protected override IChannelListener <TChannel> BuildChannelListenerCore <TChannel>(BindingContext context)
{
bool requireDemuxer = RequiresChannelDemuxer();
ChannelBuilder channelBuilder = new ChannelBuilder(context, requireDemuxer);
if (requireDemuxer)
{
ApplyPropertiesOnDemuxer(channelBuilder, context);
}
BindingContext issuerBindingContext = context.Clone();
SecurityChannelListener <TChannel> channelListener = new SecurityChannelListener <TChannel>(this, context);
SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>();
if (credentialsManager == null)
{
credentialsManager = ServiceCredentials.CreateDefaultCredentials();
}
SecurityProtocolFactory protocolFactory = this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, true, issuerBindingContext);
channelListener.SecurityProtocolFactory = protocolFactory;
channelListener.InitializeListener(channelBuilder);
return(channelListener);
}
public SecurityReplyChannel(
SecurityChannelListener <IReplyChannel> source,
IReplyChannel innerChannel)
: base(source)
{
this.inner = innerChannel;
}
public SecurityReplyChannel(
SecurityChannelListener <IReplyChannel> source,
IReplyChannel innerChannel)
: base(innerChannel)
{
this.source = source;
}
protected override IChannelListener <TChannel> BuildChannelListenerCore <TChannel>(BindingContext context) where TChannel : class, IChannel
{
bool addChannelDemuxerIfRequired = this.RequiresChannelDemuxer();
ChannelBuilder builder = new ChannelBuilder(context, addChannelDemuxerIfRequired);
if (addChannelDemuxerIfRequired)
{
base.ApplyPropertiesOnDemuxer(builder, context);
}
BindingContext issuanceBindingContext = context.Clone();
SecurityChannelListener <TChannel> listener = new SecurityChannelListener <TChannel>(this, context);
SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>();
if (credentialsManager == null)
{
credentialsManager = ServiceCredentials.CreateDefaultCredentials();
}
SecurityProtocolFactory factory = this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, true, issuanceBindingContext);
listener.SecurityProtocolFactory = factory;
listener.InitializeListener(builder);
return(listener);
}
protected override IChannelListener <TChannel> BuildChannelListenerCore <TChannel>(BindingContext context) where TChannel : class, IChannel
{
SecureConversationSecurityTokenParameters parameters;
SecurityChannelListener <TChannel> listener = new SecurityChannelListener <TChannel>(this, context);
SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>();
if (credentialsManager == null)
{
credentialsManager = ServiceCredentials.CreateDefaultCredentials();
}
if (base.EndpointSupportingTokenParameters.Endorsing.Count > 0)
{
parameters = base.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters;
}
else
{
parameters = null;
}
bool addChannelDemuxerIfRequired = this.RequiresChannelDemuxer();
ChannelBuilder builder = new ChannelBuilder(context, addChannelDemuxerIfRequired);
if (addChannelDemuxerIfRequired)
{
base.ApplyPropertiesOnDemuxer(builder, context);
}
BindingContext secureConversationBindingContext = context.Clone();
if (parameters != null)
{
if (parameters.BootstrapSecurityBindingElement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("SecureConversationSecurityTokenParametersRequireBootstrapBinding")));
}
base.AddDemuxerForSecureConversation(builder, secureConversationBindingContext);
if (parameters.RequireCancellation)
{
SessionSymmetricTransportSecurityProtocolFactory factory = new SessionSymmetricTransportSecurityProtocolFactory();
base.ApplyAuditBehaviorSettings(context, factory);
factory.SecurityTokenParameters = parameters.Clone();
((SecureConversationSecurityTokenParameters)factory.SecurityTokenParameters).IssuerBindingContext = secureConversationBindingContext;
base.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
try
{
base.ConfigureProtocolFactory(factory, credentialsManager, true, secureConversationBindingContext, context.Binding);
}
finally
{
base.EndpointSupportingTokenParameters.Endorsing.Insert(0, parameters);
}
listener.SessionMode = true;
listener.SessionServerSettings.InactivityTimeout = base.LocalServiceSettings.InactivityTimeout;
listener.SessionServerSettings.KeyRolloverInterval = base.LocalServiceSettings.SessionKeyRolloverInterval;
listener.SessionServerSettings.MaximumPendingSessions = base.LocalServiceSettings.MaxPendingSessions;
listener.SessionServerSettings.MaximumKeyRenewalInterval = base.LocalServiceSettings.SessionKeyRenewalInterval;
listener.SessionServerSettings.TolerateTransportFailures = base.LocalServiceSettings.ReconnectTransportOnFailure;
listener.SessionServerSettings.CanRenewSession = parameters.CanRenewSession;
listener.SessionServerSettings.IssuedSecurityTokenParameters = parameters.Clone();
