public override SecurityTokenProvider CreateSecurityTokenProvider( SecurityTokenRequirement requirement) { SecurityTokenProvider result = null; if (requirement.TokenType == SecurityTokenTypes.X509Certificate) { var direction = requirement.GetProperty<MessageDirection>(ServiceModelSecurityTokenRequirement.MessageDirectionProperty); if (direction == MessageDirection.Output) { if (requirement.KeyUsage == SecurityKeyUsage.Signature) result = new X509SecurityTokenProvider(this._credentials.ClientSigningCertificate); else result = new X509SecurityTokenProvider(this._credentials.ServiceEncryptingCertificate); } else { if (requirement.KeyUsage == SecurityKeyUsage.Signature) result = new X509SecurityTokenProvider(this._credentials.ServiceSigningCertificate); else result = new X509SecurityTokenProvider(_credentials.ClientEncryptingCertificate); } } else { result = base.CreateSecurityTokenProvider(requirement); } return result; }
/// <summary> /// Creates a security token authenticator based on the <see cref="T:System.IdentityModel.Selectors.SecurityTokenRequirement"/>. /// </summary> /// <param name="tokenRequirement">The <see cref="T:System.IdentityModel.Selectors.SecurityTokenRequirement"/>.</param> /// <param name="outOfBandTokenResolver">When this method returns, contains a <see cref="T:System.IdentityModel.Selectors.SecurityTokenResolver"/>. This parameter is passed uninitialized.</param> /// <returns> /// The <see cref="T:System.IdentityModel.Selectors.SecurityTokenAuthenticator"/>. /// </returns> /// <exception cref="T:System.ArgumentNullException"> /// <paramref name="tokenRequirement"/> is null.</exception> /// <exception cref="T:System.NotSupportedException">A security token authenticator cannot be created for the<paramref name=" tokenRequirement"/> that was passed in.</exception> public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator( SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver) { if (tokenRequirement.TokenType == SecurityTokenTypes.UserName) { outOfBandTokenResolver = null; // Get the current validator UserNamePasswordValidator validator = ServiceCredentials.UserNameAuthentication.CustomUserNamePasswordValidator; // Ensure that a validator exists if (validator == null) { Trace.TraceWarning("Custom UserName Password Validator must be configued in web.config"); validator = new DefaultPersonnelValidator(); } return new PersonnelUserNameTokenAuthenticator(validator); } // Return your implementation of the SecurityTokenAuthenticator, if required. // This implementation delegates to the base class. return base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver); }
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator (SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver) { // Return your implementation of the SecurityTokenProvider based on the // tokenRequirement argument. SecurityTokenAuthenticator result; if (tokenRequirement.TokenType == SecurityTokenTypes.UserName) { MessageDirection direction = tokenRequirement.GetProperty<MessageDirection> (ServiceModelSecurityTokenRequirement.MessageDirectionProperty); if (direction == MessageDirection.Input) { outOfBandTokenResolver = null; result = new MySecurityTokenAuthenticator(); } else { result = base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver); } } else { result = base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver); } return result; }
public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { if (String.IsNullOrWhiteSpace(tokenRequirement.TokenType) || tokenRequirement.TokenType == SecurityTokenTypes.Saml || tokenRequirement.TokenType == "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1") { SecurityBindingElement sbe = null; if (!tokenRequirement.TryGetProperty<SecurityBindingElement>("http://schemas.microsoft.com/ws/2006/05/servicemodel/securitytokenrequirement/SecurityBindingElement", out sbe)) { throw new InvalidOperationException("Could not retreive the Security Binding Element!"); } // If the token requirement is for a SymmetricKey based token.. if (tokenRequirement.KeyType != SecurityKeyType.AsymmetricKey) throw new NotSupportedException("Only Asymmetric keys are supported"); //TODO:Add more IssuedSecurityTokenParameters sessionTokenParams = null; if (sbe is AsymmetricSecurityBindingElement) { sessionTokenParams = (IssuedSecurityTokenParameters) ((AsymmetricSecurityBindingElement)sbe).InitiatorTokenParameters; } if (sbe is TransportSecurityBindingElement) { sessionTokenParams = (IssuedSecurityTokenParameters)((TransportSecurityBindingElement)sbe).EndpointSupportingTokenParameters.Endorsing[0]; } return new SsoSecurityTokenProvider((SsoClientCredentials)ClientCredentials, sessionTokenParams); } else { // otherwise use base implementation return base.CreateSecurityTokenProvider(tokenRequirement); } }
