/// <summary>
/// Constructs a <see cref="WSTrustChannel" />.
/// </summary>
/// <param name="requestChannel">The <see cref="IRequestChannel" /> this channel will be used to send a <see cref="WsTrustRequest" /> to the STS.</param>
public WSTrustChannel(IRequestChannel requestChannel)
{
RequestChannel = requestChannel ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(requestChannel));
if (requestChannel.State != CommunicationState.Created)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(LogHelper.FormatInvariant(SR.GetResourceString(SR.IRequestChannelMustBeCreated), requestChannel.State)));
}
MessageVersion = RequestChannel.GetProperty <MessageVersion>();
if (MessageVersion == null || MessageVersion == MessageVersion.None)
{
MessageVersion = MessageVersion.Default;
}
EndpointAddress endpointAddress = RequestChannel.GetProperty <EndpointAddress>();
if (endpointAddress != null)
{
Address = endpointAddress.Uri?.AbsoluteUri;
}
}
/// <summary>
/// Instantiates a <see cref="WSTrustChannelSecurityTokenProvider"/> that describe the parameters for a WSTrust request.
/// </summary>
/// <param name="tokenRequirement">the <see cref="SecurityTokenRequirement"/> that must contain a <see cref="WSTrustTokenParameters"/> as the <see cref="IssuedSecurityTokenParameters"/> property.</param>
/// <exception cref="ArgumentNullException">thrown if <paramref name="tokenRequirement"/> is null.</exception>
/// <exception cref="ArgumentException">thrown if <see cref="SecurityTokenRequirement.GetProperty{TValue}(string)"/> (IssuedSecurityTokenParameters) is not a <see cref="WSTrustTokenParameters"/>.</exception>
public WSTrustChannelSecurityTokenProvider(SecurityTokenRequirement tokenRequirement)
{
SecurityTokenRequirement = tokenRequirement ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new ArgumentNullException(nameof(tokenRequirement)), System.Diagnostics.Tracing.EventLevel.Error);
SecurityTokenRequirement.TryGetProperty(SecurityAlgorithmSuiteProperty, out _securityAlgorithmSuite);
IssuedSecurityTokenParameters issuedSecurityTokenParameters = SecurityTokenRequirement.GetProperty <IssuedSecurityTokenParameters>(IssuedSecurityTokenParametersProperty);
WSTrustTokenParameters = issuedSecurityTokenParameters as WSTrustTokenParameters;
if (WSTrustTokenParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new ArgumentException(LogHelper.FormatInvariant("tokenRequirement.GetProperty<IssuedSecurityTokenParameters> must be of type: WSTrustTokenParameters. Was: '{0}.", issuedSecurityTokenParameters), nameof(tokenRequirement)), System.Diagnostics.Tracing.EventLevel.Error);
}
InitializeKeyEntropyMode();
SetInboundSerializationContext();
RequestContext = string.IsNullOrEmpty(WSTrustTokenParameters.RequestContext) ? Guid.NewGuid().ToString() : WSTrustTokenParameters.RequestContext;
}
private WsTrustVersion GetWsTrustVersion(MessageSecurityVersion messageSecurityVersion)
{
if (messageSecurityVersion.TrustVersion == TrustVersion.WSTrust13)
{
return(WsTrustVersion.Trust13);
}
if (messageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005)
{
return(WsTrustVersion.TrustFeb2005);
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new NotSupportedException(LogHelper.FormatInvariant("Unsupported TrustVersion: '{0}'.", MessageSecurityVersion.TrustVersion)), System.Diagnostics.Tracing.EventLevel.Error);
}
/// <summary>
/// Creates a <see cref="WsTrustRequest"/> from the <see cref="WSTrustTokenParameters"/>
/// </summary>
/// <returns></returns>
protected virtual WsTrustRequest CreateWsTrustRequest()
{
EndpointAddress target = SecurityTokenRequirement.GetProperty <EndpointAddress>(TargetAddressProperty);
int keySize;
string keyType;
switch (WSTrustTokenParameters.KeyType)
{
