protected override IChannelListener <TChannel> BuildChannelListenerCore <TChannel>(BindingContext context) { bool requireDemuxer = RequiresChannelDemuxer(); ChannelBuilder channelBuilder = new ChannelBuilder(context, requireDemuxer); if (requireDemuxer) { ApplyPropertiesOnDemuxer(channelBuilder, context); } BindingContext issuerBindingContext = context.Clone(); SecurityChannelListener <TChannel> channelListener = new SecurityChannelListener <TChannel>(this, context); SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>(); if (credentialsManager == null) { credentialsManager = ServiceCredentials.CreateDefaultCredentials(); } SecurityProtocolFactory protocolFactory = this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, true, issuerBindingContext); channelListener.SecurityProtocolFactory = protocolFactory; channelListener.InitializeListener(channelBuilder); return(channelListener); }
internal void ConfigureProtocolFactory(SecurityProtocolFactory factory, SecurityCredentialsManager credentialsManager, bool isForService, BindingContext issuerBindingContext, Binding binding) { if (factory == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException(nameof(factory))); } if (credentialsManager == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException(nameof(credentialsManager))); } factory.AddTimestamp = IncludeTimestamp; factory.IncomingAlgorithmSuite = DefaultAlgorithmSuite; factory.OutgoingAlgorithmSuite = DefaultAlgorithmSuite; factory.SecurityHeaderLayout = SecurityHeaderLayout; factory.TimestampValidityDuration = LocalServiceSettings.TimestampValidityDuration; factory.DetectReplays = LocalServiceSettings.DetectReplays; factory.MaxCachedNonces = LocalServiceSettings.ReplayCacheSize; factory.MaxClockSkew = LocalServiceSettings.MaxClockSkew; factory.ReplayWindow = LocalServiceSettings.ReplayWindow; if (LocalServiceSettings.DetectReplays) { factory.NonceCache = LocalServiceSettings.NonceCache; } factory.SecurityBindingElement = (SecurityBindingElement)Clone(); factory.SecurityBindingElement.SetIssuerBindingContextIfRequired(issuerBindingContext); factory.SecurityTokenManager = credentialsManager.CreateSecurityTokenManager(); SecurityTokenSerializer tokenSerializer = factory.SecurityTokenManager.CreateSecurityTokenSerializer(_messageSecurityVersion.SecurityTokenVersion); factory.StandardsManager = new SecurityStandardsManager(_messageSecurityVersion, tokenSerializer); }
protected SecurityProtocol(SecurityProtocolFactory factory, EndpointAddress target, Uri via) { this.factory = factory; this.target = target; this.via = via; this.communicationObject = new WrapperSecurityCommunicationObject(this); }
protected ClientSecurityChannel(ChannelManagerBase factory, SecurityProtocolFactory securityProtocolFactory, UChannel innerChannel, EndpointAddress to, Uri via) : base(factory, innerChannel) { this.to = to; this.via = via; this.securityProtocolFactory = securityProtocolFactory; this.channelParameters = new ChannelParameterCollection((IChannel)this); }
public SecurityListenerSettingsLifetimeManager(SecurityProtocolFactory securityProtocolFactory, SecuritySessionServerSettings sessionSettings, bool sessionMode, IChannelListener innerListener) { this.securityProtocolFactory = securityProtocolFactory; this.sessionSettings = sessionSettings; this.sessionMode = sessionMode; this.innerListener = innerListener; this.referenceCount = 1; }
void CloseProtocolFactory(bool aborted, TimeSpan timeout) { if (this.securityProtocolFactory != null && !this.SessionMode) { this.securityProtocolFactory.Close(aborted, timeout); this.securityProtocolFactory = null; } }
public SecurityListenerSettingsLifetimeManager(SecurityProtocolFactory securityProtocolFactory, SecuritySessionServerSettings sessionSettings, bool sessionMode, IChannelListener innerListener) { this.securityProtocolFactory = securityProtocolFactory; this.sessionSettings = sessionSettings; this.sessionMode = sessionMode; this.innerListener = innerListener; // have a reference right from the start so that the state can be aborted before open referenceCount = 1; }
protected ClientSecurityChannel(ChannelManagerBase factory, SecurityProtocolFactory securityProtocolFactory, UChannel innerChannel, EndpointAddress to, Uri via) : base(factory, innerChannel) { RemoteAddress = to; Via = via; SecurityProtocolFactory = securityProtocolFactory; _channelParameters = new ChannelParameterCollection(this); }
private void CloseProtocolFactory(bool aborted, TimeSpan timeout) { if (this.securityProtocolFactory == null || this.SessionMode) { return; } this.securityProtocolFactory.Close(aborted, timeout); this.securityProtocolFactory = (SecurityProtocolFactory)null; }
private Task OnOpenCoreAsync(TimeSpan timeout) { TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); if (SessionMode) { return(SessionClientSettings.OpenAsync(this, InnerChannelFactory, ChannelBuilder, timeoutHelper.RemainingTime())); } else { ThrowIfProtocolFactoryNotSet(); return(SecurityProtocolFactory.OpenAsync(true, timeoutHelper.RemainingTime())); } }
public SecurityProtocol CreateSecurityProtocol <TChannel>(EndpointAddress target, TimeSpan timespan) { TimeoutHelper timeoutHelper = new TimeoutHelper(timespan); SecurityProtocolFactory factory = GetProtocolFactory <TChannel>(); Fx.Assert(factory != null, "SecurityProtocolFactory is NULL!"); SecurityProtocol instance = factory.CreateSecurityProtocol(target, null, /*listenerSecurityState*/ null, /*isReturnLegSecurityRequired*/ false, timeoutHelper.RemainingTime()); if (instance != null) { instance.Open(timeoutHelper.RemainingTime()); } return(instance); }
protected internal override async Task OnOpenAsync(TimeSpan timeout) { TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); EnableChannelBindingSupport(); SecurityProtocol securityProtocol = SecurityProtocolFactory.CreateSecurityProtocol( RemoteAddress, Via, null, typeof(TChannel) == typeof(IRequestChannel), timeoutHelper.RemainingTime()); OnProtocolCreationComplete(securityProtocol); await SecurityProtocol.OpenAsync(timeoutHelper.RemainingTime()); await base.OnOpenAsync(timeoutHelper.RemainingTime()); }
