public SslStreamSecurityUpgradeInitiator(SslStreamSecurityUpgradeProvider parent, EndpointAddress remoteAddress, Uri via) : base("application/ssl-tls", remoteAddress, via)
{
SecurityTokenResolver resolver;
this.parent = parent;
InitiatorServiceModelSecurityTokenRequirement tokenRequirement = new InitiatorServiceModelSecurityTokenRequirement {
TokenType = SecurityTokenTypes.X509Certificate,
RequireCryptographicToken = true,
KeyUsage = SecurityKeyUsage.Exchange,
TargetAddress = remoteAddress,
Via = via,
TransportScheme = this.parent.Scheme
};
this.serverCertificateAuthenticator = parent.ClientSecurityTokenManager.CreateSecurityTokenAuthenticator(tokenRequirement, out resolver);
if (parent.RequireClientCertificate)
{
InitiatorServiceModelSecurityTokenRequirement requirement2 = new InitiatorServiceModelSecurityTokenRequirement {
TokenType = SecurityTokenTypes.X509Certificate,
RequireCryptographicToken = true,
KeyUsage = SecurityKeyUsage.Signature,
TargetAddress = remoteAddress,
Via = via,
TransportScheme = this.parent.Scheme
};
this.clientCertificateProvider = parent.ClientSecurityTokenManager.CreateSecurityTokenProvider(requirement2);
if (this.clientCertificateProvider == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("ClientCredentialsUnableToCreateLocalTokenProvider", new object[] { requirement2 })));
}
}
}
public SecurityTokenProviderContainer(SecurityTokenProvider tokenProvider)
{
if (tokenProvider == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenProvider");
}
this.tokenProvider = tokenProvider;
}
public ProviderBackedSecurityToken(SecurityTokenProvider tokenProvider, TimeSpan timeout)
{
if (tokenProvider == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("tokenProvider"));
}
this._tokenProvider = tokenProvider;
this._timeout = timeout;
}
public SupportingTokenProviderSpecification(SecurityTokenProvider tokenProvider, SecurityTokenAttachmentMode attachmentMode, SecurityTokenParameters tokenParameters)
{
if (tokenProvider == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenProvider");
}
SecurityTokenAttachmentModeHelper.Validate(attachmentMode);
if (tokenParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenParameters");
}
_tokenProvider = tokenProvider;
_tokenAttachmentMode = attachmentMode;
_tokenParameters = tokenParameters;
}
public override void OnAbort()
{
if (this.serverTokenProvider != null)
{
System.ServiceModel.Security.SecurityUtils.AbortTokenProviderIfRequired(this.serverTokenProvider);
this.serverTokenProvider = null;
}
if (this.clientTokenAuthenticator != null)
{
System.ServiceModel.Security.SecurityUtils.AbortTokenAuthenticatorIfRequired(this.clientTokenAuthenticator);
this.clientTokenAuthenticator = null;
}
if (this.serverToken != null)
{
this.serverToken = null;
}
base.OnAbort();
}
public override void OnClose(TimeSpan timeout)
{
TimeoutHelper helper = new TimeoutHelper(timeout);
if (this.serverTokenProvider != null)
{
System.ServiceModel.Security.SecurityUtils.CloseTokenProviderIfRequired(this.serverTokenProvider, helper.RemainingTime());
this.serverTokenProvider = null;
}
if (this.clientTokenAuthenticator != null)
{
System.ServiceModel.Security.SecurityUtils.CloseTokenAuthenticatorIfRequired(this.clientTokenAuthenticator, helper.RemainingTime());
this.clientTokenAuthenticator = null;
}
if (this.serverToken != null)
{
this.serverToken = null;
