// RST specific method public abstract void WriteRequestSecurityToken(RequestSecurityToken rst, XmlWriter w);
// RST specific method public abstract BinaryNegotiation GetBinaryNegotiation(RequestSecurityToken rst);
// RST specific method public abstract SecurityToken GetEntropy(RequestSecurityToken rst, SecurityTokenResolver resolver);
public abstract T GetAppliesTo <T>(RequestSecurityToken rst, XmlObjectSerializer serializer);
public abstract void GetAppliesToQName(RequestSecurityToken rst, out string localName, out string namespaceUri);
public GetOutgoingBlobProxy(SspiNegotiationTokenProviderState sspiState, SspiNegotiationTokenProvider sspiProvider, RequestSecurityToken rst)
{
this._sspiState = sspiState;
this._sspiProvider = sspiProvider;
this._rst = rst;
}
protected override BodyWriter ProcessRequestSecurityToken(Message request, RequestSecurityToken requestSecurityToken, out NegotiationTokenAuthenticatorState negotiationState)
{
BodyWriter writer;
if (request == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("request");
}
if (requestSecurityToken == null)
{
throw TraceUtility.ThrowHelperArgumentNull("requestSecurityToken", request);
}
try
{
EndpointAddress address;
DataContractSerializer serializer;
string str;
string str2;
int num;
byte[] buffer;
byte[] buffer2;
SecurityToken token;
ReadOnlyCollection <IAuthorizationPolicy> instance;
if ((requestSecurityToken.RequestType != null) && (requestSecurityToken.RequestType != base.StandardsManager.TrustDriver.RequestTypeIssue))
{
throw TraceUtility.ThrowHelperWarning(new SecurityNegotiationException(System.ServiceModel.SR.GetString("InvalidRstRequestType", new object[] { requestSecurityToken.RequestType })), request);
}
if ((requestSecurityToken.TokenType != null) && (requestSecurityToken.TokenType != base.SecurityContextTokenUri))
{
throw TraceUtility.ThrowHelperWarning(new SecurityNegotiationException(System.ServiceModel.SR.GetString("CannotIssueRstTokenType", new object[] { requestSecurityToken.TokenType })), request);
}
requestSecurityToken.GetAppliesToQName(out str, out str2);
if ((str == "EndpointReference") && (str2 == request.Version.Addressing.Namespace))
{
if (request.Version.Addressing != AddressingVersion.WSAddressing10)
{
if (request.Version.Addressing != AddressingVersion.WSAddressingAugust2004)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ProtocolException(System.ServiceModel.SR.GetString("AddressingVersionNotSupported", new object[] { request.Version.Addressing })));
}
serializer = DataContractSerializerDefaults.CreateSerializer(typeof(EndpointAddressAugust2004), 0x10000);
address = requestSecurityToken.GetAppliesTo <EndpointAddressAugust2004>(serializer).ToEndpointAddress();
}
else
{
serializer = DataContractSerializerDefaults.CreateSerializer(typeof(EndpointAddress10), 0x10000);
address = requestSecurityToken.GetAppliesTo <EndpointAddress10>(serializer).ToEndpointAddress();
}
}
else
{
address = null;
serializer = null;
}
if (this.shouldMatchRstWithEndpointFilter)
{
System.ServiceModel.Security.SecurityUtils.MatchRstWithEndpointFilter(request, base.EndpointFilterTable, base.ListenUri);
}
WSTrust.Driver.ProcessRstAndIssueKey(requestSecurityToken, null, this.KeyEntropyMode, base.SecurityAlgorithmSuite, out num, out buffer, out buffer2, out token);
UniqueId contextId = System.ServiceModel.Security.SecurityUtils.GenerateUniqueId();
string id = System.ServiceModel.Security.SecurityUtils.GenerateId();
DateTime utcNow = DateTime.UtcNow;
DateTime expirationTime = TimeoutHelper.Add(utcNow, base.ServiceTokenLifetime);
SecurityMessageProperty security = request.Properties.Security;
if (security != null)
{
instance = SecuritySessionSecurityTokenAuthenticator.CreateSecureConversationPolicies(security, expirationTime);
}
else
{
instance = EmptyReadOnlyCollection <IAuthorizationPolicy> .Instance;
}
