internal SecurityBindingElement()
: base()
{
_messageSecurityVersion = MessageSecurityVersion.Default;
_includeTimestamp = defaultIncludeTimestamp;
_localClientSettings = new LocalClientSecuritySettings();
_endpointSupportingTokenParameters = new SupportingTokenParameters();
_securityHeaderLayout = SecurityProtocolFactory.defaultSecurityHeaderLayout;
}
internal SecurityBindingElement()
: base()
{
_messageSecurityVersion = MessageSecurityVersion.Default;
_includeTimestamp = defaultIncludeTimestamp;
_localClientSettings = new LocalClientSecuritySettings();
_endpointSupportingTokenParameters = new SupportingTokenParameters();
_securityHeaderLayout = SecurityProtocolFactory.defaultSecurityHeaderLayout;
throw ExceptionHelper.PlatformNotSupported("SecurityBindingElement is not supported");
}
CreateCertificateOverTransportBindingElement(MessageSecurityVersion version)
{
var be = new TransportSecurityBindingElement()
{
MessageSecurityVersion = version
};
be.EndpointSupportingTokenParameters.SignedEncrypted.Add(new X509SecurityTokenParameters());
return(be);
}
public AsymetricSecurityBE()
{
MessageSecurityVersion securityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
SecurityBindingElement securityBE = SecurityBindingElement.CreateMutualCertificateBindingElement(securityVersion, true);
securityBE.IncludeTimestamp = true;
securityBE.SetKeyDerivation(false);
securityBE.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
securityBE.EnableUnsecuredResponse = true;
m_asymSecBE = securityBE as AsymmetricSecurityBindingElement;
}
internal static SecurityStandardsManager CreateSecurityStandardsManager(MessageSecurityVersion securityVersion, SecurityTokenSerializer securityTokenSerializer)
{
if (securityVersion == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("securityVersion"));
}
if (securityTokenSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityTokenSerializer");
}
return(new SecurityStandardsManager(securityVersion, securityTokenSerializer));
}
public static void WSFederationHttpBindingTests_Succeeds(MessageSecurityVersion messageSecurityVersion, SecurityKeyType securityKeyType, bool useSecureConversation, string endpointSuffix, WSMessageEncoding encoding)
{
Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
EndpointAddress issuerAddress = null;
EndpointAddress serviceEndpointAddress = null;
string tokenTargetAddress = null;
string testString = "Hello";
ChannelFactory <IWcfService> factory = null;
IWcfService serviceProxy = null;
try
{
// *** SETUP *** \\
issuerAddress = new EndpointAddress(new Uri(Endpoints.WSFederationAuthorityLocalSTS + endpointSuffix));
tokenTargetAddress = Endpoints.Https_SecModeTransWithMessCred_ClientCredTypeIssuedTokenSaml2 + endpointSuffix + (useSecureConversation ? "/sc" : string.Empty) + "/" + Enum.GetName(typeof(WSMessageEncoding), encoding);
serviceEndpointAddress = new EndpointAddress(new Uri(tokenTargetAddress));
var issuerBinding = new WSHttpBinding(SecurityMode.Transport);
issuerBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
WSFederationHttpBinding federationBinding = new WSFederationHttpBinding(
new WSTrustTokenParameters
{
IssuerAddress = issuerAddress,
IssuerBinding = issuerBinding,
KeyType = securityKeyType,
TokenType = Saml2Constants.OasisWssSaml2TokenProfile11,
MessageSecurityVersion = messageSecurityVersion,
});
federationBinding.MessageEncoding = encoding;
federationBinding.Security.Message.EstablishSecurityContext = useSecureConversation;
factory = new ChannelFactory <IWcfService>(federationBinding, serviceEndpointAddress);
factory.Credentials.UserName.UserName = "******";
// [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Not a real secret")]
factory.Credentials.UserName.Password = "******";
serviceProxy = factory.CreateChannel();
// *** EXECUTE *** \\
string result = serviceProxy.Echo(testString);
// *** VALIDATE *** \\
Assert.Equal(testString, result);
// *** CLEANUP *** \\
((ICommunicationObject)serviceProxy).Close();
factory.Close();
}
finally
{
// *** ENSURE CLEANUP *** \\
