protected virtual void ValidateIncomingBinaryNegotiation(BinaryNegotiation incomingNego)
{
if (incomingNego == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.NoBinaryNegoToReceive)));
}
incomingNego.Validate(this.NegotiationValueType);
}
protected override void ValidateIncomingBinaryNegotiation(BinaryNegotiation incomingNego)
{
if (((incomingNego != null) && (incomingNego.ValueTypeUri != this.NegotiationValueType.Value)) && (base.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005))
{
incomingNego.Validate(DXD.TrustDec2005Dictionary.TlsnegoValueTypeUri);
}
else
{
base.ValidateIncomingBinaryNegotiation(incomingNego);
}
}
internal void SetBinaryNegotiation(BinaryNegotiation negotiation)
{
if (negotiation == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("negotiation");
}
if (this.IsReadOnly)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ObjectIsReadOnly)));
}
this.negotiationData = negotiation;
}
protected override BodyWriter ProcessRequestSecurityToken(Message request, RequestSecurityToken requestSecurityToken, out SspiNegotiationTokenAuthenticatorState negotiationState)
{
if (request == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("request");
}
if (requestSecurityToken == null)
{
throw TraceUtility.ThrowHelperArgumentNull("requestSecurityToken", request);
}
if (requestSecurityToken.RequestType != null && requestSecurityToken.RequestType != this.StandardsManager.TrustDriver.RequestTypeIssue)
{
throw TraceUtility.ThrowHelperWarning(new SecurityNegotiationException(SR.GetString(SR.InvalidRstRequestType, requestSecurityToken.RequestType)), request);
}
BinaryNegotiation incomingNego = requestSecurityToken.GetBinaryNegotiation();
ValidateIncomingBinaryNegotiation(incomingNego);
negotiationState = CreateSspiState(incomingNego.GetNegotiationData(), incomingNego.ValueTypeUri);
AddToDigest(negotiationState, requestSecurityToken);
negotiationState.Context = requestSecurityToken.Context;
if (requestSecurityToken.KeySize != 0)
{
WSTrust.Driver.ValidateRequestedKeySize(requestSecurityToken.KeySize, this.SecurityAlgorithmSuite);
}
negotiationState.RequestedKeySize = requestSecurityToken.KeySize;
string appliesToName;
string appliesToNamespace;
requestSecurityToken.GetAppliesToQName(out appliesToName, out appliesToNamespace);
if (appliesToName == AddressingStrings.EndpointReference && appliesToNamespace == request.Version.Addressing.Namespace)
{
DataContractSerializer serializer;
if (request.Version.Addressing == AddressingVersion.WSAddressing10)
{
serializer = DataContractSerializerDefaults.CreateSerializer(typeof(EndpointAddress10), DataContractSerializerDefaults.MaxItemsInObjectGraph);
negotiationState.AppliesTo = requestSecurityToken.GetAppliesTo <EndpointAddress10>(serializer).ToEndpointAddress();
}
else if (request.Version.Addressing == AddressingVersion.WSAddressingAugust2004)
{
serializer = DataContractSerializerDefaults.CreateSerializer(typeof(EndpointAddressAugust2004), DataContractSerializerDefaults.MaxItemsInObjectGraph);
negotiationState.AppliesTo = requestSecurityToken.GetAppliesTo <EndpointAddressAugust2004>(serializer).ToEndpointAddress();
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(
new ProtocolException(SR.GetString(SR.AddressingVersionNotSupported, request.Version.Addressing)));
}
negotiationState.AppliesToSerializer = serializer;
}
return(ProcessNegotiation(negotiationState, request, incomingNego));
}
protected override void ValidateIncomingBinaryNegotiation(BinaryNegotiation incomingNego)
{
// Accept both strings for WSTrustFeb2005
if (incomingNego != null &&
incomingNego.ValueTypeUri != this.NegotiationValueType.Value &&
this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005)
{
incomingNego.Validate(DXD.TrustDec2005Dictionary.TlsnegoValueTypeUri);
}
else
{
base.ValidateIncomingBinaryNegotiation(incomingNego);
}
}
protected override BodyWriter ProcessRequestSecurityToken(Message request, RequestSecurityToken requestSecurityToken, out SspiNegotiationTokenAuthenticatorState negotiationState)
{
string str;
string str2;
if (request == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("request");
}
if (requestSecurityToken == null)
{
throw TraceUtility.ThrowHelperArgumentNull("requestSecurityToken", request);
}
if ((requestSecurityToken.RequestType != null) && (requestSecurityToken.RequestType != base.StandardsManager.TrustDriver.RequestTypeIssue))