//Reference OnAcceptChannel/SecurityChannelListner private async Task <IServiceChannelDispatcher> GetInnerChannelDispatcherAsync(IChannel outerChannel) { IServiceChannelDispatcher securityChannelDispatcher = null; SecurityProtocol securityProtocol = SecurityProtocolFactory.CreateSecurityProtocol(null, null, (outerChannel is IReplyChannel || outerChannel is IReplySessionChannel), TimeSpan.Zero); await securityProtocol.OpenAsync(TimeSpan.Zero); /* TODO once we add more features * if (outerChannel is IInputChannel) * { * securityChannel = new SecurityInputChannel(listener, (IInputChannel)innerChannel, securityProtocol, listener.settingsLifetimeManager); * } * else if (outerChannel is IInputSessionChannel)) * { * securityChannel = new SecurityInputSessionChannel(listener, (IInputSessionChannel)innerChannel, securityProtocol, listener.settingsLifetimeManager); * } * else if (outerChannel is IDuplexChannel)) * { * securityChannel = new SecurityDuplexChannel(listener, (IDuplexChannel)innerChannel, securityProtocol, listener.settingsLifetimeManager); * } * else if (outerChannel is IDuplexSessionChannel)) * { * securityChannel = new SecurityDuplexSessionChannel(listener, (IDuplexSessionChannel)innerChannel, securityProtocol, listener.settingsLifetimeManager); * } * else*/ if (outerChannel is IReplyChannel replyChannel) { securityChannelDispatcher = new SecurityReplyChannelDispatcher(this, replyChannel, securityProtocol, _settingsLifetimeManager); } /* else if (listener.SupportsRequestReply && typeof(TChannel) == typeof(IReplySessionChannel)) * { * securityChannel = new SecurityReplySessionChannel(listener, (IReplySessionChannel)innerChannel, securityProtocol, listener.settingsLifetimeManager); * } * else * { * throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.UnsupportedChannelInterfaceType, typeof(TChannel)))); * }*/ return(securityChannelDispatcher); }
protected override IChannelListener <TChannel> BuildChannelListenerCore <TChannel>(BindingContext context) where TChannel : class, IChannel { bool addChannelDemuxerIfRequired = this.RequiresChannelDemuxer(); ChannelBuilder builder = new ChannelBuilder(context, addChannelDemuxerIfRequired); if (addChannelDemuxerIfRequired) { base.ApplyPropertiesOnDemuxer(builder, context); } BindingContext issuanceBindingContext = context.Clone(); SecurityChannelListener <TChannel> listener = new SecurityChannelListener <TChannel>(this, context); SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>(); if (credentialsManager == null) { credentialsManager = ServiceCredentials.CreateDefaultCredentials(); } SecurityProtocolFactory factory = this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, true, issuanceBindingContext); listener.SecurityProtocolFactory = factory; listener.InitializeListener(builder); return(listener); }
protected override IChannelFactory <TChannel> BuildChannelFactoryCore <TChannel>(BindingContext context) { ISecurityCapabilities securityCapabilities = this.GetProperty <ISecurityCapabilities>(context); bool requireDemuxer = RequiresChannelDemuxer(); ChannelBuilder channelBuilder = new ChannelBuilder(context, requireDemuxer); if (requireDemuxer) { ApplyPropertiesOnDemuxer(channelBuilder, context); } BindingContext issuerBindingContext = context.Clone(); SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>(); if (credentialsManager == null) { credentialsManager = ClientCredentials.CreateDefaultCredentials(); } SecurityProtocolFactory protocolFactory = this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, false, issuerBindingContext); return(new SecurityChannelFactory <TChannel>(securityCapabilities, context, channelBuilder, protocolFactory)); }
private void Open(SecurityProtocolFactory factory, bool actAsInitiator, string propertyName, TimeSpan timeout) { if (factory != null) { factory.Open(actAsInitiator, timeout); } else if (this.RequireSecurityOnBothDuplexDirections) { base.OnPropertySettingsError(propertyName, true); } }
public DuplexSecurityProtocolFactory(SecurityProtocolFactory forwardProtocolFactory, SecurityProtocolFactory reverseProtocolFactory) : this() { this.forwardProtocolFactory = forwardProtocolFactory; this.reverseProtocolFactory = reverseProtocolFactory; }
/*internal override bool RequiresChannelDemuxer() * { * if (!base.RequiresChannelDemuxer()) * return this.RequiresChannelDemuxer(this.ProtectionTokenParameters); * return true; * }*/ protected override IChannelFactory <TChannel> BuildChannelFactoryCore <TChannel>(BindingContext context) { ISecurityCapabilities property = this.GetProperty <ISecurityCapabilities>(context); SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>() ?? (SecurityCredentialsManager)ClientCredentials.CreateDefaultCredentials(); bool addChannelDemuxerIfRequired = this.RequiresChannelDemuxer(); ChannelBuilder channelBuilder = new ChannelBuilder(context, addChannelDemuxerIfRequired); if (addChannelDemuxerIfRequired) { #if FEATURE_CORECLR throw new NotImplementedException("ApplyPropertiesOnDemuxer is not supported in .NET Core"); #else this.ApplyPropertiesOnDemuxer(channelBuilder, context); #endif } BindingContext bindingContext1 = context.Clone(); SecurityChannelFactory <TChannel> securityChannelFactory; if (this.ProtectionTokenParameters is SecureConversationSecurityTokenParameters) { SecureConversationSecurityTokenParameters protectionTokenParameters = (SecureConversationSecurityTokenParameters)this.ProtectionTokenParameters; if (protectionTokenParameters.BootstrapSecurityBindingElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError((Exception) new InvalidOperationException(SR.GetString("SecureConversationSecurityTokenParametersRequireBootstrapBinding"))); } BindingContext bindingContext2 = bindingContext1.Clone(); bindingContext2.BindingParameters.Remove <ChannelProtectionRequirements>(); // BootstrapProtectionRequirements not supported // bindingContext2.BindingParameters.Add((object) protectionTokenParameters.BootstrapProtectionRequirements); if (protectionTokenParameters.RequireCancellation) { SessionSymmetricMessageSecurityProtocolFactory securityProtocolFactory = new SessionSymmetricMessageSecurityProtocolFactory(); securityProtocolFactory.SecurityTokenParameters = protectionTokenParameters.Clone(); ((SecureConversationSecurityTokenParameters)securityProtocolFactory.SecurityTokenParameters).IssuerBindingContext = bindingContext2; securityProtocolFactory.ApplyConfidentiality = true; securityProtocolFactory.RequireConfidentiality = true; securityProtocolFactory.ApplyIntegrity = true; securityProtocolFactory.RequireIntegrity = true; securityProtocolFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier; securityProtocolFactory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation; securityProtocolFactory.MessageProtectionOrder = this.MessageProtectionOrder; securityProtocolFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier; securityProtocolFactory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements((SecurityBindingElement)this, context.BindingParameters, context.Binding.Elements, false)); this.ConfigureProtocolFactory((SecurityProtocolFactory)securityProtocolFactory, credentialsManager, false, bindingContext1, (Binding)context.Binding); SecuritySessionClientSettings <TChannel> sessionClientSettings = new SecuritySessionClientSettings <TChannel>(); sessionClientSettings.ChannelBuilder = channelBuilder; sessionClientSettings.KeyRenewalInterval = this.LocalClientSettings.SessionKeyRenewalInterval; sessionClientSettings.CanRenewSession = protectionTokenParameters.CanRenewSession; sessionClientSettings.KeyRolloverInterval = this.LocalClientSettings.SessionKeyRolloverInterval; sessionClientSettings.TolerateTransportFailures = this.LocalClientSettings.ReconnectTransportOnFailure; sessionClientSettings.IssuedSecurityTokenParameters = protectionTokenParameters.Clone(); ((SecureConversationSecurityTokenParameters)sessionClientSettings.IssuedSecurityTokenParameters).IssuerBindingContext = bindingContext1; sessionClientSettings.SecurityStandardsManager = securityProtocolFactory.StandardsManager; Console.WriteLine("Assigned sessionClientSettings.SessionProtocolFactory"); sessionClientSettings.SessionProtocolFactory = (SecurityProtocolFactory)securityProtocolFactory; securityChannelFactory = new SecurityChannelFactory <TChannel>(property, context, sessionClientSettings); } else { #if FEATURE_CORECLR throw new NotImplementedException("SymmetricSecurityProtocolFactory not supported in .NET Core"); #else SymmetricSecurityProtocolFactory securityProtocolFactory = new SymmetricSecurityProtocolFactory(); securityProtocolFactory.SecurityTokenParameters = protectionTokenParameters.Clone(); ((SecureConversationSecurityTokenParameters)securityProtocolFactory.SecurityTokenParameters).IssuerBindingContext = bindingContext2; securityProtocolFactory.ApplyConfidentiality = true; securityProtocolFactory.RequireConfidentiality = true; securityProtocolFactory.ApplyIntegrity = true; securityProtocolFactory.RequireIntegrity = true; securityProtocolFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier; securityProtocolFactory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation; securityProtocolFactory.MessageProtectionOrder = this.MessageProtectionOrder; securityProtocolFactory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements((SecurityBindingElement)this, context.BindingParameters, context.Binding.Elements, false)); this.ConfigureProtocolFactory((SecurityProtocolFactory)securityProtocolFactory, credentialsManager, false, bindingContext1, (Binding)context.Binding); securityChannelFactory = new SecurityChannelFactory <TChannel>(property, context, channelBuilder, (SecurityProtocolFactory)securityProtocolFactory); #endif } } else { SecurityProtocolFactory securityProtocolFactory = this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, false, bindingContext1); securityChannelFactory = new SecurityChannelFactory <TChannel>(property, context, channelBuilder, securityProtocolFactory); } return((IChannelFactory <TChannel>)securityChannelFactory); }
public SecurityRequestSessionChannel(ChannelManagerBase factory, SecurityProtocolFactory securityProtocolFactory, IRequestSessionChannel innerChannel, EndpointAddress to, Uri via) : base(factory, securityProtocolFactory, innerChannel, to, via) { }
public SecurityDuplexSessionChannel(ChannelManagerBase factory, SecurityProtocolFactory securityProtocolFactory, IDuplexSessionChannel innerChannel, EndpointAddress to, Uri via) : base(factory, securityProtocolFactory, (IDuplexChannel)innerChannel, to, via) { }
protected IList<SupportingTokenAuthenticatorSpecification> GetSupportingTokenAuthenticatorsAndSetExpectationFlags(SecurityProtocolFactory factory, Message message, ReceiveSecurityHeader securityHeader) { if (factory.ActAsInitiator) { return null; } if (message == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("message"); } bool expectBasicTokens; bool expectSignedTokens; bool expectEndorsingTokens; IList<SupportingTokenAuthenticatorSpecification> authenticators = factory.GetSupportingTokenAuthenticators(message.Headers.Action, out expectSignedTokens, out expectBasicTokens, out expectEndorsingTokens); securityHeader.ExpectBasicTokens = expectBasicTokens; securityHeader.ExpectEndorsingTokens = expectEndorsingTokens; securityHeader.ExpectSignedTokens = expectSignedTokens; return authenticators; }
SendSecurityHeader CreateSendSecurityHeader(Message message, string actor, SecurityProtocolFactory factory, bool requireMessageProtection) { MessageDirection transferDirection = factory.ActAsInitiator ? MessageDirection.Input : MessageDirection.Output; SendSecurityHeader sendSecurityHeader = factory.StandardsManager.CreateSendSecurityHeader( message, actor, true, false, factory.OutgoingAlgorithmSuite, transferDirection); sendSecurityHeader.Layout = factory.SecurityHeaderLayout; sendSecurityHeader.RequireMessageProtection = requireMessageProtection; SetSecurityHeaderId(sendSecurityHeader, message); if (factory.AddTimestamp) { sendSecurityHeader.AddTimestamp(factory.TimestampValidityDuration); } sendSecurityHeader.StreamBufferManager = factory.StreamBufferManager; return sendSecurityHeader; }
// used by internal test code internal SecurityChannelFactory(Binding binding, SecurityProtocolFactory protocolFactory, IChannelFactory innerChannelFactory) : base(binding, innerChannelFactory) { this.securityProtocolFactory = protocolFactory; }
protected SendSecurityHeader CreateSendSecurityHeaderForTransportProtocol(Message message, string actor, SecurityProtocolFactory factory) { return CreateSendSecurityHeader(message, actor, factory, false); }
protected SendSecurityHeader CreateSendSecurityHeader(Message message, string actor, SecurityProtocolFactory factory) { return CreateSendSecurityHeader(message, actor, factory, true); }
