public static SecurityBindingElement BuildMessageSecurity(MessageSecurityType securityType)
{
if (securityType == MessageSecurityType.CertificateOverTransport)
{
TransportSecurityBindingElement messageSecurity = SecurityBindingElement.CreateCertificateOverTransportBindingElement(
MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11);
messageSecurity.IncludeTimestamp = true;
return(messageSecurity);
}
else if (securityType == MessageSecurityType.MutualCertificate)
{
SecurityBindingElement messageSecurity = SecurityBindingElement.CreateMutualCertificateBindingElement(
MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10, true);
messageSecurity.DefaultAlgorithmSuite = System.ServiceModel.Security.SecurityAlgorithmSuite.Basic128Rsa15;
messageSecurity.IncludeTimestamp = true;
return(messageSecurity);
}
else if (securityType == MessageSecurityType.None)
{
return(null);
}
else if (securityType == MessageSecurityType.UserNameOverTransport)
{
TransportSecurityBindingElement messageSecurity = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
messageSecurity.IncludeTimestamp = false;
messageSecurity.EnableUnsecuredResponse = true;
messageSecurity.DefaultAlgorithmSuite = System.ServiceModel.Security.Basic256SecurityAlgorithmSuite.Basic256;
messageSecurity.SetKeyDerivation(false);
messageSecurity.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
return(messageSecurity);
}
return(SecurityBindingElement.CreateSslNegotiationBindingElement(false));
}
internal SecurityBindingElement CreateMessageSecurity(bool isSecureTransportMode)
{
SecurityBindingElement element;
if (isSecureTransportMode)
{
MessageSecurityVersion version = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
switch (this.clientCredentialType)
{
case BasicHttpMessageCredentialType.UserName:
element = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
element.MessageSecurityVersion = version;
goto Label_0077;
case BasicHttpMessageCredentialType.Certificate:
element = SecurityBindingElement.CreateCertificateOverTransportBindingElement(version);
goto Label_0077;
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
if (this.clientCredentialType != BasicHttpMessageCredentialType.Certificate)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("BasicHttpMessageSecurityRequiresCertificate")));
}
element = SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10, true);
Label_0077:
element.DefaultAlgorithmSuite = this.AlgorithmSuite;
element.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
element.SetKeyDerivation(false);
element.DoNotEmitTrust = true;
return(element);
}
SecurityBindingElement CreateSecurityBindingElement()
{
SecurityBindingElement element;
switch (Security.Mode)
{
case BasicHttpSecurityMode.Message:
if (Security.Message.ClientCredentialType != BasicHttpMessageCredentialType.Certificate)
{
throw new InvalidOperationException("When Message security is enabled in a BasicHttpBinding, the message security credential type must be BasicHttpMessageCredentialType.Certificate.");
}
element = SecurityBindingElement.CreateMutualCertificateBindingElement(
MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
break;
case BasicHttpSecurityMode.TransportWithMessageCredential:
if (Security.Message.ClientCredentialType != BasicHttpMessageCredentialType.Certificate)
{
// FIXME: pass proper security token parameters.
element = SecurityBindingElement.CreateCertificateOverTransportBindingElement();
}
else
{
element = new AsymmetricSecurityBindingElement();
}
break;
default:
return(null);
}
element.SetKeyDerivation(false);
element.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
return(element);
}
SecurityBindingElement CreateSecurityBindingElement()
{
SecurityBindingElement element;
switch (Security.Mode)
{
case BasicHttpsSecurityMode.TransportWithMessageCredential:
#if NET_2_1
throw new NotImplementedException();
#else
if (Security.Message.ClientCredentialType != BasicHttpMessageCredentialType.Certificate)
{
// FIXME: pass proper security token parameters.
element = SecurityBindingElement.CreateCertificateOverTransportBindingElement();
}
else
{
element = new AsymmetricSecurityBindingElement();
}
break;
#endif
default:
return(null);
}
#if !NET_2_1
element.SetKeyDerivation(false);
element.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
#endif
return(element);
}
private static SecurityBindingElement CreateSecurityBindingElement()
{
var result = SecurityBindingElement.CreateCertificateOverTransportBindingElement();
result.MessageSecurityVersion =
MessageSecurityVersion
.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
return(result);
}
public HentPersonerResponse Execute(string[] personalNumber)
{
Thread.CurrentThread.CurrentUICulture = new CultureInfo("en-US");
EndpointIdentity identity = EndpointIdentity.CreateDnsIdentity("trustedserviceowner.somedomain.no");
var serviceEndpoint = new EndpointAddress(new Uri("https://kontaktinfo-ws-ver2.difi.no/kontaktinfo-external/ws-v3"), identity);
var binding = new CustomBinding();
var securityBinding = SecurityBindingElement.CreateCertificateOverTransportBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
securityBinding.IncludeTimestamp = true;
securityBinding.AllowInsecureTransport = true;
binding.Elements.Add(securityBinding);
binding.Elements.Add(new TextMessageEncodingBindingElement()
{
MessageVersion = MessageVersion.Soap11
});
binding.Elements.Add(new HttpsTransportBindingElement());
using (var factory =
new ChannelFactory <oppslagstjeneste1405Channel>(binding, serviceEndpoint))
{
var credentials = new MyClientCredentials();
SetupCertificates(credentials);
factory.Endpoint.Behaviors.Remove(typeof(ClientCredentials));
factory.Endpoint.Behaviors.Add(credentials);
var channel = factory.CreateChannel();
try
{
var forespoersel = new HentPersonerForespoersel();
forespoersel.informasjonsbehov = new informasjonsbehov[1];
forespoersel.informasjonsbehov[0] = informasjonsbehov.Kontaktinfo;
forespoersel.personidentifikator = new string[personalNumber.Length];
for (var index = 0; index < personalNumber.Length; index++)
{
forespoersel.personidentifikator[index] = personalNumber[index];
}
var request = new HentPersonerRequest(forespoersel);