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator ( SecurityTokenRequirement requirement, out SecurityTokenResolver outOfBandTokenResolver) { outOfBandTokenResolver = null; if (requirement.TokenType == SecurityTokenTypes.UserName) return CreateUserNameAuthenticator (requirement); if (requirement.TokenType == SecurityTokenTypes.X509Certificate) return CreateX509Authenticator (requirement); if (requirement.TokenType == SecurityTokenTypes.Rsa) return new RsaSecurityTokenAuthenticator (); if (requirement.TokenType == ServiceModelSecurityTokenTypes.SecureConversation) { // FIXME: get parameters from somewhere SecurityContextSecurityTokenResolver resolver = new SecurityContextSecurityTokenResolver (0x1000, true); outOfBandTokenResolver = resolver; SecurityContextSecurityTokenAuthenticator sc = new SecurityContextSecurityTokenAuthenticator (); return new SecureConversationSecurityTokenAuthenticator (requirement, sc, resolver); } if (requirement.TokenType == ServiceModelSecurityTokenTypes.AnonymousSslnego) return CreateSslTokenAuthenticator (requirement); if (requirement.TokenType == ServiceModelSecurityTokenTypes.MutualSslnego) return CreateSslTokenAuthenticator (requirement); if (requirement.TokenType == ServiceModelSecurityTokenTypes.Spnego) return CreateSpnegoTokenAuthenticator (requirement); else throw new NotImplementedException ("Not implemented token type: " + requirement.TokenType); }
public SpnegoSecurityTokenAuthenticator ( ServiceCredentialsSecurityTokenManager manager, SecurityTokenRequirement r) { this.manager = manager; comm = new SpnegoAuthenticatorCommunicationObject (this); }
public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { InitiatorServiceModelSecurityTokenRequirement requirement = tokenRequirement as InitiatorServiceModelSecurityTokenRequirement; if (requirement != null && requirement.TokenType == SecurityTokenTypes.X509Certificate && requirement.Properties.ContainsKey(SecurityTokenRequirement.KeyUsageProperty) && (requirement.KeyUsage == SecurityKeyUsage.Exchange)) { X509Certificate2 defaultCertificate = null; EndpointAddress targetAddress = requirement.TargetAddress; if (targetAddress != null) { this.ClientCredentials.ServiceCertificate.ScopedCertificates.TryGetValue(targetAddress.Uri, out defaultCertificate); } if (defaultCertificate == null) { defaultCertificate = this.ClientCredentials.ServiceCertificate.DefaultCertificate; } if (((defaultCertificate == null) && (targetAddress.Identity != null)) && (targetAddress.Identity.GetType() == typeof(X509CertificateEndpointIdentity))) { defaultCertificate = ((X509CertificateEndpointIdentity)targetAddress.Identity).Certificates[0]; } if (defaultCertificate == null) { isDummyServiceToken = true; return new DummySecurityTokenProvider(); } isDummyServiceToken = false; return new X509SecurityTokenProvider(defaultCertificate); } return base.CreateSecurityTokenProvider(tokenRequirement); }
/// <summary> /// Gets a GenericXmlSecurityToken that wraps the provided issued token /// with the authorization policies necessary. /// </summary> static GenericXmlSecurityToken WrapWithAuthPolicy(GenericXmlSecurityToken issuedToken, SecurityTokenRequirement tokenRequirement) { EndpointIdentity endpointIdentity = null; var issuedTokenRequirement = tokenRequirement as InitiatorServiceModelSecurityTokenRequirement; if (issuedTokenRequirement != null) { EndpointAddress targetAddress = issuedTokenRequirement.TargetAddress; if (targetAddress.Uri.IsAbsoluteUri) { endpointIdentity = EndpointIdentity.CreateDnsIdentity(targetAddress.Uri.DnsSafeHost); } } ReadOnlyCollection<IAuthorizationPolicy> authorizationPolicies = GetServiceAuthorizationPolicies(endpointIdentity); return new GenericXmlSecurityToken(issuedToken.TokenXml, issuedToken.ProofToken, issuedToken.ValidFrom, issuedToken.ValidTo, issuedToken.InternalTokenReference, issuedToken.ExternalTokenReference, authorizationPolicies); }
public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { if (tokenRequirement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenRequirement"); } SecurityTokenProvider result = null; if (tokenRequirement is RecipientServiceModelSecurityTokenRequirement && tokenRequirement.TokenType == SecurityTokenTypes.X509Certificate && tokenRequirement.KeyUsage == SecurityKeyUsage.Exchange) { #if FEATURE_CORECLR // X509Certificates // this is the uncorrelated duplex case if (_parent.ClientCertificate.Certificate == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.ClientCertificateNotProvidedOnClientCredentials))); } result = new X509SecurityTokenProvider(_parent.ClientCertificate.Certificate); #endif } else if (tokenRequirement is InitiatorServiceModelSecurityTokenRequirement) { InitiatorServiceModelSecurityTokenRequirement initiatorRequirement = tokenRequirement as InitiatorServiceModelSecurityTokenRequirement; string tokenType = initiatorRequirement.TokenType; if (IsIssuedSecurityTokenRequirement(initiatorRequirement)) { throw ExceptionHelper.PlatformNotSupported("CreateSecurityTokenProvider (IsIssuedSecurityTokenRequirement(initiatorRequirement)"); } else if (tokenType == SecurityTokenTypes.X509Certificate) { if (initiatorRequirement.Properties.ContainsKey(SecurityTokenRequirement.KeyUsageProperty) && initiatorRequirement.KeyUsage == SecurityKeyUsage.Exchange) { throw ExceptionHelper.PlatformNotSupported("CreateSecurityTokenProvider X509Certificate - SecurityKeyUsage.Exchange"); } else { #if FEATURE_CORECLR if (_parent.ClientCertificate.Certificate == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.ClientCertificateNotProvidedOnClientCredentials))); } result = new X509SecurityTokenProvider(_parent.ClientCertificate.Certificate); #else throw ExceptionHelper.PlatformNotSupported("CreateSecurityTokenProvider X509Certificate - Client certificate not supported in UAP"); #endif } } else if (tokenType == SecurityTokenTypes.UserName) { throw ExceptionHelper.PlatformNotSupported("CreateSecurityTokenProvider SecurityTokenTypes.Username"); } } if ((result == null) && !tokenRequirement.IsOptionalToken) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.Format(SR.SecurityTokenManagerCannotCreateProviderForRequirement, tokenRequirement))); } return result; }
