public static MessagePartSpecification MessagePartSpecificationWsc() { // Liberty framework header var libertyFrameworkQualifiedName = new XmlQualifiedName(Common.Constants.LibBas.HeaderName, Common.Constants.LibBas.HeaderNameSpace); // WS-Addressing headers. This logic only checks if a given header is part of the signature. It does not fail if the header is not present. // Checking if a header is present is done in the message inspectors. // MessageID is not automatically set in the response by WCF. Hence, a custom check is necessary to ensure that it is present and is part of the signature. // Instead of only checking MessageID all WS-Addressing headers specified by [LIB-BAS] has been included ... just to be sure. // Required by [LIB-BAS] var wsAddressingMessageIdQualifiedName = new XmlQualifiedName(WsAdressing.WsAdressingMessageId, WsAdressing.WsAdressing10NameSpace); var wsAddressingActionQualifiedName = new XmlQualifiedName(WsAdressing.WsAdressingAction, WsAdressing.WsAdressing10NameSpace); var wsAddressingRelatesToQualifiedName = new XmlQualifiedName(WsAdressing.WsAdressingRelatesTo, WsAdressing.WsAdressing10NameSpace); var wsAddressingToQualifiedName = new XmlQualifiedName(WsAdressing.WsAdressingTo, WsAdressing.WsAdressing10NameSpace); // This one is optional according to [LIB-BAS] var part = new MessagePartSpecification(libertyFrameworkQualifiedName, wsAddressingMessageIdQualifiedName, wsAddressingActionQualifiedName, wsAddressingRelatesToQualifiedName, wsAddressingToQualifiedName); // Setting IsBodyIncluded to true ensures that the body is always signed. Required by [LIB-BAS] part.IsBodyIncluded = true; return(part); }
private void ImportProtectionAssertions(ICollection <XmlElement> assertions, out MessagePartSpecification signedParts, out MessagePartSpecification encryptedParts) { WSSecurityPolicy policy; signedParts = null; encryptedParts = null; if (WSSecurityPolicy.TryGetSecurityPolicyDriver(assertions, out policy)) { XmlElement element; if (!policy.TryImportWsspEncryptedPartsAssertion(assertions, out encryptedParts, out element) && (element != null)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("UnsupportedSecurityPolicyAssertion", new object[] { element.OuterXml }))); } if (!policy.TryImportWsspSignedPartsAssertion(assertions, out signedParts, out element) && (element != null)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("UnsupportedSecurityPolicyAssertion", new object[] { element.OuterXml }))); } } if (encryptedParts == null) { encryptedParts = MessagePartSpecification.NoParts; } if (signedParts == null) { signedParts = MessagePartSpecification.NoParts; } }
private ChannelProtectionRequirements GetProtectionRequirements() { if (!this.Transactions && (this.IssuedTokens == TransactionFlowOption.NotAllowed)) { return(null); } ChannelProtectionRequirements requirements = new ChannelProtectionRequirements(); if (this.Transactions) { MessagePartSpecification specification = new MessagePartSpecification(new XmlQualifiedName[] { new XmlQualifiedName("CoordinationContext", "http://schemas.xmlsoap.org/ws/2004/10/wscoor"), new XmlQualifiedName("CoordinationContext", "http://docs.oasis-open.org/ws-tx/wscoor/2006/06"), new XmlQualifiedName("OleTxTransaction", "http://schemas.microsoft.com/ws/2006/02/tx/oletx") }); specification.MakeReadOnly(); requirements.IncomingSignatureParts.AddParts(specification); requirements.OutgoingSignatureParts.AddParts(specification); requirements.IncomingEncryptionParts.AddParts(specification); requirements.OutgoingEncryptionParts.AddParts(specification); } if (this.IssuedTokens != TransactionFlowOption.NotAllowed) { MessagePartSpecification issuedTokenHeaderSpecification = GetIssuedTokenHeaderSpecification(SecurityStandardsManager.DefaultInstance); issuedTokenHeaderSpecification.MakeReadOnly(); requirements.IncomingSignatureParts.AddParts(issuedTokenHeaderSpecification); requirements.IncomingEncryptionParts.AddParts(issuedTokenHeaderSpecification); requirements.OutgoingSignatureParts.AddParts(issuedTokenHeaderSpecification); requirements.OutgoingEncryptionParts.AddParts(issuedTokenHeaderSpecification); } MessagePartSpecification parts = new MessagePartSpecification(true); parts.MakeReadOnly(); requirements.OutgoingSignatureParts.AddParts(parts, "http://schemas.microsoft.com/net/2005/12/windowscommunicationfoundation/transactions/fault"); requirements.OutgoingEncryptionParts.AddParts(parts, "http://schemas.microsoft.com/net/2005/12/windowscommunicationfoundation/transactions/fault"); return(requirements); }
