internal static bool IsEqual(ISecurityCapabilities capabilities1, ISecurityCapabilities capabilities2)
 {
     if (capabilities1 == null)
     {
         capabilities1 = None;
     }
     if (capabilities2 == null)
     {
         capabilities2 = None;
     }
     if (capabilities1.SupportedRequestProtectionLevel != capabilities2.SupportedRequestProtectionLevel)
     {
         return false;
     }
     if (capabilities1.SupportedResponseProtectionLevel != capabilities2.SupportedResponseProtectionLevel)
     {
         return false;
     }
     if (capabilities1.SupportsClientAuthentication != capabilities2.SupportsClientAuthentication)
     {
         return false;
     }
     if (capabilities1.SupportsClientWindowsIdentity != capabilities2.SupportsClientWindowsIdentity)
     {
         return false;
     }
     if (capabilities1.SupportsServerAuthentication != capabilities2.SupportsServerAuthentication)
     {
         return false;
     }
     return true;
 }
Esempio n. 2
0
		// Binding passed to .ctor() seems to have nothing to do
		// with the properties on this class.
		public CustomBinding (Binding binding)
			: this (binding.CreateBindingElements (),
				binding.Name, binding.Namespace)
		{
			OpenTimeout = binding.OpenTimeout;
			CloseTimeout = binding.CloseTimeout;
			SendTimeout = binding.SendTimeout;
			ReceiveTimeout = binding.ReceiveTimeout;
			scheme = binding.Scheme;
			security = binding as ISecurityCapabilities;
		}
        protected ConnectionOrientedTransportChannelListener(Microsoft.ServiceBus.Channels.ConnectionOrientedTransportBindingElement bindingElement, BindingContext context) : base(bindingElement, context, bindingElement.HostNameComparisonMode)
        {
            if (bindingElement.TransferMode == System.ServiceModel.TransferMode.Buffered)
            {
                if (bindingElement.MaxReceivedMessageSize > (long)2147483647)
                {
                    throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("bindingElement.MaxReceivedMessageSize", Microsoft.ServiceBus.SR.GetString(Resources.MaxReceivedMessageSizeMustBeInIntegerRange, new object[0])));
                }
                if ((long)bindingElement.MaxBufferSize != bindingElement.MaxReceivedMessageSize)
                {
                    throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("bindingElement", Microsoft.ServiceBus.SR.GetString(Resources.MaxBufferSizeMustMatchMaxReceivedMessageSize, new object[0]));
                }
            }
            else if ((long)bindingElement.MaxBufferSize > bindingElement.MaxReceivedMessageSize)
            {
                throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("bindingElement", Microsoft.ServiceBus.SR.GetString(Resources.MaxBufferSizeMustNotExceedMaxReceivedMessageSize, new object[0]));
            }
            this.connectionBufferSize         = bindingElement.ConnectionBufferSize;
            this.exposeConnectionProperty     = bindingElement.ExposeConnectionProperty;
            base.InheritBaseAddressSettings   = bindingElement.InheritBaseAddressSettings;
            this.channelInitializationTimeout = bindingElement.ChannelInitializationTimeout;
            this.maxBufferSize         = bindingElement.MaxBufferSize;
            this.maxPendingConnections = bindingElement.MaxPendingConnections;
            this.maxOutputDelay        = bindingElement.MaxOutputDelay;
            this.maxPendingAccepts     = bindingElement.MaxPendingAccepts;
            this.transferMode          = bindingElement.TransferMode;
            Collection <StreamUpgradeBindingElement> streamUpgradeBindingElements = context.BindingParameters.FindAll <StreamUpgradeBindingElement>();

            if (streamUpgradeBindingElements.Count > 1)
            {
                throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(Microsoft.ServiceBus.SR.GetString(Resources.MultipleStreamUpgradeProvidersInParameters, new object[0])));
            }
            if (streamUpgradeBindingElements.Count == 1)
            {
                this.upgrade    = streamUpgradeBindingElements[0].BuildServerStreamUpgradeProvider(context);
                this.ownUpgrade = true;
                context.BindingParameters.Remove <StreamUpgradeBindingElement>();
                this.securityCapabilities = streamUpgradeBindingElements[0].GetProperty <ISecurityCapabilities>(context);
            }
        }
Esempio n. 4
0
        static void Main()
        {
            // protected
            // NamedPipeTransportBindingElement bElementClone =
            //  new NamedPipeTransportBindingElement(bElement);

            // <Snippet3>
            // <Snippet2>
            // <Snippet0>
            // <Snippet1>
            NamedPipeTransportBindingElement bElement =
                new NamedPipeTransportBindingElement();
            // </Snippet1>

            NamedPipeConnectionPoolSettings connectionPoolSettings =
                bElement.ConnectionPoolSettings;
            // </Snippet0>
            // </Snippet2>
            // </Snippet3>

            // <Snippet4>
            string scheme =
                bElement.Scheme;
            // </Snippet4>

            // <Snippet5>
            BindingElement bElementCopy =
                bElement.Clone();
            // </Snippet5>

            // <Snippet8>
            BasicHttpBinding      binding = new BasicHttpBinding();
            ISecurityCapabilities b       =
                binding.GetProperty <ISecurityCapabilities>
                    (new BindingParameterCollection());

            bool SupportsServerAuthentication =
                b.SupportsServerAuthentication;
            // </Snippet8>
        }
Esempio n. 5
0
        internal static bool IsEqual(ISecurityCapabilities capabilities1, ISecurityCapabilities capabilities2)
        {
            if (capabilities1 == null)
            {
                capabilities1 = SecurityCapabilities.None;
            }

            if (capabilities2 == null)
            {
                capabilities2 = SecurityCapabilities.None;
            }

            if (capabilities1.SupportedRequestProtectionLevel != capabilities2.SupportedRequestProtectionLevel)
            {
                return(false);
            }

            if (capabilities1.SupportedResponseProtectionLevel != capabilities2.SupportedResponseProtectionLevel)
            {
                return(false);
            }

            if (capabilities1.SupportsClientAuthentication != capabilities2.SupportsClientAuthentication)
            {
                return(false);
            }

            if (capabilities1.SupportsClientWindowsIdentity != capabilities2.SupportsClientWindowsIdentity)
            {
                return(false);
            }

            if (capabilities1.SupportsServerAuthentication != capabilities2.SupportsServerAuthentication)
            {
                return(false);
            }

            return(true);
        }
 public HttpChannelListener(HttpTransportBindingElement bindingElement, BindingContext context) : base(bindingElement, context, HttpTransportDefaults.GetDefaultMessageEncoderFactory(), bindingElement.HostNameComparisonMode)
 {
     if (bindingElement.TransferMode == System.ServiceModel.TransferMode.Buffered)
     {
         if (bindingElement.MaxReceivedMessageSize > 0x7fffffffL)
         {
             throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("bindingElement.MaxReceivedMessageSize", System.ServiceModel.SR.GetString("MaxReceivedMessageSizeMustBeInIntegerRange")));
         }
         if (bindingElement.MaxBufferSize != bindingElement.MaxReceivedMessageSize)
         {
             throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("bindingElement", System.ServiceModel.SR.GetString("MaxBufferSizeMustMatchMaxReceivedMessageSize"));
         }
     }
     else if (bindingElement.MaxBufferSize > bindingElement.MaxReceivedMessageSize)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("bindingElement", System.ServiceModel.SR.GetString("MaxBufferSizeMustNotExceedMaxReceivedMessageSize"));
     }
     if ((bindingElement.AuthenticationScheme == AuthenticationSchemes.Basic) && (bindingElement.ExtendedProtectionPolicy.PolicyEnforcement == PolicyEnforcement.Always))
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(System.ServiceModel.SR.GetString("ExtendedProtectionPolicyBasicAuthNotSupported")));
     }
     this.authenticationScheme       = bindingElement.AuthenticationScheme;
     this.keepAliveEnabled           = bindingElement.KeepAliveEnabled;
     base.InheritBaseAddressSettings = bindingElement.InheritBaseAddressSettings;
     this.maxBufferSize = bindingElement.MaxBufferSize;
     this.method        = bindingElement.Method;
     this.realm         = bindingElement.Realm;
     this.transferMode  = bindingElement.TransferMode;
     this.unsafeConnectionNtlmAuthentication = bindingElement.UnsafeConnectionNtlmAuthentication;
     this.credentialProvider       = context.BindingParameters.Find <SecurityCredentialsManager>();
     this.acceptor                 = new TransportReplyChannelAcceptor(this);
     this.securityCapabilities     = bindingElement.GetProperty <ISecurityCapabilities>(context);
     this.extendedProtectionPolicy = GetPolicyWithDefaultSpnCollection(bindingElement.ExtendedProtectionPolicy, this.authenticationScheme, base.HostNameComparisonModeInternal, base.Uri, out this.usingDefaultSpnList);
     if (bindingElement.AnonymousUriPrefixMatcher != null)
     {
         this.anonymousUriPrefixMatcher = new HttpAnonymousUriPrefixMatcher(bindingElement.AnonymousUriPrefixMatcher);
     }
 }
        internal ConnectionOrientedTransportChannelFactory(
            ConnectionOrientedTransportBindingElement bindingElement, BindingContext context,
            string connectionPoolGroupName, TimeSpan idleTimeout, int maxOutboundConnectionsPerEndpoint, bool supportsImpersonationDuringAsyncOpen)
            : base(bindingElement, context)
        {
            if (bindingElement.TransferMode == TransferMode.Buffered && bindingElement.MaxReceivedMessageSize > int.MaxValue)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(
                          new ArgumentOutOfRangeException("bindingElement.MaxReceivedMessageSize",
                                                          SR.MaxReceivedMessageSizeMustBeInIntegerRange));
            }

