protected override SecurityProtocolCorrelationState VerifyIncomingMessageCore(ref Message message, string actor, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates) { IList <SupportingTokenAuthenticatorSpecification> list; SessionSymmetricMessageSecurityProtocolFactory factory = this.Factory; ReceiveSecurityHeader securityHeader = base.ConfigureReceiveSecurityHeader(message, string.Empty, correlationStates, this.requireDerivedKeys ? this.sessionStandardsManager : null, out list); securityHeader.ConfigureSymmetricBindingServerReceiveHeader(this.sessionTokenAuthenticator, this.Factory.SecurityTokenParameters, list); securityHeader.ConfigureOutOfBandTokenResolver(base.MergeOutOfBandResolvers(list, this.sessionResolverList)); securityHeader.EnforceDerivedKeyRequirement = message.Headers.Action != factory.StandardsManager.SecureConversationDriver.CloseAction.Value; base.ProcessSecurityHeader(securityHeader, ref message, null, timeout, correlationStates); SecurityToken signatureToken = securityHeader.SignatureToken; SecurityContextSecurityToken token2 = signatureToken as SecurityContextSecurityToken; if ((token2 == null) || (token2.ContextId != this.sessionId)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(System.ServiceModel.SR.GetString("NoSessionTokenPresentInMessage"))); } base.AttachRecipientSecurityProperty(message, signatureToken, false, securityHeader.BasicSupportingTokens, securityHeader.EndorsingSupportingTokens, securityHeader.SignedEndorsingSupportingTokens, securityHeader.SignedSupportingTokens, securityHeader.SecurityTokenAuthorizationPoliciesMapping); return(base.GetCorrelationState(null, securityHeader)); }
protected override SecurityProtocolCorrelationState VerifyIncomingMessageCore(ref Message message, string actor, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates) { SessionSymmetricMessageSecurityProtocolFactory factory = this.Factory; IList <SupportingTokenAuthenticatorSpecification> supportingAuthenticators; ReceiveSecurityHeader securityHeader = ConfigureReceiveSecurityHeader(message, string.Empty, correlationStates, (this.requireDerivedKeys) ? this.sessionStandardsManager : null, out supportingAuthenticators); securityHeader.ConfigureSymmetricBindingServerReceiveHeader(this.sessionTokenAuthenticator, this.Factory.SecurityTokenParameters, supportingAuthenticators); securityHeader.ConfigureOutOfBandTokenResolver(MergeOutOfBandResolvers(supportingAuthenticators, this.sessionResolverList)); // do not enforce key derivation requirement for Cancel messages due to WSE interop securityHeader.EnforceDerivedKeyRequirement = (message.Headers.Action != factory.StandardsManager.SecureConversationDriver.CloseAction.Value); ProcessSecurityHeader(securityHeader, ref message, null, timeout, correlationStates); SecurityToken signingToken = securityHeader.SignatureToken; SecurityContextSecurityToken signingSct = (signingToken as SecurityContextSecurityToken); if (signingSct == null || signingSct.ContextId != sessionId) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.GetString(SR.NoSessionTokenPresentInMessage))); } AttachRecipientSecurityProperty(message, signingToken, false, securityHeader.BasicSupportingTokens, securityHeader.EndorsingSupportingTokens, securityHeader.SignedEndorsingSupportingTokens, securityHeader.SignedSupportingTokens, securityHeader.SecurityTokenAuthorizationPoliciesMapping); return(GetCorrelationState(null, securityHeader)); }
protected override SecurityProtocolCorrelationState VerifyIncomingMessageCore(ref Message message, string actor, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates) { SymmetricSecurityProtocolFactory factory = this.Factory; IList <SupportingTokenAuthenticatorSpecification> supportingAuthenticators; TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); ReceiveSecurityHeader securityHeader = ConfigureReceiveSecurityHeader(message, string.Empty, correlationStates, out supportingAuthenticators); SecurityToken requiredReplySigningToken = null; if (this.Factory.ActAsInitiator) { // set the outofband protection token SecurityTokenParameters outOfBandTokenParameters; SecurityToken outOfBandToken = GetCorrelationToken(correlationStates, out outOfBandTokenParameters); securityHeader.ConfigureSymmetricBindingClientReceiveHeader(outOfBandToken, outOfBandTokenParameters); requiredReplySigningToken = outOfBandToken; } else { if (factory.RecipientSymmetricTokenAuthenticator != null) { securityHeader.ConfigureSymmetricBindingServerReceiveHeader(this.Factory.RecipientSymmetricTokenAuthenticator, this.Factory.SecurityTokenParameters, supportingAuthenticators); } else { securityHeader.ConfigureSymmetricBindingServerReceiveHeader(this.Factory.RecipientAsymmetricTokenProvider.GetToken(timeoutHelper.RemainingTime()), this.Factory.SecurityTokenParameters, supportingAuthenticators); securityHeader.WrappedKeySecurityTokenAuthenticator = this.Factory.WrappedKeySecurityTokenAuthenticator; } securityHeader.ConfigureOutOfBandTokenResolver(MergeOutOfBandResolvers(supportingAuthenticators, this.Factory.RecipientOutOfBandTokenResolverList)); } ProcessSecurityHeader(securityHeader, ref message, requiredReplySigningToken, timeoutHelper.RemainingTime(), correlationStates); SecurityToken signingToken = securityHeader.SignatureToken; if (factory.RequireIntegrity) { if (factory.SecurityTokenParameters.HasAsymmetricKey) { // enforce that the signing token is a wrapped key token EnsureWrappedToken(signingToken, message); } else { EnsureNonWrappedToken(signingToken, message); } if (factory.ActAsInitiator) { if (!factory.SecurityTokenParameters.HasAsymmetricKey) { ReadOnlyCollection <IAuthorizationPolicy> signingTokenPolicies = this.initiatorTokenAuthenticator.ValidateToken(signingToken); DoIdentityCheckAndAttachInitiatorSecurityProperty(message, signingToken, signingTokenPolicies); } else { SecurityToken wrappingToken = (signingToken as WrappedKeySecurityToken).WrappingToken; ReadOnlyCollection <IAuthorizationPolicy> wrappingTokenPolicies = this.initiatorTokenAuthenticator.ValidateToken(wrappingToken); DoIdentityCheckAndAttachInitiatorSecurityProperty(message, signingToken, wrappingTokenPolicies); } } else { AttachRecipientSecurityProperty(message, signingToken, this.Factory.SecurityTokenParameters.HasAsymmetricKey, securityHeader.BasicSupportingTokens, securityHeader.EndorsingSupportingTokens, securityHeader.SignedEndorsingSupportingTokens, securityHeader.SignedSupportingTokens, securityHeader.SecurityTokenAuthorizationPoliciesMapping); } } return(GetCorrelationState(signingToken, securityHeader)); }
protected override SecurityProtocolCorrelationState VerifyIncomingMessageCore(ref Message message, string actor, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates) { IList <SupportingTokenAuthenticatorSpecification> list; SymmetricSecurityProtocolFactory factory = this.Factory; TimeoutHelper helper = new TimeoutHelper(timeout); ReceiveSecurityHeader securityHeader = base.ConfigureReceiveSecurityHeader(message, string.Empty, correlationStates, out list); SecurityToken requiredSigningToken = null; if (this.Factory.ActAsInitiator) { SecurityTokenParameters parameters; SecurityToken correlationToken = this.GetCorrelationToken(correlationStates, out parameters); securityHeader.ConfigureSymmetricBindingClientReceiveHeader(correlationToken, parameters); requiredSigningToken = correlationToken; } else { if (factory.RecipientSymmetricTokenAuthenticator != null) { securityHeader.ConfigureSymmetricBindingServerReceiveHeader(this.Factory.RecipientSymmetricTokenAuthenticator, this.Factory.SecurityTokenParameters, list); } else { securityHeader.ConfigureSymmetricBindingServerReceiveHeader(this.Factory.RecipientAsymmetricTokenProvider.GetToken(helper.RemainingTime()), this.Factory.SecurityTokenParameters, list); securityHeader.WrappedKeySecurityTokenAuthenticator = this.Factory.WrappedKeySecurityTokenAuthenticator; } securityHeader.ConfigureOutOfBandTokenResolver(base.MergeOutOfBandResolvers(list, this.Factory.RecipientOutOfBandTokenResolverList)); } base.ProcessSecurityHeader(securityHeader, ref message, requiredSigningToken, helper.RemainingTime(), correlationStates); SecurityToken signatureToken = securityHeader.SignatureToken; if (factory.RequireIntegrity) { if (factory.SecurityTokenParameters.HasAsymmetricKey) { this.EnsureWrappedToken(signatureToken, message); } else { MessageSecurityProtocol.EnsureNonWrappedToken(signatureToken, message); } if (factory.ActAsInitiator) { if (!factory.SecurityTokenParameters.HasAsymmetricKey) { ReadOnlyCollection <IAuthorizationPolicy> protectionTokenPolicies = this.initiatorTokenAuthenticator.ValidateToken(signatureToken); base.DoIdentityCheckAndAttachInitiatorSecurityProperty(message, signatureToken, protectionTokenPolicies); } else { SecurityToken wrappingToken = (signatureToken as WrappedKeySecurityToken).WrappingToken; ReadOnlyCollection <IAuthorizationPolicy> onlys2 = this.initiatorTokenAuthenticator.ValidateToken(wrappingToken); base.DoIdentityCheckAndAttachInitiatorSecurityProperty(message, signatureToken, onlys2); } } else { base.AttachRecipientSecurityProperty(message, signatureToken, this.Factory.SecurityTokenParameters.HasAsymmetricKey, securityHeader.BasicSupportingTokens, securityHeader.EndorsingSupportingTokens, securityHeader.SignedEndorsingSupportingTokens, securityHeader.SignedSupportingTokens, securityHeader.SecurityTokenAuthorizationPoliciesMapping); } } return(base.GetCorrelationState(signatureToken, securityHeader)); }