WSFederationHttpSecurity(WSFederationHttpSecurityMode mode, FederatedMessageSecurityOverHttp messageSecurity) { Fx.Assert(WSFederationHttpSecurityModeHelper.IsDefined(mode), string.Format("Invalid WSFederationHttpSecurityMode value: {0}", mode.ToString())); this.mode = mode; this.messageSecurity = messageSecurity == null ? new FederatedMessageSecurityOverHttp() : messageSecurity; }
internal void ApplyConfiguration(FederatedMessageSecurityOverHttp security) { if (security == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("security"); } security.NegotiateServiceCredential = this.NegotiateServiceCredential; security.AlgorithmSuite = this.AlgorithmSuite; security.IssuedKeyType = this.IssuedKeyType; security.EstablishSecurityContext = this.EstablishSecurityContext; if (!string.IsNullOrEmpty(this.IssuedTokenType)) { security.IssuedTokenType = this.IssuedTokenType; } if (base.ElementInformation.Properties["issuer"].ValueOrigin != PropertyValueOrigin.Default) { security.IssuerAddress = ConfigLoader.LoadEndpointAddress(this.Issuer); if (!string.IsNullOrEmpty(this.Issuer.Binding)) { security.IssuerBinding = ConfigLoader.LookupBinding(this.Issuer.Binding, this.Issuer.BindingConfiguration, base.EvaluationContext); } } if (base.ElementInformation.Properties["issuerMetadata"].ValueOrigin != PropertyValueOrigin.Default) { security.IssuerMetadataAddress = ConfigLoader.LoadEndpointAddress(this.IssuerMetadata); } foreach (XmlElementElement element in this.TokenRequestParameters) { security.TokenRequestParameters.Add(element.XmlElement); } foreach (ClaimTypeElement element2 in this.ClaimTypeRequirements) { security.ClaimTypeRequirements.Add(new ClaimTypeRequirement(element2.ClaimType, element2.IsOptional)); } }
public void IssueToken_CalledOnFederationBinding_CallsIssueToken() { // Arrange var returnToken = MockRepository.GenerateStub<SecurityToken>(); var mockRepository = new MockRepository(); var securityTokenProvider = mockRepository.PartialMock<SecurityTokenProvider>(); securityTokenProvider.Stub(x => x.IssueToken(Arg<IWSTrustChannelContract>.Is.Anything, Arg<string>.Is.Anything, Arg<SecurityToken>.Is.Anything, Arg<SecurityToken>.Is.Anything)).Return(returnToken); securityTokenProvider.Replay(); var binding = MockRepository.GenerateStub<WS2007FederationHttpBinding>(); var messageSecurityOverHttp = new FederatedMessageSecurityOverHttp { IssuerAddress = new EndpointAddress("http://localhost/issuer"), IssuerBinding = new WS2007HttpBinding() }; binding.Security.Message = messageSecurityOverHttp; var actAsToken = MockRepository.GenerateStub<SecurityToken>(); // Act var actual = securityTokenProvider.IssueToken(binding, "http://localhost/service", actAsToken); // Assert securityTokenProvider.AssertWasCalled( x => x.IssueToken(Arg<IWSTrustChannelContract>.Is.Anything, Arg<string>.Is.Anything, Arg<SecurityToken>.Is.Anything, Arg<SecurityToken>.Is.Anything)); Assert.AreEqual(returnToken, actual); }
internal static bool TryCreate(SecurityBindingElement sbe, WSFederationHttpSecurityMode mode, HttpTransportSecurity transportSecurity, bool isReliableSessionEnabled, MessageSecurityVersion version, out WSFederationHttpSecurity security) { security = null; FederatedMessageSecurityOverHttp messageSecurity = null; if (sbe == null) { mode = WSFederationHttpSecurityMode.None; } else { mode &= WSFederationHttpSecurityMode.Message | WSFederationHttpSecurityMode.TransportWithMessageCredential; Fx.Assert(WSFederationHttpSecurityModeHelper.IsDefined(mode), string.Format("Invalid WSFederationHttpSecurityMode value: {0}", mode.ToString())); if (!FederatedMessageSecurityOverHttp.TryCreate(sbe, mode == WSFederationHttpSecurityMode.TransportWithMessageCredential, isReliableSessionEnabled, version, out messageSecurity)) { return(false); } } security = new WSFederationHttpSecurity(mode, messageSecurity); return(true); }
