예제 #1
0
        public override void OnOpen(TimeSpan timeout)
        {
            TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);

            base.OnOpen(timeoutHelper.RemainingTime());
            if (this.Factory.ActAsInitiator)
            {
                // 1. Create a token requirement for the provider
                InitiatorServiceModelSecurityTokenRequirement tokenProviderRequirement = CreateInitiatorTokenRequirement();

                // 2. Create a provider
                SecurityTokenProvider tokenProvider = this.Factory.SecurityTokenManager.CreateSecurityTokenProvider(tokenProviderRequirement);
                SecurityUtils.OpenTokenProviderIfRequired(tokenProvider, timeoutHelper.RemainingTime());
                if (this.Factory.SecurityTokenParameters.HasAsymmetricKey)
                {
                    this.initiatorAsymmetricTokenProvider = tokenProvider;
                }
                else
                {
                    this.initiatorSymmetricTokenProvider = tokenProvider;
                }

                // 3. Create a token requirement for authenticator
                InitiatorServiceModelSecurityTokenRequirement tokenAuthenticatorRequirement = CreateInitiatorTokenRequirement();

                // 4. Create authenticator (we dont support out of band resolvers on the client side
                SecurityTokenResolver outOfBandTokenResolver;
                this.initiatorTokenAuthenticator = this.Factory.SecurityTokenManager.CreateSecurityTokenAuthenticator(tokenAuthenticatorRequirement, out outOfBandTokenResolver);
                SecurityUtils.OpenTokenAuthenticatorIfRequired(this.initiatorTokenAuthenticator, timeoutHelper.RemainingTime());
            }
        }
예제 #2
0
 internal void Open(string propertyName, bool requiredForForwardDirection, SecurityTokenProvider provider, TimeSpan timeout)
 {
     if (provider != null)
     {
         SecurityUtils.OpenTokenProviderIfRequired(provider, timeout);
     }
     else
     {
         OnPropertySettingsError(propertyName, requiredForForwardDirection);
     }
 }
예제 #3
0
        public override void OnOpen(TimeSpan timeout)
        {
            TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);

            if (this.ClientTokenProvider != null)
            {
                SecurityUtils.OpenTokenProviderIfRequired(this.ClientTokenProvider, timeoutHelper.RemainingTime());
            }
            if (this.ServerTokenAuthenticator != null)
            {
                SecurityUtils.OpenTokenAuthenticatorIfRequired(this.ServerTokenAuthenticator, timeoutHelper.RemainingTime());
            }
            base.OnOpen(timeoutHelper.RemainingTime());
        }
예제 #4
0
        public override void OnOpen(TimeSpan timeout)
        {
            if (this.serverTokenProvider == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.NoServerX509TokenProvider)));
            }
            TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);

            SecurityUtils.OpenTokenProviderIfRequired(this.serverTokenProvider, timeoutHelper.RemainingTime());
            if (this.clientTokenAuthenticator != null)
            {
                SecurityUtils.OpenTokenAuthenticatorIfRequired(this.clientTokenAuthenticator, timeoutHelper.RemainingTime());
            }
            SecurityToken token = this.serverTokenProvider.GetToken(timeoutHelper.RemainingTime());