ScenarioTestHelpers.CloseCommunicationObjects((ICommunicationObject)serviceProxy, factory);
}
}
public static void AssertSymmetricSecurityBindingElement(
SecurityAlgorithmSuite algorithm,
bool includeTimestamp,
SecurityKeyEntropyMode keyEntropyMode,
MessageProtectionOrder messageProtectionOrder,
MessageSecurityVersion messageSecurityVersion,
bool requireSignatureConfirmation,
SecurityHeaderLayout securityHeaderLayout,
// EndpointSupportingTokenParameters
int endorsing, int signed, int signedEncrypted, int signedEndorsing,
// ProtectionTokenParameters
bool hasProtectionTokenParameters,
SecurityTokenInclusionMode protectionTokenInclusionMode,
SecurityTokenReferenceStyle protectionTokenReferenceStyle,
bool protectionTokenRequireDerivedKeys,
// LocalClientSettings
bool cacheCookies,
int renewalThresholdPercentage,
bool detectReplays,
SymmetricSecurityBindingElement be, string label)
{
AssertSecurityBindingElement(
algorithm,
includeTimestamp,
keyEntropyMode,
messageSecurityVersion,
securityHeaderLayout,
// EndpointSupportingTokenParameters
endorsing, signed, signedEncrypted, signedEndorsing,
// LocalClientSettings
cacheCookies,
renewalThresholdPercentage,
detectReplays,
be, label);
Assert.AreEqual(messageProtectionOrder, be.MessageProtectionOrder, label + ".MessageProtectionOrder");
Assert.AreEqual(requireSignatureConfirmation, be.RequireSignatureConfirmation, label + ".RequireSignatureConfirmation");
if (!hasProtectionTokenParameters)
{
Assert.IsNull(be.ProtectionTokenParameters, label + ".ProtectionTokenParameters (null)");
}
else
{
AssertSecurityTokenParameters(
protectionTokenInclusionMode,
protectionTokenReferenceStyle,
protectionTokenRequireDerivedKeys,
be.ProtectionTokenParameters, label + ".ProtectionTokenParameters");
}
}
internal SecurityBindingElement()
: base()
{
_messageSecurityVersion = MessageSecurityVersion.Default;
_keyEntropyMode = AcceleratedTokenProvider.defaultKeyEntropyMode;
IncludeTimestamp = defaultIncludeTimestamp;
_defaultAlgorithmSuite = defaultDefaultAlgorithmSuite;
LocalClientSettings = new LocalClientSecuritySettings();
EndpointSupportingTokenParameters = new SupportingTokenParameters();
OptionalEndpointSupportingTokenParameters = new SupportingTokenParameters();
_operationSupportingTokenParameters = new Dictionary <string, SupportingTokenParameters>();
_optionalOperationSupportingTokenParameters = new Dictionary <string, SupportingTokenParameters>();
_securityHeaderLayout = SecurityProtocolFactory.defaultSecurityHeaderLayout;
}
CreateMutualCertificateBindingElement(
MessageSecurityVersion version,
bool allowSerializedSigningTokenOnReply)
{
if (version == null)
{
throw new ArgumentNullException("version");
}
if (allowSerializedSigningTokenOnReply)
{
throw new NotSupportedException("allowSerializedSigningTokenOnReply is not supported");
}
if (version.SecurityVersion == SecurityVersion.WSSecurity10)
{
var recipient = new X509SecurityTokenParameters(
X509KeyIdentifierClauseType.Any,
SecurityTokenInclusionMode.Never);
recipient.RequireDerivedKeys = false;
var initiator = new X509SecurityTokenParameters(
X509KeyIdentifierClauseType.Any,
SecurityTokenInclusionMode.AlwaysToRecipient);
initiator.RequireDerivedKeys = false;
return(new AsymmetricSecurityBindingElement(recipient, initiator)
{
MessageSecurityVersion = version
});
}
else
{
X509SecurityTokenParameters p =
new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Thumbprint);
p.RequireDerivedKeys = false;
var sym = new SymmetricSecurityBindingElement()
{
MessageSecurityVersion = version,
RequireSignatureConfirmation = true
};
X509SecurityTokenParameters p2 = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Thumbprint);
p2.ReferenceStyle = SecurityTokenReferenceStyle.External;
sym.ProtectionTokenParameters = p2;
sym.EndpointSupportingTokenParameters.Endorsing.Add(p);
return(sym);
}
}
private WsTrustVersion GetWsTrustVersion(MessageSecurityVersion messageSecurityVersion)
{
if (messageSecurityVersion.TrustVersion == TrustVersion.WSTrust13)
{
return(WsTrustVersion.Trust13);
}
if (messageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005)
