internal SecurityProtocolFactory(SecurityProtocolFactory factory) : this() { if (factory == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("factory"); } this.actAsInitiator = factory.actAsInitiator; this.addTimestamp = factory.addTimestamp; this.detectReplays = factory.detectReplays; this.incomingAlgorithmSuite = factory.incomingAlgorithmSuite; this.maxCachedNonces = factory.maxCachedNonces; this.maxClockSkew = factory.maxClockSkew; this.outgoingAlgorithmSuite = factory.outgoingAlgorithmSuite; this.replayWindow = factory.replayWindow; // this.channelSupportingTokenAuthenticatorSpecification = (ICollection<SupportingTokenAuthenticatorSpecification>) new Collection<SupportingTokenAuthenticatorSpecification>((IList<SupportingTokenAuthenticatorSpecification>) new List<SupportingTokenAuthenticatorSpecification>((IEnumerable<SupportingTokenAuthenticatorSpecification>) factory.channelSupportingTokenAuthenticatorSpecification)); // this.scopedSupportingTokenAuthenticatorSpecification = new Dictionary<string, ICollection<SupportingTokenAuthenticatorSpecification>>((IDictionary<string, ICollection<SupportingTokenAuthenticatorSpecification>>) factory.scopedSupportingTokenAuthenticatorSpecification); this.standardsManager = factory.standardsManager; // this.timestampValidityDuration = factory.timestampValidityDuration; // this.auditLogLocation = factory.auditLogLocation; // this.suppressAuditFailure = factory.suppressAuditFailure; // this.serviceAuthorizationAuditLevel = factory.serviceAuthorizationAuditLevel; // this.messageAuthenticationAuditLevel = factory.messageAuthenticationAuditLevel; if (factory.securityBindingElement != null) { this.securityBindingElement = (SecurityBindingElement)factory.securityBindingElement.Clone(); } this.securityTokenManager = factory.securityTokenManager; this.privacyNoticeUri = factory.privacyNoticeUri; this.privacyNoticeVersion = factory.privacyNoticeVersion; // this.endpointFilterTable = factory.endpointFilterTable; this.extendedProtectionPolicy = factory.extendedProtectionPolicy; this.nonceCache = factory.nonceCache; }
public WSSecurityOneDotOneReceiveSecurityHeader(Message message, string actor, bool mustUnderstand, bool relay, SecurityStandardsManager standardsManager, SecurityAlgorithmSuite algorithmSuite, int headerIndex, MessageDirection direction) : base(message, actor, mustUnderstand, relay, standardsManager, algorithmSuite, headerIndex, direction) { }
public WSSecurityOneDotZeroSendSecurityHeader(Message message, string actor, bool mustUnderstand, bool relay, SecurityStandardsManager standardsManager, SecurityAlgorithmSuite algorithmSuite, MessageDirection direction) : base(message, actor, mustUnderstand, relay, standardsManager, algorithmSuite, direction) { }
internal override SendSecurityHeader CreateSendSecurityHeader(Message message, string actor, bool mustUnderstand, bool relay, SecurityStandardsManager standardsManager, SecurityAlgorithmSuite algorithmSuite, MessageDirection direction) { return(new WSSecurityOneDotOneSendSecurityHeader(message, actor, mustUnderstand, relay, standardsManager, algorithmSuite, direction)); }
public SecurityHeader(System.ServiceModel.Channels.Message message, string actor, bool mustUnderstand, bool relay, SecurityStandardsManager standardsManager, SecurityAlgorithmSuite algorithmSuite, System.ServiceModel.Description.MessageDirection transferDirection) { if (message == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("message"); } if (actor == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("actor"); } if (standardsManager == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("standardsManager"); } if (algorithmSuite == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("algorithmSuite"); } this.message = message; this.actor = actor; this.mustUnderstand = mustUnderstand; this.relay = relay; this.standardsManager = standardsManager; this.algorithmSuite = algorithmSuite; this.transferDirection = transferDirection; }
internal SecurityProtocolFactory(SecurityProtocolFactory factory) : this() { if (factory == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("factory"); } _actAsInitiator = factory._actAsInitiator; _addTimestamp = factory._addTimestamp; _detectReplays = factory._detectReplays; _incomingAlgorithmSuite = factory._incomingAlgorithmSuite; _maxCachedNonces = factory._maxCachedNonces; _maxClockSkew = factory._maxClockSkew; _outgoingAlgorithmSuite = factory._outgoingAlgorithmSuite; _replayWindow = factory._replayWindow; _channelSupportingTokenAuthenticatorSpecification = new Collection <SupportingTokenAuthenticatorSpecification>(new List <SupportingTokenAuthenticatorSpecification>(factory._channelSupportingTokenAuthenticatorSpecification)); _scopedSupportingTokenAuthenticatorSpecification = new Dictionary <string, ICollection <SupportingTokenAuthenticatorSpecification> >(factory._scopedSupportingTokenAuthenticatorSpecification); _standardsManager = factory._standardsManager; _timestampValidityDuration = factory._timestampValidityDuration; _auditLogLocation = factory._auditLogLocation; _suppressAuditFailure = factory._suppressAuditFailure; _serviceAuthorizationAuditLevel = factory._serviceAuthorizationAuditLevel; _messageAuthenticationAuditLevel = factory._messageAuthenticationAuditLevel; if (factory._securityBindingElement != null) { _securityBindingElement = (SecurityBindingElement)factory._securityBindingElement.Clone(); } _securityTokenManager = factory._securityTokenManager; _privacyNoticeUri = factory._privacyNoticeUri; _privacyNoticeVersion = factory._privacyNoticeVersion; _extendedProtectionPolicy = factory._extendedProtectionPolicy; _nonceCache = factory._nonceCache; }