var response = channel.HentPersoner(request);
channel.Close();
return(response);
}
catch
{
channel.Abort();
throw;
}
}
}
internal SecurityBindingElement CreateSecurityBindingElement(bool isSecureTransportMode, bool isReliableSession, BindingElement transportBindingElement)
{
SecurityBindingElement result;
SecurityBindingElement oneShotSecurity;
if (isSecureTransportMode)
{
switch (_clientCredentialType)
{
case MessageCredentialType.None:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.ClientCredentialTypeMustBeSpecifiedForMixedMode));
case MessageCredentialType.UserName:
oneShotSecurity = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
break;
case MessageCredentialType.Certificate:
oneShotSecurity = SecurityBindingElement.CreateCertificateOverTransportBindingElement();
break;
case MessageCredentialType.Windows:
throw ExceptionHelper.PlatformNotSupported($"{nameof(MessageCredentialType)}.{nameof(MessageCredentialType.Windows)}");
case MessageCredentialType.IssuedToken:
throw ExceptionHelper.PlatformNotSupported($"{nameof(MessageCredentialType)}.{nameof(MessageCredentialType.IssuedToken)}");
default:
Fx.Assert("unknown ClientCredentialType");
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
result = SecurityBindingElement.CreateSecureConversationBindingElement(oneShotSecurity);
}
else
{
throw ExceptionHelper.PlatformNotSupported();
}
// set the algorithm suite and issued token params if required
result.DefaultAlgorithmSuite = oneShotSecurity.DefaultAlgorithmSuite = this.AlgorithmSuite;
result.IncludeTimestamp = true;
if (!isReliableSession)
{
result.LocalClientSettings.ReconnectTransportOnFailure = false;
}
else
{
throw ExceptionHelper.PlatformNotSupported();
}
// since a session is always bootstrapped, configure the transition sct to live for a short time only
result.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11;
oneShotSecurity.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11;
return(result);
}
public static Binding CreateCertificateOverTransportBinding()
{
BindingElementCollection bec = new BindingElementCollection();
bec.Add(SecurityBindingElement.
CreateCertificateOverTransportBindingElement());
bec.Add(new TextMessageEncodingBindingElement());
bec.Add(new HttpsTransportBindingElement());
return(new CustomBinding(bec));
}
protected override SecurityBindingElement CreateSecurityBindingElement()
{
if (SecurityMode.Message == base.SecurityMode)
{
return(SecurityBindingElement.CreateMutualCertificateBindingElement());
}
if (SecurityMode.TransportWithMessageCredential == base.SecurityMode)
{
return(SecurityBindingElement.CreateCertificateOverTransportBindingElement());
}
return(null);
}
internal SecurityBindingElement CreateMessageSecurity(bool isSecureTransportMode)
{
SecurityBindingElement algorithmSuite;
if (!isSecureTransportMode)
{
if (this.clientCredentialType != BasicHttpMessageCredentialType.Certificate)
{
throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(Microsoft.ServiceBus.SR.GetString(Resources.BasicHttpMessageSecurityRequiresCertificate, new object[0])));
}
algorithmSuite = SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10, true);
}
else
{
MessageSecurityVersion wSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10 = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
switch (this.clientCredentialType)
{
case BasicHttpMessageCredentialType.UserName:
{
algorithmSuite = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
algorithmSuite.MessageSecurityVersion = wSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
algorithmSuite.DefaultAlgorithmSuite = this.AlgorithmSuite;
algorithmSuite.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
algorithmSuite.SetKeyDerivation(false);
InvokeHelper.InvokeInstanceSet(algorithmSuite.GetType(), algorithmSuite, "DoNotEmitTrust", true);
return(algorithmSuite);
}
case BasicHttpMessageCredentialType.Certificate:
{
algorithmSuite = SecurityBindingElement.CreateCertificateOverTransportBindingElement(wSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
algorithmSuite.DefaultAlgorithmSuite = this.AlgorithmSuite;
algorithmSuite.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
algorithmSuite.SetKeyDerivation(false);
InvokeHelper.InvokeInstanceSet(algorithmSuite.GetType(), algorithmSuite, "DoNotEmitTrust", true);
return(algorithmSuite);
}
}
Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.DebugAssert("Unsupported basic http message credential type");
throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
algorithmSuite.DefaultAlgorithmSuite = this.AlgorithmSuite;
algorithmSuite.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
algorithmSuite.SetKeyDerivation(false);
InvokeHelper.InvokeInstanceSet(algorithmSuite.GetType(), algorithmSuite, "DoNotEmitTrust", true);
return(algorithmSuite);
}
private CustomBinding CreateCustomBinding()
{
var binding = new CustomBinding();
var securityBinding =
SecurityBindingElement.CreateCertificateOverTransportBindingElement(
MessageSecurityVersion
.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
securityBinding.IncludeTimestamp = true;
securityBinding.AllowInsecureTransport = true;
securityBinding.EnableUnsecuredResponse = true;
binding.Elements.Add(securityBinding);
binding.Elements.Add(new CustomTextMessageBindingElement(_difiGatewaySettings));
var httpsTransportBinding = new HttpsTransportBindingElement();
httpsTransportBinding.MaxReceivedMessageSize = Int32.MaxValue;
binding.Elements.Add(httpsTransportBinding);
return(binding);
}
CreateBindingElements()
{
var list = new List <BindingElement> ();
switch (Security.Mode)
{
#if !NET_2_1
case BasicHttpSecurityMode.Message:
if (Security.Message.ClientCredentialType != BasicHttpMessageCredentialType.Certificate)
{
throw new InvalidOperationException("When Message security is enabled in a BasicHttpBinding, the message security credential type must be BasicHttpMessageCredentialType.Certificate.");
}
goto case BasicHttpSecurityMode.TransportWithMessageCredential;
case BasicHttpSecurityMode.TransportWithMessageCredential:
SecurityBindingElement sec;
if (Security.Message.ClientCredentialType != BasicHttpMessageCredentialType.Certificate)
{
// FIXME: pass proper security token parameters.