case SecurityKeyType.AsymmetricKey:
keySize = DefaultPublicKeySize;
keyType = _requestSerializationContext.TrustKeyTypes.PublicKey;
break;
case SecurityKeyType.SymmetricKey:
keySize = _securityAlgorithmSuite.DefaultSymmetricKeyLength;
keyType = _requestSerializationContext.TrustKeyTypes.Symmetric;
break;
case SecurityKeyType.BearerKey:
keySize = 0;
keyType = _requestSerializationContext.TrustKeyTypes.Bearer;
break;
default:
throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new NotSupportedException(LogHelper.FormatInvariant("KeyType is not supported: {0}", WSTrustTokenParameters.KeyType)), System.Diagnostics.Tracing.EventLevel.Error);
}
Entropy entropy = null;
if (WSTrustTokenParameters.KeyType != SecurityKeyType.BearerKey &&
(KeyEntropyMode == SecurityKeyEntropyMode.ClientEntropy || KeyEntropyMode == SecurityKeyEntropyMode.CombinedEntropy))
{
byte[] entropyBytes = new byte[keySize / 8];
Psha1KeyGenerator.FillRandomBytes(entropyBytes);
entropy = new Entropy(new BinarySecret(entropyBytes));
}
var trustRequest = new WsTrustRequest(_requestSerializationContext.TrustActions.Issue)
{
AppliesTo = new AppliesTo(new EndpointReference(target.Uri.OriginalString)),
Context = RequestContext,
KeySizeInBits = keySize,
KeyType = keyType,
WsTrustVersion = _requestSerializationContext.TrustVersion
};
if (SecurityTokenRequirement.TokenType != null)
{
trustRequest.TokenType = SecurityTokenRequirement.TokenType;
}
if (entropy != null)
{
trustRequest.Entropy = entropy;
trustRequest.ComputedKeyAlgorithm = _requestSerializationContext.TrustKeyTypes.PSHA1;
}
return(trustRequest);
}
/// <summary>
/// Instantiates a <see cref="WSTrustChannelSecurityTokenProvider"/> that describe the parameters for a WSTrust request.
/// </summary>
/// <param name="tokenRequirement">the <see cref="SecurityTokenRequirement"/> that must contain a <see cref="WSTrustTokenParameters"/> as the <see cref="IssuedSecurityTokenParameters"/> property.</param>
/// <exception cref="ArgumentNullException">thrown if <paramref name="tokenRequirement"/> is null.</exception>
/// <exception cref="ArgumentException">thrown if <see cref="SecurityTokenRequirement.GetProperty{TValue}(string)"/> (IssuedSecurityTokenParameters) is not a <see cref="WSTrustTokenParameters"/>.</exception>
public WSTrustChannelSecurityTokenProvider(SecurityTokenRequirement tokenRequirement)
{
SecurityTokenRequirement = tokenRequirement ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new ArgumentNullException(nameof(tokenRequirement)), EventLevel.Error);
SecurityTokenRequirement.TryGetProperty(SecurityAlgorithmSuiteProperty, out _securityAlgorithmSuite);
IssuedSecurityTokenParameters issuedSecurityTokenParameters = SecurityTokenRequirement.GetProperty <IssuedSecurityTokenParameters>(IssuedSecurityTokenParametersProperty);
WSTrustTokenParameters = issuedSecurityTokenParameters as WSTrustTokenParameters;
if (WSTrustTokenParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new ArgumentException(LogHelper.FormatInvariant(SR.GetResourceString(SR.IssuedSecurityTokenParametersIncorrectType), issuedSecurityTokenParameters), nameof(tokenRequirement)), EventLevel.Error);
}
_communicationObject = new WrapperSecurityCommunicationObject(this);
}
private WsTrustVersion GetWsTrustVersion(MessageSecurityVersion messageSecurityVersion)
{
if (messageSecurityVersion.TrustVersion == TrustVersion.WSTrust13)
{
return(WsTrustVersion.Trust13);
}
if (messageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005)
{
return(WsTrustVersion.TrustFeb2005);
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new NotSupportedException(LogHelper.FormatInvariant(SR.GetResourceString(SR.WsTrustVersionNotSupported), MessageSecurityVersion.TrustVersion)), EventLevel.Error);
}