public SslSecurityTokenAuthenticator ( ServiceCredentialsSecurityTokenManager manager, SecurityTokenRequirement r) { this.manager = manager; mutual = (r.TokenType == ServiceModelSecurityTokenTypes.MutualSslnego); comm = new SslAuthenticatorCommunicationObject (this); }
protected override void InitializeSecurityTokenRequirement (SecurityTokenRequirement requirement) { if (requirement == null) throw new ArgumentNullException ("requirement"); requirement.TokenType = SecurityTokenTypes.Kerberos; requirement.RequireCryptographicToken = true; requirement.KeyType = SecurityKeyType.SymmetricKey; }
public void TryGetPropertyTypeBaseMatch () { SecurityTokenRequirement r = new SecurityTokenRequirement (); r.Properties ["urn:foo"] = 1; object o; r.TryGetProperty<object> ("urn:foo", out o); }
public void TryGetPropertyTypeMismatch () { SecurityTokenRequirement r = new SecurityTokenRequirement (); r.Properties ["urn:foo"] = 1; string s; r.TryGetProperty<string> ("urn:foo", out s); }
public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { if (tokenRequirement.TokenType == "RequestedSecurityToken") { return new RequestedSecurityTokenProvider(this.Credentials); } return base.CreateSecurityTokenProvider(tokenRequirement); }
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver) { if (tokenRequirement.TokenType == CreditCardTokenConstants.CreditCardTokenType) { outOfBandTokenResolver = null; return new CreditCardTokenAuthenticator(creditCardServiceCredentials.ValidCreditCards); } return base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver); }
public void TryGetPropertyTypeConvertible() { SecurityTokenRequirement r = new SecurityTokenRequirement(); r.Properties ["urn:foo"] = 1; double d; r.TryGetProperty <double> ("urn:foo", out d); }
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver) { if (tokenRequirement.TokenType == Constants.UsernameTokenType) { outOfBandTokenResolver = null; return(new UsernameTokenAuthenticator(_userNameServiceCredentials.Validator)); } return(base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver)); }
public override System.IdentityModel.Selectors.SecurityTokenAuthenticator CreateSecurityTokenAuthenticator( SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver ) { if ( tokenRequirement.TokenType == Constants.UsernameTokenType ) { outOfBandTokenResolver = null; return new SecurityTokenAuthenticator( _serviceCredentials.Validator ); } return base.CreateSecurityTokenAuthenticator( tokenRequirement, out outOfBandTokenResolver ); }
/// <summary> /// This method creates the inner security token authenticator from the base class. /// The wrapped token cache is initialized with this authenticator. /// </summary> SecurityTokenAuthenticator CreateInnerSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver) { SecurityTokenAuthenticator securityTokenAuthenticator = base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver); SctClaimsHandler claimsHandler = new SctClaimsHandler( _securityTokenHandlerCollection, GetNormalizedEndpointId(tokenRequirement)); SetWrappedTokenCache(new WrappedTokenCache(_tokenCache, claimsHandler), securityTokenAuthenticator, null, claimsHandler); return(securityTokenAuthenticator); }
public void DefaultValues () { SecurityTokenRequirement r = new SecurityTokenRequirement (); Assert.AreEqual (0, r.KeySize, "#1"); Assert.AreEqual (SecurityKeyType.SymmetricKey, r.KeyType, "#2"); Assert.AreEqual (SecurityKeyUsage.Signature, r.KeyUsage, "#3"); Assert.IsNull (r.TokenType, "#4"); Assert.AreEqual (false, r.RequireCryptographicToken, "#5"); }
/// <summary> /// Creates a security token authenticator based on the <see cref="T:System.IdentityModel.Selectors.SecurityTokenRequirement"/>. /// </summary> /// <param name="tokenRequirement">The security token requirement.</param> /// <param name="outOfBandTokenResolver">When this method returns, contains a <see cref="T:System.IdentityModel.Selectors.SecurityTokenResolver"/>. This parameter is passed uninitialized.</param> /// <returns> /// The security token authenticator. /// </returns> /// <exception cref="T:System.ArgumentNullException"> /// <paramref name="tokenRequirement"/> is null.</exception> /// /// <exception cref="T:System.NotSupportedException">A security token authenticator cannot be created for the <paramref name=" tokenRequirement"/> that was passed in.</exception> public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver) { if (tokenRequirement.TokenType == SecurityTokenTypes.UserName) { outOfBandTokenResolver = null; return(new UserNamePasswordSecurityTokenAuthenticator(ServiceCredentials.UserNameAuthentication.CustomUserNamePasswordValidator)); } return(base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver)); }
