IssuedSecurityTokenProvider CreateIssuedProviderBase(SecurityTokenRequirement r)
{
IssuedSecurityTokenProvider p =
new IssuedSecurityTokenProvider();
p.TargetAddress = r.GetProperty <EndpointAddress> (ReqType.TargetAddressProperty);
// FIXME: use it somewhere, probably to build
// IssuerBinding. However, there is also IssuerBinding
// property. SecureConversationSecurityBindingElement
// as well.
SecurityBindingElement sbe =
r.GetProperty <SecurityBindingElement> (ReqType.SecurityBindingElementProperty);
// I doubt the binding is acquired this way ...
Binding binding;
if (!r.TryGetProperty <Binding> (ReqType.IssuerBindingProperty, out binding))
{
binding = new CustomBinding(sbe,
new TextMessageEncodingBindingElement(),
new HttpTransportBindingElement());
}
p.IssuerBinding = binding;
// not sure if it is used only for this purpose though ...
BindingContext ctx = r.GetProperty <BindingContext> (ReqType.IssuerBindingContextProperty);
foreach (IEndpointBehavior b in ctx.BindingParameters.FindAll <IEndpointBehavior> ())
{
p.IssuerChannelBehaviors.Add(b);
}
SecurityTokenVersion ver =
r.GetProperty <SecurityTokenVersion> (ReqType.MessageSecurityVersionProperty);
p.SecurityTokenSerializer =
CreateSecurityTokenSerializer(ver);
// seems like they are optional here ... (but possibly
// used later)
EndpointAddress address;
if (!r.TryGetProperty <EndpointAddress> (ReqType.IssuerAddressProperty, out address))
{
address = p.TargetAddress;
}
p.IssuerAddress = address;
// It is somehow not checked as mandatory ...
SecurityAlgorithmSuite suite = null;
r.TryGetProperty <SecurityAlgorithmSuite> (ReqType.SecurityAlgorithmSuiteProperty, out suite);
p.SecurityAlgorithmSuite = suite;
return(p);
}
public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement)
{
if (base.IsIssuedSecurityTokenRequirement(tokenRequirement))
{
EndpointAddress property = tokenRequirement.GetProperty <EndpointAddress>(ServiceModelSecurityTokenRequirement.TargetAddressProperty);
IssuedSecurityTokenParameters parameters = tokenRequirement.GetProperty <IssuedSecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty);
return(InfoCardHelper.CreateTokenProviderForNextLeg(tokenRequirement, property, parameters.IssuerAddress, this.m_relyingPartyIssuer, this, this.m_infocardChannelParameter));
}
return(base.CreateSecurityTokenProvider(tokenRequirement));
}
void InitializeAuthenticatorCommunicationObject(AuthenticatorCommunicationObject p, SecurityTokenRequirement r)
{
p.ListenUri = r.GetProperty <Uri> (ReqType.ListenUriProperty);
// FIXME: use it somewhere, probably to build
// IssuerBinding. However, there is also IssuerBinding
// property. SecureConversationSecurityBindingElement
// as well.
SecurityBindingElement sbe =
r.GetProperty <SecurityBindingElement> (ReqType.SecurityBindingElementProperty);
p.SecurityBindingElement = sbe;
/*
* // I doubt the binding is acquired this way ...
* Binding binding;
* if (!r.TryGetProperty<Binding> (ReqType.IssuerBindingProperty, out binding))
* binding = new CustomBinding (
* new TextMessageEncodingBindingElement (),
* new HttpTransportBindingElement ());
* p.IssuerBinding = binding;
*
* // not sure if it is used only for this purpose though ...
* BindingContext ctx = r.GetProperty<BindingContext> (ReqType.IssuerBindingContextProperty);
* foreach (IEndpointBehavior b in ctx.BindingParameters.FindAll<IEndpointBehavior> ())
* p.IssuerChannelBehaviors.Add (b);
*/
SecurityTokenVersion ver =
r.GetProperty <SecurityTokenVersion> (ReqType.MessageSecurityVersionProperty);
p.SecurityTokenSerializer =
CreateSecurityTokenSerializer(ver);
/*
* // seems like they are optional here ... (but possibly
* // used later)
* EndpointAddress address;
* if (!r.TryGetProperty<EndpointAddress> (ReqType.IssuerAddressProperty, out address))
* address = p.TargetAddress;
* p.IssuerAddress = address;
*/
// It is somehow not checked as mandatory ...