protected override void StartPrimarySignatureCore(SecurityToken token, SecurityKeyIdentifier keyIdentifier, MessagePartSpecification signatureParts, bool generateTargettableSignature) { SecurityAlgorithmSuite suite = this.AlgorithmSuite; string canonicalizationAlgorithm = suite.DefaultCanonicalizationAlgorithm; XmlDictionaryString canonicalizationAlgorithmDictionaryString = suite.DefaultCanonicalizationAlgorithmDictionaryString; if (canonicalizationAlgorithm != SecurityAlgorithms.ExclusiveC14n) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new MessageSecurityException(SR.GetString(SR.UnsupportedCanonicalizationAlgorithm, suite.DefaultCanonicalizationAlgorithm))); } string signatureAlgorithm; XmlDictionaryString signatureAlgorithmDictionaryString; suite.GetSignatureAlgorithmAndKey(token, out signatureAlgorithm, out this.signatureKey, out signatureAlgorithmDictionaryString); string digestAlgorithm = suite.DefaultDigestAlgorithm; XmlDictionaryString digestAlgorithmDictionaryString = suite.DefaultDigestAlgorithmDictionaryString; this.signedInfo = new PreDigestedSignedInfo(ServiceModelDictionaryManager.Instance, canonicalizationAlgorithm, canonicalizationAlgorithmDictionaryString, digestAlgorithm, digestAlgorithmDictionaryString, signatureAlgorithm, signatureAlgorithmDictionaryString); this.signedXml = new SignedXml(this.signedInfo, ServiceModelDictionaryManager.Instance, this.StandardsManager.SecurityTokenSerializer); if (keyIdentifier != null) { this.signedXml.Signature.KeyIdentifier = keyIdentifier; } if (generateTargettableSignature) { this.signedXml.Id = GenerateId(); } this.effectiveSignatureParts = signatureParts; this.hashStream = this.signedInfo.ResourcePool.TakeHashStream(digestAlgorithm); }
protected override ISignatureValueSecurityElement CreateSupportingSignature(SecurityToken token, SecurityKeyIdentifier identifier, ISecurityElement elementToSign) { string str; XmlDictionaryString str2; SecurityKey key; SecurityAlgorithmSuite algorithmSuite = base.AlgorithmSuite; algorithmSuite.GetSignatureAlgorithmAndKey(token, out str, out key, out str2); SignedXml xml = new SignedXml(ServiceModelDictionaryManager.Instance, base.StandardsManager.SecurityTokenSerializer); SignedInfo signedInfo = xml.Signature.SignedInfo; signedInfo.CanonicalizationMethod = algorithmSuite.DefaultCanonicalizationAlgorithm; signedInfo.CanonicalizationMethodDictionaryString = algorithmSuite.DefaultCanonicalizationAlgorithmDictionaryString; signedInfo.SignatureMethod = str; signedInfo.SignatureMethodDictionaryString = str2; if (elementToSign.Id == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("ElementToSignMustHaveId"))); } Reference reference = new Reference(ServiceModelDictionaryManager.Instance, "#" + elementToSign.Id, elementToSign) { DigestMethod = algorithmSuite.DefaultDigestAlgorithm, DigestMethodDictionaryString = algorithmSuite.DefaultDigestAlgorithmDictionaryString }; reference.AddTransform(new ExclusiveCanonicalizationTransform()); ((StandardSignedInfo)signedInfo).AddReference(reference); xml.ComputeSignature(key); if (identifier != null) { xml.Signature.KeyIdentifier = identifier; } return(xml); }
public IssuedTokenWSTrustBinding(Binding issuerBinding, EndpointAddress issuerAddress, SecurityMode mode, TrustVersion version, SecurityKeyType keyType, SecurityAlgorithmSuite algorithmSuite, string tokenType, IEnumerable<ClaimTypeRequirement> claimTypeRequirements, EndpointAddress issuerMetadataAddress) : base(mode, version) { this._claimTypeRequirements = new Collection<ClaimTypeRequirement>(); if ((SecurityMode.Message != mode) && (SecurityMode.TransportWithMessageCredential != mode)) { throw new InvalidOperationException("ID3226"); } if ((this._keyType == SecurityKeyType.BearerKey) && (version == TrustVersion.WSTrustFeb2005)) { throw new InvalidOperationException("ID3267"); } this._keyType = keyType; this._algorithmSuite = algorithmSuite; this._tokenType = tokenType; this._issuerBinding = issuerBinding; this._issuerAddress = issuerAddress; this._issuerMetadataAddress = issuerMetadataAddress; if (claimTypeRequirements != null) { foreach (ClaimTypeRequirement requirement in claimTypeRequirements) { this._claimTypeRequirements.Add(requirement); } } }
protected override void StartPrimarySignatureCore(SecurityToken token, SecurityKeyIdentifier keyIdentifier, MessagePartSpecification signatureParts, bool generateTargettableSignature) { string str3; XmlDictionaryString str4; SecurityAlgorithmSuite algorithmSuite = base.AlgorithmSuite; string defaultCanonicalizationAlgorithm = algorithmSuite.DefaultCanonicalizationAlgorithm; XmlDictionaryString defaultCanonicalizationAlgorithmDictionaryString = algorithmSuite.DefaultCanonicalizationAlgorithmDictionaryString; if (defaultCanonicalizationAlgorithm != "http://www.w3.org/2001/10/xml-exc-c14n#") { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnsupportedCanonicalizationAlgorithm", new object[] { algorithmSuite.DefaultCanonicalizationAlgorithm }))); } algorithmSuite.GetSignatureAlgorithmAndKey(token, out str3, out this.signatureKey, out str4); string defaultDigestAlgorithm = algorithmSuite.DefaultDigestAlgorithm; XmlDictionaryString defaultDigestAlgorithmDictionaryString = algorithmSuite.DefaultDigestAlgorithmDictionaryString; this.signedInfo = new PreDigestedSignedInfo(ServiceModelDictionaryManager.Instance, defaultCanonicalizationAlgorithm, defaultCanonicalizationAlgorithmDictionaryString, defaultDigestAlgorithm, defaultDigestAlgorithmDictionaryString, str3, str4); this.signedXml = new SignedXml(this.signedInfo, ServiceModelDictionaryManager.Instance, base.StandardsManager.SecurityTokenSerializer); if (keyIdentifier != null) { this.signedXml.Signature.KeyIdentifier = keyIdentifier; } if (generateTargettableSignature) { this.signedXml.Id = base.GenerateId(); } this.effectiveSignatureParts = signatureParts; this.hashStream = this.signedInfo.ResourcePool.TakeHashStream(defaultDigestAlgorithm); }
private void AddAlgorithmParameters(SecurityAlgorithmSuite algorithmSuite, TrustVersion trustVersion, SecurityKeyType keyType, ref IssuedSecurityTokenParameters issuedParameters) { issuedParameters.AdditionalRequestParameters.Insert(0, this.CreateEncryptionAlgorithmElement(algorithmSuite.DefaultEncryptionAlgorithm)); issuedParameters.AdditionalRequestParameters.Insert(0, this.CreateCanonicalizationAlgorithmElement(algorithmSuite.DefaultCanonicalizationAlgorithm)); string signatureAlgorithm = null; string encryptionAlgorithm = null; switch (keyType) { case SecurityKeyType.SymmetricKey: signatureAlgorithm = algorithmSuite.DefaultSymmetricSignatureAlgorithm; encryptionAlgorithm = algorithmSuite.DefaultEncryptionAlgorithm; break; case SecurityKeyType.AsymmetricKey: signatureAlgorithm = algorithmSuite.DefaultAsymmetricSignatureAlgorithm; encryptionAlgorithm = algorithmSuite.DefaultAsymmetricKeyWrapAlgorithm; break; case SecurityKeyType.BearerKey: return; default: throw new ArgumentOutOfRangeException("keyType"); } issuedParameters.AdditionalRequestParameters.Insert(0, this.CreateSignWithElement(signatureAlgorithm)); issuedParameters.AdditionalRequestParameters.Insert(0, this.CreateEncryptWithElement(encryptionAlgorithm)); if (trustVersion != TrustVersion.WSTrustFeb2005) { issuedParameters.AdditionalRequestParameters.Insert(0, CreateKeyWrapAlgorithmElement(algorithmSuite.DefaultAsymmetricKeyWrapAlgorithm)); } }