public void TryGetPropertyTypeMismatch() { SecurityTokenRequirement r = new SecurityTokenRequirement(); r.Properties ["urn:foo"] = 1; string s; r.TryGetProperty <string> ("urn:foo", out s); }
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver) { if (tokenRequirement.TokenType == Constants.CreditCardTokenType) { outOfBandTokenResolver = null; return(new CreditCardTokenAuthenticator(creditCardServiceCredentials.CreditCardDataFile)); } return(base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver)); }
public SecureConversationSecurityTokenAuthenticator( SecurityTokenRequirement r, SecurityContextSecurityTokenAuthenticator scAuth, SecurityContextSecurityTokenResolver scResolver) { this.req = r; this.sc_auth = scAuth; this.sc_res = scResolver; comm = new WsscAuthenticatorCommunicationObject(); }
public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { if (base.IsIssuedSecurityTokenRequirement(tokenRequirement)) { EndpointAddress property = tokenRequirement.GetProperty <EndpointAddress>(ServiceModelSecurityTokenRequirement.TargetAddressProperty); IssuedSecurityTokenParameters parameters = tokenRequirement.GetProperty <IssuedSecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty); return(InfoCardHelper.CreateTokenProviderForNextLeg(tokenRequirement, property, parameters.IssuerAddress, this.m_relyingPartyIssuer, this, this.m_infocardChannelParameter)); } return(base.CreateSecurityTokenProvider(tokenRequirement)); }
public void TryGetPropertyTypeBaseMatch() { SecurityTokenRequirement r = new SecurityTokenRequirement(); r.Properties ["urn:foo"] = 1; object o; r.TryGetProperty <object> ("urn:foo", out o); }
// FIXME: it is far from done. SecurityTokenProvider CreateSecureConversationProvider(SecurityTokenRequirement r) { IssuedSecurityTokenProvider p = CreateIssuedProviderBase(r); // FIXME: use it somewhere. int keySize = r.KeySize; return(p); }
protected internal override void InitializeSecurityTokenRequirement(SecurityTokenRequirement requirement) { requirement.TokenType = ServiceModelSecurityTokenTypes.SecureConversation; requirement.KeyType = SecurityKeyType.SymmetricKey; requirement.RequireCryptographicToken = true; requirement.Properties[ServiceModelSecurityTokenRequirement.SupportSecurityContextCancellationProperty] = RequireCancellation; requirement.Properties[ServiceModelSecurityTokenRequirement.SecureConversationSecurityBindingElementProperty] = BootstrapSecurityBindingElement; requirement.Properties[ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty] = IssuerBindingContext.Clone(); requirement.Properties[ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty] = Clone(); }
protected override void OnOpen(TimeSpan timeout) { if (!isClient) { SecurityTokenRequirement sspiTokenRequirement = TransportSecurityHelpers.CreateSspiTokenRequirement(this.Scheme, this.listenUri); this.serverCredential = TransportSecurityHelpers.GetSspiCredential(this.securityTokenManager, sspiTokenRequirement, timeout, out this.extractGroupsForWindowsAccounts); } }
public override EndpointIdentity GetIdentityOfSelf() { if ((base.SecurityTokenManager is IEndpointIdentityProvider) && (this.AsymmetricTokenParameters != null)) { SecurityTokenRequirement requirement = base.CreateRecipientSecurityTokenRequirement(); this.AsymmetricTokenParameters.InitializeSecurityTokenRequirement(requirement); return(((IEndpointIdentityProvider)base.SecurityTokenManager).GetIdentityOfSelf(requirement)); } return(base.GetIdentityOfSelf()); }
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver) { if (tokenRequirement.TokenType == Constants.CustomTokenType) { outOfBandTokenResolver = null; return(new CustomTokenAuthenticator()); } return(base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver)); }
protected internal override void InitializeSecurityTokenRequirement(SecurityTokenRequirement requirement) { if (requirement == null) { throw new ArgumentNullException("requirement"); } requirement.TokenType = SecurityTokenTypes.Rsa; requirement.RequireCryptographicToken = true; requirement.KeyType = SecurityKeyType.AsymmetricKey; }
public SecureConversationSecurityTokenAuthenticator ( SecurityTokenRequirement r, SecurityContextSecurityTokenAuthenticator scAuth, SecurityContextSecurityTokenResolver scResolver) { this.req = r; this.sc_auth = scAuth; this.sc_res = scResolver; comm = new WsscAuthenticatorCommunicationObject (); }
public HttpReplyChannel (HttpChannelListener<IReplyChannel> listener) : base (listener) { this.source = listener; if (listener.SecurityTokenManager != null) { var str = new SecurityTokenRequirement () { TokenType = SecurityTokenTypes.UserName }; security_token_authenticator = listener.SecurityTokenManager.CreateSecurityTokenAuthenticator (str, out security_token_resolver); } }