}
base.OnClose(helper.RemainingTime());
}
public override void OnOpen(TimeSpan timeout)
{
TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);
base.OnOpen(timeoutHelper.RemainingTime());
if (this.Factory.ActAsInitiator)
{
if (this.Factory.ApplyIntegrity)
{
InitiatorServiceModelSecurityTokenRequirement requirement = CreateInitiatorSecurityTokenRequirement();
this.Factory.CryptoTokenParameters.InitializeSecurityTokenRequirement(requirement);
requirement.KeyUsage = SecurityKeyUsage.Signature;
requirement.Properties[ServiceModelSecurityTokenRequirement.MessageDirectionProperty] = MessageDirection.Output;
this.initiatorCryptoTokenProvider = this.Factory.SecurityTokenManager.CreateSecurityTokenProvider(requirement);
SecurityUtils.OpenTokenProviderIfRequired(this.initiatorCryptoTokenProvider, timeoutHelper.RemainingTime());
}
if (this.Factory.RequireIntegrity || this.Factory.ApplyConfidentiality)
{
InitiatorServiceModelSecurityTokenRequirement providerRequirement = CreateInitiatorSecurityTokenRequirement();
this.Factory.AsymmetricTokenParameters.InitializeSecurityTokenRequirement(providerRequirement);
providerRequirement.KeyUsage = SecurityKeyUsage.Exchange;
providerRequirement.Properties[ServiceModelSecurityTokenRequirement.MessageDirectionProperty] = (this.Factory.ApplyConfidentiality) ? MessageDirection.Output : MessageDirection.Input;
this.initiatorAsymmetricTokenProvider = this.Factory.SecurityTokenManager.CreateSecurityTokenProvider(providerRequirement);
SecurityUtils.OpenTokenProviderIfRequired(this.initiatorAsymmetricTokenProvider, timeoutHelper.RemainingTime());
InitiatorServiceModelSecurityTokenRequirement authenticatorRequirement = CreateInitiatorSecurityTokenRequirement();
this.Factory.AsymmetricTokenParameters.InitializeSecurityTokenRequirement(authenticatorRequirement);
authenticatorRequirement.IsOutOfBandToken = !this.Factory.AllowSerializedSigningTokenOnReply;
authenticatorRequirement.KeyUsage = SecurityKeyUsage.Exchange;
authenticatorRequirement.Properties[ServiceModelSecurityTokenRequirement.MessageDirectionProperty] = (this.Factory.ApplyConfidentiality) ? MessageDirection.Output : MessageDirection.Input;
// Create authenticator (we dont support out of band resolvers on the client side
SecurityTokenResolver outOfBandTokenResolver;
this.initiatorAsymmetricTokenAuthenticator = this.Factory.SecurityTokenManager.CreateSecurityTokenAuthenticator(authenticatorRequirement, out outOfBandTokenResolver);
SecurityUtils.OpenTokenAuthenticatorIfRequired(this.initiatorAsymmetricTokenAuthenticator, timeoutHelper.RemainingTime());
}
}
}
public GetTwoTokensAndSetUpSecurityAsyncResult(Message m, MessageSecurityProtocol binding,
SecurityTokenProvider primaryProvider, SecurityTokenProvider secondaryProvider, bool doIdentityChecks, SecurityTokenAuthenticator identityCheckAuthenticator,
SecurityProtocolCorrelationState oldCorrelationState,
TimeSpan timeout,
AsyncCallback callback, object state)
: base(m, binding, timeout, callback, state)
{
this.message = m;
this.binding = binding;
this.primaryProvider = primaryProvider;
this.secondaryProvider = secondaryProvider;
this.doIdentityChecks = doIdentityChecks;
this.identityCheckAuthenticator = identityCheckAuthenticator;
this.oldCorrelationState = oldCorrelationState;
}
