/// <summary>
/// Attaches the stream to a set of buffers
/// </summary>
/// <param name="buffers">The buffers.</param>
public ArraySegmentStream(BufferCollection buffers)
{
m_buffers = buffers;
m_endOfLastBuffer = 0;
if (m_buffers.Count > 0)
{
m_endOfLastBuffer = m_buffers[m_buffers.Count-1].Count;
}
SetCurrentBuffer(0);
}
/// <summary>
/// Returns ownership of the buffers stored in the stream.
/// </summary>
/// <param name="owner">The owner.</param>
/// <returns></returns>
public BufferCollection GetBuffers(string owner)
{
BufferCollection buffers = new BufferCollection(m_buffers.Count);
for (int ii = 0; ii < m_buffers.Count; ii++)
{
m_bufferManager.TransferBuffer(m_buffers[ii].Array, owner);
buffers.Add(new ArraySegment<byte>(m_buffers[ii].Array, m_buffers[ii].Offset, GetBufferCount(ii)));
}
m_buffers.Clear();
return buffers;
}
/// <summary>
/// Creates a writeable stream that creates buffers as necessary.
/// </summary>
/// <param name="bufferManager">The buffer manager.</param>
/// <param name="bufferSize">Size of the buffer.</param>
/// <param name="start">The start.</param>
/// <param name="count">The count.</param>
public ArraySegmentStream(
BufferManager bufferManager,
int bufferSize,
int start,
int count)
{
m_buffers = new BufferCollection();
m_bufferManager = bufferManager;
m_bufferSize = bufferSize;
m_start = start;
m_count = count;
m_endOfLastBuffer = 0;
SetCurrentBuffer(0);
}
/// <summary>
/// Secures the message using the security token.
/// </summary>
protected BufferCollection WriteSymmetricMessage(
uint messageType,
uint requestId,
TcpChannelToken token,
object messageBody,
bool isRequest,
out bool limitsExceeded)
{
limitsExceeded = false;
bool success = false;
BufferCollection chunksToProcess = null;
try
{
// calculate chunk sizes.
int maxCipherTextSize = SendBufferSize - TcpMessageLimits.SymmetricHeaderSize;
int maxCipherBlocks = maxCipherTextSize/EncryptionBlockSize;
int maxPlainTextSize = maxCipherBlocks*EncryptionBlockSize;
int maxPayloadSize = maxPlainTextSize - SymmetricSignatureSize - 1 - TcpMessageLimits.SequenceHeaderSize;
int headerSize = TcpMessageLimits.SymmetricHeaderSize + TcpMessageLimits.SequenceHeaderSize;
// write the body to stream.
ArraySegmentStream ostrm = new ArraySegmentStream(
BufferManager,
SendBufferSize,
headerSize,
maxPayloadSize);
// check for encodeable body.
IEncodeable encodeable = messageBody as IEncodeable;
if (encodeable != null)
{
// debug code used to verify that message aborts are handled correctly.
// int maxMessageSize = Quotas.MessageContext.MaxMessageSize;
// Quotas.MessageContext.MaxMessageSize = Int32.MaxValue;
BinaryEncoder.EncodeMessage(encodeable, ostrm, Quotas.MessageContext);
// Quotas.MessageContext.MaxMessageSize = maxMessageSize;
}
// check for raw bytes.
ArraySegment<byte>? rawBytes = messageBody as ArraySegment<byte>?;
if (rawBytes != null)
{
BinaryEncoder encoder = new BinaryEncoder(ostrm, Quotas.MessageContext);
encoder.WriteRawBytes(rawBytes.Value.Array, rawBytes.Value.Offset, rawBytes.Value.Count);
encoder.Close();
}
chunksToProcess = ostrm.GetBuffers("WriteSymmetricMessage");
// ensure there is at least one chunk.
if (chunksToProcess.Count == 0)
{
byte[] buffer = BufferManager.TakeBuffer(SendBufferSize, "WriteSymmetricMessage");
chunksToProcess.Add(new ArraySegment<byte>(buffer, 0, 0));
}
BufferCollection chunksToSend = new BufferCollection(chunksToProcess.Capacity);
int messageSize = 0;
for (int ii = 0; ii < chunksToProcess.Count; ii++)
{
ArraySegment<byte> chunkToProcess = chunksToProcess[ii];
// nothing more to do if limits exceeded.
if (limitsExceeded)
{
BufferManager.ReturnBuffer(chunkToProcess.Array, "WriteSymmetricMessage");
continue;
}
MemoryStream strm = new MemoryStream(chunkToProcess.Array, 0, SendBufferSize);
BinaryEncoder encoder = new BinaryEncoder(strm, Quotas.MessageContext);
// check if the message needs to be aborted.
if (MessageLimitsExceeded(isRequest, messageSize + chunkToProcess.Count - headerSize, ii+1))
{
encoder.WriteUInt32(null, messageType | TcpMessageType.Abort);
// replace the body in the chunk with an error message.