SecurityAlgorithmSuite suite = null;
r.TryGetProperty <SecurityAlgorithmSuite> (ReqType.SecurityAlgorithmSuiteProperty, out suite);
p.SecurityAlgorithmSuite = suite;
}
public override SecurityTokenProvider CreateSecurityTokenProvider(
SecurityTokenRequirement tokenRequirement)
{
// Return your implementation of the SecurityTokenProvider based on the
// tokenRequirement argument.
SecurityTokenProvider result;
if (tokenRequirement.TokenType == SecurityTokenTypes.X509Certificate)
{
MessageDirection direction = tokenRequirement.GetProperty<MessageDirection>(
ServiceModelSecurityTokenRequirement.MessageDirectionProperty);
if (direction == MessageDirection.Output)
{
result = new MySecurityTokenProvider(credentials.ClientCertificate.Certificate);
}
else
{
result = base.CreateSecurityTokenProvider(tokenRequirement);
}
}
else
{
result = base.CreateSecurityTokenProvider(tokenRequirement);
}
return result;
}
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator
(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver)
{
// Return your implementation of the SecurityTokenProvider based on the
// tokenRequirement argument.
SecurityTokenAuthenticator result;
if (tokenRequirement.TokenType == SecurityTokenTypes.UserName)
{
MessageDirection direction = tokenRequirement.GetProperty <MessageDirection>
(ServiceModelSecurityTokenRequirement.MessageDirectionProperty);
if (direction == MessageDirection.Input)
{
outOfBandTokenResolver = null;
result = new MySecurityTokenAuthenticator();
}
else
{
result = base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver);
}
}
else
{
result = base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver);
}
return(result);
}
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator
(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver)
{
// Return your implementation of the SecurityTokenProvider based on the
// tokenRequirement argument.
SecurityTokenAuthenticator result;
if (tokenRequirement.TokenType == SecurityTokenTypes.UserName)
{
MessageDirection direction = tokenRequirement.GetProperty<MessageDirection>
(ServiceModelSecurityTokenRequirement.MessageDirectionProperty);
if (direction == MessageDirection.Input)
{
outOfBandTokenResolver = null;
result = new MySecurityTokenAuthenticator();
}
else
{
result = base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver);
}
}
else
{
result = base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver);
}
return result;
}
public override SecurityTokenProvider CreateSecurityTokenProvider(
SecurityTokenRequirement requirement)
{
SecurityTokenProvider result = null;
if (requirement.TokenType == SecurityTokenTypes.X509Certificate)
{
var direction = requirement.GetProperty<MessageDirection>(ServiceModelSecurityTokenRequirement.MessageDirectionProperty);
if (direction == MessageDirection.Output)
{
if (requirement.KeyUsage == SecurityKeyUsage.Signature)
result = new X509SecurityTokenProvider(this._credentials.ClientSigningCertificate);
else
result = new X509SecurityTokenProvider(this._credentials.ServiceEncryptingCertificate);
}
else
{
if (requirement.KeyUsage == SecurityKeyUsage.Signature)
result = new X509SecurityTokenProvider(this._credentials.ServiceSigningCertificate);
else
result = new X509SecurityTokenProvider(_credentials.ClientEncryptingCertificate);
}
}
else
{
result = base.CreateSecurityTokenProvider(requirement);
}
return result;
}
public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement)
{
SecurityTokenProvider result = null;
if (tokenRequirement.TokenType == SecurityTokenTypes.X509Certificate)
