public DurableIssuedSecurityTokenProvider(IssuedSecurityTokenProvider innerTokenProvider, IssuedTokenCache cache) { if (cache == null) { throw new ArgumentNullException("cache"); } if (innerTokenProvider == null) { throw new ArgumentNullException("innerTokenProvider"); } this.innerTokenProvider = innerTokenProvider; this.cache = cache; this.target = innerTokenProvider.TargetAddress; this.issuer = innerTokenProvider.IssuerAddress; }
private void CopyIssuerChannelBehaviorsAndAddSecurityCredentials(IssuedSecurityTokenProvider federationTokenProvider, KeyedByTypeCollection<IEndpointBehavior> issuerChannelBehaviors, EndpointAddress issuerAddress) { if (issuerChannelBehaviors != null) { foreach (IEndpointBehavior behavior in issuerChannelBehaviors) { if (behavior is SecurityCredentialsManager) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("IssuerChannelBehaviorsCannotContainSecurityCredentialsManager", new object[] { issuerAddress, typeof(SecurityCredentialsManager) }))); } federationTokenProvider.IssuerChannelBehaviors.Add(behavior); } } federationTokenProvider.IssuerChannelBehaviors.Add(this.parent); }
public static void Main (string [] args) { bool no_nego = false, no_sc = false; foreach (string arg in args) { if (arg == "--no-nego") no_nego = true; else if (arg == "--no-sc") no_sc = true; else { Console.WriteLine ("Unrecognized option '{0}'", arg); return; } } X509Certificate2 cert = new X509Certificate2 ("test.pfx", "mono"); IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider (); p.IssuerAddress = new EndpointAddress (new Uri ("http://localhost:8080"), new X509CertificateEndpointIdentity (cert)); p.TargetAddress = new EndpointAddress ("http://localhost:8080"); WSHttpBinding binding = new WSHttpBinding (); // the following lines are required to not depend on // MessageCredentialType.Windows (which uses SSPI). binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate; ClientCredentials cred = new ClientCredentials (); cred.ClientCertificate.Certificate = cert; cred.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; p.IssuerChannelBehaviors.Add (cred); if (no_sc) binding.Security.Message.EstablishSecurityContext = false; if (no_nego) binding.Security.Message.NegotiateServiceCredential = false; p.IssuerBinding = binding; p.SecurityTokenSerializer = new WSSecurityTokenSerializer (); p.SecurityAlgorithmSuite = SecurityAlgorithmSuite.Default; p.KeyEntropyMode = SecurityKeyEntropyMode.ClientEntropy; p.Open (); SecurityToken token = p.GetToken (TimeSpan.FromSeconds (10)); p.Close (); XmlWriter writer = XmlWriter.Create (Console.Out); new ClientCredentialsSecurityTokenManager (cred).CreateSecurityTokenSerializer (MessageSecurityVersion.Default.SecurityTokenVersion).WriteToken (writer, token); writer.Close (); }
public void DefaultValues () { IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider (); Assert.AreEqual (true, p.CacheIssuedTokens, "#1"); Assert.AreEqual (TimeSpan.FromMinutes (1), p.DefaultOpenTimeout, "#2"); Assert.AreEqual (TimeSpan.FromMinutes (1), p.DefaultCloseTimeout, "#3"); Assert.IsNotNull (p.IdentityVerifier, "#4"); Assert.AreEqual (60, p.IssuedTokenRenewalThresholdPercentage, "#5"); Assert.IsNull (p.IssuerAddress, "#6"); Assert.AreEqual (0, p.IssuerChannelBehaviors.Count, "#7"); Assert.AreEqual (SecurityKeyEntropyMode.CombinedEntropy, p.KeyEntropyMode, "#8"); Assert.AreEqual (TimeSpan.MaxValue, p.MaxIssuedTokenCachingTime, "#9"); Assert.AreEqual (MessageSecurityVersion.Default, p.MessageSecurityVersion, "#10"); Assert.IsNull (p.SecurityAlgorithmSuite, "#11"); Assert.IsNull (p.SecurityTokenSerializer, "#12"); Assert.IsNull (p.TargetAddress, "#13"); Assert.AreEqual (true, p.SupportsTokenCancellation, "#14"); Assert.AreEqual (0, p.TokenRequestParameters.Count, "#15"); Assert.IsNull (p.IssuerBinding, "#16"); }
