public SecurityAppliedMessage(Message messageToProcess, SendSecurityHeader securityHeader, bool signBody, bool encryptBody) : base(messageToProcess) { Fx.Assert(!(messageToProcess is SecurityAppliedMessage), "SecurityAppliedMessage should not be wrapped"); this.securityHeader = securityHeader; this.bodyProtectionMode = MessagePartProtectionModeHelper.GetProtectionMode(signBody, encryptBody, securityHeader.SignThenEncrypt); }
internal void SetUpDelayedSecurityExecution(ref Message message, string actor, IList <SupportingTokenSpecification> supportingTokens) { SendSecurityHeader securityHeader = base.CreateSendSecurityHeaderForTransportProtocol(message, actor, base.SecurityProtocolFactory); base.AddSupportingTokens(securityHeader, supportingTokens); message = securityHeader.SetupExecution(); }
protected void AddSupportingTokens(SendSecurityHeader securityHeader, IList <SupportingTokenSpecification> supportingTokens) { if (supportingTokens != null) { for (int i = 0; i < supportingTokens.Count; ++i) { SecurityToken token = supportingTokens[i].SecurityToken; SecurityTokenParameters tokenParameters = supportingTokens[i].SecurityTokenParameters; switch (supportingTokens[i].SecurityTokenAttachmentMode) { case SecurityTokenAttachmentMode.Signed: securityHeader.AddSignedSupportingToken(token, tokenParameters); break; case SecurityTokenAttachmentMode.Endorsing: securityHeader.AddEndorsingSupportingToken(token, tokenParameters); break; case SecurityTokenAttachmentMode.SignedEncrypted: securityHeader.AddBasicSupportingToken(token, tokenParameters); break; case SecurityTokenAttachmentMode.SignedEndorsing: securityHeader.AddSignedEndorsingSupportingToken(token, tokenParameters); break; default: Fx.Assert("Unknown token attachment mode " + supportingTokens[i].SecurityTokenAttachmentMode.ToString()); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.Format(SR.UnknownTokenAttachmentMode, supportingTokens[i].SecurityTokenAttachmentMode.ToString()))); } } } }
void SetUpDelayedSecurityExecution(ref Message message, SecurityToken encryptingToken, SecurityToken signingToken, IList <SupportingTokenSpecification> supportingTokens, SecurityProtocolCorrelationState correlationState) { AsymmetricSecurityProtocolFactory factory = this.Factory; string actor = string.Empty; SendSecurityHeader securityHeader = ConfigureSendSecurityHeader(message, actor, supportingTokens, correlationState); SecurityTokenParameters signingTokenParameters = (this.Factory.ActAsInitiator) ? this.Factory.CryptoTokenParameters : this.Factory.AsymmetricTokenParameters; SecurityTokenParameters encryptionTokenParameters = (this.Factory.ActAsInitiator) ? this.Factory.AsymmetricTokenParameters : this.Factory.CryptoTokenParameters; if (this.Factory.ApplyIntegrity || securityHeader.HasSignedTokens) { if (!this.Factory.ApplyIntegrity) { securityHeader.SignatureParts = MessagePartSpecification.NoParts; } securityHeader.SetSigningToken(signingToken, signingTokenParameters); } if (Factory.ApplyConfidentiality || securityHeader.HasEncryptedTokens) { if (!this.Factory.ApplyConfidentiality) { securityHeader.EncryptionParts = MessagePartSpecification.NoParts; } securityHeader.SetEncryptionToken(encryptingToken, encryptionTokenParameters); } message = securityHeader.SetupExecution(); }
protected void AddSupportingTokens(SendSecurityHeader securityHeader, IList <SupportingTokenSpecification> supportingTokens) { if (supportingTokens != null) { for (int i = 0; i < supportingTokens.Count; i++) { SecurityToken securityToken = supportingTokens[i].SecurityToken; SecurityTokenParameters securityTokenParameters = supportingTokens[i].SecurityTokenParameters; switch (supportingTokens[i].SecurityTokenAttachmentMode) { case SecurityTokenAttachmentMode.Signed: securityHeader.AddSignedSupportingToken(securityToken, securityTokenParameters); break; case SecurityTokenAttachmentMode.Endorsing: securityHeader.AddEndorsingSupportingToken(securityToken, securityTokenParameters); break; case SecurityTokenAttachmentMode.SignedEndorsing: securityHeader.AddSignedEndorsingSupportingToken(securityToken, securityTokenParameters); break; case SecurityTokenAttachmentMode.SignedEncrypted: securityHeader.AddBasicSupportingToken(securityToken, securityTokenParameters); break; default: throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(System.ServiceModel.SR.GetString("UnknownTokenAttachmentMode", new object[] { supportingTokens[i].SecurityTokenAttachmentMode.ToString() }))); } } } }
