public HttpsChannelListener(HttpsTransportBindingElement httpsBindingElement, BindingContext context) : base(httpsBindingElement, context)
{
this.requireClientCertificate = httpsBindingElement.RequireClientCertificate;
SecurityCredentialsManager manager = context.BindingParameters.Find <SecurityCredentialsManager>();
if (manager == null)
{
manager = ServiceCredentials.CreateDefaultCredentials();
}
SecurityTokenManager tokenManager = manager.CreateSecurityTokenManager();
this.certificateAuthenticator = TransportSecurityHelpers.GetCertificateTokenAuthenticator(tokenManager, context.Binding.Scheme, TransportSecurityHelpers.GetListenUri(context.ListenUriBaseAddress, context.ListenUriRelativeAddress));
ServiceCredentials credentials = manager as ServiceCredentials;
if ((credentials != null) && (credentials.ClientCertificate.Authentication.CertificateValidationMode == X509CertificateValidationMode.Custom))
{
this.useCustomClientCertificateVerification = true;
}
else
{
this.useCustomClientCertificateVerification = false;
X509SecurityTokenAuthenticator certificateAuthenticator = this.certificateAuthenticator as X509SecurityTokenAuthenticator;
if (certificateAuthenticator != null)
{
this.certificateAuthenticator = new X509SecurityTokenAuthenticator(X509CertificateValidator.None, certificateAuthenticator.MapCertificateToWindowsAccount, base.ExtractGroupsForWindowsAccounts, false);
}
}
if (this.RequireClientCertificate && (base.AuthenticationScheme != AuthenticationSchemes.Anonymous))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new InvalidOperationException(System.ServiceModel.SR.GetString("HttpAuthSchemeAndClientCert", new object[] { base.AuthenticationScheme })), TraceEventType.Error);
}
this.channelBindingProvider = new ChannelBindingProviderHelper();
}
internal HttpsChannelFactory(HttpsTransportBindingElement httpsBindingElement, BindingContext context)
: base(httpsBindingElement, context)
{
this.requireClientCertificate = httpsBindingElement.RequireClientCertificate;
this.channelBindingProvider = new ChannelBindingProviderHelper();
ClientCredentials credentials = context.BindingParameters.Find <ClientCredentials>();
if (credentials != null && credentials.ServiceCertificate.SslCertificateAuthentication != null)
{
this.sslCertificateValidator = credentials.ServiceCertificate.SslCertificateAuthentication.GetCertificateValidator();
this.remoteCertificateValidationCallback = new RemoteCertificateValidationCallback(RemoteCertificateValidationCallback);
}
}
protected override IRequestChannel CreateClientChannel(EndpointAddress target, Uri via)
{
IRequestChannel channel = base.CreateClientChannel(target, via);
if (!System.ServiceModel.Security.SecurityUtils.IsChannelBindingDisabled && (this.securityBindingElement is TransportSecurityBindingElement))
{
IChannelBindingProvider property = channel.GetProperty <IChannelBindingProvider>();
if (property != null)
{
property.EnableChannelBindingSupport();
}
}
return(channel);
}
public HttpsChannelListener(HttpsTransportBindingElement httpsBindingElement, BindingContext context)
: base(httpsBindingElement, context)
{
this.requireClientCertificate = httpsBindingElement.RequireClientCertificate;
this.shouldValidateClientCertificate = ShouldValidateClientCertificate(this.requireClientCertificate, context);
// Pick up the MapCertificateToWindowsAccount setting from the configured token authenticator.