sec = SecurityBindingElement.CreateCertificateOverTransportBindingElement();
}
else
{
sec = new AsymmetricSecurityBindingElement();
}
list.Add(sec);
break;
#endif
}
#if NET_2_1
if (EnableHttpCookieContainer)
{
list.Add(new HttpCookieContainerBindingElement());
}
#endif
list.Add(BuildMessageEncodingBindingElement());
list.Add(GetTransport());
return(new BindingElementCollection(list.ToArray()));
}
protected override SecurityBindingElement CreateSecurityBindingElement()
{
if (SecurityMode.Message == base.SecurityMode)
{
return(SecurityBindingElement.CreateCertificateSignatureBindingElement());
}
if (SecurityMode.Transport == base.SecurityMode)
{
//return SecurityBindingElement.CreateUserNameOverTransportBindingElement();
return(SecurityBindingElement.CreateCertificateOverTransportBindingElement());
}
if (SecurityMode.TransportWithMessageCredential == base.SecurityMode)
{
return(SecurityBindingElement.CreateCertificateOverTransportBindingElement());
}
return(null);
}
SecurityBindingElement CreateSecurityBindingElement()
{
SecurityBindingElement element;
switch (Security.Mode)
{
case BasicHttpSecurityMode.Message:
#if NET_2_1 || XAMMAC_4_5
throw new NotImplementedException();
#else
if (Security.Message.ClientCredentialType != BasicHttpMessageCredentialType.Certificate)
{
throw new InvalidOperationException("When Message security is enabled in a BasicHttpBinding, the message security credential type must be BasicHttpMessageCredentialType.Certificate.");
}
element = SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
break;
#endif
case BasicHttpSecurityMode.TransportWithMessageCredential:
#if NET_2_1 || XAMMAC_4_5
throw new NotImplementedException();
#else
if (Security.Message.ClientCredentialType != BasicHttpMessageCredentialType.Certificate)
{
element = SecurityBindingElement.CreateCertificateOverTransportBindingElement();
}
else
{
element = new AsymmetricSecurityBindingElement();
}
break;
#endif
default:
return(null);
}
#if !NET_2_1 && !XAMMAC_4_5
element.SetKeyDerivation(false);
element.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
#endif
return(element);
}
// if any changes are made to this method, please reflect them in the corresponding TryCrete() method
internal SecurityBindingElement CreateMessageSecurity(bool isSecureTransportMode)
{
SecurityBindingElement result;
if (isSecureTransportMode)
{
MessageSecurityVersion version = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
switch (_clientCredentialType)
{
case BasicHttpMessageCredentialType.Certificate:
result = SecurityBindingElement.CreateCertificateOverTransportBindingElement(version);
break;
case BasicHttpMessageCredentialType.UserName:
result = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
result.MessageSecurityVersion = version;
break;
default:
Fx.Assert("Unsupported basic http message credential type");
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.Format(SR.UnsupportedSecuritySetting, "Mode", BasicHttpSecurityMode.Message)));
//if (_clientCredentialType != BasicHttpMessageCredentialType.Certificate)
//{
// throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.BasicHttpMessageSecurityRequiresCertificate)));
//}
//result = SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10, true);
}
result.DefaultAlgorithmSuite = AlgorithmSuite;
result.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
result.SetKeyDerivation(false);
// result.DoNotEmitTrust = true;
return(result);
}
public SecurityBindingElement CreateSecurityBindingElement(bool isSecureTransportMode, bool isReliableSession, BindingElement transportBindingElement)
{
SecurityBindingElement result;
SecurityBindingElement oneShotSecurity;
if (isSecureTransportMode)
{
switch (_clientCredentialType)
{
case MessageCredentialType.None:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.ClientCredentialTypeMustBeSpecifiedForMixedMode)));
case MessageCredentialType.UserName:
oneShotSecurity = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
break;
case MessageCredentialType.Certificate:
oneShotSecurity = SecurityBindingElement.CreateCertificateOverTransportBindingElement();
break;
case MessageCredentialType.Windows:
oneShotSecurity = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement(true);
break;
case MessageCredentialType.IssuedToken:
throw new NotImplementedException();
// oneShotSecurity = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(), this.algorithmSuite));
default:
Fx.Assert("unknown ClientCredentialType");
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
result = SecurityBindingElement.CreateSecureConversationBindingElement(oneShotSecurity);
}
else
{
throw new NotSupportedException();
/* switch (this.clientCredentialType)
* {
* case MessageCredentialType.None:
* oneShotSecurity = SecurityBindingElement.CreateSslNegotiationBindingElement(false, true);
* break;
* case MessageCredentialType.UserName:
* // require cancellation so that impersonation is possible
* oneShotSecurity = SecurityBindingElement.CreateUserNameForSslBindingElement(true);
* break;
* case MessageCredentialType.Certificate:
* oneShotSecurity = SecurityBindingElement.CreateSslNegotiationBindingElement(true, true);
* break;
* case MessageCredentialType.Windows:
* // require cancellation so that impersonation is possible
* oneShotSecurity = SecurityBindingElement.CreateSspiNegotiationBindingElement(true);
* break;
* case MessageCredentialType.IssuedToken:
* oneShotSecurity = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(), this.algorithmSuite), true);
* break;
* default:
* Fx.Assert("unknown ClientCredentialType");
* throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
* }
* result = SecurityBindingElement.CreateSecureConversationBindingElement(oneShotSecurity, true);*/
}
// set the algorithm suite and issued token params if required
result.DefaultAlgorithmSuite = oneShotSecurity.DefaultAlgorithmSuite = AlgorithmSuite;
result.IncludeTimestamp = true;
if (!isReliableSession)
{
result.LocalServiceSettings.ReconnectTransportOnFailure = false;
}
else
{
result.LocalServiceSettings.ReconnectTransportOnFailure = true;
}