WSFederationHttpSecurity(WSFederationHttpSecurityMode mode, FederatedMessageSecurityOverHttp messageSecurity) { Fx.Assert(WSFederationHttpSecurityModeHelper.IsDefined(mode), string.Format("Invalid WSFederationHttpSecurityMode value: {0}", mode.ToString())); this.mode = mode; this.messageSecurity = messageSecurity == null ? new FederatedMessageSecurityOverHttp() : messageSecurity; }
internal void InitializeFrom(FederatedMessageSecurityOverHttp security) { if (security == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("security"); } this.NegotiateServiceCredential = security.NegotiateServiceCredential; this.AlgorithmSuite = security.AlgorithmSuite; this.IssuedKeyType = security.IssuedKeyType; if (!security.EstablishSecurityContext) { this.EstablishSecurityContext = security.EstablishSecurityContext; } if (security.IssuedTokenType != null) { this.IssuedTokenType = security.IssuedTokenType; } if (security.IssuerAddress != null) { this.Issuer.InitializeFrom(security.IssuerAddress); } if (security.IssuerMetadataAddress != null) { this.IssuerMetadata.InitializeFrom(security.IssuerMetadataAddress); } string bindingSectionName = null; if (security.IssuerBinding != null) { if (null == this.Issuer.Address) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ConfigurationErrorsException(System.ServiceModel.SR.GetString("ConfigNullIssuerAddress"))); } this.Issuer.BindingConfiguration = this.Issuer.Address.ToString(); BindingsSection.TryAdd(this.Issuer.BindingConfiguration, security.IssuerBinding, out bindingSectionName); this.Issuer.Binding = bindingSectionName; } foreach (XmlElement element in security.TokenRequestParameters) { this.TokenRequestParameters.Add(new XmlElementElement(element)); } foreach (ClaimTypeRequirement requirement in security.ClaimTypeRequirements) { ClaimTypeElement element2 = new ClaimTypeElement(requirement.ClaimType, requirement.IsOptional); this.ClaimTypeRequirements.Add(element2); } }
internal static bool TryCreate(SecurityBindingElement sbe, WSFederationHttpSecurityMode mode, HttpTransportSecurity transportSecurity, bool isReliableSessionEnabled, MessageSecurityVersion version, out WSFederationHttpSecurity security) { security = null; FederatedMessageSecurityOverHttp messageSecurity = null; if (sbe == null) { mode = WSFederationHttpSecurityMode.None; } else { mode &= WSFederationHttpSecurityMode.TransportWithMessageCredential | WSFederationHttpSecurityMode.Message; if (!FederatedMessageSecurityOverHttp.TryCreate(sbe, mode == WSFederationHttpSecurityMode.TransportWithMessageCredential, isReliableSessionEnabled, version, out messageSecurity)) { return(false); } } security = new WSFederationHttpSecurity(mode, messageSecurity); return(true); }
internal WSFederationHttpSecurity (WSFederationHttpSecurityMode mode) { this.Mode = mode; message = new FederatedMessageSecurityOverHttp (); }
private WSFederationHttpSecurity(WSFederationHttpSecurityMode mode, FederatedMessageSecurityOverHttp messageSecurity) { this.mode = mode; this.messageSecurity = (messageSecurity == null) ? new FederatedMessageSecurityOverHttp() : messageSecurity; }
internal static bool TryCreate(SecurityBindingElement sbe, bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version, out FederatedMessageSecurityOverHttp messageSecurity) { Fx.Assert(null != sbe, string.Empty); messageSecurity = null; // do not check local settings: sbe.LocalServiceSettings and sbe.LocalClientSettings if (!sbe.IncludeTimestamp) { return(false); } if (sbe.SecurityHeaderLayout != SecurityProtocolFactory.defaultSecurityHeaderLayout) { return(false); } bool emitBspAttributes = true; // Do not check MessageSecurityVersion: it maybe changed by the wrapper element and gets checked later in the SecuritySection.AreBindingsMatching() SecurityBindingElement bootstrapSecurity; bool establishSecurityContext = SecurityBindingElement.IsSecureConversationBinding(sbe, true, out bootstrapSecurity); bootstrapSecurity = establishSecurityContext ? bootstrapSecurity : sbe; if (isSecureTransportMode && !