{
return(WsTrustVersion.TrustFeb2005);
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new NotSupportedException(LogHelper.FormatInvariant("Unsupported TrustVersion: '{0}'.", MessageSecurityVersion.TrustVersion)), System.Diagnostics.Tracing.EventLevel.Error);
}
private WsTrustVersion GetWsTrustVersion(MessageSecurityVersion messageSecurityVersion)
{
if (messageSecurityVersion.TrustVersion == TrustVersion.WSTrust13)
{
return(WsTrustVersion.Trust13);
}
if (messageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005)
{
return(WsTrustVersion.TrustFeb2005);
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new NotSupportedException(LogHelper.FormatInvariant(SR.GetResourceString(SR.WsTrustVersionNotSupported), MessageSecurityVersion.TrustVersion)), EventLevel.Error);
}
private WsTrustVersion GetWsTrustVersion(MessageSecurityVersion messageSecurityVersion)
{
if (messageSecurityVersion.TrustVersion == TrustVersion.WSTrust13)
{
return(WsTrustVersion.Trust13);
}
if (messageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005)
{
return(WsTrustVersion.TrustFeb2005);
}
throw new NotSupportedException($"Unsupported TrustVersion: '{MessageSecurityVersion.TrustVersion}'.");
}
private WsSecurityVersion GetWsSecurityVersion(MessageSecurityVersion messageSecurityVersion)
{
if (messageSecurityVersion.SecurityVersion == SecurityVersion.WSSecurity10)
{
return(WsSecurityVersion.Security10);
}
if (messageSecurityVersion.SecurityVersion == SecurityVersion.WSSecurity11)
{
return(WsSecurityVersion.Security11);
}
throw new NotSupportedException($"Unsupported SecurityVersion: '{MessageSecurityVersion.SecurityVersion}'.");
}
internal SecurityBindingElement(SecurityBindingElement elementToBeCloned)
: base(elementToBeCloned)
{
if (elementToBeCloned == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("elementToBeCloned");
}
_includeTimestamp = elementToBeCloned._includeTimestamp;
_messageSecurityVersion = elementToBeCloned._messageSecurityVersion;
_securityHeaderLayout = elementToBeCloned._securityHeaderLayout;
_endpointSupportingTokenParameters = elementToBeCloned._endpointSupportingTokenParameters.Clone();
_localClientSettings = elementToBeCloned._localClientSettings.Clone();
throw ExceptionHelper.PlatformNotSupported("SecurityBindingElement cloning not supported.");
}
public override object ConvertTo(ITypeDescriptorContext context, System.Globalization.CultureInfo culture, object value, Type destinationType)
{
if (typeof(string) == destinationType && value is MessageSecurityVersion)
{
string retval = null;
MessageSecurityVersion securityVersion = (MessageSecurityVersion)value;
#if DESKTOP
if (securityVersion == MessageSecurityVersion.Default)
{
retval = ConfigurationStrings.Default;
}
else
#endif
if (securityVersion == MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11)
{
retval = ConfigurationStrings.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11;
}
else if (securityVersion == MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10)
{
retval = ConfigurationStrings.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
}
else if (securityVersion == MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10)
{
retval = ConfigurationStrings.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
}
#if DESKTOP
else if (securityVersion == MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10)
{
retval = ConfigurationStrings.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
}
else if (securityVersion == MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12)
{
retval = ConfigurationStrings.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12;
}
else if (securityVersion == MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10)
{
retval = ConfigurationStrings.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
}
#endif
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value",
SR.GetString(SR.ConfigInvalidClassInstanceValue, typeof(MessageSecurityVersion).FullName)));
}
return(retval);
}
return(base.ConvertTo(context, culture, value, destinationType));
