internal SecurityBindingElement CreateSecurityBindingElement(bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version)
{
SecurityBindingElement element;
SecurityBindingElement element3;
if ((this.IssuedKeyType == SecurityKeyType.BearerKey) && (version.TrustVersion == TrustVersion.WSTrustFeb2005))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("BearerKeyIncompatibleWithWSFederationHttpBinding")));
}
if (isReliableSession && !this.EstablishSecurityContext)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("SecureConversationRequiredByReliableSession")));
}
bool emitBspRequiredAttributes = true;
IssuedSecurityTokenParameters issuedTokenParameters = new IssuedSecurityTokenParameters(this.IssuedTokenType, this.IssuerAddress, this.IssuerBinding)
{
IssuerMetadataAddress = this.issuerMetadataAddress,
KeyType = this.IssuedKeyType
};
if (this.IssuedKeyType == SecurityKeyType.SymmetricKey)
{
issuedTokenParameters.KeySize = this.AlgorithmSuite.DefaultSymmetricKeyLength;
}
else
{
issuedTokenParameters.KeySize = 0;
}
foreach (ClaimTypeRequirement requirement in this.claimTypeRequirements)
{
issuedTokenParameters.ClaimTypeRequirements.Add(requirement);
}
foreach (XmlElement element2 in this.TokenRequestParameters)
{
issuedTokenParameters.AdditionalRequestParameters.Add(element2);
}
WSSecurityTokenSerializer tokenSerializer = new WSSecurityTokenSerializer(version.SecurityVersion, version.TrustVersion, version.SecureConversationVersion, emitBspRequiredAttributes, null, null, null);
SecurityStandardsManager standardsManager = new SecurityStandardsManager(version, tokenSerializer);
issuedTokenParameters.AddAlgorithmParameters(this.AlgorithmSuite, standardsManager, this.issuedKeyType);
if (isSecureTransportMode)
{
element3 = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(issuedTokenParameters);
}
else if (this.negotiateServiceCredential)
{
element3 = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(issuedTokenParameters, version.SecurityPolicyVersion != SecurityPolicyVersion.WSSecurityPolicy11);
}
else
{
element3 = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(issuedTokenParameters);
}
element3.MessageSecurityVersion = version;
element3.DefaultAlgorithmSuite = this.AlgorithmSuite;
if (this.EstablishSecurityContext)
{
element = SecurityBindingElement.CreateSecureConversationBindingElement(element3, true);
}
else
{
element = element3;
}
element.MessageSecurityVersion = version;
element.DefaultAlgorithmSuite = this.AlgorithmSuite;
element.IncludeTimestamp = true;
if (!isReliableSession)
{
element.LocalServiceSettings.ReconnectTransportOnFailure = false;
element.LocalClientSettings.ReconnectTransportOnFailure = false;
}
else
{
element.LocalServiceSettings.ReconnectTransportOnFailure = true;
element.LocalClientSettings.ReconnectTransportOnFailure = true;
}
if (this.establishSecurityContext)
{
element3.LocalServiceSettings.IssuedCookieLifetime = NegotiationTokenAuthenticator <SspiNegotiationTokenAuthenticatorState> .defaultServerIssuedTransitionTokenLifetime;
}
return(element);
}
internal SecurityBindingElement CreateSecurityBindingElement(bool isSecureTransportMode,
bool isReliableSession,
MessageSecurityVersion version)
{
if ((this.IssuedKeyType == SecurityKeyType.BearerKey) &&
(version.TrustVersion == TrustVersion.WSTrustFeb2005))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.BearerKeyIncompatibleWithWSFederationHttpBinding)));
}
if (isReliableSession && !this.EstablishSecurityContext)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SecureConversationRequiredByReliableSession)));
}
SecurityBindingElement result;
bool emitBspAttributes = true;
IssuedSecurityTokenParameters issuedParameters = new IssuedSecurityTokenParameters(this.IssuedTokenType, this.IssuerAddress, this.IssuerBinding);
issuedParameters.IssuerMetadataAddress = this.issuerMetadataAddress;
issuedParameters.KeyType = this.IssuedKeyType;
if (this.IssuedKeyType == SecurityKeyType.SymmetricKey)
{
issuedParameters.KeySize = this.AlgorithmSuite.DefaultSymmetricKeyLength;
}
else
{
issuedParameters.KeySize = 0;
}
foreach (ClaimTypeRequirement c in this.claimTypeRequirements)
{
issuedParameters.ClaimTypeRequirements.Add(c);
}
foreach (XmlElement p in this.TokenRequestParameters)
{
issuedParameters.AdditionalRequestParameters.Add(p);
}
WSSecurityTokenSerializer versionSpecificSerializer = new WSSecurityTokenSerializer(version.SecurityVersion,
version.TrustVersion,
version.SecureConversationVersion,
emitBspAttributes,
null, null, null);
SecurityStandardsManager versionSpecificStandardsManager = new SecurityStandardsManager(version, versionSpecificSerializer);
issuedParameters.AddAlgorithmParameters(this.AlgorithmSuite, versionSpecificStandardsManager, this.issuedKeyType);
SecurityBindingElement issuedTokenSecurity;
if (isSecureTransportMode)
{
issuedTokenSecurity = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(issuedParameters);
}
else
{
if (negotiateServiceCredential)
{
// We should have passed 'true' as RequireCancelation to be consistent with other standard bindings.
// However, to limit the change for Orcas, we scope down to just newer version of WSSecurityPolicy.
issuedTokenSecurity = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(issuedParameters, version.SecurityPolicyVersion != SecurityPolicyVersion.WSSecurityPolicy11);
}
else
{
issuedTokenSecurity = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(issuedParameters);
}
}
issuedTokenSecurity.MessageSecurityVersion = version;
issuedTokenSecurity.DefaultAlgorithmSuite = this.AlgorithmSuite;
if (this.EstablishSecurityContext)
{
result = SecurityBindingElement.CreateSecureConversationBindingElement(issuedTokenSecurity, true);
}
else
{
result = issuedTokenSecurity;
}
result.MessageSecurityVersion = version;
result.DefaultAlgorithmSuite = this.AlgorithmSuite;
result.IncludeTimestamp = true;
if (!isReliableSession)
{
result.LocalServiceSettings.ReconnectTransportOnFailure = false;
result.LocalClientSettings.ReconnectTransportOnFailure = false;
}
else
{
result.LocalServiceSettings.ReconnectTransportOnFailure = true;
result.LocalClientSettings.ReconnectTransportOnFailure = true;
}
if (this.establishSecurityContext)
{
// issue the transition SCT for a short duration only
issuedTokenSecurity.LocalServiceSettings.IssuedCookieLifetime = SpnegoTokenAuthenticator.defaultServerIssuedTransitionTokenLifetime;
}
return(result);
}