            _connectionBufferSize     = bindingElement.ConnectionBufferSize;
            _connectionPoolGroupName  = connectionPoolGroupName;
            _exposeConnectionProperty = bindingElement.ExposeConnectionProperty;
            _idleTimeout   = idleTimeout;
            _maxBufferSize = bindingElement.MaxBufferSize;
            _maxOutboundConnectionsPerEndpoint = maxOutboundConnectionsPerEndpoint;
            _maxOutputDelay = bindingElement.MaxOutputDelay;
            _transferMode   = bindingElement.TransferMode;

            Collection <StreamUpgradeBindingElement> upgradeBindingElements =
                context.BindingParameters.FindAll <StreamUpgradeBindingElement>();

            if (upgradeBindingElements.Count > 1)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.MultipleStreamUpgradeProvidersInParameters));
            }
            else if ((upgradeBindingElements.Count == 1) && this.SupportsUpgrade(upgradeBindingElements[0]))
            {
                _upgrade = upgradeBindingElements[0].BuildClientStreamUpgradeProvider(context);
                context.BindingParameters.Remove <StreamUpgradeBindingElement>();
                _securityCapabilities = upgradeBindingElements[0].GetProperty <ISecurityCapabilities>(context);
                // flow the identity only if the channel factory supports impersonating during an async open AND
                // there is the binding is configured with security
                _flowIdentity = supportsImpersonationDuringAsyncOpen;
            }
        }
        protected override IChannelFactory <TChannel> BuildChannelFactoryCore <TChannel>(BindingContext context)
        {
            ISecurityCapabilities securityCapabilities = this.GetProperty <ISecurityCapabilities>(context);
            bool           requireDemuxer = RequiresChannelDemuxer();
            ChannelBuilder channelBuilder = new ChannelBuilder(context, requireDemuxer);

            if (requireDemuxer)
            {
                ApplyPropertiesOnDemuxer(channelBuilder, context);
            }

            BindingContext             issuerBindingContext = context.Clone();
            SecurityCredentialsManager credentialsManager   = context.BindingParameters.Find <SecurityCredentialsManager>();

            if (credentialsManager == null)
            {
                credentialsManager = ClientCredentials.CreateDefaultCredentials();
            }

            SecurityProtocolFactory protocolFactory =
                this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, false, issuerBindingContext);

            return(new SecurityChannelFactory <TChannel>(securityCapabilities, context, channelBuilder, protocolFactory));
        }
Esempio n. 9
0
        protected override IChannelFactory <IRequestChannel> GetNegotiationChannelFactory(IChannelFactory <IRequestChannel> transportChannelFactory, ChannelBuilder channelBuilder)
        {
            ISecurityCapabilities      property           = this.bootstrapSecurityBindingElement.GetProperty <ISecurityCapabilities>(base.IssuerBindingContext);
            SecurityCredentialsManager credentialsManager = base.IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>();

            if (credentialsManager == null)
            {
                credentialsManager = ClientCredentials.CreateDefaultCredentials();
            }
            this.bootstrapSecurityBindingElement.ReaderQuotas = base.IssuerBindingContext.GetInnerProperty <XmlDictionaryReaderQuotas>();
            if (this.bootstrapSecurityBindingElement.ReaderQuotas == null)
            {
                throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("EncodingBindingElementDoesNotHandleReaderQuotas")));
            }
            TransportBindingElement element = base.IssuerBindingContext.RemainingBindingElements.Find <TransportBindingElement>();

            if (element != null)
            {
                this.bootstrapSecurityBindingElement.MaxReceivedMessageSize = element.MaxReceivedMessageSize;
            }
            SecurityProtocolFactory        protocolFactory = this.bootstrapSecurityBindingElement.CreateSecurityProtocolFactory <IRequestChannel>(base.IssuerBindingContext.Clone(), credentialsManager, false, base.IssuerBindingContext.Clone());
            MessageSecurityProtocolFactory factory2        = protocolFactory as MessageSecurityProtocolFactory;

            if (factory2 != null)
            {
                factory2.ApplyConfidentiality = factory2.ApplyIntegrity = factory2.RequireConfidentiality = factory2.RequireIntegrity = true;
                MessagePartSpecification parts = new MessagePartSpecification(true);
                factory2.ProtectionRequirements.IncomingSignatureParts.AddParts(parts, this.RequestSecurityTokenAction);
                factory2.ProtectionRequirements.IncomingEncryptionParts.AddParts(parts, this.RequestSecurityTokenAction);
                factory2.ProtectionRequirements.OutgoingSignatureParts.AddParts(parts, this.RequestSecurityTokenResponseAction);
                factory2.ProtectionRequirements.OutgoingEncryptionParts.AddParts(parts, this.RequestSecurityTokenResponseAction);
            }
            protocolFactory.PrivacyNoticeUri     = this.PrivacyNoticeUri;
            protocolFactory.PrivacyNoticeVersion = this.PrivacyNoticeVersion;
            return(new SecurityChannelFactory <IRequestChannel>(property, base.IssuerBindingContext, channelBuilder, protocolFactory, transportChannelFactory));
        }
Esempio n. 10
0
        public override T GetProperty <T>(BindingContext context) where T : class
        {
            if (context == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
            }
            if (typeof(T) == typeof(ISecurityCapabilities))
            {
                ISecurityCapabilities innerProperty = context.GetInnerProperty <ISecurityCapabilities>();
                if (innerProperty != null)
                {
                    return((T) new SecurityCapabilities(innerProperty.SupportsClientAuthentication, false, innerProperty.SupportsClientWindowsIdentity, innerProperty.SupportedRequestProtectionLevel, ProtectionLevel.None));
                }
                return(default(T));
            }
            if (!(typeof(T) == typeof(ChannelProtectionRequirements)))
            {
                return(context.GetInnerProperty <T>());
            }
            ChannelProtectionRequirements protectionRequirements = this.GetProtectionRequirements();

            protectionRequirements.Add(context.GetInnerProperty <ChannelProtectionRequirements>() ?? new ChannelProtectionRequirements());
            return((T)protectionRequirements);
        }
 public SecurityChannelFactory(ISecurityCapabilities securityCapabilities, BindingContext context, ChannelBuilder channelBuilder, SecurityProtocolFactory protocolFactory, IChannelFactory innerChannelFactory)
     : this(securityCapabilities, context, channelBuilder, innerChannelFactory)
 {
     SecurityProtocolFactory = protocolFactory;
 }
Esempio n. 12
0
        internal static ChannelProtectionRequirements CreateFromContractAndUnionResponseProtectionRequirements(ContractDescription contract, ISecurityCapabilities bindingElement, bool isForClient)
        {
            ChannelProtectionRequirements requirements  = CreateFromContract(contract, bindingElement.SupportedRequestProtectionLevel, bindingElement.SupportedResponseProtectionLevel, isForClient);
            ChannelProtectionRequirements requirements2 = new ChannelProtectionRequirements();