}
internal SecurityBindingElement(SecurityBindingElement elementToBeCloned)
: base(elementToBeCloned)
{
if (elementToBeCloned == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("elementToBeCloned");
}
_includeTimestamp = elementToBeCloned._includeTimestamp;
_messageSecurityVersion = elementToBeCloned._messageSecurityVersion;
_securityHeaderLayout = elementToBeCloned._securityHeaderLayout;
_endpointSupportingTokenParameters = elementToBeCloned._endpointSupportingTokenParameters.Clone();
_localClientSettings = elementToBeCloned._localClientSettings.Clone();
_maxReceivedMessageSize = elementToBeCloned._maxReceivedMessageSize;
_readerQuotas = elementToBeCloned._readerQuotas;
}
internal SecurityBindingElement CreateMessageSecurity(bool isSecureTransportMode)
{
SecurityBindingElement algorithmSuite;
if (!isSecureTransportMode)
{
if (this.clientCredentialType != BasicHttpMessageCredentialType.Certificate)
{
throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(Microsoft.ServiceBus.SR.GetString(Resources.BasicHttpMessageSecurityRequiresCertificate, new object[0])));
}
algorithmSuite = SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10, true);
}
else
{
MessageSecurityVersion wSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10 = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
switch (this.clientCredentialType)
{
case BasicHttpMessageCredentialType.UserName:
{
algorithmSuite = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
algorithmSuite.MessageSecurityVersion = wSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
algorithmSuite.DefaultAlgorithmSuite = this.AlgorithmSuite;
algorithmSuite.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
algorithmSuite.SetKeyDerivation(false);
InvokeHelper.InvokeInstanceSet(algorithmSuite.GetType(), algorithmSuite, "DoNotEmitTrust", true);
return(algorithmSuite);
}
case BasicHttpMessageCredentialType.Certificate:
{
algorithmSuite = SecurityBindingElement.CreateCertificateOverTransportBindingElement(wSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
algorithmSuite.DefaultAlgorithmSuite = this.AlgorithmSuite;
algorithmSuite.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
algorithmSuite.SetKeyDerivation(false);
InvokeHelper.InvokeInstanceSet(algorithmSuite.GetType(), algorithmSuite, "DoNotEmitTrust", true);
return(algorithmSuite);
}
}
Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.DebugAssert("Unsupported basic http message credential type");
throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
algorithmSuite.DefaultAlgorithmSuite = this.AlgorithmSuite;
algorithmSuite.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
algorithmSuite.SetKeyDerivation(false);
InvokeHelper.InvokeInstanceSet(algorithmSuite.GetType(), algorithmSuite, "DoNotEmitTrust", true);
return(algorithmSuite);
}
internal SecurityBindingElement()
: base()
{
_messageSecurityVersion = MessageSecurityVersion.Default;
_keyEntropyMode = SecurityKeyEntropyMode.CombinedEntropy; // AcceleratedTokenProvider.defaultKeyEntropyMode;
IncludeTimestamp = DefaultIncludeTimestamp;
_defaultAlgorithmSuite = s_defaultDefaultAlgorithmSuite;
LocalServiceSettings = new LocalServiceSecuritySettings();
EndpointSupportingTokenParameters = new SupportingTokenParameters();
OptionalEndpointSupportingTokenParameters = new SupportingTokenParameters();
_operationSupportingTokenParameters = new Dictionary <string, SupportingTokenParameters>();
_optionalOperationSupportingTokenParameters = new Dictionary <string, SupportingTokenParameters>();
_securityHeaderLayout = SecurityHeaderLayout.Strict; // SecurityProtocolFactory.defaultSecurityHeaderLayout;
AllowInsecureTransport = DefaultAllowInsecureTransport;
EnableUnsecuredResponse = DefaultEnableUnsecuredResponse;
ProtectTokens = DefaultProtectTokens;
}
public override object ConvertFrom(ITypeDescriptorContext context, System.Globalization.CultureInfo culture, object value)
{
if (value is string)
{
string version = (string)value;
MessageSecurityVersion retval = null;
switch (version)
{