{
MessageDirection direction = tokenRequirement.GetProperty <MessageDirection>(ServiceModelSecurityTokenRequirement.MessageDirectionProperty);
if (direction == MessageDirection.Input)
{
if (tokenRequirement.KeyUsage == SecurityKeyUsage.Exchange)
{
result = new CustomX509SecurityTokenProvider(credentials.ServiceCertificate.Certificate);
}
}
else
{
if (tokenRequirement.KeyUsage == SecurityKeyUsage.Signature)
{
result = new CustomX509SecurityTokenProvider(credentials.ServiceCertificate.Certificate);
}
}
}
if (result == null)
{
result = base.CreateSecurityTokenProvider(tokenRequirement);
}
return(result);
}
/// <summary>
/// Creates a <see cref="WsTrustRequest"/> from the <see cref="WSTrustTokenParameters"/>
/// </summary>
/// <returns></returns>
protected virtual WsTrustRequest CreateWsTrustRequest()
{
EndpointAddress target = SecurityTokenRequirement.GetProperty <EndpointAddress>(TargetAddressProperty);
int keySize;
string keyType;
switch (WSTrustTokenParameters.KeyType)
{
case SecurityKeyType.AsymmetricKey:
keySize = DefaultPublicKeySize;
keyType = _requestSerializationContext.TrustKeyTypes.PublicKey;
break;
case SecurityKeyType.SymmetricKey:
keySize = _securityAlgorithmSuite.DefaultSymmetricKeyLength;
keyType = _requestSerializationContext.TrustKeyTypes.Symmetric;
break;
case SecurityKeyType.BearerKey:
keySize = 0;
keyType = _requestSerializationContext.TrustKeyTypes.Bearer;
break;
default:
throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new NotSupportedException(LogHelper.FormatInvariant("KeyType is not supported: {0}", WSTrustTokenParameters.KeyType)), System.Diagnostics.Tracing.EventLevel.Error);
}
Entropy entropy = null;
if (WSTrustTokenParameters.KeyType != SecurityKeyType.BearerKey &&
(KeyEntropyMode == SecurityKeyEntropyMode.ClientEntropy || KeyEntropyMode == SecurityKeyEntropyMode.CombinedEntropy))
{
byte[] entropyBytes = new byte[keySize / 8];
Psha1KeyGenerator.FillRandomBytes(entropyBytes);
entropy = new Entropy(new BinarySecret(entropyBytes));
}
var trustRequest = new WsTrustRequest(_requestSerializationContext.TrustActions.Issue)
{
AppliesTo = new AppliesTo(new EndpointReference(target.Uri.OriginalString)),
Context = RequestContext,
KeySizeInBits = keySize,
KeyType = keyType,
WsTrustVersion = _requestSerializationContext.TrustVersion
};
if (SecurityTokenRequirement.TokenType != null)
{
trustRequest.TokenType = SecurityTokenRequirement.TokenType;
}
if (entropy != null)
{
trustRequest.Entropy = entropy;
trustRequest.ComputedKeyAlgorithm = _requestSerializationContext.TrustKeyTypes.PSHA1;
}
return(trustRequest);
}
public static bool TryCreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement, ClientCredentialsSecurityTokenManager clientCredentialsTokenManager, out SecurityTokenProvider provider)
{
if (tokenRequirement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenRequirement");
}
if (clientCredentialsTokenManager == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("clientCredentialsTokenManager");
}
provider = null;
if ((clientCredentialsTokenManager.ClientCredentials.SupportInteractive && ((null == clientCredentialsTokenManager.ClientCredentials.IssuedToken.LocalIssuerAddress) || (clientCredentialsTokenManager.ClientCredentials.IssuedToken.LocalIssuerBinding == null))) && clientCredentialsTokenManager.IsIssuedSecurityTokenRequirement(tokenRequirement))
{
ChannelParameterCollection parameters;
Uri uri;
int num;
InfoCardChannelParameter infocardChannelParameter = null;