            requirements2.OutgoingEncryptionParts.AddParts(UnionMessagePartSpecifications(requirements.OutgoingEncryptionParts), "*");
            requirements2.OutgoingSignatureParts.AddParts(UnionMessagePartSpecifications(requirements.OutgoingSignatureParts), "*");
            requirements.IncomingEncryptionParts.CopyTo(requirements2.IncomingEncryptionParts);
            requirements.IncomingSignatureParts.CopyTo(requirements2.IncomingSignatureParts);
            return(requirements2);
        }
		void AssertSecurityCapabilities (
			ProtectionLevel request, ProtectionLevel response,
			bool supportsClientAuth, bool supportsClientWinId,
			bool supportsServerAuth, ISecurityCapabilities c,
			string label)
		{
			Assert.AreEqual (request, c.SupportedRequestProtectionLevel, label + ".request");
			Assert.AreEqual (response, c.SupportedResponseProtectionLevel, label + ".response");
			Assert.AreEqual (supportsClientAuth, c.SupportsClientAuthentication, label + ".client-auth");
			Assert.AreEqual (supportsClientWinId, c.SupportsClientWindowsIdentity, label + ".client-identity");
			Assert.AreEqual (supportsServerAuth, c.SupportsServerAuthentication, label + ".server-auth");
		}
 public SecurityChannelFactory(ISecurityCapabilities securityCapabilities, BindingContext context, ChannelBuilder channelBuilder, SecurityProtocolFactory protocolFactory)
     : this(securityCapabilities, context, channelBuilder, protocolFactory, channelBuilder.BuildChannelFactory <TChannel>())
 {
 }
        protected override IChannelFactory <TChannel> BuildChannelFactoryCore <TChannel>(BindingContext context)
        {
            ISecurityCapabilities      securityCapabilities = this.GetProperty <ISecurityCapabilities>(context);
            SecurityCredentialsManager credentialsManager   = context.BindingParameters.Find <SecurityCredentialsManager>();

            if (credentialsManager == null)
            {
                credentialsManager = ClientCredentials.CreateDefaultCredentials();
            }

            // This adds the demuxer element to the context. We add a demuxer element only if the binding is configured to do
            // secure conversation or negotiation
            bool           requireDemuxer = RequiresChannelDemuxer();
            ChannelBuilder channelBuilder = new ChannelBuilder(context, requireDemuxer);

            if (requireDemuxer)
            {
                ApplyPropertiesOnDemuxer(channelBuilder, context);
            }
            BindingContext issuerBindingContext = context.Clone();

            SecurityChannelFactory <TChannel> channelFactory;

            if (this.ProtectionTokenParameters is SecureConversationSecurityTokenParameters)
            {
                SecureConversationSecurityTokenParameters scParameters = (SecureConversationSecurityTokenParameters)this.ProtectionTokenParameters;
                if (scParameters.BootstrapSecurityBindingElement == null)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SecureConversationSecurityTokenParametersRequireBootstrapBinding)));
                }

                BindingContext scIssuerBindingContext = issuerBindingContext.Clone();
                scIssuerBindingContext.BindingParameters.Remove <ChannelProtectionRequirements>();
                scIssuerBindingContext.BindingParameters.Add(scParameters.BootstrapProtectionRequirements);

                if (scParameters.RequireCancellation)
                {
                    SessionSymmetricMessageSecurityProtocolFactory sessionFactory = new SessionSymmetricMessageSecurityProtocolFactory();
                    sessionFactory.SecurityTokenParameters = scParameters.Clone();
                    ((SecureConversationSecurityTokenParameters)sessionFactory.SecurityTokenParameters).IssuerBindingContext = scIssuerBindingContext;
                    sessionFactory.ApplyConfidentiality           = true;
                    sessionFactory.RequireConfidentiality         = true;
                    sessionFactory.ApplyIntegrity                 = true;
                    sessionFactory.RequireIntegrity               = true;
                    sessionFactory.IdentityVerifier               = this.LocalClientSettings.IdentityVerifier;
                    sessionFactory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
                    sessionFactory.MessageProtectionOrder         = this.MessageProtectionOrder;
                    sessionFactory.IdentityVerifier               = this.LocalClientSettings.IdentityVerifier;
                    sessionFactory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, false));
                    base.ConfigureProtocolFactory(sessionFactory, credentialsManager, false, issuerBindingContext, context.Binding);

                    SecuritySessionClientSettings <TChannel> sessionClientSettings = new SecuritySessionClientSettings <TChannel>();
                    sessionClientSettings.ChannelBuilder                = channelBuilder;
                    sessionClientSettings.KeyRenewalInterval            = this.LocalClientSettings.SessionKeyRenewalInterval;
                    sessionClientSettings.CanRenewSession               = scParameters.CanRenewSession;
                    sessionClientSettings.KeyRolloverInterval           = this.LocalClientSettings.SessionKeyRolloverInterval;
                    sessionClientSettings.TolerateTransportFailures     = this.LocalClientSettings.ReconnectTransportOnFailure;
                    sessionClientSettings.IssuedSecurityTokenParameters = scParameters.Clone();
                    ((SecureConversationSecurityTokenParameters)sessionClientSettings.IssuedSecurityTokenParameters).IssuerBindingContext = issuerBindingContext;
                    sessionClientSettings.SecurityStandardsManager = sessionFactory.StandardsManager;
                    sessionClientSettings.SessionProtocolFactory   = sessionFactory;
                    channelFactory = new SecurityChannelFactory <TChannel>(securityCapabilities, context, sessionClientSettings);
                }
                else
                {
                    SymmetricSecurityProtocolFactory protocolFactory = new SymmetricSecurityProtocolFactory();

                    protocolFactory.SecurityTokenParameters = scParameters.Clone();
                    ((SecureConversationSecurityTokenParameters)protocolFactory.SecurityTokenParameters).IssuerBindingContext = scIssuerBindingContext;
                    protocolFactory.ApplyConfidentiality           = true;
                    protocolFactory.RequireConfidentiality         = true;
                    protocolFactory.ApplyIntegrity                 = true;
                    protocolFactory.RequireIntegrity               = true;
                    protocolFactory.IdentityVerifier               = this.LocalClientSettings.IdentityVerifier;
                    protocolFactory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
                    protocolFactory.MessageProtectionOrder         = this.MessageProtectionOrder;
                    protocolFactory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, false));
                    base.ConfigureProtocolFactory(protocolFactory, credentialsManager, false, issuerBindingContext, context.Binding);

                    channelFactory = new SecurityChannelFactory <TChannel>(securityCapabilities, context, channelBuilder, protocolFactory);
                }
            }
            else
            {
                SecurityProtocolFactory protocolFactory = this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, false, issuerBindingContext);
                channelFactory = new SecurityChannelFactory <TChannel>(securityCapabilities, context, channelBuilder, protocolFactory);
            }

            return(channelFactory);
        }
 internal static ChannelProtectionRequirements CreateFromContractAndUnionResponseProtectionRequirements(ContractDescription contract, ISecurityCapabilities bindingElement, bool isForClient)
 {
     ChannelProtectionRequirements requirements = CreateFromContract(contract, bindingElement.SupportedRequestProtectionLevel, bindingElement.SupportedResponseProtectionLevel, isForClient);
     ChannelProtectionRequirements requirements2 = new ChannelProtectionRequirements();
     requirements2.OutgoingEncryptionParts.AddParts(UnionMessagePartSpecifications(requirements.OutgoingEncryptionParts), "*");
     requirements2.OutgoingSignatureParts.AddParts(UnionMessagePartSpecifications(requirements.OutgoingSignatureParts), "*");
     requirements.IncomingEncryptionParts.CopyTo(requirements2.IncomingEncryptionParts);
     requirements.IncomingSignatureParts.CopyTo(requirements2.IncomingSignatureParts);
     return requirements2;
 }
        protected override IChannelFactory <TChannel> BuildChannelFactoryCore <TChannel>(BindingContext context)
        {
            ISecurityCapabilities      property           = this.GetProperty <ISecurityCapabilities>(context);
            SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>();

            if (credentialsManager == null)
            {
                credentialsManager = ClientCredentials.CreateDefaultCredentials();
            }
            SecureConversationSecurityTokenParameters item = null;

            if (base.EndpointSupportingTokenParameters.Endorsing.Count > 0)
            {
                item = base.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters;
            }
            bool           addChannelDemuxerIfRequired = this.RequiresChannelDemuxer();
            ChannelBuilder builder = new ChannelBuilder(context, addChannelDemuxerIfRequired);

            if (addChannelDemuxerIfRequired)
            {
                base.ApplyPropertiesOnDemuxer(builder, context);
            }
            BindingContext issuerBindingContext = context.Clone();

