public SecurityAppliedMessage(Message messageToProcess, SendSecurityHeader securityHeader, bool signBody, bool encryptBody)
: base(messageToProcess)
{
Fx.Assert(!(messageToProcess is SecurityAppliedMessage), "SecurityAppliedMessage should not be wrapped");
this.securityHeader = securityHeader;
this.bodyProtectionMode = MessagePartProtectionModeHelper.GetProtectionMode(signBody, encryptBody, securityHeader.SignThenEncrypt);
}
internal void SetUpDelayedSecurityExecution(ref Message message, string actor, IList <SupportingTokenSpecification> supportingTokens)
{
SendSecurityHeader securityHeader = base.CreateSendSecurityHeaderForTransportProtocol(message, actor, base.SecurityProtocolFactory);
base.AddSupportingTokens(securityHeader, supportingTokens);
message = securityHeader.SetupExecution();
}
protected void AddSupportingTokens(SendSecurityHeader securityHeader, IList <SupportingTokenSpecification> supportingTokens)
{
if (supportingTokens != null)
{
for (int i = 0; i < supportingTokens.Count; ++i)
{
SecurityToken token = supportingTokens[i].SecurityToken;
SecurityTokenParameters tokenParameters = supportingTokens[i].SecurityTokenParameters;
switch (supportingTokens[i].SecurityTokenAttachmentMode)
{
case SecurityTokenAttachmentMode.Signed:
securityHeader.AddSignedSupportingToken(token, tokenParameters);
break;
case SecurityTokenAttachmentMode.Endorsing:
securityHeader.AddEndorsingSupportingToken(token, tokenParameters);
break;
case SecurityTokenAttachmentMode.SignedEncrypted:
securityHeader.AddBasicSupportingToken(token, tokenParameters);
break;
case SecurityTokenAttachmentMode.SignedEndorsing:
securityHeader.AddSignedEndorsingSupportingToken(token, tokenParameters);
break;
default:
Fx.Assert("Unknown token attachment mode " + supportingTokens[i].SecurityTokenAttachmentMode.ToString());
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.Format(SR.UnknownTokenAttachmentMode, supportingTokens[i].SecurityTokenAttachmentMode.ToString())));
}
}
}
}
void SetUpDelayedSecurityExecution(ref Message message, SecurityToken encryptingToken, SecurityToken signingToken,
IList <SupportingTokenSpecification> supportingTokens, SecurityProtocolCorrelationState correlationState)
{
AsymmetricSecurityProtocolFactory factory = this.Factory;
string actor = string.Empty;
SendSecurityHeader securityHeader = ConfigureSendSecurityHeader(message, actor, supportingTokens, correlationState);
SecurityTokenParameters signingTokenParameters = (this.Factory.ActAsInitiator) ? this.Factory.CryptoTokenParameters : this.Factory.AsymmetricTokenParameters;
SecurityTokenParameters encryptionTokenParameters = (this.Factory.ActAsInitiator) ? this.Factory.AsymmetricTokenParameters : this.Factory.CryptoTokenParameters;
if (this.Factory.ApplyIntegrity || securityHeader.HasSignedTokens)
{
if (!this.Factory.ApplyIntegrity)
{
securityHeader.SignatureParts = MessagePartSpecification.NoParts;
}
securityHeader.SetSigningToken(signingToken, signingTokenParameters);
}
if (Factory.ApplyConfidentiality || securityHeader.HasEncryptedTokens)
{
if (!this.Factory.ApplyConfidentiality)
{
securityHeader.EncryptionParts = MessagePartSpecification.NoParts;
}
securityHeader.SetEncryptionToken(encryptingToken, encryptionTokenParameters);
}
message = securityHeader.SetupExecution();
}
public SecurityAppliedMessage(Message messageToProcess, SendSecurityHeader securityHeader, bool signBody, bool encryptBody)
: base(messageToProcess)
{
Fx.Assert(!(messageToProcess is SecurityAppliedMessage), "SecurityAppliedMessage should not be wrapped");
