internal override async Task <HttpClient> GetHttpClientAsync(EndpointAddress to, Uri via, TimeoutHelper timeoutHelper)
{
SecurityTokenContainer clientCertificateToken = Factory.GetCertificateSecurityToken(_certificateProvider, to, via, this.ChannelParameters, ref timeoutHelper);
HttpClient httpClient = await base.GetHttpClientAsync(to, via, clientCertificateToken, timeoutHelper);
return(httpClient);
}
internal SecurityTokenContainer GetCertificateSecurityToken(SecurityTokenProvider certificateProvider,
EndpointAddress to, Uri via, ChannelParameterCollection channelParameters, ref TimeoutHelper timeoutHelper)
{
SecurityToken token = null;
SecurityTokenContainer tokenContainer = null;
SecurityTokenProvider requestCertificateProvider;
if (ManualAddressing && RequireClientCertificate)
{
requestCertificateProvider = CreateAndOpenCertificateTokenProvider(to, via, channelParameters, timeoutHelper.RemainingTime());
}
else
{
requestCertificateProvider = certificateProvider;
}
if (requestCertificateProvider != null)
{
token = requestCertificateProvider.GetTokenAsync(timeoutHelper.GetCancellationToken()).GetAwaiter().GetResult();
}
if (ManualAddressing && RequireClientCertificate)
{
SecurityUtils.AbortTokenProviderIfRequired(requestCertificateProvider);
}
if (token != null)
{
tokenContainer = new SecurityTokenContainer(token);
}
return(tokenContainer);
}
private SecurityTokenContainer GetCertificateSecurityToken(SecurityTokenProvider certificateProvider, EndpointAddress to, Uri via, ChannelParameterCollection channelParameters, ref TimeoutHelper timeoutHelper)
{
SecurityToken token = null;
SecurityTokenContainer container = null;
SecurityTokenProvider provider;
if (base.ManualAddressing && this.RequireClientCertificate)
{
provider = this.CreateAndOpenCertificateTokenProvider(to, via, channelParameters, timeoutHelper.RemainingTime());
}
else
{
provider = certificateProvider;
}
if (provider != null)
{
token = provider.GetToken(timeoutHelper.RemainingTime());
}
if (base.ManualAddressing && this.RequireClientCertificate)
{
System.ServiceModel.Security.SecurityUtils.AbortTokenProviderIfRequired(provider);
}
if (token != null)
{
container = new SecurityTokenContainer(token);
}
return(container);
}
public override HttpWebRequest GetWebRequest(EndpointAddress to, Uri via, ref TimeoutHelper timeoutHelper)
{
SecurityTokenContainer clientCertificateToken = Factory.GetCertificateSecurityToken(this.certificateProvider, to, via, this.ChannelParameters, ref timeoutHelper);
HttpWebRequest request = base.GetWebRequest(to, via, clientCertificateToken, ref timeoutHelper);
this.factory.AddServerCertMappingOrSetRemoteCertificateValidationCallback(request, to);
return(request);
}
static void SetCertificate(HttpWebRequest request, SecurityTokenContainer clientCertificateToken)
{
if (clientCertificateToken != null)
{
X509SecurityToken x509Token = (X509SecurityToken)clientCertificateToken.Token;
request.ClientCertificates.Add(x509Token.Certificate);
}
}
public override HttpWebRequest GetWebRequest(EndpointAddress to, Uri via, ref TimeoutHelper timeoutHelper)
{
SecurityTokenContainer clientCertificateToken = this.Factory.GetCertificateSecurityToken(this.certificateProvider, to, via, base.ChannelParameters, ref timeoutHelper);
HttpWebRequest request = base.GetWebRequest(to, via, clientCertificateToken, ref timeoutHelper);
HttpTransportSecurityHelpers.AddServerCertMapping(request, to);
return(request);
}
private static void SetCertificate(HttpClientHandler handler, SecurityTokenContainer clientCertificateToken)
{
if (clientCertificateToken != null)
{
X509SecurityToken x509Token = (X509SecurityToken)clientCertificateToken.Token;
ValidateClientCertificate(x509Token.Certificate);
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
handler.ClientCertificates.Add(x509Token.Certificate);
}
}
void OnGetToken(IAsyncResult result)
{
SecurityToken token = this.certificateProvider.EndGetToken(result);
if (token != null)
{
this.tokenContainer = new SecurityTokenContainer(token);
}
CloseCertificateProviderIfRequired();
}
internal override HttpClientHandler GetHttpClientHandler(EndpointAddress to, SecurityTokenContainer clientCertificateToken)
{
HttpClientHandler handler = base.GetHttpClientHandler(to, clientCertificateToken);
