static PeerSecurityCredentialsManager GetCredentialsManager(PeerAuthenticationMode mode, bool signing, BindingContext context) { if (mode == PeerAuthenticationMode.None && !signing) { return(null); } ClientCredentials clientCredentials = context.BindingParameters.Find <ClientCredentials>(); if (clientCredentials != null) { return(new PeerSecurityCredentialsManager(clientCredentials.Peer, mode, signing)); } ServiceCredentials serviceCredentials = context.BindingParameters.Find <ServiceCredentials>(); if (serviceCredentials != null) { return(new PeerSecurityCredentialsManager(serviceCredentials.Peer, mode, signing)); } SecurityCredentialsManager credman = context.BindingParameters.Find <SecurityCredentialsManager>(); if (credman == null) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Credentials); } return(new PeerSecurityCredentialsManager(credman.CreateSecurityTokenManager(), mode, signing)); }
public PeerClientSecurityTokenManager(PeerSecurityManager parent, SecurityTokenManager manager, PeerAuthenticationMode mode, bool messageAuth) { this.delegateManager = manager; this.mode = mode; this.messageAuth = messageAuth; this.parent = parent; }
public PeerSecurityCredentialsManager(PeerCredential credential, PeerAuthenticationMode mode, bool messageAuth) : base() { this.credential = credential; this.mode = mode; this.messageAuth = messageAuth; }
public PeerSecurityCredentialsManager(SecurityTokenManager manager, PeerAuthenticationMode mode, bool messageAuth) { this.mode = PeerAuthenticationMode.Password; this.manager = manager; this.mode = mode; this.messageAuth = messageAuth; }
public PeerSecurityCredentialsManager(SecurityTokenManager manager, PeerAuthenticationMode mode, bool messageAuth) : base() { this.manager = manager; this.mode = mode; this.messageAuth = messageAuth; }
private static void ValidateCredentialSettings(PeerAuthenticationMode authenticationMode, bool signMessages, PeerCredential credential) { if ((authenticationMode != PeerAuthenticationMode.None) || signMessages) { X509CertificateValidator validator; switch (authenticationMode) { case PeerAuthenticationMode.Password: if (string.IsNullOrEmpty(credential.MeshPassword)) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Password); } break; case PeerAuthenticationMode.MutualCertificate: if (credential.Certificate == null) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Certificate); } if (!credential.PeerAuthentication.TryGetCertificateValidator(out validator)) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.PeerAuthentication); } break; } if (signMessages && !credential.MessageSenderAuthentication.TryGetCertificateValidator(out validator)) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.MessageSenderAuthentication); } } }
public PeerSecurityCredentialsManager(PeerCredential credential, PeerAuthenticationMode mode, bool messageAuth) { this.mode = PeerAuthenticationMode.Password; this.credential = credential; this.mode = mode; this.messageAuth = messageAuth; }
public PeerClientSecurityTokenManager(PeerSecurityManager parent, PeerCredential credential, PeerAuthenticationMode mode, bool messageAuth) { this.credential = credential; this.mode = mode; this.messageAuth = messageAuth; this.parent = parent; }
static public PeerSecurityManager Create(PeerSecuritySettings security, BindingContext context, XmlDictionaryReaderQuotas readerQuotas) { PeerAuthenticationMode authMode = PeerAuthenticationMode.None; bool signing = false; Convert(security, out authMode, out signing); return(Create(authMode, signing, context, readerQuotas)); }
internal bool Equals(PeerCredential that, PeerAuthenticationMode mode, bool messageAuthentication) { if (messageAuthentication) { if (!this.SameAuthenticators(this.MessageSenderAuthentication, that.messageSenderAuthentication)) { return(false); } if (((this.Certificate != null) && (that.Certificate != null)) && !this.Certificate.Equals((X509Certificate)that.Certificate)) { return(false); } } switch (mode) { case PeerAuthenticationMode.None: return(true); case PeerAuthenticationMode.Password: if (this.MeshPassword.Equals(that.MeshPassword)) { if ((this.Certificate == null) && (that.Certificate == null)) { return(true); } if ((this.Certificate != null) && this.Certificate.Equals((X509Certificate)that.Certificate)) { break; } return(false); } return(false); case PeerAuthenticationMode.MutualCertificate: if (this.Certificate.Equals((X509Certificate)that.Certificate)) { if (!this.SameAuthenticators(this.PeerAuthentication, that.PeerAuthentication)) { return(false); } break; } return(false); } return(true); }
internal bool Equals(PeerCredential that, PeerAuthenticationMode mode, bool messageAuthentication) { if (messageAuthentication) { if (!this.SameAuthenticators(this.MessageSenderAuthentication, that.messageSenderAuthentication)) { return false; } if (((this.Certificate != null) && (that.Certificate != null)) && !this.Certificate.Equals((X509Certificate) that.Certificate)) { return false; } } switch (mode) { case PeerAuthenticationMode.None: return true; case PeerAuthenticationMode.Password: if (this.MeshPassword.Equals(that.MeshPassword)) { if ((this.Certificate == null) && (that.Certificate == null)) { return true; } if ((this.Certificate != null) && this.Certificate.Equals((X509Certificate) that.Certificate)) { break; } return false; } return false; case PeerAuthenticationMode.MutualCertificate: if (this.Certificate.Equals((X509Certificate) that.Certificate)) { if (!this.SameAuthenticators(this.PeerAuthentication, that.PeerAuthentication)) { return false; } break; } return false; } return true; }
