protected override AcceleratedTokenProviderState CreateNegotiationState(EndpointAddress target, Uri via, TimeSpan timeout) { byte[] keyEntropy; if (this.keyEntropyMode == SecurityKeyEntropyMode.ClientEntropy || this.keyEntropyMode == SecurityKeyEntropyMode.CombinedEntropy) { keyEntropy = new byte[this.SecurityAlgorithmSuite.DefaultSymmetricKeyLength / 8]; CryptoHelper.FillRandomBytes(keyEntropy); } else { keyEntropy = null; } return(new AcceleratedTokenProviderState(keyEntropy)); }
WrappedKeySecurityToken CreateWrappedKeyToken(SecurityToken wrappingToken, SecurityTokenParameters wrappingTokenParameters, SecurityTokenReferenceStyle wrappingTokenReferenceStyle) { int keyLength = Math.Max(128, this.Factory.OutgoingAlgorithmSuite.DefaultSymmetricKeyLength); CryptoHelper.ValidateSymmetricKeyLength(keyLength, this.Factory.OutgoingAlgorithmSuite); byte[] key = new byte[keyLength / 8]; CryptoHelper.FillRandomBytes(key); string tokenId = SecurityUtils.GenerateId(); string wrappingAlgorithm = this.Factory.OutgoingAlgorithmSuite.DefaultAsymmetricKeyWrapAlgorithm; SecurityKeyIdentifierClause clause = wrappingTokenParameters.CreateKeyIdentifierClause(wrappingToken, wrappingTokenReferenceStyle); SecurityKeyIdentifier identifier = new SecurityKeyIdentifier(); identifier.Add(clause); return(new WrappedKeySecurityToken(tokenId, key, wrappingAlgorithm, wrappingToken, identifier)); }
private WrappedKeySecurityToken CreateWrappedKeyToken(SecurityToken wrappingToken, SecurityTokenParameters wrappingTokenParameters, SecurityTokenReferenceStyle wrappingTokenReferenceStyle) { int keyLength = Math.Max(0x80, this.Factory.OutgoingAlgorithmSuite.DefaultSymmetricKeyLength); CryptoHelper.ValidateSymmetricKeyLength(keyLength, this.Factory.OutgoingAlgorithmSuite); byte[] buffer = new byte[keyLength / 8]; CryptoHelper.FillRandomBytes(buffer); string id = System.ServiceModel.Security.SecurityUtils.GenerateId(); string defaultAsymmetricKeyWrapAlgorithm = this.Factory.OutgoingAlgorithmSuite.DefaultAsymmetricKeyWrapAlgorithm; SecurityKeyIdentifierClause clause = wrappingTokenParameters.CreateKeyIdentifierClause(wrappingToken, wrappingTokenReferenceStyle); SecurityKeyIdentifier wrappingTokenReference = new SecurityKeyIdentifier(); wrappingTokenReference.Add(clause); return(new WrappedKeySecurityToken(id, buffer, defaultAsymmetricKeyWrapAlgorithm, wrappingToken, wrappingTokenReference)); }
// helpers protected virtual void IssueServiceToken(SspiNegotiationTokenAuthenticatorState sspiState, ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies, out SecurityContextSecurityToken serviceToken, out WrappedKeySecurityToken proofToken, out int issuedKeySize) { UniqueId contextId = SecurityUtils.GenerateUniqueId(); string id = SecurityUtils.GenerateId(); if (sspiState.RequestedKeySize == 0) { issuedKeySize = this.SecurityAlgorithmSuite.DefaultSymmetricKeyLength; } else { issuedKeySize = sspiState.RequestedKeySize; } byte[] key = new byte[issuedKeySize / 8]; CryptoHelper.FillRandomBytes(key); DateTime effectiveTime = DateTime.UtcNow; DateTime expirationTime = TimeoutHelper.Add(effectiveTime, this.ServiceTokenLifetime); serviceToken = IssueSecurityContextToken(contextId, id, key, effectiveTime, expirationTime, authorizationPolicies, this.EncryptStateInServiceToken); proofToken = new WrappedKeySecurityToken(string.Empty, key, sspiState.SspiNegotiation); }
byte[] GenerateEntropy(int entropySize) { byte[] result = DiagnosticUtility.Utility.AllocateByteArray(entropySize / 8); CryptoHelper.FillRandomBytes(result); return(result); }