SecurityContextSecurityToken token2 = base.IssueSecurityContextToken(contextId, id, buffer2, utcNow, expirationTime, instance, base.EncryptStateInServiceToken);
if (this.preserveBootstrapTokens)
{
token2.BootstrapMessageProperty = (security == null) ? null : ((SecurityMessageProperty)security.CreateCopy());
System.ServiceModel.Security.SecurityUtils.ErasePasswordInUsernameTokenIfPresent(token2.BootstrapMessageProperty);
}
RequestSecurityTokenResponse response = new RequestSecurityTokenResponse(base.StandardsManager)
{
Context = requestSecurityToken.Context,
KeySize = num,
RequestedUnattachedReference = base.IssuedSecurityTokenParameters.CreateKeyIdentifierClause(token2, SecurityTokenReferenceStyle.External),
RequestedAttachedReference = base.IssuedSecurityTokenParameters.CreateKeyIdentifierClause(token2, SecurityTokenReferenceStyle.Internal),
TokenType = base.SecurityContextTokenUri,
RequestedSecurityToken = token2
};
if (buffer != null)
{
response.SetIssuerEntropy(buffer);
response.ComputeKey = true;
}
if (token != null)
{
response.RequestedProofToken = token;
}
if (address != null)
{
if (request.Version.Addressing != AddressingVersion.WSAddressing10)
{
if (request.Version.Addressing != AddressingVersion.WSAddressingAugust2004)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ProtocolException(System.ServiceModel.SR.GetString("AddressingVersionNotSupported", new object[] { request.Version.Addressing })));
}
response.SetAppliesTo <EndpointAddressAugust2004>(EndpointAddressAugust2004.FromEndpointAddress(address), serializer);
}
else
{
response.SetAppliesTo <EndpointAddress10>(EndpointAddress10.FromEndpointAddress(address), serializer);
}
}
response.MakeReadOnly();
negotiationState = new NegotiationTokenAuthenticatorState();
negotiationState.SetServiceToken(token2);
if (base.StandardsManager.MessageSecurityVersion.SecureConversationVersion == SecureConversationVersion.WSSecureConversationFeb2005)
{
return(response);
}
if (base.StandardsManager.MessageSecurityVersion.SecureConversationVersion != SecureConversationVersion.WSSecureConversation13)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
RequestSecurityTokenResponseCollection responses = new RequestSecurityTokenResponseCollection(new List <RequestSecurityTokenResponse>(1)
{
response
}, base.StandardsManager);
writer = responses;
}
finally
{
SecuritySessionSecurityTokenAuthenticator.RemoveCachedTokensIfRequired(request.Properties.Security);
}
return(writer);
}
protected abstract BodyWriter ProcessRequestSecurityToken(Message request, RequestSecurityToken requestSecurityToken, out T negotiationState);
private Message ProcessRequestCore(Message request)
{
Message message;
if (request == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("request");
}
RequestSecurityToken requestSecurityToken = null;
RequestSecurityTokenResponse requestSecurityTokenResponse = null;
string context = null;
bool flag = false;
bool flag2 = true;
T negotiationState = default(T);
try
{
if (this.maxMessageSize < 0x7fffffff)
{
string action = request.Headers.Action;
try
{
using (MessageBuffer buffer = request.CreateBufferedCopy(this.maxMessageSize))
{
request = buffer.CreateMessage();
flag = true;
}
}
catch (QuotaExceededException exception)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("SecurityNegotiationMessageTooLarge", new object[] { action, this.maxMessageSize }), exception));
}
}
try
{
BodyWriter writer;
Uri to = request.Headers.To;
this.ParseMessageBody(request, out context, out requestSecurityToken, out requestSecurityTokenResponse);
if (context != null)
{
negotiationState = this.stateCache.GetState(context);
}
else
{
negotiationState = default(T);
}
bool flag3 = false;
try
{
if (requestSecurityToken != null)
{
if (negotiationState != null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new SecurityNegotiationException(System.ServiceModel.SR.GetString("NegotiationStateAlreadyPresent", new object[] { context })));