protected virtual WsTrustRequest CreateWsTrustRequest() { EndpointAddress target = SecurityTokenRequirement.GetProperty <EndpointAddress>(TargetAddressProperty); int keySize; string keyType; switch (WsTrustTokenParameters.KeyType) { case SecurityKeyType.AsymmetricKey: keySize = DefaultPublicKeySize; keyType = _requestSerializationContext.TrustKeyTypes.PublicKey; break; case SecurityKeyType.SymmetricKey: keySize = _securityAlgorithmSuite.DefaultSymmetricKeyLength; keyType = _requestSerializationContext.TrustKeyTypes.Symmetric; break; case SecurityKeyType.BearerKey: keySize = 0; keyType = _requestSerializationContext.TrustKeyTypes.Bearer; break; default: throw LogHelper.LogExceptionMessage(new NotSupportedException($"KeyType is not supported: '{0}'")); } Entropy entropy = null; if (WsTrustTokenParameters.KeyType != SecurityKeyType.BearerKey && (KeyEntropyMode == SecurityKeyEntropyMode.ClientEntropy || KeyEntropyMode == SecurityKeyEntropyMode.CombinedEntropy)) { byte[] entropyBytes = new byte[keySize / 8]; Psha1KeyGenerator.FillRandomBytes(entropyBytes); entropy = new Entropy(new BinarySecret(entropyBytes)); } var trustRequest = new WsTrustRequest(_requestSerializationContext.TrustActions.Issue) { AppliesTo = new AppliesTo(new EndpointReference(target.Uri.OriginalString)), Context = RequestContext, KeySizeInBits = keySize, KeyType = keyType, TokenType = SecurityTokenRequirement.TokenType, WsTrustVersion = _requestSerializationContext.TrustVersion }; if (entropy != null) { trustRequest.Entropy = entropy; } return(trustRequest); }
/// <summary> /// Creates a security token provider. /// </summary> /// <param name="tokenRequirement">The <see cref="T:System.IdentityModel.Selectors.SecurityTokenRequirement"/>.</param> /// <returns> /// The <see cref="T:System.IdentityModel.Selectors.SecurityTokenProvider"/>. /// </returns> /// <exception cref="T:System.ArgumentNullException"> /// <paramref name="tokenRequirement"/> is null.</exception> public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { if (tokenRequirement.TokenType == SecurityTokenTypes.Saml || tokenRequirement.TokenType == "http://docs.oasis-open.org/wss/oasis-wss-saml-issuedToken-profile-1.1#SAMLV1.1" || tokenRequirement.TokenType == "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1") { return(new SamlSecurityTokenProvider(_credentials.SamlToken)); } return(base.CreateSecurityTokenProvider(tokenRequirement)); }
public void DefaultValues() { SecurityTokenRequirement r = new SecurityTokenRequirement(); Assert.AreEqual(0, r.KeySize, "#1"); Assert.AreEqual(SecurityKeyType.SymmetricKey, r.KeyType, "#2"); Assert.AreEqual(SecurityKeyUsage.Signature, r.KeyUsage, "#3"); Assert.IsNull(r.TokenType, "#4"); Assert.AreEqual(false, r.RequireCryptographicToken, "#5"); }
protected internal override void InitializeSecurityTokenRequirement(SecurityTokenRequirement requirement) { requirement.TokenType = RequireClientCertificate ? ServiceModelSecurityTokenTypes.MutualSslnego : ServiceModelSecurityTokenTypes.AnonymousSslnego; requirement.RequireCryptographicToken = true; requirement.Properties [ReqType.SupportSecurityContextCancellationProperty] = RequireCancellation; requirement.Properties [ReqType.IssuedSecurityTokenParametersProperty] = this.Clone(); requirement.KeyType = SecurityKeyType.SymmetricKey; }
/// <summary> /// Creates the custom SecurityTokenProvider when SAML tokens are specified in the tokenRequirement /// </summary> /// <param name="tokenRequirement">A SecurityTokenRequirement </param> /// <returns>The appropriate SecurityTokenProvider</returns> public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { // If token requirement matches SAML token return the custom SAML token provider if (tokenRequirement.TokenType == SecurityTokenTypes.Saml || tokenRequirement.TokenType == "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1") { // Retrieve the SAML assertion and proof token from the client credentials SamlAssertion assertion = this.samlClientCredentials.Assertion; SecurityToken prooftoken = this.samlClientCredentials.ProofToken; // If either the assertion of proof token is null... if (assertion == null || prooftoken == null) { // ...get the SecurityBindingElement and then the specified algorithm suite SecurityBindingElement sbe = null; SecurityAlgorithmSuite sas = null; if (tokenRequirement.TryGetProperty<SecurityBindingElement>("http://schemas.microsoft.com/ws/2006/05/servicemodel/securitytokenrequirement/SecurityBindingElement", out sbe)) { sas = sbe.DefaultAlgorithmSuite; } // If the token requirement is for a SymmetricKey based token.. if (tokenRequirement.KeyType == SecurityKeyType.SymmetricKey) { // Create a symmetric proof token prooftoken = SamlUtilities.CreateSymmetricProofToken(tokenRequirement.KeySize); // and a corresponding assertion based on the claims specified in the client credentials assertion = SamlUtilities.CreateSymmetricKeyBasedAssertion(this.samlClientCredentials.Claims, new X509SecurityToken(samlClientCredentials.ClientCertificate.Certificate), new X509SecurityToken(samlClientCredentials.ServiceCertificate.DefaultCertificate), (BinarySecretSecurityToken)prooftoken, sas); } // otherwise... else { // Create an asymmetric proof token prooftoken = SamlUtilities.CreateAsymmetricProofToken(); // and a corresponding assertion based on the claims specified in the client credentials assertion = SamlUtilities.CreateAsymmetricKeyBasedAssertion(this.samlClientCredentials.Claims, prooftoken, sas); } } // Create a SamlSecurityTokenProvider based on the assertion and proof token return new SamlSecurityTokenProvider(assertion, prooftoken); } // otherwise use base implementation else { return base.CreateSecurityTokenProvider(tokenRequirement); } }