if (tokenRequirement.TryGetProperty <ChannelParameterCollection>(ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty, out parameters))
{
foreach (object obj2 in parameters)
{
if (obj2 is InfoCardChannelParameter)
{
infocardChannelParameter = (InfoCardChannelParameter)obj2;
break;
}
}
}
if ((infocardChannelParameter == null) || !infocardChannelParameter.RequiresInfoCard)
{
return(false);
}
EndpointAddress property = tokenRequirement.GetProperty <EndpointAddress>(ServiceModelSecurityTokenRequirement.TargetAddressProperty);
IssuedSecurityTokenParameters parameters2 = tokenRequirement.GetProperty <IssuedSecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty);
if (!tokenRequirement.TryGetProperty <Uri>(ServiceModelSecurityTokenRequirement.PrivacyNoticeUriProperty, out uri))
{
uri = null;
}
if (!tokenRequirement.TryGetProperty <int>(ServiceModelSecurityTokenRequirement.PrivacyNoticeVersionProperty, out num))
{
num = 0;
}
provider = CreateTokenProviderForNextLeg(tokenRequirement, property, parameters2.IssuerAddress, infocardChannelParameter.RelyingPartyIssuer, clientCredentialsTokenManager, infocardChannelParameter);
}
return(provider != null);
}
public WSTrustChannelSecurityTokenProvider(SecurityTokenRequirement tokenRequirement)
{
SecurityTokenRequirement = tokenRequirement ?? throw new ArgumentNullException(nameof(tokenRequirement));
SecurityTokenRequirement.TryGetProperty(SecurityAlgorithmSuiteProperty, out _securityAlgorithmSuite);
WSTrustTokenParameters = SecurityTokenRequirement.GetProperty <IssuedSecurityTokenParameters>(IssuedSecurityTokenParametersProperty) as WSTrustTokenParameters;
InitializeKeyEntropyMode();
SetInboundSerializationContext();
RequestContext = string.IsNullOrEmpty(WSTrustTokenParameters.RequestContext) ? Guid.NewGuid().ToString() : WSTrustTokenParameters.RequestContext;
}
/// <summary>
/// Instantiates a <see cref="WSTrustChannelSecurityTokenProvider"/> that describe the parameters for a WSTrust request.
/// </summary>
/// <param name="tokenRequirement">the <see cref="SecurityTokenRequirement"/> that must contain a <see cref="WSTrustTokenParameters"/> as the <see cref="IssuedSecurityTokenParameters"/> property.</param>
/// <exception cref="ArgumentNullException">thrown if <paramref name="tokenRequirement"/> is null.</exception>
/// <exception cref="ArgumentException">thrown if <see cref="SecurityTokenRequirement.GetProperty{TValue}(string)"/> (IssuedSecurityTokenParameters) is not a <see cref="WSTrustTokenParameters"/>.</exception>
public WSTrustChannelSecurityTokenProvider(SecurityTokenRequirement tokenRequirement)
{
SecurityTokenRequirement = tokenRequirement ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new ArgumentNullException(nameof(tokenRequirement)), EventLevel.Error);
SecurityTokenRequirement.TryGetProperty(SecurityAlgorithmSuiteProperty, out _securityAlgorithmSuite);
IssuedSecurityTokenParameters issuedSecurityTokenParameters = SecurityTokenRequirement.GetProperty <IssuedSecurityTokenParameters>(IssuedSecurityTokenParametersProperty);
WSTrustTokenParameters = issuedSecurityTokenParameters as WSTrustTokenParameters;
if (WSTrustTokenParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new ArgumentException(LogHelper.FormatInvariant(SR.GetResourceString(SR.IssuedSecurityTokenParametersIncorrectType), issuedSecurityTokenParameters), nameof(tokenRequirement)), EventLevel.Error);
}
_communicationObject = new WrapperSecurityCommunicationObject(this);
}
/// <summary>
/// Instantiates a <see cref="WSTrustChannelSecurityTokenProvider"/> that describe the parameters for a WSTrust request.