// since a session is always bootstrapped, configure the transition sct to live for a short time only
oneShotSecurity.LocalServiceSettings.IssuedCookieLifetime = TimeSpan.Parse(DefaultServerIssuedTransitionTokenLifetimeString, CultureInfo.InvariantCulture);
result.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11;
oneShotSecurity.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11;
return(result);
}
internal SecurityBindingElement CreateSecurityBindingElement(bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version)
{
if (isReliableSession)
{
throw ExceptionHelper.PlatformNotSupported(); // Reliable sessions
}
SecurityBindingElement result;
SecurityBindingElement oneShotSecurity;
bool isKerberosSelected = false;
//bool emitBspAttributes = true;
if (isSecureTransportMode)
{
switch (_clientCredentialType)
{
case MessageCredentialType.None:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.ClientCredentialTypeMustBeSpecifiedForMixedMode));
case MessageCredentialType.UserName:
oneShotSecurity = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
break;
case MessageCredentialType.Certificate:
oneShotSecurity = SecurityBindingElement.CreateCertificateOverTransportBindingElement();
break;
case MessageCredentialType.Windows:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
case MessageCredentialType.IssuedToken:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
default:
Fx.Assert("unknown ClientCredentialType");
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
if (IsSecureConversationEnabled())
{
result = SecurityBindingElement.CreateSecureConversationBindingElement(oneShotSecurity, true);
}
else
{
result = oneShotSecurity;
}
}
else
{
throw ExceptionHelper.PlatformNotSupported();
}
// set the algorithm suite and issued token params if required
if (_wasAlgorithmSuiteSet || (!isKerberosSelected))
{
result.DefaultAlgorithmSuite = oneShotSecurity.DefaultAlgorithmSuite = AlgorithmSuite;
}
else if (isKerberosSelected)
{
throw ExceptionHelper.PlatformNotSupported();
}
result.IncludeTimestamp = true;
oneShotSecurity.MessageSecurityVersion = version;
result.MessageSecurityVersion = version;
if (!isReliableSession)
{
result.LocalClientSettings.ReconnectTransportOnFailure = false;
}
else
{
result.LocalClientSettings.ReconnectTransportOnFailure = true;
}
return(result);
}
/// <summary>
/// Creates a custom binding based on an example generated from svcutil.exe
/// </summary>
/// <param name="exeConfigPath"></param>
/// <returns></returns>
/// <remarks>
/// https://msdn.microsoft.com/en-us/library/ms731690(v=vs.110).aspx
/// </remarks>
public static List <CustomBinding> GetCustomBindings(string exeConfigPath)
{
if (string.IsNullOrWhiteSpace(exeConfigPath))
{
return(null);
}
var svcSection = Read.Config.ExeConfig.GetServiceModelSection(exeConfigPath);
var configs = new List <CustomBinding>();
foreach (var section in svcSection.Bindings.CustomBinding.ConfiguredBindings.Cast <CustomBindingElement>())
{
var binding = new CustomBinding
{
Name = section.Name,
};
var cfgSecurity = section[0] as SecurityElement;
if (cfgSecurity == null)
{
configs.Add(binding);
continue;
}
var mode = cfgSecurity.AuthenticationMode;
var msgSecurityVersion = cfgSecurity.MessageSecurityVersion;
var issuedTokenParameter = new IssuedSecurityTokenParameters();
if (cfgSecurity.IssuedTokenParameters.AdditionalRequestParameters != null)
{
foreach (var arp in cfgSecurity.IssuedTokenParameters.AdditionalRequestParameters.Cast <XmlElementElement>())
{
issuedTokenParameter.AdditionalRequestParameters.Add(arp.XmlElement);
}
}
if (cfgSecurity.IssuedTokenParameters.Issuer?.Address != null)
{
var address = cfgSecurity.IssuedTokenParameters.Issuer.Address;
var idElem = cfgSecurity.IssuedTokenParameters.Issuer.Identity;
issuedTokenParameter.IssuerAddress = GetEnpointAddressWithIdentity(address, idElem);
}
if (cfgSecurity.IssuedTokenParameters.Issuer?.Binding != null)
{
issuedTokenParameter.IssuerBinding = GetBindingByName(cfgSecurity.IssuedTokenParameters.Issuer.Binding);
}
if (cfgSecurity.IssuedTokenParameters.IssuerMetadata?.Address != null)
{
var address = cfgSecurity.IssuedTokenParameters.IssuerMetadata.Address;
var idElem = cfgSecurity.IssuedTokenParameters.IssuerMetadata.Identity;
issuedTokenParameter.IssuerMetadataAddress = GetEnpointAddressWithIdentity(address, idElem);
}
SecurityBindingElement securityElemnt;
switch (mode)
{
case AuthenticationMode.IssuedTokenOverTransport:
securityElemnt =
SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(issuedTokenParameter);
break;
case AuthenticationMode.AnonymousForCertificate:
securityElemnt = SecurityBindingElement.CreateAnonymousForCertificateBindingElement();
break;
case AuthenticationMode.AnonymousForSslNegotiated:
securityElemnt = SecurityBindingElement.CreateSslNegotiationBindingElement(false);
break;
case AuthenticationMode.CertificateOverTransport:
securityElemnt =
SecurityBindingElement.CreateCertificateOverTransportBindingElement(msgSecurityVersion);
break;
case AuthenticationMode.IssuedToken:
securityElemnt = SecurityBindingElement.CreateIssuedTokenBindingElement(issuedTokenParameter);
break;
case AuthenticationMode.IssuedTokenForCertificate:
securityElemnt = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(issuedTokenParameter);
break;
case AuthenticationMode.IssuedTokenForSslNegotiated:
securityElemnt = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(issuedTokenParameter);
break;
case AuthenticationMode.Kerberos:
securityElemnt = SecurityBindingElement.CreateKerberosBindingElement();
break;
case AuthenticationMode.KerberosOverTransport:
securityElemnt = SecurityBindingElement.CreateKerberosOverTransportBindingElement();
break;
case AuthenticationMode.MutualCertificate:
securityElemnt = SecurityBindingElement.CreateMutualCertificateBindingElement(msgSecurityVersion);
break;
case AuthenticationMode.MutualCertificateDuplex:
securityElemnt = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(msgSecurityVersion);
break;
case AuthenticationMode.MutualSslNegotiated:
securityElemnt = SecurityBindingElement.CreateSslNegotiationBindingElement(false);
break;
case AuthenticationMode.SspiNegotiated:
securityElemnt = SecurityBindingElement.CreateSspiNegotiationBindingElement();
break;
case AuthenticationMode.SspiNegotiatedOverTransport:
securityElemnt = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement();
break;
case AuthenticationMode.UserNameForCertificate:
securityElemnt = SecurityBindingElement.CreateUserNameForCertificateBindingElement();
break;
case AuthenticationMode.UserNameForSslNegotiated:
securityElemnt = SecurityBindingElement.CreateUserNameForSslBindingElement();
break;
case AuthenticationMode.UserNameOverTransport:
securityElemnt = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
break;
default:
throw new NotImplementedException();
}
securityElemnt.AllowInsecureTransport = cfgSecurity.AllowInsecureTransport;
securityElemnt.DefaultAlgorithmSuite = cfgSecurity.DefaultAlgorithmSuite;
securityElemnt.EnableUnsecuredResponse = cfgSecurity.EnableUnsecuredResponse;
securityElemnt.IncludeTimestamp = cfgSecurity.IncludeTimestamp;
securityElemnt.MessageSecurityVersion = cfgSecurity.MessageSecurityVersion;
securityElemnt.KeyEntropyMode = cfgSecurity.KeyEntropyMode;
securityElemnt.ProtectTokens = cfgSecurity.ProtectTokens;
securityElemnt.SecurityHeaderLayout = cfgSecurity.SecurityHeaderLayout;
securityElemnt.SetKeyDerivation(cfgSecurity.RequireDerivedKeys);
binding.Elements.Add(securityElemnt);
configs.Add(binding);
}
return(configs);
}
internal SecurityBindingElement CreateSecurityBindingElement(bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version)
{
SecurityBindingElement securityBindingElement;
SecurityBindingElement securityBindingElement1;
if (isReliableSession && !this.IsSecureConversationEnabled())
{
throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(Microsoft.ServiceBus.SR.GetString(Resources.SecureConversationRequiredByReliableSession, new object[0])));
}
bool flag = false;
bool flag1 = true;
if (!isSecureTransportMode)
{
if (!this.negotiateServiceCredential)
{
switch (this.clientCredentialType)
{
case MessageCredentialType.None:
{
securityBindingElement1 = SecurityBindingElement.CreateAnonymousForCertificateBindingElement();
goto Label0;
}
case MessageCredentialType.Windows:
{
securityBindingElement1 = SecurityBindingElement.CreateKerberosBindingElement();
flag = true;
goto Label0;
}
case MessageCredentialType.UserName:
{
securityBindingElement1 = SecurityBindingElement.CreateUserNameForCertificateBindingElement();
goto Label0;
}
case MessageCredentialType.Certificate:
{
securityBindingElement1 = SecurityBindingElement.CreateMutualCertificateBindingElement();
goto Label0;
}
case MessageCredentialType.IssuedToken:
{
securityBindingElement1 = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(this.CreateInfoCardParameters(flag1));
goto Label0;
}
}
Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.DebugAssert("unknown ClientCredentialType");
throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
else
{
switch (this.clientCredentialType)
{
case MessageCredentialType.None:
{
securityBindingElement1 = SecurityBindingElement.CreateSslNegotiationBindingElement(false, true);
goto Label0;
}
case MessageCredentialType.Windows:
{
securityBindingElement1 = SecurityBindingElement.CreateSspiNegotiationBindingElement(true);
goto Label0;
}
case MessageCredentialType.UserName:
{
securityBindingElement1 = SecurityBindingElement.CreateUserNameForSslBindingElement(true);
goto Label0;
}
case MessageCredentialType.Certificate:
{
securityBindingElement1 = SecurityBindingElement.CreateSslNegotiationBindingElement(true, true);
goto Label0;
}
case MessageCredentialType.IssuedToken:
{
securityBindingElement1 = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(this.CreateInfoCardParameters(flag1), true);
goto Label0;
}
}
Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.DebugAssert("unknown ClientCredentialType");
throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
Label0:
securityBindingElement = (!this.IsSecureConversationEnabled() ? securityBindingElement1 : SecurityBindingElement.CreateSecureConversationBindingElement(securityBindingElement1, true));
}
else
{
switch (this.clientCredentialType)
{
case MessageCredentialType.None:
{
throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(Microsoft.ServiceBus.SR.GetString(Resources.ClientCredentialTypeMustBeSpecifiedForMixedMode, new object[0])));
}
case MessageCredentialType.Windows:
{
securityBindingElement1 = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement(true);
break;
}
case MessageCredentialType.UserName:
{
securityBindingElement1 = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
break;
}
case MessageCredentialType.Certificate:
{
securityBindingElement1 = SecurityBindingElement.CreateCertificateOverTransportBindingElement();
break;
}
case MessageCredentialType.IssuedToken:
{
securityBindingElement1 = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(this.CreateInfoCardParameters(flag1));
break;
}
default:
{
Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.DebugAssert("unknown ClientCredentialType");
throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
}
securityBindingElement = (!this.IsSecureConversationEnabled() ? securityBindingElement1 : SecurityBindingElement.CreateSecureConversationBindingElement(securityBindingElement1, true));
}
if (this.wasAlgorithmSuiteSet || !flag)
{
SecurityAlgorithmSuite algorithmSuite = this.AlgorithmSuite;
SecurityAlgorithmSuite securityAlgorithmSuite = algorithmSuite;
securityBindingElement1.DefaultAlgorithmSuite = algorithmSuite;
securityBindingElement.DefaultAlgorithmSuite = securityAlgorithmSuite;
}
else if (flag)
{
SecurityAlgorithmSuite basic128 = SecurityAlgorithmSuite.Basic128;
SecurityAlgorithmSuite securityAlgorithmSuite1 = basic128;
securityBindingElement1.DefaultAlgorithmSuite = basic128;
securityBindingElement.DefaultAlgorithmSuite = securityAlgorithmSuite1;
}
securityBindingElement.IncludeTimestamp = true;
securityBindingElement1.MessageSecurityVersion = version;
securityBindingElement.MessageSecurityVersion = version;
if (isReliableSession)
{
securityBindingElement.LocalServiceSettings.ReconnectTransportOnFailure = true;
securityBindingElement.LocalClientSettings.ReconnectTransportOnFailure = true;