this.securityHeader = securityHeader;
this.bodyProtectionMode = MessagePartProtectionModeHelper.GetProtectionMode(signBody, encryptBody, securityHeader.SignThenEncrypt);
}
protected void AddSupportingTokens(SendSecurityHeader securityHeader, IList <SupportingTokenSpecification> supportingTokens)
{
if (supportingTokens != null)
{
for (int i = 0; i < supportingTokens.Count; i++)
{
SecurityToken securityToken = supportingTokens[i].SecurityToken;
SecurityTokenParameters securityTokenParameters = supportingTokens[i].SecurityTokenParameters;
switch (supportingTokens[i].SecurityTokenAttachmentMode)
{
case SecurityTokenAttachmentMode.Signed:
securityHeader.AddSignedSupportingToken(securityToken, securityTokenParameters);
break;
case SecurityTokenAttachmentMode.Endorsing:
securityHeader.AddEndorsingSupportingToken(securityToken, securityTokenParameters);
break;
case SecurityTokenAttachmentMode.SignedEndorsing:
securityHeader.AddSignedEndorsingSupportingToken(securityToken, securityTokenParameters);
break;
case SecurityTokenAttachmentMode.SignedEncrypted:
securityHeader.AddBasicSupportingToken(securityToken, securityTokenParameters);
break;
default:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(System.ServiceModel.SR.GetString("UnknownTokenAttachmentMode", new object[] { supportingTokens[i].SecurityTokenAttachmentMode.ToString() })));
}
}
}
}
protected void SecureOutgoingMessageAtResponder(ref Message message, string actor)
{
if (this.SecurityProtocolFactory.AddTimestamp && !this.SecurityProtocolFactory.SecurityBindingElement.EnableUnsecuredResponse)
{
SendSecurityHeader securityHeader = CreateSendSecurityHeaderForTransportProtocol(message, actor, this.SecurityProtocolFactory);
message = securityHeader.SetupExecution();
}
}
private static void SetSecurityHeaderId(SendSecurityHeader securityHeader, Message message)
{
SecurityMessageProperty messageProperty = message.Properties.Security;
if (messageProperty != null)
{
securityHeader.IdPrefix = messageProperty.SenderIdPrefix;
}
}
internal void SetupDelayedSecurityExecution(string actor, ref Message message, SecurityToken signingToken, SecurityToken sourceToken, SecurityTokenParameters tokenParameters, IList <SupportingTokenSpecification> supportingTokens)
{
SendSecurityHeader securityHeader = base.CreateSendSecurityHeaderForTransportProtocol(message, actor, this.Factory);
securityHeader.RequireMessageProtection = false;
if (sourceToken != null)
{
securityHeader.AddPrerequisiteToken(sourceToken);
}
base.AddSupportingTokens(securityHeader, supportingTokens);
securityHeader.AddEndorsingSupportingToken(signingToken, tokenParameters);
message = securityHeader.SetupExecution();
}
private SendSecurityHeader CreateSendSecurityHeader(Message message, string actor, System.ServiceModel.Security.SecurityProtocolFactory factory, bool requireMessageProtection)
{
MessageDirection direction = factory.ActAsInitiator ? MessageDirection.Input : MessageDirection.Output;
SendSecurityHeader securityHeader = factory.StandardsManager.CreateSendSecurityHeader(message, actor, true, false, factory.OutgoingAlgorithmSuite, direction);
securityHeader.Layout = factory.SecurityHeaderLayout;
securityHeader.RequireMessageProtection = requireMessageProtection;
SetSecurityHeaderId(securityHeader, message);
if (factory.AddTimestamp)
{
securityHeader.AddTimestamp(factory.TimestampValidityDuration);
}
return(securityHeader);
}
private void SetUpDelayedSecurityExecution(ref Message message, SecurityToken signingToken, SecurityToken encryptionToken, SecurityTokenParameters tokenParameters, SecurityProtocolCorrelationState correlationState)