            if (item != null)
            {
                if (item.BootstrapSecurityBindingElement == null)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("SecureConversationSecurityTokenParametersRequireBootstrapBinding")));
                }
                item.IssuerBindingContext = issuerBindingContext;
                if (item.RequireCancellation)
                {
                    SessionSymmetricTransportSecurityProtocolFactory factory2 = new SessionSymmetricTransportSecurityProtocolFactory {
                        SecurityTokenParameters = item.Clone()
                    };
                    ((SecureConversationSecurityTokenParameters)factory2.SecurityTokenParameters).IssuerBindingContext = issuerBindingContext;
                    base.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
                    try
                    {
                        base.ConfigureProtocolFactory(factory2, credentialsManager, false, issuerBindingContext, context.Binding);
                    }
                    finally
                    {
                        base.EndpointSupportingTokenParameters.Endorsing.Insert(0, item);
                    }
                    SecuritySessionClientSettings <TChannel> sessionClientSettings = new SecuritySessionClientSettings <TChannel> {
                        ChannelBuilder                = builder,
                        KeyRenewalInterval            = base.LocalClientSettings.SessionKeyRenewalInterval,
                        KeyRolloverInterval           = base.LocalClientSettings.SessionKeyRolloverInterval,
                        TolerateTransportFailures     = base.LocalClientSettings.ReconnectTransportOnFailure,
                        CanRenewSession               = item.CanRenewSession,
                        IssuedSecurityTokenParameters = item.Clone()
                    };
                    ((SecureConversationSecurityTokenParameters)sessionClientSettings.IssuedSecurityTokenParameters).IssuerBindingContext = issuerBindingContext;
                    sessionClientSettings.SecurityStandardsManager = factory2.StandardsManager;
                    sessionClientSettings.SessionProtocolFactory   = factory2;
                    return(new SecurityChannelFactory <TChannel>(property, context, sessionClientSettings));
                }
                TransportSecurityProtocolFactory factory = new TransportSecurityProtocolFactory();
                base.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
                try
                {
                    base.ConfigureProtocolFactory(factory, credentialsManager, false, issuerBindingContext, context.Binding);
                    SecureConversationSecurityTokenParameters parameters2 = (SecureConversationSecurityTokenParameters)item.Clone();
                    parameters2.IssuerBindingContext = issuerBindingContext;
                    factory.SecurityBindingElement.EndpointSupportingTokenParameters.Endorsing.Insert(0, parameters2);
                }
                finally
                {
                    base.EndpointSupportingTokenParameters.Endorsing.Insert(0, item);
                }
                return(new SecurityChannelFactory <TChannel>(property, context, builder, factory));
            }
            return(new SecurityChannelFactory <TChannel>(property, context, builder, this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, false, issuerBindingContext)));
        }
        protected override IChannelFactory <TChannel> BuildChannelFactoryCore <TChannel>(BindingContext context)
        {
            ISecurityCapabilities      securityCapabilities = this.GetProperty <ISecurityCapabilities>(context);
            SecurityCredentialsManager credentialsManager   = context.BindingParameters.Find <SecurityCredentialsManager>();

            if (credentialsManager == null)
            {
                credentialsManager = ClientCredentials.CreateDefaultCredentials();
            }

            SecureConversationSecurityTokenParameters scParameters = null;

            if (this.EndpointSupportingTokenParameters.Endorsing.Count > 0)
            {
                scParameters = this.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters;
            }

            // This adds the demuxer element to the context

            bool           requireDemuxer = RequiresChannelDemuxer();
            ChannelBuilder channelBuilder = new ChannelBuilder(context, requireDemuxer);

            if (requireDemuxer)
            {
                ApplyPropertiesOnDemuxer(channelBuilder, context);
            }
            BindingContext issuerBindingContext = context.Clone();

            SecurityChannelFactory <TChannel> channelFactory;

            if (scParameters != null)
            {
                if (scParameters.BootstrapSecurityBindingElement == null)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SecureConversationSecurityTokenParametersRequireBootstrapBinding)));
                }

                scParameters.IssuerBindingContext = issuerBindingContext;
                if (scParameters.RequireCancellation)
                {
                    SessionSymmetricTransportSecurityProtocolFactory sessionFactory = new SessionSymmetricTransportSecurityProtocolFactory();
                    sessionFactory.SecurityTokenParameters = scParameters.Clone();
                    ((SecureConversationSecurityTokenParameters)sessionFactory.SecurityTokenParameters).IssuerBindingContext = issuerBindingContext;
                    this.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
                    try
                    {
                        base.ConfigureProtocolFactory(sessionFactory, credentialsManager, false, issuerBindingContext, context.Binding);
                    }
                    finally
                    {
                        this.EndpointSupportingTokenParameters.Endorsing.Insert(0, scParameters);
                    }

                    SecuritySessionClientSettings <TChannel> sessionClientSettings = new SecuritySessionClientSettings <TChannel>();
                    sessionClientSettings.ChannelBuilder                = channelBuilder;
                    sessionClientSettings.KeyRenewalInterval            = this.LocalClientSettings.SessionKeyRenewalInterval;
                    sessionClientSettings.KeyRolloverInterval           = this.LocalClientSettings.SessionKeyRolloverInterval;
                    sessionClientSettings.TolerateTransportFailures     = this.LocalClientSettings.ReconnectTransportOnFailure;
                    sessionClientSettings.CanRenewSession               = scParameters.CanRenewSession;
                    sessionClientSettings.IssuedSecurityTokenParameters = scParameters.Clone();
                    ((SecureConversationSecurityTokenParameters)sessionClientSettings.IssuedSecurityTokenParameters).IssuerBindingContext = issuerBindingContext;
                    sessionClientSettings.SecurityStandardsManager = sessionFactory.StandardsManager;
                    sessionClientSettings.SessionProtocolFactory   = sessionFactory;
                    channelFactory = new SecurityChannelFactory <TChannel>(securityCapabilities, context, sessionClientSettings);
                }
                else
                {
                    TransportSecurityProtocolFactory protocolFactory = new TransportSecurityProtocolFactory();
                    this.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
                    try
                    {
                        base.ConfigureProtocolFactory(protocolFactory, credentialsManager, false, issuerBindingContext, context.Binding);
                        SecureConversationSecurityTokenParameters acceleratedTokenParameters = (SecureConversationSecurityTokenParameters)scParameters.Clone();
                        acceleratedTokenParameters.IssuerBindingContext = issuerBindingContext;
                        protocolFactory.SecurityBindingElement.EndpointSupportingTokenParameters.Endorsing.Insert(0, acceleratedTokenParameters);
                    }
                    finally
                    {
                        this.EndpointSupportingTokenParameters.Endorsing.Insert(0, scParameters);
                    }

                    channelFactory = new SecurityChannelFactory <TChannel>(securityCapabilities, context, channelBuilder, protocolFactory);
                }
            }
            else
            {
                SecurityProtocolFactory protocolFactory = this.CreateSecurityProtocolFactory <TChannel>(
                    context, credentialsManager, false, issuerBindingContext);
                channelFactory = new SecurityChannelFactory <TChannel>(securityCapabilities, context, channelBuilder, protocolFactory);
            }

            return(channelFactory);
        }
 internal static ChannelProtectionRequirements CreateFromContract(ContractDescription contract, ISecurityCapabilities bindingElement, bool isForClient)
 {
     return(CreateFromContract(contract, bindingElement.SupportedRequestProtectionLevel, bindingElement.SupportedResponseProtectionLevel, isForClient));
 }
        /*internal override bool RequiresChannelDemuxer()
         * {
         * if (!base.RequiresChannelDemuxer())
         *  return this.RequiresChannelDemuxer(this.ProtectionTokenParameters);
         * return true;
         * }*/

        protected override IChannelFactory <TChannel> BuildChannelFactoryCore <TChannel>(BindingContext context)
        {
            ISecurityCapabilities      property           = this.GetProperty <ISecurityCapabilities>(context);
            SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>() ?? (SecurityCredentialsManager)ClientCredentials.CreateDefaultCredentials();
            bool           addChannelDemuxerIfRequired    = this.RequiresChannelDemuxer();
            ChannelBuilder channelBuilder = new ChannelBuilder(context, addChannelDemuxerIfRequired);