((SecureConversationSecurityTokenParameters)listener.SessionServerSettings.IssuedSecurityTokenParameters).IssuerBindingContext = secureConversationBindingContext;
listener.SessionServerSettings.SecurityStandardsManager = factory.StandardsManager;
listener.SessionServerSettings.SessionProtocolFactory = factory;
if (((context.BindingParameters != null) && (context.BindingParameters.Find <IChannelDemuxFailureHandler>() == null)) && !base.IsUnderlyingListenerDuplex <TChannel>(context))
{
context.BindingParameters.Add(new SecuritySessionServerSettings.SecuritySessionDemuxFailureHandler(factory.StandardsManager));
}
}
else
{
TransportSecurityProtocolFactory factory2 = new TransportSecurityProtocolFactory();
base.ApplyAuditBehaviorSettings(context, factory2);
base.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
try
{
base.ConfigureProtocolFactory(factory2, credentialsManager, true, secureConversationBindingContext, context.Binding);
SecureConversationSecurityTokenParameters item = (SecureConversationSecurityTokenParameters)parameters.Clone();
item.IssuerBindingContext = secureConversationBindingContext;
factory2.SecurityBindingElement.EndpointSupportingTokenParameters.Endorsing.Insert(0, item);
}
finally
{
base.EndpointSupportingTokenParameters.Endorsing.Insert(0, parameters);
}
listener.SecurityProtocolFactory = factory2;
}
}
else
{
SecurityProtocolFactory factory3 = this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, true, secureConversationBindingContext);
listener.SecurityProtocolFactory = factory3;
}
listener.InitializeListener(builder);
return(listener);
}
protected override IChannelListener <TChannel> BuildChannelListenerCore <TChannel>(BindingContext context)
{
SecurityChannelListener <TChannel> channelListener = new SecurityChannelListener <TChannel>(this, context);
SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>();
if (credentialsManager == null)
{
credentialsManager = ServiceCredentials.CreateDefaultCredentials();
}
SecureConversationSecurityTokenParameters scParameters;
if (this.EndpointSupportingTokenParameters.Endorsing.Count > 0)
{
scParameters = this.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters;
}
else
{
scParameters = null;
}
bool requireDemuxer = RequiresChannelDemuxer();
ChannelBuilder channelBuilder = new ChannelBuilder(context, requireDemuxer);
if (requireDemuxer)
{
ApplyPropertiesOnDemuxer(channelBuilder, context);
}
BindingContext issuerBindingContext = context.Clone();
if (scParameters != null)
{
if (scParameters.BootstrapSecurityBindingElement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SecureConversationSecurityTokenParametersRequireBootstrapBinding)));
}
AddDemuxerForSecureConversation(channelBuilder, issuerBindingContext);
if (scParameters.RequireCancellation)
{
SessionSymmetricTransportSecurityProtocolFactory sessionFactory = new SessionSymmetricTransportSecurityProtocolFactory();
base.ApplyAuditBehaviorSettings(context, sessionFactory);
sessionFactory.SecurityTokenParameters = scParameters.Clone();
((SecureConversationSecurityTokenParameters)sessionFactory.SecurityTokenParameters).IssuerBindingContext = issuerBindingContext;
this.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
try
{
base.ConfigureProtocolFactory(sessionFactory, credentialsManager, true, issuerBindingContext, context.Binding);
}
finally
{
this.EndpointSupportingTokenParameters.Endorsing.Insert(0, scParameters);
}
channelListener.SessionMode = true;
channelListener.SessionServerSettings.InactivityTimeout = this.LocalServiceSettings.InactivityTimeout;
channelListener.SessionServerSettings.KeyRolloverInterval = this.LocalServiceSettings.SessionKeyRolloverInterval;
channelListener.SessionServerSettings.MaximumPendingSessions = this.LocalServiceSettings.MaxPendingSessions;
channelListener.SessionServerSettings.MaximumKeyRenewalInterval = this.LocalServiceSettings.SessionKeyRenewalInterval;
channelListener.SessionServerSettings.TolerateTransportFailures = this.LocalServiceSettings.ReconnectTransportOnFailure;
channelListener.SessionServerSettings.CanRenewSession = scParameters.CanRenewSession;
channelListener.SessionServerSettings.IssuedSecurityTokenParameters = scParameters.Clone();
((SecureConversationSecurityTokenParameters)channelListener.SessionServerSettings.IssuedSecurityTokenParameters).IssuerBindingContext = issuerBindingContext;
channelListener.SessionServerSettings.SecurityStandardsManager = sessionFactory.StandardsManager;
channelListener.SessionServerSettings.SessionProtocolFactory = sessionFactory;
// pass in the error handler for handling unknown security sessions - dont do this if the underlying channel is duplex since sending
// back faults in response to badly secured requests over duplex can result in DoS.