{
string actor = string.Empty;
SendSecurityHeader header = base.ConfigureSendSecurityHeader(message, actor, null, correlationState);
if (this.Factory.ApplyIntegrity)
{
header.SetSigningToken(signingToken, tokenParameters);
}
if (this.Factory.ApplyConfidentiality)
{
header.SetEncryptionToken(encryptionToken, tokenParameters);
}
message = header.SetupExecution();
}
internal void SetUpDelayedSecurityExecution(ref Message message, SecurityToken signingToken, SecurityToken encryptionToken, SecurityToken sourceToken, SecurityTokenParameters tokenParameters, IList <SupportingTokenSpecification> supportingTokens, SecurityProtocolCorrelationState correlationState)
{
SessionSymmetricMessageSecurityProtocolFactory factory = this.Factory;
string actor = string.Empty;
SendSecurityHeader header = base.ConfigureSendSecurityHeader(message, actor, supportingTokens, correlationState);
if (sourceToken != null)
{
header.AddPrerequisiteToken(sourceToken);
}
if (this.Factory.ApplyIntegrity)
{
header.SetSigningToken(signingToken, tokenParameters);
}
if (this.Factory.ApplyConfidentiality)
{
header.SetEncryptionToken(encryptionToken, tokenParameters);
}
message = header.SetupExecution();
}
protected SendSecurityHeader ConfigureSendSecurityHeader(Message message, string actor, IList <SupportingTokenSpecification> supportingTokens, SecurityProtocolCorrelationState correlationState)
{
MessageSecurityProtocolFactory factory = this.MessageSecurityProtocolFactory;
SendSecurityHeader securityHeader = CreateSendSecurityHeader(message, actor, factory);
securityHeader.SignThenEncrypt = factory.MessageProtectionOrder != MessageProtectionOrder.EncryptBeforeSign;
// If ProtectTokens is enabled then we make sure that both the client side and the service side sign the primary token
// ( if it is an issued token, the check exists in sendsecurityheader)in the primary signature while sending a message.
securityHeader.ShouldProtectTokens = factory.SecurityBindingElement.ProtectTokens;
securityHeader.EncryptPrimarySignature = factory.MessageProtectionOrder == MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature;
if (factory.DoRequestSignatureConfirmation && correlationState != null)
{
if (factory.ActAsInitiator)
{
securityHeader.MaintainSignatureConfirmationState = true;
securityHeader.CorrelationState = correlationState;
}
else if (correlationState.SignatureConfirmations != null)
{
securityHeader.AddSignatureConfirmations(correlationState.SignatureConfirmations);
}
}
string action = message.Headers.Action;
if (this.factory.ApplyIntegrity)
{
securityHeader.SignatureParts = this.factory.GetOutgoingSignatureParts(action);
}
if (factory.ApplyConfidentiality)
{
securityHeader.EncryptionParts = this.factory.GetOutgoingEncryptionParts(action);
}
AddSupportingTokens(securityHeader, supportingTokens);
return(securityHeader);
}
private SecurityToken GetInitiatorToken(SecurityToken providerToken, Message message, TimeSpan timeout, out SecurityTokenParameters tokenParameters, out SecurityToken prerequisiteWrappingToken)
{
SecurityToken token;
tokenParameters = null;
prerequisiteWrappingToken = null;
if (this.Factory.SecurityTokenParameters.HasAsymmetricKey)
{
SecurityToken wrappingToken = providerToken;
bool flag = SendSecurityHeader.ShouldSerializeToken(this.Factory.SecurityTokenParameters, MessageDirection.Input);
if (flag)
{
prerequisiteWrappingToken = wrappingToken;
}