protected void ValidateKeySize(GenericXmlSecurityToken issuedToken) { CommunicationObject.ThrowIfClosedOrNotOpen(); ReadOnlyCollection <SecurityKey> issuedKeys = issuedToken.SecurityKeys; if (issuedKeys != null && issuedKeys.Count == 1) { SymmetricSecurityKey symmetricKey = issuedKeys[0] as SymmetricSecurityKey; if (symmetricKey != null) { if (SecurityAlgorithmSuite.IsSymmetricKeyLengthSupported(symmetricKey.KeySize)) { return; } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.Format(SR.InvalidIssuedTokenKeySize, symmetricKey.KeySize))); } } } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.CannotObtainIssuedTokenKeySize)); } }
public SecurityHeader(Message message, string actor, bool mustUnderstand, bool relay, SecurityStandardsManager standardsManager, SecurityAlgorithmSuite algorithmSuite, MessageDirection transferDirection) { if (message == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("message"); } if (actor == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("actor"); } if (standardsManager == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("standardsManager"); } if (algorithmSuite == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("algorithmSuite"); } _message = message; _actor = actor; _mustUnderstand = mustUnderstand; _relay = relay; _standardsManager = standardsManager; _algorithmSuite = algorithmSuite; _transferDirection = transferDirection; }
protected SendSecurityHeader(Message message, string actor, bool mustUnderstand, bool relay, SecurityStandardsManager standardsManager, SecurityAlgorithmSuite algorithmSuite, MessageDirection transferDirection) : base(message, actor, mustUnderstand, relay, standardsManager, algorithmSuite, transferDirection) { throw ExceptionHelper.PlatformNotSupported(); }
protected SendSecurityHeader(Message message, string actor, bool mustUnderstand, bool relay, SecurityStandardsManager standardsManager, SecurityAlgorithmSuite algorithmSuite, MessageDirection transferDirection) : base(message, actor, mustUnderstand, relay, standardsManager, algorithmSuite, transferDirection) { this.elementContainer = new SendSecurityHeaderElementContainer(); }
protected SendSecurityHeader(Message message, string actor, bool mustUnderstand, bool relay, SecurityStandardsManager standardsManager, SecurityAlgorithmSuite algorithmSuite, MessageDirection transferDirection) : base(message, actor, mustUnderstand, relay, standardsManager, algorithmSuite, transferDirection) { ElementContainer = new SendSecurityHeaderElementContainer(); }
internal MessageSecurityOverTcp () { alg_suite = SecurityAlgorithmSuite.Default; // This default value is *silly* but anyways // such code that does not change this ClientCredentialType // won't work on Mono. client_credential_type = MessageCredentialType.Windows; }
IssuedSecurityTokenProvider CreateIssuedProviderBase(SecurityTokenRequirement r) { IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider(); p.TargetAddress = r.GetProperty <EndpointAddress> (ReqType.TargetAddressProperty); // FIXME: use it somewhere, probably to build // IssuerBinding. However, there is also IssuerBinding // property. SecureConversationSecurityBindingElement // as well. SecurityBindingElement sbe = r.GetProperty <SecurityBindingElement> (ReqType.SecurityBindingElementProperty); // I doubt the binding is acquired this way ... Binding binding; if (!r.TryGetProperty <Binding> (ReqType.IssuerBindingProperty, out binding)) { binding = new CustomBinding(sbe, new TextMessageEncodingBindingElement(), new HttpTransportBindingElement()); } p.IssuerBinding = binding; // not sure if it is used only for this purpose though ... BindingContext ctx = r.GetProperty <BindingContext> (ReqType.IssuerBindingContextProperty); foreach (IEndpointBehavior b in ctx.BindingParameters.FindAll <IEndpointBehavior> ()) { p.IssuerChannelBehaviors.Add(b); } SecurityTokenVersion ver = r.GetProperty <SecurityTokenVersion> (ReqType.MessageSecurityVersionProperty); p.SecurityTokenSerializer = CreateSecurityTokenSerializer(ver); // seems like they are optional here ... (but possibly // used later) EndpointAddress address; if (!r.TryGetProperty <EndpointAddress> (ReqType.IssuerAddressProperty, out address)) { address = p.TargetAddress; } p.IssuerAddress = address; // It is somehow not checked as mandatory ... SecurityAlgorithmSuite suite = null; r.TryGetProperty <SecurityAlgorithmSuite> (ReqType.SecurityAlgorithmSuiteProperty, out suite); p.SecurityAlgorithmSuite = suite; return(p); }
public FederatedMessageSecurityOverHttp() { negotiateServiceCredential = DefaultNegotiateServiceCredential; algorithmSuite = SecurityAlgorithmSuite.Default; issuedKeyType = DefaultIssuedKeyType; claimTypeRequirements = new Collection<ClaimTypeRequirement>(); tokenRequestParameters = new Collection<XmlElement>(); establishSecurityContext = DefaultEstablishSecurityContext; }
protected ReceiveSecurityHeader(Message message, string actor, bool mustUnderstand, bool relay, SecurityStandardsManager standardsManager, SecurityAlgorithmSuite algorithmSuite, int headerIndex, MessageDirection direction) : base(message, actor, mustUnderstand, relay, standardsManager, algorithmSuite, direction) { throw ExceptionHelper.PlatformNotSupported(); }
internal MessageSecurityOverHttp () { alg_suite = SecurityAlgorithmSuite.Default; // This default value is *silly* but anyways such // it is silly to expect that such code that does not // change ClientCredentialType works on Mono. client_credential_type = MessageCredentialType.Windows; negotiate_service_credential = true; }
public MessageSecurityOverTcp () { #if !MOBILE && !XAMMAC_4_5 alg_suite = SecurityAlgorithmSuite.Default; #endif // This default value is *silly* but anyways // such code that does not change this ClientCredentialType // won't work on Mono. client_credential_type = MessageCredentialType.Windows; }