protected override IChannelListener <TChannel> BuildChannelListenerCore <TChannel>(BindingContext context) where TChannel : class, IChannel { SecurityChannelListener <TChannel> listener = new SecurityChannelListener <TChannel>(this, context); SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>(); if (credentialsManager == null) { credentialsManager = ServiceCredentials.CreateDefaultCredentials(); } bool addChannelDemuxerIfRequired = this.RequiresChannelDemuxer(); ChannelBuilder builder = new ChannelBuilder(context, addChannelDemuxerIfRequired); if (addChannelDemuxerIfRequired) { base.ApplyPropertiesOnDemuxer(builder, context); } BindingContext issuerBindingContext = context.Clone(); if (this.ProtectionTokenParameters is SecureConversationSecurityTokenParameters) { SecureConversationSecurityTokenParameters protectionTokenParameters = (SecureConversationSecurityTokenParameters)this.ProtectionTokenParameters; if (protectionTokenParameters.BootstrapSecurityBindingElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("SecureConversationSecurityTokenParametersRequireBootstrapBinding"))); } BindingContext secureConversationBindingContext = issuerBindingContext.Clone(); secureConversationBindingContext.BindingParameters.Remove <ChannelProtectionRequirements>(); secureConversationBindingContext.BindingParameters.Add(protectionTokenParameters.BootstrapProtectionRequirements); IMessageFilterTable <EndpointAddress> table = context.BindingParameters.Find <IMessageFilterTable <EndpointAddress> >(); base.AddDemuxerForSecureConversation(builder, secureConversationBindingContext); if (protectionTokenParameters.RequireCancellation) { SessionSymmetricMessageSecurityProtocolFactory factory = new SessionSymmetricMessageSecurityProtocolFactory(); base.ApplyAuditBehaviorSettings(context, factory); factory.SecurityTokenParameters = protectionTokenParameters.Clone(); ((SecureConversationSecurityTokenParameters)factory.SecurityTokenParameters).IssuerBindingContext = secureConversationBindingContext; factory.ApplyConfidentiality = true; factory.RequireConfidentiality = true; factory.ApplyIntegrity = true; factory.RequireIntegrity = true; factory.IdentityVerifier = base.LocalClientSettings.IdentityVerifier; factory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation; factory.MessageProtectionOrder = this.MessageProtectionOrder; factory.IdentityVerifier = base.LocalClientSettings.IdentityVerifier; factory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, true)); base.ConfigureProtocolFactory(factory, credentialsManager, true, issuerBindingContext, context.Binding); listener.SessionMode = true; listener.SessionServerSettings.InactivityTimeout = base.LocalServiceSettings.InactivityTimeout; listener.SessionServerSettings.KeyRolloverInterval = base.LocalServiceSettings.SessionKeyRolloverInterval; listener.SessionServerSettings.MaximumPendingSessions = base.LocalServiceSettings.MaxPendingSessions; listener.SessionServerSettings.MaximumKeyRenewalInterval = base.LocalServiceSettings.SessionKeyRenewalInterval; listener.SessionServerSettings.TolerateTransportFailures = base.LocalServiceSettings.ReconnectTransportOnFailure; listener.SessionServerSettings.CanRenewSession = protectionTokenParameters.CanRenewSession; listener.SessionServerSettings.IssuedSecurityTokenParameters = protectionTokenParameters.Clone(); ((SecureConversationSecurityTokenParameters)listener.SessionServerSettings.IssuedSecurityTokenParameters).IssuerBindingContext = secureConversationBindingContext; listener.SessionServerSettings.SecurityStandardsManager = factory.StandardsManager; listener.SessionServerSettings.SessionProtocolFactory = factory; listener.SessionServerSettings.SessionProtocolFactory.EndpointFilterTable = table; if (((context.BindingParameters != null) && (context.BindingParameters.Find <IChannelDemuxFailureHandler>() == null)) && !base.IsUnderlyingListenerDuplex <TChannel>(context)) { context.BindingParameters.Add(new SecuritySessionServerSettings.SecuritySessionDemuxFailureHandler(factory.StandardsManager)); } } else { SymmetricSecurityProtocolFactory factory2 = new SymmetricSecurityProtocolFactory(); base.ApplyAuditBehaviorSettings(context, factory2); factory2.SecurityTokenParameters = protectionTokenParameters.Clone(); ((SecureConversationSecurityTokenParameters)factory2.SecurityTokenParameters).IssuerBindingContext = secureConversationBindingContext; factory2.ApplyConfidentiality = true; factory2.RequireConfidentiality = true; factory2.ApplyIntegrity = true; factory2.RequireIntegrity = true; factory2.IdentityVerifier = base.LocalClientSettings.IdentityVerifier; factory2.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation; factory2.MessageProtectionOrder = this.MessageProtectionOrder; factory2.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, true)); factory2.EndpointFilterTable = table; base.ConfigureProtocolFactory(factory2, credentialsManager, true, issuerBindingContext, context.Binding); listener.SecurityProtocolFactory = factory2; } } else { SecurityProtocolFactory factory3 = this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, true, issuerBindingContext); listener.SecurityProtocolFactory = factory3; } listener.InitializeListener(builder); return(listener); }
public SecurityChannelFactory(ISecurityCapabilities securityCapabilities, BindingContext context, ChannelBuilder channelBuilder, SecurityProtocolFactory protocolFactory) : this(securityCapabilities, context, channelBuilder, protocolFactory, channelBuilder.BuildChannelFactory <TChannel>()) { }
protected override IChannelListener <TChannel> BuildChannelListenerCore <TChannel>(BindingContext context) { SecurityChannelListener <TChannel> channelListener = new SecurityChannelListener <TChannel>(this, context); SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>(); if (credentialsManager == null) { credentialsManager = ServiceCredentials.CreateDefaultCredentials(); } // This adds the demuxer element to the context. We add a demuxer element only if the binding is configured to do // secure conversation or negotiation bool requireDemuxer = RequiresChannelDemuxer(); ChannelBuilder channelBuilder = new ChannelBuilder(context, requireDemuxer); if (requireDemuxer) { ApplyPropertiesOnDemuxer(channelBuilder, context); } BindingContext issuerBindingContext = context.Clone(); if (this.ProtectionTokenParameters is SecureConversationSecurityTokenParameters) { SecureConversationSecurityTokenParameters scParameters = (SecureConversationSecurityTokenParameters)this.ProtectionTokenParameters; if (scParameters.BootstrapSecurityBindingElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SecureConversationSecurityTokenParametersRequireBootstrapBinding))); } BindingContext scIssuerBindingContext = issuerBindingContext.Clone(); scIssuerBindingContext.BindingParameters.Remove <ChannelProtectionRequirements>(); scIssuerBindingContext.BindingParameters.Add(scParameters.BootstrapProtectionRequirements); IMessageFilterTable <EndpointAddress> endpointFilterTable = context.BindingParameters.Find <IMessageFilterTable <EndpointAddress> >(); AddDemuxerForSecureConversation(channelBuilder, scIssuerBindingContext); if (scParameters.RequireCancellation) { SessionSymmetricMessageSecurityProtocolFactory sessionFactory = new SessionSymmetricMessageSecurityProtocolFactory(); base.ApplyAuditBehaviorSettings(context, sessionFactory); sessionFactory.SecurityTokenParameters = scParameters.Clone(); ((SecureConversationSecurityTokenParameters)sessionFactory.SecurityTokenParameters).IssuerBindingContext = scIssuerBindingContext; sessionFactory.ApplyConfidentiality = true; sessionFactory.RequireConfidentiality = true; sessionFactory.ApplyIntegrity = true; sessionFactory.RequireIntegrity = true; sessionFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier; sessionFactory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation; sessionFactory.MessageProtectionOrder = this.MessageProtectionOrder; sessionFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier; sessionFactory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, true)); base.ConfigureProtocolFactory(sessionFactory, credentialsManager, true, issuerBindingContext, context.Binding); channelListener.SessionMode = true; channelListener.SessionServerSettings.InactivityTimeout = this.LocalServiceSettings.InactivityTimeout; channelListener.SessionServerSettings.KeyRolloverInterval = this.LocalServiceSettings.SessionKeyRolloverInterval; channelListener.SessionServerSettings.MaximumPendingSessions = this.LocalServiceSettings.MaxPendingSessions; channelListener.SessionServerSettings.MaximumKeyRenewalInterval = this.LocalServiceSettings.SessionKeyRenewalInterval; channelListener.SessionServerSettings.TolerateTransportFailures = this.LocalServiceSettings.ReconnectTransportOnFailure; channelListener.SessionServerSettings.CanRenewSession = scParameters.CanRenewSession; channelListener.SessionServerSettings.IssuedSecurityTokenParameters = scParameters.Clone(); ((SecureConversationSecurityTokenParameters)channelListener.SessionServerSettings.IssuedSecurityTokenParameters).IssuerBindingContext = scIssuerBindingContext; channelListener.SessionServerSettings.SecurityStandardsManager = sessionFactory.StandardsManager; channelListener.SessionServerSettings.SessionProtocolFactory = sessionFactory; channelListener.SessionServerSettings.SessionProtocolFactory.EndpointFilterTable = endpointFilterTable; // pass in the error handler for handling unknown security sessions - dont do this if the underlying channel is duplex since sending // back faults in response to badly secured requests over duplex can result in DoS. if (context.BindingParameters != null && context.BindingParameters.Find <IChannelDemuxFailureHandler>() == null && !IsUnderlyingListenerDuplex <TChannel>(context)) { context.BindingParameters.Add(new SecuritySessionServerSettings.SecuritySessionDemuxFailureHandler(sessionFactory.StandardsManager)); } } else { SymmetricSecurityProtocolFactory protocolFactory = new SymmetricSecurityProtocolFactory(); base.ApplyAuditBehaviorSettings(context, protocolFactory); protocolFactory.SecurityTokenParameters = scParameters.Clone(); ((SecureConversationSecurityTokenParameters)protocolFactory.SecurityTokenParameters).IssuerBindingContext = scIssuerBindingContext; protocolFactory.ApplyConfidentiality = true; protocolFactory.RequireConfidentiality = true; protocolFactory.ApplyIntegrity = true; protocolFactory.RequireIntegrity = true; protocolFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier; protocolFactory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation; protocolFactory.MessageProtectionOrder = this.MessageProtectionOrder; protocolFactory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, true)); protocolFactory.EndpointFilterTable = endpointFilterTable; base.ConfigureProtocolFactory(protocolFactory, credentialsManager, true, issuerBindingContext, context.Binding); channelListener.SecurityProtocolFactory = protocolFactory; } } else { SecurityProtocolFactory protocolFactory = this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, true, issuerBindingContext); channelListener.SecurityProtocolFactory = protocolFactory; } channelListener.InitializeListener(channelBuilder); return(channelListener); }
protected override IChannelFactory <TChannel> BuildChannelFactoryCore <TChannel>(BindingContext context) { ISecurityCapabilities securityCapabilities = this.GetProperty <ISecurityCapabilities>(context); SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>(); if (credentialsManager == null) { credentialsManager = ClientCredentials.CreateDefaultCredentials(); } // This adds the demuxer element to the context. We add a demuxer element only if the binding is configured to do // secure conversation or negotiation bool requireDemuxer = RequiresChannelDemuxer(); ChannelBuilder channelBuilder = new ChannelBuilder(context, requireDemuxer); if (requireDemuxer) { ApplyPropertiesOnDemuxer(channelBuilder, context); } BindingContext issuerBindingContext = context.Clone(); SecurityChannelFactory <TChannel> channelFactory; if (this.ProtectionTokenParameters is SecureConversationSecurityTokenParameters) { SecureConversationSecurityTokenParameters scParameters = (SecureConversationSecurityTokenParameters)this.ProtectionTokenParameters; if (scParameters.BootstrapSecurityBindingElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SecureConversationSecurityTokenParametersRequireBootstrapBinding))); } BindingContext scIssuerBindingContext = issuerBindingContext.Clone(); scIssuerBindingContext.BindingParameters.Remove <ChannelProtectionRequirements>(); scIssuerBindingContext.BindingParameters.Add(scParameters.BootstrapProtectionRequirements); if (scParameters.RequireCancellation) { SessionSymmetricMessageSecurityProtocolFactory sessionFactory = new SessionSymmetricMessageSecurityProtocolFactory(); sessionFactory.SecurityTokenParameters = scParameters.Clone(); ((SecureConversationSecurityTokenParameters)sessionFactory.SecurityTokenParameters).IssuerBindingContext = scIssuerBindingContext; sessionFactory.ApplyConfidentiality = true; sessionFactory.RequireConfidentiality = true; sessionFactory.ApplyIntegrity = true; sessionFactory.RequireIntegrity = true; sessionFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier; sessionFactory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation; sessionFactory.MessageProtectionOrder = this.MessageProtectionOrder; sessionFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier; sessionFactory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, false)); base.ConfigureProtocolFactory(sessionFactory, credentialsManager, false, issuerBindingContext, context.Binding); SecuritySessionClientSettings <TChannel> sessionClientSettings = new SecuritySessionClientSettings <TChannel>(); sessionClientSettings.ChannelBuilder = channelBuilder; sessionClientSettings.KeyRenewalInterval = this.LocalClientSettings.SessionKeyRenewalInterval; sessionClientSettings.CanRenewSession = scParameters.CanRenewSession; sessionClientSettings.KeyRolloverInterval = this.LocalClientSettings.SessionKeyRolloverInterval; sessionClientSettings.TolerateTransportFailures = this.LocalClientSettings.ReconnectTransportOnFailure; sessionClientSettings.IssuedSecurityTokenParameters = scParameters.Clone(); ((SecureConversationSecurityTokenParameters)sessionClientSettings.IssuedSecurityTokenParameters).IssuerBindingContext = issuerBindingContext; sessionClientSettings.SecurityStandardsManager = sessionFactory.StandardsManager; sessionClientSettings.SessionProtocolFactory = sessionFactory; channelFactory = new SecurityChannelFactory <TChannel>(securityCapabilities, context, sessionClientSettings); } else { SymmetricSecurityProtocolFactory protocolFactory = new SymmetricSecurityProtocolFactory(); protocolFactory.SecurityTokenParameters = scParameters.Clone(); ((SecureConversationSecurityTokenParameters)protocolFactory.SecurityTokenParameters).IssuerBindingContext = scIssuerBindingContext; protocolFactory.ApplyConfidentiality = true; protocolFactory.RequireConfidentiality = true; protocolFactory.ApplyIntegrity = true; protocolFactory.RequireIntegrity = true; protocolFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier; protocolFactory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation; protocolFactory.MessageProtectionOrder = this.MessageProtectionOrder; protocolFactory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, false)); base.ConfigureProtocolFactory(protocolFactory, credentialsManager, false, issuerBindingContext, context.Binding); channelFactory = new SecurityChannelFactory <TChannel>(securityCapabilities, context, channelBuilder, protocolFactory); } } else { SecurityProtocolFactory protocolFactory = this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, false, issuerBindingContext); channelFactory = new SecurityChannelFactory <TChannel>(securityCapabilities, context, channelBuilder, protocolFactory); } return(channelFactory); }
private void SetPrivacyNoticeUriIfRequired(SecurityProtocolFactory factory, Binding binding) { // Only used for WS-Fed and configures a PrivacyNoticeBindingElement if present. // Not currently supported on .NET Core }
public SecurityChannelFactory(ISecurityCapabilities securityCapabilities, BindingContext context, ChannelBuilder channelBuilder, SecurityProtocolFactory protocolFactory, IChannelFactory innerChannelFactory) : this(securityCapabilities, context, channelBuilder, innerChannelFactory) { SecurityProtocolFactory = protocolFactory; }
protected override IChannelListener <TChannel> BuildChannelListenerCore <TChannel>(BindingContext context) where TChannel : class, IChannel { SecureConversationSecurityTokenParameters parameters; SecurityChannelListener <TChannel> listener = new SecurityChannelListener <TChannel>(this, context); SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>(); if (credentialsManager == null) { credentialsManager = ServiceCredentials.CreateDefaultCredentials(); } if (base.EndpointSupportingTokenParameters.Endorsing.Count > 0) { parameters = base.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters; } else { parameters = null; } bool addChannelDemuxerIfRequired = this.RequiresChannelDemuxer(); ChannelBuilder builder = new ChannelBuilder(context, addChannelDemuxerIfRequired); if (addChannelDemuxerIfRequired) { base.ApplyPropertiesOnDemuxer(builder, context); } BindingContext secureConversationBindingContext = context.Clone(); if (parameters != null) { if (parameters.BootstrapSecurityBindingElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("SecureConversationSecurityTokenParametersRequireBootstrapBinding"))); } base.AddDemuxerForSecureConversation(builder, secureConversationBindingContext); if (parameters.RequireCancellation) { SessionSymmetricTransportSecurityProtocolFactory factory = new SessionSymmetricTransportSecurityProtocolFactory(); base.ApplyAuditBehaviorSettings(context, factory); factory.SecurityTokenParameters = parameters.Clone(); ((SecureConversationSecurityTokenParameters)factory.SecurityTokenParameters).IssuerBindingContext = secureConversationBindingContext; base.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0); try { base.ConfigureProtocolFactory(factory, credentialsManager, true, secureConversationBindingContext, context.Binding); } finally { base.EndpointSupportingTokenParameters.Endorsing.Insert(0, parameters); } listener.SessionMode = true; listener.SessionServerSettings.InactivityTimeout = base.LocalServiceSettings.InactivityTimeout; listener.SessionServerSettings.KeyRolloverInterval = base.LocalServiceSettings.SessionKeyRolloverInterval; listener.SessionServerSettings.MaximumPendingSessions = base.LocalServiceSettings.MaxPendingSessions; listener.SessionServerSettings.MaximumKeyRenewalInterval = base.LocalServiceSettings.SessionKeyRenewalInterval; listener.SessionServerSettings.TolerateTransportFailures = base.LocalServiceSettings.ReconnectTransportOnFailure; listener.SessionServerSettings.CanRenewSession = parameters.CanRenewSession; listener.SessionServerSettings.IssuedSecurityTokenParameters = parameters.Clone(); ((SecureConversationSecurityTokenParameters)listener.SessionServerSettings.IssuedSecurityTokenParameters).IssuerBindingContext = secureConversationBindingContext; listener.SessionServerSettings.SecurityStandardsManager = factory.StandardsManager; listener.SessionServerSettings.SessionProtocolFactory = factory; if (((context.BindingParameters != null) && (context.BindingParameters.Find <IChannelDemuxFailureHandler>() == null)) && !base.IsUnderlyingListenerDuplex <TChannel>(context)) { context.BindingParameters.Add(new SecuritySessionServerSettings.SecuritySessionDemuxFailureHandler(factory.StandardsManager)); } } else { TransportSecurityProtocolFactory factory2 = new TransportSecurityProtocolFactory(); base.ApplyAuditBehaviorSettings(context, factory2); base.