IssuedSecurityTokenProvider CreateIssuedTokenProvider (SecurityTokenRequirement requirement) { IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider (); // FIXME: fill properties EndpointAddress address; if (requirement.TryGetProperty<EndpointAddress> (ReqType.IssuerAddressProperty, out address)) p.IssuerAddress = address; if (requirement.TryGetProperty<EndpointAddress> (ReqType.TargetAddressProperty, out address)) p.TargetAddress = address; Binding binding; if (requirement.TryGetProperty<Binding> (ReqType.IssuerBindingProperty, out binding)) p.IssuerBinding = binding; MessageSecurityVersion ver; if (requirement.TryGetProperty<MessageSecurityVersion> (ReqType.MessageSecurityVersionProperty, out ver)) p.SecurityTokenSerializer = CreateSecurityTokenSerializer (ver.SecurityTokenVersion); SecurityAlgorithmSuite suite; if (requirement.TryGetProperty<SecurityAlgorithmSuite> (ReqType.SecurityAlgorithmSuiteProperty, out suite)) p.SecurityAlgorithmSuite = suite; return p; }
IssuedSecurityTokenProvider CreateIssuedProviderBase (SecurityTokenRequirement r) { IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider (); p.TargetAddress = r.GetProperty<EndpointAddress> (ReqType.TargetAddressProperty); // FIXME: use it somewhere, probably to build // IssuerBinding. However, there is also IssuerBinding // property. SecureConversationSecurityBindingElement // as well. SecurityBindingElement sbe = r.GetProperty<SecurityBindingElement> (ReqType.SecurityBindingElementProperty); // I doubt the binding is acquired this way ... Binding binding; if (!r.TryGetProperty<Binding> (ReqType.IssuerBindingProperty, out binding)) binding = new CustomBinding (sbe, new TextMessageEncodingBindingElement (), new HttpTransportBindingElement ()); p.IssuerBinding = binding; // not sure if it is used only for this purpose though ... BindingContext ctx = r.GetProperty<BindingContext> (ReqType.IssuerBindingContextProperty); foreach (IEndpointBehavior b in ctx.BindingParameters.FindAll<IEndpointBehavior> ()) p.IssuerChannelBehaviors.Add (b); SecurityTokenVersion ver = r.GetProperty<SecurityTokenVersion> (ReqType.MessageSecurityVersionProperty); p.SecurityTokenSerializer = CreateSecurityTokenSerializer (ver); // seems like they are optional here ... (but possibly // used later) EndpointAddress address; if (!r.TryGetProperty<EndpointAddress> (ReqType.IssuerAddressProperty, out address)) address = p.TargetAddress; p.IssuerAddress = address; // It is somehow not checked as mandatory ... SecurityAlgorithmSuite suite = null; r.TryGetProperty<SecurityAlgorithmSuite> (ReqType.SecurityAlgorithmSuiteProperty, out suite); p.SecurityAlgorithmSuite = suite; return p; }
public void OpenWithoutBinding () { IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider (); p.SecurityTokenSerializer = WSSecurityTokenSerializer.DefaultInstance; p.IssuerAddress = new EndpointAddress ("http://localhost:8080"); p.Open (); }
public void OpenWithoutIssuerAddress () { IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider (); p.SecurityTokenSerializer = WSSecurityTokenSerializer.DefaultInstance; p.Open (); }
public void OpenWithoutSerializer () { IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider (); p.Open (); }
IssuedSecurityTokenProvider SetupProvider (Binding binding) { IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider (); p.SecurityTokenSerializer = WSSecurityTokenSerializer.DefaultInstance; p.IssuerAddress = GetSecureEndpointAddress ("stream:dummy"); p.IssuerBinding = binding; // wiithout it indigo causes NRE p.SecurityAlgorithmSuite = SecurityAlgorithmSuite.Default; p.TargetAddress = new EndpointAddress ("http://localhost:9090"); return p; }
public void GetTokenWithoutOpen () { IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider (); p.GetToken (TimeSpan.FromSeconds (10)); }
public void OpenWithoutTargetAddress () { IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider (); p.SecurityTokenSerializer = WSSecurityTokenSerializer.DefaultInstance; p.IssuerAddress = new EndpointAddress ("http://localhost:8080"); p.IssuerBinding = new BasicHttpBinding (); // wiithout it indigo causes NRE p.SecurityAlgorithmSuite = SecurityAlgorithmSuite.Default; p.Open (); }