public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { if (IsIssuedSecurityTokenRequirement(tokenRequirement)) { return(new DurableIssuedSecurityTokenProvider((IssuedSecurityTokenProvider)base.CreateSecurityTokenProvider(tokenRequirement), this.cache)); } else { return(base.CreateSecurityTokenProvider(tokenRequirement)); } }
private static SecurityAlgorithmSuite GetSecurityAlgorithmSuite(SecurityTokenRequirement tokenRequirement) { SecurityAlgorithmSuite result = null; SecurityBindingElement securityBindingElement; if (tokenRequirement.TryGetProperty <SecurityBindingElement>("http://schemas.microsoft.com/ws/2006/05/servicemodel/securitytokenrequirement/SecurityBindingElement", out securityBindingElement)) { result = securityBindingElement.DefaultAlgorithmSuite; } return(result); }
public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { if (IsIssuedSecurityTokenRequirement(tokenRequirement)) { return new DurableIssuedSecurityTokenProvider((IssuedSecurityTokenProvider)base.CreateSecurityTokenProvider(tokenRequirement), this.cache); } else { return base.CreateSecurityTokenProvider(tokenRequirement); } }
protected internal bool IsIssuedSecurityTokenRequirement( SecurityTokenRequirement requirement) { SecurityTokenParameters ret; if (!requirement.TryGetProperty <SecurityTokenParameters> (ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty, out ret)) { return(false); } return(ret is IssuedSecurityTokenParameters); }
protected internal override void InitializeSecurityTokenRequirement(SecurityTokenRequirement requirement) { // .NET somehow causes NRE. dunno why. requirement.TokenType = ServiceModelSecurityTokenTypes.SecureConversation; requirement.RequireCryptographicToken = true; requirement.Properties [ReqType.SupportSecurityContextCancellationProperty] = RequireCancellation; requirement.Properties [ReqType.SecureConversationSecurityBindingElementProperty] = BootstrapSecurityBindingElement; requirement.Properties [ReqType.IssuedSecurityTokenParametersProperty] = this.Clone(); requirement.KeyType = SecurityKeyType.SymmetricKey; }
/// <summary> /// Creates a security token provider. /// </summary> /// <param name="tokenRequirement">The <see cref="T:System.IdentityModel.Selectors.SecurityTokenRequirement"/>.</param> /// <returns> /// The <see cref="T:System.IdentityModel.Selectors.SecurityTokenProvider"/>. /// </returns> /// <exception cref="T:System.ArgumentNullException"> /// <paramref name="tokenRequirement"/> is null.</exception> public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { if (tokenRequirement.TokenType == SecurityTokenTypes.Saml || tokenRequirement.TokenType == "http://docs.oasis-open.org/wss/oasis-wss-saml-issuedToken-profile-1.1#SAMLV1.1" || tokenRequirement.TokenType == "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1") { return new SamlSecurityTokenProvider(_credentials.SamlToken); } return base.CreateSecurityTokenProvider(tokenRequirement); }
public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { if (tokenRequirement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenRequirement"); } SecurityTokenProvider result = null; if (tokenRequirement is RecipientServiceModelSecurityTokenRequirement && tokenRequirement.TokenType == SecurityTokenTypes.X509Certificate && tokenRequirement.KeyUsage == SecurityKeyUsage.Exchange) { // this is the uncorrelated duplex case if (_parent.ClientCertificate.Certificate == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.ClientCertificateNotProvidedOnClientCredentials))); } result = new X509SecurityTokenProvider(_parent.ClientCertificate.Certificate); } else if (tokenRequirement is InitiatorServiceModelSecurityTokenRequirement) { InitiatorServiceModelSecurityTokenRequirement initiatorRequirement = tokenRequirement as InitiatorServiceModelSecurityTokenRequirement; string tokenType = initiatorRequirement.TokenType; if (IsIssuedSecurityTokenRequirement(initiatorRequirement)) { throw ExceptionHelper.PlatformNotSupported("CreateSecurityTokenProvider (IsIssuedSecurityTokenRequirement(initiatorRequirement)"); } else if (tokenType == SecurityTokenTypes.X509Certificate) { if (initiatorRequirement.Properties.ContainsKey(SecurityTokenRequirement.KeyUsageProperty) && initiatorRequirement.KeyUsage == SecurityKeyUsage.Exchange) { throw ExceptionHelper.PlatformNotSupported("CreateSecurityTokenProvider X509Certificate - SecurityKeyUsage.Exchange"); } else { if (_parent.ClientCertificate.Certificate == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.ClientCertificateNotProvidedOnClientCredentials))); } result = new X509SecurityTokenProvider(_parent.ClientCertificate.Certificate); } } else if (tokenType == SecurityTokenTypes.UserName) { throw ExceptionHelper.PlatformNotSupported("CreateSecurityTokenProvider SecurityTokenTypes.Username"); } } if ((result == null) && !tokenRequirement.IsOptionalToken) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.Format(SR.SecurityTokenManagerCannotCreateProviderForRequirement, tokenRequirement))); } return(result); }
