupportingTokenAuthenticatorSpecification>(new List <SupportingTokenAuthenticatorSpecification>(factory.channelSupportingTokenAuthenticatorSpecification)); this.scopedSupportingTokenAuthenticatorSpecification = new Dictionary <string, ICollection <SupportingTokenAuthenticatorSpecification> >(factory.scopedSupportingTokenAuthenticatorSpecification); this.standardsManager = factory.standardsManager; this.timestampValidityDuration = factory.timestampValidityDuration; this.auditLogLocation = factory.auditLogLocation; this.suppressAuditFailure = factory.suppressAuditFailure; this.serviceAuthorizationAuditLevel = factory.serviceAuthorizationAuditLevel; this.messageAuthenticationAuditLevel = factory.messageAuthenticationAuditLevel; if (factory.securityBindingElement != null) { this.securityBindingElement = (System.ServiceModel.Channels.SecurityBindingElement)factory.securityBindingElement.Clone(); } this.securityTokenManager = factory.securityTokenManager; this.privacyNoticeUri = factory.privacyNoticeUri; this.privacyNoticeVersion = factory.privacyNoticeVersion; this.endpointFilterTable = factory.endpointFilterTable; this.extendedProtectionPolicy = factory.extendedProtectionPolicy; }
protected SecurityTokenAuthenticator CreateSecureConversationTokenAuthenticator(RecipientServiceModelSecurityTokenRequirement recipientRequirement, bool preserveBootstrapTokens, out SecurityTokenResolver sctResolver) { SecurityBindingElement securityBindingElement = recipientRequirement.SecurityBindingElement; if (securityBindingElement == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenAuthenticatorRequiresSecurityBindingElement", new object[] { recipientRequirement })); } bool flag = !recipientRequirement.SupportSecurityContextCancellation; LocalServiceSecuritySettings localServiceSettings = securityBindingElement.LocalServiceSettings; IMessageFilterTable <EndpointAddress> propertyOrDefault = recipientRequirement.GetPropertyOrDefault <IMessageFilterTable <EndpointAddress> >(ServiceModelSecurityTokenRequirement.EndpointFilterTableProperty, null); if (!flag) { sctResolver = new SecurityContextSecurityTokenResolver(0x7fffffff, false); return(new SecuritySessionSecurityTokenAuthenticator { BootstrapSecurityBindingElement = System.ServiceModel.Security.SecurityUtils.GetIssuerSecurityBindingElement(recipientRequirement), IssuedSecurityTokenParameters = recipientRequirement.GetProperty <SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty), IssuedTokenCache = (ISecurityContextSecurityTokenCache)sctResolver, IssuerBindingContext = recipientRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty), KeyEntropyMode = securityBindingElement.KeyEntropyMode, ListenUri = recipientRequirement.ListenUri, SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite, SessionTokenLifetime = TimeSpan.MaxValue, KeyRenewalInterval = securityBindingElement.LocalServiceSettings.SessionKeyRenewalInterval, StandardsManager = System.ServiceModel.Security.SecurityUtils.CreateSecurityStandardsManager(recipientRequirement, this), EndpointFilterTable = propertyOrDefault, MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations, NegotiationTimeout = localServiceSettings.NegotiationTimeout, PreserveBootstrapTokens = preserveBootstrapTokens }); } sctResolver = new SecurityContextSecurityTokenResolver(localServiceSettings.MaxCachedCookies, true, localServiceSettings.MaxClockSkew); return(new AcceleratedTokenAuthenticator { BootstrapSecurityBindingElement = System.ServiceModel.Security.SecurityUtils.GetIssuerSecurityBindingElement(recipientRequirement), KeyEntropyMode = securityBindingElement.KeyEntropyMode, EncryptStateInServiceToken = true, IssuedSecurityTokenParameters = recipientRequirement.GetProperty <SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty), IssuedTokenCache = (ISecurityContextSecurityTokenCache)sctResolver, IssuerBindingContext = recipientRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty), ListenUri = recipientRequirement.ListenUri, SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite, StandardsManager = System.ServiceModel.Security.SecurityUtils.CreateSecurityStandardsManager(recipientRequirement, this), SecurityStateEncoder = this.parent.SecureConversationAuthentication.SecurityStateEncoder, KnownTypes = this.parent.SecureConversationAuthentication.SecurityContextClaimTypes, PreserveBootstrapTokens = preserveBootstrapTokens, MaximumCachedNegotiationState = localServiceSettings.MaxStatefulNegotiations, NegotiationTimeout = localServiceSettings.NegotiationTimeout, ServiceTokenLifetime = localServiceSettings.IssuedCookieLifetime, MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations, AuditLogLocation = recipientRequirement.AuditLogLocation, SuppressAuditFailure = recipientRequirement.SuppressAuditFailure, MessageAuthenticationAuditLevel = recipientRequirement.MessageAuthenticationAuditLevel, EndpointFilterTable = propertyOrDefault }); }
public void Add(MessageFilter filter, TFilterData data, int priority) { if (filter == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("filter"); } if (this.filters.ContainsKey(filter)) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("filter", System.ServiceModel.SR.GetString("FilterExists")); } System.Type key = filter.GetType(); System.Type type2 = null; IMessageFilterTable <TFilterData> table = null; if (!this.filterTypeMappings.TryGetValue(key, out type2)) { table = this.CreateFilterTable(filter); this.ValidateTable(table); this.filterTypeMappings.Add(key, table.GetType()); FilterTableEntry <TFilterData> item = new FilterTableEntry <TFilterData>(priority, table); int index = this.tables.IndexOf(item); if (index >= 0) { table = this.tables[index].table; } else { this.tables.Add(item); } table.Add(filter, data); } else { for (int i = 0; i < this.tables.Count; i++) { if ((this.tables[i].priority == priority) && this.tables[i].table.GetType().Equals(type2)) { table = this.tables[i].table; break; } } if (table == null) { table = this.CreateFilterTable(filter); this.ValidateTable(table); if (!table.GetType().Equals(type2)) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("FilterTableTypeMismatch"))); } table.Add(filter, data); this.tables.Add(new FilterTableEntry <TFilterData>(priority, table)); } else { table.Add(filter, data); } } this.filters.Add(filter, data); }
void ValidateTable(IMessageFilterTable <TFilterData> table) { Type t = this.GetType(); if (t.IsInstanceOfType(table)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.FilterBadTableType))); } }
protected virtual IMessageFilterTable <TFilterData> CreateFilterTable(MessageFilter filter) { IMessageFilterTable <TFilterData> table = filter.CreateFilterTable <TFilterData>(); if (table == null) { return(new SequentialMessageFilterTable <TFilterData>()); } return(table); }
internal bool GetMatchingValue(Message message, out TFilterData data, out bool addressMatched) { bool dataSet = false; int pri = int.MinValue; data = default(TFilterData); addressMatched = false; for (int i = 0; i < this.tables.Count; ++i) { // Watch for the end of a bucket if (pri > this.tables[i].priority && dataSet) { break; } pri = this.tables[i].priority; bool matchResult; TFilterData currentData; IMessageFilterTable <TFilterData> table = this.tables[i].table; AndMessageFilterTable <TFilterData> andTable = table as AndMessageFilterTable <TFilterData>; if (andTable != null) { bool addressResult; matchResult = andTable.GetMatchingValue(message, out currentData, out addressResult); addressMatched |= addressResult; } else { matchResult = table.GetMatchingValue(message, out currentData); } if (matchResult) { if (dataSet) { throw TraceUtility.ThrowHelperError(new MultipleFilterMatchesException(SR.GetString(SR.FilterMultipleMatches), null, null), message); } addressMatched = true; data = currentData; dataSet = true; } } return(dataSet); }