if (RequireClientCertificate)
{
SetCertificate(handler, clientCertificateToken);
}
AddServerCertMappingOrSetRemoteCertificateValidationCallback(handler, to);
return(handler);
}
private static void SetCertificate(ServiceModelHttpMessageHandler handler, SecurityTokenContainer clientCertificateToken)
{
if (clientCertificateToken != null)
{
if (!handler.SupportsClientCertificates)
{
throw ExceptionHelper.PlatformNotSupported("Client certificates not supported yet");
}
X509SecurityToken x509Token = (X509SecurityToken)clientCertificateToken.Token;
handler.ClientCertificates.Add(x509Token.Certificate);
}
}
HttpWebRequest CreateHttpWebRequest(TimeSpan timeout)
{
TimeoutHelper helper = new TimeoutHelper(timeout);
ChannelParameterCollection channelParameterCollection = new ChannelParameterCollection();
HttpWebRequest request;
if (HttpChannelFactory <IDuplexSessionChannel> .MapIdentity(this.RemoteAddress, this.channelFactory.AuthenticationScheme))
{
lock (ThisLock)
{
this.cleanupIdentity = HttpTransportSecurityHelpers.AddIdentityMapping(Via, RemoteAddress);
}
}
this.channelFactory.CreateAndOpenTokenProviders(
this.RemoteAddress,
this.Via,
channelParameterCollection,
helper.RemainingTime(),
out this.webRequestTokenProvider,
out this.webRequestProxyTokenProvider);
SecurityTokenContainer clientCertificateToken = null;
HttpsChannelFactory <IDuplexSessionChannel> httpsChannelFactory = this.channelFactory as HttpsChannelFactory <IDuplexSessionChannel>;
if (httpsChannelFactory != null && httpsChannelFactory.RequireClientCertificate)
{
SecurityTokenProvider certificateProvider = httpsChannelFactory.CreateAndOpenCertificateTokenProvider(this.RemoteAddress, this.Via, channelParameterCollection, helper.RemainingTime());
clientCertificateToken = httpsChannelFactory.GetCertificateSecurityToken(certificateProvider, this.RemoteAddress, this.Via, channelParameterCollection, ref helper);
}
request = this.channelFactory.GetWebRequest(this.RemoteAddress, this.Via, this.webRequestTokenProvider, this.webRequestProxyTokenProvider, clientCertificateToken, helper.RemainingTime(), true);
// If a web socket connection factory is specified (for example, when using web sockets on pre-Win8 OS),
// we're going to use the protocol version from it. At the moment, on pre-Win8 OS, the HttpWebRequest
// created above doesn't have the version header specified.
if (this.connectionFactory != null)
{
this.UseWebSocketVersionFromFactory(request);
}
this.webSocketKey = request.Headers[WebSocketHelper.SecWebSocketKey];
this.ConfigureHttpWebRequestHeader(request);
request.Timeout = (int)helper.RemainingTime().TotalMilliseconds;
return(request);
}
public IAsyncResult BeginBaseGetWebRequest(EndpointAddress to, Uri via, SecurityTokenContainer clientCertificateToken, ref TimeoutHelper timeoutHelper, AsyncCallback callback, object state)
{
return(base.BeginGetWebRequest(to, via, clientCertificateToken, ref timeoutHelper, callback, state));
}
protected override string OnGetConnectionGroupPrefix(HttpWebRequest httpWebRequest, SecurityTokenContainer clientCertificateToken)
{
System.Text.StringBuilder inputStringBuilder = new System.Text.StringBuilder();
string delimiter = "\0"; // nonprintable characters are invalid for SSPI Domain/UserName/Password
if (this.RequireClientCertificate)
{
HttpsChannelFactory <TChannel> .SetCertificate(httpWebRequest, clientCertificateToken);
X509CertificateCollection certificateCollection = httpWebRequest.ClientCertificates;
for (int i = 0; i < certificateCollection.Count; i++)
{
inputStringBuilder.AppendFormat("{0}{1}", certificateCollection[i].GetCertHashString(), delimiter);
}
}
return(inputStringBuilder.ToString());
}
protected override string OnGetConnectionGroupPrefix(HttpWebRequest httpWebRequest, SecurityTokenContainer clientCertificateToken)
{
StringBuilder builder = new StringBuilder();
string str = "\0";
if (this.RequireClientCertificate)
{
SetCertificate(httpWebRequest, clientCertificateToken);
X509CertificateCollection clientCertificates = httpWebRequest.ClientCertificates;
for (int i = 0; i < clientCertificates.Count; i++)
{
builder.AppendFormat("{0}{1}", clientCertificates[i].GetCertHashString(), str);
}
}
return(builder.ToString());
}
