internal override SecurityProtocolFactory CreateSecurityProtocolFactory <TChannel>(BindingContext context, SecurityCredentialsManager credentialsManager, bool isForService, BindingContext issuerBindingContext)
{
if (context == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
}
if (credentialsManager == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("credentialsManager");
}
if (this.ProtectionTokenParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("SymmetricSecurityBindingElementNeedsProtectionTokenParameters", new object[] { this.ToString() })));
}
SymmetricSecurityProtocolFactory factory = new SymmetricSecurityProtocolFactory();
if (isForService)
{
base.ApplyAuditBehaviorSettings(context, factory);
}
factory.SecurityTokenParameters = this.ProtectionTokenParameters.Clone();
SecurityBindingElement.SetIssuerBindingContextIfRequired(factory.SecurityTokenParameters, issuerBindingContext);
factory.ApplyConfidentiality = true;
factory.RequireConfidentiality = true;
factory.ApplyIntegrity = true;
factory.RequireIntegrity = true;
factory.IdentityVerifier = base.LocalClientSettings.IdentityVerifier;
factory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
factory.MessageProtectionOrder = this.MessageProtectionOrder;
factory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, isForService));
base.ConfigureProtocolFactory(factory, credentialsManager, isForService, issuerBindingContext, context.Binding);
return(factory);
}
/*
* /// <summary>Sets a value that indicates whether derived keys are required.</summary>
* /// <param name="requireDerivedKeys">true to indicate that derived keys are required; otherwise, false.</param>
* public override void SetKeyDerivation(bool requireDerivedKeys)
* {
* base.SetKeyDerivation(requireDerivedKeys);
* if (this.protectionTokenParameters == null)
* return;
* this.protectionTokenParameters.RequireDerivedKeys = requireDerivedKeys;
* }
*
* internal override bool IsSetKeyDerivation(bool requireDerivedKeys)
* {
* return base.IsSetKeyDerivation(requireDerivedKeys) && (this.protectionTokenParameters == null || this.protectionTokenParameters.RequireDerivedKeys == requireDerivedKeys);
* }*/
// Nothing to override
internal override SecurityProtocolFactory CreateSecurityProtocolFactory <TChannel>(BindingContext context, SecurityCredentialsManager credentialsManager, bool isForService, BindingContext issuerBindingContext)
{
if (context == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
}
if (credentialsManager == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("credentialsManager");
}
if (this.ProtectionTokenParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError((Exception) new InvalidOperationException(SR.GetString("SymmetricSecurityBindingElementNeedsProtectionTokenParameters", new object[1] {
(object)this.ToString()
})));
}
#if FEATURE_CORECLR
throw new NotImplementedException("SymmetricSecurityProtocolFactory not supported in .NET Core");
#else
SymmetricSecurityProtocolFactory securityProtocolFactory = new SymmetricSecurityProtocolFactory();
if (isForService)
{
this.ApplyAuditBehaviorSettings(context, (SecurityProtocolFactory)securityProtocolFactory);
}
securityProtocolFactory.SecurityTokenParameters = this.ProtectionTokenParameters.Clone();
SecurityBindingElement.SetIssuerBindingContextIfRequired(securityProtocolFactory.SecurityTokenParameters, issuerBindingContext);
securityProtocolFactory.ApplyConfidentiality = true;
securityProtocolFactory.RequireConfidentiality = true;
securityProtocolFactory.ApplyIntegrity = true;
securityProtocolFactory.RequireIntegrity = true;
securityProtocolFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
securityProtocolFactory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
securityProtocolFactory.MessageProtectionOrder = this.MessageProtectionOrder;
securityProtocolFactory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements((SecurityBindingElement)this, context.BindingParameters, context.Binding.Elements, isForService));
this.ConfigureProtocolFactory((SecurityProtocolFactory)securityProtocolFactory, credentialsManager, isForService, issuerBindingContext, (Binding)context.Binding);
return((SecurityProtocolFactory)securityProtocolFactory);
#endif
}
internal override SecurityProtocolFactory CreateSecurityProtocolFactory <TChannel>(BindingContext context, SecurityCredentialsManager credentialsManager, bool isForService, BindingContext issuerBindingContext)
{
if (context == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
}
if (credentialsManager == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("credentialsManager");
}
if (this.InitiatorTokenParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("AsymmetricSecurityBindingElementNeedsInitiatorTokenParameters", new object[] { this.ToString() })));
}
if (this.RecipientTokenParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("AsymmetricSecurityBindingElementNeedsRecipientTokenParameters", new object[] { this.ToString() })));
}
bool flag = !this.isCertificateSignatureBinding && ((typeof(IDuplexChannel) == typeof(TChannel)) || (typeof(IDuplexSessionChannel) == typeof(TChannel)));