case ConfigurationStrings.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11:
retval = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11;
break;
case ConfigurationStrings.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10:
retval = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
break;
case ConfigurationStrings.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10:
retval = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
break;
#if DESKTOP
case ConfigurationStrings.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10:
retval = MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
break;
case ConfigurationStrings.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12:
retval = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12;
break;
case ConfigurationStrings.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10:
retval = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
break;
case ConfigurationStrings.Default:
retval = MessageSecurityVersion.Default;
break;
#endif
default:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value",
SR.GetString(SR.ConfigInvalidClassFactoryValue, version, typeof(MessageSecurityVersion).FullName)));
}
return(retval);
}
return(base.ConvertFrom(context, culture, value));
}
public virtual Task OnOpenAsync(TimeSpan timeout)
{
if (SecurityBindingElement == null)
{
OnPropertySettingsError(nameof(SecurityBindingElement), true);
}
if (SecurityTokenManager == null)
{
OnPropertySettingsError(nameof(SecurityTokenManager), true);
}
MessageSecurityVersion = _standardsManager.MessageSecurityVersion;
TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);
_expectOutgoingMessages = ActAsInitiator || SupportsRequestReply;
_expectIncomingMessages = !ActAsInitiator || SupportsRequestReply;
if (!ActAsInitiator)
{
throw ExceptionHelper.PlatformNotSupported();
}
if (DetectReplays)
{
if (!SupportsReplayDetection)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(nameof(DetectReplays), SR.Format(SR.SecurityProtocolCannotDoReplayDetection, this));
}
if (MaxClockSkew == TimeSpan.MaxValue || ReplayWindow == TimeSpan.MaxValue)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.NoncesCachedInfinitely));
}
// If DetectReplays is true and nonceCache is null then use the default InMemoryNonceCache.
if (_nonceCache == null)
{
// The nonce needs to be cached for replayWindow + 2*clockSkew to eliminate replays
_nonceCache = new InMemoryNonceCache(ReplayWindow + MaxClockSkew + MaxClockSkew, MaxCachedNonces);
}
}
//derivedKeyTokenAuthenticator = new NonValidatingSecurityTokenAuthenticator<DerivedKeySecurityToken>();
return(Task.CompletedTask);
}
public RequestSecurityToken(MessageSecurityVersion messageSecurityVersion,
SecurityTokenSerializer securityTokenSerializer,
XmlElement requestSecurityTokenXml,
string context,
string tokenType,
string requestType,
int keySize,
SecurityKeyIdentifierClause renewTarget,
SecurityKeyIdentifierClause closeTarget)
: this(SecurityUtils.CreateSecurityStandardsManager(messageSecurityVersion, securityTokenSerializer),
requestSecurityTokenXml,
context,
tokenType,
requestType,
keySize,
renewTarget,
closeTarget)
{
}
/// <summary>
/// Creates a shallow copy of 'other'.
/// </summary>
/// <param name="other">The WSTrustTokenParameters to copy.</param>
protected WSTrustTokenParameters(WSTrustTokenParameters other)
: base(other)
{
foreach (var parameter in other.AdditionalRequestParameters)
{
AdditionalRequestParameters.Add(parameter);
}
CacheIssuedTokens = other.CacheIssuedTokens;
foreach (var claimType in ClaimTypes)
{
ClaimTypes.Add(claimType);
}
_issuedTokenRenewalThresholdPercentage = other.IssuedTokenRenewalThresholdPercentage;
KeySize = other.KeySize;
_maxIssuedTokenCachingTime = other.MaxIssuedTokenCachingTime;
_messageSecurityVersion = other.MessageSecurityVersion;
}
public SecurityStandardsManager(MessageSecurityVersion messageSecurityVersion, SecurityTokenSerializer tokenSerializer)
{
if (messageSecurityVersion == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("messageSecurityVersion"));
}