internal bool GetMatchingValue(Message message, out TFilterData data, out bool addressMatched) { bool flag = false; int priority = -2147483648; data = default(TFilterData); addressMatched = false; for (int i = 0; i < this.tables.Count; i++) { bool matchingValue; TFilterData local; if ((priority > this.tables[i].priority) && flag) { return(flag); } priority = this.tables[i].priority; IMessageFilterTable <TFilterData> table = this.tables[i].table; AndMessageFilterTable <TFilterData> table2 = table as AndMessageFilterTable <TFilterData>; if (table2 != null) { bool flag3; matchingValue = table2.GetMatchingValue(message, out local, out flag3); addressMatched |= flag3; } else { matchingValue = table.GetMatchingValue(message, out local); } if (matchingValue) { if (flag) { throw TraceUtility.ThrowHelperError(new MultipleFilterMatchesException(System.ServiceModel.SR.GetString("FilterMultipleMatches"), null, null), message); } addressMatched = true; data = local; flag = true; } } return(flag); }
public override IChannelListener <TChannel> BuildChannelListener <TChannel>(BindingContext context) where TChannel : class, IChannel { if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } this.VerifyTransportMode(context); this.SetSecuritySettings(context); IMessageFilterTable <EndpointAddress> table = context.BindingParameters.Find <IMessageFilterTable <EndpointAddress> >(); InternalDuplexBindingElement.AddDuplexListenerSupport(context, ref this.internalDuplexBindingElement); if (typeof(TChannel) == typeof(IInputSessionChannel)) { ReliableChannelListenerBase <IInputSessionChannel> base2 = null; if (context.CanBuildInnerChannelListener <IReplySessionChannel>()) { base2 = new ReliableInputListenerOverReplySession(this, context); } else if (context.CanBuildInnerChannelListener <IReplyChannel>()) { base2 = new ReliableInputListenerOverReply(this, context); } else if (context.CanBuildInnerChannelListener <IDuplexSessionChannel>()) { base2 = new ReliableInputListenerOverDuplexSession(this, context); } else if (context.CanBuildInnerChannelListener <IDuplexChannel>()) { base2 = new ReliableInputListenerOverDuplex(this, context); } if (base2 != null) { base2.LocalAddresses = table; return((IChannelListener <TChannel>)base2); } } else if (typeof(TChannel) == typeof(IDuplexSessionChannel)) { ReliableChannelListenerBase <IDuplexSessionChannel> base3 = null; if (context.CanBuildInnerChannelListener <IDuplexSessionChannel>()) { base3 = new ReliableDuplexListenerOverDuplexSession(this, context); } else if (context.CanBuildInnerChannelListener <IDuplexChannel>()) { base3 = new ReliableDuplexListenerOverDuplex(this, context); } if (base3 != null) { base3.LocalAddresses = table; return((IChannelListener <TChannel>)base3); } } else if (typeof(TChannel) == typeof(IReplySessionChannel)) { ReliableChannelListenerBase <IReplySessionChannel> base4 = null; if (context.CanBuildInnerChannelListener <IReplySessionChannel>()) { base4 = new ReliableReplyListenerOverReplySession(this, context); } else if (context.CanBuildInnerChannelListener <IReplyChannel>()) { base4 = new ReliableReplyListenerOverReply(this, context); } if (base4 != null) { base4.LocalAddresses = table; return((IChannelListener <TChannel>)base4); } } throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("TChannel", System.ServiceModel.SR.GetString("ChannelTypeNotSupported", new object[] { typeof(TChannel) })); }
internal FilterTableEntry(int pri, IMessageFilterTable <TFilterData> t) { this.priority = pri; this.table = t; }
