public SecurityProtocolFactory GetProtocolFactory <TChannel>() { if (securityProtocolFactory == null) { CreateSecurityProtocolFactory(); } if (typeof(TChannel) == typeof(IOutputChannel)) { if (enableSigning && securityProtocolFactory.ForwardProtocolFactory is PeerDoNothingSecurityProtocolFactory) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.MessageSenderAuthentication); } return(securityProtocolFactory.ForwardProtocolFactory); } else if (typeof(TChannel) == typeof(IInputChannel)) { if (enableSigning && securityProtocolFactory.ReverseProtocolFactory is PeerDoNothingSecurityProtocolFactory) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.MessageSenderAuthentication); } return(securityProtocolFactory.ReverseProtocolFactory); } else { if (enableSigning && ((securityProtocolFactory.ReverseProtocolFactory is PeerDoNothingSecurityProtocolFactory) || (securityProtocolFactory.ForwardProtocolFactory is PeerDoNothingSecurityProtocolFactory))) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.MessageSenderAuthentication); } return(securityProtocolFactory); } }
private static void ValidateCredentialSettings(PeerAuthenticationMode authenticationMode, bool signMessages, PeerCredential credential) { if ((authenticationMode != PeerAuthenticationMode.None) || signMessages) { X509CertificateValidator validator; switch (authenticationMode) { case PeerAuthenticationMode.Password: if (string.IsNullOrEmpty(credential.MeshPassword)) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Password); } break; case PeerAuthenticationMode.MutualCertificate: if (credential.Certificate == null) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Certificate); } if (!credential.PeerAuthentication.TryGetCertificateValidator(out validator)) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.PeerAuthentication); } break; } if (signMessages && !credential.MessageSenderAuthentication.TryGetCertificateValidator(out validator)) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.MessageSenderAuthentication); } } }
static PeerSecurityCredentialsManager GetCredentialsManager(PeerAuthenticationMode mode, bool signing, BindingContext context) { if (mode == PeerAuthenticationMode.None && !signing) { return(null); } ClientCredentials clientCredentials = context.BindingParameters.Find <ClientCredentials>(); if (clientCredentials != null) { return(new PeerSecurityCredentialsManager(clientCredentials.Peer, mode, signing)); } ServiceCredentials serviceCredentials = context.BindingParameters.Find <ServiceCredentials>(); if (serviceCredentials != null) { return(new PeerSecurityCredentialsManager(serviceCredentials.Peer, mode, signing)); } SecurityCredentialsManager credman = context.BindingParameters.Find <SecurityCredentialsManager>(); if (credman == null) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Credentials); } return(new PeerSecurityCredentialsManager(credman.CreateSecurityTokenManager(), mode, signing)); }
static public PeerSecurityManager Create(PeerAuthenticationMode authenticationMode, bool messageAuthentication, PeerSecurityCredentialsManager credman, ChannelProtectionRequirements reqs, XmlDictionaryReaderQuotas readerQuotas) { PeerSecurityManager manager = null; X509CertificateValidator connectionValidator = null; X509CertificateValidator messageValidator = null; PeerCredential credential = credman.Credential; if (null == credential && credman == null) { if (authenticationMode != PeerAuthenticationMode.None || messageAuthentication) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Credentials); } //create one that doesnt have any credentials in it. return(CreateDummy()); } manager = new PeerSecurityManager(authenticationMode, messageAuthentication); manager.credManager = credman; manager.password = credman.Password; manager.readerQuotas = readerQuotas; if (reqs != null) { manager.protection = new ChannelProtectionRequirements(reqs); } manager.tokenManager = credman.CreateSecurityTokenManager(); if (credential == null) { return(manager); } switch (authenticationMode) { case PeerAuthenticationMode.None: break; case PeerAuthenticationMode.Password: { manager.password = credential.MeshPassword; if (String.IsNullOrEmpty(manager.credManager.Password)) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Password); } connectionValidator = X509CertificateValidator.None; } break; case PeerAuthenticationMode.MutualCertificate: { if (manager.credManager.Certificate == null) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Certificate); } if (!credential.PeerAuthentication.TryGetCertificateValidator(out connectionValidator)) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.PeerAuthentication); } } break; } if (messageAuthentication) { if (credential.MessageSenderAuthentication != null) { if (!credential.MessageSenderAuthentication.TryGetCertificateValidator(out messageValidator)) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.MessageSenderAuthentication); } } else { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.MessageSenderAuthentication); } } return(manager); }
public static PeerSecurityManager Create(PeerAuthenticationMode authenticationMode, bool messageAuthentication, PeerSecurityCredentialsManager credman, ChannelProtectionRequirements reqs, XmlDictionaryReaderQuotas readerQuotas) { PeerSecurityManager manager = null; X509CertificateValidator none = null; X509CertificateValidator validator2 = null; PeerCredential credential = credman.Credential; if ((credential == null) && (credman == null)) { if ((authenticationMode != PeerAuthenticationMode.None) || messageAuthentication) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Credentials); } return(CreateDummy()); } manager = new PeerSecurityManager(authenticationMode, messageAuthentication) { credManager = credman, password = credman.Password, readerQuotas = readerQuotas }; if (reqs != null) { manager.protection = new ChannelProtectionRequirements(reqs); } manager.tokenManager = credman.CreateSecurityTokenManager(); if (credential != null) { switch (authenticationMode) { case PeerAuthenticationMode.Password: manager.password = credential.MeshPassword; if (string.IsNullOrEmpty(manager.credManager.Password)) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Password); } none = X509CertificateValidator.None; break; case PeerAuthenticationMode.MutualCertificate: if (manager.credManager.Certificate == null) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Certificate); } if (!credential.PeerAuthentication.TryGetCertificateValidator(out none)) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.PeerAuthentication); } break; } if (messageAuthentication) { if (credential.MessageSenderAuthentication != null) { if (!credential.MessageSenderAuthentication.TryGetCertificateValidator(out validator2)) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.MessageSenderAuthentication); } return(manager); } PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.MessageSenderAuthentication); } } return(manager); }