internal static bool IsSecurityBindingSuitableForChannelBinding(TransportSecurityBindingElement securityBindingElement) { #if FEATURE_CORECLR throw new NotImplementedException("SupportingTokenParameters.Signed is not supported in .NET Core"); #else return(securityBindingElement != null && (SecurityUtils.AreSecurityTokenParametersSuitableForChannelBinding(securityBindingElement.EndpointSupportingTokenParameters.Endorsing) || SecurityUtils.AreSecurityTokenParametersSuitableForChannelBinding(securityBindingElement.EndpointSupportingTokenParameters.Signed) || (SecurityUtils.AreSecurityTokenParametersSuitableForChannelBinding(securityBindingElement.EndpointSupportingTokenParameters.SignedEncrypted) || SecurityUtils.AreSecurityTokenParametersSuitableForChannelBinding(securityBindingElement.EndpointSupportingTokenParameters.SignedEndorsing)))); #endif }
internal static Exception CreateSecurityFaultException(Message unverifiedMessage) { return(SecurityUtils.CreateSecurityFaultException(MessageFault.CreateFault(unverifiedMessage, 16384))); }
WrappedKeySecurityToken CreateWrappedKeyToken(string id, string encryptionMethod, string carriedKeyName, SecurityKeyIdentifier unwrappingTokenIdentifier, byte[] wrappedKey, SecurityTokenResolver tokenResolver) { ISspiNegotiationInfo sspiResolver = tokenResolver as ISspiNegotiationInfo; if (sspiResolver != null) { ISspiNegotiation unwrappingSspiContext = sspiResolver.SspiNegotiation; // ensure that the encryption algorithm is compatible if (encryptionMethod != unwrappingSspiContext.KeyEncryptionAlgorithm) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.BadKeyEncryptionAlgorithm, encryptionMethod))); } byte[] unwrappedKey = unwrappingSspiContext.Decrypt(wrappedKey); return(new WrappedKeySecurityToken(id, unwrappedKey, encryptionMethod, unwrappingSspiContext, unwrappedKey)); } else { if (tokenResolver == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("tokenResolver")); } if (unwrappingTokenIdentifier == null || unwrappingTokenIdentifier.Count == 0) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.MissingKeyInfoInEncryptedKey))); } SecurityToken unwrappingToken; SecurityHeaderTokenResolver resolver = tokenResolver as SecurityHeaderTokenResolver; if (resolver != null) { unwrappingToken = resolver.ExpectedWrapper; if (unwrappingToken != null) { if (!resolver.CheckExternalWrapperMatch(unwrappingTokenIdentifier)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException( SR.GetString(SR.EncryptedKeyWasNotEncryptedWithTheRequiredEncryptingToken, unwrappingToken))); } } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException( SR.GetString(SR.UnableToResolveKeyInfoForUnwrappingToken, unwrappingTokenIdentifier, resolver))); } } else { try { unwrappingToken = tokenResolver.ResolveToken(unwrappingTokenIdentifier); } catch (Exception exception) { if (exception is MessageSecurityException) { throw; } throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException( SR.GetString(SR.UnableToResolveKeyInfoForUnwrappingToken, unwrappingTokenIdentifier, tokenResolver), exception)); } } SecurityKey unwrappingSecurityKey; byte[] unwrappedKey = SecurityUtils.DecryptKey(unwrappingToken, encryptionMethod, wrappedKey, out unwrappingSecurityKey); return(new WrappedKeySecurityToken(id, unwrappedKey, encryptionMethod, unwrappingToken, unwrappingTokenIdentifier, wrappedKey, unwrappingSecurityKey)); } }
public virtual void OnOpen(TimeSpan timeout) { TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); if (this.factory.ActAsInitiator) { this.channelSupportingTokenProviderSpecification = new Collection <SupportingTokenProviderSpecification>(); this.scopedSupportingTokenProviderSpecification = new Dictionary <string, ICollection <SupportingTokenProviderSpecification> >(); AddSupportingTokenProviders(this.factory.SecurityBindingElement.EndpointSupportingTokenParameters, false, (IList <SupportingTokenProviderSpecification>) this.channelSupportingTokenProviderSpecification); AddSupportingTokenProviders(this.factory.SecurityBindingElement.OptionalEndpointSupportingTokenParameters, true, (IList <SupportingTokenProviderSpecification>) this.channelSupportingTokenProviderSpecification); foreach (string action in this.factory.SecurityBindingElement.OperationSupportingTokenParameters.Keys) { Collection <SupportingTokenProviderSpecification> providerSpecList = new Collection <SupportingTokenProviderSpecification>(); AddSupportingTokenProviders(this.factory.SecurityBindingElement.OperationSupportingTokenParameters[action], false, providerSpecList); this.scopedSupportingTokenProviderSpecification.Add(action, providerSpecList); } foreach (string action in this.factory.SecurityBindingElement.OptionalOperationSupportingTokenParameters.Keys) { Collection <SupportingTokenProviderSpecification> providerSpecList; ICollection <SupportingTokenProviderSpecification> existingList; if (this.scopedSupportingTokenProviderSpecification.TryGetValue(action, out existingList)) { providerSpecList = ((Collection <SupportingTokenProviderSpecification>)existingList); } else { providerSpecList = new Collection <SupportingTokenProviderSpecification>(); this.scopedSupportingTokenProviderSpecification.Add(action, providerSpecList); } this.AddSupportingTokenProviders(this.factory.SecurityBindingElement.OptionalOperationSupportingTokenParameters[action], true, providerSpecList); } if (!this.channelSupportingTokenProviderSpecification.IsReadOnly) { if (this.channelSupportingTokenProviderSpecification.Count == 0) { this.channelSupportingTokenProviderSpecification = EmptyTokenProviders; } else { this.factory.ExpectSupportingTokens = true; foreach (SupportingTokenProviderSpecification tokenProviderSpec in this.channelSupportingTokenProviderSpecification) { SecurityUtils.OpenTokenProviderIfRequired(tokenProviderSpec.TokenProvider, timeoutHelper.RemainingTime()); if (tokenProviderSpec.SecurityTokenAttachmentMode == SecurityTokenAttachmentMode.Endorsing || tokenProviderSpec.SecurityTokenAttachmentMode == SecurityTokenAttachmentMode.SignedEndorsing) { if (tokenProviderSpec.TokenParameters.RequireDerivedKeys && !tokenProviderSpec.TokenParameters.HasAsymmetricKey) { this.factory.ExpectKeyDerivation = true; } } } this.channelSupportingTokenProviderSpecification = new ReadOnlyCollection <SupportingTokenProviderSpecification>((Collection <SupportingTokenProviderSpecification>) this.channelSupportingTokenProviderSpecification); } } // create a merged map of the per operation supporting tokens MergeSupportingTokenProviders(timeoutHelper.RemainingTime()); } }
protected override void ReadCipherData(XmlDictionaryReader reader, long maxBufferSize) { _cipherText = SecurityUtils.ReadContentAsBase64(reader, maxBufferSize); }
static protected void ThrowIfFault(Message message, EndpointAddress target) { SecurityUtils.ThrowIfNegotiationFault(message, target); }
internal HttpDigestClientCredential(HttpDigestClientCredential other) { _allowedImpersonationLevel = other._allowedImpersonationLevel; _digestCredentials = SecurityUtils.GetNetworkCredentialsCopy(other._digestCredentials); _isReadOnly = other._isReadOnly; }
public void SetOutgoingSessionToken(SecurityToken token) { if (token == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token"); } lock (ThisLock) { this.outgoingSessionToken = token; if (this.requireDerivedKeys) { string derivationAlgorithm = SecurityUtils.GetKeyDerivationAlgorithm(this.sessionStandardsManager.MessageSecurityVersion.SecureConversationVersion); this.derivedSignatureToken = new DerivedKeySecurityToken(-1, 0, this.Factory.OutgoingAlgorithmSuite.GetSignatureKeyDerivationLength(token, this.sessionStandardsManager.MessageSecurityVersion.SecureConversationVersion), null, DerivedKeySecurityToken.DefaultNonceLength, token, this.Factory.SecurityTokenParameters.CreateKeyIdentifierClause(token, SecurityTokenReferenceStyle.External), derivationAlgorithm, SecurityUtils.GenerateId()); this.derivedEncryptionToken = new DerivedKeySecurityToken(-1, 0, this.Factory.OutgoingAlgorithmSuite.GetEncryptionKeyDerivationLength(token, this.sessionStandardsManager.MessageSecurityVersion.SecureConversationVersion), null, DerivedKeySecurityToken.DefaultNonceLength, token, this.Factory.SecurityTokenParameters.CreateKeyIdentifierClause(token, SecurityTokenReferenceStyle.External), derivationAlgorithm, SecurityUtils.GenerateId()); } } }
internal static WindowsIdentity CloneWindowsIdentityIfNecessary(WindowsIdentity wid) { return(SecurityUtils.CloneWindowsIdentityIfNecessary(wid, null)); }