/// </summary>
/// <param name="tokenRequirement">the <see cref="SecurityTokenRequirement"/> that must contain a <see cref="WSTrustTokenParameters"/> as the <see cref="IssuedSecurityTokenParameters"/> property.</param>
/// <exception cref="ArgumentNullException">thrown if <paramref name="tokenRequirement"/> is null.</exception>
/// <exception cref="ArgumentException">thrown if <see cref="SecurityTokenRequirement.GetProperty{TValue}(string)"/> (IssuedSecurityTokenParameters) is not a <see cref="WSTrustTokenParameters"/>.</exception>
public WSTrustChannelSecurityTokenProvider(SecurityTokenRequirement tokenRequirement)
{
SecurityTokenRequirement = tokenRequirement ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new ArgumentNullException(nameof(tokenRequirement)), System.Diagnostics.Tracing.EventLevel.Error);
SecurityTokenRequirement.TryGetProperty(SecurityAlgorithmSuiteProperty, out _securityAlgorithmSuite);
IssuedSecurityTokenParameters issuedSecurityTokenParameters = SecurityTokenRequirement.GetProperty <IssuedSecurityTokenParameters>(IssuedSecurityTokenParametersProperty);
WSTrustTokenParameters = issuedSecurityTokenParameters as WSTrustTokenParameters;
if (WSTrustTokenParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new ArgumentException(LogHelper.FormatInvariant("tokenRequirement.GetProperty<IssuedSecurityTokenParameters> must be of type: WSTrustTokenParameters. Was: '{0}.", issuedSecurityTokenParameters), nameof(tokenRequirement)), System.Diagnostics.Tracing.EventLevel.Error);
}
InitializeKeyEntropyMode();
SetInboundSerializationContext();
RequestContext = string.IsNullOrEmpty(WSTrustTokenParameters.RequestContext) ? Guid.NewGuid().ToString() : WSTrustTokenParameters.RequestContext;
}
public override SecurityTokenProvider CreateSecurityTokenProvider(
SecurityTokenRequirement requirement)
{
SecurityTokenProvider result = null;
if (requirement.TokenType == SecurityTokenTypes.X509Certificate)
{
MessageDirection direction = requirement.
GetProperty <MessageDirection>(
ServiceModelSecurityTokenRequirement.
MessageDirectionProperty);
if (direction == MessageDirection.Input)
{
if (requirement.KeyUsage == SecurityKeyUsage.Exchange)
{
result = new X509SecurityTokenProvider(
credentials.ServiceEncryptingCertificate);
}
else
{
result = new X509SecurityTokenProvider(
credentials.ClientSigningCertificate);
}
}
else
{
if (requirement.KeyUsage == SecurityKeyUsage.Signature)
{
result = new X509SecurityTokenProvider(
credentials.ServiceSigningCertificate);
}
else
{
result = new X509SecurityTokenProvider(
credentials.ClientEncryptingCertificate);
}
}
}
else
{
result = base.CreateSecurityTokenProvider(requirement);
}
return(result);
}
internal static SecurityStandardsManager CreateSecurityStandardsManager(SecurityTokenRequirement requirement, SecurityTokenManager tokenManager)
{
MessageSecurityTokenVersion securityVersion = (MessageSecurityTokenVersion)requirement.GetProperty <MessageSecurityTokenVersion>(ServiceModelSecurityTokenRequirement.MessageSecurityVersionProperty);
if (securityVersion == MessageSecurityTokenVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005BasicSecurityProfile10)
{
return(CreateSecurityStandardsManager(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10, tokenManager));
}
if (securityVersion == MessageSecurityTokenVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005)
{
return(CreateSecurityStandardsManager(MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11, tokenManager));
}
if (securityVersion == MessageSecurityTokenVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005BasicSecurityProfile10)
{
return(CreateSecurityStandardsManager(MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10, tokenManager));
}
if (securityVersion == MessageSecurityTokenVersion.WSSecurity10WSTrust13WSSecureConversation13BasicSecurityProfile10)
{
return(CreateSecurityStandardsManager(MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10, tokenManager));
}
if (securityVersion == MessageSecurityTokenVersion.WSSecurity11WSTrust13WSSecureConversation13)
{
return(CreateSecurityStandardsManager(MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12, tokenManager));
}
if (securityVersion == MessageSecurityTokenVersion.WSSecurity11WSTrust13WSSecureConversation13BasicSecurityProfile10)
{
return(CreateSecurityStandardsManager(MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10, tokenManager));
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
// Summary:
// If interactive support is requested and an IssuedSecurityTokenParameters is specified this method
// will return an instance of an InfoCardTokenProvider.
// Otherwise this method defers to the base implementation.
//
// Parameters
// parameters - The security token parameters associated with this ChannelFactory.