BinaryEncoder errorEncoder = new BinaryEncoder(
chunkToProcess.Array,
chunkToProcess.Offset,
chunkToProcess.Count,
Quotas.MessageContext);
WriteErrorMessageBody(errorEncoder, (isRequest)?StatusCodes.BadRequestTooLarge:StatusCodes.BadResponseTooLarge);
int size = errorEncoder.Close();
chunkToProcess = new ArraySegment<byte>(chunkToProcess.Array, chunkToProcess.Offset, size);
limitsExceeded = true;
}
// check if the message is complete.
else if (ii == chunksToProcess.Count-1)
{
encoder.WriteUInt32(null, messageType | TcpMessageType.Final);
}
// more chunks to follow.
else
{
encoder.WriteUInt32(null, messageType | TcpMessageType.Intermediate);
}
int count = 0;
count += TcpMessageLimits.SequenceHeaderSize;
count += chunkToProcess.Count;
count += SymmetricSignatureSize;
// calculate the padding.
int padding = 0;
if (SecurityMode == MessageSecurityMode.SignAndEncrypt)
{
// reserve one byte for the padding size.
count++;
if (count%EncryptionBlockSize != 0)
{
padding = EncryptionBlockSize - (count%EncryptionBlockSize);
}
count += padding;
}
count += TcpMessageLimits.SymmetricHeaderSize;
encoder.WriteUInt32(null, (uint)count);
encoder.WriteUInt32(null, ChannelId);
encoder.WriteUInt32(null, token.TokenId);
uint sequenceNumber = GetNewSequenceNumber();
encoder.WriteUInt32(null, sequenceNumber);
encoder.WriteUInt32(null, requestId);
// skip body.
strm.Seek(chunkToProcess.Count, SeekOrigin.Current);
// update message size count.
messageSize += chunkToProcess.Count;
// write padding.
if (SecurityMode == MessageSecurityMode.SignAndEncrypt)
{
for (int jj = 0; jj <= padding; jj++)
{
encoder.WriteByte(null, (byte)padding);
}
}
if (SecurityMode != MessageSecurityMode.None)
{
// calculate and write signature.
byte[] signature = Sign(token, new ArraySegment<byte>(chunkToProcess.Array, 0, encoder.Position), isRequest);
if (signature != null)
{
encoder.WriteRawBytes(signature, 0, signature.Length);
}
}
if (SecurityMode == MessageSecurityMode.SignAndEncrypt)
{
// encrypt the data.
ArraySegment<byte> dataToEncrypt = new ArraySegment<byte>(chunkToProcess.Array, TcpMessageLimits.SymmetricHeaderSize, encoder.Position-TcpMessageLimits.SymmetricHeaderSize);
Encrypt(token, dataToEncrypt, isRequest);
}
// add the header into chunk.
chunksToSend.Add(new ArraySegment<byte>(chunkToProcess.Array, 0, encoder.Position));
}
// ensure the buffers don't get cleaned up on exit.
success = true;
return chunksToSend;
}
finally
{
if (!success)
{
if (chunksToProcess != null)
{
chunksToProcess.Release(BufferManager, "WriteSymmetricMessage");
}
}
}
}
/// <summary>
/// Parses the response return from the server.
/// </summary>
private IServiceResponse ParseResponse(BufferCollection chunksToProcess)
{
BinaryDecoder decoder = new BinaryDecoder(new ArraySegmentStream(chunksToProcess), Quotas.MessageContext);
try
{
IServiceResponse response = BinaryDecoder.DecodeMessage(new ArraySegmentStream(chunksToProcess), null, Quotas.MessageContext) as IServiceResponse;
if (response == null)
{
throw ServiceResultException.Create(StatusCodes.BadStructureMissing, "Could not parse response body.");
}
return response;
}
finally
{
decoder.Close();
}
}
/// <summary>
/// Sends a OpenSecureChannel response.
/// </summary>
protected BufferCollection WriteAsymmetricMessage(
uint messageType,
uint requestId,
X509Certificate2 senderCertificate,
X509Certificate2 receiverCertificate,
ArraySegment<byte> messageBody)
{
bool success = false;
BufferCollection chunksToSend = new BufferCollection();
byte[] buffer = BufferManager.TakeBuffer(SendBufferSize, "WriteAsymmetricMessage");
try
{
int headerSize = GetAsymmetricHeaderSize(SecurityPolicyUri, senderCertificate);
int signatureSize = GetAsymmetricSignatureSize(senderCertificate);
BinaryEncoder encoder = new BinaryEncoder(buffer, 0, SendBufferSize, Quotas.MessageContext);
WriteAsymmetricMessageHeader(
encoder,
messageType | TcpMessageType.Intermediate,
ChannelId,
SecurityPolicyUri,
senderCertificate,
receiverCertificate);
// save the header.
