/// <summary>
/// Prepares a message for transmit by applying signatures, nonces, etc.
/// </summary>
/// <param name="message">The message to prepare for sending.</param>
/// <remarks>
/// This method should NOT be called by derived types
/// except when sending ONE WAY request messages.
/// </remarks>
protected void PrepareMessageForSending(IProtocolMessage message)
{
ErrorUtilities.VerifyArgumentNotNull(message, "message");
Logger.DebugFormat("Preparing to send {0} ({1}) message.", message.GetType().Name, message.Version);
this.OnSending(message);
// Give the message a chance to do custom serialization.
IMessageWithEvents eventedMessage = message as IMessageWithEvents;
if (eventedMessage != null)
{
eventedMessage.OnSending();
}
MessageProtections appliedProtection = MessageProtections.None;
foreach (IChannelBindingElement bindingElement in this.outgoingBindingElements)
{
if (bindingElement.PrepareMessageForSending(message))
{
Logger.DebugFormat("Binding element {0} applied to message.", bindingElement.GetType().FullName);
// Ensure that only one protection binding element applies to this message
// for each protection type.
ErrorUtilities.VerifyProtocol((appliedProtection & bindingElement.Protection) == 0, MessagingStrings.TooManyBindingsOfferingSameProtection, bindingElement.Protection);
appliedProtection |= bindingElement.Protection;
}
else
{
Logger.DebugFormat("Binding element {0} did not apply to message.", bindingElement.GetType().FullName);
}
}
// Ensure that the message's protection requirements have been satisfied.
if ((message.RequiredProtection & appliedProtection) != message.RequiredProtection)
{
throw new UnprotectedMessageException(message, appliedProtection);
}
EnsureValidMessageParts(message);
message.EnsureValidMessage();
if (Logger.IsDebugEnabled)
{
Logger.DebugFormat(
"Sending {0} ({1}) message: {2}{3}",
message.GetType().Name,
message.Version,
Environment.NewLine,
new MessageDictionary(message).ToStringDeferred());
}
}
/// <summary>
/// Verifies the integrity and applicability of an incoming message.
/// </summary>
/// <param name="message">The message just received.</param>
/// <exception cref="ProtocolException">
/// Thrown when the message is somehow invalid.
/// This can be due to tampering, replay attack or expiration, among other things.
/// </exception>
protected virtual void VerifyMessageAfterReceiving(IProtocolMessage message)
{
Debug.Assert(message != null, "message == null");
if (Logger.IsDebugEnabled)
{
Logger.DebugFormat(
"Preparing to receive {0} ({1}) message:{2}{3}",
message.GetType().Name,
message.Version,
Environment.NewLine,
new MessageDictionary(message).ToStringDeferred());
}
MessageProtections appliedProtection = MessageProtections.None;
foreach (IChannelBindingElement bindingElement in this.incomingBindingElements)
{
if (bindingElement.PrepareMessageForReceiving(message))
{
Logger.DebugFormat("Binding element {0} applied to message.", bindingElement.GetType().FullName);
// Ensure that only one protection binding element applies to this message
// for each protection type.
ErrorUtilities.VerifyInternal((appliedProtection & bindingElement.Protection) == 0, MessagingStrings.TooManyBindingsOfferingSameProtection, bindingElement.Protection);
appliedProtection |= bindingElement.Protection;
}
else
{
Logger.DebugFormat("Binding element {0} did not apply to message.", bindingElement.GetType().FullName);
}
}
// Ensure that the message's protection requirements have been satisfied.
if ((message.RequiredProtection & appliedProtection) != message.RequiredProtection)
{
throw new UnprotectedMessageException(message, appliedProtection);
}
// Give the message a chance to do custom serialization.
IMessageWithEvents eventedMessage = message as IMessageWithEvents;
if (eventedMessage != null)
{
eventedMessage.OnReceiving();
}
// We do NOT verify that all required message parts are present here... the
// message deserializer did for us. It would be too late to do it here since
// they might look initialized by the time we have an IProtocolMessage instance.