protected SecurityTokenAuthenticator CreateSecureConversationTokenAuthenticator(RecipientServiceModelSecurityTokenRequirement recipientRequirement, bool preserveBootstrapTokens, out SecurityTokenResolver sctResolver) { SecurityBindingElement securityBindingElement = recipientRequirement.SecurityBindingElement; if (securityBindingElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenAuthenticatorRequiresSecurityBindingElement, recipientRequirement)); } bool isCookieMode = !recipientRequirement.SupportSecurityContextCancellation; LocalServiceSecuritySettings localServiceSettings = securityBindingElement.LocalServiceSettings; IMessageFilterTable <EndpointAddress> endpointFilterTable = recipientRequirement.GetPropertyOrDefault <IMessageFilterTable <EndpointAddress> >(ServiceModelSecurityTokenRequirement.EndpointFilterTableProperty, null); if (!isCookieMode) { sctResolver = new SecurityContextSecurityTokenResolver(Int32.MaxValue, false); // remember this authenticator for future reference SecuritySessionSecurityTokenAuthenticator authenticator = new SecuritySessionSecurityTokenAuthenticator(); authenticator.BootstrapSecurityBindingElement = SecurityUtils.GetIssuerSecurityBindingElement(recipientRequirement); authenticator.IssuedSecurityTokenParameters = recipientRequirement.GetProperty <SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty); authenticator.IssuedTokenCache = (ISecurityContextSecurityTokenCache)sctResolver; authenticator.IssuerBindingContext = recipientRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty); authenticator.KeyEntropyMode = securityBindingElement.KeyEntropyMode; authenticator.ListenUri = recipientRequirement.ListenUri; authenticator.SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite; authenticator.SessionTokenLifetime = TimeSpan.MaxValue; authenticator.KeyRenewalInterval = securityBindingElement.LocalServiceSettings.SessionKeyRenewalInterval; authenticator.StandardsManager = SecurityUtils.CreateSecurityStandardsManager(recipientRequirement, this); authenticator.EndpointFilterTable = endpointFilterTable; authenticator.MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations; authenticator.NegotiationTimeout = localServiceSettings.NegotiationTimeout; authenticator.PreserveBootstrapTokens = preserveBootstrapTokens; return(authenticator); } else { sctResolver = new SecurityContextSecurityTokenResolver(localServiceSettings.MaxCachedCookies, true, localServiceSettings.MaxClockSkew); AcceleratedTokenAuthenticator authenticator = new AcceleratedTokenAuthenticator(); authenticator.BootstrapSecurityBindingElement = SecurityUtils.GetIssuerSecurityBindingElement(recipientRequirement); authenticator.KeyEntropyMode = securityBindingElement.KeyEntropyMode; authenticator.EncryptStateInServiceToken = true; authenticator.IssuedSecurityTokenParameters = recipientRequirement.GetProperty <SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty); authenticator.IssuedTokenCache = (ISecurityContextSecurityTokenCache)sctResolver; authenticator.IssuerBindingContext = recipientRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty); authenticator.ListenUri = recipientRequirement.ListenUri; authenticator.SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite; authenticator.StandardsManager = SecurityUtils.CreateSecurityStandardsManager(recipientRequirement, this); authenticator.SecurityStateEncoder = parent.SecureConversationAuthentication.SecurityStateEncoder; authenticator.KnownTypes = parent.SecureConversationAuthentication.SecurityContextClaimTypes; authenticator.PreserveBootstrapTokens = preserveBootstrapTokens; // local security quotas authenticator.MaximumCachedNegotiationState = localServiceSettings.MaxStatefulNegotiations; authenticator.NegotiationTimeout = localServiceSettings.NegotiationTimeout; authenticator.ServiceTokenLifetime = localServiceSettings.IssuedCookieLifetime; authenticator.MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations; // audit settings authenticator.AuditLogLocation = recipientRequirement.AuditLogLocation; authenticator.SuppressAuditFailure = recipientRequirement.SuppressAuditFailure; authenticator.MessageAuthenticationAuditLevel = recipientRequirement.MessageAuthenticationAuditLevel; authenticator.EndpointFilterTable = endpointFilterTable; return(authenticator); } }