{
throw TraceUtility.ThrowHelperWarning(new SecurityNegotiationException(System.ServiceModel.SR.GetString("InvalidRstRequestType", new object[] { requestSecurityToken.RequestType })), request);
}
BinaryNegotiation binaryNegotiation = requestSecurityToken.GetBinaryNegotiation();
this.ValidateIncomingBinaryNegotiation(binaryNegotiation);
negotiationState = this.CreateSspiState(binaryNegotiation.GetNegotiationData(), binaryNegotiation.ValueTypeUri);
AddToDigest(negotiationState, requestSecurityToken);
negotiationState.Context = requestSecurityToken.Context;
if (requestSecurityToken.KeySize != 0)
{
WSTrust.Driver.ValidateRequestedKeySize(requestSecurityToken.KeySize, base.SecurityAlgorithmSuite);
}
negotiationState.RequestedKeySize = requestSecurityToken.KeySize;
requestSecurityToken.GetAppliesToQName(out str, out str2);
if ((str == "EndpointReference") && (str2 == request.Version.Addressing.Namespace))
{
DataContractSerializer serializer;
if (request.Version.Addressing == AddressingVersion.WSAddressing10)
{
serializer = DataContractSerializerDefaults.CreateSerializer(typeof(EndpointAddress10), 0x10000);
negotiationState.AppliesTo = requestSecurityToken.GetAppliesTo <EndpointAddress10>(serializer).ToEndpointAddress();
}
else
{
if (request.Version.Addressing != AddressingVersion.WSAddressingAugust2004)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ProtocolException(System.ServiceModel.SR.GetString("AddressingVersionNotSupported", new object[] { request.Version.Addressing })));
}
serializer = DataContractSerializerDefaults.CreateSerializer(typeof(EndpointAddressAugust2004), 0x10000);
negotiationState.AppliesTo = requestSecurityToken.GetAppliesTo <EndpointAddressAugust2004>(serializer).ToEndpointAddress();
}
negotiationState.AppliesToSerializer = serializer;
}
return(this.ProcessNegotiation(negotiationState, request, binaryNegotiation));
}
protected override BodyWriter ProcessRequestSecurityTokenResponse(SspiNegotiationTokenAuthenticatorState negotiationState, Message request, RequestSecurityTokenResponse requestSecurityTokenResponse)
{
if (request == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("request");
}
if (requestSecurityTokenResponse == null)
{
throw TraceUtility.ThrowHelperArgumentNull("requestSecurityTokenResponse", request);
}
if (requestSecurityTokenResponse.Context != negotiationState.Context)
{
throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.BadSecurityNegotiationContext)), request);
}
AddToDigest(negotiationState, requestSecurityTokenResponse, true);
BinaryNegotiation incomingNego = requestSecurityTokenResponse.GetBinaryNegotiation();
ValidateIncomingBinaryNegotiation(incomingNego);
return(ProcessNegotiation(negotiationState, request, incomingNego));
}
protected override BodyWriter ProcessRequestSecurityTokenResponse(SspiNegotiationTokenAuthenticatorState negotiationState, Message request, RequestSecurityTokenResponse requestSecurityTokenResponse)
{
if (request == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("request");
}
if (requestSecurityTokenResponse == null)
{
throw TraceUtility.ThrowHelperArgumentNull("requestSecurityTokenResponse", request);
}
if (requestSecurityTokenResponse.Context != negotiationState.Context)
{
throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("BadSecurityNegotiationContext")), request);
}
AddToDigest(negotiationState, requestSecurityTokenResponse, true);
BinaryNegotiation binaryNegotiation = requestSecurityTokenResponse.GetBinaryNegotiation();
this.ValidateIncomingBinaryNegotiation(binaryNegotiation);
return(this.ProcessNegotiation(negotiationState, request, binaryNegotiation));
}
protected override void ValidateIncomingBinaryNegotiation(BinaryNegotiation incomingNego)
{
if (((incomingNego != null) && (incomingNego.ValueTypeUri != this.NegotiationValueType.Value)) && (base.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005))
{
incomingNego.Validate(DXD.TrustDec2005Dictionary.TlsnegoValueTypeUri);
}
else
{
base.ValidateIncomingBinaryNegotiation(incomingNego);
}
}
BodyWriter ProcessNegotiation(SspiNegotiationTokenAuthenticatorState negotiationState, Message incomingMessage, BinaryNegotiation incomingNego)
{
ISspiNegotiation sspiNegotiation = negotiationState.SspiNegotiation;
byte[] outgoingBlob = sspiNegotiation.GetOutgoingBlob(incomingNego.GetNegotiationData(),