static public PeerSecurityManager Create(PeerAuthenticationMode authenticationMode, bool signMessages, BindingContext context, XmlDictionaryReaderQuotas readerQuotas) { if (authenticationMode == PeerAuthenticationMode.None && !signMessages) { return(CreateDummy()); } // test FIPS mode if (authenticationMode == PeerAuthenticationMode.Password) { try { using (HMACSHA256 algo = new HMACSHA256()) { using (SHA256Managed sha = new SHA256Managed()) { } } } catch (InvalidOperationException e) { DiagnosticUtility.TraceHandledException(e, TraceEventType.Information); PeerExceptionHelper.ThrowInvalidOperation_InsufficientCryptoSupport(e); } } ChannelProtectionRequirements reqs = context.BindingParameters.Find <ChannelProtectionRequirements>(); PeerSecurityCredentialsManager credman = GetCredentialsManager(authenticationMode, signMessages, context); if (credman.Credential != null) { //for compatibility with existing code: ValidateCredentialSettings(authenticationMode, signMessages, credman.Credential); } PeerSecurityManager manager = Create(authenticationMode, signMessages, credman, reqs, readerQuotas); credman.Parent = manager; manager.ApplyAuditBehaviorSettings(context); return(manager); }
static void Convert(PeerSecuritySettings security, out PeerAuthenticationMode authMode, out bool signing) { authMode = PeerAuthenticationMode.None; signing = false; if (security.Mode == SecurityMode.Transport || security.Mode == SecurityMode.TransportWithMessageCredential) { switch (security.Transport.CredentialType) { case PeerTransportCredentialType.Password: authMode = PeerAuthenticationMode.Password; break; case PeerTransportCredentialType.Certificate: authMode = PeerAuthenticationMode.MutualCertificate; break; } } if (security.Mode == SecurityMode.Message || security.Mode == SecurityMode.TransportWithMessageCredential) { signing = true; } }
PeerSecurityManager(PeerAuthenticationMode authMode, bool signing) { this.authenticationMode = authMode; this.enableSigning = signing; thisLock = new object(); }
static public PeerSecurityManager Create(PeerAuthenticationMode authenticationMode, bool messageAuthentication, PeerSecurityCredentialsManager credman, ChannelProtectionRequirements reqs, XmlDictionaryReaderQuotas readerQuotas) { PeerSecurityManager manager = null; X509CertificateValidator connectionValidator = null; X509CertificateValidator messageValidator = null; PeerCredential credential = credman.Credential; if (null == credential && credman == null) { if (authenticationMode != PeerAuthenticationMode.None || messageAuthentication) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Credentials); } //create one that doesnt have any credentials in it. return(CreateDummy()); } manager = new PeerSecurityManager(authenticationMode, messageAuthentication); manager.credManager = credman; manager.password = credman.Password; manager.readerQuotas = readerQuotas; if (reqs != null) { manager.protection = new ChannelProtectionRequirements(reqs); } manager.tokenManager = credman.CreateSecurityTokenManager(); if (credential == null) { return(manager); } switch (authenticationMode) { case PeerAuthenticationMode.None: break; case PeerAuthenticationMode.Password: { manager.password = credential.MeshPassword; if (String.IsNullOrEmpty(manager.credManager.Password)) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Password); } connectionValidator = X509CertificateValidator.None; } break; case PeerAuthenticationMode.MutualCertificate: { if (manager.credManager.Certificate == null) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Certificate); } if (!credential.PeerAuthentication.TryGetCertificateValidator(out connectionValidator)) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.PeerAuthentication); } } break; } if (messageAuthentication) { if (credential.MessageSenderAuthentication != null) { if (!credential.MessageSenderAuthentication.TryGetCertificateValidator(out messageValidator)) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.MessageSenderAuthentication); } } else { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.MessageSenderAuthentication); } } return(manager); }
public PeerSecurityCredentialsManager() { this.mode = PeerAuthenticationMode.Password; }
public static PeerSecurityManager Create(PeerAuthenticationMode authenticationMode, bool messageAuthentication, PeerSecurityCredentialsManager credman, ChannelProtectionRequirements reqs, XmlDictionaryReaderQuotas readerQuotas) { PeerSecurityManager manager = null; X509CertificateValidator none = null; X509CertificateValidator validator2 = null; PeerCredential credential = credman.Credential; if ((credential == null) && (credman == null)) { if ((authenticationMode != PeerAuthenticationMode.None) || messageAuthentication) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Credentials); } return(CreateDummy()); } manager = new PeerSecurityManager(authenticationMode, messageAuthentication) { credManager = credman, password = credman.Password, readerQuotas = readerQuotas }; if (reqs != null) { manager.protection = new ChannelProtectionRequirements(reqs); } manager.tokenManager = credman.CreateSecurityTokenManager(); if (credential != null) { switch (authenticationMode) { case PeerAuthenticationMode.Password: manager.password = credential.MeshPassword; if (string.IsNullOrEmpty(manager.credManager.Password)) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Password); } none = X509CertificateValidator.None; break; case PeerAuthenticationMode.MutualCertificate: if (manager.credManager.Certificate == null) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Certificate); } if (!credential.PeerAuthentication.TryGetCertificateValidator(out none)) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.PeerAuthentication); } break; } if (messageAuthentication) { if (credential.MessageSenderAuthentication != null) { if (!credential.MessageSenderAuthentication.TryGetCertificateValidator(out validator2)) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.MessageSenderAuthentication); } return(manager); } PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.MessageSenderAuthentication); } } return(manager); }