token = this.CreateWrappedKeyToken(wrappingToken, this.Factory.SecurityTokenParameters, flag ? SecurityTokenReferenceStyle.Internal : SecurityTokenReferenceStyle.External);
}
else
{
token = providerToken;
}
tokenParameters = this.Factory.GetProtectionTokenParameters();
return(token);
}
public SecurityAppliedMessage(Message messageToProcess, SendSecurityHeader securityHeader, bool signBody, bool encryptBody) : base(messageToProcess)
{
this.bodyPrefix = "s";
this.securityHeader = securityHeader;
this.bodyProtectionMode = MessagePartProtectionModeHelper.GetProtectionMode(signBody, encryptBody, securityHeader.SignThenEncrypt);
}
public SecurityAppliedMessage(Message messageToProcess, SendSecurityHeader securityHeader, bool signBody, bool encryptBody) : base(messageToProcess)
{
this.bodyPrefix = "s";
this.securityHeader = securityHeader;
this.bodyProtectionMode = MessagePartProtectionModeHelper.GetProtectionMode(signBody, encryptBody, securityHeader.SignThenEncrypt);
}
protected void AddSupportingTokens(SendSecurityHeader securityHeader, IList<SupportingTokenSpecification> supportingTokens)
{
if (supportingTokens != null)
{
for (int i = 0; i < supportingTokens.Count; i++)
{
SecurityToken securityToken = supportingTokens[i].SecurityToken;
SecurityTokenParameters securityTokenParameters = supportingTokens[i].SecurityTokenParameters;
switch (supportingTokens[i].SecurityTokenAttachmentMode)
{
case SecurityTokenAttachmentMode.Signed:
securityHeader.AddSignedSupportingToken(securityToken, securityTokenParameters);
break;
case SecurityTokenAttachmentMode.Endorsing:
securityHeader.AddEndorsingSupportingToken(securityToken, securityTokenParameters);
break;
case SecurityTokenAttachmentMode.SignedEndorsing:
securityHeader.AddSignedEndorsingSupportingToken(securityToken, securityTokenParameters);
break;
case SecurityTokenAttachmentMode.SignedEncrypted:
securityHeader.AddBasicSupportingToken(securityToken, securityTokenParameters);
break;
default:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(System.ServiceModel.SR.GetString("UnknownTokenAttachmentMode", new object[] { supportingTokens[i].SecurityTokenAttachmentMode.ToString() })));
}
}
}
}
static void SetSecurityHeaderId(SendSecurityHeader securityHeader, Message message)
{
SecurityMessageProperty messageProperty = message.Properties.Security;
if (messageProperty != null)
{
securityHeader.IdPrefix = messageProperty.SenderIdPrefix;
}
}
protected void AddSupportingTokens(SendSecurityHeader securityHeader, IList<SupportingTokenSpecification> supportingTokens)
{
if (supportingTokens != null)
{
for (int i = 0; i < supportingTokens.Count; ++i)
{
SecurityToken token = supportingTokens[i].SecurityToken;
SecurityTokenParameters tokenParameters = supportingTokens[i].SecurityTokenParameters;
switch (supportingTokens[i].SecurityTokenAttachmentMode)
{
case SecurityTokenAttachmentMode.Signed:
securityHeader.AddSignedSupportingToken(token, tokenParameters);
break;
case SecurityTokenAttachmentMode.Endorsing:
securityHeader.AddEndorsingSupportingToken(token, tokenParameters);
break;
case SecurityTokenAttachmentMode.SignedEncrypted:
securityHeader.AddBasicSupportingToken(token, tokenParameters);
break;
case SecurityTokenAttachmentMode.SignedEndorsing:
securityHeader.AddSignedEndorsingSupportingToken(token, tokenParameters);
break;
default:
Fx.Assert("Unknown token attachment mode " + supportingTokens[i].SecurityTokenAttachmentMode.ToString());
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.UnknownTokenAttachmentMode, supportingTokens[i].SecurityTokenAttachmentMode.ToString())));
}
}
}
}
