public override void OnOpen(TimeSpan timeout) { TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); base.OnOpen(timeoutHelper.RemainingTime()); if (this.Factory.ActAsInitiator) { // 1. Create a token requirement for the provider InitiatorServiceModelSecurityTokenRequirement tokenProviderRequirement = CreateInitiatorTokenRequirement(); // 2. Create a provider SecurityTokenProvider tokenProvider = this.Factory.SecurityTokenManager.CreateSecurityTokenProvider(tokenProviderRequirement); SecurityUtils.OpenTokenProviderIfRequired(tokenProvider, timeoutHelper.RemainingTime()); if (this.Factory.SecurityTokenParameters.HasAsymmetricKey) { this.initiatorAsymmetricTokenProvider = tokenProvider; } else { this.initiatorSymmetricTokenProvider = tokenProvider; } // 3. Create a token requirement for authenticator InitiatorServiceModelSecurityTokenRequirement tokenAuthenticatorRequirement = CreateInitiatorTokenRequirement(); // 4. Create authenticator (we dont support out of band resolvers on the client side SecurityTokenResolver outOfBandTokenResolver; this.initiatorTokenAuthenticator = this.Factory.SecurityTokenManager.CreateSecurityTokenAuthenticator(tokenAuthenticatorRequirement, out outOfBandTokenResolver); SecurityUtils.OpenTokenAuthenticatorIfRequired(this.initiatorTokenAuthenticator, timeoutHelper.RemainingTime()); } }
internal void Open(string propertyName, bool requiredForForwardDirection, SecurityTokenProvider provider, TimeSpan timeout) { if (provider != null) { SecurityUtils.OpenTokenProviderIfRequired(provider, timeout); } else { OnPropertySettingsError(propertyName, requiredForForwardDirection); } }
public override void OnOpen(TimeSpan timeout) { TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); if (this.ClientTokenProvider != null) { SecurityUtils.OpenTokenProviderIfRequired(this.ClientTokenProvider, timeoutHelper.RemainingTime()); } if (this.ServerTokenAuthenticator != null) { SecurityUtils.OpenTokenAuthenticatorIfRequired(this.ServerTokenAuthenticator, timeoutHelper.RemainingTime()); } base.OnOpen(timeoutHelper.RemainingTime()); }
public override void OnOpen(TimeSpan timeout) { if (this.serverTokenProvider == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.NoServerX509TokenProvider))); } TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); SecurityUtils.OpenTokenProviderIfRequired(this.serverTokenProvider, timeoutHelper.RemainingTime()); if (this.clientTokenAuthenticator != null) { SecurityUtils.OpenTokenAuthenticatorIfRequired(this.clientTokenAuthenticator, timeoutHelper.RemainingTime()); } SecurityToken token = this.serverTokenProvider.GetToken(timeoutHelper.RemainingTime()); this.serverToken = ValidateX509Token(token); base.OnOpen(timeoutHelper.RemainingTime()); }
void MergeSupportingTokenProviders(TimeSpan timeout) { if (this.ScopedSupportingTokenProviderSpecification.Count == 0) { this.mergedSupportingTokenProvidersMap = null; } else { TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); this.factory.ExpectSupportingTokens = true; this.mergedSupportingTokenProvidersMap = new Dictionary <string, Collection <SupportingTokenProviderSpecification> >(); foreach (string action in this.ScopedSupportingTokenProviderSpecification.Keys) { ICollection <SupportingTokenProviderSpecification> scopedProviders = this.ScopedSupportingTokenProviderSpecification[action]; if (scopedProviders == null || scopedProviders.Count == 0) { continue; } Collection <SupportingTokenProviderSpecification> mergedProviders = new Collection <SupportingTokenProviderSpecification>(); foreach (SupportingTokenProviderSpecification spec in this.channelSupportingTokenProviderSpecification) { mergedProviders.Add(spec); } foreach (SupportingTokenProviderSpecification spec in scopedProviders) { SecurityUtils.OpenTokenProviderIfRequired(spec.TokenProvider, timeoutHelper.RemainingTime()); if (spec.SecurityTokenAttachmentMode == SecurityTokenAttachmentMode.Endorsing || spec.SecurityTokenAttachmentMode == SecurityTokenAttachmentMode.SignedEndorsing) { if (spec.TokenParameters.RequireDerivedKeys && !spec.TokenParameters.HasAsymmetricKey) { this.factory.ExpectKeyDerivation = true; } } mergedProviders.Add(spec); } this.mergedSupportingTokenProvidersMap.Add(action, mergedProviders); } } }
public override void OnOpen(TimeSpan timeout) { TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); base.OnOpen(timeoutHelper.RemainingTime()); if (this.Factory.ActAsInitiator) { if (this.Factory.ApplyIntegrity) { InitiatorServiceModelSecurityTokenRequirement requirement = CreateInitiatorSecurityTokenRequirement(); this.Factory.CryptoTokenParameters.InitializeSecurityTokenRequirement(requirement); requirement.KeyUsage = SecurityKeyUsage.Signature; requirement.Properties[ServiceModelSecurityTokenRequirement.MessageDirectionProperty] = MessageDirection.Output; this.initiatorCryptoTokenProvider = this.Factory.SecurityTokenManager.CreateSecurityTokenProvider(requirement); SecurityUtils.OpenTokenProviderIfRequired(this.initiatorCryptoTokenProvider, timeoutHelper.RemainingTime()); } if (this.Factory.RequireIntegrity || this.Factory.ApplyConfidentiality) { InitiatorServiceModelSecurityTokenRequirement providerRequirement = CreateInitiatorSecurityTokenRequirement(); this.Factory.AsymmetricTokenParameters.InitializeSecurityTokenRequirement(providerRequirement); providerRequirement.KeyUsage = SecurityKeyUsage.Exchange; providerRequirement.Properties[ServiceModelSecurityTokenRequirement.MessageDirectionProperty] = (this.Factory.ApplyConfidentiality) ? MessageDirection.Output : MessageDirection.Input; this.initiatorAsymmetricTokenProvider = this.Factory.SecurityTokenManager.CreateSecurityTokenProvider(providerRequirement); SecurityUtils.OpenTokenProviderIfRequired(this.initiatorAsymmetricTokenProvider, timeoutHelper.RemainingTime()); InitiatorServiceModelSecurityTokenRequirement authenticatorRequirement = CreateInitiatorSecurityTokenRequirement(); this.Factory.AsymmetricTokenParameters.InitializeSecurityTokenRequirement(authenticatorRequirement); authenticatorRequirement.IsOutOfBandToken = !this.Factory.AllowSerializedSigningTokenOnReply; authenticatorRequirement.KeyUsage = SecurityKeyUsage.Exchange; authenticatorRequirement.Properties[ServiceModelSecurityTokenRequirement.MessageDirectionProperty] = (this.Factory.ApplyConfidentiality) ? MessageDirection.Output : MessageDirection.Input; // Create authenticator (we dont support out of band resolvers on the client side SecurityTokenResolver outOfBandTokenResolver; this.initiatorAsymmetricTokenAuthenticator = this.Factory.SecurityTokenManager.CreateSecurityTokenAuthenticator(authenticatorRequirement, out outOfBandTokenResolver); SecurityUtils.OpenTokenAuthenticatorIfRequired(this.initiatorAsymmetricTokenAuthenticator, timeoutHelper.RemainingTime()); } } }
public virtual async Task OnOpenAsync(TimeSpan timeout) { TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); if (SecurityProtocolFactory.ActAsInitiator) { ChannelSupportingTokenProviderSpecification = new Collection <SupportingTokenProviderSpecification>(); ScopedSupportingTokenProviderSpecification = new Dictionary <string, ICollection <SupportingTokenProviderSpecification> >(); AddSupportingTokenProviders(SecurityProtocolFactory.SecurityBindingElement.EndpointSupportingTokenParameters, false, (IList <SupportingTokenProviderSpecification>)ChannelSupportingTokenProviderSpecification); AddSupportingTokenProviders(SecurityProtocolFactory.SecurityBindingElement.OptionalEndpointSupportingTokenParameters, true, (IList <SupportingTokenProviderSpecification>)ChannelSupportingTokenProviderSpecification); foreach (string action in SecurityProtocolFactory.SecurityBindingElement.OperationSupportingTokenParameters.Keys) { Collection <SupportingTokenProviderSpecification> providerSpecList = new Collection <SupportingTokenProviderSpecification>(); AddSupportingTokenProviders(SecurityProtocolFactory.SecurityBindingElement.OperationSupportingTokenParameters[action], false, providerSpecList); ScopedSupportingTokenProviderSpecification.Add(action, providerSpecList); } foreach (string action in SecurityProtocolFactory.SecurityBindingElement.OptionalOperationSupportingTokenParameters.Keys) { Collection <SupportingTokenProviderSpecification> providerSpecList; ICollection <SupportingTokenProviderSpecification> existingList; if (ScopedSupportingTokenProviderSpecification.TryGetValue(action, out existingList)) { providerSpecList = ((Collection <SupportingTokenProviderSpecification>)existingList); } else { providerSpecList = new Collection <SupportingTokenProviderSpecification>(); ScopedSupportingTokenProviderSpecification.Add(action, providerSpecList); } AddSupportingTokenProviders(SecurityProtocolFactory.SecurityBindingElement.OptionalOperationSupportingTokenParameters[action], true, providerSpecList); } if (!ChannelSupportingTokenProviderSpecification.IsReadOnly) { if (ChannelSupportingTokenProviderSpecification.Count == 0) { ChannelSupportingTokenProviderSpecification = EmptyTokenProviders; } else { SecurityProtocolFactory.ExpectSupportingTokens = true; foreach (SupportingTokenProviderSpecification tokenProviderSpec in ChannelSupportingTokenProviderSpecification) { SecurityUtils.OpenTokenProviderIfRequired(tokenProviderSpec.TokenProvider, timeoutHelper.RemainingTime()); if (tokenProviderSpec.SecurityTokenAttachmentMode == SecurityTokenAttachmentMode.Endorsing || tokenProviderSpec.SecurityTokenAttachmentMode == SecurityTokenAttachmentMode.SignedEndorsing) { if (tokenProviderSpec.TokenParameters.RequireDerivedKeys && !tokenProviderSpec.TokenParameters.HasAsymmetricKey) { SecurityProtocolFactory.ExpectKeyDerivation = true; } } } ChannelSupportingTokenProviderSpecification = new ReadOnlyCollection <SupportingTokenProviderSpecification>((Collection <SupportingTokenProviderSpecification>)ChannelSupportingTokenProviderSpecification); } } // create a merged map of the per operation supporting tokens await MergeSupportingTokenProvidersAsync(timeoutHelper.RemainingTime()); } }