if (context.BindingParameters != null && context.BindingParameters.Find <IChannelDemuxFailureHandler>() == null &&
!IsUnderlyingListenerDuplex <TChannel>(context))
{
context.BindingParameters.Add(new SecuritySessionServerSettings.SecuritySessionDemuxFailureHandler(sessionFactory.StandardsManager));
}
}
else
{
TransportSecurityProtocolFactory protocolFactory = new TransportSecurityProtocolFactory();
base.ApplyAuditBehaviorSettings(context, protocolFactory);
this.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
try
{
base.ConfigureProtocolFactory(protocolFactory, credentialsManager, true, issuerBindingContext, context.Binding);
SecureConversationSecurityTokenParameters acceleratedTokenParameters = (SecureConversationSecurityTokenParameters)scParameters.Clone();
acceleratedTokenParameters.IssuerBindingContext = issuerBindingContext;
protocolFactory.SecurityBindingElement.EndpointSupportingTokenParameters.Endorsing.Insert(0, acceleratedTokenParameters);
}
finally
{
this.EndpointSupportingTokenParameters.Endorsing.Insert(0, scParameters);
}
channelListener.SecurityProtocolFactory = protocolFactory;
}
}
else
{
SecurityProtocolFactory protocolFactory = this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, true, issuerBindingContext);
channelListener.SecurityProtocolFactory = protocolFactory;
}
channelListener.InitializeListener(channelBuilder);
return(channelListener);
}
protected override IChannelListener <TChannel> BuildChannelListenerCore <TChannel>(BindingContext context) where TChannel : class, IChannel
{
SecurityChannelListener <TChannel> listener = new SecurityChannelListener <TChannel>(this, context);
SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>();
if (credentialsManager == null)
{
credentialsManager = ServiceCredentials.CreateDefaultCredentials();
}
bool addChannelDemuxerIfRequired = this.RequiresChannelDemuxer();
ChannelBuilder builder = new ChannelBuilder(context, addChannelDemuxerIfRequired);
if (addChannelDemuxerIfRequired)
{
base.ApplyPropertiesOnDemuxer(builder, context);
}
BindingContext issuerBindingContext = context.Clone();
if (this.ProtectionTokenParameters is SecureConversationSecurityTokenParameters)
{
SecureConversationSecurityTokenParameters protectionTokenParameters = (SecureConversationSecurityTokenParameters)this.ProtectionTokenParameters;
if (protectionTokenParameters.BootstrapSecurityBindingElement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("SecureConversationSecurityTokenParametersRequireBootstrapBinding")));
}
BindingContext secureConversationBindingContext = issuerBindingContext.Clone();
secureConversationBindingContext.BindingParameters.Remove <ChannelProtectionRequirements>();
secureConversationBindingContext.BindingParameters.Add(protectionTokenParameters.BootstrapProtectionRequirements);
IMessageFilterTable <EndpointAddress> table = context.BindingParameters.Find <IMessageFilterTable <EndpointAddress> >();
base.AddDemuxerForSecureConversation(builder, secureConversationBindingContext);
if (protectionTokenParameters.RequireCancellation)
{
SessionSymmetricMessageSecurityProtocolFactory factory = new SessionSymmetricMessageSecurityProtocolFactory();
base.ApplyAuditBehaviorSettings(context, factory);
factory.SecurityTokenParameters = protectionTokenParameters.Clone();
((SecureConversationSecurityTokenParameters)factory.SecurityTokenParameters).IssuerBindingContext = secureConversationBindingContext;
factory.ApplyConfidentiality = true;
factory.RequireConfidentiality = true;
factory.ApplyIntegrity = true;
factory.RequireIntegrity = true;
factory.IdentityVerifier = base.LocalClientSettings.IdentityVerifier;
factory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
factory.MessageProtectionOrder = this.MessageProtectionOrder;
factory.IdentityVerifier = base.LocalClientSettings.IdentityVerifier;
factory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, true));
base.ConfigureProtocolFactory(factory, credentialsManager, true, issuerBindingContext, context.Binding);
listener.SessionMode = true;
listener.SessionServerSettings.InactivityTimeout = base.LocalServiceSettings.InactivityTimeout;
