public override XmlElement CreateWsspRsaTokenAssertion(RsaSecurityTokenParameters parameters)
{
XmlElement tokenAssertion = this.CreateWsspAssertion("KeyValueToken");
this.SetIncludeTokenValue(tokenAssertion, parameters.InclusionMode);
return(tokenAssertion);
}
protected virtual SecurityBindingElement ApplyMessageSecurity(SecurityBindingElement securityBindingElement)
{
if (securityBindingElement == null)
{
throw new ArgumentNullException(nameof(securityBindingElement));
}
if (TrustVersion.WSTrustFeb2005 == _trustVersion)
{
securityBindingElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
}
else
{
securityBindingElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
}
if (_enableRsaProofKeys)
{
RsaSecurityTokenParameters item = new RsaSecurityTokenParameters
{
InclusionMode = SecurityTokenInclusionMode.Never,
RequireDerivedKeys = false
};
securityBindingElement.OptionalEndpointSupportingTokenParameters.Endorsing.Add(item);
}
return(securityBindingElement);
}
public override XmlElement CreateWsspRsaTokenAssertion(RsaSecurityTokenParameters parameters)
{
XmlElement result = CreateWsspAssertion(KeyValueTokenName);
SetIncludeTokenValue(result, parameters.InclusionMode);
return(result);
}
public override bool TryImportWsspRsaTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters)
{
SecurityTokenInclusionMode mode;
Collection <Collection <XmlElement> > collection;
parameters = null;
if ((this.IsWsspAssertion(assertion, "KeyValueToken") && this.TryGetIncludeTokenValue(assertion, out mode)) && !this.TryGetNestedPolicyAlternatives(importer, assertion, out collection))
{
parameters = new RsaSecurityTokenParameters();
parameters.InclusionMode = mode;
}
return(parameters != null);
}
public override bool TryImportWsspRsaTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters)
{
parameters = null;
SecurityTokenInclusionMode inclusionMode;
Collection <Collection <XmlElement> > alternatives;
if (IsWsspAssertion(assertion, KeyValueTokenName) &&
TryGetIncludeTokenValue(assertion, out inclusionMode) &&
TryGetNestedPolicyAlternatives(importer, assertion, out alternatives) == false)
{
parameters = new RsaSecurityTokenParameters();
parameters.InclusionMode = inclusionMode;
}
return(parameters != null);
}
private static ServiceHost StartSTS(Type type, string stsLabel, Uri baseAddress, Uri baseMexAddress)
{
// Create the service host
Uri stsAddress = new Uri(baseAddress.AbsoluteUri + "/" + stsLabel);
ServiceHost serviceHost = new ServiceHost(type, stsAddress);
// Don't require derived keys for the issue method
ServiceEndpoint stsEndpoint = serviceHost.Description.Endpoints.Find(typeof(nl.telin.authep.sts.IWSTrustContract));
BindingElementCollection bindingElements = stsEndpoint.Binding.CreateBindingElements();
SecurityBindingElement sbe = bindingElements.Find <SecurityBindingElement>();
RsaSecurityTokenParameters rsaParams = new RsaSecurityTokenParameters();
rsaParams.InclusionMode = SecurityTokenInclusionMode.Never;
rsaParams.RequireDerivedKeys = false;
SupportingTokenParameters requirements = new SupportingTokenParameters();
requirements.Endorsing.Add(rsaParams);
sbe.OptionalOperationSupportingTokenParameters.Add(nl.telin.authep.sts.Constants.WSTrust.Actions.Issue, requirements);
stsEndpoint.Binding = new CustomBinding(bindingElements);
serviceHost.Credentials.ServiceCertificate.Certificate = SigningCertificate;
// Add an https mex listener
string mexAddress = baseMexAddress.AbsoluteUri + "/" + stsLabel + "/mex";
serviceHost.AddServiceEndpoint(ServiceMetadataBehavior.MexContractName, MetadataExchangeBindings.CreateMexHttpsBinding(), mexAddress);
// Disable CRL
serviceHost.Credentials.IssuedTokenAuthentication.RevocationMode = X509RevocationMode.NoCheck;
// Open the service
serviceHost.Open();
// Display the endpoints
foreach (ChannelDispatcher cd in serviceHost.ChannelDispatchers)
{
foreach (EndpointDispatcher ed in cd.Endpoints)
{
Console.WriteLine("Listener = {0}, State = {1}", ed.EndpointAddress.ToString(), cd.State.ToString());
}
}
return(serviceHost);
}
public void GetPropertySecurityCapabilities()
{
ISecurityCapabilities c;
RsaSecurityTokenParameters rsa =
new RsaSecurityTokenParameters();
UserNameSecurityTokenParameters user =
new UserNameSecurityTokenParameters();
X509SecurityTokenParameters x509 =
new X509SecurityTokenParameters();
SecureConversationSecurityTokenParameters sc1 =
new SecureConversationSecurityTokenParameters();
sc1.BootstrapSecurityBindingElement =
new SymmetricSecurityBindingElement(); // empty
SecureConversationSecurityTokenParameters sc2 =
new SecureConversationSecurityTokenParameters();
sc2.BootstrapSecurityBindingElement =
new SymmetricSecurityBindingElement(x509);
SecureConversationSecurityTokenParameters sc3 =
new SecureConversationSecurityTokenParameters();
sc3.BootstrapSecurityBindingElement =
new AsymmetricSecurityBindingElement(null, x509);
SecureConversationSecurityTokenParameters sc4 =
new SecureConversationSecurityTokenParameters();
sc4.BootstrapSecurityBindingElement =
new AsymmetricSecurityBindingElement(x509, null);
// no parameters
c = GetSecurityCapabilities(
new SymmetricSecurityBindingElement());
AssertSecurityCapabilities(
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
false, false, false, c, "#1");
// x509 parameters for both
c = GetSecurityCapabilities(
new SymmetricSecurityBindingElement(x509));
AssertSecurityCapabilities(
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
true, true, true, c, "#2");
// no initiator parameters
c = GetSecurityCapabilities(
new AsymmetricSecurityBindingElement(x509, null));
AssertSecurityCapabilities(
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
false, false, true, c, "#3");
// no recipient parameters
c = GetSecurityCapabilities(
new AsymmetricSecurityBindingElement(null, x509));
AssertSecurityCapabilities(
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
true, true, false, c, "#4");
// initiator does not support identity
c = GetSecurityCapabilities(
new AsymmetricSecurityBindingElement(x509, rsa));
AssertSecurityCapabilities(
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
true, false, true, c, "#5");
// recipient does not support server auth
c = GetSecurityCapabilities(
new AsymmetricSecurityBindingElement(user, x509));
AssertSecurityCapabilities(
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
true, true, false, c, "#6");
// secureconv with no symm. bootstrap params
c = GetSecurityCapabilities(
new SymmetricSecurityBindingElement(sc1));
AssertSecurityCapabilities(
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
false, false, false, c, "#7");
// secureconv with x509 symm. bootstrap params
c = GetSecurityCapabilities(
new SymmetricSecurityBindingElement(sc2));
AssertSecurityCapabilities(
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
true, true, true, c, "#8");
// secureconv with x509 initiator bootstrap params
c = GetSecurityCapabilities(
new SymmetricSecurityBindingElement(sc3));
AssertSecurityCapabilities(
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
true, true, false, c, "#9");
// secureconv with x509 recipient bootstrap params
c = GetSecurityCapabilities(
new SymmetricSecurityBindingElement(sc4));
AssertSecurityCapabilities(
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
false, false, true, c, "#10");
// FIXME: find out such cases that returns other ProtectionLevel values.
}