public void AddBindingParameters(ServiceEndpoint endpoint, BindingParameterCollection bindingParameters) { ChannelProtectionRequirements requirements = bindingParameters.Find <ChannelProtectionRequirements>(); MessagePartSpecification part = new MessagePartSpecification(true); requirements.OutgoingSignatureParts.AddParts(part); }
private void AddParts(ref MessagePartSpecification parts1, MessagePartSpecification parts2) { if (parts1 == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("parts1")); } if (parts2 == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("parts2")); } if (!parts2.IsEmpty()) { if (parts1.IsReadOnly) { MessagePartSpecification p = new MessagePartSpecification(); p.Union(parts1); p.Union(parts2); parts1 = p; } else { parts1.Union(parts2); } } }
public void AddBindingParameters(ServiceEndpoint endpoint, System.ServiceModel.Channels.BindingParameterCollection bindingParameters) { // Sign only the header, but not the body. // This does not work. //endpoint.Contract.ProtectionLevel = System.Net.Security.ProtectionLevel.Sign; //foreach (OperationDescription operation in endpoint.Contract.Operations) //{ // MessageDescription requestMessage = operation.Messages.First(msg => msg.Direction == MessageDirection.Input); // foreach (MessagePartDescription body in requestMessage.Body.Parts) // { // body.ProtectionLevel = System.Net.Security.ProtectionLevel.None; // } //} bindingParameters.Remove <ChannelProtectionRequirements>(); var m = new MessagePartSpecification(); m.IsBodyIncluded = false; var c1 = new ChannelProtectionRequirements(); c1.IncomingSignatureParts.AddParts(m, "*"); MessagePartSpecification m1 = new MessagePartSpecification(); m.IsBodyIncluded = false; c1.IncomingEncryptionParts.AddParts(m1, "*"); bindingParameters.Add(c1); }
private void ImportProtectionAssertions(ICollection <XmlElement> assertions, out MessagePartSpecification signedParts, out MessagePartSpecification encryptedParts) { XmlElement assertion; signedParts = null; encryptedParts = null; WSSecurityPolicy securityPolicy; if (WSSecurityPolicy.TryGetSecurityPolicyDriver(assertions, out securityPolicy)) { if (!securityPolicy.TryImportWsspEncryptedPartsAssertion(assertions, out encryptedParts, out assertion) && assertion != null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(string.Format(SRServiceModel.UnsupportedSecurityPolicyAssertion, assertion.OuterXml))); } if (!securityPolicy.TryImportWsspSignedPartsAssertion(assertions, out signedParts, out assertion) && assertion != null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(string.Format(SRServiceModel.UnsupportedSecurityPolicyAssertion, assertion.OuterXml))); } } if (encryptedParts == null) { encryptedParts = MessagePartSpecification.NoParts; } if (signedParts == null) { signedParts = MessagePartSpecification.NoParts; } }
public void UnionReadOnlyPart() { MessagePartSpecification s = new MessagePartSpecification(); s.MakeReadOnly(); Assert.AreEqual(true, s.IsReadOnly, "#1"); s.Union(new MessagePartSpecification()); }
public void AddBindingParameters(ContractDescription contractDescription, ServiceEndpoint endpoint, BindingParameterCollection bindingParameters) { Console.WriteLine("add outgoing signature parts"); ChannelProtectionRequirements requirements = bindingParameters.Find <ChannelProtectionRequirements>(); MessagePartSpecification part = new MessagePartSpecification(true); requirements.OutgoingSignatureParts.AddParts(part); }
private void ApplySigningRequirements(ScopedMessagePartSpecification spec) { MessagePartSpecification parts = new MessagePartSpecification(new XmlQualifiedName[] { new XmlQualifiedName("PeerVia", "http://schemas.microsoft.com/net/2006/05/peer"), new XmlQualifiedName("FloodMessage", "http://schemas.microsoft.com/net/2006/05/peer"), new XmlQualifiedName("PeerTo", "http://schemas.microsoft.com/net/2006/05/peer"), new XmlQualifiedName("MessageID", "http://schemas.microsoft.com/net/2006/05/peer") }); foreach (string str in spec.Actions) { spec.AddParts(parts, str); } spec.AddParts(parts, "*"); }
