public static void AddSupportingToken(Message message, RequestSecurityTokenResponse rstr)
{
GenericXmlSecurityToken token = rstr.GetIssuedToken(null, null, SecurityKeyEntropyMode.ServerEntropy, null, null, null);
SecurityMessageProperty property = new SecurityMessageProperty();
SupportingTokenSpecification item = new SupportingTokenSpecification(token, new List <IAuthorizationPolicy>().AsReadOnly(), SecurityTokenAttachmentMode.Endorsing, SecurityContextSecurityTokenParameters);
property.OutgoingSupportingTokens.Add(item);
message.Properties.Security = property;
if (DebugTrace.Verbose)
{
DebugTrace.Trace(TraceLevel.Verbose, "Attached supporting token {0} to register message", rstr.Context);
}
}
void ValidateTokensByParameters(IEnumerable <SecurityTokenParameters> plist, List <SupportingTokenInfo> tokens, bool optional, SecurityTokenAttachmentMode attachMode)
{
foreach (SecurityTokenParameters p in plist)
{
SecurityTokenResolver r;
SecurityTokenAuthenticator a =
security.CreateTokenAuthenticator(p, out r);
SupportingTokenSpecification spec = ValidateTokensByParameters(a, r, tokens);
if (spec == null)
{
if (optional)
{
continue;
}
else
{
throw new MessageSecurityException(String.Format("No security token could be validated for authenticator '{0}' which is indicated by the '{1}' supporting token parameters", a, attachMode));
}
}
else
{
// For endorsing tokens, verify corresponding signatures.
switch (attachMode)
{
case SecurityTokenAttachmentMode.Endorsing:
case SecurityTokenAttachmentMode.SignedEndorsing:
WSSignedXml esxml = GetSignatureForToken(spec.SecurityToken);
if (esxml == null)
{
throw new MessageSecurityException(String.Format("The '{1}' token '{0}' is expected to endorse the primary signature but no corresponding signature is found.", spec.SecurityToken, attachMode));
}
bool confirmed;
SecurityAlgorithmSuite suite = security.Element.DefaultAlgorithmSuite;
foreach (SecurityTokenReferenceKeyInfo kic in esxml.KeyInfo)
{
SecurityKey signKey = spec.SecurityToken.ResolveKeyIdentifierClause(kic.Clause);
SymmetricSecurityKey symkey = signKey as SymmetricSecurityKey;
if (symkey != null)
{
confirmed = esxml.CheckSignature(symkey.GetKeyedHashAlgorithm(suite.DefaultSymmetricSignatureAlgorithm));
}
else
{
AsymmetricAlgorithm alg = ((AsymmetricSecurityKey)signKey).GetAsymmetricAlgorithm(suite.DefaultAsymmetricSignatureAlgorithm, false);
confirmed = esxml.CheckSignature(alg);
}
if (!confirmed)
{
throw new MessageSecurityException(String.Format("Signature for '{1}' token '{0}' is invalid.", spec.SecurityToken, attachMode));
}
break;
}
sec_prop.ConfirmedSignatures.Insert(0, Convert.ToBase64String(esxml.SignatureValue));
break;
}
}
sec_prop.IncomingSupportingTokens.Add(spec);
}
}
protected override BodyWriter GetFirstOutgoingMessageBody(FederatedTokenProviderState negotiationState, out MessageProperties messageProperties)
{
messageProperties = null;
RequestSecurityToken rst = new RequestSecurityToken(this.StandardsManager);
if (this.addTargetServiceAppliesTo)
{
if (this.MessageVersion.Addressing == AddressingVersion.WSAddressing10)
{
rst.SetAppliesTo <EndpointAddress10>(
EndpointAddress10.FromEndpointAddress(negotiationState.TargetAddress),
DataContractSerializerDefaults.CreateSerializer(typeof(EndpointAddress10), DataContractSerializerDefaults.MaxItemsInObjectGraph));
}
else if (this.MessageVersion.Addressing == AddressingVersion.WSAddressingAugust2004)
{
rst.SetAppliesTo <EndpointAddressAugust2004>(
EndpointAddressAugust2004.FromEndpointAddress(negotiationState.TargetAddress),
DataContractSerializerDefaults.CreateSerializer(typeof(EndpointAddressAugust2004), DataContractSerializerDefaults.MaxItemsInObjectGraph));
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(
new ProtocolException(SR.GetString(SR.AddressingVersionNotSupported, this.MessageVersion.Addressing)));
}
}
rst.Context = negotiationState.Context;
if (!this.isKeySizePresentInRstProperties)
{
rst.KeySize = this.keySize;
}
Collection <XmlElement> newRequestProperties = new Collection <XmlElement>();
if (this.requestProperties != null)
{
for (int i = 0; i < this.requestProperties.Count; ++i)
{
newRequestProperties.Add(this.requestProperties[i]);
}
}
if (!isKeyTypePresentInRstProperties)
{
XmlElement keyTypeElement = this.StandardsManager.TrustDriver.CreateKeyTypeElement(this.keyType);
newRequestProperties.Insert(0, keyTypeElement);
}
if (this.keyType == SecurityKeyType.SymmetricKey)
{