AsymmetricSecurityProtocolFactory factory = new AsymmetricSecurityProtocolFactory();
factory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, isForService));
factory.RequireConfidentiality = this.HasProtectionRequirements(factory.ProtectionRequirements.IncomingEncryptionParts);
factory.RequireIntegrity = this.HasProtectionRequirements(factory.ProtectionRequirements.IncomingSignatureParts);
if (this.isCertificateSignatureBinding)
{
if (isForService)
{
factory.ApplyIntegrity = factory.ApplyConfidentiality = false;
}
else
{
factory.ApplyConfidentiality = factory.RequireIntegrity = false;
}
}
else
{
factory.ApplyIntegrity = this.HasProtectionRequirements(factory.ProtectionRequirements.OutgoingSignatureParts);
factory.ApplyConfidentiality = this.HasProtectionRequirements(factory.ProtectionRequirements.OutgoingEncryptionParts);
}
if (isForService)
{
base.ApplyAuditBehaviorSettings(context, factory);
if (factory.RequireConfidentiality || (!this.isCertificateSignatureBinding && factory.ApplyIntegrity))
{
factory.AsymmetricTokenParameters = this.RecipientTokenParameters.Clone();
}
else
{
factory.AsymmetricTokenParameters = null;
}
factory.CryptoTokenParameters = this.InitiatorTokenParameters.Clone();
SecurityBindingElement.SetIssuerBindingContextIfRequired(factory.CryptoTokenParameters, issuerBindingContext);
}
else
{
if (factory.ApplyConfidentiality || (!this.isCertificateSignatureBinding && factory.RequireIntegrity))
{
factory.AsymmetricTokenParameters = this.RecipientTokenParameters.Clone();
}
else
{
factory.AsymmetricTokenParameters = null;
}
factory.CryptoTokenParameters = this.InitiatorTokenParameters.Clone();
SecurityBindingElement.SetIssuerBindingContextIfRequired(factory.CryptoTokenParameters, issuerBindingContext);
}
if (flag)
{
if (isForService)
{
factory.ApplyConfidentiality = factory.ApplyIntegrity = false;
}
else
{
factory.RequireIntegrity = factory.RequireConfidentiality = false;
}
}
else if (!isForService)
{
factory.AllowSerializedSigningTokenOnReply = this.AllowSerializedSigningTokenOnReply;
}
factory.IdentityVerifier = base.LocalClientSettings.IdentityVerifier;
factory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
factory.MessageProtectionOrder = this.MessageProtectionOrder;
base.ConfigureProtocolFactory(factory, credentialsManager, isForService, issuerBindingContext, context.Binding);
if (!factory.RequireIntegrity)
{
factory.DetectReplays = false;
}
if (!flag)
{
return(factory);
}
AsymmetricSecurityProtocolFactory factory3 = new AsymmetricSecurityProtocolFactory();
if (isForService)
{
factory3.AsymmetricTokenParameters = this.InitiatorTokenParameters.Clone();
factory3.AsymmetricTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External;
factory3.AsymmetricTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never;
factory3.CryptoTokenParameters = this.RecipientTokenParameters.Clone();
factory3.CryptoTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
factory3.CryptoTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
factory3.IdentityVerifier = null;
}
else
{
factory3.AsymmetricTokenParameters = this.InitiatorTokenParameters.Clone();
factory3.AsymmetricTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External;
factory3.AsymmetricTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never;
factory3.CryptoTokenParameters = this.RecipientTokenParameters.Clone();
factory3.CryptoTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
factory3.CryptoTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
factory3.IdentityVerifier = base.LocalClientSettings.IdentityVerifier;
}
factory3.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
factory3.MessageProtectionOrder = this.MessageProtectionOrder;
factory3.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, isForService));
if (isForService)
{
factory3.ApplyConfidentiality = this.HasProtectionRequirements(factory3.ProtectionRequirements.OutgoingEncryptionParts);
factory3.ApplyIntegrity = true;
factory3.RequireIntegrity = factory3.RequireConfidentiality = false;
}
else
{
factory3.RequireConfidentiality = this.HasProtectionRequirements(factory3.ProtectionRequirements.IncomingEncryptionParts);
factory3.RequireIntegrity = true;
factory3.ApplyIntegrity = factory3.ApplyConfidentiality = false;
}
base.ConfigureProtocolFactory(factory3, credentialsManager, !isForService, issuerBindingContext, context.Binding);
if (!factory3.RequireIntegrity)
{
factory3.DetectReplays = false;
}
factory3.IsDuplexReply = true;
return(new DuplexSecurityProtocolFactory {
ForwardProtocolFactory = factory, ReverseProtocolFactory = factory3
});
}
protected override IChannelFactory <TChannel> BuildChannelFactoryCore <TChannel>(BindingContext context)
{
ISecurityCapabilities property = this.GetProperty <ISecurityCapabilities>(context);
SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>();
if (credentialsManager == null)
{
credentialsManager = ClientCredentials.CreateDefaultCredentials();
}
bool addChannelDemuxerIfRequired = this.RequiresChannelDemuxer();
ChannelBuilder builder = new ChannelBuilder(context, addChannelDemuxerIfRequired);