private static ChannelProtectionRequirements GetProtectionRequirements(AddressingVersion addressingVersion) { PropertyInfo property = addressingVersion.GetType().GetProperty("SignedMessageParts", BindingFlags.Instance | BindingFlags.NonPublic); MessagePartSpecification value = (MessagePartSpecification)property.GetValue(addressingVersion, new object[0]); ChannelProtectionRequirements channelProtectionRequirement = new ChannelProtectionRequirements(); channelProtectionRequirement.IncomingSignatureParts.AddParts(value); channelProtectionRequirement.OutgoingSignatureParts.AddParts(value); return(channelProtectionRequirement); }
private ChannelProtectionRequirements GetProtectionRequirements() { ChannelProtectionRequirements requirements = new ChannelProtectionRequirements(); XmlQualifiedName name = new XmlQualifiedName(XD.UtilityDictionary.UniqueEndpointHeaderName.Value, XD.UtilityDictionary.UniqueEndpointHeaderNamespace.Value); MessagePartSpecification parts = new MessagePartSpecification(new XmlQualifiedName[] { name }); parts.MakeReadOnly(); requirements.IncomingSignatureParts.AddParts(parts); requirements.OutgoingSignatureParts.AddParts(parts); return(requirements); }
internal ChannelProtectionRequirements GetProtectionRequirements(AddressingVersion addressing, ProtectionLevel defaultProtectionLevel) { if (addressing == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(addressing)); } ChannelProtectionRequirements result = new ChannelProtectionRequirements(); ProtectionLevel supportedRequestProtectionLevel = GetIndividualProperty <ISecurityCapabilities>().SupportedRequestProtectionLevel; ProtectionLevel supportedResponseProtectionLevel = GetIndividualProperty <ISecurityCapabilities>().SupportedResponseProtectionLevel; bool canSupportMoreThanTheDefault = (ProtectionLevelHelper.IsStrongerOrEqual(supportedRequestProtectionLevel, defaultProtectionLevel) && ProtectionLevelHelper.IsStrongerOrEqual(supportedResponseProtectionLevel, defaultProtectionLevel)); if (canSupportMoreThanTheDefault) { MessagePartSpecification signedParts = new MessagePartSpecification(); MessagePartSpecification encryptedParts = new MessagePartSpecification(); if (defaultProtectionLevel != ProtectionLevel.None) { signedParts.IsBodyIncluded = true; if (defaultProtectionLevel == ProtectionLevel.EncryptAndSign) { encryptedParts.IsBodyIncluded = true; } } signedParts.MakeReadOnly(); encryptedParts.MakeReadOnly(); if (addressing.FaultAction != null) { // Addressing faults result.IncomingSignatureParts.AddParts(signedParts, addressing.FaultAction); result.OutgoingSignatureParts.AddParts(signedParts, addressing.FaultAction); result.IncomingEncryptionParts.AddParts(encryptedParts, addressing.FaultAction); result.OutgoingEncryptionParts.AddParts(encryptedParts, addressing.FaultAction); } if (addressing.DefaultFaultAction != null) { // Faults that do not specify a particular action result.IncomingSignatureParts.AddParts(signedParts, addressing.DefaultFaultAction); result.OutgoingSignatureParts.AddParts(signedParts, addressing.DefaultFaultAction); result.IncomingEncryptionParts.AddParts(encryptedParts, addressing.DefaultFaultAction); result.OutgoingEncryptionParts.AddParts(encryptedParts, addressing.DefaultFaultAction); } // Infrastructure faults result.IncomingSignatureParts.AddParts(signedParts, FaultCodeConstants.Actions.NetDispatcher); result.OutgoingSignatureParts.AddParts(signedParts, FaultCodeConstants.Actions.NetDispatcher); result.IncomingEncryptionParts.AddParts(encryptedParts, FaultCodeConstants.Actions.NetDispatcher); result.OutgoingEncryptionParts.AddParts(encryptedParts, FaultCodeConstants.Actions.NetDispatcher); } return(result); }
ChannelProtectionRequirements GetProtectionRequirements() { ChannelProtectionRequirements result = new ChannelProtectionRequirements(); XmlQualifiedName refPropHeaderName = new XmlQualifiedName(XD.UtilityDictionary.UniqueEndpointHeaderName.Value, XD.UtilityDictionary.UniqueEndpointHeaderNamespace.Value); MessagePartSpecification headerParts = new MessagePartSpecification(refPropHeaderName); headerParts.MakeReadOnly(); result.IncomingSignatureParts.AddParts(headerParts); result.OutgoingSignatureParts.AddParts(headerParts); return(result); }