if (tokenSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenSerializer");
}
_messageSecurityVersion = messageSecurityVersion;
_tokenSerializer = tokenSerializer;
if (messageSecurityVersion.SecureConversationVersion == SecureConversationVersion.WSSecureConversation13)
{
_secureConversationDriver = new WSSecureConversationDec2005.DriverDec2005();
}
else
{
_secureConversationDriver = new WSSecureConversationFeb2005.DriverFeb2005();
}
if (this.SecurityVersion == SecurityVersion.WSSecurity10 || this.SecurityVersion == SecurityVersion.WSSecurity11)
{
_idManager = WSSecurityJan2004.IdManager.Instance;
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("messageSecurityVersion", SRServiceModel.MessageSecurityVersionOutOfRange));
}
_wsUtilitySpecificationVersion = WSUtilitySpecificationVersion.Default;
if (messageSecurityVersion.MessageSecurityTokenVersion.TrustVersion == TrustVersion.WSTrust13)
{
_trustDriver = new WSTrustDec2005.DriverDec2005(this);
}
else
{
_trustDriver = new WSTrustFeb2005.DriverFeb2005(this);
}
}
void CallBegin(bool completedSynchronously)
{
IAsyncResult result = null;
Exception exception = null;
try
{
CardSpacePolicyElement[] chain;
SecurityTokenManager tokenManager = credentials.CreateSecurityTokenManager();
requiresInfoCard = InfoCardHelper.IsInfocardRequired(binding, credentials, tokenManager, proxy.RemoteAddress, out chain, out relyingPartyIssuer);
MessageSecurityVersion bindingSecurityVersion = InfoCardHelper.GetBindingSecurityVersionOrDefault(binding);
WSSecurityTokenSerializer tokenSerializer = WSSecurityTokenSerializer.DefaultInstance;
result = credentials.GetInfoCardTokenCallback.BeginInvoke(requiresInfoCard, chain, tokenManager.CreateSecurityTokenSerializer(bindingSecurityVersion.SecurityTokenVersion), callback, this);
}
catch (Exception e)
{
if (Fx.IsFatal(e))
{
throw;
}
exception = e;
}
if (exception == null)
{
if (!result.CompletedSynchronously)
{
return;
}
this.CallEnd(result, out exception);
}
if (exception != null)
{
return;
}
this.CallComplete(completedSynchronously, null);
}
public Collection <XmlElement> CreateRequestParameters(
MessageSecurityVersion messageSecurityVersion,
SecurityTokenSerializer securityTokenSerializer)
{
XmlDocument doc = new XmlDocument();
Collection <XmlElement> ret = new Collection <XmlElement> ();
// KeyType
string keyTypeUri =
KeyType == SecurityKeyType.SymmetricKey ?
Constants.WstSymmetricKeyTypeUri :
Constants.WstAsymmetricKeyTypeUri;
XmlElement kt = doc.CreateElement("t", "KeyType", Constants.WstNamespace);
kt.AppendChild(doc.CreateTextNode(keyTypeUri));
ret.Add(kt);
// ClaimTypes
XmlElement cts = doc.CreateElement("t", "Claims", Constants.WstNamespace);
foreach (ClaimTypeRequirement req in ClaimTypeRequirements)
{
XmlElement el = doc.CreateElement("wsid", "ClaimType", Constants.WsidNamespace);
el.SetAttribute("Uri", req.ClaimType);
if (req.IsOptional)
{
el.SetAttribute("Optional", "true");
}
cts.AppendChild(el);
}
ret.Add(cts);
// Additional parameters
foreach (XmlElement el in AdditionalRequestParameters)
{
ret.Add(el);
}
return(ret);
}
public override object ConvertTo(ITypeDescriptorContext context, CultureInfo culture, object value, Type destinationType)
{
if (!(typeof(string) == destinationType) || !(value is MessageSecurityVersion))
{
return(base.ConvertTo(context, culture, value, destinationType));
}
MessageSecurityVersion version = (MessageSecurityVersion)value;
if (version == MessageSecurityVersion.Default)
{
return("Default");
}
if (version == MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11)
{
return("WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11");
}
if (version == MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10)
{
return("WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10");
}
if (version == MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10)
{
return("WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10");
}
if (version == MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10)
{
return("WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10");
}