message.EnsureValidMessage();
}
protected void ProcessOutgoingMessageAsync(IProtocolMessage message, CancellationToken cancellationToken)
{
Logger.Channel.DebugFormat("Preparing to send {0} ({1}) message.", message.GetType().Name, message.Version);
this.OnSending(message);
IMessageWithEvents eventedMessage = message as IMessageWithEvents;
if (eventedMessage != null)
{
eventedMessage.OnSending();
}
MessageProtections appliedProtection = MessageProtections.None;
foreach (IChannelBindingElement bindingElement in this.outgoingBindingElements)
{
Assumes.True(bindingElement.Channel != null);
MessageProtections?elementProtection = bindingElement.ProcessOutgoingMessageAsync(message, cancellationToken);
if (elementProtection.HasValue)
{
Logger.Bindings.DebugFormat("Binding element {0} applied to message.", bindingElement.GetType().FullName);
ErrorUtilities.VerifyProtocol((appliedProtection & elementProtection.Value) == 0, MessagingStrings.TooManyBindingsOfferingSameProtection, elementProtection.Value);
appliedProtection |= elementProtection.Value;
}
else
{
Logger.Bindings.DebugFormat("Binding element {0} did not apply to message.", bindingElement.GetType().FullName);
}
}
if ((message.RequiredProtection & appliedProtection) != message.RequiredProtection)
{
throw new UnprotectedMessageException(message, appliedProtection);
}
this.EnsureValidMessageParts(message);
message.EnsureValidMessage();
if (this.OutgoingMessageFilter != null)
{
this.OutgoingMessageFilter(message);
}
if (Logger.Channel.IsInfoEnabled()) // 日志
{
var directedMessage = message as IDirectedProtocolMessage;
string recipient = (directedMessage != null && directedMessage.Recipient != null) ? directedMessage.Recipient.AbsoluteUri : "<response>";
var messageAccessor = this.MessageDescriptions.GetAccessor(message);
Logger.Channel.InfoFormat(
"Prepared outgoing {0} ({1}) message for {2}: {3}{4}",
message.GetType().Name,
message.Version,
recipient,
Environment.NewLine,
messageAccessor.ToStringDeferred());
}
}
public void Serialize()
{
PolicyResponse resp = new PolicyResponse();
IMessageWithEvents respEvents = resp;
var fields = this.MessageDescriptions.GetAccessor(resp);
respEvents.OnSending();
Assert.AreEqual(1, fields.Count);
Assert.IsTrue(fields.ContainsKey("auth_policies"));
Assert.AreEqual(AuthenticationPolicies.None, fields["auth_policies"]);
resp.ActualPolicies.Add(AuthenticationPolicies.PhishingResistant);
respEvents.OnSending();
Assert.AreEqual(1, fields.Count);
Assert.AreEqual(AuthenticationPolicies.PhishingResistant, fields["auth_policies"]);
resp.ActualPolicies.Add(AuthenticationPolicies.PhysicalMultiFactor);
respEvents.OnSending();
Assert.AreEqual(1, fields.Count);
Assert.AreEqual(
AuthenticationPolicies.PhishingResistant + " " + AuthenticationPolicies.PhysicalMultiFactor,
fields["auth_policies"]);
resp.AuthenticationTimeUtc = DateTime.UtcNow;
respEvents.OnSending();
Assert.AreEqual(2, fields.Count);
Assert.IsTrue(fields.ContainsKey("auth_time"));
resp.NistAssuranceLevel = NistAssuranceLevel.Level3;
respEvents.OnSending();
Assert.AreEqual(4, fields.Count);
Assert.IsTrue(fields.ContainsKey("auth_level.ns.nist"));
Assert.AreEqual(Constants.AssuranceLevels.NistTypeUri, fields["auth_level.ns.nist"]);
Assert.IsTrue(fields.ContainsKey("auth_level.nist"));
Assert.AreEqual("3", fields["auth_level.nist"]);
resp.AssuranceLevels.Add("custom", "CU");
respEvents.OnSending();
Assert.AreEqual(6, fields.Count);
Assert.IsTrue(fields.ContainsKey("auth_level.ns.alias2"));
Assert.AreEqual("custom", fields["auth_level.ns.alias2"]);
Assert.IsTrue(fields.ContainsKey("auth_level.alias2"));
Assert.AreEqual("CU", fields["auth_level.alias2"]);
// and make sure the NIST is still there.