if (addChannelDemuxerIfRequired)
{
base.ApplyPropertiesOnDemuxer(builder, context);
}
BindingContext issuerBindingContext = context.Clone();
if (this.ProtectionTokenParameters is SecureConversationSecurityTokenParameters)
{
SecureConversationSecurityTokenParameters protectionTokenParameters = (SecureConversationSecurityTokenParameters)this.ProtectionTokenParameters;
if (protectionTokenParameters.BootstrapSecurityBindingElement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("SecureConversationSecurityTokenParametersRequireBootstrapBinding")));
}
BindingContext context3 = issuerBindingContext.Clone();
context3.BindingParameters.Remove <ChannelProtectionRequirements>();
context3.BindingParameters.Add(protectionTokenParameters.BootstrapProtectionRequirements);
if (protectionTokenParameters.RequireCancellation)
{
SessionSymmetricMessageSecurityProtocolFactory factory2 = new SessionSymmetricMessageSecurityProtocolFactory {
SecurityTokenParameters = protectionTokenParameters.Clone()
};
((SecureConversationSecurityTokenParameters)factory2.SecurityTokenParameters).IssuerBindingContext = context3;
factory2.ApplyConfidentiality = true;
factory2.RequireConfidentiality = true;
factory2.ApplyIntegrity = true;
factory2.RequireIntegrity = true;
factory2.IdentityVerifier = base.LocalClientSettings.IdentityVerifier;
factory2.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
factory2.MessageProtectionOrder = this.MessageProtectionOrder;
factory2.IdentityVerifier = base.LocalClientSettings.IdentityVerifier;
factory2.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, false));
base.ConfigureProtocolFactory(factory2, credentialsManager, false, issuerBindingContext, context.Binding);
SecuritySessionClientSettings <TChannel> sessionClientSettings = new SecuritySessionClientSettings <TChannel> {
ChannelBuilder = builder,
KeyRenewalInterval = base.LocalClientSettings.SessionKeyRenewalInterval,
CanRenewSession = protectionTokenParameters.CanRenewSession,
KeyRolloverInterval = base.LocalClientSettings.SessionKeyRolloverInterval,
TolerateTransportFailures = base.LocalClientSettings.ReconnectTransportOnFailure,
IssuedSecurityTokenParameters = protectionTokenParameters.Clone()
};
((SecureConversationSecurityTokenParameters)sessionClientSettings.IssuedSecurityTokenParameters).IssuerBindingContext = issuerBindingContext;
sessionClientSettings.SecurityStandardsManager = factory2.StandardsManager;
sessionClientSettings.SessionProtocolFactory = factory2;
return(new SecurityChannelFactory <TChannel>(property, context, sessionClientSettings));
}
SymmetricSecurityProtocolFactory factory = new SymmetricSecurityProtocolFactory {
SecurityTokenParameters = protectionTokenParameters.Clone()
};
((SecureConversationSecurityTokenParameters)factory.SecurityTokenParameters).IssuerBindingContext = context3;
factory.ApplyConfidentiality = true;
factory.RequireConfidentiality = true;
factory.ApplyIntegrity = true;
factory.RequireIntegrity = true;
factory.IdentityVerifier = base.LocalClientSettings.IdentityVerifier;
factory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
factory.MessageProtectionOrder = this.MessageProtectionOrder;
factory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, false));
base.ConfigureProtocolFactory(factory, credentialsManager, false, issuerBindingContext, context.Binding);
return(new SecurityChannelFactory <TChannel>(property, context, builder, factory));
}
return(new SecurityChannelFactory <TChannel>(property, context, builder, this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, false, issuerBindingContext)));
}
protected override IChannelListener <TChannel> BuildChannelListenerCore <TChannel>(BindingContext context) where TChannel : class, IChannel
{
SecurityChannelListener <TChannel> listener = new SecurityChannelListener <TChannel>(this, context);
SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>();
if (credentialsManager == null)
{
credentialsManager = ServiceCredentials.CreateDefaultCredentials();
}
bool addChannelDemuxerIfRequired = this.RequiresChannelDemuxer();
ChannelBuilder builder = new ChannelBuilder(context, addChannelDemuxerIfRequired);
if (addChannelDemuxerIfRequired)
{
base.ApplyPropertiesOnDemuxer(builder, context);
}
BindingContext issuerBindingContext = context.Clone();
if (this.ProtectionTokenParameters is SecureConversationSecurityTokenParameters)
{
SecureConversationSecurityTokenParameters protectionTokenParameters = (SecureConversationSecurityTokenParameters)this.ProtectionTokenParameters;
if (protectionTokenParameters.BootstrapSecurityBindingElement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("SecureConversationSecurityTokenParametersRequireBootstrapBinding")));
}
BindingContext secureConversationBindingContext = issuerBindingContext.Clone();
secureConversationBindingContext.BindingParameters.Remove <ChannelProtectionRequirements>();
secureConversationBindingContext.BindingParameters.Add(protectionTokenParameters.BootstrapProtectionRequirements);
IMessageFilterTable <EndpointAddress> table = context.BindingParameters.Find <IMessageFilterTable <EndpointAddress> >();
