public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement)
{
ServiceModelSecurityTokenRequirement requirement = tokenRequirement as ServiceModelSecurityTokenRequirement;
if (requirement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenRequirement");
}
if (this.IsX509TokenRequirement(requirement))
{
X509CertificateValidator validator;
if (this.IsForConnectionValidator(requirement))
{
SecurityTokenProvider provider = null;
if (this.ssc != null)
{
provider = new X509SecurityTokenProvider(this.ssc.GetX509Certificate());
}
else if (this.delegateManager != null)
{
requirement.Properties[SecurityTokenRequirement.PeerAuthenticationMode] = SecurityMode.Transport;
requirement.TransportScheme = "net.p2p";
provider = this.delegateManager.CreateSecurityTokenProvider(tokenRequirement);
}
else if (this.credential.Certificate != null)
{
provider = new X509SecurityTokenProvider(this.credential.Certificate);
}
if ((provider == null) && (this.mode == PeerAuthenticationMode.Password))
{
this.ssc = this.parent.GetCertificate();
provider = new X509SecurityTokenProvider(this.ssc.GetX509Certificate());
}
return(provider);
}
if (this.delegateManager != null)
{
requirement.TransportScheme = "net.p2p";
requirement.Properties[SecurityTokenRequirement.PeerAuthenticationMode] = SecurityMode.Message;
return(this.delegateManager.CreateSecurityTokenProvider(tokenRequirement));
}
if (!this.credential.MessageSenderAuthentication.TryGetCertificateValidator(out validator))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("TokenType");
}
return(new PeerX509TokenProvider(validator, this.credential.Certificate));
}
if (!this.IsPasswordTokenRequirement(requirement))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("TokenType");
}
return(this.GetPasswordTokenProvider());
}
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver)
{
ServiceModelSecurityTokenRequirement requirement = tokenRequirement as ServiceModelSecurityTokenRequirement;
outOfBandTokenResolver = null;
if (requirement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenRequirement");
}
if (!this.IsX509TokenRequirement(requirement))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("tokenRequirement");
}
if ((this.mode == PeerAuthenticationMode.Password) && this.IsForConnectionValidator(requirement))
{
return(new X509SecurityTokenAuthenticator(X509CertificateValidator.None));
}
if (this.delegateManager != null)
{
if (this.IsForConnectionValidator(requirement))
{
requirement.TransportScheme = "net.p2p";
requirement.Properties[SecurityTokenRequirement.PeerAuthenticationMode] = SecurityMode.Transport;
}
else
{
requirement.TransportScheme = "net.p2p";
requirement.Properties[SecurityTokenRequirement.PeerAuthenticationMode] = SecurityMode.Message;
}
return(this.delegateManager.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver));
}
X509CertificateValidator none = null;
if (this.IsForConnectionValidator(requirement))
{
if (this.mode == PeerAuthenticationMode.MutualCertificate)
{
if (!this.credential.PeerAuthentication.TryGetCertificateValidator(out none))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(System.ServiceModel.SR.GetString("SecurityTokenManagerCannotCreateProviderForRequirement", new object[] { requirement })));
}
}
else
{
none = X509CertificateValidator.None;
}
}
else if (!this.credential.MessageSenderAuthentication.TryGetCertificateValidator(out none))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(System.ServiceModel.SR.GetString("SecurityTokenManagerCannotCreateProviderForRequirement", new object[] { requirement })));
}
return(new X509SecurityTokenAuthenticator(none));
}
private UserNameSecurityTokenProvider GetPasswordTokenProvider()
{
if (this.delegateManager == null)
{
return(new UserNameSecurityTokenProvider(string.Empty, this.credential.MeshPassword));
}
ServiceModelSecurityTokenRequirement tokenRequirement = CreateRequirement(SecurityTokenTypes.UserName);
UserNameSecurityTokenProvider provider = this.delegateManager.CreateSecurityTokenProvider(tokenRequirement) as UserNameSecurityTokenProvider;
if (provider == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(System.ServiceModel.SR.GetString("SecurityTokenManagerCannotCreateProviderForRequirement", new object[] { tokenRequirement })));
}
return(provider);
}
UserNameSecurityTokenProvider GetPasswordTokenProvider()
{
if (delegateManager != null)
{
ServiceModelSecurityTokenRequirement requirement = CreateRequirement(SecurityTokenTypes.UserName);
UserNameSecurityTokenProvider tokenProvider = delegateManager.CreateSecurityTokenProvider(requirement) as UserNameSecurityTokenProvider;
if (tokenProvider == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.SecurityTokenManagerCannotCreateProviderForRequirement, requirement)));
}
return(tokenProvider);
}
else
{
return(new UserNameSecurityTokenProvider(string.Empty, credential.MeshPassword));
}
}
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver)
{
ServiceModelSecurityTokenRequirement requirement = tokenRequirement as ServiceModelSecurityTokenRequirement;
outOfBandTokenResolver = null;
if (requirement != null)
{
if (IsX509TokenRequirement(requirement))
{
if (mode == PeerAuthenticationMode.Password && IsForConnectionValidator(requirement))
{
return(new X509SecurityTokenAuthenticator(X509CertificateValidator.None));
}
if (delegateManager != null)
{
if (IsForConnectionValidator(requirement))
{
requirement.TransportScheme = PeerStrings.Scheme;
requirement.Properties[SecurityTokenRequirement.PeerAuthenticationMode] = SecurityMode.Transport;
}
else
{
requirement.TransportScheme = PeerStrings.Scheme;
requirement.Properties[SecurityTokenRequirement.PeerAuthenticationMode] = SecurityMode.Message;
}
return(delegateManager.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver));
}
else
{
X509CertificateValidator validator = null;
if (IsForConnectionValidator(requirement))
{
if (this.mode == PeerAuthenticationMode.MutualCertificate)
{
if (!this.credential.PeerAuthentication.TryGetCertificateValidator(out validator))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.SecurityTokenManagerCannotCreateProviderForRequirement, requirement)));
}
}
else
{
validator = X509CertificateValidator.None;
}
}
else
{
if (!this.credential.MessageSenderAuthentication.TryGetCertificateValidator(out validator))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.SecurityTokenManagerCannotCreateProviderForRequirement, requirement)));
}
}
return(new X509SecurityTokenAuthenticator(validator));
}
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("tokenRequirement");
}
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenRequirement");
}
}
bool IsForConnectionValidator(ServiceModelSecurityTokenRequirement requirement)
{
return(requirement.TransportScheme == "net.tcp" && requirement.SecurityBindingElement == null && requirement.MessageSecurityVersion == null);
}
bool IsX509TokenRequirement(ServiceModelSecurityTokenRequirement requirement)
{
return(requirement != null && requirement.TokenType == SecurityTokenTypes.X509Certificate);
}
bool IsPasswordTokenRequirement(ServiceModelSecurityTokenRequirement requirement)
{
return((requirement != null) && (requirement.TokenType == SecurityTokenTypes.UserName));
}