            this.serverToken = ValidateX509Token(token);
            base.OnOpen(timeoutHelper.RemainingTime());
        }
예제 #5
0
 void MergeSupportingTokenProviders(TimeSpan timeout)
 {
     if (this.ScopedSupportingTokenProviderSpecification.Count == 0)
     {
         this.mergedSupportingTokenProvidersMap = null;
     }
     else
     {
         TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);
         this.factory.ExpectSupportingTokens    = true;
         this.mergedSupportingTokenProvidersMap = new Dictionary <string, Collection <SupportingTokenProviderSpecification> >();
         foreach (string action in this.ScopedSupportingTokenProviderSpecification.Keys)
         {
             ICollection <SupportingTokenProviderSpecification> scopedProviders = this.ScopedSupportingTokenProviderSpecification[action];
             if (scopedProviders == null || scopedProviders.Count == 0)
             {
                 continue;
             }
             Collection <SupportingTokenProviderSpecification> mergedProviders = new Collection <SupportingTokenProviderSpecification>();
             foreach (SupportingTokenProviderSpecification spec in this.channelSupportingTokenProviderSpecification)
             {
                 mergedProviders.Add(spec);
             }
             foreach (SupportingTokenProviderSpecification spec in scopedProviders)
             {
                 SecurityUtils.OpenTokenProviderIfRequired(spec.TokenProvider, timeoutHelper.RemainingTime());
                 if (spec.SecurityTokenAttachmentMode == SecurityTokenAttachmentMode.Endorsing || spec.SecurityTokenAttachmentMode == SecurityTokenAttachmentMode.SignedEndorsing)
                 {
                     if (spec.TokenParameters.RequireDerivedKeys && !spec.TokenParameters.HasAsymmetricKey)
                     {
                         this.factory.ExpectKeyDerivation = true;
                     }
                 }
                 mergedProviders.Add(spec);
             }
             this.mergedSupportingTokenProvidersMap.Add(action, mergedProviders);
         }
     }
 }
        public override void OnOpen(TimeSpan timeout)
        {
            TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);

            base.OnOpen(timeoutHelper.RemainingTime());
            if (this.Factory.ActAsInitiator)
            {
                if (this.Factory.ApplyIntegrity)
                {
                    InitiatorServiceModelSecurityTokenRequirement requirement = CreateInitiatorSecurityTokenRequirement();
                    this.Factory.CryptoTokenParameters.InitializeSecurityTokenRequirement(requirement);
                    requirement.KeyUsage = SecurityKeyUsage.Signature;
                    requirement.Properties[ServiceModelSecurityTokenRequirement.MessageDirectionProperty] = MessageDirection.Output;
                    this.initiatorCryptoTokenProvider = this.Factory.SecurityTokenManager.CreateSecurityTokenProvider(requirement);
                    SecurityUtils.OpenTokenProviderIfRequired(this.initiatorCryptoTokenProvider, timeoutHelper.RemainingTime());
                }
                if (this.Factory.RequireIntegrity || this.Factory.ApplyConfidentiality)
                {
                    InitiatorServiceModelSecurityTokenRequirement providerRequirement = CreateInitiatorSecurityTokenRequirement();
                    this.Factory.AsymmetricTokenParameters.InitializeSecurityTokenRequirement(providerRequirement);
                    providerRequirement.KeyUsage = SecurityKeyUsage.Exchange;
                    providerRequirement.Properties[ServiceModelSecurityTokenRequirement.MessageDirectionProperty] = (this.Factory.ApplyConfidentiality) ? MessageDirection.Output : MessageDirection.Input;
                    this.initiatorAsymmetricTokenProvider = this.Factory.SecurityTokenManager.CreateSecurityTokenProvider(providerRequirement);
                    SecurityUtils.OpenTokenProviderIfRequired(this.initiatorAsymmetricTokenProvider, timeoutHelper.RemainingTime());

                    InitiatorServiceModelSecurityTokenRequirement authenticatorRequirement = CreateInitiatorSecurityTokenRequirement();
                    this.Factory.AsymmetricTokenParameters.InitializeSecurityTokenRequirement(authenticatorRequirement);
                    authenticatorRequirement.IsOutOfBandToken = !this.Factory.AllowSerializedSigningTokenOnReply;
                    authenticatorRequirement.KeyUsage         = SecurityKeyUsage.Exchange;
                    authenticatorRequirement.Properties[ServiceModelSecurityTokenRequirement.MessageDirectionProperty] = (this.Factory.ApplyConfidentiality) ? MessageDirection.Output : MessageDirection.Input;
                    // Create authenticator (we dont support out of band resolvers on the client side
                    SecurityTokenResolver outOfBandTokenResolver;
                    this.initiatorAsymmetricTokenAuthenticator = this.Factory.SecurityTokenManager.CreateSecurityTokenAuthenticator(authenticatorRequirement, out outOfBandTokenResolver);
                    SecurityUtils.OpenTokenAuthenticatorIfRequired(this.initiatorAsymmetricTokenAuthenticator, timeoutHelper.RemainingTime());
                }
            }
        }
예제 #7
0
        public virtual async Task OnOpenAsync(TimeSpan timeout)
        {
            TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);