base.AddDemuxerForSecureConversation(builder, secureConversationBindingContext);
if (protectionTokenParameters.RequireCancellation)
{
SessionSymmetricMessageSecurityProtocolFactory factory = new SessionSymmetricMessageSecurityProtocolFactory();
base.ApplyAuditBehaviorSettings(context, factory);
factory.SecurityTokenParameters = protectionTokenParameters.Clone();
((SecureConversationSecurityTokenParameters)factory.SecurityTokenParameters).IssuerBindingContext = secureConversationBindingContext;
factory.ApplyConfidentiality = true;
factory.RequireConfidentiality = true;
factory.ApplyIntegrity = true;
factory.RequireIntegrity = true;
factory.IdentityVerifier = base.LocalClientSettings.IdentityVerifier;
factory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
factory.MessageProtectionOrder = this.MessageProtectionOrder;
factory.IdentityVerifier = base.LocalClientSettings.IdentityVerifier;
factory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, true));
base.ConfigureProtocolFactory(factory, credentialsManager, true, issuerBindingContext, context.Binding);
listener.SessionMode = true;
listener.SessionServerSettings.InactivityTimeout = base.LocalServiceSettings.InactivityTimeout;
listener.SessionServerSettings.KeyRolloverInterval = base.LocalServiceSettings.SessionKeyRolloverInterval;
listener.SessionServerSettings.MaximumPendingSessions = base.LocalServiceSettings.MaxPendingSessions;
listener.SessionServerSettings.MaximumKeyRenewalInterval = base.LocalServiceSettings.SessionKeyRenewalInterval;
listener.SessionServerSettings.TolerateTransportFailures = base.LocalServiceSettings.ReconnectTransportOnFailure;
listener.SessionServerSettings.CanRenewSession = protectionTokenParameters.CanRenewSession;
listener.SessionServerSettings.IssuedSecurityTokenParameters = protectionTokenParameters.Clone();
((SecureConversationSecurityTokenParameters)listener.SessionServerSettings.IssuedSecurityTokenParameters).IssuerBindingContext = secureConversationBindingContext;
listener.SessionServerSettings.SecurityStandardsManager = factory.StandardsManager;
listener.SessionServerSettings.SessionProtocolFactory = factory;
listener.SessionServerSettings.SessionProtocolFactory.EndpointFilterTable = table;
if (((context.BindingParameters != null) && (context.BindingParameters.Find <IChannelDemuxFailureHandler>() == null)) && !base.IsUnderlyingListenerDuplex <TChannel>(context))
{
context.BindingParameters.Add(new SecuritySessionServerSettings.SecuritySessionDemuxFailureHandler(factory.StandardsManager));
}
}
else
{
SymmetricSecurityProtocolFactory factory2 = new SymmetricSecurityProtocolFactory();
base.ApplyAuditBehaviorSettings(context, factory2);
factory2.SecurityTokenParameters = protectionTokenParameters.Clone();
((SecureConversationSecurityTokenParameters)factory2.SecurityTokenParameters).IssuerBindingContext = secureConversationBindingContext;
factory2.ApplyConfidentiality = true;
factory2.RequireConfidentiality = true;
factory2.ApplyIntegrity = true;
factory2.RequireIntegrity = true;
factory2.IdentityVerifier = base.LocalClientSettings.IdentityVerifier;
factory2.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
factory2.MessageProtectionOrder = this.MessageProtectionOrder;
factory2.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, true));
factory2.EndpointFilterTable = table;
base.ConfigureProtocolFactory(factory2, credentialsManager, true, issuerBindingContext, context.Binding);
listener.SecurityProtocolFactory = factory2;
}
}
else
{
SecurityProtocolFactory factory3 = this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, true, issuerBindingContext);
listener.SecurityProtocolFactory = factory3;
}
listener.InitializeListener(builder);
return(listener);
}
protected override IChannelListener <TChannel> BuildChannelListenerCore <TChannel>(BindingContext context)
{
SecurityChannelListener <TChannel> channelListener = new SecurityChannelListener <TChannel>(this, context);
SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>();
if (credentialsManager == null)
{
credentialsManager = ServiceCredentials.CreateDefaultCredentials();
}
// This adds the demuxer element to the context. We add a demuxer element only if the binding is configured to do
// secure conversation or negotiation
bool requireDemuxer = RequiresChannelDemuxer();
ChannelBuilder channelBuilder = new ChannelBuilder(context, requireDemuxer);
if (requireDemuxer)
{
ApplyPropertiesOnDemuxer(channelBuilder, context);
}
BindingContext issuerBindingContext = context.Clone();
if (this.ProtectionTokenParameters is SecureConversationSecurityTokenParameters)
{
SecureConversationSecurityTokenParameters scParameters = (SecureConversationSecurityTokenParameters)this.ProtectionTokenParameters;
if (scParameters.BootstrapSecurityBindingElement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SecureConversationSecurityTokenParametersRequireBootstrapBinding)));
}
BindingContext scIssuerBindingContext = issuerBindingContext.Clone();
scIssuerBindingContext.BindingParameters.Remove <ChannelProtectionRequirements>();
scIssuerBindingContext.BindingParameters.Add(scParameters.BootstrapProtectionRequirements);