IssuedSecurityTokenProvider CreateIssuedSecurityTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement, FederatedClientCredentialsParameters actAsOnBehalfOfParameters) { if (initiatorRequirement.TargetAddress == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenRequirementDoesNotSpecifyTargetAddress, initiatorRequirement)); } SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement; if (securityBindingElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenProviderRequiresSecurityBindingElement, initiatorRequirement)); } EndpointAddress issuerAddress = initiatorRequirement.IssuerAddress; Binding issuerBinding = initiatorRequirement.IssuerBinding; // // If the issuer address is indeed anonymous or null, we will try the local issuer // bool isLocalIssuer = (issuerAddress == null || issuerAddress.Equals(EndpointAddress.AnonymousAddress)); if (isLocalIssuer) { issuerAddress = parent.IssuedToken.LocalIssuerAddress; issuerBinding = parent.IssuedToken.LocalIssuerBinding; } if (issuerAddress == null) { // if issuer address is still null then the user forgot to specify the local issuer throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.StsAddressNotSet, initiatorRequirement.TargetAddress))); } if (issuerBinding == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.StsBindingNotSet, issuerAddress))); } Uri issuerUri = issuerAddress.Uri; KeyedByTypeCollection<IEndpointBehavior> issuerChannelBehaviors; if (!parent.IssuedToken.IssuerChannelBehaviors.TryGetValue(issuerAddress.Uri, out issuerChannelBehaviors) && isLocalIssuer) { issuerChannelBehaviors = parent.IssuedToken.LocalIssuerChannelBehaviors; } IssuedSecurityTokenProvider federationTokenProvider = new IssuedSecurityTokenProvider(GetCredentialsHandle(initiatorRequirement)); federationTokenProvider.TokenHandlerCollectionManager = this.parent.SecurityTokenHandlerCollectionManager; federationTokenProvider.TargetAddress = initiatorRequirement.TargetAddress; CopyIssuerChannelBehaviorsAndAddSecurityCredentials(federationTokenProvider, issuerChannelBehaviors, issuerAddress); federationTokenProvider.CacheIssuedTokens = parent.IssuedToken.CacheIssuedTokens; federationTokenProvider.IdentityVerifier = securityBindingElement.LocalClientSettings.IdentityVerifier; federationTokenProvider.IssuerAddress = issuerAddress; federationTokenProvider.IssuerBinding = issuerBinding; federationTokenProvider.KeyEntropyMode = GetIssuerBindingKeyEntropyModeOrDefault(issuerBinding); federationTokenProvider.MaxIssuedTokenCachingTime = parent.IssuedToken.MaxIssuedTokenCachingTime; federationTokenProvider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite; MessageSecurityVersion issuerSecurityVersion; SecurityTokenSerializer issuerSecurityTokenSerializer; IssuedSecurityTokenParameters issuedTokenParameters = initiatorRequirement.GetProperty<IssuedSecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty); GetIssuerBindingSecurityVersion(issuerBinding, issuedTokenParameters.DefaultMessageSecurityVersion, initiatorRequirement.SecurityBindingElement, out issuerSecurityVersion, out issuerSecurityTokenSerializer); federationTokenProvider.MessageSecurityVersion = issuerSecurityVersion; federationTokenProvider.SecurityTokenSerializer = issuerSecurityTokenSerializer; federationTokenProvider.IssuedTokenRenewalThresholdPercentage = parent.IssuedToken.IssuedTokenRenewalThresholdPercentage; IEnumerable<XmlElement> tokenRequestParameters = issuedTokenParameters.CreateRequestParameters(issuerSecurityVersion, issuerSecurityTokenSerializer); if (tokenRequestParameters != null) { foreach (XmlElement requestParameter in tokenRequestParameters) { federationTokenProvider.TokenRequestParameters.Add(requestParameter); } } ChannelParameterCollection channelParameters; if (initiatorRequirement.TryGetProperty<ChannelParameterCollection>(ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty, out channelParameters)) { federationTokenProvider.ChannelParameters = channelParameters; } federationTokenProvider.SetupActAsOnBehalfOfParameters(actAsOnBehalfOfParameters); return federationTokenProvider; }