SecurityCredentialsManager credentialProvider =
context.BindingParameters.Find <SecurityCredentialsManager>();
if (credentialProvider == null)
{
credentialProvider = ServiceCredentials.CreateDefaultCredentials();
}
SecurityTokenManager tokenManager = credentialProvider.CreateSecurityTokenManager();
this.certificateAuthenticator =
TransportSecurityHelpers.GetCertificateTokenAuthenticator(tokenManager, context.Binding.Scheme,
TransportSecurityHelpers.GetListenUri(context.ListenUriBaseAddress, context.ListenUriRelativeAddress));
ServiceCredentials serviceCredentials = credentialProvider as ServiceCredentials;
if (serviceCredentials != null &&
serviceCredentials.ClientCertificate.Authentication.CertificateValidationMode == X509CertificateValidationMode.Custom)
{
useCustomClientCertificateVerification = true;
}
else
{
useCustomClientCertificateVerification = false;
X509SecurityTokenAuthenticator authenticator = this.certificateAuthenticator as X509SecurityTokenAuthenticator;
if (authenticator != null)
{
this.certificateAuthenticator = new X509SecurityTokenAuthenticator(X509CertificateValidator.None,
authenticator.MapCertificateToWindowsAccount, this.ExtractGroupsForWindowsAccounts, false);
}
}
if (this.RequireClientCertificate &&
this.AuthenticationScheme.IsNotSet(AuthenticationSchemes.Anonymous))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new InvalidOperationException(SR.GetString(
SR.HttpAuthSchemeAndClientCert, this.AuthenticationScheme)), TraceEventType.Error);
}
this.channelBindingProvider = new ChannelBindingProviderHelper();
}
private void EnableChannelBindingSupport()
{
if (((this.securityProtocolFactory != null) && (this.securityProtocolFactory.ExtendedProtectionPolicy != null)) && (this.securityProtocolFactory.ExtendedProtectionPolicy.CustomChannelBinding != null))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(System.ServiceModel.SR.GetString("ExtendedProtectionPolicyCustomChannelBindingNotSupported")));
}
if ((!System.ServiceModel.Security.SecurityUtils.IsChannelBindingDisabled && System.ServiceModel.Security.SecurityUtils.IsSecurityBindingSuitableForChannelBinding(this.SecurityProtocolFactory.SecurityBindingElement as TransportSecurityBindingElement)) && (base.InnerChannel != null))
{
IChannelBindingProvider property = base.InnerChannel.GetProperty <IChannelBindingProvider>();
if (property != null)
{
property.EnableChannelBindingSupport();
}
}
}
protected override IRequestChannel CreateClientChannel(EndpointAddress target, Uri via)
{
IRequestChannel rstChannel = base.CreateClientChannel(target, via);
if (!SecurityUtils.IsChannelBindingDisabled && (this.securityBindingElement is TransportSecurityBindingElement))
{
// enable channel binding on this side channel
IChannelBindingProvider cbp = rstChannel.GetProperty <IChannelBindingProvider>();
if (cbp != null)
{
cbp.EnableChannelBindingSupport();
}
}
return(rstChannel);
}
private void EnableChannelBindingSupport()
{
if (this.securityProtocolFactory != null && this.securityProtocolFactory.ExtendedProtectionPolicy != null && this.securityProtocolFactory.ExtendedProtectionPolicy.CustomChannelBinding != null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError((Exception) new NotSupportedException(SR.GetString("ExtendedProtectionPolicyCustomChannelBindingNotSupported")));
}
if (System.ServiceModel.Security.SecurityUtils.IsChannelBindingDisabled || !System.ServiceModel.Security.SecurityUtils.IsSecurityBindingSuitableForChannelBinding(this.SecurityProtocolFactory.SecurityBindingElement as TransportSecurityBindingElement) || (object)this.InnerChannel == null)
{
return;
}
IChannelBindingProvider property = this.InnerChannel.GetProperty <IChannelBindingProvider>();
if (property == null)
{
return;
}
property.EnableChannelBindingSupport();
}
private void EnableChannelBindingSupport()
{
if (SecurityProtocolFactory != null && SecurityProtocolFactory.ExtendedProtectionPolicy != null && SecurityProtocolFactory.ExtendedProtectionPolicy.CustomChannelBinding != null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.Format(SR.ExtendedProtectionPolicyCustomChannelBindingNotSupported)));
}
// Do not enable channel binding if there is no reason as it sets up chunking mode.
if ((SecurityUtils.IsChannelBindingDisabled) || (!SecurityUtils.IsSecurityBindingSuitableForChannelBinding(SecurityProtocolFactory.SecurityBindingElement as TransportSecurityBindingElement)))
{
return;
}
if (InnerChannel != null)
{
IChannelBindingProvider cbp = InnerChannel.GetProperty <IChannelBindingProvider>();
if (cbp != null)
{
cbp.EnableChannelBindingSupport();
}
}
}
internal HttpsChannelFactory(HttpsTransportBindingElement httpsBindingElement, BindingContext context) : base(httpsBindingElement, context)
{
this.requireClientCertificate = httpsBindingElement.RequireClientCertificate;
this.channelBindingProvider = new ChannelBindingProviderHelper();
}