IMessageFilterTable <EndpointAddress> endpointFilterTable = context.BindingParameters.Find <IMessageFilterTable <EndpointAddress> >();
AddDemuxerForSecureConversation(channelBuilder, scIssuerBindingContext);
if (scParameters.RequireCancellation)
{
SessionSymmetricMessageSecurityProtocolFactory sessionFactory = new SessionSymmetricMessageSecurityProtocolFactory();
base.ApplyAuditBehaviorSettings(context, sessionFactory);
sessionFactory.SecurityTokenParameters = scParameters.Clone();
((SecureConversationSecurityTokenParameters)sessionFactory.SecurityTokenParameters).IssuerBindingContext = scIssuerBindingContext;
sessionFactory.ApplyConfidentiality = true;
sessionFactory.RequireConfidentiality = true;
sessionFactory.ApplyIntegrity = true;
sessionFactory.RequireIntegrity = true;
sessionFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
sessionFactory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
sessionFactory.MessageProtectionOrder = this.MessageProtectionOrder;
sessionFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
sessionFactory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, true));
base.ConfigureProtocolFactory(sessionFactory, credentialsManager, true, issuerBindingContext, context.Binding);
channelListener.SessionMode = true;
channelListener.SessionServerSettings.InactivityTimeout = this.LocalServiceSettings.InactivityTimeout;
channelListener.SessionServerSettings.KeyRolloverInterval = this.LocalServiceSettings.SessionKeyRolloverInterval;
channelListener.SessionServerSettings.MaximumPendingSessions = this.LocalServiceSettings.MaxPendingSessions;
channelListener.SessionServerSettings.MaximumKeyRenewalInterval = this.LocalServiceSettings.SessionKeyRenewalInterval;
channelListener.SessionServerSettings.TolerateTransportFailures = this.LocalServiceSettings.ReconnectTransportOnFailure;
channelListener.SessionServerSettings.CanRenewSession = scParameters.CanRenewSession;
channelListener.SessionServerSettings.IssuedSecurityTokenParameters = scParameters.Clone();
((SecureConversationSecurityTokenParameters)channelListener.SessionServerSettings.IssuedSecurityTokenParameters).IssuerBindingContext = scIssuerBindingContext;
channelListener.SessionServerSettings.SecurityStandardsManager = sessionFactory.StandardsManager;
channelListener.SessionServerSettings.SessionProtocolFactory = sessionFactory;
channelListener.SessionServerSettings.SessionProtocolFactory.EndpointFilterTable = endpointFilterTable;
// pass in the error handler for handling unknown security sessions - dont do this if the underlying channel is duplex since sending
// back faults in response to badly secured requests over duplex can result in DoS.
if (context.BindingParameters != null && context.BindingParameters.Find <IChannelDemuxFailureHandler>() == null &&
!IsUnderlyingListenerDuplex <TChannel>(context))
{
context.BindingParameters.Add(new SecuritySessionServerSettings.SecuritySessionDemuxFailureHandler(sessionFactory.StandardsManager));
}
}
else
{
SymmetricSecurityProtocolFactory protocolFactory = new SymmetricSecurityProtocolFactory();
base.ApplyAuditBehaviorSettings(context, protocolFactory);
protocolFactory.SecurityTokenParameters = scParameters.Clone();
((SecureConversationSecurityTokenParameters)protocolFactory.SecurityTokenParameters).IssuerBindingContext = scIssuerBindingContext;
protocolFactory.ApplyConfidentiality = true;
protocolFactory.RequireConfidentiality = true;
protocolFactory.ApplyIntegrity = true;
protocolFactory.RequireIntegrity = true;
protocolFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
protocolFactory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
protocolFactory.MessageProtectionOrder = this.MessageProtectionOrder;
protocolFactory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, true));
protocolFactory.EndpointFilterTable = endpointFilterTable;
base.ConfigureProtocolFactory(protocolFactory, credentialsManager, true, issuerBindingContext, context.Binding);
channelListener.SecurityProtocolFactory = protocolFactory;
}
}
else
{
SecurityProtocolFactory protocolFactory = this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, true, issuerBindingContext);
channelListener.SecurityProtocolFactory = protocolFactory;
}
channelListener.InitializeListener(channelBuilder);
return(channelListener);
}
protected override IChannelFactory <TChannel> BuildChannelFactoryCore <TChannel>(BindingContext context)
{
ISecurityCapabilities securityCapabilities = this.GetProperty <ISecurityCapabilities>(context);
SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>();
if (credentialsManager == null)
{
credentialsManager = ClientCredentials.CreateDefaultCredentials();
}
// This adds the demuxer element to the context. We add a demuxer element only if the binding is configured to do
// secure conversation or negotiation
bool requireDemuxer = RequiresChannelDemuxer();
ChannelBuilder channelBuilder = new ChannelBuilder(context, requireDemuxer);
if (requireDemuxer)
{
ApplyPropertiesOnDemuxer(channelBuilder, context);
}
BindingContext issuerBindingContext = context.Clone();
