private TlsSspiNegotiation(
string destination,
bool isServer,
SchProtocols protocolFlags,
X509Certificate2 serverCertificate,
X509Certificate2 clientCertificate,
bool clientCertRequired)
{
SspiWrapper.GetVerifyPackageInfo(SecurityPackage);
this.destination = destination;
this.isServer = isServer;
this.protocolFlags = protocolFlags;
this.serverCertificate = serverCertificate;
this.clientCertificate = clientCertificate;
this.clientCertRequired = clientCertRequired;
this.securityContext = null;
if (isServer)
{
ValidateServerCertificate();
}
else
{
ValidateClientCertificate();
}
if (this.isServer)
{
// This retry is to address intermittent failure when accessing private key (MB56153)
try
{
AcquireServerCredentials();
}
catch (Win32Exception ex)
{
if (ex.NativeErrorCode != (int)SecurityStatus.UnknownCredential)
{
throw;
}
DiagnosticUtility.TraceHandledException(ex, TraceEventType.Information);
// Yield
Thread.Sleep(0);
AcquireServerCredentials();
}
}
else
{
// delay client credentials presenting till they are asked for
AcquireDummyCredentials();
}
}
private TlsSspiNegotiation(string destination, bool isServer, SchProtocols protocolFlags, X509Certificate2 serverCertificate, X509Certificate2 clientCertificate, bool clientCertRequired)
{
this.syncObject = new object();
SspiWrapper.GetVerifyPackageInfo("Microsoft Unified Security Protocol Provider");
this.destination = destination;
this.isServer = isServer;
this.protocolFlags = protocolFlags;
this.serverCertificate = serverCertificate;
this.clientCertificate = clientCertificate;
this.clientCertRequired = clientCertRequired;
this.securityContext = null;
if (isServer)
{
this.ValidateServerCertificate();
}
else
{
this.ValidateClientCertificate();
}
if (this.isServer)
{
try
{
this.AcquireServerCredentials();
}
catch (Win32Exception exception)
{
if (exception.NativeErrorCode != -2146893043)
{
throw;
}
if (System.ServiceModel.DiagnosticUtility.ShouldTraceInformation)
{
System.ServiceModel.DiagnosticUtility.ExceptionUtility.TraceHandledException(exception, TraceEventType.Information);
}
Thread.Sleep(0);
this.AcquireServerCredentials();
}
}
else
{
this.AcquireDummyCredentials();
}
}
WindowsSspiNegotiation(bool isServer, string package, SafeFreeCredentials credentialsHandle, TokenImpersonationLevel impersonationLevel, string servicePrincipalName, bool doMutualAuth, bool interactiveLogonEnabled, bool ntlmEnabled)
{
this.tokenSize = SspiWrapper.GetVerifyPackageInfo(package).MaxToken;
this.isServer = isServer;
this.servicePrincipalName = servicePrincipalName;
this.securityContext = null;
if (isServer)
{
this.impersonationLevel = TokenImpersonationLevel.Delegation;
this.doMutualAuth = false;
}
else
{
this.impersonationLevel = impersonationLevel;
this.doMutualAuth = doMutualAuth;
this.interactiveNegoLogonEnabled = interactiveLogonEnabled;
this.clientPackageName = package;
this.allowNtlm = ntlmEnabled;
}
this.credentialsHandle = credentialsHandle;
}