protected void SecureOutgoingMessageAtResponder(ref Message message, string actor) { if (this.SecurityProtocolFactory.AddTimestamp && !this.SecurityProtocolFactory.SecurityBindingElement.EnableUnsecuredResponse) { SendSecurityHeader securityHeader = CreateSendSecurityHeaderForTransportProtocol(message, actor, this.SecurityProtocolFactory); message = securityHeader.SetupExecution(); } }
private static void SetSecurityHeaderId(SendSecurityHeader securityHeader, Message message) { SecurityMessageProperty messageProperty = message.Properties.Security; if (messageProperty != null) { securityHeader.IdPrefix = messageProperty.SenderIdPrefix; } }
internal void SetupDelayedSecurityExecution(string actor, ref Message message, SecurityToken signingToken, SecurityToken sourceToken, SecurityTokenParameters tokenParameters, IList <SupportingTokenSpecification> supportingTokens) { SendSecurityHeader securityHeader = base.CreateSendSecurityHeaderForTransportProtocol(message, actor, this.Factory); securityHeader.RequireMessageProtection = false; if (sourceToken != null) { securityHeader.AddPrerequisiteToken(sourceToken); } base.AddSupportingTokens(securityHeader, supportingTokens); securityHeader.AddEndorsingSupportingToken(signingToken, tokenParameters); message = securityHeader.SetupExecution(); }
private SendSecurityHeader CreateSendSecurityHeader(Message message, string actor, System.ServiceModel.Security.SecurityProtocolFactory factory, bool requireMessageProtection) { MessageDirection direction = factory.ActAsInitiator ? MessageDirection.Input : MessageDirection.Output; SendSecurityHeader securityHeader = factory.StandardsManager.CreateSendSecurityHeader(message, actor, true, false, factory.OutgoingAlgorithmSuite, direction); securityHeader.Layout = factory.SecurityHeaderLayout; securityHeader.RequireMessageProtection = requireMessageProtection; SetSecurityHeaderId(securityHeader, message); if (factory.AddTimestamp) { securityHeader.AddTimestamp(factory.TimestampValidityDuration); } return(securityHeader); }
private void SetUpDelayedSecurityExecution(ref Message message, SecurityToken signingToken, SecurityToken encryptionToken, SecurityTokenParameters tokenParameters, SecurityProtocolCorrelationState correlationState) { string actor = string.Empty; SendSecurityHeader header = base.ConfigureSendSecurityHeader(message, actor, null, correlationState); if (this.Factory.ApplyIntegrity) { header.SetSigningToken(signingToken, tokenParameters); } if (this.Factory.ApplyConfidentiality) { header.SetEncryptionToken(encryptionToken, tokenParameters); } message = header.SetupExecution(); }
internal void SetUpDelayedSecurityExecution(ref Message message, SecurityToken signingToken, SecurityToken encryptionToken, SecurityToken sourceToken, SecurityTokenParameters tokenParameters, IList <SupportingTokenSpecification> supportingTokens, SecurityProtocolCorrelationState correlationState) { SessionSymmetricMessageSecurityProtocolFactory factory = this.Factory; string actor = string.Empty; SendSecurityHeader header = base.ConfigureSendSecurityHeader(message, actor, supportingTokens, correlationState); if (sourceToken != null) { header.AddPrerequisiteToken(sourceToken); } if (this.Factory.ApplyIntegrity) { header.SetSigningToken(signingToken, tokenParameters); } if (this.Factory.ApplyConfidentiality) { header.SetEncryptionToken(encryptionToken, tokenParameters); } message = header.SetupExecution(); }
protected SendSecurityHeader ConfigureSendSecurityHeader(Message message, string actor, IList <SupportingTokenSpecification> supportingTokens, SecurityProtocolCorrelationState correlationState) { MessageSecurityProtocolFactory factory = this.MessageSecurityProtocolFactory; SendSecurityHeader securityHeader = CreateSendSecurityHeader(message, actor, factory); securityHeader.SignThenEncrypt = factory.MessageProtectionOrder != MessageProtectionOrder.EncryptBeforeSign; // If ProtectTokens is enabled then we make sure that both the client side and the service side sign the primary token // ( if it is an issued token, the check exists in sendsecurityheader)in the primary signature while sending a message. securityHeader.ShouldProtectTokens = factory.SecurityBindingElement.ProtectTokens; securityHeader.EncryptPrimarySignature = factory.MessageProtectionOrder == MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature; if (factory.DoRequestSignatureConfirmation && correlationState != null) { if (factory.ActAsInitiator) { securityHeader.MaintainSignatureConfirmationState = true; securityHeader.CorrelationState = correlationState; } else if (correlationState.SignatureConfirmations != null) { securityHeader.AddSignatureConfirmations(correlationState.SignatureConfirmations); } } string action = message.Headers.Action; if (this.factory.ApplyIntegrity) { securityHeader.SignatureParts = this.factory.GetOutgoingSignatureParts(action); } if (factory.ApplyConfidentiality) { securityHeader.EncryptionParts = this.factory.GetOutgoingEncryptionParts(action); } AddSupportingTokens(securityHeader, supportingTokens); return(securityHeader); }