}
else
{
securityBindingElement.LocalServiceSettings.ReconnectTransportOnFailure = false;
securityBindingElement.LocalClientSettings.ReconnectTransportOnFailure = false;
}
if (this.IsSecureConversationEnabled())
{
securityBindingElement1.LocalServiceSettings.IssuedCookieLifetime = TimeSpan.FromMinutes(15);
}
return(securityBindingElement);
}
protected internal virtual BindingElement CreateBindingElement(bool createTemplateOnly)
{
SecurityBindingElement result;
switch (this.AuthenticationMode)
{
case AuthenticationMode.AnonymousForCertificate:
result = SecurityBindingElement.CreateAnonymousForCertificateBindingElement();
break;
case AuthenticationMode.AnonymousForSslNegotiated:
result = SecurityBindingElement.CreateSslNegotiationBindingElement(false, this.RequireSecurityContextCancellation);
break;
case AuthenticationMode.CertificateOverTransport:
result = SecurityBindingElement.CreateCertificateOverTransportBindingElement(this.MessageSecurityVersion);
break;
case AuthenticationMode.IssuedToken:
result = SecurityBindingElement.CreateIssuedTokenBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType));
break;
case AuthenticationMode.IssuedTokenForCertificate:
result = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType));
break;
case AuthenticationMode.IssuedTokenForSslNegotiated:
result = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType), this.RequireSecurityContextCancellation);
break;
case AuthenticationMode.IssuedTokenOverTransport:
result = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType));
break;
case AuthenticationMode.Kerberos:
result = SecurityBindingElement.CreateKerberosBindingElement();
break;
case AuthenticationMode.KerberosOverTransport:
result = SecurityBindingElement.CreateKerberosOverTransportBindingElement();
break;
case AuthenticationMode.MutualCertificateDuplex:
result = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(this.MessageSecurityVersion);
break;
case AuthenticationMode.MutualCertificate:
result = SecurityBindingElement.CreateMutualCertificateBindingElement(this.MessageSecurityVersion);
break;
case AuthenticationMode.MutualSslNegotiated:
result = SecurityBindingElement.CreateSslNegotiationBindingElement(true, this.RequireSecurityContextCancellation);
break;
case AuthenticationMode.SspiNegotiated:
result = SecurityBindingElement.CreateSspiNegotiationBindingElement(this.RequireSecurityContextCancellation);
break;
case AuthenticationMode.UserNameForCertificate:
result = SecurityBindingElement.CreateUserNameForCertificateBindingElement();
break;
case AuthenticationMode.UserNameForSslNegotiated:
result = SecurityBindingElement.CreateUserNameForSslBindingElement(this.RequireSecurityContextCancellation);
break;
case AuthenticationMode.UserNameOverTransport:
result = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
break;
case AuthenticationMode.SspiNegotiatedOverTransport:
result = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement(this.RequireSecurityContextCancellation);
break;
default:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidEnumArgumentException("AuthenticationMode", (int)this.AuthenticationMode, typeof(AuthenticationMode)));
}
this.ApplyConfiguration(result);
return(result);
}
internal SecurityBindingElement CreateSecurityBindingElement(bool isSecureTransportMode, bool isReliableSession, BindingElement transportBindingElement)
{
SecurityBindingElement element2;
if (!isSecureTransportMode)
{
switch (this.clientCredentialType)
{
case MessageCredentialType.None:
element2 = SecurityBindingElement.CreateSslNegotiationBindingElement(false, true);
goto Label_00FF;
case MessageCredentialType.Windows:
element2 = SecurityBindingElement.CreateSspiNegotiationBindingElement(true);
goto Label_00FF;
case MessageCredentialType.UserName:
element2 = SecurityBindingElement.CreateUserNameForSslBindingElement(true);
goto Label_00FF;
case MessageCredentialType.Certificate:
element2 = SecurityBindingElement.CreateSslNegotiationBindingElement(true, true);
goto Label_00FF;
case MessageCredentialType.IssuedToken:
element2 = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(), this.algorithmSuite), true);
goto Label_00FF;
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
switch (this.clientCredentialType)
{
case MessageCredentialType.None:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("ClientCredentialTypeMustBeSpecifiedForMixedMode")));
case MessageCredentialType.Windows:
element2 = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement(true);
break;
case MessageCredentialType.UserName:
element2 = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
break;
case MessageCredentialType.Certificate:
element2 = SecurityBindingElement.CreateCertificateOverTransportBindingElement();
break;
case MessageCredentialType.IssuedToken:
element2 = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(), this.algorithmSuite));
break;
default:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
SecurityBindingElement element = SecurityBindingElement.CreateSecureConversationBindingElement(element2);
goto Label_0107;
Label_00FF:
element = SecurityBindingElement.CreateSecureConversationBindingElement(element2, true);
Label_0107:
element.DefaultAlgorithmSuite = element2.DefaultAlgorithmSuite = this.AlgorithmSuite;
element.IncludeTimestamp = true;
if (!isReliableSession)
{
element.LocalServiceSettings.ReconnectTransportOnFailure = false;
element.LocalClientSettings.ReconnectTransportOnFailure = false;
}
else
{
element.LocalServiceSettings.ReconnectTransportOnFailure = true;
element.LocalClientSettings.ReconnectTransportOnFailure = true;
}
element2.LocalServiceSettings.IssuedCookieLifetime = NegotiationTokenAuthenticator <SspiNegotiationTokenAuthenticatorState> .defaultServerIssuedTransitionTokenLifetime;
element.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11;
element2.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11;
return(element);
}
internal SecurityBindingElement CreateSecurityBindingElement(bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version)
{
if (isReliableSession && !this.IsSecureConversationEnabled())