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0); try { base.ConfigureProtocolFactory(factory2, credentialsManager, true, secureConversationBindingContext, context.Binding); SecureConversationSecurityTokenParameters item = (SecureConversationSecurityTokenParameters)parameters.Clone(); item.IssuerBindingContext = secureConversationBindingContext; factory2.SecurityBindingElement.EndpointSupportingTokenParameters.Endorsing.Insert(0, item); } finally { base.EndpointSupportingTokenParameters.Endorsing.Insert(0, parameters); } listener.SecurityProtocolFactory = factory2; } } else { SecurityProtocolFactory factory3 = this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, true, secureConversationBindingContext); listener.SecurityProtocolFactory = factory3; } listener.InitializeListener(builder); return(listener); }
public SecurityOutputChannel(ChannelManagerBase factory, SecurityProtocolFactory securityProtocolFactory, IOutputChannel innerChannel, EndpointAddress to, Uri via) : base(factory, securityProtocolFactory, innerChannel, to, via) { }
public PeerDoNothingSecurityProtocol(SecurityProtocolFactory factory) : base(factory, null, null) { }
internal SecurityChannelFactory(Binding binding, SecurityProtocolFactory protocolFactory, IChannelFactory innerChannelFactory) : base((IDefaultCommunicationTimeouts)binding, innerChannelFactory) { this.securityProtocolFactory = protocolFactory; }
protected override IServiceDispatcher BuildServiceDispatcherCore <TChannel>(BindingContext context, IServiceDispatcher serviceDispatcher) { SecurityServiceDispatcher securityServiceDispatcher = new SecurityServiceDispatcher(context, serviceDispatcher); SecurityCredentialsManager credentialsManager = serviceDispatcher.Host.Description.Behaviors.Find <SecurityCredentialsManager>(); if (credentialsManager == null) { credentialsManager = ServiceCredentials.CreateDefaultCredentials(); } SecureConversationSecurityTokenParameters scParameters; if (EndpointSupportingTokenParameters.Endorsing.Count > 0) { scParameters = EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters; } else { scParameters = null; } bool requireDemuxer = RequiresChannelDemuxer(); ChannelBuilder channelBuilder = new ChannelBuilder(context, requireDemuxer); if (requireDemuxer) { ApplyPropertiesOnDemuxer(channelBuilder, context); } BindingContext issuerBindingContext = context.Clone(); issuerBindingContext.BindingParameters.Add(credentialsManager); if (scParameters != null) { if (scParameters.BootstrapSecurityBindingElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.SecureConversationSecurityTokenParametersRequireBootstrapBinding))); } AddDemuxerForSecureConversation(channelBuilder, issuerBindingContext); if (scParameters.RequireCancellation) { SessionSymmetricTransportSecurityProtocolFactory sessionFactory = new SessionSymmetricTransportSecurityProtocolFactory { // base.ApplyAuditBehaviorSettings(context, sessionFactory); SecurityTokenParameters = scParameters.Clone() }; ((SecureConversationSecurityTokenParameters)sessionFactory.SecurityTokenParameters).IssuerBindingContext = issuerBindingContext; EndpointSupportingTokenParameters.Endorsing.RemoveAt(0); try { ConfigureProtocolFactory(sessionFactory, credentialsManager, true, issuerBindingContext, context.Binding); } finally { EndpointSupportingTokenParameters.Endorsing.Insert(0, scParameters); } securityServiceDispatcher.SessionMode = true; securityServiceDispatcher.SessionServerSettings.InactivityTimeout = LocalServiceSettings.InactivityTimeout; securityServiceDispatcher.SessionServerSettings.KeyRolloverInterval = LocalServiceSettings.SessionKeyRolloverInterval; securityServiceDispatcher.SessionServerSettings.MaximumPendingSessions = LocalServiceSettings.MaxPendingSessions; securityServiceDispatcher.SessionServerSettings.MaximumKeyRenewalInterval = LocalServiceSettings.SessionKeyRenewalInterval; securityServiceDispatcher.SessionServerSettings.TolerateTransportFailures = LocalServiceSettings.ReconnectTransportOnFailure; securityServiceDispatcher.SessionServerSettings.CanRenewSession = scParameters.CanRenewSession; securityServiceDispatcher.SessionServerSettings.IssuedSecurityTokenParameters = scParameters.Clone(); ((SecureConversationSecurityTokenParameters)securityServiceDispatcher.SessionServerSettings.IssuedSecurityTokenParameters).IssuerBindingContext = issuerBindingContext; securityServiceDispatcher.SessionServerSettings.SecurityStandardsManager = sessionFactory.StandardsManager; securityServiceDispatcher.SessionServerSettings.SessionProtocolFactory = sessionFactory; securityServiceDispatcher.SecurityProtocolFactory = sessionFactory; // pass in the error handler for handling unknown security sessions - dont do this if the underlying channel is duplex since sending // back faults in response to badly secured requests over duplex can result in DoS. if (context.BindingParameters != null && context.BindingParameters.Find <IChannelDemuxFailureHandler>() == null && !IsUnderlyingDispatcherDuplex <TChannel>(context)) { context.BindingParameters.Add(new SecuritySessionServerSettings.SecuritySessionDemuxFailureHandler(sessionFactory.StandardsManager)); } } else { //TODO later TransportSecurityProtocolFactory protocolFactory = new TransportSecurityProtocolFactory(); // base.ApplyAuditBehaviorSettings(context, protocolFactory); EndpointSupportingTokenParameters.Endorsing.RemoveAt(0); try { ConfigureProtocolFactory(protocolFactory, credentialsManager, true, issuerBindingContext, context.Binding); SecureConversationSecurityTokenParameters acceleratedTokenParameters = (SecureConversationSecurityTokenParameters)scParameters.Clone(); acceleratedTokenParameters.IssuerBindingContext = issuerBindingContext; protocolFactory.SecurityBindingElement.EndpointSupportingTokenParameters.Endorsing.Insert(0, acceleratedTokenParameters); } finally { EndpointSupportingTokenParameters.Endorsing.Insert(0, scParameters); } securityServiceDispatcher.SecurityProtocolFactory = protocolFactory; } } else { SecurityProtocolFactory protocolFactory = CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, true, issuerBindingContext); securityServiceDispatcher.SecurityProtocolFactory = protocolFactory; } securityServiceDispatcher.InitializeSecurityDispatcher(channelBuilder, typeof(TChannel)); //return channelListener; channelBuilder.BuildServiceDispatcher <TChannel>(context, securityServiceDispatcher); return(securityServiceDispatcher); }