listener.SessionServerSettings.KeyRolloverInterval = base.LocalServiceSettings.SessionKeyRolloverInterval;
listener.SessionServerSettings.MaximumPendingSessions = base.LocalServiceSettings.MaxPendingSessions;
listener.SessionServerSettings.MaximumKeyRenewalInterval = base.LocalServiceSettings.SessionKeyRenewalInterval;
listener.SessionServerSettings.TolerateTransportFailures = base.LocalServiceSettings.ReconnectTransportOnFailure;
listener.SessionServerSettings.CanRenewSession = protectionTokenParameters.CanRenewSession;
listener.SessionServerSettings.IssuedSecurityTokenParameters = protectionTokenParameters.Clone();
((SecureConversationSecurityTokenParameters)listener.SessionServerSettings.IssuedSecurityTokenParameters).IssuerBindingContext = secureConversationBindingContext;
listener.SessionServerSettings.SecurityStandardsManager = factory.StandardsManager;
listener.SessionServerSettings.SessionProtocolFactory = factory;
listener.SessionServerSettings.SessionProtocolFactory.EndpointFilterTable = table;
if (((context.BindingParameters != null) && (context.BindingParameters.Find <IChannelDemuxFailureHandler>() == null)) && !base.IsUnderlyingListenerDuplex <TChannel>(context))
{
context.BindingParameters.Add(new SecuritySessionServerSettings.SecuritySessionDemuxFailureHandler(factory.StandardsManager));
}
}
else
{
SymmetricSecurityProtocolFactory factory2 = new SymmetricSecurityProtocolFactory();
base.ApplyAuditBehaviorSettings(context, factory2);
factory2.SecurityTokenParameters = protectionTokenParameters.Clone();
((SecureConversationSecurityTokenParameters)factory2.SecurityTokenParameters).IssuerBindingContext = secureConversationBindingContext;
factory2.ApplyConfidentiality = true;
factory2.RequireConfidentiality = true;
factory2.ApplyIntegrity = true;
factory2.RequireIntegrity = true;
factory2.IdentityVerifier = base.LocalClientSettings.IdentityVerifier;
factory2.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
factory2.MessageProtectionOrder = this.MessageProtectionOrder;
factory2.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, true));
factory2.EndpointFilterTable = table;
base.ConfigureProtocolFactory(factory2, credentialsManager, true, issuerBindingContext, context.Binding);
listener.SecurityProtocolFactory = factory2;
}
}
else
{
SecurityProtocolFactory factory3 = this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, true, issuerBindingContext);
listener.SecurityProtocolFactory = factory3;
}
listener.InitializeListener(builder);
return(listener);
}
protected override IChannelListener <TChannel> BuildChannelListenerCore <TChannel>(BindingContext context)
{
SecurityChannelListener <TChannel> channelListener = new SecurityChannelListener <TChannel>(this, context);
SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>();
if (credentialsManager == null)
{
credentialsManager = ServiceCredentials.CreateDefaultCredentials();
}
// This adds the demuxer element to the context. We add a demuxer element only if the binding is configured to do
// secure conversation or negotiation
bool requireDemuxer = RequiresChannelDemuxer();
ChannelBuilder channelBuilder = new ChannelBuilder(context, requireDemuxer);
if (requireDemuxer)
{
ApplyPropertiesOnDemuxer(channelBuilder, context);
}
BindingContext issuerBindingContext = context.Clone();
if (this.ProtectionTokenParameters is SecureConversationSecurityTokenParameters)
{
SecureConversationSecurityTokenParameters scParameters = (SecureConversationSecurityTokenParameters)this.ProtectionTokenParameters;
if (scParameters.BootstrapSecurityBindingElement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SecureConversationSecurityTokenParametersRequireBootstrapBinding)));
}
BindingContext scIssuerBindingContext = issuerBindingContext.Clone();
scIssuerBindingContext.BindingParameters.Remove <ChannelProtectionRequirements>();
scIssuerBindingContext.BindingParameters.Add(scParameters.BootstrapProtectionRequirements);
IMessageFilterTable <EndpointAddress> endpointFilterTable = context.BindingParameters.Find <IMessageFilterTable <EndpointAddress> >();
AddDemuxerForSecureConversation(channelBuilder, scIssuerBindingContext);