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SecureConversationRequiredByReliableSession)));
}
SecurityBindingElement result;
SecurityBindingElement oneShotSecurity;
bool isKerberosSelected = false;
bool emitBspAttributes = true;
if (isSecureTransportMode)
{
switch (this.clientCredentialType)
{
case MessageCredentialType.None:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ClientCredentialTypeMustBeSpecifiedForMixedMode)));
case MessageCredentialType.UserName:
oneShotSecurity = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
break;
case MessageCredentialType.Certificate:
oneShotSecurity = SecurityBindingElement.CreateCertificateOverTransportBindingElement();
break;
case MessageCredentialType.Windows:
oneShotSecurity = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement(true);
break;
case MessageCredentialType.IssuedToken:
oneShotSecurity = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspAttributes)), this.algorithmSuite));
break;
default:
Fx.Assert("unknown ClientCredentialType");
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
if (this.IsSecureConversationEnabled())
{
result = SecurityBindingElement.CreateSecureConversationBindingElement(oneShotSecurity, true);
}
else
{
result = oneShotSecurity;
}
}
else
{
if (negotiateServiceCredential)
{
switch (this.clientCredentialType)
{
case MessageCredentialType.None:
oneShotSecurity = SecurityBindingElement.CreateSslNegotiationBindingElement(false, true);
break;
case MessageCredentialType.UserName:
oneShotSecurity = SecurityBindingElement.CreateUserNameForSslBindingElement(true);
break;
case MessageCredentialType.Certificate:
oneShotSecurity = SecurityBindingElement.CreateSslNegotiationBindingElement(true, true);
break;
case MessageCredentialType.Windows:
oneShotSecurity = SecurityBindingElement.CreateSspiNegotiationBindingElement(true);
break;
case MessageCredentialType.IssuedToken:
oneShotSecurity = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspAttributes)), this.algorithmSuite), true);
break;
default:
Fx.Assert("unknown ClientCredentialType");
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
}
else
{
switch (this.clientCredentialType)
{
case MessageCredentialType.None:
oneShotSecurity = SecurityBindingElement.CreateAnonymousForCertificateBindingElement();
break;
case MessageCredentialType.UserName:
oneShotSecurity = SecurityBindingElement.CreateUserNameForCertificateBindingElement();
break;
case MessageCredentialType.Certificate:
oneShotSecurity = SecurityBindingElement.CreateMutualCertificateBindingElement();
break;
case MessageCredentialType.Windows:
oneShotSecurity = SecurityBindingElement.CreateKerberosBindingElement();
isKerberosSelected = true;
break;
case MessageCredentialType.IssuedToken:
oneShotSecurity = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspAttributes)), this.algorithmSuite));
break;
default:
Fx.Assert("unknown ClientCredentialType");
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
}
if (this.IsSecureConversationEnabled())
{
result = SecurityBindingElement.CreateSecureConversationBindingElement(oneShotSecurity, true);
}
else
{
result = oneShotSecurity;
}
}
// set the algorithm suite and issued token params if required
if (wasAlgorithmSuiteSet || (!isKerberosSelected))
{
result.DefaultAlgorithmSuite = oneShotSecurity.DefaultAlgorithmSuite = this.AlgorithmSuite;
}
else if (isKerberosSelected)
{
result.DefaultAlgorithmSuite = oneShotSecurity.DefaultAlgorithmSuite = SecurityAlgorithmSuite.KerberosDefault;
}
result.IncludeTimestamp = true;
oneShotSecurity.MessageSecurityVersion = version;
result.MessageSecurityVersion = version;
if (!isReliableSession)
{
result.LocalServiceSettings.ReconnectTransportOnFailure = false;
result.LocalClientSettings.ReconnectTransportOnFailure = false;
}
else
{
result.LocalServiceSettings.ReconnectTransportOnFailure = true;
result.LocalClientSettings.ReconnectTransportOnFailure = true;
}
if (this.IsSecureConversationEnabled())
{
// issue the transition SCT for a short duration only
oneShotSecurity.LocalServiceSettings.IssuedCookieLifetime = SpnegoTokenAuthenticator.defaultServerIssuedTransitionTokenLifetime;
}
return(result);
}
internal SecurityBindingElement CreateSecurityBindingElement(bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version)
{
SecurityBindingElement element;
SecurityBindingElement element2;
if (isReliableSession && !this.IsSecureConversationEnabled())
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("SecureConversationRequiredByReliableSession")));
}
bool flag = false;
bool emitBspRequiredAttributes = true;
if (!isSecureTransportMode)
{
if (this.negotiateServiceCredential)
{
switch (this.clientCredentialType)
{
case MessageCredentialType.None:
element2 = SecurityBindingElement.CreateSslNegotiationBindingElement(false, true);
goto Label_01DA;
case MessageCredentialType.Windows:
element2 = SecurityBindingElement.CreateSspiNegotiationBindingElement(true);
goto Label_01DA;
case MessageCredentialType.UserName:
element2 = SecurityBindingElement.CreateUserNameForSslBindingElement(true);
goto Label_01DA;
case MessageCredentialType.Certificate:
element2 = SecurityBindingElement.CreateSslNegotiationBindingElement(true, true);
goto Label_01DA;
case MessageCredentialType.IssuedToken:
element2 = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspRequiredAttributes)), this.algorithmSuite), true);
goto Label_01DA;
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
switch (this.clientCredentialType)
{
case MessageCredentialType.None:
element2 = SecurityBindingElement.CreateAnonymousForCertificateBindingElement();
goto Label_01DA;
case MessageCredentialType.Windows:
element2 = SecurityBindingElement.CreateKerberosBindingElement();
flag = true;
goto Label_01DA;
case MessageCredentialType.UserName:
element2 = SecurityBindingElement.CreateUserNameForCertificateBindingElement();
goto Label_01DA;
case MessageCredentialType.Certificate:
element2 = SecurityBindingElement.CreateMutualCertificateBindingElement();
goto Label_01DA;
case MessageCredentialType.IssuedToken:
element2 = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspRequiredAttributes)), this.algorithmSuite));
