protected override SecurityProtocolCorrelationState VerifyIncomingMessageCore(ref Message message, string actor, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
{
AsymmetricSecurityProtocolFactory factory = this.Factory;
IList <SupportingTokenAuthenticatorSpecification> supportingAuthenticators;
TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);
ReceiveSecurityHeader securityHeader = ConfigureReceiveSecurityHeader(message, string.Empty, correlationStates, out supportingAuthenticators);
SecurityToken requiredReplySigningToken = null;
if (factory.ActAsInitiator)
{
SecurityToken encryptionToken = null;
SecurityToken receiverToken = null;
if (factory.RequireIntegrity)
{
receiverToken = GetToken(this.initiatorAsymmetricTokenProvider, null, timeoutHelper.RemainingTime());
requiredReplySigningToken = receiverToken;
}
if (factory.RequireConfidentiality)
{
encryptionToken = GetCorrelationToken(correlationStates);
if (!SecurityUtils.HasSymmetricSecurityKey(encryptionToken))
{
securityHeader.WrappedKeySecurityTokenAuthenticator = this.Factory.WrappedKeySecurityTokenAuthenticator;
}
}
SecurityTokenAuthenticator primaryTokenAuthenticator;
if (factory.AllowSerializedSigningTokenOnReply)
{
primaryTokenAuthenticator = this.initiatorAsymmetricTokenAuthenticator;
requiredReplySigningToken = null;
}
else
{
primaryTokenAuthenticator = null;
}
securityHeader.ConfigureAsymmetricBindingClientReceiveHeader(receiverToken,
factory.AsymmetricTokenParameters, encryptionToken, factory.CryptoTokenParameters,
primaryTokenAuthenticator);
}
else
{
SecurityToken wrappingToken;
if (this.Factory.RecipientAsymmetricTokenProvider != null && this.Factory.RequireConfidentiality)
{
wrappingToken = GetToken(factory.RecipientAsymmetricTokenProvider, null, timeoutHelper.RemainingTime());
}
else
{
wrappingToken = null;
}
securityHeader.ConfigureAsymmetricBindingServerReceiveHeader(this.Factory.RecipientCryptoTokenAuthenticator,
this.Factory.CryptoTokenParameters, wrappingToken, this.Factory.AsymmetricTokenParameters, supportingAuthenticators);
securityHeader.WrappedKeySecurityTokenAuthenticator = this.Factory.WrappedKeySecurityTokenAuthenticator;
securityHeader.ConfigureOutOfBandTokenResolver(MergeOutOfBandResolvers(supportingAuthenticators, this.Factory.RecipientOutOfBandTokenResolverList));
}
ProcessSecurityHeader(securityHeader, ref message, requiredReplySigningToken, timeoutHelper.RemainingTime(), correlationStates);
SecurityToken signingToken = securityHeader.SignatureToken;
SecurityToken encryptingToken = securityHeader.EncryptionToken;
if (factory.RequireIntegrity)
{
if (factory.ActAsInitiator)
{
ReadOnlyCollection <IAuthorizationPolicy> signingTokenPolicies = this.initiatorAsymmetricTokenAuthenticator.ValidateToken(signingToken);
EnsureNonWrappedToken(signingToken, message);
DoIdentityCheckAndAttachInitiatorSecurityProperty(message, encryptingToken, signingToken, signingTokenPolicies);
}
else
{
EnsureNonWrappedToken(signingToken, message);
AttachRecipientSecurityProperty(message, signingToken, encryptingToken, securityHeader.BasicSupportingTokens, securityHeader.EndorsingSupportingTokens, securityHeader.SignedEndorsingSupportingTokens,
securityHeader.SignedSupportingTokens, securityHeader.SecurityTokenAuthorizationPoliciesMapping);
}
}
return(GetCorrelationState(signingToken, securityHeader));
}