// FIXME: it is far from done. SecurityTokenProvider CreateSecureConversationProvider (SecurityTokenRequirement r) { IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider (); InitializeProviderCommunicationObject (p.Communication, r); // FIXME: use it somewhere. int keySize = r.KeySize; return p; }
private IssuedSecurityTokenProvider CreateIssuedSecurityTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement) { KeyedByTypeCollection<IEndpointBehavior> localIssuerChannelBehaviors; MessageSecurityVersion version; SecurityTokenSerializer serializer; ChannelParameterCollection parameters2; if (initiatorRequirement.TargetAddress == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenRequirementDoesNotSpecifyTargetAddress", new object[] { initiatorRequirement })); } SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement; if (securityBindingElement == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenProviderRequiresSecurityBindingElement", new object[] { initiatorRequirement })); } EndpointAddress issuerAddress = initiatorRequirement.IssuerAddress; Binding issuerBinding = initiatorRequirement.IssuerBinding; bool flag = (issuerAddress == null) || issuerAddress.Equals(EndpointAddress.AnonymousAddress); if (flag) { issuerAddress = this.parent.IssuedToken.LocalIssuerAddress; issuerBinding = this.parent.IssuedToken.LocalIssuerBinding; } if (issuerAddress == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("StsAddressNotSet", new object[] { initiatorRequirement.TargetAddress }))); } if (issuerBinding == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("StsBindingNotSet", new object[] { issuerAddress }))); } Uri uri = issuerAddress.Uri; if (!this.parent.IssuedToken.IssuerChannelBehaviors.TryGetValue(issuerAddress.Uri, out localIssuerChannelBehaviors) && flag) { localIssuerChannelBehaviors = this.parent.IssuedToken.LocalIssuerChannelBehaviors; } IssuedSecurityTokenProvider federationTokenProvider = new IssuedSecurityTokenProvider(this.GetCredentialsHandle(initiatorRequirement)) { TargetAddress = initiatorRequirement.TargetAddress }; this.CopyIssuerChannelBehaviorsAndAddSecurityCredentials(federationTokenProvider, localIssuerChannelBehaviors, issuerAddress); federationTokenProvider.CacheIssuedTokens = this.parent.IssuedToken.CacheIssuedTokens; federationTokenProvider.IdentityVerifier = securityBindingElement.LocalClientSettings.IdentityVerifier; federationTokenProvider.IssuerAddress = issuerAddress; federationTokenProvider.IssuerBinding = issuerBinding; federationTokenProvider.KeyEntropyMode = this.GetIssuerBindingKeyEntropyModeOrDefault(issuerBinding); federationTokenProvider.MaxIssuedTokenCachingTime = this.parent.IssuedToken.MaxIssuedTokenCachingTime; federationTokenProvider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite; IssuedSecurityTokenParameters property = initiatorRequirement.GetProperty<IssuedSecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty); this.GetIssuerBindingSecurityVersion(issuerBinding, property.DefaultMessageSecurityVersion, initiatorRequirement.SecurityBindingElement, out version, out serializer); federationTokenProvider.MessageSecurityVersion = version; federationTokenProvider.SecurityTokenSerializer = serializer; federationTokenProvider.IssuedTokenRenewalThresholdPercentage = this.parent.IssuedToken.IssuedTokenRenewalThresholdPercentage; IEnumerable<XmlElement> enumerable = property.CreateRequestParameters(version, serializer); if (enumerable != null) { foreach (XmlElement element2 in enumerable) { federationTokenProvider.TokenRequestParameters.Add(element2); } } if (initiatorRequirement.TryGetProperty<ChannelParameterCollection>(ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty, out parameters2)) { federationTokenProvider.ChannelParameters = parameters2; } return federationTokenProvider; }