internal static bool IsRsaSHA256(SecurityAlgorithmSuite suite) { if (suite == null) { return(false); } return(suite == Basic128Sha256 || suite == Basic128Sha256Rsa15 || suite == Basic192Sha256 || suite == Basic192Sha256Rsa15 || suite == Basic256Sha256 || suite == Basic256Sha256Rsa15 || suite == TripleDesSha256 || suite == TripleDesSha256Rsa15); }
protected ReceiveSecurityHeader(Message message, string actor, bool mustUnderstand, bool relay, SecurityStandardsManager standardsManager, SecurityAlgorithmSuite algorithmSuite, int headerIndex, MessageDirection direction) : base(message, actor, mustUnderstand, relay, standardsManager, algorithmSuite, direction) { HeaderIndex = headerIndex; ElementManager = new ReceiveSecurityHeaderElementManager(this); }
internal static void ValidateSymmetricKeyLength(int keyLength, SecurityAlgorithmSuite algorithmSuite) { if (!algorithmSuite.IsSymmetricKeyLengthSupported(keyLength)) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new ArgumentOutOfRangeException("algorithmSuite", System.ServiceModel.SR.GetString("UnsupportedKeyLength", new object[] { keyLength, algorithmSuite.ToString() }))); } if ((keyLength % 8) != 0) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new ArgumentOutOfRangeException("algorithmSuite", System.ServiceModel.SR.GetString("KeyLengthMustBeMultipleOfEight", new object[] { keyLength }))); } }
internal void InitializeFrom(MessageSecurityOverMsmq security) { if (security == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("security"); } SetPropertyValueIfNotDefaultValue(ConfigurationStrings.ClientCredentialType, security.ClientCredentialType); if (security.WasAlgorithmSuiteSet) { this.AlgorithmSuite = security.AlgorithmSuite; } }
internal static bool IsRsaSHA256(SecurityAlgorithmSuite suite) { if (suite == null) { return(false); } if ((((suite != Basic128Sha256) && (suite != Basic128Sha256Rsa15)) && ((suite != Basic192Sha256) && (suite != Basic192Sha256Rsa15))) && (((suite != Basic256Sha256) && (suite != Basic256Sha256Rsa15)) && (suite != TripleDesSha256))) { return(suite == TripleDesSha256Rsa15); } return(true); }
public SecurityHeader(Message message, string actor, bool mustUnderstand, bool relay, SecurityStandardsManager standardsManager, SecurityAlgorithmSuite algorithmSuite, MessageDirection transferDirection) { Message = message ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(message)); _actor = actor ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(actor)); _mustUnderstand = mustUnderstand; _relay = relay; StandardsManager = standardsManager ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(standardsManager)); AlgorithmSuite = algorithmSuite ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(algorithmSuite)); MessageDirection = transferDirection; }
internal ReceiveSecurityHeader CreateReceiveSecurityHeader(Message message, string actor, SecurityAlgorithmSuite algorithmSuite, MessageDirection direction) { ReceiveSecurityHeader header = this.TryCreateReceiveSecurityHeader(message, actor, algorithmSuite, direction); if (header != null) { return header; } if (string.IsNullOrEmpty(actor)) { throw TraceUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnableToFindSecurityHeaderInMessageNoActor")), message); } throw TraceUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnableToFindSecurityHeaderInMessage", new object[] { actor })), message); }
internal static void ValidateSymmetricKeyLength(int keyLength, SecurityAlgorithmSuite algorithmSuite) { if (!algorithmSuite.IsSymmetricKeyLengthSupported(keyLength)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new ArgumentOutOfRangeException("algorithmSuite", SR.GetString(SR.UnsupportedKeyLength, keyLength, algorithmSuite.ToString()))); } if (keyLength % 8 != 0) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new ArgumentOutOfRangeException("algorithmSuite", SR.GetString(SR.KeyLengthMustBeMultipleOfEight, keyLength))); } }
internal override ReceiveSecurityHeader CreateReceiveSecurityHeader(Message message, string actor, bool mustUnderstand, bool relay, SecurityStandardsManager standardsManager, SecurityAlgorithmSuite algorithmSuite, MessageDirection direction, int headerIndex) { return(new WSSecurityOneDotZeroReceiveSecurityHeader( message, actor, mustUnderstand, relay, standardsManager, algorithmSuite, headerIndex, direction)); }
internal ReceiveSecurityHeader TryCreateReceiveSecurityHeader(Message message, string actor, SecurityStandardsManager standardsManager, SecurityAlgorithmSuite algorithmSuite, MessageDirection direction) { int headerIndex = message.Headers.FindHeader(this.HeaderName.Value, this.HeaderNamespace.Value, new string[] { actor }); if ((headerIndex < 0) && string.IsNullOrEmpty(actor)) { headerIndex = message.Headers.FindHeader(this.HeaderName.Value, this.HeaderNamespace.Value, message.Version.Envelope.UltimateDestinationActorValues); } if (headerIndex < 0) { return null; } MessageHeaderInfo info = message.Headers[headerIndex]; return this.CreateReceiveSecurityHeader(message, info.Actor, info.MustUnderstand, info.Relay, standardsManager, algorithmSuite, direction, headerIndex); }
void InitializeAuthenticatorCommunicationObject(AuthenticatorCommunicationObject p, SecurityTokenRequirement r) { p.ListenUri = r.GetProperty <Uri> (ReqType.ListenUriProperty); // FIXME: use it somewhere, probably to build // IssuerBinding. However, there is also IssuerBinding // property. SecureConversationSecurityBindingElement // as well. SecurityBindingElement sbe = r.GetProperty <SecurityBindingElement> (ReqType.SecurityBindingElementProperty); p.SecurityBindingElement = sbe; /* * // I doubt the binding is acquired this way ... * Binding binding; * if (!r.TryGetProperty<Binding> (ReqType.IssuerBindingProperty, out binding)) * binding = new CustomBinding ( * new TextMessageEncodingBindingElement (), * new HttpTransportBindingElement ()); * p.IssuerBinding = binding; * * // not sure if it is used only for this purpose though ... * BindingContext ctx = r.GetProperty<BindingContext> (ReqType.IssuerBindingContextProperty); * foreach (IEndpointBehavior b in ctx.BindingParameters.FindAll<IEndpointBehavior> ()) * p.IssuerChannelBehaviors.Add (b); */ SecurityTokenVersion ver = r.GetProperty <SecurityTokenVersion> (ReqType.MessageSecurityVersionProperty); p.SecurityTokenSerializer = CreateSecurityTokenSerializer(ver); /* * // seems like they are optional here ... (but possibly * // used later) * EndpointAddress address; * if (!r.TryGetProperty<EndpointAddress> (ReqType.IssuerAddressProperty, out address)) * address = p.TargetAddress; * p.IssuerAddress = address; */ // It is somehow not checked as mandatory ... SecurityAlgorithmSuite suite = null; r.TryGetProperty <SecurityAlgorithmSuite> (ReqType.SecurityAlgorithmSuiteProperty, out suite); p.SecurityAlgorithmSuite = suite; }