public void DefaultValues() { MessagePartSpecification s = new MessagePartSpecification(); Assert.IsFalse(s.IsBodyIncluded, "#1"); Assert.AreEqual(0, s.HeaderTypes.Count, "#2"); s = new MessagePartSpecification(new XmlQualifiedName [] { new XmlQualifiedName("foo", "urn:foo") }); Assert.IsFalse(s.IsBodyIncluded, "#3"); Assert.AreEqual(1, s.HeaderTypes.Count, "#4"); }
public void AddBindingParameters(ServiceEndpoint endpoint, BindingParameterCollection bindingParameters) { //Find the old requirements and remove var requirements = bindingParameters.Find <ChannelProtectionRequirements>(); bindingParameters.Remove(requirements); //Setting the ProtectionLevel at the Service Contract if (ProtectionSetting == "None") { endpoint.Contract.ProtectionLevel = ProtectionLevel.None; } if (ProtectionSetting == "Sign") { endpoint.Contract.ProtectionLevel = ProtectionLevel.Sign; } if (ProtectionSetting == "EncryptAndSign") { endpoint.Contract.ProtectionLevel = ProtectionLevel.EncryptAndSign; } //create a new set of requirements requirements = new ChannelProtectionRequirements(); bindingParameters.Add(requirements); var unprotectedBody = new MessagePartSpecification(); var protectedBody = new MessagePartSpecification(true); switch (endpoint.Contract.ProtectionLevel) { case ProtectionLevel.None: requirements.OutgoingSignatureParts.AddParts(unprotectedBody, "*"); requirements.IncomingSignatureParts.AddParts(unprotectedBody, "*"); requirements.OutgoingEncryptionParts.AddParts(unprotectedBody, "*"); requirements.IncomingEncryptionParts.AddParts(unprotectedBody, "*"); break; case ProtectionLevel.Sign: requirements.OutgoingSignatureParts.AddParts(protectedBody, "*"); requirements.IncomingSignatureParts.AddParts(protectedBody, "*"); requirements.OutgoingEncryptionParts.AddParts(unprotectedBody, "*"); requirements.IncomingEncryptionParts.AddParts(unprotectedBody, "*"); break; case ProtectionLevel.EncryptAndSign: requirements.OutgoingSignatureParts.AddParts(protectedBody, "*"); requirements.IncomingSignatureParts.AddParts(protectedBody, "*"); requirements.OutgoingEncryptionParts.AddParts(protectedBody, "*"); requirements.IncomingEncryptionParts.AddParts(protectedBody, "*"); break; } }
private ChannelProtectionRequirements GetProtectionRequirements() { ChannelProtectionRequirements requirements = new ChannelProtectionRequirements(); MessagePartSpecification signedReliabilityMessageParts = WsrmIndex.GetSignedReliabilityMessageParts(this.reliableMessagingVersion); requirements.IncomingSignatureParts.AddParts(signedReliabilityMessageParts); requirements.OutgoingSignatureParts.AddParts(signedReliabilityMessageParts); if (this.reliableMessagingVersion == System.ServiceModel.ReliableMessagingVersion.WSReliableMessagingFebruary2005) { ScopedMessagePartSpecification signaturePart = requirements.IncomingSignatureParts; ScopedMessagePartSpecification encryptionPart = requirements.IncomingEncryptionParts; ProtectProtocolMessage(signaturePart, encryptionPart, "http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested"); ProtectProtocolMessage(signaturePart, encryptionPart, "http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence"); ProtectProtocolMessage(signaturePart, encryptionPart, "http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement"); ProtectProtocolMessage(signaturePart, encryptionPart, "http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage"); ProtectProtocolMessage(signaturePart, encryptionPart, "http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence"); signaturePart = requirements.OutgoingSignatureParts; encryptionPart = requirements.OutgoingEncryptionParts; ProtectProtocolMessage(signaturePart, encryptionPart, "http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse"); ProtectProtocolMessage(signaturePart, encryptionPart, "http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement"); ProtectProtocolMessage(signaturePart, encryptionPart, "http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage"); ProtectProtocolMessage(signaturePart, encryptionPart, "http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence"); return(requirements); } if (this.reliableMessagingVersion != System.ServiceModel.ReliableMessagingVersion.WSReliableMessaging11) { throw Fx.AssertAndThrow("Reliable messaging version not supported."); } ScopedMessagePartSpecification incomingSignatureParts = requirements.IncomingSignatureParts; ScopedMessagePartSpecification incomingEncryptionParts = requirements.IncomingEncryptionParts; ProtectProtocolMessage(incomingSignatureParts, incomingEncryptionParts, "http://docs.oasis-open.org/ws-rx/wsrm/200702/AckRequested"); ProtectProtocolMessage(incomingSignatureParts, incomingEncryptionParts, "http://docs.oasis-open.org/ws-rx/wsrm/200702/CloseSequence"); ProtectProtocolMessage(incomingSignatureParts, incomingEncryptionParts, "http://docs.oasis-open.org/ws-rx/wsrm/200702/CloseSequenceResponse"); ProtectProtocolMessage(incomingSignatureParts, incomingEncryptionParts, "http://docs.oasis-open.org/ws-rx/wsrm/200702/CreateSequence"); ProtectProtocolMessage(incomingSignatureParts, incomingEncryptionParts, "http://docs.oasis-open.org/ws-rx/wsrm/200702/fault"); ProtectProtocolMessage(incomingSignatureParts, incomingEncryptionParts, "http://docs.oasis-open.org/ws-rx/wsrm/200702/SequenceAcknowledgement"); ProtectProtocolMessage(incomingSignatureParts, incomingEncryptionParts, "http://docs.oasis-open.org/ws-rx/wsrm/200702/TerminateSequence"); ProtectProtocolMessage(incomingSignatureParts, incomingEncryptionParts, "http://docs.oasis-open.org/ws-rx/wsrm/200702/TerminateSequenceResponse"); incomingSignatureParts = requirements.OutgoingSignatureParts; incomingEncryptionParts = requirements.OutgoingEncryptionParts; ProtectProtocolMessage(incomingSignatureParts, incomingEncryptionParts, "http://docs.oasis-open.org/ws-rx/wsrm/200702/AckRequested"); ProtectProtocolMessage(incomingSignatureParts, incomingEncryptionParts, "http://docs.oasis-open.org/ws-rx/wsrm/200702/CloseSequence"); ProtectProtocolMessage(incomingSignatureParts, incomingEncryptionParts, "http://docs.oasis-open.org/ws-rx/wsrm/200702/CloseSequenceResponse"); ProtectProtocolMessage(incomingSignatureParts, incomingEncryptionParts, "http://docs.oasis-open.org/ws-rx/wsrm/200702/CreateSequenceResponse"); ProtectProtocolMessage(incomingSignatureParts, incomingEncryptionParts, "http://docs.oasis-open.org/ws-rx/wsrm/200702/fault"); ProtectProtocolMessage(incomingSignatureParts, incomingEncryptionParts, "http://docs.oasis-open.org/ws-rx/wsrm/200702/SequenceAcknowledgement"); ProtectProtocolMessage(incomingSignatureParts, incomingEncryptionParts, "http://docs.oasis-open.org/ws-rx/wsrm/200702/TerminateSequence"); ProtectProtocolMessage(incomingSignatureParts, incomingEncryptionParts, "http://docs.oasis-open.org/ws-rx/wsrm/200702/TerminateSequenceResponse"); return(requirements); }
void ApplySigningRequirements(ScopedMessagePartSpecification spec) { //following are the headers that we add and want signed. MessagePartSpecification partSpec = new MessagePartSpecification( new XmlQualifiedName(PeerStrings.Via, PeerStrings.Namespace), new XmlQualifiedName(PeerOperationNames.Flood, PeerStrings.Namespace), new XmlQualifiedName(PeerOperationNames.PeerTo, PeerStrings.Namespace), new XmlQualifiedName(PeerStrings.MessageId, PeerStrings.Namespace)); foreach (string action in spec.Actions) { spec.AddParts(partSpec, action); } spec.AddParts(partSpec, MessageHeaders.WildcardAction); }
internal static MessagePartSpecification GetIssuedTokenHeaderSpecification(SecurityStandardsManager standardsManager) { MessagePartSpecification result; if (standardsManager.TrustDriver.IsIssuedTokensSupported) { result = new MessagePartSpecification(new XmlQualifiedName(standardsManager.TrustDriver.IssuedTokensHeaderName, standardsManager.TrustDriver.IssuedTokensHeaderNamespace)); } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.TrustDriverVersionDoesNotSupportIssuedTokens))); } return(result); }