            if (addChannelDemuxerIfRequired)
            {
#if FEATURE_CORECLR
                throw new NotImplementedException("ApplyPropertiesOnDemuxer is not supported in .NET Core");
#else
                this.ApplyPropertiesOnDemuxer(channelBuilder, context);
#endif
            }
            BindingContext bindingContext1 = context.Clone();
            SecurityChannelFactory <TChannel> securityChannelFactory;
            if (this.ProtectionTokenParameters is SecureConversationSecurityTokenParameters)
            {
                SecureConversationSecurityTokenParameters protectionTokenParameters = (SecureConversationSecurityTokenParameters)this.ProtectionTokenParameters;
                if (protectionTokenParameters.BootstrapSecurityBindingElement == null)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError((Exception) new InvalidOperationException(SR.GetString("SecureConversationSecurityTokenParametersRequireBootstrapBinding")));
                }
                BindingContext bindingContext2 = bindingContext1.Clone();
                bindingContext2.BindingParameters.Remove <ChannelProtectionRequirements>();
// BootstrapProtectionRequirements not supported
//         bindingContext2.BindingParameters.Add((object) protectionTokenParameters.BootstrapProtectionRequirements);
                if (protectionTokenParameters.RequireCancellation)
                {
                    SessionSymmetricMessageSecurityProtocolFactory securityProtocolFactory = new SessionSymmetricMessageSecurityProtocolFactory();
                    securityProtocolFactory.SecurityTokenParameters = protectionTokenParameters.Clone();
                    ((SecureConversationSecurityTokenParameters)securityProtocolFactory.SecurityTokenParameters).IssuerBindingContext = bindingContext2;
                    securityProtocolFactory.ApplyConfidentiality           = true;
                    securityProtocolFactory.RequireConfidentiality         = true;
                    securityProtocolFactory.ApplyIntegrity                 = true;
                    securityProtocolFactory.RequireIntegrity               = true;
                    securityProtocolFactory.IdentityVerifier               = this.LocalClientSettings.IdentityVerifier;
                    securityProtocolFactory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
                    securityProtocolFactory.MessageProtectionOrder         = this.MessageProtectionOrder;
                    securityProtocolFactory.IdentityVerifier               = this.LocalClientSettings.IdentityVerifier;
                    securityProtocolFactory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements((SecurityBindingElement)this, context.BindingParameters, context.Binding.Elements, false));
                    this.ConfigureProtocolFactory((SecurityProtocolFactory)securityProtocolFactory, credentialsManager, false, bindingContext1, (Binding)context.Binding);
                    SecuritySessionClientSettings <TChannel> sessionClientSettings = new SecuritySessionClientSettings <TChannel>();
                    sessionClientSettings.ChannelBuilder                = channelBuilder;
                    sessionClientSettings.KeyRenewalInterval            = this.LocalClientSettings.SessionKeyRenewalInterval;
                    sessionClientSettings.CanRenewSession               = protectionTokenParameters.CanRenewSession;
                    sessionClientSettings.KeyRolloverInterval           = this.LocalClientSettings.SessionKeyRolloverInterval;
                    sessionClientSettings.TolerateTransportFailures     = this.LocalClientSettings.ReconnectTransportOnFailure;
                    sessionClientSettings.IssuedSecurityTokenParameters = protectionTokenParameters.Clone();
                    ((SecureConversationSecurityTokenParameters)sessionClientSettings.IssuedSecurityTokenParameters).IssuerBindingContext = bindingContext1;
                    sessionClientSettings.SecurityStandardsManager = securityProtocolFactory.StandardsManager;
                    Console.WriteLine("Assigned sessionClientSettings.SessionProtocolFactory");
                    sessionClientSettings.SessionProtocolFactory = (SecurityProtocolFactory)securityProtocolFactory;
                    securityChannelFactory = new SecurityChannelFactory <TChannel>(property, context, sessionClientSettings);
                }
                else
                {
#if FEATURE_CORECLR
                    throw new NotImplementedException("SymmetricSecurityProtocolFactory not supported in .NET Core");
#else
                    SymmetricSecurityProtocolFactory securityProtocolFactory = new SymmetricSecurityProtocolFactory();
                    securityProtocolFactory.SecurityTokenParameters = protectionTokenParameters.Clone();
                    ((SecureConversationSecurityTokenParameters)securityProtocolFactory.SecurityTokenParameters).IssuerBindingContext = bindingContext2;
                    securityProtocolFactory.ApplyConfidentiality           = true;
                    securityProtocolFactory.RequireConfidentiality         = true;
                    securityProtocolFactory.ApplyIntegrity                 = true;
                    securityProtocolFactory.RequireIntegrity               = true;
                    securityProtocolFactory.IdentityVerifier               = this.LocalClientSettings.IdentityVerifier;
                    securityProtocolFactory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
                    securityProtocolFactory.MessageProtectionOrder         = this.MessageProtectionOrder;
                    securityProtocolFactory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements((SecurityBindingElement)this, context.BindingParameters, context.Binding.Elements, false));
                    this.ConfigureProtocolFactory((SecurityProtocolFactory)securityProtocolFactory, credentialsManager, false, bindingContext1, (Binding)context.Binding);
                    securityChannelFactory = new SecurityChannelFactory <TChannel>(property, context, channelBuilder, (SecurityProtocolFactory)securityProtocolFactory);
#endif
                }
            }
            else
            {
                SecurityProtocolFactory securityProtocolFactory = this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, false, bindingContext1);
                securityChannelFactory = new SecurityChannelFactory <TChannel>(property, context, channelBuilder, securityProtocolFactory);
            }
            return((IChannelFactory <TChannel>)securityChannelFactory);
        }
 internal static ChannelProtectionRequirements CreateFromContract(ContractDescription contract, ISecurityCapabilities bindingElement, bool isForClient)
 {
     return CreateFromContract(contract, bindingElement.SupportedRequestProtectionLevel, bindingElement.SupportedResponseProtectionLevel, isForClient);
 }
Esempio n. 22
0
 public SecurityChannelFactory(ISecurityCapabilities securityCapabilities, BindingContext context, System.ServiceModel.Channels.ChannelBuilder channelBuilder, System.ServiceModel.Security.SecurityProtocolFactory protocolFactory) : this(securityCapabilities, context, channelBuilder, protocolFactory, channelBuilder.BuildChannelFactory <TChannel>())
 {
 }
Esempio n. 23
0
        internal static ChannelProtectionRequirements CreateFromContractAndUnionResponseProtectionRequirements(ContractDescription contract, ISecurityCapabilities bindingElement)
        {
            var contractRequirements = CreateFromContract(contract, bindingElement.SupportedRequestProtectionLevel, bindingElement.SupportedResponseProtectionLevel);
            var result = new ChannelProtectionRequirements();

            result.OutgoingEncryptionParts.AddParts(UnionMessagePartSpecifications(contractRequirements.OutgoingEncryptionParts), MessageHeaders.WildcardAction);
            result.OutgoingSignatureParts.AddParts(UnionMessagePartSpecifications(contractRequirements.OutgoingSignatureParts), MessageHeaders.WildcardAction);
            contractRequirements.IncomingEncryptionParts.CopyTo(result.IncomingEncryptionParts);
            contractRequirements.IncomingSignatureParts.CopyTo(result.IncomingSignatureParts);
            return(result);
        }
Esempio n. 24
0
 public SecurityChannelFactory(ISecurityCapabilities securityCapabilities, BindingContext context, SecuritySessionClientSettings <TChannel> sessionClientSettings) : this(securityCapabilities, context, sessionClientSettings.ChannelBuilder, sessionClientSettings.CreateInnerChannelFactory())
 {
     this.sessionMode           = true;
     this.sessionClientSettings = sessionClientSettings;
 }
Esempio n. 25
0
        internal HttpChannelFactory(HttpTransportBindingElement bindingElement, BindingContext context)
            : base(bindingElement, context, HttpTransportDefaults.GetDefaultMessageEncoderFactory())
        {
            // validate setting interactions
            if (bindingElement.TransferMode == TransferMode.Buffered)
            {
                if (bindingElement.MaxReceivedMessageSize > int.MaxValue)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(
                              new ArgumentOutOfRangeException("bindingElement.MaxReceivedMessageSize",
                                                              SR.MaxReceivedMessageSizeMustBeInIntegerRange));
                }

                if (bindingElement.MaxBufferSize != bindingElement.MaxReceivedMessageSize)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("bindingElement",
                                                                                 SR.MaxBufferSizeMustMatchMaxReceivedMessageSize);
                }
            }
            else
            {
                if (bindingElement.MaxBufferSize > bindingElement.MaxReceivedMessageSize)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("bindingElement",
                                                                                 SR.MaxBufferSizeMustNotExceedMaxReceivedMessageSize);
                }
            }

            if (TransferModeHelper.IsRequestStreamed(bindingElement.TransferMode) &&
                bindingElement.AuthenticationScheme != AuthenticationSchemes.Anonymous)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("bindingElement",
                                                                             SR.HttpAuthDoesNotSupportRequestStreaming);
            }

