internal MessagePartSpecification GetOutgoingSignatureParts(string action) { if (!this.ApplyIntegrity) { return(MessagePartSpecification.NoParts); } if (this.IsDuplexReply) { return(MessageSecurityProtocolFactory.ExtractMessageParts(action, this.ProtectionRequirements.OutgoingSignatureParts, true)); } return(MessageSecurityProtocolFactory.ExtractMessageParts(action, this.ActAsInitiator ? this.ProtectionRequirements.IncomingSignatureParts : this.ProtectionRequirements.OutgoingSignatureParts, true)); }
internal MessagePartSpecification GetOutgoingEncryptionParts(string action) { if (!this.ApplyConfidentiality) { return(MessagePartSpecification.NoParts); } if (this.IsDuplexReply) { return(MessageSecurityProtocolFactory.ExtractMessageParts(action, this.ProtectionRequirements.OutgoingEncryptionParts, false)); } return(MessageSecurityProtocolFactory.ExtractMessageParts(action, this.ActAsInitiator ? this.ProtectionRequirements.IncomingEncryptionParts : this.ProtectionRequirements.OutgoingEncryptionParts, false)); }
internal IChannelListener <TChannel> BuildNegotiationChannelListener <TChannel>(BindingContext context) where TChannel : class, IChannel { SecurityCredentialsManager securityCredentials = this.IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>(); if (securityCredentials == null) { securityCredentials = ServiceCredentials.CreateDefaultCredentials(); } this.bootstrapSecurityBindingElement.ReaderQuotas = context.GetInnerProperty <XmlDictionaryReaderQuotas>(); if (this.bootstrapSecurityBindingElement.ReaderQuotas == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.EncodingBindingElementDoesNotHandleReaderQuotas))); } TransportBindingElement transportBindingElement = context.RemainingBindingElements.Find <TransportBindingElement>(); if (transportBindingElement != null) { this.bootstrapSecurityBindingElement.MaxReceivedMessageSize = transportBindingElement.MaxReceivedMessageSize; } SecurityProtocolFactory securityProtocolFactory = this.bootstrapSecurityBindingElement.CreateSecurityProtocolFactory <TChannel>(this.IssuerBindingContext.Clone(), securityCredentials, true, this.IssuerBindingContext.Clone()); MessageSecurityProtocolFactory soapBindingFactory = securityProtocolFactory as MessageSecurityProtocolFactory; if (soapBindingFactory != null) { soapBindingFactory.ApplyConfidentiality = soapBindingFactory.ApplyIntegrity = soapBindingFactory.RequireConfidentiality = soapBindingFactory.RequireIntegrity = true; MessagePartSpecification bodyPart = new MessagePartSpecification(true); soapBindingFactory.ProtectionRequirements.OutgoingSignatureParts.AddParts(bodyPart, RequestSecurityTokenResponseAction); soapBindingFactory.ProtectionRequirements.OutgoingEncryptionParts.AddParts(bodyPart, RequestSecurityTokenResponseAction); soapBindingFactory.ProtectionRequirements.IncomingSignatureParts.AddParts(bodyPart, RequestSecurityTokenAction); soapBindingFactory.ProtectionRequirements.IncomingEncryptionParts.AddParts(bodyPart, RequestSecurityTokenAction); } SecurityChannelListener <TChannel> securityChannelListener = new SecurityChannelListener <TChannel>(this.bootstrapSecurityBindingElement, context); securityChannelListener.SecurityProtocolFactory = securityProtocolFactory; // do not send back unsecured faults over composite duplex securityChannelListener.SendUnsecuredFaults = !SecurityUtils.IsCompositeDuplexBinding(context); ChannelBuilder channelBuilder = new ChannelBuilder(context, true); securityChannelListener.InitializeListener(channelBuilder); this.shouldMatchRstWithEndpointFilter = SecurityUtils.ShouldMatchRstWithEndpointFilter(this.bootstrapSecurityBindingElement); return(securityChannelListener); }