            if (SecurityProtocolFactory.ActAsInitiator)
            {
                ChannelSupportingTokenProviderSpecification = new Collection <SupportingTokenProviderSpecification>();
                ScopedSupportingTokenProviderSpecification  = new Dictionary <string, ICollection <SupportingTokenProviderSpecification> >();

                AddSupportingTokenProviders(SecurityProtocolFactory.SecurityBindingElement.EndpointSupportingTokenParameters, false, (IList <SupportingTokenProviderSpecification>)ChannelSupportingTokenProviderSpecification);
                AddSupportingTokenProviders(SecurityProtocolFactory.SecurityBindingElement.OptionalEndpointSupportingTokenParameters, true, (IList <SupportingTokenProviderSpecification>)ChannelSupportingTokenProviderSpecification);
                foreach (string action in SecurityProtocolFactory.SecurityBindingElement.OperationSupportingTokenParameters.Keys)
                {
                    Collection <SupportingTokenProviderSpecification> providerSpecList = new Collection <SupportingTokenProviderSpecification>();
                    AddSupportingTokenProviders(SecurityProtocolFactory.SecurityBindingElement.OperationSupportingTokenParameters[action], false, providerSpecList);
                    ScopedSupportingTokenProviderSpecification.Add(action, providerSpecList);
                }

                foreach (string action in SecurityProtocolFactory.SecurityBindingElement.OptionalOperationSupportingTokenParameters.Keys)
                {
                    Collection <SupportingTokenProviderSpecification>  providerSpecList;
                    ICollection <SupportingTokenProviderSpecification> existingList;
                    if (ScopedSupportingTokenProviderSpecification.TryGetValue(action, out existingList))
                    {
                        providerSpecList = ((Collection <SupportingTokenProviderSpecification>)existingList);
                    }
                    else
                    {
                        providerSpecList = new Collection <SupportingTokenProviderSpecification>();
                        ScopedSupportingTokenProviderSpecification.Add(action, providerSpecList);
                    }

                    AddSupportingTokenProviders(SecurityProtocolFactory.SecurityBindingElement.OptionalOperationSupportingTokenParameters[action], true, providerSpecList);
                }

                if (!ChannelSupportingTokenProviderSpecification.IsReadOnly)
                {
                    if (ChannelSupportingTokenProviderSpecification.Count == 0)
                    {
                        ChannelSupportingTokenProviderSpecification = EmptyTokenProviders;
                    }
                    else
                    {
                        SecurityProtocolFactory.ExpectSupportingTokens = true;
                        foreach (SupportingTokenProviderSpecification tokenProviderSpec in ChannelSupportingTokenProviderSpecification)
                        {
                            SecurityUtils.OpenTokenProviderIfRequired(tokenProviderSpec.TokenProvider, timeoutHelper.RemainingTime());
                            if (tokenProviderSpec.SecurityTokenAttachmentMode == SecurityTokenAttachmentMode.Endorsing || tokenProviderSpec.SecurityTokenAttachmentMode == SecurityTokenAttachmentMode.SignedEndorsing)
                            {
                                if (tokenProviderSpec.TokenParameters.RequireDerivedKeys && !tokenProviderSpec.TokenParameters.HasAsymmetricKey)
                                {
                                    SecurityProtocolFactory.ExpectKeyDerivation = true;
                                }
                            }
                        }
                        ChannelSupportingTokenProviderSpecification =
                            new ReadOnlyCollection <SupportingTokenProviderSpecification>((Collection <SupportingTokenProviderSpecification>)ChannelSupportingTokenProviderSpecification);
                    }
                }
                // create a merged map of the per operation supporting tokens
                await MergeSupportingTokenProvidersAsync(timeoutHelper.RemainingTime());
            }
        }