            _allowCookies = bindingElement.AllowCookies;

            if (_allowCookies)
            {
                _httpCookieContainerManager = new HttpCookieContainerManager();
            }

            if (!bindingElement.AuthenticationScheme.IsSingleton())
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("value", SR.Format(SR.HttpRequiresSingleAuthScheme,
                                                                                                bindingElement.AuthenticationScheme));
            }
            _authenticationScheme = bindingElement.AuthenticationScheme;
            _maxBufferSize        = bindingElement.MaxBufferSize;
            _transferMode         = bindingElement.TransferMode;
            _useDefaultWebProxy   = bindingElement.UseDefaultWebProxy;

            _channelCredentials   = context.BindingParameters.Find <SecurityCredentialsManager>();
            _securityCapabilities = bindingElement.GetProperty <ISecurityCapabilities>(context);

            _webSocketSettings = WebSocketHelper.GetRuntimeWebSocketSettings(bindingElement.WebSocketSettings);
            int webSocketBufferSize = WebSocketHelper.ComputeClientBufferSize(MaxReceivedMessageSize);

            _bufferPool               = new ConnectionBufferPool(webSocketBufferSize);
            _clientWebSocketFactory   = ClientWebSocketFactory.GetFactory();
            _webSocketSoapContentType = new Lazy <string>(() => MessageEncoderFactory.CreateSessionEncoder().ContentType, LazyThreadSafetyMode.ExecutionAndPublication);
        }
Esempio n. 26
0
 private SecurityChannelFactory(ISecurityCapabilities securityCapabilities, BindingContext context, System.ServiceModel.Channels.ChannelBuilder channelBuilder, IChannelFactory innerChannelFactory) : base(context.Binding, innerChannelFactory)
 {
     this.channelBuilder       = channelBuilder;
     this.messageVersion       = context.Binding.MessageVersion;
     this.securityCapabilities = securityCapabilities;
 }
        protected override IChannelFactory <TChannel> BuildChannelFactoryCore <TChannel>(BindingContext context)
        {
            ISecurityCapabilities      property           = this.GetProperty <ISecurityCapabilities>(context);
            SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>();

            if (credentialsManager == null)
            {
                credentialsManager = ClientCredentials.CreateDefaultCredentials();
            }
            bool           addChannelDemuxerIfRequired = this.RequiresChannelDemuxer();
            ChannelBuilder builder = new ChannelBuilder(context, addChannelDemuxerIfRequired);

            if (addChannelDemuxerIfRequired)
            {
                base.ApplyPropertiesOnDemuxer(builder, context);
            }
            BindingContext issuerBindingContext = context.Clone();

            if (this.ProtectionTokenParameters is SecureConversationSecurityTokenParameters)
            {
                SecureConversationSecurityTokenParameters protectionTokenParameters = (SecureConversationSecurityTokenParameters)this.ProtectionTokenParameters;
                if (protectionTokenParameters.BootstrapSecurityBindingElement == null)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("SecureConversationSecurityTokenParametersRequireBootstrapBinding")));
                }
                BindingContext context3 = issuerBindingContext.Clone();
                context3.BindingParameters.Remove <ChannelProtectionRequirements>();
                context3.BindingParameters.Add(protectionTokenParameters.BootstrapProtectionRequirements);
                if (protectionTokenParameters.RequireCancellation)
                {
                    SessionSymmetricMessageSecurityProtocolFactory factory2 = new SessionSymmetricMessageSecurityProtocolFactory {
                        SecurityTokenParameters = protectionTokenParameters.Clone()
                    };
                    ((SecureConversationSecurityTokenParameters)factory2.SecurityTokenParameters).IssuerBindingContext = context3;
                    factory2.ApplyConfidentiality           = true;
                    factory2.RequireConfidentiality         = true;
                    factory2.ApplyIntegrity                 = true;
                    factory2.RequireIntegrity               = true;
                    factory2.IdentityVerifier               = base.LocalClientSettings.IdentityVerifier;
                    factory2.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
                    factory2.MessageProtectionOrder         = this.MessageProtectionOrder;
                    factory2.IdentityVerifier               = base.LocalClientSettings.IdentityVerifier;
                    factory2.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, false));
                    base.ConfigureProtocolFactory(factory2, credentialsManager, false, issuerBindingContext, context.Binding);
                    SecuritySessionClientSettings <TChannel> sessionClientSettings = new SecuritySessionClientSettings <TChannel> {
                        ChannelBuilder                = builder,
                        KeyRenewalInterval            = base.LocalClientSettings.SessionKeyRenewalInterval,
                        CanRenewSession               = protectionTokenParameters.CanRenewSession,
                        KeyRolloverInterval           = base.LocalClientSettings.SessionKeyRolloverInterval,
                        TolerateTransportFailures     = base.LocalClientSettings.ReconnectTransportOnFailure,
                        IssuedSecurityTokenParameters = protectionTokenParameters.Clone()
                    };
                    ((SecureConversationSecurityTokenParameters)sessionClientSettings.IssuedSecurityTokenParameters).IssuerBindingContext = issuerBindingContext;
                    sessionClientSettings.SecurityStandardsManager = factory2.StandardsManager;
                    sessionClientSettings.SessionProtocolFactory   = factory2;
                    return(new SecurityChannelFactory <TChannel>(property, context, sessionClientSettings));
                }
                SymmetricSecurityProtocolFactory factory = new SymmetricSecurityProtocolFactory {
                    SecurityTokenParameters = protectionTokenParameters.Clone()
                };
                ((SecureConversationSecurityTokenParameters)factory.SecurityTokenParameters).IssuerBindingContext = context3;
                factory.ApplyConfidentiality           = true;
                factory.RequireConfidentiality         = true;
                factory.ApplyIntegrity                 = true;
                factory.RequireIntegrity               = true;
                factory.IdentityVerifier               = base.LocalClientSettings.IdentityVerifier;
                factory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
                factory.MessageProtectionOrder         = this.MessageProtectionOrder;
                factory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, false));
                base.ConfigureProtocolFactory(factory, credentialsManager, false, issuerBindingContext, context.Binding);
                return(new SecurityChannelFactory <TChannel>(property, context, builder, factory));
            }
            return(new SecurityChannelFactory <TChannel>(property, context, builder, this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, false, issuerBindingContext)));
        }
Esempio n. 28
0
 public SecurityChannelFactory(ISecurityCapabilities securityCapabilities, BindingContext context, System.ServiceModel.Channels.ChannelBuilder channelBuilder, System.ServiceModel.Security.SecurityProtocolFactory protocolFactory, IChannelFactory innerChannelFactory) : this(securityCapabilities, context, channelBuilder, innerChannelFactory)
 {
     this.securityProtocolFactory = protocolFactory;
 }
Esempio n. 29
0
        private void InitializeFactories()
        {
            IChannelFactory <IRequestChannel> factory3;
            ISecurityCapabilities             property           = this.BootstrapSecurityBindingElement.GetProperty <ISecurityCapabilities>(this.IssuerBindingContext);
            SecurityCredentialsManager        credentialsManager = this.IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>();

            if (credentialsManager == null)
            {
                credentialsManager = ClientCredentials.CreateDefaultCredentials();
            }
            BindingContext issuerBindingContext = this.IssuerBindingContext;

            this.bootstrapSecurityBindingElement.ReaderQuotas = issuerBindingContext.GetInnerProperty <XmlDictionaryReaderQuotas>();
            if (this.bootstrapSecurityBindingElement.ReaderQuotas == null)
            {
                throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("EncodingBindingElementDoesNotHandleReaderQuotas")));
            }
            TransportBindingElement element = issuerBindingContext.RemainingBindingElements.Find <TransportBindingElement>();

            if (element != null)
            {
                this.bootstrapSecurityBindingElement.MaxReceivedMessageSize = element.MaxReceivedMessageSize;
            }
            SecurityProtocolFactory protocolFactory = this.BootstrapSecurityBindingElement.CreateSecurityProtocolFactory <IRequestChannel>(this.IssuerBindingContext.Clone(), credentialsManager, false, this.IssuerBindingContext.Clone());