/// <summary> /// Creates the custom SecurityTokenProvider when SAML tokens are specified in the tokenRequirement /// </summary> /// <param name="tokenRequirement">A SecurityTokenRequirement </param> /// <returns>The appropriate SecurityTokenProvider</returns> public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { // If token requirement matches SAML token return the custom SAML token provider if (tokenRequirement.TokenType == SecurityTokenTypes.Saml || tokenRequirement.TokenType == "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1") { // Retrieve the SAML assertion and proof token from the client credentials SamlAssertion assertion = this.samlClientCredentials.Assertion; SecurityToken prooftoken = this.samlClientCredentials.ProofToken; // If either the assertion of proof token is null... if (assertion == null || prooftoken == null) { // ...get the SecurityBindingElement and then the specified algorithm suite SecurityBindingElement sbe = null; SecurityAlgorithmSuite sas = null; if (tokenRequirement.TryGetProperty <SecurityBindingElement>("http://schemas.microsoft.com/ws/2006/05/servicemodel/securitytokenrequirement/SecurityBindingElement", out sbe)) { sas = sbe.DefaultAlgorithmSuite; } // If the token requirement is for a SymmetricKey based token.. if (tokenRequirement.KeyType == SecurityKeyType.SymmetricKey) { // Create a symmetric proof token prooftoken = SamlUtilities.CreateSymmetricProofToken(tokenRequirement.KeySize); // and a corresponding assertion based on the claims specified in the client credentials assertion = SamlUtilities.CreateSymmetricKeyBasedAssertion(this.samlClientCredentials.Claims, new X509SecurityToken(samlClientCredentials.ClientCertificate.Certificate), new X509SecurityToken(samlClientCredentials.ServiceCertificate.DefaultCertificate), (BinarySecretSecurityToken)prooftoken, sas); } // otherwise... else { // Create an asymmetric proof token prooftoken = SamlUtilities.CreateAsymmetricProofToken(); // and a corresponding assertion based on the claims specified in the client credentials assertion = SamlUtilities.CreateAsymmetricKeyBasedAssertion(this.samlClientCredentials.Claims, prooftoken, sas); } } // Create a SamlSecurityTokenProvider based on the assertion and proof token return(new SamlSecurityTokenProvider(assertion, prooftoken)); } // otherwise use base implementation else { return(base.CreateSecurityTokenProvider(tokenRequirement)); } }
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver) { if (tokenRequirement.TokenType == SecurityTokenTypes.UserName) { outOfBandTokenResolver = null; return new MyTokenAuthenticator(); } else { return base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver); } }
// FIXME: it is far from done. SecurityTokenProvider CreateSecureConversationProvider(SecurityTokenRequirement r) { IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider(); InitializeProviderCommunicationObject(p.Communication, r); // FIXME: use it somewhere. int keySize = r.KeySize; return(p); }
public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { ServiceModelSecurityTokenRequirement requirement = tokenRequirement as ServiceModelSecurityTokenRequirement; if (requirement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenRequirement"); } if (this.IsX509TokenRequirement(requirement)) { X509CertificateValidator validator; if (this.IsForConnectionValidator(requirement)) { SecurityTokenProvider provider = null; if (this.ssc != null) { provider = new X509SecurityTokenProvider(this.ssc.GetX509Certificate()); } else if (this.delegateManager != null) { requirement.Properties[SecurityTokenRequirement.PeerAuthenticationMode] = SecurityMode.Transport; requirement.TransportScheme = "net.p2p"; provider = this.delegateManager.CreateSecurityTokenProvider(tokenRequirement); } else if (this.credential.Certificate != null) { provider = new X509SecurityTokenProvider(this.credential.Certificate); } if ((provider == null) && (this.mode == PeerAuthenticationMode.Password)) { this.ssc = this.parent.GetCertificate(); provider = new X509SecurityTokenProvider(this.ssc.GetX509Certificate()); } return(provider); } if (this.delegateManager != null) { requirement.TransportScheme = "net.p2p"; requirement.Properties[SecurityTokenRequirement.PeerAuthenticationMode] = SecurityMode.Message; return(this.delegateManager.CreateSecurityTokenProvider(tokenRequirement)); } if (!this.credential.MessageSenderAuthentication.TryGetCertificateValidator(out validator)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("TokenType"); } return(new PeerX509TokenProvider(validator, this.credential.Certificate)); } if (!this.IsPasswordTokenRequirement(requirement)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("TokenType"); } return(this.GetPasswordTokenProvider()); }