if (scParameters.RequireCancellation)
{
SessionSymmetricMessageSecurityProtocolFactory sessionFactory = new SessionSymmetricMessageSecurityProtocolFactory();
base.ApplyAuditBehaviorSettings(context, sessionFactory);
sessionFactory.SecurityTokenParameters = scParameters.Clone();
((SecureConversationSecurityTokenParameters)sessionFactory.SecurityTokenParameters).IssuerBindingContext = scIssuerBindingContext;
sessionFactory.ApplyConfidentiality = true;
sessionFactory.RequireConfidentiality = true;
sessionFactory.ApplyIntegrity = true;
sessionFactory.RequireIntegrity = true;
sessionFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
sessionFactory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
sessionFactory.MessageProtectionOrder = this.MessageProtectionOrder;
sessionFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
sessionFactory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, true));
base.ConfigureProtocolFactory(sessionFactory, credentialsManager, true, issuerBindingContext, context.Binding);
channelListener.SessionMode = true;
channelListener.SessionServerSettings.InactivityTimeout = this.LocalServiceSettings.InactivityTimeout;
channelListener.SessionServerSettings.KeyRolloverInterval = this.LocalServiceSettings.SessionKeyRolloverInterval;
channelListener.SessionServerSettings.MaximumPendingSessions = this.LocalServiceSettings.MaxPendingSessions;
channelListener.SessionServerSettings.MaximumKeyRenewalInterval = this.LocalServiceSettings.SessionKeyRenewalInterval;
channelListener.SessionServerSettings.TolerateTransportFailures = this.LocalServiceSettings.ReconnectTransportOnFailure;
channelListener.SessionServerSettings.CanRenewSession = scParameters.CanRenewSession;
channelListener.SessionServerSettings.IssuedSecurityTokenParameters = scParameters.Clone();
((SecureConversationSecurityTokenParameters)channelListener.SessionServerSettings.IssuedSecurityTokenParameters).IssuerBindingContext = scIssuerBindingContext;
channelListener.SessionServerSettings.SecurityStandardsManager = sessionFactory.StandardsManager;
channelListener.SessionServerSettings.SessionProtocolFactory = sessionFactory;
channelListener.SessionServerSettings.SessionProtocolFactory.EndpointFilterTable = endpointFilterTable;
// pass in the error handler for handling unknown security sessions - dont do this if the underlying channel is duplex since sending
// back faults in response to badly secured requests over duplex can result in DoS.
if (context.BindingParameters != null && context.BindingParameters.Find <IChannelDemuxFailureHandler>() == null &&
!IsUnderlyingListenerDuplex <TChannel>(context))
{
context.BindingParameters.Add(new SecuritySessionServerSettings.SecuritySessionDemuxFailureHandler(sessionFactory.StandardsManager));
}
}
else
{
SymmetricSecurityProtocolFactory protocolFactory = new SymmetricSecurityProtocolFactory();
base.ApplyAuditBehaviorSettings(context, protocolFactory);
protocolFactory.SecurityTokenParameters = scParameters.Clone();
((SecureConversationSecurityTokenParameters)protocolFactory.SecurityTokenParameters).IssuerBindingContext = scIssuerBindingContext;
protocolFactory.ApplyConfidentiality = true;
protocolFactory.RequireConfidentiality = true;
protocolFactory.ApplyIntegrity = true;
protocolFactory.RequireIntegrity = true;
protocolFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
protocolFactory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
protocolFactory.MessageProtectionOrder = this.MessageProtectionOrder;
protocolFactory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, true));
protocolFactory.EndpointFilterTable = endpointFilterTable;
base.ConfigureProtocolFactory(protocolFactory, credentialsManager, true, issuerBindingContext, context.Binding);
channelListener.SecurityProtocolFactory = protocolFactory;
}
}
else
{
SecurityProtocolFactory protocolFactory = this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, true, issuerBindingContext);
channelListener.SecurityProtocolFactory = protocolFactory;
}
channelListener.InitializeListener(channelBuilder);
return(channelListener);
}