private SecurityToken GetInitiatorToken(SecurityToken providerToken, Message message, TimeSpan timeout, out SecurityTokenParameters tokenParameters, out SecurityToken prerequisiteWrappingToken) { SecurityToken token; tokenParameters = null; prerequisiteWrappingToken = null; if (this.Factory.SecurityTokenParameters.HasAsymmetricKey) { SecurityToken wrappingToken = providerToken; bool flag = SendSecurityHeader.ShouldSerializeToken(this.Factory.SecurityTokenParameters, MessageDirection.Input); if (flag) { prerequisiteWrappingToken = wrappingToken; } token = this.CreateWrappedKeyToken(wrappingToken, this.Factory.SecurityTokenParameters, flag ? SecurityTokenReferenceStyle.Internal : SecurityTokenReferenceStyle.External); } else { token = providerToken; } tokenParameters = this.Factory.GetProtectionTokenParameters(); return(token); }
public SecurityAppliedMessage(Message messageToProcess, SendSecurityHeader securityHeader, bool signBody, bool encryptBody) : base(messageToProcess) { this.bodyPrefix = "s"; this.securityHeader = securityHeader; this.bodyProtectionMode = MessagePartProtectionModeHelper.GetProtectionMode(signBody, encryptBody, securityHeader.SignThenEncrypt); }
protected void AddSupportingTokens(SendSecurityHeader securityHeader, IList<SupportingTokenSpecification> supportingTokens) { if (supportingTokens != null) { for (int i = 0; i < supportingTokens.Count; i++) { SecurityToken securityToken = supportingTokens[i].SecurityToken; SecurityTokenParameters securityTokenParameters = supportingTokens[i].SecurityTokenParameters; switch (supportingTokens[i].SecurityTokenAttachmentMode) { case SecurityTokenAttachmentMode.Signed: securityHeader.AddSignedSupportingToken(securityToken, securityTokenParameters); break; case SecurityTokenAttachmentMode.Endorsing: securityHeader.AddEndorsingSupportingToken(securityToken, securityTokenParameters); break; case SecurityTokenAttachmentMode.SignedEndorsing: securityHeader.AddSignedEndorsingSupportingToken(securityToken, securityTokenParameters); break; case SecurityTokenAttachmentMode.SignedEncrypted: securityHeader.AddBasicSupportingToken(securityToken, securityTokenParameters); break; default: throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(System.ServiceModel.SR.GetString("UnknownTokenAttachmentMode", new object[] { supportingTokens[i].SecurityTokenAttachmentMode.ToString() }))); } } } }
static void SetSecurityHeaderId(SendSecurityHeader securityHeader, Message message) { SecurityMessageProperty messageProperty = message.Properties.Security; if (messageProperty != null) { securityHeader.IdPrefix = messageProperty.SenderIdPrefix; } }
protected void AddSupportingTokens(SendSecurityHeader securityHeader, IList<SupportingTokenSpecification> supportingTokens) { if (supportingTokens != null) { for (int i = 0; i < supportingTokens.Count; ++i) { SecurityToken token = supportingTokens[i].SecurityToken; SecurityTokenParameters tokenParameters = supportingTokens[i].SecurityTokenParameters; switch (supportingTokens[i].SecurityTokenAttachmentMode) { case SecurityTokenAttachmentMode.Signed: securityHeader.AddSignedSupportingToken(token, tokenParameters); break; case SecurityTokenAttachmentMode.Endorsing: securityHeader.AddEndorsingSupportingToken(token, tokenParameters); break; case SecurityTokenAttachmentMode.SignedEncrypted: securityHeader.AddBasicSupportingToken(token, tokenParameters); break; case SecurityTokenAttachmentMode.SignedEndorsing: securityHeader.AddSignedEndorsingSupportingToken(token, tokenParameters); break; default: Fx.Assert("Unknown token attachment mode " + supportingTokens[i].SecurityTokenAttachmentMode.ToString()); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.UnknownTokenAttachmentMode, supportingTokens[i].SecurityTokenAttachmentMode.ToString()))); } } } }