internal ChannelProtectionRequirements GetProtectionRequirements(AddressingVersion addressing, ProtectionLevel defaultProtectionLevel) { if (addressing == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(addressing)); } ChannelProtectionRequirements result = new ChannelProtectionRequirements(); ProtectionLevel supportedRequestProtectionLevel = GetIndividualProperty <ISecurityCapabilities>().SupportedRequestProtectionLevel; ProtectionLevel supportedResponseProtectionLevel = GetIndividualProperty <ISecurityCapabilities>().SupportedResponseProtectionLevel; bool canSupportMoreThanTheDefault = (ProtectionLevelHelper.IsStrongerOrEqual(supportedRequestProtectionLevel, defaultProtectionLevel) && ProtectionLevelHelper.IsStrongerOrEqual(supportedResponseProtectionLevel, defaultProtectionLevel)); if (canSupportMoreThanTheDefault) { MessagePartSpecification signedParts = new MessagePartSpecification(); MessagePartSpecification encryptedParts = new MessagePartSpecification(); if (defaultProtectionLevel != ProtectionLevel.None) { signedParts.IsBodyIncluded = true; if (defaultProtectionLevel == ProtectionLevel.EncryptAndSign) { encryptedParts.IsBodyIncluded = true; } } signedParts.MakeReadOnly(); encryptedParts.MakeReadOnly(); if (addressing.FaultAction != null) { // Addressing faults result.IncomingSignatureParts.AddParts(signedParts, addressing.FaultAction); result.OutgoingSignatureParts.AddParts(signedParts, addressing.FaultAction); result.IncomingEncryptionParts.AddParts(encryptedParts, addressing.FaultAction); result.OutgoingEncryptionParts.AddParts(encryptedParts, addressing.FaultAction); } if (addressing.DefaultFaultAction != null) { // Faults that do not specify a particular action result.IncomingSignatureParts.AddParts(signedParts, addressing.DefaultFaultAction); result.OutgoingSignatureParts.AddParts(signedParts, addressing.DefaultFaultAction); result.IncomingEncryptionParts.AddParts(encryptedParts, addressing.DefaultFaultAction); result.OutgoingEncryptionParts.AddParts(encryptedParts, addressing.DefaultFaultAction); } // Infrastructure faults result.IncomingSignatureParts.AddParts(signedParts, FaultCodeConstants.Actions.NetDispatcher); result.OutgoingSignatureParts.AddParts(signedParts, FaultCodeConstants.Actions.NetDispatcher); result.IncomingEncryptionParts.AddParts(encryptedParts, FaultCodeConstants.Actions.NetDispatcher); result.OutgoingEncryptionParts.AddParts(encryptedParts, FaultCodeConstants.Actions.NetDispatcher); } return(result); }
private ISecurityCapabilities GetSecurityCapabilities(BindingContext context) { ISecurityCapabilities thisSecurityCapability = GetIndividualISecurityCapabilities(); ISecurityCapabilities lowerSecurityCapability = context.GetInnerProperty <ISecurityCapabilities>(); if (lowerSecurityCapability == null) { return(thisSecurityCapability); } else { bool supportsClientAuth = thisSecurityCapability.SupportsClientAuthentication; bool supportsClientWindowsIdentity = thisSecurityCapability.SupportsClientWindowsIdentity; bool supportsServerAuth = thisSecurityCapability.SupportsServerAuthentication || lowerSecurityCapability.SupportsServerAuthentication; ProtectionLevel requestProtectionLevel = ProtectionLevelHelper.Max(thisSecurityCapability.SupportedRequestProtectionLevel, lowerSecurityCapability.SupportedRequestProtectionLevel); ProtectionLevel responseProtectionLevel = ProtectionLevelHelper.Max(thisSecurityCapability.SupportedResponseProtectionLevel, lowerSecurityCapability.SupportedResponseProtectionLevel); return(new SecurityCapabilities(supportsClientAuth, supportsServerAuth, supportsClientWindowsIdentity, requestProtectionLevel, responseProtectionLevel)); } }