Assert.IsTrue(fields.ContainsKey("auth_level.ns.nist"));
Assert.AreEqual(Constants.AssuranceLevels.NistTypeUri, fields["auth_level.ns.nist"]);
Assert.IsTrue(fields.ContainsKey("auth_level.nist"));
Assert.AreEqual("3", fields["auth_level.nist"]);
}
public void Serialize()
{
PolicyRequest req = new PolicyRequest();
IMessageWithEvents reqEvents = req;
var fields = this.MessageDescriptions.GetAccessor(req);
reqEvents.OnSending();
Assert.AreEqual(1, fields.Count);
Assert.IsTrue(fields.ContainsKey("preferred_auth_policies"));
Assert.AreEqual(string.Empty, fields["preferred_auth_policies"]);
req.MaximumAuthenticationAge = TimeSpan.FromHours(1);
reqEvents.OnSending();
Assert.AreEqual(2, fields.Count);
Assert.IsTrue(fields.ContainsKey("max_auth_age"));
Assert.AreEqual(TimeSpan.FromHours(1).TotalSeconds.ToString(CultureInfo.InvariantCulture), fields["max_auth_age"]);
req.PreferredPolicies.Add("http://pol1/");
reqEvents.OnSending();
Assert.AreEqual("http://pol1/", fields["preferred_auth_policies"]);
req.PreferredPolicies.Add("http://pol2/");
reqEvents.OnSending();
Assert.AreEqual("http://pol1/ http://pol2/", fields["preferred_auth_policies"]);
req.PreferredAuthLevelTypes.Add("http://authtype1/");
reqEvents.OnSending();
Assert.AreEqual(4, fields.Count);
Assert.IsTrue(fields.ContainsKey("auth_level.ns.alias1"));
Assert.AreEqual("http://authtype1/", fields["auth_level.ns.alias1"]);
Assert.IsTrue(fields.ContainsKey("preferred_auth_level_types"));
Assert.AreEqual("alias1", fields["preferred_auth_level_types"]);
req.PreferredAuthLevelTypes.Add(Constants.AssuranceLevels.NistTypeUri);
reqEvents.OnSending();
Assert.AreEqual(5, fields.Count);
Assert.IsTrue(fields.ContainsKey("auth_level.ns.alias2"));
Assert.AreEqual("http://authtype1/", fields["auth_level.ns.alias2"]);
Assert.IsTrue(fields.ContainsKey("auth_level.ns.nist"));
Assert.AreEqual(Constants.AssuranceLevels.NistTypeUri, fields["auth_level.ns.nist"]);
Assert.AreEqual("alias2 nist", fields["preferred_auth_level_types"]);
}
protected virtual void ProcessIncomingMessageAsync(IProtocolMessage message, CancellationToken cancellationToken)
{
if (Logger.Channel.IsInfoEnabled()) // 日志记录
{
var messageAccessor = this.MessageDescriptions.GetAccessor(message, true);
Logger.Channel.InfoFormat(
"Processing incoming {0} ({1}) message:{2}{3}",
message.GetType().Name,
message.Version,
Environment.NewLine,
messageAccessor.ToStringDeferred());
}
if (this.IncomingMessageFilter != null)
{
this.IncomingMessageFilter(message);
}
MessageProtections appliedProtection = MessageProtections.None;
foreach (IChannelBindingElement bindingElement in this.IncomingBindingElements)
{
Assumes.True(bindingElement.Channel != null);
MessageProtections?elementProtection = bindingElement.ProcessIncomingMessageAsync(message, cancellationToken);
if (elementProtection.HasValue)
{
Logger.Bindings.DebugFormat("Binding element {0} applied to message.", bindingElement.GetType().FullName);
if ((appliedProtection & elementProtection.Value) != 0)
{
Logger.Bindings.WarnFormat(MessagingStrings.TooManyBindingsOfferingSameProtection, elementProtection.Value);
}
appliedProtection |= elementProtection.Value;
}
else
{
Logger.Bindings.DebugFormat("Binding element {0} did not apply to message.", bindingElement.GetType().FullName);
}
}
if ((message.RequiredProtection & appliedProtection) != message.RequiredProtection)
{
throw new UnprotectedMessageException(message, appliedProtection);
}
IMessageWithEvents eventedMessage = message as IMessageWithEvents;
if (eventedMessage != null)
{
eventedMessage.OnReceiving();
}
if (Logger.Channel.IsDebugEnabled()) // 日志记录
{
var messageAccessor = this.MessageDescriptions.GetAccessor(message);
Logger.Channel.DebugFormat(
"After binding element processing, the received {0} ({1}) message is: {2}{3}",
message.GetType().Name,
message.Version,
Environment.NewLine,
messageAccessor.ToStringDeferred());
}
message.EnsureValidMessage();
}