byte[] requestorEntropy = negotiationState.GetRequestorEntropy();
rst.SetRequestorEntropy(requestorEntropy);
}
else if (this.keyType == SecurityKeyType.AsymmetricKey)
{
RsaKeyIdentifierClause rsaClause = new RsaKeyIdentifierClause(negotiationState.Rsa);
SecurityKeyIdentifier keyIdentifier = new SecurityKeyIdentifier(rsaClause);
newRequestProperties.Add(this.StandardsManager.TrustDriver.CreateUseKeyElement(keyIdentifier, this.StandardsManager));
RsaSecurityTokenParameters rsaParameters = new RsaSecurityTokenParameters();
rsaParameters.InclusionMode = SecurityTokenInclusionMode.Never;
rsaParameters.RequireDerivedKeys = false;
SupportingTokenSpecification rsaSpec = new SupportingTokenSpecification(negotiationState.RsaSecurityToken, EmptyReadOnlyCollection <IAuthorizationPolicy> .Instance, SecurityTokenAttachmentMode.Endorsing, rsaParameters);
messageProperties = new MessageProperties();
SecurityMessageProperty security = new SecurityMessageProperty();
security.OutgoingSupportingTokens.Add(rsaSpec);
messageProperties.Security = security;
}
if (this.keyType == SecurityKeyType.SymmetricKey && this.KeyEntropyMode == SecurityKeyEntropyMode.CombinedEntropy)
{
newRequestProperties.Add(this.StandardsManager.TrustDriver.CreateComputedKeyAlgorithmElement(this.StandardsManager.TrustDriver.ComputedKeyAlgorithm));
}
rst.RequestProperties = newRequestProperties;
rst.MakeReadOnly();
return(rst);
}
protected override BodyWriter GetFirstOutgoingMessageBody(IssuedSecurityTokenProvider.FederatedTokenProviderState negotiationState, out MessageProperties messageProperties)
{
messageProperties = null;
RequestSecurityToken token = new RequestSecurityToken(base.StandardsManager);
if (this.addTargetServiceAppliesTo)
{
if (this.MessageVersion.Addressing != AddressingVersion.WSAddressing10)
{
if (this.MessageVersion.Addressing != AddressingVersion.WSAddressingAugust2004)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ProtocolException(System.ServiceModel.SR.GetString("AddressingVersionNotSupported", new object[] { this.MessageVersion.Addressing })));
}
token.SetAppliesTo <EndpointAddressAugust2004>(EndpointAddressAugust2004.FromEndpointAddress(negotiationState.TargetAddress), DataContractSerializerDefaults.CreateSerializer(typeof(EndpointAddressAugust2004), 0x10000));
}
else
{
token.SetAppliesTo <EndpointAddress10>(EndpointAddress10.FromEndpointAddress(negotiationState.TargetAddress), DataContractSerializerDefaults.CreateSerializer(typeof(EndpointAddress10), 0x10000));
}
}
token.Context = negotiationState.Context;
if (!this.isKeySizePresentInRstProperties)
{
token.KeySize = this.keySize;
}
Collection <XmlElement> collection = new Collection <XmlElement>();
if (this.requestProperties != null)
{
for (int i = 0; i < this.requestProperties.Count; i++)
{
collection.Add(this.requestProperties[i]);
}
}
if (!this.isKeyTypePresentInRstProperties)
{
XmlElement item = base.StandardsManager.TrustDriver.CreateKeyTypeElement(this.keyType);
collection.Insert(0, item);
}
if (this.keyType == SecurityKeyType.SymmetricKey)
{
byte[] requestorEntropy = negotiationState.GetRequestorEntropy();
token.SetRequestorEntropy(requestorEntropy);
}
else if (this.keyType == SecurityKeyType.AsymmetricKey)
{
RsaKeyIdentifierClause clause = new RsaKeyIdentifierClause(negotiationState.Rsa);
SecurityKeyIdentifier keyIdentifier = new SecurityKeyIdentifier(new SecurityKeyIdentifierClause[] { clause });
collection.Add(base.StandardsManager.TrustDriver.CreateUseKeyElement(keyIdentifier, base.StandardsManager));
RsaSecurityTokenParameters tokenParameters = new RsaSecurityTokenParameters {
InclusionMode = SecurityTokenInclusionMode.Never,
RequireDerivedKeys = false
};
SupportingTokenSpecification specification = new SupportingTokenSpecification(negotiationState.RsaSecurityToken, System.ServiceModel.Security.EmptyReadOnlyCollection <IAuthorizationPolicy> .Instance, SecurityTokenAttachmentMode.Endorsing, tokenParameters);
messageProperties = new MessageProperties();
SecurityMessageProperty property = new SecurityMessageProperty {
OutgoingSupportingTokens = { specification }
};
messageProperties.Security = property;
}
if ((this.keyType == SecurityKeyType.SymmetricKey) && (this.KeyEntropyMode == SecurityKeyEntropyMode.CombinedEntropy))
{
collection.Add(base.StandardsManager.TrustDriver.CreateComputedKeyAlgorithmElement(base.StandardsManager.TrustDriver.ComputedKeyAlgorithm));
}
token.RequestProperties = collection;
token.MakeReadOnly();
return(token);
}