public void Add(MessageFilter filter, TFilterData data, int priority) { if (filter == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(filter)); } if (_filters.ContainsKey(filter)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(nameof(filter), SR.FilterExists); } Type filterType = filter.GetType(); IMessageFilterTable <TFilterData> table = null; if (_filterTypeMappings.TryGetValue(filterType, out Type tableType)) { for (int i = 0; i < _tables.Count; ++i) { if (_tables[i].priority == priority && _tables[i].table.GetType().Equals(tableType)) { table = _tables[i].table; break; } } if (table == null) { table = CreateFilterTable(filter); ValidateTable(table); if (!table.GetType().Equals(tableType)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.FilterTableTypeMismatch)); } table.Add(filter, data); _tables.Add(new FilterTableEntry(priority, table)); } else { table.Add(filter, data); } } else { table = CreateFilterTable(filter); ValidateTable(table); _filterTypeMappings.Add(filterType, table.GetType()); FilterTableEntry entry = new FilterTableEntry(priority, table); int idx = _tables.IndexOf(entry); if (idx >= 0) { table = _tables[idx].table; } else { _tables.Add(entry); } table.Add(filter, data); } _filters.Add(filter, data); }
protected override IChannelListener <TChannel> BuildChannelListenerCore <TChannel>(BindingContext context) { SecurityChannelListener <TChannel> channelListener = new SecurityChannelListener <TChannel>(this, context); SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>(); if (credentialsManager == null) { credentialsManager = ServiceCredentials.CreateDefaultCredentials(); } // This adds the demuxer element to the context. We add a demuxer element only if the binding is configured to do // secure conversation or negotiation bool requireDemuxer = RequiresChannelDemuxer(); ChannelBuilder channelBuilder = new ChannelBuilder(context, requireDemuxer); if (requireDemuxer) { ApplyPropertiesOnDemuxer(channelBuilder, context); } BindingContext issuerBindingContext = context.Clone(); if (this.ProtectionTokenParameters is SecureConversationSecurityTokenParameters) { SecureConversationSecurityTokenParameters scParameters = (SecureConversationSecurityTokenParameters)this.ProtectionTokenParameters; if (scParameters.BootstrapSecurityBindingElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SecureConversationSecurityTokenParametersRequireBootstrapBinding))); } BindingContext scIssuerBindingContext = issuerBindingContext.Clone(); scIssuerBindingContext.BindingParameters.Remove <ChannelProtectionRequirements>(); scIssuerBindingContext.BindingParameters.Add(scParameters.BootstrapProtectionRequirements); IMessageFilterTable <EndpointAddress> endpointFilterTable = context.BindingParameters.Find <IMessageFilterTable <EndpointAddress> >(); AddDemuxerForSecureConversation(channelBuilder, scIssuerBindingContext); if (scParameters.RequireCancellation) { SessionSymmetricMessageSecurityProtocolFactory sessionFactory = new SessionSymmetricMessageSecurityProtocolFactory(); base.ApplyAuditBehaviorSettings(context, sessionFactory); sessionFactory.SecurityTokenParameters = scParameters.Clone(); ((SecureConversationSecurityTokenParameters)sessionFactory.SecurityTokenParameters).IssuerBindingContext = scIssuerBindingContext; sessionFactory.ApplyConfidentiality = true; sessionFactory.RequireConfidentiality = true; sessionFactory.ApplyIntegrity = true; sessionFactory.RequireIntegrity = true; sessionFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier; sessionFactory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation; sessionFactory.MessageProtectionOrder = this.MessageProtectionOrder; sessionFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier; sessionFactory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, true)); base.ConfigureProtocolFactory(sessionFactory, credentialsManager, true, issuerBindingContext, context.Binding); channelListener.SessionMode = true; channelListener.SessionServerSettings.InactivityTimeout = this.LocalServiceSettings.InactivityTimeout; channelListener.SessionServerSettings.KeyRolloverInterval = this.LocalServiceSettings.SessionKeyRolloverInterval; channelListener.SessionServerSettings.MaximumPendingSessions = this.LocalServiceSettings.MaxPendingSessions; channelListener.SessionServerSettings.MaximumKeyRenewalInterval = this.LocalServiceSettings.SessionKeyRenewalInterval; channelListener.SessionServerSettings.TolerateTransportFailures = this.LocalServiceSettings.ReconnectTransportOnFailure; channelListener.SessionServerSettings.CanRenewSession = scParameters.CanRenewSession; channelListener.SessionServerSettings.IssuedSecurityTokenParameters = scParameters.Clone(); ((SecureConversationSecurityTokenParameters)channelListener.SessionServerSettings.IssuedSecurityTokenParameters).IssuerBindingContext = scIssuerBindingContext; channelListener.SessionServerSettings.SecurityStandardsManager = sessionFactory.StandardsManager; channelListener.SessionServerSettings.SessionProtocolFactory = sessionFactory; channelListener.SessionServerSettings.SessionProtocolFactory.EndpointFilterTable = endpointFilterTable; // pass in the error handler for handling unknown security sessions - dont do this if the underlying channel is duplex since sending // back faults in response to badly secured requests over duplex can result in DoS. if (context.BindingParameters != null && context.BindingParameters.Find <IChannelDemuxFailureHandler>() == null && !IsUnderlyingListenerDuplex <TChannel>(context)) { context.BindingParameters.Add(new SecuritySessionServerSettings.SecuritySessionDemuxFailureHandler(sessionFactory.StandardsManager)); } } else { SymmetricSecurityProtocolFactory protocolFactory = new SymmetricSecurityProtocolFactory(); base.ApplyAuditBehaviorSettings(context, protocolFactory); protocolFactory.SecurityTokenParameters = scParameters.Clone(); ((SecureConversationSecurityTokenParameters)protocolFactory.SecurityTokenParameters).IssuerBindingContext = scIssuerBindingContext; protocolFactory.ApplyConfidentiality = true; protocolFactory.RequireConfidentiality = true; protocolFactory.ApplyIntegrity = true; protocolFactory.RequireIntegrity = true; protocolFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier; protocolFactory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation; protocolFactory.MessageProtectionOrder = this.MessageProtectionOrder; protocolFactory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, true)); protocolFactory.EndpointFilterTable = endpointFilterTable; base.ConfigureProtocolFactory(protocolFactory, credentialsManager, true, issuerBindingContext, context.Binding); channelListener.SecurityProtocolFactory = protocolFactory; } } else { SecurityProtocolFactory protocolFactory = this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, true, issuerBindingContext); channelListener.SecurityProtocolFactory = protocolFactory; } channelListener.InitializeListener(channelBuilder); return(channelListener); }
protected override IChannelListener <TChannel> BuildChannelListenerCore <TChannel>(BindingContext context) where TChannel : class, IChannel { SecurityChannelListener <TChannel> listener = new SecurityChannelListener <TChannel>(this, context); SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>(); if (credentialsManager == null) { credentialsManager = ServiceCredentials.CreateDefaultCredentials(); } bool addChannelDemuxerIfRequired = this.RequiresChannelDemuxer(); ChannelBuilder builder = new ChannelBuilder(context, addChannelDemuxerIfRequired); if (addChannelDemuxerIfRequired) { base.ApplyPropertiesOnDemuxer(builder, context); } BindingContext issuerBindingContext = context.Clone(); if (this.ProtectionTokenParameters is SecureConversationSecurityTokenParameters) { SecureConversationSecurityTokenParameters protectionTokenParameters = (SecureConversationSecurityTokenParameters)this.ProtectionTokenParameters; if (protectionTokenParameters.BootstrapSecurityBindingElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("SecureConversationSecurityTokenParametersRequireBootstrapBinding"))); } BindingContext secureConversationBindingContext = issuerBindingContext.Clone(); secureConversationBindingContext.BindingParameters.Remove <ChannelProtectionRequirements>(); secureConversationBindingContext.BindingParameters.Add(protectionTokenParameters.BootstrapProtectionRequirements); IMessageFilterTable <EndpointAddress> table = context.BindingParameters.Find <IMessageFilterTable <EndpointAddress> >(); base.AddDemuxerForSecureConversation(builder, secureConversationBindingContext); if (protectionTokenParameters.RequireCancellation) { SessionSymmetricMessageSecurityProtocolFactory factory = new SessionSymmetricMessageSecurityProtocolFactory(); base.ApplyAuditBehaviorSettings(context, factory); factory.SecurityTokenParameters = protectionTokenParameters.Clone(); ((SecureConversationSecurityTokenParameters)factory.SecurityTokenParameters).IssuerBindingContext = secureConversationBindingContext; factory.ApplyConfidentiality = true; factory.RequireConfidentiality = true; factory.ApplyIntegrity = true; factory.RequireIntegrity = true; factory.IdentityVerifier = base.LocalClientSettings.IdentityVerifier; factory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation; factory.MessageProtectionOrder = this.MessageProtectionOrder; factory.IdentityVerifier = base.LocalClientSettings.IdentityVerifier; factory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, true)); base.ConfigureProtocolFactory(factory, credentialsManager, true, issuerBindingContext, context.Binding); listener.SessionMode = true; listener.SessionServerSettings.InactivityTimeout = base.LocalServiceSettings.InactivityTimeout; listener.SessionServerSettings.KeyRolloverInterval = base.LocalServiceSettings.SessionKeyRolloverInterval; listener.SessionServerSettings.MaximumPendingSessions = base.LocalServiceSettings.MaxPendingSessions; listener.SessionServerSettings.MaximumKeyRenewalInterval = base.LocalServiceSettings.SessionKeyRenewalInterval; listener.SessionServerSettings.TolerateTransportFailures = base.LocalServiceSettings.ReconnectTransportOnFailure; listener.SessionServerSettings.CanRenewSession = protectionTokenParameters.CanRenewSession; listener.SessionServerSettings.IssuedSecurityTokenParameters = protectionTokenParameters.Clone(); ((SecureConversationSecurityTokenParameters)listener.SessionServerSettings.IssuedSecurityTokenParameters).IssuerBindingContext = secureConversationBindingContext; listener.SessionServerSettings.SecurityStandardsManager = factory.StandardsManager; listener.SessionServerSettings.SessionProtocolFactory = factory; listener.SessionServerSettings.SessionProtocolFactory.EndpointFilterTable = table; if (((context.BindingParameters != null) && (context.BindingParameters.Find <IChannelDemuxFailureHandler>() == null)) && !base.IsUnderlyingListenerDuplex <TChannel>(context)) { context.BindingParameters.Add(new SecuritySessionServerSettings.SecuritySessionDemuxFailureHandler(factory.StandardsManager)); } } else { SymmetricSecurityProtocolFactory factory2 = new SymmetricSecurityProtocolFactory(); base.ApplyAuditBehaviorSettings(context, factory2); factory2.SecurityTokenParameters = protectionTokenParameters.Clone(); ((SecureConversationSecurityTokenParameters)factory2.SecurityTokenParameters).IssuerBindingContext = secureConversationBindingContext; factory2.ApplyConfidentiality = true; factory2.RequireConfidentiality = true; factory2.ApplyIntegrity = true; factory2.RequireIntegrity = true; factory2.IdentityVerifier = base.LocalClientSettings.IdentityVerifier; factory2.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation; factory2.MessageProtectionOrder = this.MessageProtectionOrder; factory2.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, true)); factory2.EndpointFilterTable = table; base.ConfigureProtocolFactory(factory2, credentialsManager, true, issuerBindingContext, context.Binding); listener.SecurityProtocolFactory = factory2; } } else { SecurityProtocolFactory factory3 = this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, true, issuerBindingContext); listener.SecurityProtocolFactory = factory3; } listener.InitializeListener(builder); return(listener); }