internal bool TryGetSupportingTokens(SecurityProtocolFactory factory, EndpointAddress target, Uri via, Message message, TimeSpan timeout, bool isBlockingCall, out IList<SupportingTokenSpecification> supportingTokens) { if (!factory.ActAsInitiator) { supportingTokens = null; return true; } if (message == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("message"); } TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); supportingTokens = null; IList<SupportingTokenProviderSpecification> supportingTokenProviders = this.GetSupportingTokenProviders(message.Headers.Action); if (supportingTokenProviders != null && supportingTokenProviders.Count > 0) { // dont do anything if blocking is not allowed if (!isBlockingCall) { return false; } supportingTokens = new Collection<SupportingTokenSpecification>(); for (int i = 0; i < supportingTokenProviders.Count; ++i) { SupportingTokenProviderSpecification spec = supportingTokenProviders[i]; SecurityToken supportingToken; // The ProviderBackedSecurityToken was added in Win7 to allow KerberosRequestorSecurity // to pass a channel binding to InitializeSecurityContext. if ((this is TransportSecurityProtocol) && (spec.TokenParameters is KerberosSecurityTokenParameters)) { supportingToken = new ProviderBackedSecurityToken(spec.TokenProvider, timeoutHelper.RemainingTime()); } else { supportingToken = spec.TokenProvider.GetToken(timeoutHelper.RemainingTime()); } supportingTokens.Add(new SupportingTokenSpecification(supportingToken, EmptyReadOnlyCollection<IAuthorizationPolicy>.Instance, spec.SecurityTokenAttachmentMode, spec.TokenParameters)); } } // add any runtime supporting tokens AddMessageSupportingTokens(message, ref supportingTokens); return true; }
protected override IChannelFactory <TChannel> BuildChannelFactoryCore <TChannel>(BindingContext context) { ISecurityCapabilities securityCapabilities = this.GetProperty <ISecurityCapabilities>(context); SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>(); if (credentialsManager == null) { credentialsManager = ClientCredentials.CreateDefaultCredentials(); } SecureConversationSecurityTokenParameters scParameters = null; if (this.EndpointSupportingTokenParameters.Endorsing.Count > 0) { scParameters = this.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters; } // This adds the demuxer element to the context bool requireDemuxer = RequiresChannelDemuxer(); ChannelBuilder channelBuilder = new ChannelBuilder(context, requireDemuxer); if (requireDemuxer) { ApplyPropertiesOnDemuxer(channelBuilder, context); } BindingContext issuerBindingContext = context.Clone(); SecurityChannelFactory <TChannel> channelFactory; if (scParameters != null) { if (scParameters.BootstrapSecurityBindingElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SecureConversationSecurityTokenParametersRequireBootstrapBinding))); } scParameters.IssuerBindingContext = issuerBindingContext; if (scParameters.RequireCancellation) { SessionSymmetricTransportSecurityProtocolFactory sessionFactory = new SessionSymmetricTransportSecurityProtocolFactory(); sessionFactory.SecurityTokenParameters = scParameters.Clone(); ((SecureConversationSecurityTokenParameters)sessionFactory.SecurityTokenParameters).IssuerBindingContext = issuerBindingContext; this.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0); try { base.ConfigureProtocolFactory(sessionFactory, credentialsManager, false, issuerBindingContext, context.Binding); } finally { this.EndpointSupportingTokenParameters.Endorsing.Insert(0, scParameters); } SecuritySessionClientSettings <TChannel> sessionClientSettings = new SecuritySessionClientSettings <TChannel>(); sessionClientSettings.ChannelBuilder = channelBuilder; sessionClientSettings.KeyRenewalInterval = this.LocalClientSettings.SessionKeyRenewalInterval; sessionClientSettings.KeyRolloverInterval = this.LocalClientSettings.SessionKeyRolloverInterval; sessionClientSettings.TolerateTransportFailures = this.LocalClientSettings.ReconnectTransportOnFailure; sessionClientSettings.CanRenewSession = scParameters.CanRenewSession; sessionClientSettings.IssuedSecurityTokenParameters = scParameters.Clone(); ((SecureConversationSecurityTokenParameters)sessionClientSettings.IssuedSecurityTokenParameters).IssuerBindingContext = issuerBindingContext; sessionClientSettings.SecurityStandardsManager = sessionFactory.StandardsManager; sessionClientSettings.SessionProtocolFactory = sessionFactory; channelFactory = new SecurityChannelFactory <TChannel>(securityCapabilities, context, sessionClientSettings); } else { TransportSecurityProtocolFactory protocolFactory = new TransportSecurityProtocolFactory(); this.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0); try { base.ConfigureProtocolFactory(protocolFactory, credentialsManager, false, issuerBindingContext, context.Binding); SecureConversationSecurityTokenParameters acceleratedTokenParameters = (SecureConversationSecurityTokenParameters)scParameters.Clone(); acceleratedTokenParameters.IssuerBindingContext = issuerBindingContext; protocolFactory.SecurityBindingElement.EndpointSupportingTokenParameters.Endorsing.Insert(0, acceleratedTokenParameters); } finally { this.EndpointSupportingTokenParameters.Endorsing.Insert(0, scParameters); } channelFactory = new SecurityChannelFactory <TChannel>(securityCapabilities, context, channelBuilder, protocolFactory); } } else { SecurityProtocolFactory protocolFactory = this.CreateSecurityProtocolFactory <TChannel>( context, credentialsManager, false, issuerBindingContext); channelFactory = new SecurityChannelFactory <TChannel>(securityCapabilities, context, channelBuilder, protocolFactory); } return(channelFactory); }