protected override void InitializeSecurityTokenRequirement(SecurityTokenRequirement requirement) { if (requirement == null) { throw new ArgumentNullException(); } requirement.TokenType = ServiceModelSecurityTokenTypes.Spnego; requirement.RequireCryptographicToken = true; requirement.Properties [ReqType.SupportSecurityContextCancellationProperty] = RequireCancellation; requirement.Properties [ReqType.IssuedSecurityTokenParametersProperty] = this.Clone(); requirement.KeyType = SecurityKeyType.SymmetricKey; }
public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement requirement) { if (requirement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("requirement"); } if ((requirement.TokenType != SecurityTokenTypes.X509Certificate) || (requirement.KeyUsage != SecurityKeyUsage.Signature)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException()); } return new PeerX509TokenProvider(this.creds.certificateValidator, this.creds.selfCertificate); }
public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement requirement) { if (requirement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("requirement"); } if ((requirement.TokenType != SecurityTokenTypes.X509Certificate) || (requirement.KeyUsage != SecurityKeyUsage.Signature)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException()); } return(new PeerX509TokenProvider(this.creds.certificateValidator, this.creds.selfCertificate)); }
protected internal override void InitializeSecurityTokenRequirement(SecurityTokenRequirement requirement) { requirement.TokenType = ServiceModelSecurityTokenTypes.Spnego; requirement.RequireCryptographicToken = true; requirement.KeyType = SecurityKeyType.SymmetricKey; requirement.Properties[ServiceModelSecurityTokenRequirement.SupportSecurityContextCancellationProperty] = this.RequireCancellation; if (this.IssuerBindingContext != null) { requirement.Properties[ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty] = this.IssuerBindingContext.Clone(); } requirement.Properties[ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty] = base.Clone(); }
public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { if (string.Equals(tokenRequirement.TokenType, SecurityTokenTypes.Saml, StringComparison.OrdinalIgnoreCase) || string.Equals(tokenRequirement.TokenType, "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1", StringComparison.OrdinalIgnoreCase)) { if (this.cachedSecurityTokenProvider == null) { this.cachedSecurityTokenProvider = new SamlSecurityTokenProvider(this.samlClientCredentials); } return(this.cachedSecurityTokenProvider); } return(base.CreateSecurityTokenProvider(tokenRequirement)); }
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver) { InitiatorServiceModelSecurityTokenRequirement requirement = tokenRequirement as InitiatorServiceModelSecurityTokenRequirement; if (isDummyServiceToken && requirement != null && requirement.TokenType == SecurityTokenTypes.X509Certificate && requirement.Properties.ContainsKey(SecurityTokenRequirement.KeyUsageProperty) && (requirement.KeyUsage == SecurityKeyUsage.Exchange)) { outOfBandTokenResolver = null; return new DummySecurityTokenAuthenticator(requirement.TargetAddress.Uri); } return base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver); }
public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { // if token requirement matches username token return custom username token provider // otherwise use base implementation if (tokenRequirement.TokenType == SecurityTokenTypes.UserName) { return new MyUserNameTokenProvider(); } else { return base.CreateSecurityTokenProvider(tokenRequirement); } }
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver) { if (tokenRequirement.TokenType == SecurityTokenTypes.UserName) { outOfBandTokenResolver = null; // Get the current validator UserNamePasswordValidator validator = ServiceCredentials.UserNameAuthentication.CustomUserNamePasswordValidator; return new CustomSecurityTokenAuthenticator(validator); } return base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver); }
public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { // handle this token for Custom if (tokenRequirement.TokenType == Constants.CreditCardTokenType) return new CreditCardTokenProvider(this.creditCardClientCredentials.CreditCardInfo); // return server cert else if (tokenRequirement is InitiatorServiceModelSecurityTokenRequirement) { if (tokenRequirement.TokenType == SecurityTokenTypes.X509Certificate) { return new X509SecurityTokenProvider(creditCardClientCredentials.ServiceCertificate.DefaultCertificate); } } return base.CreateSecurityTokenProvider(tokenRequirement); }
internal protected bool IsIssuedSecurityTokenRequirement(SecurityTokenRequirement requirement) { if (requirement != null && requirement.Properties.ContainsKey(ServiceModelSecurityTokenRequirement.IssuerAddressProperty)) { // handle all issued token requirements except for spnego, tlsnego and secure conversation if (requirement.TokenType == ServiceModelSecurityTokenTypes.AnonymousSslnego || requirement.TokenType == ServiceModelSecurityTokenTypes.MutualSslnego || requirement.TokenType == ServiceModelSecurityTokenTypes.SecureConversation || requirement.TokenType == ServiceModelSecurityTokenTypes.Spnego) { return false; } else { return true; } } return false; }