protected SecurityToken GetTokenAndEnsureOutgoingIdentity(SecurityTokenProvider provider, bool isEncryptionOn, TimeSpan timeout, SecurityTokenAuthenticator authenticator)
{
SecurityToken token = GetToken(provider, this.Target, timeout);
if (isEncryptionOn)
{
EnsureOutgoingIdentity(token, authenticator);
}
return token;
}
public SecureOutgoingMessageAsyncResult(Message m, SymmetricSecurityProtocol binding, SecurityTokenProvider provider, bool doIdentityChecks, SecurityTokenAuthenticator identityCheckAuthenticator, SecurityProtocolCorrelationState correlationState, TimeSpan timeout, AsyncCallback callback, object state) : base(m, binding, provider, doIdentityChecks, identityCheckAuthenticator, correlationState, timeout, callback, state)
{
this.symmetricBinding = binding;
base.Start();
}
public override void OnOpen(TimeSpan timeout)
{
TimeoutHelper helper = new TimeoutHelper(timeout);
base.OnOpen(helper.RemainingTime());
if (this.Factory.ActAsInitiator)
{
SecurityTokenResolver resolver;
InitiatorServiceModelSecurityTokenRequirement tokenRequirement = this.CreateInitiatorTokenRequirement();
SecurityTokenProvider tokenProvider = this.Factory.SecurityTokenManager.CreateSecurityTokenProvider(tokenRequirement);
System.ServiceModel.Security.SecurityUtils.OpenTokenProviderIfRequired(tokenProvider, helper.RemainingTime());
if (this.Factory.SecurityTokenParameters.HasAsymmetricKey)
{
this.initiatorAsymmetricTokenProvider = tokenProvider;
}
else
{
this.initiatorSymmetricTokenProvider = tokenProvider;
}
InitiatorServiceModelSecurityTokenRequirement requirement2 = this.CreateInitiatorTokenRequirement();
this.initiatorTokenAuthenticator = this.Factory.SecurityTokenManager.CreateSecurityTokenAuthenticator(requirement2, out resolver);
System.ServiceModel.Security.SecurityUtils.OpenTokenAuthenticatorIfRequired(this.initiatorTokenAuthenticator, helper.RemainingTime());
}
}
public override void OnOpen(TimeSpan timeout)
{
TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);
base.OnOpen(timeoutHelper.RemainingTime());
if (this.Factory.ActAsInitiator)
{
// 1. Create a token requirement for the provider
InitiatorServiceModelSecurityTokenRequirement tokenProviderRequirement = CreateInitiatorTokenRequirement();
// 2. Create a provider
SecurityTokenProvider tokenProvider = this.Factory.SecurityTokenManager.CreateSecurityTokenProvider(tokenProviderRequirement);
SecurityUtils.OpenTokenProviderIfRequired(tokenProvider, timeoutHelper.RemainingTime());
if (this.Factory.SecurityTokenParameters.HasAsymmetricKey)
{
this.initiatorAsymmetricTokenProvider = tokenProvider;
}
else
{
this.initiatorSymmetricTokenProvider = tokenProvider;
}
// 3. Create a token requirement for authenticator
InitiatorServiceModelSecurityTokenRequirement tokenAuthenticatorRequirement = CreateInitiatorTokenRequirement();
// 4. Create authenticator (we dont support out of band resolvers on the client side
SecurityTokenResolver outOfBandTokenResolver;
this.initiatorTokenAuthenticator = this.Factory.SecurityTokenManager.CreateSecurityTokenAuthenticator(tokenAuthenticatorRequirement, out outOfBandTokenResolver);
SecurityUtils.OpenTokenAuthenticatorIfRequired(this.initiatorTokenAuthenticator, timeoutHelper.RemainingTime());
}
}
internal static SecurityToken GetToken(SecurityTokenProvider provider, EndpointAddress target, TimeSpan timeout)
{
if (provider == null)
{
// should this be an ArgumentNullException ?
// throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("provider"));
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.TokenProviderCannotGetTokensForTarget, target)));
}
SecurityToken token = null;
try
{
token = provider.GetToken(timeout);
}
catch (SecurityTokenException exception)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.TokenProviderCannotGetTokensForTarget, target), exception));
}
catch (SecurityNegotiationException sne)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.TokenProviderCannotGetTokensForTarget, target), sne));
}
return token;
}
internal static SecurityToken GetToken(SecurityTokenProvider provider, EndpointAddress target, TimeSpan timeout)
{
if (provider == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("TokenProviderCannotGetTokensForTarget", new object[] { target })));
}
SecurityToken token = null;
try
{
token = provider.GetToken(timeout);
}
catch (SecurityTokenException exception)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("TokenProviderCannotGetTokensForTarget", new object[] { target }), exception));
}
catch (SecurityNegotiationException exception2)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("TokenProviderCannotGetTokensForTarget", new object[] { target }), exception2));
}
return token;
}
bool CardSpaceTryCreateSecurityTokenProviderStub(SecurityTokenRequirement tokenRequirement, ClientCredentialsSecurityTokenManager clientCredentialsTokenManager, out SecurityTokenProvider provider)
{
return InfoCardHelper.TryCreateSecurityTokenProvider(tokenRequirement, clientCredentialsTokenManager, out provider);
}
void AddSupportingTokenProviders(SupportingTokenParameters supportingTokenParameters, bool isOptional, IList <SupportingTokenProviderSpecification> providerSpecList)
{
for (int i = 0; i < supportingTokenParameters.Endorsing.Count; ++i)
{
SecurityTokenRequirement requirement = this.CreateInitiatorSecurityTokenRequirement(supportingTokenParameters.Endorsing[i], SecurityTokenAttachmentMode.Endorsing);
try
{
if (isOptional)
{
requirement.IsOptionalToken = true;
}
System.IdentityModel.Selectors.SecurityTokenProvider provider = this.factory.SecurityTokenManager.CreateSecurityTokenProvider(requirement);
if (provider == null)
{
continue;
}
SupportingTokenProviderSpecification providerSpec = new SupportingTokenProviderSpecification(provider, SecurityTokenAttachmentMode.Endorsing, supportingTokenParameters.Endorsing[i]);
providerSpecList.Add(providerSpec);
}
catch (Exception e)
{
if (!isOptional || Fx.IsFatal(e))
{
throw;
}
}
}
for (int i = 0; i < supportingTokenParameters.SignedEndorsing.Count; ++i)
{
SecurityTokenRequirement requirement = this.CreateInitiatorSecurityTokenRequirement(supportingTokenParameters.SignedEndorsing[i], SecurityTokenAttachmentMode.SignedEndorsing);
try
{
if (isOptional)
{
requirement.IsOptionalToken = true;
}
System.IdentityModel.Selectors.SecurityTokenProvider provider = this.factory.SecurityTokenManager.CreateSecurityTokenProvider(requirement);
if (provider == null)
{
continue;
}
SupportingTokenProviderSpecification providerSpec = new SupportingTokenProviderSpecification(provider, SecurityTokenAttachmentMode.SignedEndorsing, supportingTokenParameters.SignedEndorsing[i]);
providerSpecList.Add(providerSpec);
}
catch (Exception e)
{
if (!isOptional || Fx.IsFatal(e))
{
throw;
}
}
}
for (int i = 0; i < supportingTokenParameters.SignedEncrypted.Count; ++i)
{
SecurityTokenRequirement requirement = this.CreateInitiatorSecurityTokenRequirement(supportingTokenParameters.SignedEncrypted[i], SecurityTokenAttachmentMode.SignedEncrypted);
try
{
if (isOptional)
{
requirement.IsOptionalToken = true;
}
System.IdentityModel.Selectors.SecurityTokenProvider provider = this.factory.SecurityTokenManager.CreateSecurityTokenProvider(requirement);
if (provider == null)
{
continue;
}
SupportingTokenProviderSpecification providerSpec = new SupportingTokenProviderSpecification(provider, SecurityTokenAttachmentMode.SignedEncrypted, supportingTokenParameters.SignedEncrypted[i]);
providerSpecList.Add(providerSpec);
}
catch (Exception e)
{
if (!isOptional || Fx.IsFatal(e))
{
throw;
}
}
}
for (int i = 0; i < supportingTokenParameters.Signed.Count; ++i)
{
SecurityTokenRequirement requirement = this.CreateInitiatorSecurityTokenRequirement(supportingTokenParameters.Signed[i], SecurityTokenAttachmentMode.Signed);
try
{
if (isOptional)
{
requirement.IsOptionalToken = true;
}
System.IdentityModel.Selectors.SecurityTokenProvider provider = this.factory.SecurityTokenManager.CreateSecurityTokenProvider(requirement);
if (provider == null)
{
continue;
}
SupportingTokenProviderSpecification providerSpec = new SupportingTokenProviderSpecification(provider, SecurityTokenAttachmentMode.Signed, supportingTokenParameters.Signed[i]);
providerSpecList.Add(providerSpec);
}
catch (Exception e)
{
if (!isOptional || Fx.IsFatal(e))
{
throw;
}
}
}
}