internal MessageSecurityProtocolFactory(MessageSecurityProtocolFactory factory) : base(factory) { if (factory == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("factory"); this.applyIntegrity = factory.applyIntegrity; this.applyConfidentiality = factory.applyConfidentiality; this.identityVerifier = factory.identityVerifier; this.protectionRequirements = new ChannelProtectionRequirements(factory.protectionRequirements); this.messageProtectionOrder = factory.messageProtectionOrder; this.requireIntegrity = factory.requireIntegrity; this.requireConfidentiality = factory.requireConfidentiality; this.doRequestSignatureConfirmation = factory.doRequestSignatureConfirmation; }
internal MessageSecurityProtocolFactory(MessageSecurityProtocolFactory factory) : base((SecurityProtocolFactory)factory) { if (factory == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("factory"); } this.applyIntegrity = factory.applyIntegrity; this.applyConfidentiality = factory.applyConfidentiality; this.identityVerifier = factory.identityVerifier; this.protectionRequirements = new ChannelProtectionRequirements(factory.protectionRequirements); this.messageProtectionOrder = factory.messageProtectionOrder; this.requireIntegrity = factory.requireIntegrity; this.requireConfidentiality = factory.requireConfidentiality; this.doRequestSignatureConfirmation = factory.doRequestSignatureConfirmation; }
protected ReceiveSecurityHeader ConfigureReceiveSecurityHeader(Message message, string actor, SecurityProtocolCorrelationState[] correlationStates, SecurityStandardsManager standardsManager, out IList <SupportingTokenAuthenticatorSpecification> supportingAuthenticators) { MessageSecurityProtocolFactory factory = this.MessageSecurityProtocolFactory; MessageDirection direction = factory.ActAsInitiator ? MessageDirection.Output : MessageDirection.Input; ReceiveSecurityHeader securityHeader = CreateSecurityHeader(message, actor, direction, standardsManager); string action = message.Headers.Action; supportingAuthenticators = GetSupportingTokenAuthenticatorsAndSetExpectationFlags(this.factory, message, securityHeader); if (factory.RequireIntegrity || securityHeader.ExpectSignedTokens) { securityHeader.RequiredSignatureParts = factory.GetIncomingSignatureParts(action); } if (factory.RequireConfidentiality || securityHeader.ExpectBasicTokens) { securityHeader.RequiredEncryptionParts = factory.GetIncomingEncryptionParts(action); } securityHeader.ExpectEncryption = factory.RequireConfidentiality || securityHeader.ExpectBasicTokens; securityHeader.ExpectSignature = factory.RequireIntegrity || securityHeader.ExpectSignedTokens; securityHeader.SetRequiredProtectionOrder(factory.MessageProtectionOrder); // On the receiving side if protectTokens is enabled // 1. If we are service, we make sure that the client always signs the primary token( can be any token type)else we throw. // But currently the service can sign the primary token in reply only if the primary token is an issued token // 2. If we are client, we do not care if the service signs the primary token or not. Otherwise it will be impossible to have a wcf client /service talk to each other unless we // either use a symmetric binding with issued tokens or asymmetric bindings with both the intiator and recipient parameters being issued tokens( later one is rare). securityHeader.RequireSignedPrimaryToken = !factory.ActAsInitiator && factory.SecurityBindingElement.ProtectTokens; if (factory.ActAsInitiator && factory.DoRequestSignatureConfirmation && HasCorrelationState(correlationStates)) { securityHeader.MaintainSignatureConfirmationState = true; securityHeader.ExpectSignatureConfirmation = true; } else if (!factory.ActAsInitiator && factory.DoRequestSignatureConfirmation) { securityHeader.MaintainSignatureConfirmationState = true; } else { securityHeader.MaintainSignatureConfirmationState = false; } return(securityHeader); }