protected SecurityProtocolFactory() { this.addTimestamp = true; this.detectReplays = true; this.incomingAlgorithmSuite = SecurityAlgorithmSuite.Default; this.maxCachedNonces = 0xdbba0; this.maxClockSkew = defaultMaxClockSkew; this.outgoingAlgorithmSuite = SecurityAlgorithmSuite.Default; this.replayWindow = defaultReplayWindow; this.standardsManager = SecurityStandardsManager.DefaultInstance; this.timestampValidityDuration = defaultTimestampValidityDuration; this.channelSupportingTokenAuthenticatorSpecification = new Collection <SupportingTokenAuthenticatorSpecification>(); this.scopedSupportingTokenAuthenticatorSpecification = new Dictionary <string, ICollection <SupportingTokenAuthenticatorSpecification> >(); this.communicationObject = new WrapperSecurityCommunicationObject(this); }
protected override void StartPrimarySignatureCore(SecurityToken token, SecurityKeyIdentifier keyIdentifier, MessagePartSpecification signatureParts, bool generateTargettableSignature) { SecurityAlgorithmSuite suite = AlgorithmSuite; string canonicalizationAlgorithm = suite.DefaultCanonicalizationAlgorithm; if (canonicalizationAlgorithm != SecurityAlgorithms.ExclusiveC14n) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new MessageSecurityException(SR.Format(SR.UnsupportedCanonicalizationAlgorithm, suite.DefaultCanonicalizationAlgorithm))); } string signatureAlgorithm; XmlDictionaryString signatureAlgorithmDictionaryString; SecurityKey signatureKey; suite.GetSignatureAlgorithmAndKey(token, out signatureAlgorithm, out signatureKey, out signatureAlgorithmDictionaryString); AsymmetricAlgorithm asymmetricAlgorithm = null; GetSigningAlgorithm(signatureKey, signatureAlgorithm, out _signingKey, out asymmetricAlgorithm); _signedXml = new SignedXml(); _signedXml.SignedInfo.CanonicalizationMethod = canonicalizationAlgorithm; _signedXml.SignedInfo.SignatureMethod = signatureAlgorithm; _signedXml.SigningKey = asymmetricAlgorithm; if (keyIdentifier != null) { var stream = new MemoryStream(); using (var xmlWriter = XmlDictionaryWriter.CreateTextWriter(stream, Encoding.UTF8, false)) { StandardsManager.SecurityTokenSerializer.WriteKeyIdentifier(xmlWriter, keyIdentifier); } stream.Position = 0; XmlDocument doc = new XmlDocument(); doc.Load(stream); var keyInfo = new KeyInfo(); keyInfo.LoadXml(doc.DocumentElement); _signedXml.KeyInfo = keyInfo; } if (generateTargettableSignature) { _signedXml.Signature.Id = GenerateId(); } _effectiveSignatureParts = signatureParts; }
static void AssertSecurityAlgorithmSuite ( string defaultAsymmetricKeyWrapAlgorithm, string defaultAsymmetricSignatureAlgorithm, string defaultCanonicalizationAlgorithm, string defaultDigestAlgorithm, string defaultEncryptionAlgorithm, int defaultEncryptionKeyDerivationLength, int defaultSignatureKeyDerivationLength, int defaultSymmetricKeyLength, string defaultSymmetricKeyWrapAlgorithm, string defaultSymmetricSignatureAlgorithm, SecurityAlgorithmSuite target, string label) { Assert.AreEqual (defaultAsymmetricKeyWrapAlgorithm, target.DefaultAsymmetricKeyWrapAlgorithm, label + ".DefaultAsymmetricKeyWrapAlgorithm"); Assert.AreEqual (defaultAsymmetricSignatureAlgorithm, target.DefaultAsymmetricSignatureAlgorithm, label + ".DefaultAsymmetricSignatureAlgorithm"); Assert.AreEqual (defaultCanonicalizationAlgorithm, target.DefaultCanonicalizationAlgorithm, label + ".DefaultCanonicalizationAlgorithm"); Assert.AreEqual (defaultDigestAlgorithm, target.DefaultDigestAlgorithm, label + ".DefaultDigestAlgorithm"); Assert.AreEqual (defaultEncryptionAlgorithm, target.DefaultEncryptionAlgorithm, label + ".DefaultEncryptionAlgorithm"); Assert.AreEqual (defaultEncryptionKeyDerivationLength, target.DefaultEncryptionKeyDerivationLength, label + ".DefaultEncryptionKeyDerivationLength"); Assert.AreEqual (defaultSignatureKeyDerivationLength, target.DefaultSignatureKeyDerivationLength, label + ".DefaultSignatureKeyDerivationLength"); Assert.AreEqual (defaultSymmetricKeyLength, target.DefaultSymmetricKeyLength, label + ".DefaultSymmetricKeyLength"); Assert.AreEqual (defaultSymmetricKeyWrapAlgorithm, target.DefaultSymmetricKeyWrapAlgorithm, label + ".DefaultSymmetricKeyWrapAlgorithm"); Assert.AreEqual (defaultSymmetricSignatureAlgorithm, target.DefaultSymmetricSignatureAlgorithm, label + ".DefaultSymmetricSignatureAlgorithm"); }
static SecurityAlgorithmSuite() { b128 = new BasicSecurityAlgorithmSuite(128, false, false); b128r = new BasicSecurityAlgorithmSuite(128, false, true); b128s = new BasicSecurityAlgorithmSuite(128, true, false); b128sr = new BasicSecurityAlgorithmSuite(128, true, true); b192 = new BasicSecurityAlgorithmSuite(192, false, false); b192r = new BasicSecurityAlgorithmSuite(192, false, true); b192s = new BasicSecurityAlgorithmSuite(192, true, false); b192sr = new BasicSecurityAlgorithmSuite(192, true, true); b256 = new BasicSecurityAlgorithmSuite(256, false, false); b256r = new BasicSecurityAlgorithmSuite(256, false, true); b256s = new BasicSecurityAlgorithmSuite(256, true, false); b256sr = new BasicSecurityAlgorithmSuite(256, true, true); tdes = new TripleDESSecurityAlgorithmSuite(false, false); tdes_r = new TripleDESSecurityAlgorithmSuite(false, true); tdes_s = new TripleDESSecurityAlgorithmSuite(true, false); tdes_sr = new TripleDESSecurityAlgorithmSuite(true, true); }