if (version == MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12)
{
return("WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12");
}
if (version != MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value", System.ServiceModel.SR.GetString("ConfigInvalidClassInstanceValue", new object[] { typeof(MessageSecurityVersion).FullName })));
}
return("WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10");
}
/// <summary>Initializes a new instance of the <see cref="T:System.ServiceModel.Security.Tokens.IssuedSecurityTokenParameters" /> class.</summary>
/// <param name="other">The other instance of this class.</param>
/// <exception cref="T:System.ArgumentNullException">
/// <paramref name="other" /> is null.</exception>
protected IssuedSecurityTokenParameters(IssuedSecurityTokenParameters other)
: base((SecurityTokenParameters)other)
{
this.defaultMessageSecurityVersion = other.defaultMessageSecurityVersion;
this.issuerAddress = other.issuerAddress;
this.keyType = other.keyType;
this.tokenType = other.tokenType;
this.keySize = other.keySize;
this.useStrTransform = other.useStrTransform;
foreach (XmlNode requestParameter in other.additionalRequestParameters)
{
this.additionalRequestParameters.Add((XmlElement)requestParameter.Clone());
}
foreach (ClaimTypeRequirement claimTypeRequirement in other.claimTypeRequirements)
{
this.claimTypeRequirements.Add(claimTypeRequirement);
}
if (other.issuerBinding != null)
{
this.issuerBinding = (Binding) new CustomBinding(other.issuerBinding);
}
this.issuerMetadataAddress = other.issuerMetadataAddress;
}
protected IssuedSecurityTokenParameters(IssuedSecurityTokenParameters other) : base(other)
{
this.additionalRequestParameters = new Collection <XmlElement>();
this.alternativeIssuerEndpoints = new Collection <AlternativeIssuerEndpoint>();
this.claimTypeRequirements = new Collection <ClaimTypeRequirement>();
this.defaultMessageSecurityVersion = other.defaultMessageSecurityVersion;
this.issuerAddress = other.issuerAddress;
this.keyType = other.keyType;
this.tokenType = other.tokenType;
this.keySize = other.keySize;
foreach (XmlElement element in other.additionalRequestParameters)
{
this.additionalRequestParameters.Add((XmlElement)element.Clone());
}
foreach (ClaimTypeRequirement requirement in other.claimTypeRequirements)
{
this.claimTypeRequirements.Add(requirement);
}
if (other.issuerBinding != null)
{
this.issuerBinding = new CustomBinding(other.issuerBinding);
}
this.issuerMetadataAddress = other.issuerMetadataAddress;
}
protected IssuedSecurityTokenParameters(IssuedSecurityTokenParameters other)
: base(other)
{
_defaultMessageSecurityVersion = other._defaultMessageSecurityVersion;
_issuerAddress = other._issuerAddress;
_keyType = other._keyType;
_tokenType = other._tokenType;
_keySize = other._keySize;
_useStrTransform = other._useStrTransform;
foreach (XmlElement parameter in other._additionalRequestParameters)
{
_additionalRequestParameters.Add((XmlElement)parameter.Clone());
}
foreach (ClaimTypeRequirement c in other._claimTypeRequirements)
{
_claimTypeRequirements.Add(c);
}
if (other._issuerBinding != null)
{
_issuerBinding = new CustomBinding(other._issuerBinding);
}
_issuerMetadataAddress = other._issuerMetadataAddress;
}
public virtual void OnOpen(TimeSpan timeout)
{
if (this.SecurityBindingElement == null)
{
this.OnPropertySettingsError("SecurityBindingElement", true);
}
if (this.SecurityTokenManager == null)
{
this.OnPropertySettingsError("SecurityTokenManager", true);
}
_messageSecurityVersion = _standardsManager.MessageSecurityVersion;
TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);
_expectOutgoingMessages = this.ActAsInitiator || this.SupportsRequestReply;
_expectIncomingMessages = !this.ActAsInitiator || this.SupportsRequestReply;
if (!_actAsInitiator)
{
AddSupportingTokenAuthenticators(_securityBindingElement.EndpointSupportingTokenParameters, false, (IList <SupportingTokenAuthenticatorSpecification>)_channelSupportingTokenAuthenticatorSpecification);
// validate the token authenticator types and create a merged map if needed.