(bootstrapSecurity is TransportSecurityBindingElement)) { return(false); } bool negotiateServiceCredential = DefaultNegotiateServiceCredential; IssuedSecurityTokenParameters issuedTokenParameters; if (isSecureTransportMode) { if (!SecurityBindingElement.IsIssuedTokenOverTransportBinding(bootstrapSecurity, out issuedTokenParameters)) { return(false); } } else { // We should have passed 'true' as RequireCancelation to be consistent with other standard bindings. // However, to limit the change for Orcas, we scope down to just newer version of WSSecurityPolicy. if (SecurityBindingElement.IsIssuedTokenForSslBinding(bootstrapSecurity, version.SecurityPolicyVersion != SecurityPolicyVersion.WSSecurityPolicy11, out issuedTokenParameters)) { negotiateServiceCredential = true; } else if (SecurityBindingElement.IsIssuedTokenForCertificateBinding(bootstrapSecurity, out issuedTokenParameters)) { negotiateServiceCredential = false; } else { return(false); } } if ((issuedTokenParameters.KeyType == SecurityKeyType.BearerKey) && (version.TrustVersion == TrustVersion.WSTrustFeb2005)) { return(false); } Collection <XmlElement> nonAlgorithmRequestParameters; WSSecurityTokenSerializer versionSpecificSerializer = new WSSecurityTokenSerializer(version.SecurityVersion, version.TrustVersion, version.SecureConversationVersion, emitBspAttributes, null, null, null); SecurityStandardsManager versionSpecificStandardsManager = new SecurityStandardsManager(version, versionSpecificSerializer); if (!issuedTokenParameters.DoAlgorithmsMatch(sbe.DefaultAlgorithmSuite, versionSpecificStandardsManager, out nonAlgorithmRequestParameters)) { return(false); } messageSecurity = new FederatedMessageSecurityOverHttp(); messageSecurity.AlgorithmSuite = sbe.DefaultAlgorithmSuite; messageSecurity.NegotiateServiceCredential = negotiateServiceCredential; messageSecurity.EstablishSecurityContext = establishSecurityContext; messageSecurity.IssuedTokenType = issuedTokenParameters.TokenType; messageSecurity.IssuerAddress = issuedTokenParameters.IssuerAddress; messageSecurity.IssuerBinding = issuedTokenParameters.IssuerBinding; messageSecurity.IssuerMetadataAddress = issuedTokenParameters.IssuerMetadataAddress; messageSecurity.IssuedKeyType = issuedTokenParameters.KeyType; foreach (ClaimTypeRequirement c in issuedTokenParameters.ClaimTypeRequirements) { messageSecurity.ClaimTypeRequirements.Add(c); } foreach (XmlElement p in nonAlgorithmRequestParameters) { messageSecurity.TokenRequestParameters.Add(p); } if (issuedTokenParameters.AlternativeIssuerEndpoints != null && issuedTokenParameters.AlternativeIssuerEndpoints.Count > 0) { return(false); } return(true); }
// Methods internal void ApplyConfiguration (FederatedMessageSecurityOverHttp s) { s.AlgorithmSuite = AlgorithmSuite; foreach (ClaimTypeElement cte in ClaimTypeRequirements) s.ClaimTypeRequirements.Add (cte.Create ()); s.EstablishSecurityContext = EstablishSecurityContext; s.IssuedKeyType = IssuedKeyType; s.IssuedTokenType = IssuedTokenType; if (Issuer.Address != null) s.IssuerAddress = new EndpointAddress (Issuer.Address, Issuer.Identity.Create (), Issuer.Headers.Headers); if (!String.IsNullOrEmpty (Issuer.Binding)) s.IssuerBinding = ConfigUtil.CreateBinding (Issuer.Binding, Issuer.BindingConfiguration); if (IssuerMetadata.Address != null) s.IssuerMetadataAddress = new EndpointAddress (IssuerMetadata.Address, IssuerMetadata.Identity.Create (), IssuerMetadata.Headers.Headers); s.NegotiateServiceCredential = NegotiateServiceCredential; foreach (XmlElementElement xee in TokenRequestParameters) s.TokenRequestParameters.Add (xee.XmlElement); }