ChannelProtectionRequirements GetProtectionRequirements() { // Listing headers that must be signed. ChannelProtectionRequirements result = new ChannelProtectionRequirements(); MessagePartSpecification signedReliabilityMessageParts = MakeConnectionUtility.GetSignedReliabilityMessageParts(); result.IncomingSignatureParts.AddParts(signedReliabilityMessageParts); result.OutgoingSignatureParts.AddParts(signedReliabilityMessageParts); // From the Client to the Service ScopedMessagePartSpecification signaturePart = result.IncomingSignatureParts; ScopedMessagePartSpecification encryptionPart = result.IncomingEncryptionParts; ProtectProtocolMessage(signaturePart, encryptionPart, MakeConnectionConstants.MakeConnectionMessage.Action); return(result); }
public void AddBindingParameters(ServiceEndpoint endpoint, BindingParameterCollection bindingParameters) { var requirements = new ChannelProtectionRequirements(); var signatureProtectionSpecification = new MessagePartSpecification(_protectionLevel != ProtectionLevel.None); requirements.IncomingSignatureParts.AddParts(signatureProtectionSpecification, "*"); requirements.OutgoingSignatureParts.AddParts(signatureProtectionSpecification, "*"); var encryptionProtectionSpecification = new MessagePartSpecification(_protectionLevel == ProtectionLevel.EncryptAndSign); requirements.IncomingEncryptionParts.AddParts(encryptionProtectionSpecification, "*"); requirements.OutgoingEncryptionParts.AddParts(encryptionProtectionSpecification, "*"); bindingParameters.Remove <ChannelProtectionRequirements>(); bindingParameters.Add(requirements); endpoint.Contract.ProtectionLevel = _protectionLevel; }
public void AddBindingParameters(ServiceEndpoint endpoint, System.ServiceModel.Channels.BindingParameterCollection bindingParameters) { var proReq = bindingParameters.Remove <ChannelProtectionRequirements>(); proReq = new ChannelProtectionRequirements(); MessagePartSpecification unProtectedSpec = new MessagePartSpecification(); MessagePartSpecification protectedSpec = new MessagePartSpecification(true); // I'm setting same protection level for all the actions. // You could specify different protection level per action, if required. // Also note, I haven't implemented any support for custom SOAP headers. // However that can easily be added using the same mechansim. switch (level) { case ProtectionLevel.None: proReq.OutgoingSignatureParts.AddParts(unProtectedSpec, "*"); proReq.IncomingSignatureParts.AddParts(unProtectedSpec, "*"); proReq.OutgoingEncryptionParts.AddParts(unProtectedSpec, "*"); proReq.IncomingEncryptionParts.AddParts(unProtectedSpec, "*"); break; case ProtectionLevel.Sign: proReq.OutgoingSignatureParts.AddParts(protectedSpec, "*"); proReq.IncomingSignatureParts.AddParts(protectedSpec, "*"); proReq.OutgoingEncryptionParts.AddParts(unProtectedSpec, "*"); proReq.IncomingEncryptionParts.AddParts(unProtectedSpec, "*"); break; case ProtectionLevel.EncryptAndSign: proReq.OutgoingSignatureParts.AddParts(protectedSpec, "*"); proReq.IncomingSignatureParts.AddParts(protectedSpec, "*"); proReq.OutgoingEncryptionParts.AddParts(protectedSpec, "*"); proReq.IncomingEncryptionParts.AddParts(protectedSpec, "*"); break; } // Add our protection requirement for this endpoint into the binding params. bindingParameters.Add(proReq); }
private AddressingVersion(string ns, XmlDictionaryString dictionaryNs, string toStringFormat, MessagePartSpecification signedMessageParts, string anonymous, XmlDictionaryString dictionaryAnonymous, string none, string faultAction, string defaultFaultAction) { this.ns = ns; this.dictionaryNs = dictionaryNs; this.toStringFormat = toStringFormat; this.signedMessageParts = signedMessageParts; this.anonymous = anonymous; this.dictionaryAnonymous = dictionaryAnonymous; if (anonymous != null) { this.anonymousUri = new Uri(anonymous); } if (none != null) { this.noneUri = new Uri(none); } this.faultAction = faultAction; this.defaultFaultAction = defaultFaultAction; }
public void Union() { XmlQualifiedName q1, q2, q3; q1 = new XmlQualifiedName("foo"); q2 = new XmlQualifiedName("bar"); q3 = new XmlQualifiedName("baz"); MessagePartSpecification p1 = new MessagePartSpecification(false, new XmlQualifiedName [] { q1, q2 }); MessagePartSpecification p2 = new MessagePartSpecification(true, new XmlQualifiedName [] { q3, q2 }); p1.Union(p2); Assert.IsTrue(p1.IsBodyIncluded, "#1"); // Sigh. It does not exclude duplicates. Assert.AreEqual(4, p1.HeaderTypes.Count, "#1-2"); Assert.IsTrue(p1.HeaderTypes.Contains(q1), "#2"); Assert.IsTrue(p1.HeaderTypes.Contains(q2), "#3"); Assert.IsTrue(p1.HeaderTypes.Contains(q3), "#4"); }