/// <summary> /// Creates a SAML assertion based on a symmetric proof key /// </summary> /// <param name="claims">A ClaimSet containing the claims to be placed into the SAML assertion</param> /// <param name="signatureToken">An X509SecurityToken that will be used to sign the SAML assertion</param> /// <param name="encryptionToken">An X509SecurityToken that will be used to encrypt the proof key</param> /// <param name="proofToken">A BinarySecretSecurityToken containing the proof key</param> /// <param name="algoSuite">The algorithm suite to use when performing cryptographic operations</param> /// <returns>A SAML assertion containing the passed in claims and proof key, signed by the provided signature token</returns> public static SamlAssertion CreateSymmetricKeyBasedAssertion(ClaimSet claims, X509SecurityToken signatureToken, X509SecurityToken encryptionToken, BinarySecretSecurityToken proofToken, SecurityAlgorithmSuite algoSuite) { // Check various input parameters if (claims == null) throw new ArgumentNullException("claims"); if (claims.Count == 0) throw new ArgumentException("Provided ClaimSet must contain at least one claim"); if (proofToken == null) throw new ArgumentNullException("proofToken"); if (signatureToken == null) throw new ArgumentNullException("signatureToken"); if (encryptionToken == null) throw new ArgumentNullException("encryptionToken"); if (proofToken == null) throw new ArgumentNullException("proofToken"); if (algoSuite == null) throw new ArgumentNullException("algoSuite"); // Get signing key and a key identifier for same SecurityKey signatureKey = signatureToken.SecurityKeys[0]; SecurityKeyIdentifierClause signatureSkic = signatureToken.CreateKeyIdentifierClause<X509ThumbprintKeyIdentifierClause>(); SecurityKeyIdentifier signatureKeyIdentifier = new SecurityKeyIdentifier(signatureSkic); // Get encryption key and a key identifier for same SecurityKey encryptionKey = encryptionToken.SecurityKeys[0]; SecurityKeyIdentifierClause encryptionSkic = encryptionToken.CreateKeyIdentifierClause<X509ThumbprintKeyIdentifierClause>(); SecurityKeyIdentifier encryptionKeyIdentifier = new SecurityKeyIdentifier(encryptionSkic); // Encrypt the proof key and create a key identifier for same byte[] proofKey = proofToken.GetKeyBytes(); byte[] encryptedSecret = new byte[proofKey.Length]; encryptedSecret = encryptionKey.EncryptKey(algoSuite.DefaultAsymmetricKeyWrapAlgorithm, proofKey); SecurityKeyIdentifier proofKeyIdentifier = new SecurityKeyIdentifier(new EncryptedKeyIdentifierClause(encryptedSecret, algoSuite.DefaultAsymmetricKeyWrapAlgorithm, encryptionKeyIdentifier)); // Create the assertion return CreateAssertion(claims, signatureKey, signatureKeyIdentifier, proofKeyIdentifier, algoSuite); }
protected static SymmetricAlgorithm CreateDecryptionAlgorithm(SecurityToken token, string encryptionMethod, SecurityAlgorithmSuite suite) { if (encryptionMethod == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("EncryptionMethodMissingInEncryptedData"))); } suite.EnsureAcceptableEncryptionAlgorithm(encryptionMethod); SymmetricSecurityKey securityKey = System.ServiceModel.Security.SecurityUtils.GetSecurityKey<SymmetricSecurityKey>(token); if (securityKey == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("TokenCannotCreateSymmetricCrypto", new object[] { token }))); } suite.EnsureAcceptableDecryptionSymmetricKeySize(securityKey, token); SymmetricAlgorithm symmetricAlgorithm = securityKey.GetSymmetricAlgorithm(encryptionMethod); if (symmetricAlgorithm == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnableToCreateSymmetricAlgorithmFromToken", new object[] { encryptionMethod }))); } return symmetricAlgorithm; }
/// <summary> /// Creates a SAML assertion based on an Asymmetric proof key /// </summary> /// <param name="claims">A ClaimSet containing the claims to be placed into the SAML assertion</param> /// <param name="proofToken">An RsaSecurityToken containing the proof key</param> /// <param name="algoSuite">The algorithm suite to use when performing cryptographic operations</param> /// <returns>A SAML assertion containing the passed in claims and proof key, signed by the proof key</returns> public static SamlAssertion CreateAsymmetricKeyBasedAssertion(ClaimSet claims, SecurityToken proofToken, SecurityAlgorithmSuite algoSuite) { // Check various input parameters if (claims == null) throw new ArgumentNullException("claims"); if (proofToken == null) throw new ArgumentNullException("proofToken"); if (claims.Count == 0) throw new ArgumentException("Provided ClaimSet must contain at least one claim"); // Create key identifier for proof key SecurityKeyIdentifier proofKeyIdentifier = new SecurityKeyIdentifier(proofToken.CreateKeyIdentifierClause<RsaKeyIdentifierClause>()); // Get signing key and a key identifier for same SecurityKey signatureKey = proofToken.SecurityKeys[0]; SecurityKeyIdentifier signatureKeyIdentifier = proofKeyIdentifier; // Create the assertion return CreateAssertion(claims, signatureKey, signatureKeyIdentifier, proofKeyIdentifier, algoSuite); }
internal ReceiveSecurityHeader CreateReceiveSecurityHeader(Message message, string actor, SecurityAlgorithmSuite algorithmSuite, MessageDirection direction) { ReceiveSecurityHeader header = TryCreateReceiveSecurityHeader(message, actor, algorithmSuite, direction); if (header == null) { if (String.IsNullOrEmpty(actor)) { throw System.ServiceModel.Diagnostics.TraceUtility.ThrowHelperError(new MessageSecurityException( SR.GetString(SR.UnableToFindSecurityHeaderInMessageNoActor)), message); } else { throw System.ServiceModel.Diagnostics.TraceUtility.ThrowHelperError(new MessageSecurityException( SR.GetString(SR.UnableToFindSecurityHeaderInMessage, actor)), message); } } return(header); }
internal SecurityProtocolFactory(SecurityProtocolFactory factory) : this() { if (factory == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(factory)); } ActAsInitiator = factory.ActAsInitiator; _addTimestamp = factory._addTimestamp; _detectReplays = factory._detectReplays; _incomingAlgorithmSuite = factory._incomingAlgorithmSuite; _maxCachedNonces = factory._maxCachedNonces; _maxClockSkew = factory._maxClockSkew; _outgoingAlgorithmSuite = factory._outgoingAlgorithmSuite; _replayWindow = factory._replayWindow; _channelSupportingTokenAuthenticatorSpecification = new Collection <SupportingTokenAuthenticatorSpecification>(new List <SupportingTokenAuthenticatorSpecification>(factory._channelSupportingTokenAuthenticatorSpecification)); _standardsManager = factory._standardsManager; _timestampValidityDuration = factory._timestampValidityDuration; _securityBindingElement = (SecurityBindingElement)factory._securityBindingElement?.Clone(); _securityTokenManager = factory._securityTokenManager; _nonceCache = factory._nonceCache; }