//
// Note
// The target and issuer information will not be available in this call
//
public static bool TryCreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement, ClientCredentialsSecurityTokenManager clientCredentialsTokenManager, out SecurityTokenProvider provider)
{
if (tokenRequirement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenRequirement");
}
if (clientCredentialsTokenManager == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("clientCredentialsTokenManager");
}
provider = null;
if (!clientCredentialsTokenManager.ClientCredentials.SupportInteractive ||
(null != clientCredentialsTokenManager.ClientCredentials.IssuedToken.LocalIssuerAddress && null != clientCredentialsTokenManager.ClientCredentials.IssuedToken.LocalIssuerBinding) ||
!clientCredentialsTokenManager.IsIssuedSecurityTokenRequirement(tokenRequirement)
)
{
//IDT.TraceDebug("ICARDTOKPROV: Non Issued SecurityToken requirement submitted to InfoCardClientCredentialsSecurityTokenManager:\n{0}", tokenRequirement);
//IDT.TraceDebug("ICARDTOKPROV: Defering to the base class to create the token provider");
}
else
{
ChannelParameterCollection channelParameter;
InfoCardChannelParameter infocardChannelParameter = null;
if (tokenRequirement.TryGetProperty <ChannelParameterCollection>(ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty, out channelParameter))
{
foreach (object obj in channelParameter)
{
if (obj is InfoCardChannelParameter)
{
infocardChannelParameter = (InfoCardChannelParameter)obj;
break;
}
}
}
if (null == infocardChannelParameter || !infocardChannelParameter.RequiresInfoCard)
{
return(false);
}
EndpointAddress target = tokenRequirement.GetProperty <EndpointAddress>(ServiceModelSecurityTokenRequirement.TargetAddressProperty);
IssuedSecurityTokenParameters issuedTokenParameters = tokenRequirement.GetProperty <IssuedSecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty);
Uri privacyNoticeLink;
if (!tokenRequirement.TryGetProperty <Uri>(ServiceModelSecurityTokenRequirement.PrivacyNoticeUriProperty, out privacyNoticeLink))
{
privacyNoticeLink = null;
}
int privacyNoticeVersion;
if (!tokenRequirement.TryGetProperty <int>(ServiceModelSecurityTokenRequirement.PrivacyNoticeVersionProperty, out privacyNoticeVersion))
{
privacyNoticeVersion = 0;
}
//
// This analysis of this chain indicates that interactive support will be required
// The InternalClientCredentials class handles that.
//
provider = CreateTokenProviderForNextLeg(tokenRequirement, target, issuedTokenParameters.IssuerAddress, infocardChannelParameter.RelyingPartyIssuer, clientCredentialsTokenManager, infocardChannelParameter);
}
return(provider != null);
}
IssuedSecurityTokenProvider CreateIssuedProviderBase (SecurityTokenRequirement r)
{
IssuedSecurityTokenProvider p =
new IssuedSecurityTokenProvider ();
p.TargetAddress = r.GetProperty<EndpointAddress> (ReqType.TargetAddressProperty);
// FIXME: use it somewhere, probably to build
// IssuerBinding. However, there is also IssuerBinding
// property. SecureConversationSecurityBindingElement
// as well.
SecurityBindingElement sbe =
r.GetProperty<SecurityBindingElement> (ReqType.SecurityBindingElementProperty);
// I doubt the binding is acquired this way ...
Binding binding;
if (!r.TryGetProperty<Binding> (ReqType.IssuerBindingProperty, out binding))
binding = new CustomBinding (sbe,
new TextMessageEncodingBindingElement (),
new HttpTransportBindingElement ());
p.IssuerBinding = binding;
// not sure if it is used only for this purpose though ...
BindingContext ctx = r.GetProperty<BindingContext> (ReqType.IssuerBindingContextProperty);
foreach (IEndpointBehavior b in ctx.BindingParameters.FindAll<IEndpointBehavior> ())
p.IssuerChannelBehaviors.Add (b);
SecurityTokenVersion ver =
r.GetProperty<SecurityTokenVersion> (ReqType.MessageSecurityVersionProperty);
p.SecurityTokenSerializer =
CreateSecurityTokenSerializer (ver);
// seems like they are optional here ... (but possibly
// used later)
EndpointAddress address;
if (!r.TryGetProperty<EndpointAddress> (ReqType.IssuerAddressProperty, out address))
address = p.TargetAddress;
p.IssuerAddress = address;
// It is somehow not checked as mandatory ...
SecurityAlgorithmSuite suite = null;
r.TryGetProperty<SecurityAlgorithmSuite> (ReqType.SecurityAlgorithmSuiteProperty, out suite);
p.SecurityAlgorithmSuite = suite;
return p;
}