public static MessagePartSpecification MessagePartSpecificationWsp() { // WS-Addressing headers. This logic only checks if a given header is part of the signature. It does not fail if the header is not present. // This is just an extra insanity check on top of WCF after realizing that MessageId header was not automatically included in the response from WSP. // Instead of only checking MessageID all WS-Addressing headers specified by [OIO IDWS SOAP 1.1] has been included ... just to be sure. // Required by [OIO IDWS SOAP 1.1] var wsAddressingMessageIdQualifiedName = new XmlQualifiedName(WsAdressing.WsAdressingMessageId, WsAdressing.WsAdressing10NameSpace); var wsAddressingToQualifiedName = new XmlQualifiedName(WsAdressing.WsAdressingTo, WsAdressing.WsAdressing10NameSpace); // This one is optional according to [OIO IDWS SOAP 1.1] var part = new MessagePartSpecification( wsAddressingMessageIdQualifiedName, wsAddressingToQualifiedName ); // Setting IsBodyIncluded to true ensures that the body is always signed. Required by [OIO IDWS SOAP 1.1] part.IsBodyIncluded = true; return(part); }
internal static ChannelProtectionRequirements GetChannelProtectionRequirements(ProtectionLevel protectionLevel) { ChannelProtectionRequirements result; if (protectionLevel == ProtectionLevel.EncryptAndSign) { if (encryptAndSignChannelProtectionRequirements == null) { MessagePartSpecification header = new MessagePartSpecification(); header.HeaderTypes.Add(new XmlQualifiedName(CallbackContextHeaderName, CallbackContextHeaderNamespace)); ChannelProtectionRequirements requirements = new ChannelProtectionRequirements(); requirements.IncomingSignatureParts.AddParts(header); requirements.IncomingEncryptionParts.AddParts(header); requirements.OutgoingSignatureParts.AddParts(header); requirements.OutgoingEncryptionParts.AddParts(header); requirements.MakeReadOnly(); encryptAndSignChannelProtectionRequirements = requirements; } result = encryptAndSignChannelProtectionRequirements; } else if (protectionLevel == ProtectionLevel.Sign) { if (signChannelProtectionRequirements == null) { MessagePartSpecification header = new MessagePartSpecification(); header.HeaderTypes.Add(new XmlQualifiedName(CallbackContextHeaderName, CallbackContextHeaderNamespace)); ChannelProtectionRequirements requirements = new ChannelProtectionRequirements(); requirements.IncomingSignatureParts.AddParts(header); requirements.OutgoingSignatureParts.AddParts(header); requirements.MakeReadOnly(); signChannelProtectionRequirements = requirements; } result = signChannelProtectionRequirements; } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("protectionLevel")); } return(result); }
/// <summary> /// Adds the requirement telling WCF to encrypt the body of RM messages /// </summary> private void AddProtectionRequirements(BindingParameterCollection bindingParameters) { logging.WCFLogger.Write(System.Diagnostics.TraceEventType.Start, "Custom header signing behavior adding protection requirements"); // Get the protection requirements for the binding ChannelProtectionRequirements cpr = bindingParameters.Find <ChannelProtectionRequirements>(); // If there were no requirements since before, create them if (cpr == null) { cpr = new ChannelProtectionRequirements(); bindingParameters.Add(cpr); } // Select the headers to be affected by this behavior MessagePartSpecification headerMessagePart = new MessagePartSpecification(_headers.ToArray()); headerMessagePart.MakeReadOnly(); ChannelProtectionRequirements newCpr = new ChannelProtectionRequirements(); // Specify each header to be signed foreach (string action in actionsToWhichThisBehaviorApplies) { newCpr.IncomingSignatureParts.AddParts(headerMessagePart, action); newCpr.OutgoingSignatureParts.AddParts(headerMessagePart, action); } newCpr.MakeReadOnly(); cpr.Add(newCpr); // Tracing foreach (XmlQualifiedName name in _headers) { logging.WCFLogger.Write(System.Diagnostics.TraceEventType.Information, "Header '" + name + "' added for signing"); } logging.WCFLogger.Write(System.Diagnostics.TraceEventType.Stop, "Custom header signing behavior finished adding protection requirements"); }