}
writer = this.ProcessRequestSecurityToken(request, requestSecurityToken, out negotiationState);
lock (negotiationState.ThisLock)
{
if (negotiationState.IsNegotiationCompleted)
{
if (!negotiationState.ServiceToken.IsCookieMode)
{
this.IssuedTokenCache.AddContext(negotiationState.ServiceToken);
}
this.OnTokenIssued(negotiationState.ServiceToken);
SecurityTraceRecordHelper.TraceServiceSecurityNegotiationCompleted <T>((NegotiationTokenAuthenticator <T>) this, negotiationState.ServiceToken);
flag3 = true;
}
else
{
this.stateCache.AddState(context, negotiationState);
flag3 = false;
}
this.AddNegotiationChannelForIdleTracking();
goto Label_0299;
}
}
if (negotiationState == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new SecurityNegotiationException(System.ServiceModel.SR.GetString("CannotFindNegotiationState", new object[] { context })));
}
lock (negotiationState.ThisLock)
{
writer = this.ProcessRequestSecurityTokenResponse(negotiationState, request, requestSecurityTokenResponse);
if (negotiationState.IsNegotiationCompleted)
{
if (!negotiationState.ServiceToken.IsCookieMode)
{
this.IssuedTokenCache.AddContext(negotiationState.ServiceToken);
}
this.OnTokenIssued(negotiationState.ServiceToken);
SecurityTraceRecordHelper.TraceServiceSecurityNegotiationCompleted <T>((NegotiationTokenAuthenticator <T>) this, negotiationState.ServiceToken);
flag3 = true;
}
else
{
flag3 = false;
}
}
Label_0299:
if ((negotiationState.IsNegotiationCompleted && (null != this.ListenUri)) && (AuditLevel.Success == (this.messageAuthenticationAuditLevel & AuditLevel.Success)))
{
string remoteIdentityName = negotiationState.GetRemoteIdentityName();
SecurityAuditHelper.WriteSecurityNegotiationSuccessEvent(this.auditLogLocation, this.suppressAuditFailure, request, request.Headers.To, request.Headers.Action, remoteIdentityName, base.GetType().Name);
}
flag2 = false;
}
catch (Exception exception2)
{
if (Fx.IsFatal(exception2))
{
throw;
}
if (PerformanceCounters.PerformanceCountersEnabled && (null != this.ListenUri))
{
PerformanceCounters.AuthenticationFailed(request, this.ListenUri);
}
if (AuditLevel.Failure == (this.messageAuthenticationAuditLevel & AuditLevel.Failure))
{
try
{
string clientIdentity = (negotiationState != null) ? negotiationState.GetRemoteIdentityName() : string.Empty;
SecurityAuditHelper.WriteSecurityNegotiationFailureEvent(this.auditLogLocation, this.suppressAuditFailure, request, request.Headers.To, request.Headers.Action, clientIdentity, base.GetType().Name, exception2);
}
catch (Exception exception3)
{
if (Fx.IsFatal(exception3))
{
throw;
}
DiagnosticUtility.ExceptionUtility.TraceHandledException(exception3, TraceEventType.Error);
}
}
flag3 = true;
throw;
}
finally
{
if (flag3 && (negotiationState != null))
{
if (context != null)
{
this.stateCache.RemoveState(context);
}
negotiationState.Dispose();
}
}
return(NegotiationTokenAuthenticator <T> .CreateReply(request, (writer is RequestSecurityTokenResponseCollection)?this.RequestSecurityTokenResponseFinalAction : this.RequestSecurityTokenResponseAction, writer));
}
finally
{
if (flag)
{
request.Close();
}
}
}
finally
{
if (flag2)
{
this.AddNegotiationChannelForIdleTracking();
}
else if ((negotiationState != null) && negotiationState.IsNegotiationCompleted)
{
this.RemoveNegotiationChannelFromIdleTracking();
}
}
return(message);
}
private static void AddToDigest(SspiNegotiationTokenAuthenticatorState sspiState, RequestSecurityToken rst)
{
MemoryStream stream = new MemoryStream();
XmlDictionaryWriter w = XmlDictionaryWriter.CreateTextWriter(stream);
rst.RequestSecurityTokenXml.WriteTo(w);
w.Flush();
AddToDigest(sspiState.NegotiationDigest, stream);
}
protected virtual void WriteTargets(RequestSecurityToken rst, XmlDictionaryWriter writer)
{
}
public override void WriteRequestSecurityToken(RequestSecurityToken rst, XmlWriter xmlWriter)
{
throw new NotImplementedException();
}