            if (protocolFactory is MessageSecurityProtocolFactory)
            {
                MessageSecurityProtocolFactory factory2 = protocolFactory as MessageSecurityProtocolFactory;
                factory2.ApplyConfidentiality = factory2.ApplyIntegrity = factory2.RequireConfidentiality = factory2.RequireIntegrity = true;
                factory2.ProtectionRequirements.IncomingSignatureParts.ChannelParts.IsBodyIncluded = true;
                factory2.ProtectionRequirements.OutgoingSignatureParts.ChannelParts.IsBodyIncluded = true;
                MessagePartSpecification parts = new MessagePartSpecification(true);
                factory2.ProtectionRequirements.IncomingSignatureParts.AddParts(parts, this.IssueAction);
                factory2.ProtectionRequirements.IncomingEncryptionParts.AddParts(parts, this.IssueAction);
                factory2.ProtectionRequirements.IncomingSignatureParts.AddParts(parts, this.RenewAction);
                factory2.ProtectionRequirements.IncomingEncryptionParts.AddParts(parts, this.RenewAction);
                factory2.ProtectionRequirements.OutgoingSignatureParts.AddParts(parts, this.IssueResponseAction);
                factory2.ProtectionRequirements.OutgoingEncryptionParts.AddParts(parts, this.IssueResponseAction);
                factory2.ProtectionRequirements.OutgoingSignatureParts.AddParts(parts, this.RenewResponseAction);
                factory2.ProtectionRequirements.OutgoingEncryptionParts.AddParts(parts, this.RenewResponseAction);
            }
            protocolFactory.PrivacyNoticeUri     = this.PrivacyNoticeUri;
            protocolFactory.PrivacyNoticeVersion = this.privacyNoticeVersion;
            if (this.localAddress != null)
            {
                MessageFilter filter = new SessionActionFilter(this.standardsManager, new string[] { this.IssueResponseAction.Value, this.RenewResponseAction.Value });
                issuerBindingContext.BindingParameters.Add(new LocalAddressProvider(this.localAddress, filter));
            }
            ChannelBuilder channelBuilder = new ChannelBuilder(issuerBindingContext, true);

            if (channelBuilder.CanBuildChannelFactory <IRequestChannel>())
            {
                factory3 = channelBuilder.BuildChannelFactory <IRequestChannel>();
                this.requiresManualReplyAddressing = true;
            }
            else
            {
                ClientRuntime clientRuntime = new ClientRuntime("RequestSecuritySession", "http://tempuri.org/")
                {
                    UseSynchronizationContext    = false,
                    AddTransactionFlowProperties = false,
                    ValidateMustUnderstand       = false
                };
                ServiceChannelFactory serviceChannelFactory = ServiceChannelFactory.BuildChannelFactory(channelBuilder, clientRuntime);
                ClientOperation       item = new ClientOperation(serviceChannelFactory.ClientRuntime, "Issue", this.IssueAction.Value)
                {
                    Formatter = operationFormatter
                };
                serviceChannelFactory.ClientRuntime.Operations.Add(item);
                ClientOperation operation2 = new ClientOperation(serviceChannelFactory.ClientRuntime, "Renew", this.RenewAction.Value)
                {
                    Formatter = operationFormatter
                };
                serviceChannelFactory.ClientRuntime.Operations.Add(operation2);
                factory3 = new RequestChannelFactory(serviceChannelFactory);
                this.requiresManualReplyAddressing = false;
            }
            SecurityChannelFactory <IRequestChannel> factory5 = new SecurityChannelFactory <IRequestChannel>(property, this.IssuerBindingContext, channelBuilder, protocolFactory, factory3);

            if ((element != null) && (factory5.SecurityProtocolFactory != null))
            {
                factory5.SecurityProtocolFactory.ExtendedProtectionPolicy = element.GetProperty <ExtendedProtectionPolicy>(issuerBindingContext);
            }
            this.rstChannelFactory = factory5;
            this.messageVersion    = factory5.MessageVersion;
        }
        internal static ChannelProtectionRequirements CreateFromContractAndUnionResponseProtectionRequirements(ContractDescription contract, ISecurityCapabilities bindingElement, bool isForClient)
        {
            ChannelProtectionRequirements contractRequirements = CreateFromContract(contract, bindingElement.SupportedRequestProtectionLevel, bindingElement.SupportedResponseProtectionLevel, isForClient);
            // union all the protection requirements for the response actions
            ChannelProtectionRequirements result = new ChannelProtectionRequirements();

            if (isForClient)
            {
                result.IncomingEncryptionParts.AddParts(UnionMessagePartSpecifications(contractRequirements.IncomingEncryptionParts), MessageHeaders.WildcardAction);
                result.IncomingSignatureParts.AddParts(UnionMessagePartSpecifications(contractRequirements.IncomingSignatureParts), MessageHeaders.WildcardAction);
                contractRequirements.OutgoingEncryptionParts.CopyTo(result.OutgoingEncryptionParts);
                contractRequirements.OutgoingSignatureParts.CopyTo(result.OutgoingSignatureParts);
            }
            else
            {
                result.OutgoingEncryptionParts.AddParts(UnionMessagePartSpecifications(contractRequirements.OutgoingEncryptionParts), MessageHeaders.WildcardAction);
                result.OutgoingSignatureParts.AddParts(UnionMessagePartSpecifications(contractRequirements.OutgoingSignatureParts), MessageHeaders.WildcardAction);
                contractRequirements.IncomingEncryptionParts.CopyTo(result.IncomingEncryptionParts);
                contractRequirements.IncomingSignatureParts.CopyTo(result.IncomingSignatureParts);
            }
            return result;
        }
Esempio n. 31
0
        private void InitializeFactories()
        {
            ISecurityCapabilities      securityCapabilities = BootstrapSecurityBindingElement.GetProperty <ISecurityCapabilities>(IssuerBindingContext);
            SecurityCredentialsManager securityCredentials  = IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>();

            if (securityCredentials == null)
            {
                securityCredentials = ClientCredentials.CreateDefaultCredentials();
            }

            BindingContext context = IssuerBindingContext;

            _bootstrapSecurityBindingElement.ReaderQuotas = context.GetInnerProperty <XmlDictionaryReaderQuotas>();
            if (_bootstrapSecurityBindingElement.ReaderQuotas == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.EncodingBindingElementDoesNotHandleReaderQuotas));
            }

            TransportBindingElement transportBindingElement = context.RemainingBindingElements.Find <TransportBindingElement>();

            if (transportBindingElement != null)
            {
                _bootstrapSecurityBindingElement.MaxReceivedMessageSize = transportBindingElement.MaxReceivedMessageSize;
            }

            SecurityProtocolFactory securityProtocolFactory = BootstrapSecurityBindingElement.CreateSecurityProtocolFactory <IRequestChannel>(IssuerBindingContext.Clone(), securityCredentials, false, IssuerBindingContext.Clone());

            if (_localAddress != null)
            {
                MessageFilter issueAndRenewFilter = new SessionActionFilter(_standardsManager, IssueResponseAction.Value, RenewResponseAction.Value);
                context.BindingParameters.Add(new LocalAddressProvider(_localAddress, issueAndRenewFilter));
            }

            ChannelBuilder  channelBuilder = new ChannelBuilder(context, true);
            IChannelFactory innerChannelFactory;

            // if the underlying transport does not support request/reply, wrap it inside
            // a service channel factory.
            if (channelBuilder.CanBuildChannelFactory <IRequestChannel>())
            {
                innerChannelFactory            = channelBuilder.BuildChannelFactory <IRequestChannel>();
                _requiresManualReplyAddressing = true;
            }
            else
            {
                ClientRuntime clientRuntime = new ClientRuntime("RequestSecuritySession", NamingHelper.DefaultNamespace);
                clientRuntime.UseSynchronizationContext    = false;
                clientRuntime.AddTransactionFlowProperties = false;
                clientRuntime.ValidateMustUnderstand       = false;
                ServiceChannelFactory serviceChannelFactory = ServiceChannelFactory.BuildChannelFactory(channelBuilder, clientRuntime);

                ClientOperation issueOperation = new ClientOperation(serviceChannelFactory.ClientRuntime, "Issue", IssueAction.Value);
                issueOperation.Formatter = s_operationFormatter;
                serviceChannelFactory.ClientRuntime.Operations.Add(issueOperation);

                ClientOperation renewOperation = new ClientOperation(serviceChannelFactory.ClientRuntime, "Renew", RenewAction.Value);
                renewOperation.Formatter = s_operationFormatter;
                serviceChannelFactory.ClientRuntime.Operations.Add(renewOperation);
                innerChannelFactory            = new RequestChannelFactory(serviceChannelFactory);
                _requiresManualReplyAddressing = false;
            }