ArraySegment<byte> header = new ArraySegment<byte>(buffer, 0, headerSize);
// calculate the space available.
int plainTextBlockSize = GetPlainTextBlockSize(receiverCertificate);
int cipherTextBlockSize = GetCipherTextBlockSize(receiverCertificate);
int maxCipherTextSize = SendBufferSize - headerSize;
int maxCipherBlocks = maxCipherTextSize/cipherTextBlockSize;
int maxPlainTextSize = maxCipherBlocks*plainTextBlockSize;
int maxPayloadSize = maxPlainTextSize - signatureSize - 1 - TcpMessageLimits.SequenceHeaderSize;
int bytesToWrite = messageBody.Count;
int startOfBytes = messageBody.Offset;
while (bytesToWrite > 0)
{
encoder.WriteUInt32(null, GetNewSequenceNumber());
encoder.WriteUInt32(null, requestId);
int payloadSize = bytesToWrite;
if (payloadSize > maxPayloadSize)
{
payloadSize = maxPayloadSize;
}
else
{
UpdateMessageType(buffer, 0, messageType | TcpMessageType.Final);
}
// write the message body.
encoder.WriteRawBytes(messageBody.Array, messageBody.Offset+startOfBytes, payloadSize);
// calculate the amount of plain text to encrypt.
int plainTextSize = encoder.Position - headerSize + signatureSize;
// calculate the padding.
int padding = 0;
if (SecurityMode != MessageSecurityMode.None)
{
if (receiverCertificate.PublicKey.Key.KeySize <= TcpMessageLimits.KeySizeExtraPadding)
{
// need to reserve one byte for the padding.
plainTextSize++;
if (plainTextSize % plainTextBlockSize != 0)
{
padding = plainTextBlockSize - (plainTextSize % plainTextBlockSize);
}
encoder.WriteByte(null, (byte)padding);
for (int ii = 0; ii < padding; ii++)
{
encoder.WriteByte(null, (byte)padding);
}
}
else
{
// need to reserve one byte for the padding.
plainTextSize++;
// need to reserve one byte for the extrapadding.
plainTextSize++;
if (plainTextSize % plainTextBlockSize != 0)
{
padding = plainTextBlockSize - (plainTextSize % plainTextBlockSize);
}
byte paddingSize = (byte)(padding & 0xff);
byte extraPaddingByte = (byte)((padding >> 8) & 0xff);
encoder.WriteByte(null, paddingSize);
for (int ii = 0; ii < padding; ii++)
{
encoder.WriteByte(null, (byte)paddingSize);
}
encoder.WriteByte(null, extraPaddingByte);
}
// update the plaintext size with the padding size.
plainTextSize += padding;
}
// calculate the number of block to encrypt.
int encryptedBlocks = plainTextSize/plainTextBlockSize;
// calculate the size of the encrypted data.
int cipherTextSize = encryptedBlocks*cipherTextBlockSize;
// put the message size after encryption into the header.
UpdateMessageSize(buffer, 0, cipherTextSize + headerSize);
// write the signature.
byte[] signature = Sign(new ArraySegment<byte>(buffer, 0, encoder.Position), senderCertificate);
if (signature != null)
{
encoder.WriteRawBytes(signature, 0, signature.Length);
}
int messageSize = encoder.Close();
// encrypt the data.
ArraySegment<byte> encryptedBuffer = Encrypt(
new ArraySegment<byte>(buffer, headerSize, messageSize-headerSize),
header,
receiverCertificate);
// check for math errors due to code bugs.
if (encryptedBuffer.Count != cipherTextSize + headerSize)
{
throw new InvalidDataException("Actual message size is not the same as the predicted message size.");
}
// save chunk.
chunksToSend.Add(encryptedBuffer);
bytesToWrite -= payloadSize;
startOfBytes += payloadSize;
// reset the encoder to write the plaintext for the next chunk into the same buffer.
if (bytesToWrite > 0)
{
MemoryStream ostrm = new MemoryStream(buffer, 0, SendBufferSize);
ostrm.Seek(header.Count, SeekOrigin.Current);
encoder = new BinaryEncoder(ostrm, Quotas.MessageContext);
}
}
// ensure the buffers don't get clean up on exit.
success = true;
return chunksToSend;
}
finally
{
BufferManager.ReturnBuffer(buffer, "WriteAsymmetricMessage");
if (!success)
{
chunksToSend.Release(BufferManager, "WriteAsymmetricMessage");
}
}
}
/// <summary>
/// Called when a write operation completes.
/// </summary>
protected override void HandleWriteComplete(BufferCollection buffers, object state, int bytesWritten, ServiceResult result)
{
lock (DataLock)
{
WriteOperation operation = state as WriteOperation;
if (operation != null)
{
if (ServiceResult.IsBad(result))
{
operation.Fault(new ServiceResult(StatusCodes.BadSecurityChecksFailed, result));
}
}
}
base.HandleWriteComplete(buffers, state, bytesWritten, result);
}