if (!_channelSupportingTokenAuthenticatorSpecification.IsReadOnly)
{
if (_channelSupportingTokenAuthenticatorSpecification.Count == 0)
{
_channelSupportingTokenAuthenticatorSpecification = EmptyTokenAuthenticators;
}
else
{
_expectSupportingTokens = true;
foreach (SupportingTokenAuthenticatorSpecification tokenAuthenticatorSpec in _channelSupportingTokenAuthenticatorSpecification)
{
SecurityUtils.OpenTokenAuthenticatorIfRequired(tokenAuthenticatorSpec.TokenAuthenticator, timeoutHelper.RemainingTime());
if (tokenAuthenticatorSpec.SecurityTokenAttachmentMode == SecurityTokenAttachmentMode.Endorsing ||
tokenAuthenticatorSpec.SecurityTokenAttachmentMode == SecurityTokenAttachmentMode.SignedEndorsing)
{
if (tokenAuthenticatorSpec.TokenParameters.RequireDerivedKeys && !tokenAuthenticatorSpec.TokenParameters.HasAsymmetricKey)
{
_expectKeyDerivation = true;
}
}
SecurityTokenAttachmentMode mode = tokenAuthenticatorSpec.SecurityTokenAttachmentMode;
if (mode == SecurityTokenAttachmentMode.SignedEncrypted ||
mode == SecurityTokenAttachmentMode.Signed ||
mode == SecurityTokenAttachmentMode.SignedEndorsing)
{
_expectChannelSignedTokens = true;
if (mode == SecurityTokenAttachmentMode.SignedEncrypted)
{
_expectChannelBasicTokens = true;
}
}
if (mode == SecurityTokenAttachmentMode.Endorsing || mode == SecurityTokenAttachmentMode.SignedEndorsing)
{
_expectChannelEndorsingTokens = true;
}
}
_channelSupportingTokenAuthenticatorSpecification =
new ReadOnlyCollection <SupportingTokenAuthenticatorSpecification>((Collection <SupportingTokenAuthenticatorSpecification>)_channelSupportingTokenAuthenticatorSpecification);
}
}
VerifyTypeUniqueness(_channelSupportingTokenAuthenticatorSpecification);
MergeSupportingTokenAuthenticators(timeoutHelper.RemainingTime());
}
if (this.DetectReplays)
{
if (!this.SupportsReplayDetection)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("DetectReplays", SR.Format(SR.SecurityProtocolCannotDoReplayDetection, this));
}
if (this.MaxClockSkew == TimeSpan.MaxValue || this.ReplayWindow == TimeSpan.MaxValue)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.NoncesCachedInfinitely));
}
// If DetectReplays is true and nonceCache is null then use the default InMemoryNonceCache.
if (_nonceCache == null)
{
// The nonce needs to be cached for replayWindow + 2*clockSkew to eliminate replays
_nonceCache = new InMemoryNonceCache(this.ReplayWindow + this.MaxClockSkew + this.MaxClockSkew, this.MaxCachedNonces);
}
}
_derivedKeyTokenAuthenticator = new NonValidatingSecurityTokenAuthenticator <DerivedKeySecurityToken>();
}
public override bool IsSecurityVersionSupported(MessageSecurityVersion version)
{
return version == MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10 ||
version == MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12 ||
version == MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
}
public override bool IsSecurityVersionSupported(MessageSecurityVersion version)
{
return version == MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10 ||
version == MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11 ||
version == MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
}
public Collection<XmlElement> CreateRequestParameters (
MessageSecurityVersion messageSecurityVersion,
SecurityTokenSerializer securityTokenSerializer)
{
XmlDocument doc = new XmlDocument ();
Collection<XmlElement> ret = new Collection<XmlElement> ();
// KeyType
string keyTypeUri =
KeyType == SecurityKeyType.SymmetricKey ?
Constants.WstSymmetricKeyTypeUri :
Constants.WstAsymmetricKeyTypeUri;
XmlElement kt = doc.CreateElement ("t", "KeyType", Constants.WstNamespace);
kt.AppendChild (doc.CreateTextNode (keyTypeUri));
ret.Add (kt);
// ClaimTypes
XmlElement cts = doc.CreateElement ("t", "Claims", Constants.WstNamespace);
foreach (ClaimTypeRequirement req in ClaimTypeRequirements) {
XmlElement el = doc.CreateElement ("wsid", "ClaimType", Constants.WsidNamespace);
el.SetAttribute ("Uri", req.ClaimType);
if (req.IsOptional)
el.SetAttribute ("Optional", "true");
cts.AppendChild (el);
}
ret.Add (cts);
// Additional parameters
foreach (XmlElement el in AdditionalRequestParameters)
ret.Add (el);
return ret;
}