SecurityChannelFactory <TChannel> channelFactory;
if (this.ProtectionTokenParameters is SecureConversationSecurityTokenParameters)
{
SecureConversationSecurityTokenParameters scParameters = (SecureConversationSecurityTokenParameters)this.ProtectionTokenParameters;
if (scParameters.BootstrapSecurityBindingElement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SecureConversationSecurityTokenParametersRequireBootstrapBinding)));
}
BindingContext scIssuerBindingContext = issuerBindingContext.Clone();
scIssuerBindingContext.BindingParameters.Remove <ChannelProtectionRequirements>();
scIssuerBindingContext.BindingParameters.Add(scParameters.BootstrapProtectionRequirements);
if (scParameters.RequireCancellation)
{
SessionSymmetricMessageSecurityProtocolFactory sessionFactory = new SessionSymmetricMessageSecurityProtocolFactory();
sessionFactory.SecurityTokenParameters = scParameters.Clone();
((SecureConversationSecurityTokenParameters)sessionFactory.SecurityTokenParameters).IssuerBindingContext = scIssuerBindingContext;
sessionFactory.ApplyConfidentiality = true;
sessionFactory.RequireConfidentiality = true;
sessionFactory.ApplyIntegrity = true;
sessionFactory.RequireIntegrity = true;
sessionFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
sessionFactory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
sessionFactory.MessageProtectionOrder = this.MessageProtectionOrder;
sessionFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
sessionFactory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, false));
base.ConfigureProtocolFactory(sessionFactory, credentialsManager, false, issuerBindingContext, context.Binding);
SecuritySessionClientSettings <TChannel> sessionClientSettings = new SecuritySessionClientSettings <TChannel>();
sessionClientSettings.ChannelBuilder = channelBuilder;
sessionClientSettings.KeyRenewalInterval = this.LocalClientSettings.SessionKeyRenewalInterval;
sessionClientSettings.CanRenewSession = scParameters.CanRenewSession;
sessionClientSettings.KeyRolloverInterval = this.LocalClientSettings.SessionKeyRolloverInterval;
sessionClientSettings.TolerateTransportFailures = this.LocalClientSettings.ReconnectTransportOnFailure;
sessionClientSettings.IssuedSecurityTokenParameters = scParameters.Clone();
((SecureConversationSecurityTokenParameters)sessionClientSettings.IssuedSecurityTokenParameters).IssuerBindingContext = issuerBindingContext;
sessionClientSettings.SecurityStandardsManager = sessionFactory.StandardsManager;
sessionClientSettings.SessionProtocolFactory = sessionFactory;
channelFactory = new SecurityChannelFactory <TChannel>(securityCapabilities, context, sessionClientSettings);
}
else
{
SymmetricSecurityProtocolFactory protocolFactory = new SymmetricSecurityProtocolFactory();
protocolFactory.SecurityTokenParameters = scParameters.Clone();
((SecureConversationSecurityTokenParameters)protocolFactory.SecurityTokenParameters).IssuerBindingContext = scIssuerBindingContext;
protocolFactory.ApplyConfidentiality = true;
protocolFactory.RequireConfidentiality = true;
protocolFactory.ApplyIntegrity = true;
protocolFactory.RequireIntegrity = true;
protocolFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
protocolFactory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
protocolFactory.MessageProtectionOrder = this.MessageProtectionOrder;
protocolFactory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, false));
base.ConfigureProtocolFactory(protocolFactory, credentialsManager, false, issuerBindingContext, context.Binding);
channelFactory = new SecurityChannelFactory <TChannel>(securityCapabilities, context, channelBuilder, protocolFactory);
}
}
else
{
SecurityProtocolFactory protocolFactory = this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, false, issuerBindingContext);
channelFactory = new SecurityChannelFactory <TChannel>(securityCapabilities, context, channelBuilder, protocolFactory);
}
return(channelFactory);
}
internal override SecurityProtocolFactory CreateSecurityProtocolFactory <TChannel>(BindingContext context, SecurityCredentialsManager credentialsManager, bool isForService, BindingContext issuerBindingContext)
{
if (context == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
}
if (credentialsManager == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("credentialsManager");
}
if (this.InitiatorTokenParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.AsymmetricSecurityBindingElementNeedsInitiatorTokenParameters, this.ToString())));
}
if (this.RecipientTokenParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.AsymmetricSecurityBindingElementNeedsRecipientTokenParameters, this.ToString())));
}
bool isDuplexSecurity = !this.isCertificateSignatureBinding && (typeof(IDuplexChannel) == typeof(TChannel) || typeof(IDuplexSessionChannel) == typeof(TChannel));
SecurityProtocolFactory protocolFactory;
AsymmetricSecurityProtocolFactory forward = new AsymmetricSecurityProtocolFactory();
forward.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, isForService));
forward.RequireConfidentiality = this.HasProtectionRequirements(forward.ProtectionRequirements.IncomingEncryptionParts);