            SecurityChannelFactory <IAsyncRequestChannel> securityChannelFactory = new SecurityChannelFactory <IAsyncRequestChannel>(
                securityCapabilities, IssuerBindingContext, channelBuilder, securityProtocolFactory, innerChannelFactory);

            // attach the ExtendedProtectionPolicy to the securityProtcolFactory so it will be
            // available when building the channel.
            if (transportBindingElement != null)
            {
                if (securityChannelFactory.SecurityProtocolFactory != null)
                {
                    securityChannelFactory.SecurityProtocolFactory.ExtendedProtectionPolicy = transportBindingElement.GetProperty <ExtendedProtectionPolicy>(context);
                }
            }

            _rstChannelFactory = securityChannelFactory;
            MessageVersion     = securityChannelFactory.MessageVersion;
        }
        internal static ChannelProtectionRequirements CreateFromContractAndUnionResponseProtectionRequirements(ContractDescription contract, ISecurityCapabilities bindingElement, bool isForClient)
        {
            ChannelProtectionRequirements contractRequirements = CreateFromContract(contract, bindingElement.SupportedRequestProtectionLevel, bindingElement.SupportedResponseProtectionLevel, isForClient);
            // union all the protection requirements for the response actions
            ChannelProtectionRequirements result = new ChannelProtectionRequirements();

            if (isForClient)
            {
                result.IncomingEncryptionParts.AddParts(UnionMessagePartSpecifications(contractRequirements.IncomingEncryptionParts), MessageHeaders.WildcardAction);
                result.IncomingSignatureParts.AddParts(UnionMessagePartSpecifications(contractRequirements.IncomingSignatureParts), MessageHeaders.WildcardAction);
                contractRequirements.OutgoingEncryptionParts.CopyTo(result.OutgoingEncryptionParts);
                contractRequirements.OutgoingSignatureParts.CopyTo(result.OutgoingSignatureParts);
            }
            else
            {
                result.OutgoingEncryptionParts.AddParts(UnionMessagePartSpecifications(contractRequirements.OutgoingEncryptionParts), MessageHeaders.WildcardAction);
                result.OutgoingSignatureParts.AddParts(UnionMessagePartSpecifications(contractRequirements.OutgoingSignatureParts), MessageHeaders.WildcardAction);
                contractRequirements.IncomingEncryptionParts.CopyTo(result.IncomingEncryptionParts);
                contractRequirements.IncomingSignatureParts.CopyTo(result.IncomingSignatureParts);
            }
            return(result);
        }
        void InitializeFactories()
        {
            ISecurityCapabilities      securityCapabilities = this.BootstrapSecurityBindingElement.GetProperty <ISecurityCapabilities>(this.IssuerBindingContext);
            SecurityCredentialsManager securityCredentials  = this.IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>();

            if (securityCredentials == null)
            {
                securityCredentials = ClientCredentials.CreateDefaultCredentials();
            }
            BindingContext context = this.IssuerBindingContext;

            this.bootstrapSecurityBindingElement.ReaderQuotas = context.GetInnerProperty <XmlDictionaryReaderQuotas>();
            if (this.bootstrapSecurityBindingElement.ReaderQuotas == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.EncodingBindingElementDoesNotHandleReaderQuotas)));
            }
            TransportBindingElement transportBindingElement = context.RemainingBindingElements.Find <TransportBindingElement>();

            if (transportBindingElement != null)
            {
                this.bootstrapSecurityBindingElement.MaxReceivedMessageSize = transportBindingElement.MaxReceivedMessageSize;
            }

            SecurityProtocolFactory securityProtocolFactory = this.BootstrapSecurityBindingElement.CreateSecurityProtocolFactory <IRequestChannel>(this.IssuerBindingContext.Clone(), securityCredentials, false, this.IssuerBindingContext.Clone());

            if (securityProtocolFactory is MessageSecurityProtocolFactory)
            {
                MessageSecurityProtocolFactory soapBindingFactory = securityProtocolFactory as MessageSecurityProtocolFactory;
                soapBindingFactory.ApplyConfidentiality             = soapBindingFactory.ApplyIntegrity
                                                                    = soapBindingFactory.RequireConfidentiality = soapBindingFactory.RequireIntegrity = true;

                soapBindingFactory.ProtectionRequirements.IncomingSignatureParts.ChannelParts.IsBodyIncluded = true;
                soapBindingFactory.ProtectionRequirements.OutgoingSignatureParts.ChannelParts.IsBodyIncluded = true;

                MessagePartSpecification bodyPart = new MessagePartSpecification(true);
                soapBindingFactory.ProtectionRequirements.IncomingSignatureParts.AddParts(bodyPart, IssueAction);
                soapBindingFactory.ProtectionRequirements.IncomingEncryptionParts.AddParts(bodyPart, IssueAction);
                soapBindingFactory.ProtectionRequirements.IncomingSignatureParts.AddParts(bodyPart, RenewAction);
                soapBindingFactory.ProtectionRequirements.IncomingEncryptionParts.AddParts(bodyPart, RenewAction);

                soapBindingFactory.ProtectionRequirements.OutgoingSignatureParts.AddParts(bodyPart, IssueResponseAction);
                soapBindingFactory.ProtectionRequirements.OutgoingEncryptionParts.AddParts(bodyPart, IssueResponseAction);
                soapBindingFactory.ProtectionRequirements.OutgoingSignatureParts.AddParts(bodyPart, RenewResponseAction);
                soapBindingFactory.ProtectionRequirements.OutgoingEncryptionParts.AddParts(bodyPart, RenewResponseAction);
            }
            securityProtocolFactory.PrivacyNoticeUri     = this.PrivacyNoticeUri;
            securityProtocolFactory.PrivacyNoticeVersion = this.privacyNoticeVersion;
            if (this.localAddress != null)
            {
                MessageFilter issueAndRenewFilter = new SessionActionFilter(this.standardsManager, this.IssueResponseAction.Value, this.RenewResponseAction.Value);
                context.BindingParameters.Add(new LocalAddressProvider(localAddress, issueAndRenewFilter));
            }
            ChannelBuilder channelBuilder = new ChannelBuilder(context, true);
            IChannelFactory <IRequestChannel> innerChannelFactory;

            // if the underlying transport does not support request/reply, wrap it inside
            // a service channel factory.
            if (channelBuilder.CanBuildChannelFactory <IRequestChannel>())
            {
                innerChannelFactory           = channelBuilder.BuildChannelFactory <IRequestChannel>();
                requiresManualReplyAddressing = true;
            }
            else
            {
                ClientRuntime clientRuntime = new ClientRuntime("RequestSecuritySession", NamingHelper.DefaultNamespace);
                clientRuntime.UseSynchronizationContext    = false;
                clientRuntime.AddTransactionFlowProperties = false;
                clientRuntime.ValidateMustUnderstand       = false;
                ServiceChannelFactory serviceChannelFactory = ServiceChannelFactory.BuildChannelFactory(channelBuilder, clientRuntime);

                ClientOperation issueOperation = new ClientOperation(serviceChannelFactory.ClientRuntime, "Issue", IssueAction.Value);
                issueOperation.Formatter = operationFormatter;
                serviceChannelFactory.ClientRuntime.Operations.Add(issueOperation);

                ClientOperation renewOperation = new ClientOperation(serviceChannelFactory.ClientRuntime, "Renew", RenewAction.Value);
                renewOperation.Formatter = operationFormatter;
                serviceChannelFactory.ClientRuntime.Operations.Add(renewOperation);
                innerChannelFactory           = new RequestChannelFactory(serviceChannelFactory);
                requiresManualReplyAddressing = false;
            }

            SecurityChannelFactory <IRequestChannel> securityChannelFactory = new SecurityChannelFactory <IRequestChannel>(
                securityCapabilities, this.IssuerBindingContext, channelBuilder, securityProtocolFactory, innerChannelFactory);

            // attach the ExtendedProtectionPolicy to the securityProtcolFactory so it will be
            // available when building the channel.
            if (transportBindingElement != null)
            {
                if (securityChannelFactory.SecurityProtocolFactory != null)
                {
                    securityChannelFactory.SecurityProtocolFactory.ExtendedProtectionPolicy = transportBindingElement.GetProperty <ExtendedProtectionPolicy>(context);
                }
            }

            this.rstChannelFactory = securityChannelFactory;
            this.messageVersion    = securityChannelFactory.MessageVersion;
        }