public void Add(MessageFilter filter, TFilterData data, int priority) { if (filter == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("filter"); } if (this.filters.ContainsKey(filter)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("filter", SR.GetString(SR.FilterExists)); } #pragma warning suppress 56506 // [....], PreSharp generates a false warning here Type filterType = filter.GetType(); Type tableType = null; IMessageFilterTable <TFilterData> table = null; if (this.filterTypeMappings.TryGetValue(filterType, out tableType)) { for (int i = 0; i < this.tables.Count; ++i) { if (this.tables[i].priority == priority && this.tables[i].table.GetType().Equals(tableType)) { table = this.tables[i].table; break; } } if (table == null) { table = CreateFilterTable(filter); ValidateTable(table); if (!table.GetType().Equals(tableType)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.FilterTableTypeMismatch))); } table.Add(filter, data); this.tables.Add(new FilterTableEntry(priority, table)); } else { table.Add(filter, data); } } else { table = CreateFilterTable(filter); ValidateTable(table); this.filterTypeMappings.Add(filterType, table.GetType()); FilterTableEntry entry = new FilterTableEntry(priority, table); int idx = this.tables.IndexOf(entry); if (idx >= 0) { table = this.tables[idx].table; } else { this.tables.Add(entry); } table.Add(filter, data); } this.filters.Add(filter, data); }
public override IChannelListener <TChannel> BuildChannelListener <TChannel>(BindingContext context) { if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } this.VerifyTransportMode(context); this.SetSecuritySettings(context); #pragma warning suppress 56506 // BindingContext guarantees BindingParameters is never null. IMessageFilterTable <EndpointAddress> table = context.BindingParameters.Find <IMessageFilterTable <EndpointAddress> >(); InternalDuplexBindingElement.AddDuplexListenerSupport(context, ref this.internalDuplexBindingElement); if (typeof(TChannel) == typeof(IInputSessionChannel)) { ReliableChannelListenerBase <IInputSessionChannel> listener = null; if (context.CanBuildInnerChannelListener <IReplySessionChannel>()) { listener = new ReliableInputListenerOverReplySession(this, context); } else if (context.CanBuildInnerChannelListener <IReplyChannel>()) { listener = new ReliableInputListenerOverReply(this, context); } else if (context.CanBuildInnerChannelListener <IDuplexSessionChannel>()) { listener = new ReliableInputListenerOverDuplexSession(this, context); } else if (context.CanBuildInnerChannelListener <IDuplexChannel>()) { listener = new ReliableInputListenerOverDuplex(this, context); } if (listener != null) { listener.LocalAddresses = table; return((IChannelListener <TChannel>)(object) listener); } } else if (typeof(TChannel) == typeof(IDuplexSessionChannel)) { ReliableChannelListenerBase <IDuplexSessionChannel> listener = null; if (context.CanBuildInnerChannelListener <IDuplexSessionChannel>()) { listener = new ReliableDuplexListenerOverDuplexSession(this, context); } else if (context.CanBuildInnerChannelListener <IDuplexChannel>()) { listener = new ReliableDuplexListenerOverDuplex(this, context); } if (listener != null) { listener.LocalAddresses = table; return((IChannelListener <TChannel>)(object) listener); } } else if (typeof(TChannel) == typeof(IReplySessionChannel)) { ReliableChannelListenerBase <IReplySessionChannel> listener = null; if (context.CanBuildInnerChannelListener <IReplySessionChannel>()) { listener = new ReliableReplyListenerOverReplySession(this, context); } else if (context.CanBuildInnerChannelListener <IReplyChannel>()) { listener = new ReliableReplyListenerOverReply(this, context); } if (listener != null) { listener.LocalAddresses = table; return((IChannelListener <TChannel>)(object) listener); } } throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("TChannel", SR.GetString(SR.ChannelTypeNotSupported, typeof(TChannel))); }