internal static bool TryCreate(SecurityBindingElement sbe, bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version, out FederatedMessageSecurityOverHttp messageSecurity) { Fx.Assert(null != sbe, string.Empty); messageSecurity = null; // do not check local settings: sbe.LocalServiceSettings and sbe.LocalClientSettings if (!sbe.IncludeTimestamp) return false; if (sbe.SecurityHeaderLayout != SecurityProtocolFactory.defaultSecurityHeaderLayout) return false; bool emitBspAttributes = true; // Do not check MessageSecurityVersion: it maybe changed by the wrapper element and gets checked later in the SecuritySection.AreBindingsMatching() SecurityBindingElement bootstrapSecurity; bool establishSecurityContext = SecurityBindingElement.IsSecureConversationBinding(sbe, true, out bootstrapSecurity); bootstrapSecurity = establishSecurityContext ? bootstrapSecurity : sbe; if (isSecureTransportMode && !(bootstrapSecurity is TransportSecurityBindingElement)) return false; bool negotiateServiceCredential = DefaultNegotiateServiceCredential; IssuedSecurityTokenParameters issuedTokenParameters; if (isSecureTransportMode) { if (!SecurityBindingElement.IsIssuedTokenOverTransportBinding(bootstrapSecurity, out issuedTokenParameters)) return false; } else { // We should have passed 'true' as RequireCancelation to be consistent with other standard bindings. // However, to limit the change for Orcas, we scope down to just newer version of WSSecurityPolicy. if (SecurityBindingElement.IsIssuedTokenForSslBinding(bootstrapSecurity, version.SecurityPolicyVersion != SecurityPolicyVersion.WSSecurityPolicy11, out issuedTokenParameters)) negotiateServiceCredential = true; else if (SecurityBindingElement.IsIssuedTokenForCertificateBinding(bootstrapSecurity, out issuedTokenParameters)) negotiateServiceCredential = false; else return false; } if ((issuedTokenParameters.KeyType == SecurityKeyType.BearerKey) && (version.TrustVersion == TrustVersion.WSTrustFeb2005)) { return false; } Collection<XmlElement> nonAlgorithmRequestParameters; WSSecurityTokenSerializer versionSpecificSerializer = new WSSecurityTokenSerializer(version.SecurityVersion, version.TrustVersion, version.SecureConversationVersion, emitBspAttributes, null, null, null); SecurityStandardsManager versionSpecificStandardsManager = new SecurityStandardsManager(version, versionSpecificSerializer); if (!issuedTokenParameters.DoAlgorithmsMatch(sbe.DefaultAlgorithmSuite, versionSpecificStandardsManager, out nonAlgorithmRequestParameters)) { return false; } messageSecurity = new FederatedMessageSecurityOverHttp(); messageSecurity.AlgorithmSuite = sbe.DefaultAlgorithmSuite; messageSecurity.NegotiateServiceCredential = negotiateServiceCredential; messageSecurity.EstablishSecurityContext = establishSecurityContext; messageSecurity.IssuedTokenType = issuedTokenParameters.TokenType; messageSecurity.IssuerAddress = issuedTokenParameters.IssuerAddress; messageSecurity.IssuerBinding = issuedTokenParameters.IssuerBinding; messageSecurity.IssuerMetadataAddress = issuedTokenParameters.IssuerMetadataAddress; messageSecurity.IssuedKeyType = issuedTokenParameters.KeyType; foreach (ClaimTypeRequirement c in issuedTokenParameters.ClaimTypeRequirements) { messageSecurity.ClaimTypeRequirements.Add(c); } foreach (XmlElement p in nonAlgorithmRequestParameters) { messageSecurity.TokenRequestParameters.Add(p); } if (issuedTokenParameters.AlternativeIssuerEndpoints != null && issuedTokenParameters.AlternativeIssuerEndpoints.Count > 0) { return false; } return true; }