ChannelProtectionRequirements GetProtectionRequirements() { if (this.Transactions || (this.IssuedTokens != TransactionFlowOption.NotAllowed)) { ChannelProtectionRequirements requirements = new ChannelProtectionRequirements(); if (this.Transactions) { MessagePartSpecification p = new MessagePartSpecification( new XmlQualifiedName(CoordinationExternalStrings.CoordinationContext, CoordinationExternal10Strings.Namespace), new XmlQualifiedName(CoordinationExternalStrings.CoordinationContext, CoordinationExternal11Strings.Namespace), new XmlQualifiedName(OleTxTransactionExternalStrings.OleTxTransaction, OleTxTransactionExternalStrings.Namespace)); p.MakeReadOnly(); requirements.IncomingSignatureParts.AddParts(p); requirements.OutgoingSignatureParts.AddParts(p); requirements.IncomingEncryptionParts.AddParts(p); requirements.OutgoingEncryptionParts.AddParts(p); } if (this.IssuedTokens != TransactionFlowOption.NotAllowed) { MessagePartSpecification trustParts = GetIssuedTokenHeaderSpecification(SecurityStandardsManager.DefaultInstance); trustParts.MakeReadOnly(); requirements.IncomingSignatureParts.AddParts(trustParts); requirements.IncomingEncryptionParts.AddParts(trustParts); requirements.OutgoingSignatureParts.AddParts(trustParts); requirements.OutgoingEncryptionParts.AddParts(trustParts); } MessagePartSpecification body = new MessagePartSpecification(true); body.MakeReadOnly(); requirements.OutgoingSignatureParts.AddParts(body, FaultCodeConstants.Actions.Transactions); requirements.OutgoingEncryptionParts.AddParts(body, FaultCodeConstants.Actions.Transactions); return(requirements); } else { return(null); } }
private AddressingVersion(string ns, XmlDictionaryString dictionaryNs, string toStringFormat, MessagePartSpecification signedMessageParts, string anonymous, XmlDictionaryString dictionaryAnonymous, string none, string faultAction, string defaultFaultAction) { Namespace = ns; DictionaryNamespace = dictionaryNs; _toStringFormat = toStringFormat; SignedMessageParts = signedMessageParts; Anonymous = anonymous; DictionaryAnonymous = dictionaryAnonymous; if (anonymous != null) { AnonymousUri = new Uri(anonymous); } if (none != null) { _noneUri = new Uri(none); } FaultAction = faultAction; _defaultFaultAction = defaultFaultAction; }
public static ChannelProtectionRequirements GetChannelProtectionRequirements(ProtectionLevel protectionLevel) { MessagePartSpecification messagePartSpecification = new MessagePartSpecification(true); MessagePartSpecification messagePartSpecification1 = new MessagePartSpecification(); ChannelProtectionRequirements channelProtectionRequirement = new ChannelProtectionRequirements(); switch (protectionLevel) { case ProtectionLevel.None: { channelProtectionRequirement.IncomingSignatureParts.AddParts(messagePartSpecification1, "*"); channelProtectionRequirement.OutgoingSignatureParts.AddParts(messagePartSpecification1, "*"); channelProtectionRequirement.IncomingEncryptionParts.AddParts(messagePartSpecification1, "*"); channelProtectionRequirement.OutgoingEncryptionParts.AddParts(messagePartSpecification1, "*"); break; } case ProtectionLevel.Sign: { channelProtectionRequirement.IncomingSignatureParts.AddParts(messagePartSpecification, "*"); channelProtectionRequirement.OutgoingSignatureParts.AddParts(messagePartSpecification, "*"); channelProtectionRequirement.IncomingEncryptionParts.AddParts(messagePartSpecification1, "*"); channelProtectionRequirement.OutgoingEncryptionParts.AddParts(messagePartSpecification1, "*"); break; } case ProtectionLevel.EncryptAndSign: { channelProtectionRequirement.IncomingSignatureParts.AddParts(messagePartSpecification, "*"); channelProtectionRequirement.OutgoingSignatureParts.AddParts(messagePartSpecification, "*"); channelProtectionRequirement.IncomingEncryptionParts.AddParts(messagePartSpecification, "*"); channelProtectionRequirement.OutgoingEncryptionParts.AddParts(messagePartSpecification, "*"); break; } } return(channelProtectionRequirement); }