// The security always look for Empty soap role. If not found, we will also look for Ultimate actors (next incl). // In the future, till we support intermediary scenario, we should refactor this api to do not take actor parameter. internal ReceiveSecurityHeader TryCreateReceiveSecurityHeader(Message message, string actor, SecurityStandardsManager standardsManager, SecurityAlgorithmSuite algorithmSuite, MessageDirection direction) { int headerIndex = message.Headers.FindHeader(HeaderName.Value, HeaderNamespace.Value, actor); if (headerIndex < 0 && String.IsNullOrEmpty(actor)) { headerIndex = message.Headers.FindHeader(HeaderName.Value, HeaderNamespace.Value, message.Version.Envelope.UltimateDestinationActorValues); } if (headerIndex < 0) { return(null); } MessageHeaderInfo headerInfo = message.Headers[headerIndex]; return(CreateReceiveSecurityHeader(message, headerInfo.Actor, headerInfo.MustUnderstand, headerInfo.Relay, standardsManager, algorithmSuite, direction, headerIndex)); }
protected static SymmetricAlgorithm CreateDecryptionAlgorithm(SecurityToken token, string encryptionMethod, SecurityAlgorithmSuite suite) { if (encryptionMethod == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException( SR.GetString(SR.EncryptionMethodMissingInEncryptedData))); } suite.EnsureAcceptableEncryptionAlgorithm(encryptionMethod); SymmetricSecurityKey symmetricSecurityKey = SecurityUtils.GetSecurityKey<SymmetricSecurityKey>(token); if (symmetricSecurityKey == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException( SR.GetString(SR.TokenCannotCreateSymmetricCrypto, token))); } suite.EnsureAcceptableDecryptionSymmetricKeySize(symmetricSecurityKey, token); SymmetricAlgorithm algorithm = symmetricSecurityKey.GetSymmetricAlgorithm(encryptionMethod); if (algorithm == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException( SR.GetString(SR.UnableToCreateSymmetricAlgorithmFromToken, encryptionMethod))); } return algorithm; }
internal void AddAlgorithmParameters(SecurityAlgorithmSuite algorithmSuite, SecurityStandardsManager standardsManager, SecurityKeyType issuedKeyType) { this.additionalRequestParameters.Insert(0, standardsManager.TrustDriver.CreateEncryptionAlgorithmElement(algorithmSuite.DefaultEncryptionAlgorithm)); this.additionalRequestParameters.Insert(0, standardsManager.TrustDriver.CreateCanonicalizationAlgorithmElement(algorithmSuite.DefaultCanonicalizationAlgorithm)); if (this.keyType != SecurityKeyType.BearerKey) { string defaultEncryptionAlgorithm; string signatureAlgorithm = (this.keyType == SecurityKeyType.SymmetricKey) ? algorithmSuite.DefaultSymmetricSignatureAlgorithm : algorithmSuite.DefaultAsymmetricSignatureAlgorithm; this.additionalRequestParameters.Insert(0, standardsManager.TrustDriver.CreateSignWithElement(signatureAlgorithm)); if (issuedKeyType == SecurityKeyType.SymmetricKey) { defaultEncryptionAlgorithm = algorithmSuite.DefaultEncryptionAlgorithm; } else { defaultEncryptionAlgorithm = algorithmSuite.DefaultAsymmetricKeyWrapAlgorithm; } this.additionalRequestParameters.Insert(0, standardsManager.TrustDriver.CreateEncryptWithElement(defaultEncryptionAlgorithm)); if (standardsManager.TrustVersion != TrustVersion.WSTrustFeb2005) { this.additionalRequestParameters.Insert(0, ((WSTrustDec2005.DriverDec2005) standardsManager.TrustDriver).CreateKeyWrapAlgorithmElement(algorithmSuite.DefaultAsymmetricKeyWrapAlgorithm)); } } }
internal static IssuedSecurityTokenParameters CreateInfoCardParameters(SecurityStandardsManager standardsManager, SecurityAlgorithmSuite algorithm) { IssuedSecurityTokenParameters parameters = new IssuedSecurityTokenParameters("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1") { KeyType = SecurityKeyType.AsymmetricKey }; parameters.ClaimTypeRequirements.Add(new ClaimTypeRequirement(wsidPPIClaim)); parameters.IssuerAddress = null; parameters.AddAlgorithmParameters(algorithm, standardsManager, parameters.KeyType); return parameters; }
public virtual bool TryImportAlgorithmSuiteAssertion(ICollection<XmlElement> assertions, out SecurityAlgorithmSuite suite) { if (TryImportWsspAssertion(assertions, Basic256Name)) suite = SecurityAlgorithmSuite.Basic256; else if (TryImportWsspAssertion(assertions, Basic192Name)) suite = SecurityAlgorithmSuite.Basic192; else if (TryImportWsspAssertion(assertions, Basic128Name)) suite = SecurityAlgorithmSuite.Basic128; else if (TryImportWsspAssertion(assertions, TripleDesName)) suite = SecurityAlgorithmSuite.TripleDes; else if (TryImportWsspAssertion(assertions, Basic256Rsa15Name)) suite = SecurityAlgorithmSuite.Basic256Rsa15; else if (TryImportWsspAssertion(assertions, Basic192Rsa15Name)) suite = SecurityAlgorithmSuite.Basic192Rsa15; else if (TryImportWsspAssertion(assertions, Basic128Rsa15Name)) suite = SecurityAlgorithmSuite.Basic128Rsa15; else if (TryImportWsspAssertion(assertions, TripleDesRsa15Name)) suite = SecurityAlgorithmSuite.TripleDesRsa15; else if (TryImportWsspAssertion(assertions, Basic256Sha256Name)) suite = SecurityAlgorithmSuite.Basic256Sha256; else if (TryImportWsspAssertion(assertions, Basic192Sha256Name)) suite = SecurityAlgorithmSuite.Basic192Sha256; else if (TryImportWsspAssertion(assertions, Basic128Sha256Name)) suite = SecurityAlgorithmSuite.Basic128Sha256; else if (TryImportWsspAssertion(assertions, TripleDesSha256Name)) suite = SecurityAlgorithmSuite.TripleDesSha256; else if (TryImportWsspAssertion(assertions, Basic256Sha256Rsa15Name)) suite = SecurityAlgorithmSuite.Basic256Sha256Rsa15; else if (TryImportWsspAssertion(assertions, Basic192Sha256Rsa15Name)) suite = SecurityAlgorithmSuite.Basic192Sha256Rsa15; else if (TryImportWsspAssertion(assertions, Basic128Sha256Rsa15Name)) suite = SecurityAlgorithmSuite.Basic128Sha256Rsa15; else if (TryImportWsspAssertion(assertions, TripleDesSha256Rsa15Name)) suite = SecurityAlgorithmSuite.TripleDesSha256Rsa15; else suite = null; return suite != null; }