internal static bool TryCreate(SecurityBindingElement sbe, bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version, out FederatedMessageSecurityOverHttp messageSecurity) { bool flag; bool flag2; bool flag3; IssuedSecurityTokenParameters parameters; Collection<XmlElement> collection; messageSecurity = null; if (sbe.IncludeTimestamp) { SecurityBindingElement element; if (sbe.SecurityHeaderLayout != SecurityHeaderLayout.Strict) { return false; } flag = true; flag2 = SecurityBindingElement.IsSecureConversationBinding(sbe, true, out element); element = flag2 ? element : sbe; if (isSecureTransportMode && !(element is TransportSecurityBindingElement)) { return false; } flag3 = true; if (isSecureTransportMode) { if (!SecurityBindingElement.IsIssuedTokenOverTransportBinding(element, out parameters)) { return false; } goto Label_0078; } if (SecurityBindingElement.IsIssuedTokenForSslBinding(element, version.SecurityPolicyVersion != SecurityPolicyVersion.WSSecurityPolicy11, out parameters)) { flag3 = true; goto Label_0078; } if (SecurityBindingElement.IsIssuedTokenForCertificateBinding(element, out parameters)) { flag3 = false; goto Label_0078; } } return false; Label_0078: if ((parameters.KeyType == SecurityKeyType.BearerKey) && (version.TrustVersion == TrustVersion.WSTrustFeb2005)) { return false; } WSSecurityTokenSerializer tokenSerializer = new WSSecurityTokenSerializer(version.SecurityVersion, version.TrustVersion, version.SecureConversationVersion, flag, null, null, null); SecurityStandardsManager standardsManager = new SecurityStandardsManager(version, tokenSerializer); if (!parameters.DoAlgorithmsMatch(sbe.DefaultAlgorithmSuite, standardsManager, out collection)) { return false; } messageSecurity = new FederatedMessageSecurityOverHttp(); messageSecurity.AlgorithmSuite = sbe.DefaultAlgorithmSuite; messageSecurity.NegotiateServiceCredential = flag3; messageSecurity.EstablishSecurityContext = flag2; messageSecurity.IssuedTokenType = parameters.TokenType; messageSecurity.IssuerAddress = parameters.IssuerAddress; messageSecurity.IssuerBinding = parameters.IssuerBinding; messageSecurity.IssuerMetadataAddress = parameters.IssuerMetadataAddress; messageSecurity.IssuedKeyType = parameters.KeyType; foreach (ClaimTypeRequirement requirement in parameters.ClaimTypeRequirements) { messageSecurity.ClaimTypeRequirements.Add(requirement); } foreach (XmlElement element2 in collection) { messageSecurity.TokenRequestParameters.Add(element2); } if ((parameters.AlternativeIssuerEndpoints != null) && (parameters.AlternativeIssuerEndpoints.Count > 0)) { return false; } return true; }
internal void InitializeFrom(FederatedMessageSecurityOverHttp security) { if (security == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("security"); } SetPropertyValueIfNotDefaultValue(ConfigurationStrings.NegotiateServiceCredential, security.NegotiateServiceCredential); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.AlgorithmSuite, security.AlgorithmSuite); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.IssuedKeyType, security.IssuedKeyType); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.EstablishSecurityContext, security.EstablishSecurityContext); if (security.IssuedTokenType != null) { this.IssuedTokenType = security.IssuedTokenType; } if (security.IssuerAddress != null) { this.Issuer.InitializeFrom(security.IssuerAddress); } if (security.IssuerMetadataAddress != null) { this.IssuerMetadata.InitializeFrom(security.IssuerMetadataAddress); } string bindingType = null; if (security.IssuerBinding != null) { if (null == this.Issuer.Address) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ConfigurationErrorsException(SR.GetString(SR.ConfigNullIssuerAddress))); } this.Issuer.BindingConfiguration = this.Issuer.Address.ToString(); BindingsSection.TryAdd(this.Issuer.BindingConfiguration, security.IssuerBinding, out bindingType); this.Issuer.Binding = bindingType; } foreach (XmlElement element in security.TokenRequestParameters) { this.TokenRequestParameters.Add(new XmlElementElement(element)); } foreach (ClaimTypeRequirement claimTypeRequirement in security.ClaimTypeRequirements) { ClaimTypeElement element = new ClaimTypeElement(claimTypeRequirement.ClaimType, claimTypeRequirement.IsOptional); this.ClaimTypeRequirements.Add(element); } }