forward.RequireIntegrity = this.HasProtectionRequirements(forward.ProtectionRequirements.IncomingSignatureParts);
if (this.isCertificateSignatureBinding)
{
if (isForService)
{
forward.ApplyIntegrity = forward.ApplyConfidentiality = false;
}
else
{
forward.ApplyConfidentiality = forward.RequireIntegrity = false;
}
}
else
{
forward.ApplyIntegrity = this.HasProtectionRequirements(forward.ProtectionRequirements.OutgoingSignatureParts);
forward.ApplyConfidentiality = this.HasProtectionRequirements(forward.ProtectionRequirements.OutgoingEncryptionParts);
}
if (isForService)
{
base.ApplyAuditBehaviorSettings(context, forward);
if (forward.RequireConfidentiality || (!this.isCertificateSignatureBinding && forward.ApplyIntegrity))
{
forward.AsymmetricTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone();
}
else
{
forward.AsymmetricTokenParameters = null;
}
forward.CryptoTokenParameters = this.InitiatorTokenParameters.Clone();
SetIssuerBindingContextIfRequired(forward.CryptoTokenParameters, issuerBindingContext);
}
else
{
if (forward.ApplyConfidentiality || (!this.isCertificateSignatureBinding && forward.RequireIntegrity))
{
forward.AsymmetricTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone();
}
else
{
forward.AsymmetricTokenParameters = null;
}
forward.CryptoTokenParameters = this.InitiatorTokenParameters.Clone();
SetIssuerBindingContextIfRequired(forward.CryptoTokenParameters, issuerBindingContext);
}
if (isDuplexSecurity)
{
if (isForService)
{
forward.ApplyConfidentiality = forward.ApplyIntegrity = false;
}
else
{
forward.RequireIntegrity = forward.RequireConfidentiality = false;
}
}
else
{
if (!isForService)
{
forward.AllowSerializedSigningTokenOnReply = this.AllowSerializedSigningTokenOnReply;
}
}
forward.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
forward.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
forward.MessageProtectionOrder = this.MessageProtectionOrder;
base.ConfigureProtocolFactory(forward, credentialsManager, isForService, issuerBindingContext, context.Binding);
if (!forward.RequireIntegrity)
{
forward.DetectReplays = false;
}
if (isDuplexSecurity)
{
AsymmetricSecurityProtocolFactory reverse = new AsymmetricSecurityProtocolFactory();
if (isForService)
{
reverse.AsymmetricTokenParameters = this.InitiatorTokenParameters.Clone();
reverse.AsymmetricTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External;
reverse.AsymmetricTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never;
reverse.CryptoTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone();
reverse.CryptoTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
reverse.CryptoTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
reverse.IdentityVerifier = null;
}
else
{
reverse.AsymmetricTokenParameters = this.InitiatorTokenParameters.Clone();
reverse.AsymmetricTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External;
reverse.AsymmetricTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never;
reverse.CryptoTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone();
reverse.CryptoTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
reverse.CryptoTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
reverse.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
}
reverse.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
reverse.MessageProtectionOrder = this.MessageProtectionOrder;
reverse.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, isForService));
if (isForService)
{
reverse.ApplyConfidentiality = this.HasProtectionRequirements(reverse.ProtectionRequirements.OutgoingEncryptionParts);
reverse.ApplyIntegrity = true;
reverse.RequireIntegrity = reverse.RequireConfidentiality = false;
}
else
{
reverse.RequireConfidentiality = this.HasProtectionRequirements(reverse.ProtectionRequirements.IncomingEncryptionParts);
reverse.RequireIntegrity = true;
reverse.ApplyIntegrity = reverse.ApplyConfidentiality = false;
}
base.ConfigureProtocolFactory(reverse, credentialsManager, !isForService, issuerBindingContext, context.Binding);
if (!reverse.RequireIntegrity)
{
reverse.DetectReplays = false;
}
// setup reverse here
reverse.IsDuplexReply = true;
DuplexSecurityProtocolFactory duplex = new DuplexSecurityProtocolFactory();
duplex.ForwardProtocolFactory = forward;
duplex.ReverseProtocolFactory = reverse;
protocolFactory = duplex;
}
else
{
protocolFactory = forward;
}
return(protocolFactory);
}
/*internal override bool RequiresChannelDemuxer()
* {
* if (!base.RequiresChannelDemuxer())
* return this.RequiresChannelDemuxer(this.ProtectionTokenParameters);
* return true;
* }*/
protected override IChannelFactory <TChannel> BuildChannelFactoryCore <TChannel>(BindingContext context)
{
ISecurityCapabilities property = this.GetProperty <ISecurityCapabilities>(context);
SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>() ?? (SecurityCredentialsManager)ClientCredentials.CreateDefaultCredentials();
bool addChannelDemuxerIfRequired = this.RequiresChannelDemuxer();
ChannelBuilder channelBuilder = new ChannelBuilder(context, addChannelDemuxerIfRequired);
if (addChannelDemuxerIfRequired)
{
#if FEATURE_CORECLR