public virtual XmlElement CreateAlgorithmSuiteAssertion(SecurityAlgorithmSuite suite) { if (suite == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("suite"); } XmlElement result; if (suite == SecurityAlgorithmSuite.Basic256) result = CreateWsspAssertion(Basic256Name); else if (suite == SecurityAlgorithmSuite.Basic192) result = CreateWsspAssertion(Basic192Name); else if (suite == SecurityAlgorithmSuite.Basic128) result = CreateWsspAssertion(Basic128Name); else if (suite == SecurityAlgorithmSuite.TripleDes) result = CreateWsspAssertion(TripleDesName); else if (suite == SecurityAlgorithmSuite.Basic256Rsa15) result = CreateWsspAssertion(Basic256Rsa15Name); else if (suite == SecurityAlgorithmSuite.Basic192Rsa15) result = CreateWsspAssertion(Basic192Rsa15Name); else if (suite == SecurityAlgorithmSuite.Basic128Rsa15) result = CreateWsspAssertion(Basic128Rsa15Name); else if (suite == SecurityAlgorithmSuite.TripleDesRsa15) result = CreateWsspAssertion(TripleDesRsa15Name); else if (suite == SecurityAlgorithmSuite.Basic256Sha256) result = CreateWsspAssertion(Basic256Sha256Name); else if (suite == SecurityAlgorithmSuite.Basic192Sha256) result = CreateWsspAssertion(Basic192Sha256Name); else if (suite == SecurityAlgorithmSuite.Basic128Sha256) result = CreateWsspAssertion(Basic128Sha256Name); else if (suite == SecurityAlgorithmSuite.TripleDesSha256) result = CreateWsspAssertion(TripleDesSha256Name); else if (suite == SecurityAlgorithmSuite.Basic256Sha256Rsa15) result = CreateWsspAssertion(Basic256Sha256Rsa15Name); else if (suite == SecurityAlgorithmSuite.Basic192Sha256Rsa15) result = CreateWsspAssertion(Basic192Sha256Rsa15Name); else if (suite == SecurityAlgorithmSuite.Basic128Sha256Rsa15) result = CreateWsspAssertion(Basic128Sha256Rsa15Name); else if (suite == SecurityAlgorithmSuite.TripleDesSha256Rsa15) result = CreateWsspAssertion(TripleDesSha256Rsa15Name); else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("suite")); } return result; }
public virtual XmlElement CreateWsspAlgorithmSuiteAssertion(MetadataExporter exporter, SecurityAlgorithmSuite suite) { XmlElement result = CreateWsspAssertion(AlgorithmSuiteName); result.AppendChild( CreateWspPolicyWrapper( exporter, CreateAlgorithmSuiteAssertion(suite) )); return result; }
public MessageSecurityOverMsmq() { clientCredentialType = DefaultClientCredentialType; algorithmSuite = SecurityAlgorithmSuite.Default; }
internal static bool IsRsaSHA256(SecurityAlgorithmSuite suite) { if (suite == null) return false; return (suite == Basic128Sha256 || suite == Basic128Sha256Rsa15 || suite == Basic192Sha256 || suite == Basic192Sha256Rsa15 || suite == Basic256Sha256 || suite == Basic256Sha256Rsa15 || suite == TripleDesSha256 || suite == TripleDesSha256Rsa15); }
internal bool DoAlgorithmsMatch(SecurityAlgorithmSuite algorithmSuite, SecurityStandardsManager standardsManager, out Collection<XmlElement> otherRequestParameters) { Collection<XmlElement> additionalRequestParameters; bool flag = false; bool flag2 = false; bool flag3 = false; bool flag4 = false; bool flag5 = false; otherRequestParameters = new Collection<XmlElement>(); bool flag6 = false; if (((standardsManager.TrustVersion == TrustVersion.WSTrust13) && (this.AdditionalRequestParameters.Count == 1)) && ((WSTrustDec2005.DriverDec2005) standardsManager.TrustDriver).IsSecondaryParametersElement(this.AdditionalRequestParameters[0])) { flag6 = true; additionalRequestParameters = new Collection<XmlElement>(); foreach (XmlElement element in this.AdditionalRequestParameters[0]) { additionalRequestParameters.Add(element); } } else { additionalRequestParameters = this.AdditionalRequestParameters; } for (int i = 0; i < additionalRequestParameters.Count; i++) { string str; XmlElement element2 = additionalRequestParameters[i]; if (standardsManager.TrustDriver.IsCanonicalizationAlgorithmElement(element2, out str)) { if (algorithmSuite.DefaultCanonicalizationAlgorithm != str) { return false; } flag4 = true; } else if (standardsManager.TrustDriver.IsSignWithElement(element2, out str)) { if (((this.keyType == SecurityKeyType.SymmetricKey) && (str != algorithmSuite.DefaultSymmetricSignatureAlgorithm)) || ((this.keyType == SecurityKeyType.AsymmetricKey) && (str != algorithmSuite.DefaultAsymmetricSignatureAlgorithm))) { return false; } flag = true; } else if (standardsManager.TrustDriver.IsEncryptWithElement(element2, out str)) { if (((this.keyType == SecurityKeyType.SymmetricKey) && (str != algorithmSuite.DefaultEncryptionAlgorithm)) || ((this.keyType == SecurityKeyType.AsymmetricKey) && (str != algorithmSuite.DefaultAsymmetricKeyWrapAlgorithm))) { return false; } flag2 = true; } else if (standardsManager.TrustDriver.IsEncryptionAlgorithmElement(element2, out str)) { if (str != algorithmSuite.DefaultEncryptionAlgorithm) { return false; } flag3 = true; } else if (standardsManager.TrustDriver.IsKeyWrapAlgorithmElement(element2, out str)) { if (str != algorithmSuite.DefaultAsymmetricKeyWrapAlgorithm) { return false; } flag5 = true; } else { otherRequestParameters.Add(element2); } } if (flag6) { otherRequestParameters = this.AdditionalRequestParameters; } if (this.keyType == SecurityKeyType.BearerKey) { return true; } if (standardsManager.TrustVersion == TrustVersion.WSTrustFeb2005) { return (((flag && flag4) && flag3) && flag2); } return (((flag && flag4) && (flag3 && flag2)) && flag5); }
protected static SymmetricAlgorithm CreateDecryptionAlgorithm(SecurityToken token, string encryptionMethod, SecurityAlgorithmSuite suite) { if (encryptionMethod == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("EncryptionMethodMissingInEncryptedData"))); } suite.EnsureAcceptableEncryptionAlgorithm(encryptionMethod); SymmetricSecurityKey securityKey = System.ServiceModel.Security.SecurityUtils.GetSecurityKey <SymmetricSecurityKey>(token); if (securityKey == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("TokenCannotCreateSymmetricCrypto", new object[] { token }))); } suite.EnsureAcceptableDecryptionSymmetricKeySize(securityKey, token); SymmetricAlgorithm symmetricAlgorithm = securityKey.GetSymmetricAlgorithm(encryptionMethod); if (symmetricAlgorithm == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnableToCreateSymmetricAlgorithmFromToken", new object[] { encryptionMethod }))); } return(symmetricAlgorithm); }