internal static bool TryCreate(SecurityBindingElement sbe, bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version, out FederatedMessageSecurityOverHttp messageSecurity) { bool flag; bool flag2; bool flag3; IssuedSecurityTokenParameters parameters; Collection <XmlElement> collection; messageSecurity = null; if (sbe.IncludeTimestamp) { SecurityBindingElement element; if (sbe.SecurityHeaderLayout != SecurityHeaderLayout.Strict) { return(false); } flag = true; flag2 = SecurityBindingElement.IsSecureConversationBinding(sbe, true, out element); element = flag2 ? element : sbe; if (isSecureTransportMode && !(element is TransportSecurityBindingElement)) { return(false); } flag3 = true; if (isSecureTransportMode) { if (!SecurityBindingElement.IsIssuedTokenOverTransportBinding(element, out parameters)) { return(false); } goto Label_0078; } if (SecurityBindingElement.IsIssuedTokenForSslBinding(element, version.SecurityPolicyVersion != SecurityPolicyVersion.WSSecurityPolicy11, out parameters)) { flag3 = true; goto Label_0078; } if (SecurityBindingElement.IsIssuedTokenForCertificateBinding(element, out parameters)) { flag3 = false; goto Label_0078; } } return(false); Label_0078: if ((parameters.KeyType == SecurityKeyType.BearerKey) && (version.TrustVersion == TrustVersion.WSTrustFeb2005)) { return(false); } WSSecurityTokenSerializer tokenSerializer = new WSSecurityTokenSerializer(version.SecurityVersion, version.TrustVersion, version.SecureConversationVersion, flag, null, null, null); SecurityStandardsManager standardsManager = new SecurityStandardsManager(version, tokenSerializer); if (!parameters.DoAlgorithmsMatch(sbe.DefaultAlgorithmSuite, standardsManager, out collection)) { return(false); } messageSecurity = new FederatedMessageSecurityOverHttp(); messageSecurity.AlgorithmSuite = sbe.DefaultAlgorithmSuite; messageSecurity.NegotiateServiceCredential = flag3; messageSecurity.EstablishSecurityContext = flag2; messageSecurity.IssuedTokenType = parameters.TokenType; messageSecurity.IssuerAddress = parameters.IssuerAddress; messageSecurity.IssuerBinding = parameters.IssuerBinding; messageSecurity.IssuerMetadataAddress = parameters.IssuerMetadataAddress; messageSecurity.IssuedKeyType = parameters.KeyType; foreach (ClaimTypeRequirement requirement in parameters.ClaimTypeRequirements) { messageSecurity.ClaimTypeRequirements.Add(requirement); } foreach (XmlElement element2 in collection) { messageSecurity.TokenRequestParameters.Add(element2); } if ((parameters.AlternativeIssuerEndpoints != null) && (parameters.AlternativeIssuerEndpoints.Count > 0)) { return(false); } return(true); }
internal static bool TryCreate(SecurityBindingElement sbe, bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version, out FederatedMessageSecurityOverHttp messageSecurity) { throw new NotImplementedException(); }
internal WSFederationHttpSecurity(WSFederationHttpSecurityMode mode) { this.Mode = mode; message = new FederatedMessageSecurityOverHttp(); }
internal static bool TryCreate(SecurityBindingElement sbe, bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version, out FederatedMessageSecurityOverHttp messageSecurity) { messageSecurity = null; //Currently dotnet-svcutil don't support FederationHttpBinding, do nothing here return(false); }
private WSFederationHttpSecurity(WSFederationHttpSecurityMode mode, FederatedMessageSecurityOverHttp messageSecurity) { this.mode = mode; this.messageSecurity = (messageSecurity == null) ? new FederatedMessageSecurityOverHttp() : messageSecurity; }