internal IChannelListener <TChannel> BuildNegotiationChannelListener <TChannel>(BindingContext context) where TChannel : class, IChannel { SecurityCredentialsManager credentialsManager = base.IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>(); if (credentialsManager == null) { credentialsManager = ServiceCredentials.CreateDefaultCredentials(); } this.bootstrapSecurityBindingElement.ReaderQuotas = context.GetInnerProperty <XmlDictionaryReaderQuotas>(); if (this.bootstrapSecurityBindingElement.ReaderQuotas == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("EncodingBindingElementDoesNotHandleReaderQuotas"))); } TransportBindingElement element = context.RemainingBindingElements.Find <TransportBindingElement>(); if (element != null) { this.bootstrapSecurityBindingElement.MaxReceivedMessageSize = element.MaxReceivedMessageSize; } SecurityProtocolFactory factory = this.bootstrapSecurityBindingElement.CreateSecurityProtocolFactory <TChannel>(base.IssuerBindingContext.Clone(), credentialsManager, true, base.IssuerBindingContext.Clone()); MessageSecurityProtocolFactory factory2 = factory as MessageSecurityProtocolFactory; if (factory2 != null) { factory2.ApplyConfidentiality = factory2.ApplyIntegrity = factory2.RequireConfidentiality = factory2.RequireIntegrity = true; MessagePartSpecification parts = new MessagePartSpecification(true); factory2.ProtectionRequirements.OutgoingSignatureParts.AddParts(parts, this.RequestSecurityTokenResponseAction); factory2.ProtectionRequirements.OutgoingEncryptionParts.AddParts(parts, this.RequestSecurityTokenResponseAction); factory2.ProtectionRequirements.IncomingSignatureParts.AddParts(parts, this.RequestSecurityTokenAction); factory2.ProtectionRequirements.IncomingEncryptionParts.AddParts(parts, this.RequestSecurityTokenAction); } SecurityChannelListener <TChannel> listener = new SecurityChannelListener <TChannel>(this.bootstrapSecurityBindingElement, context) { SecurityProtocolFactory = factory, SendUnsecuredFaults = !System.ServiceModel.Security.SecurityUtils.IsCompositeDuplexBinding(context) }; ChannelBuilder channelBuilder = new ChannelBuilder(context, true); listener.InitializeListener(channelBuilder); this.shouldMatchRstWithEndpointFilter = System.ServiceModel.Security.SecurityUtils.ShouldMatchRstWithEndpointFilter(this.bootstrapSecurityBindingElement); return(listener); }
protected override IChannelFactory <IRequestChannel> GetNegotiationChannelFactory(IChannelFactory <IRequestChannel> transportChannelFactory, ChannelBuilder channelBuilder) { ISecurityCapabilities securityCapabilities = this.bootstrapSecurityBindingElement.GetProperty <ISecurityCapabilities>(this.IssuerBindingContext); SecurityCredentialsManager securityCredentials = this.IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>(); if (securityCredentials == null) { securityCredentials = ClientCredentials.CreateDefaultCredentials(); } this.bootstrapSecurityBindingElement.ReaderQuotas = this.IssuerBindingContext.GetInnerProperty <XmlDictionaryReaderQuotas>(); if (this.bootstrapSecurityBindingElement.ReaderQuotas == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.EncodingBindingElementDoesNotHandleReaderQuotas))); } TransportBindingElement transportBindingElement = this.IssuerBindingContext.RemainingBindingElements.Find <TransportBindingElement>(); if (transportBindingElement != null) { this.bootstrapSecurityBindingElement.MaxReceivedMessageSize = transportBindingElement.MaxReceivedMessageSize; } SecurityProtocolFactory securityProtocolFactory = this.bootstrapSecurityBindingElement.CreateSecurityProtocolFactory <IRequestChannel>(this.IssuerBindingContext.Clone(), securityCredentials, false, this.IssuerBindingContext.Clone()); MessageSecurityProtocolFactory soapBindingFactory = (securityProtocolFactory as MessageSecurityProtocolFactory); if (soapBindingFactory != null) { soapBindingFactory.ApplyConfidentiality = soapBindingFactory.ApplyIntegrity = soapBindingFactory.RequireConfidentiality = soapBindingFactory.RequireIntegrity = true; MessagePartSpecification bodyPart = new MessagePartSpecification(true); soapBindingFactory.ProtectionRequirements.IncomingSignatureParts.AddParts(bodyPart, RequestSecurityTokenAction); soapBindingFactory.ProtectionRequirements.IncomingEncryptionParts.AddParts(bodyPart, RequestSecurityTokenAction); soapBindingFactory.ProtectionRequirements.OutgoingSignatureParts.AddParts(bodyPart, RequestSecurityTokenResponseAction); soapBindingFactory.ProtectionRequirements.OutgoingEncryptionParts.AddParts(bodyPart, RequestSecurityTokenResponseAction); } securityProtocolFactory.PrivacyNoticeUri = this.PrivacyNoticeUri; securityProtocolFactory.PrivacyNoticeVersion = this.PrivacyNoticeVersion; return(new SecurityChannelFactory <IRequestChannel>( securityCapabilities, this.IssuerBindingContext, channelBuilder, securityProtocolFactory, transportChannelFactory)); }
protected SendSecurityHeader ConfigureSendSecurityHeader(Message message, string actor, IList <SupportingTokenSpecification> supportingTokens, SecurityProtocolCorrelationState correlationState) { MessageSecurityProtocolFactory factory = this.MessageSecurityProtocolFactory; SendSecurityHeader securityHeader = CreateSendSecurityHeader(message, actor, factory); securityHeader.SignThenEncrypt = factory.MessageProtectionOrder != MessageProtectionOrder.EncryptBeforeSign; // If ProtectTokens is enabled then we make sure that both the client side and the service side sign the primary token // ( if it is an issued token, the check exists in sendsecurityheader)in the primary signature while sending a message. securityHeader.ShouldProtectTokens = factory.SecurityBindingElement.ProtectTokens; securityHeader.EncryptPrimarySignature = factory.MessageProtectionOrder == MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature; if (factory.DoRequestSignatureConfirmation && correlationState != null) { if (factory.ActAsInitiator) { securityHeader.MaintainSignatureConfirmationState = true; securityHeader.CorrelationState = correlationState; } else if (correlationState.SignatureConfirmations != null) { securityHeader.AddSignatureConfirmations(correlationState.SignatureConfirmations); } } string action = message.Headers.Action; if (this.factory.ApplyIntegrity) { securityHeader.SignatureParts = this.factory.GetOutgoingSignatureParts(action); } if (factory.ApplyConfidentiality) { securityHeader.EncryptionParts = this.factory.GetOutgoingEncryptionParts(action); } AddSupportingTokens(securityHeader, supportingTokens); return(securityHeader); }
protected override IChannelFactory <IRequestChannel> GetNegotiationChannelFactory(IChannelFactory <IRequestChannel> transportChannelFactory, ChannelBuilder channelBuilder) { ISecurityCapabilities property = this.bootstrapSecurityBindingElement.GetProperty <ISecurityCapabilities>(base.IssuerBindingContext); SecurityCredentialsManager credentialsManager = base.IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>(); if (credentialsManager == null) { credentialsManager = ClientCredentials.CreateDefaultCredentials(); } this.bootstrapSecurityBindingElement.ReaderQuotas = base.IssuerBindingContext.GetInnerProperty <XmlDictionaryReaderQuotas>(); if (this.bootstrapSecurityBindingElement.ReaderQuotas == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("EncodingBindingElementDoesNotHandleReaderQuotas"))); } TransportBindingElement element = base.IssuerBindingContext.RemainingBindingElements.Find <TransportBindingElement>(); if (element != null) { this.bootstrapSecurityBindingElement.MaxReceivedMessageSize = element.MaxReceivedMessageSize; } SecurityProtocolFactory protocolFactory = this.bootstrapSecurityBindingElement.CreateSecurityProtocolFactory <IRequestChannel>(base.IssuerBindingContext.Clone(), credentialsManager, false, base.IssuerBindingContext.Clone()); MessageSecurityProtocolFactory factory2 = protocolFactory as MessageSecurityProtocolFactory; if (factory2 != null) { factory2.ApplyConfidentiality = factory2.ApplyIntegrity = factory2.RequireConfidentiality = factory2.RequireIntegrity = true; MessagePartSpecification parts = new MessagePartSpecification(true); factory2.ProtectionRequirements.IncomingSignatureParts.AddParts(parts, this.RequestSecurityTokenAction); factory2.ProtectionRequirements.IncomingEncryptionParts.AddParts(parts, this.RequestSecurityTokenAction); factory2.ProtectionRequirements.OutgoingSignatureParts.AddParts(parts, this.RequestSecurityTokenResponseAction); factory2.ProtectionRequirements.OutgoingEncryptionParts.AddParts(parts, this.RequestSecurityTokenResponseAction); } protocolFactory.PrivacyNoticeUri = this.PrivacyNoticeUri; protocolFactory.PrivacyNoticeVersion = this.PrivacyNoticeVersion; return(new SecurityChannelFactory <IRequestChannel>(property, base.IssuerBindingContext, channelBuilder, protocolFactory, transportChannelFactory)); }
SecurityToken identityVerifiedToken; // verified for the readonly target protected MessageSecurityProtocol(MessageSecurityProtocolFactory factory, EndpointAddress target, Uri via) : base(factory, target, via) { this.factory = factory; }
SecurityToken identityVerifiedToken; // verified for the readonly target protected MessageSecurityProtocol(MessageSecurityProtocolFactory factory, EndpointAddress target, Uri via) : base(factory, target, via) { this.factory = factory; }
void InitializeFactories() { ISecurityCapabilities securityCapabilities = this.BootstrapSecurityBindingElement.GetProperty <ISecurityCapabilities>(this.IssuerBindingContext); SecurityCredentialsManager securityCredentials = this.IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>(); if (securityCredentials == null) { securityCredentials = ClientCredentials.CreateDefaultCredentials(); } BindingContext context = this.IssuerBindingContext; this.bootstrapSecurityBindingElement.ReaderQuotas = context.GetInnerProperty <XmlDictionaryReaderQuotas>(); if (this.bootstrapSecurityBindingElement.ReaderQuotas == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.EncodingBindingElementDoesNotHandleReaderQuotas))); } TransportBindingElement transportBindingElement = context.RemainingBindingElements.Find <TransportBindingElement>(); if (transportBindingElement != null) { this.bootstrapSecurityBindingElement.MaxReceivedMessageSize = transportBindingElement.MaxReceivedMessageSize; } SecurityProtocolFactory securityProtocolFactory = this.BootstrapSecurityBindingElement.CreateSecurityProtocolFactory <IRequestChannel>(this.IssuerBindingContext.Clone(), securityCredentials, false, this.IssuerBindingContext.Clone()); if (securityProtocolFactory is MessageSecurityProtocolFactory) { MessageSecurityProtocolFactory soapBindingFactory = securityProtocolFactory as MessageSecurityProtocolFactory; soapBindingFactory.ApplyConfidentiality = soapBindingFactory.ApplyIntegrity = soapBindingFactory.RequireConfidentiality = soapBindingFactory.RequireIntegrity = true; soapBindingFactory.ProtectionRequirements.IncomingSignatureParts.ChannelParts.IsBodyIncluded = true; soapBindingFactory.ProtectionRequirements.OutgoingSignatureParts.ChannelParts.IsBodyIncluded = true; MessagePartSpecification bodyPart = new