throw new NotImplementedException("ApplyPropertiesOnDemuxer is not supported in .NET Core");
#else
this.ApplyPropertiesOnDemuxer(channelBuilder, context);
#endif
}
BindingContext bindingContext1 = context.Clone();
SecurityChannelFactory <TChannel> securityChannelFactory;
if (this.ProtectionTokenParameters is SecureConversationSecurityTokenParameters)
{
SecureConversationSecurityTokenParameters protectionTokenParameters = (SecureConversationSecurityTokenParameters)this.ProtectionTokenParameters;
if (protectionTokenParameters.BootstrapSecurityBindingElement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError((Exception) new InvalidOperationException(SR.GetString("SecureConversationSecurityTokenParametersRequireBootstrapBinding")));
}
BindingContext bindingContext2 = bindingContext1.Clone();
bindingContext2.BindingParameters.Remove <ChannelProtectionRequirements>();
// BootstrapProtectionRequirements not supported
// bindingContext2.BindingParameters.Add((object) protectionTokenParameters.BootstrapProtectionRequirements);
if (protectionTokenParameters.RequireCancellation)
{
SessionSymmetricMessageSecurityProtocolFactory securityProtocolFactory = new SessionSymmetricMessageSecurityProtocolFactory();
securityProtocolFactory.SecurityTokenParameters = protectionTokenParameters.Clone();
((SecureConversationSecurityTokenParameters)securityProtocolFactory.SecurityTokenParameters).IssuerBindingContext = bindingContext2;
securityProtocolFactory.ApplyConfidentiality = true;
securityProtocolFactory.RequireConfidentiality = true;
securityProtocolFactory.ApplyIntegrity = true;
securityProtocolFactory.RequireIntegrity = true;
securityProtocolFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
securityProtocolFactory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
securityProtocolFactory.MessageProtectionOrder = this.MessageProtectionOrder;
securityProtocolFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
securityProtocolFactory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements((SecurityBindingElement)this, context.BindingParameters, context.Binding.Elements, false));
this.ConfigureProtocolFactory((SecurityProtocolFactory)securityProtocolFactory, credentialsManager, false, bindingContext1, (Binding)context.Binding);
SecuritySessionClientSettings <TChannel> sessionClientSettings = new SecuritySessionClientSettings <TChannel>();
sessionClientSettings.ChannelBuilder = channelBuilder;
sessionClientSettings.KeyRenewalInterval = this.LocalClientSettings.SessionKeyRenewalInterval;
sessionClientSettings.CanRenewSession = protectionTokenParameters.CanRenewSession;
sessionClientSettings.KeyRolloverInterval = this.LocalClientSettings.SessionKeyRolloverInterval;
sessionClientSettings.TolerateTransportFailures = this.LocalClientSettings.ReconnectTransportOnFailure;
sessionClientSettings.IssuedSecurityTokenParameters = protectionTokenParameters.Clone();
((SecureConversationSecurityTokenParameters)sessionClientSettings.IssuedSecurityTokenParameters).IssuerBindingContext = bindingContext1;
sessionClientSettings.SecurityStandardsManager = securityProtocolFactory.StandardsManager;
Console.WriteLine("Assigned sessionClientSettings.SessionProtocolFactory");
sessionClientSettings.SessionProtocolFactory = (SecurityProtocolFactory)securityProtocolFactory;
securityChannelFactory = new SecurityChannelFactory <TChannel>(property, context, sessionClientSettings);
}
else
{
#if FEATURE_CORECLR
throw new NotImplementedException("SymmetricSecurityProtocolFactory not supported in .NET Core");
#else
SymmetricSecurityProtocolFactory securityProtocolFactory = new SymmetricSecurityProtocolFactory();
securityProtocolFactory.SecurityTokenParameters = protectionTokenParameters.Clone();
((SecureConversationSecurityTokenParameters)securityProtocolFactory.SecurityTokenParameters).IssuerBindingContext = bindingContext2;
securityProtocolFactory.ApplyConfidentiality = true;
securityProtocolFactory.RequireConfidentiality = true;
securityProtocolFactory.ApplyIntegrity = true;
securityProtocolFactory.RequireIntegrity = true;
securityProtocolFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
securityProtocolFactory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
securityProtocolFactory.MessageProtectionOrder = this.MessageProtectionOrder;
securityProtocolFactory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements((SecurityBindingElement)this, context.BindingParameters, context.Binding.Elements, false));
this.ConfigureProtocolFactory((SecurityProtocolFactory)securityProtocolFactory, credentialsManager, false, bindingContext1, (Binding)context.Binding);
securityChannelFactory = new SecurityChannelFactory <TChannel>(property, context, channelBuilder, (SecurityProtocolFactory)securityProtocolFactory);
#endif
}
}
else
{
SecurityProtocolFactory securityProtocolFactory = this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, false, bindingContext1);
securityChannelFactory = new SecurityChannelFactory <TChannel>(property, context, channelBuilder, securityProtocolFactory);
}
return((IChannelFactory <TChannel>)securityChannelFactory);
}