goto Label_01DA;
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
switch (this.clientCredentialType)
{
case MessageCredentialType.None:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("ClientCredentialTypeMustBeSpecifiedForMixedMode")));
case MessageCredentialType.Windows:
element2 = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement(true);
break;
case MessageCredentialType.UserName:
element2 = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
break;
case MessageCredentialType.Certificate:
element2 = SecurityBindingElement.CreateCertificateOverTransportBindingElement();
break;
case MessageCredentialType.IssuedToken:
element2 = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspRequiredAttributes)), this.algorithmSuite));
break;
default:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
if (this.IsSecureConversationEnabled())
{
element = SecurityBindingElement.CreateSecureConversationBindingElement(element2, true);
}
else
{
element = element2;
}
goto Label_01EE;
Label_01DA:
if (this.IsSecureConversationEnabled())
{
element = SecurityBindingElement.CreateSecureConversationBindingElement(element2, true);
}
else
{
element = element2;
}
Label_01EE:
if (this.wasAlgorithmSuiteSet || !flag)
{
element.DefaultAlgorithmSuite = element2.DefaultAlgorithmSuite = this.AlgorithmSuite;
}
else if (flag)
{
element.DefaultAlgorithmSuite = element2.DefaultAlgorithmSuite = SecurityAlgorithmSuite.KerberosDefault;
}
element.IncludeTimestamp = true;
element2.MessageSecurityVersion = version;
element.MessageSecurityVersion = version;
if (!isReliableSession)
{
element.LocalServiceSettings.ReconnectTransportOnFailure = false;
element.LocalClientSettings.ReconnectTransportOnFailure = false;
}
else
{
element.LocalServiceSettings.ReconnectTransportOnFailure = true;
element.LocalClientSettings.ReconnectTransportOnFailure = true;
}
if (this.IsSecureConversationEnabled())
{
element2.LocalServiceSettings.IssuedCookieLifetime = NegotiationTokenAuthenticator <SspiNegotiationTokenAuthenticatorState> .defaultServerIssuedTransitionTokenLifetime;
}
return(element);
}
internal SecurityBindingElement CreateSecurityBindingElement(bool isSecureTransportMode, bool isReliableSession)
{
SecurityBindingElement wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11;
SecurityBindingElement securityBindingElement;
if (!isSecureTransportMode)
{
switch (this.clientCredentialType)
{
case MessageCredentialType.None:
{
securityBindingElement = SecurityBindingElement.CreateSslNegotiationBindingElement(false, true);
break;
}
case MessageCredentialType.Windows:
{
securityBindingElement = SecurityBindingElement.CreateSspiNegotiationBindingElement(true);
break;
}
case MessageCredentialType.UserName:
{
securityBindingElement = SecurityBindingElement.CreateUserNameForSslBindingElement(true);
break;
}
case MessageCredentialType.Certificate:
{
securityBindingElement = SecurityBindingElement.CreateSslNegotiationBindingElement(true, true);
break;
}
case MessageCredentialType.IssuedToken:
{
object[] objArray = new object[] { SecurityUtil.CreateSecurityStandardsManager(new object[0]), this.algorithmSuite };
securityBindingElement = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(SecurityUtil.IssuedSecurityTokenParameters.CreateInfoCardParameters(objArray), true);
break;
}
default:
{
Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.DebugAssert("unknown ClientCredentialType");
throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
}
wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11 = SecurityBindingElement.CreateSecureConversationBindingElement(securityBindingElement, true);
}
else
{
switch (this.clientCredentialType)
{
case MessageCredentialType.None:
{
throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(Microsoft.ServiceBus.SR.GetString(Resources.ClientCredentialTypeMustBeSpecifiedForMixedMode, new object[0])));
}
case MessageCredentialType.Windows:
{
securityBindingElement = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement(true);
break;
}
case MessageCredentialType.UserName:
{
securityBindingElement = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
break;
}
case MessageCredentialType.Certificate:
{
securityBindingElement = SecurityBindingElement.CreateCertificateOverTransportBindingElement();
break;
}
case MessageCredentialType.IssuedToken:
{
object[] objArray1 = new object[] { SecurityUtil.CreateSecurityStandardsManager(new object[0]), this.algorithmSuite };
securityBindingElement = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(SecurityUtil.IssuedSecurityTokenParameters.CreateInfoCardParameters(objArray1));
break;
}
default:
{
Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.DebugAssert("unknown ClientCredentialType");
throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
}
wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11 = SecurityBindingElement.CreateSecureConversationBindingElement(securityBindingElement);
}
SecurityAlgorithmSuite algorithmSuite = this.AlgorithmSuite;
SecurityAlgorithmSuite securityAlgorithmSuite = algorithmSuite;
securityBindingElement.DefaultAlgorithmSuite = algorithmSuite;
wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11.DefaultAlgorithmSuite = securityAlgorithmSuite;
wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11.IncludeTimestamp = true;
if (isReliableSession)
{
wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11.LocalServiceSettings.ReconnectTransportOnFailure = true;
wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11.LocalClientSettings.ReconnectTransportOnFailure = true;
}
else
{
wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11.LocalServiceSettings.ReconnectTransportOnFailure = false;
wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11.LocalClientSettings.ReconnectTransportOnFailure = false;
}
securityBindingElement.LocalServiceSettings.IssuedCookieLifetime = TimeSpan.FromMinutes(15);
wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11;
securityBindingElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11;
return(wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11);
}