MessagePartSpecification(true); soapBindingFactory.ProtectionRequirements.IncomingSignatureParts.AddParts(bodyPart, IssueAction); soapBindingFactory.ProtectionRequirements.IncomingEncryptionParts.AddParts(bodyPart, IssueAction); soapBindingFactory.ProtectionRequirements.IncomingSignatureParts.AddParts(bodyPart, RenewAction); soapBindingFactory.ProtectionRequirements.IncomingEncryptionParts.AddParts(bodyPart, RenewAction); soapBindingFactory.ProtectionRequirements.OutgoingSignatureParts.AddParts(bodyPart, IssueResponseAction); soapBindingFactory.ProtectionRequirements.OutgoingEncryptionParts.AddParts(bodyPart, IssueResponseAction); soapBindingFactory.ProtectionRequirements.OutgoingSignatureParts.AddParts(bodyPart, RenewResponseAction); soapBindingFactory.ProtectionRequirements.OutgoingEncryptionParts.AddParts(bodyPart, RenewResponseAction); } securityProtocolFactory.PrivacyNoticeUri = this.PrivacyNoticeUri; securityProtocolFactory.PrivacyNoticeVersion = this.privacyNoticeVersion; if (this.localAddress != null) { MessageFilter issueAndRenewFilter = new SessionActionFilter(this.standardsManager, this.IssueResponseAction.Value, this.RenewResponseAction.Value); context.BindingParameters.Add(new LocalAddressProvider(localAddress, issueAndRenewFilter)); } ChannelBuilder channelBuilder = new ChannelBuilder(context, true); IChannelFactory <IRequestChannel> innerChannelFactory; // if the underlying transport does not support request/reply, wrap it inside // a service channel factory. if (channelBuilder.CanBuildChannelFactory <IRequestChannel>()) { innerChannelFactory = channelBuilder.BuildChannelFactory <IRequestChannel>(); requiresManualReplyAddressing = true; } else { ClientRuntime clientRuntime = new ClientRuntime("RequestSecuritySession", NamingHelper.DefaultNamespace); clientRuntime.UseSynchronizationContext = false; clientRuntime.AddTransactionFlowProperties = false; clientRuntime.ValidateMustUnderstand = false; ServiceChannelFactory serviceChannelFactory = ServiceChannelFactory.BuildChannelFactory(channelBuilder, clientRuntime); ClientOperation issueOperation = new ClientOperation(serviceChannelFactory.ClientRuntime, "Issue", IssueAction.Value); issueOperation.Formatter = operationFormatter; serviceChannelFactory.ClientRuntime.Operations.Add(issueOperation); ClientOperation renewOperation = new ClientOperation(serviceChannelFactory.ClientRuntime, "Renew", RenewAction.Value); renewOperation.Formatter = operationFormatter; serviceChannelFactory.ClientRuntime.Operations.Add(renewOperation); innerChannelFactory = new RequestChannelFactory(serviceChannelFactory); requiresManualReplyAddressing = false; } SecurityChannelFactory <IRequestChannel> securityChannelFactory = new SecurityChannelFactory <IRequestChannel>( securityCapabilities, this.IssuerBindingContext, channelBuilder, securityProtocolFactory, innerChannelFactory); // attach the ExtendedProtectionPolicy to the securityProtcolFactory so it will be // available when building the channel. if (transportBindingElement != null) { if (securityChannelFactory.SecurityProtocolFactory != null) { securityChannelFactory.SecurityProtocolFactory.ExtendedProtectionPolicy = transportBindingElement.GetProperty <ExtendedProtectionPolicy>(context); } } this.rstChannelFactory = securityChannelFactory; this.messageVersion = securityChannelFactory.MessageVersion; }
private void InitializeFactories() { IChannelFactory <IRequestChannel> factory3; ISecurityCapabilities property = this.BootstrapSecurityBindingElement.GetProperty <ISecurityCapabilities>(this.IssuerBindingContext); SecurityCredentialsManager credentialsManager = this.IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>(); if (credentialsManager == null) { credentialsManager = ClientCredentials.CreateDefaultCredentials(); } BindingContext issuerBindingContext = this.IssuerBindingContext; this.bootstrapSecurityBindingElement.ReaderQuotas = issuerBindingContext.GetInnerProperty <XmlDictionaryReaderQuotas>(); if (this.bootstrapSecurityBindingElement.ReaderQuotas == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("EncodingBindingElementDoesNotHandleReaderQuotas"))); } TransportBindingElement element = issuerBindingContext.RemainingBindingElements.Find <TransportBindingElement>(); if (element != null) { this.bootstrapSecurityBindingElement.MaxReceivedMessageSize = element.MaxReceivedMessageSize; } SecurityProtocolFactory protocolFactory = this.BootstrapSecurityBindingElement.CreateSecurityProtocolFactory <IRequestChannel>(this.IssuerBindingContext.Clone(), credentialsManager, false, this.IssuerBindingContext.Clone()); if (protocolFactory is MessageSecurityProtocolFactory) { MessageSecurityProtocolFactory factory2 = protocolFactory as MessageSecurityProtocolFactory; factory2.ApplyConfidentiality = factory2.ApplyIntegrity = factory2.RequireConfidentiality = factory2.RequireIntegrity = true; factory2.ProtectionRequirements.IncomingSignatureParts.ChannelParts.IsBodyIncluded = true; factory2.ProtectionRequirements.OutgoingSignatureParts.ChannelParts.IsBodyIncluded = true; MessagePartSpecification parts = new MessagePartSpecification(true); factory2.ProtectionRequirements.IncomingSignatureParts.AddParts(parts, this.IssueAction); factory2.ProtectionRequirements.IncomingEncryptionParts.AddParts(parts, this.IssueAction); factory2.ProtectionRequirements.IncomingSignatureParts.AddParts(parts, this.RenewAction); factory2.ProtectionRequirements.IncomingEncryptionParts.AddParts(parts, this.RenewAction); factory2.ProtectionRequirements.OutgoingSignatureParts.AddParts(parts, this.IssueResponseAction); factory2.ProtectionRequirements.OutgoingEncryptionParts.AddParts(parts, this.IssueResponseAction); factory2.ProtectionRequirements.OutgoingSignatureParts.AddParts(parts, this.RenewResponseAction); factory2.ProtectionRequirements.OutgoingEncryptionParts.AddParts(parts, this.RenewResponseAction); } protocolFactory.PrivacyNoticeUri = this.PrivacyNoticeUri; protocolFactory.PrivacyNoticeVersion = this.privacyNoticeVersion; if (this.localAddress != null) { MessageFilter filter = new SessionActionFilter(this.standardsManager, new string[] { this.IssueResponseAction.Value, this.RenewResponseAction.Value }); issuerBindingContext.BindingParameters.Add(new LocalAddressProvider(this.localAddress, filter)); } ChannelBuilder channelBuilder = new ChannelBuilder(issuerBindingContext, true); if (channelBuilder.CanBuildChannelFactory <IRequestChannel>()) { factory3 = channelBuilder.BuildChannelFactory <IRequestChannel>(); this.requiresManualReplyAddressing = true; } else { ClientRuntime clientRuntime = new ClientRuntime("RequestSecuritySession", "http://tempuri.org/") { UseSynchronizationContext = false, AddTransactionFlowProperties = false, ValidateMustUnderstand = false }; ServiceChannelFactory serviceChannelFactory = ServiceChannelFactory.BuildChannelFactory(channelBuilder, clientRuntime); ClientOperation item = new ClientOperation(serviceChannelFactory.ClientRuntime, "Issue", this.IssueAction.Value) { Formatter = operationFormatter }; serviceChannelFactory.ClientRuntime.Operations.Add(item); ClientOperation operation2 = new ClientOperation(serviceChannelFactory.ClientRuntime, "Renew", this.RenewAction.Value) { Formatter = operationFormatter }; serviceChannelFactory.ClientRuntime.Operations.Add(operation2); factory3 = new RequestChannelFactory(serviceChannelFactory); this.requiresManualReplyAddressing = false; } SecurityChannelFactory <IRequestChannel> factory5 = new SecurityChannelFactory <IRequestChannel>(property, this.IssuerBindingContext, channelBuilder, protocolFactory, factory3); if ((element != null) && (factory5.SecurityProtocolFactory != null)) { factory5.SecurityProtocolFactory.ExtendedProtectionPolicy = element.GetProperty <ExtendedProtectionPolicy>(issuerBindingContext); } this.rstChannelFactory = factory5; this.messageVersion = factory5.MessageVersion; }
internal SymmetricSecurityProtocolFactory(MessageSecurityProtocolFactory factory) : base(factory) { }