SecurityUtils.GetChannelBindingFromMessage(incomingMessage),
this.extendedProtectionPolicy);
if (sspiNegotiation.IsValidContext == false)
{
throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.InvalidSspiNegotiation)), incomingMessage);
}
// if there is no blob to send back the nego must be complete from the server side
if (outgoingBlob == null && sspiNegotiation.IsCompleted == false)
{
throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.NoBinaryNegoToSend)), incomingMessage);
}
BinaryNegotiation outgoingBinaryNegotiation;
if (outgoingBlob != null)
{
outgoingBinaryNegotiation = GetOutgoingBinaryNegotiation(sspiNegotiation, outgoingBlob);
}
else
{
outgoingBinaryNegotiation = null;
}
BodyWriter replyBody;
if (sspiNegotiation.IsCompleted)
{
ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies = ValidateSspiNegotiation(sspiNegotiation);
SecurityContextSecurityToken serviceToken;
WrappedKeySecurityToken proofToken;
int issuedKeySize;
IssueServiceToken(negotiationState, authorizationPolicies, out serviceToken, out proofToken, out issuedKeySize);
negotiationState.SetServiceToken(serviceToken);
SecurityKeyIdentifierClause externalTokenReference = this.IssuedSecurityTokenParameters.CreateKeyIdentifierClause(serviceToken, SecurityTokenReferenceStyle.External);
SecurityKeyIdentifierClause internalTokenReference = this.IssuedSecurityTokenParameters.CreateKeyIdentifierClause(serviceToken, SecurityTokenReferenceStyle.Internal);
RequestSecurityTokenResponse dummyRstr = new RequestSecurityTokenResponse(this.StandardsManager);
dummyRstr.Context = negotiationState.Context;
dummyRstr.KeySize = issuedKeySize;
dummyRstr.TokenType = this.SecurityContextTokenUri;
if (outgoingBinaryNegotiation != null)
{
dummyRstr.SetBinaryNegotiation(outgoingBinaryNegotiation);
}
dummyRstr.RequestedUnattachedReference = externalTokenReference;
dummyRstr.RequestedAttachedReference = internalTokenReference;
dummyRstr.SetLifetime(serviceToken.ValidFrom, serviceToken.ValidTo);
if (negotiationState.AppliesTo != null)
{
if (incomingMessage.Version.Addressing == AddressingVersion.WSAddressing10)
{
dummyRstr.SetAppliesTo <EndpointAddress10>(EndpointAddress10.FromEndpointAddress(
negotiationState.AppliesTo),
negotiationState.AppliesToSerializer);
}
else if (incomingMessage.Version.Addressing == AddressingVersion.WSAddressingAugust2004)
{
dummyRstr.SetAppliesTo <EndpointAddressAugust2004>(EndpointAddressAugust2004.FromEndpointAddress(
negotiationState.AppliesTo),
negotiationState.AppliesToSerializer);
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(
new ProtocolException(SR.GetString(SR.AddressingVersionNotSupported, incomingMessage.Version.Addressing)));
}
}
dummyRstr.MakeReadOnly();
AddToDigest(negotiationState, dummyRstr, false);
RequestSecurityTokenResponse negotiationRstr = new RequestSecurityTokenResponse(this.StandardsManager);
negotiationRstr.RequestedSecurityToken = serviceToken;
negotiationRstr.RequestedProofToken = proofToken;
negotiationRstr.Context = negotiationState.Context;
negotiationRstr.KeySize = issuedKeySize;
negotiationRstr.TokenType = this.SecurityContextTokenUri;
if (outgoingBinaryNegotiation != null)
{
negotiationRstr.SetBinaryNegotiation(outgoingBinaryNegotiation);
}
negotiationRstr.RequestedAttachedReference = internalTokenReference;
negotiationRstr.RequestedUnattachedReference = externalTokenReference;
if (negotiationState.AppliesTo != null)
{
if (incomingMessage.Version.Addressing == AddressingVersion.WSAddressing10)
{
negotiationRstr.SetAppliesTo <EndpointAddress10>(
EndpointAddress10.FromEndpointAddress(negotiationState.AppliesTo),
negotiationState.AppliesToSerializer);
}
else if (incomingMessage.Version.Addressing == AddressingVersion.WSAddressingAugust2004)
{
negotiationRstr.SetAppliesTo <EndpointAddressAugust2004>(
EndpointAddressAugust2004.FromEndpointAddress(negotiationState.AppliesTo),
negotiationState.AppliesToSerializer);
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(
new ProtocolException(SR.GetString(SR.AddressingVersionNotSupported, incomingMessage.Version.Addressing)));
}
}
negotiationRstr.MakeReadOnly();
byte[] authenticator = ComputeAuthenticator(negotiationState, serviceToken.GetKeyBytes());
RequestSecurityTokenResponse authenticatorRstr = new RequestSecurityTokenResponse(this.StandardsManager);
authenticatorRstr.Context = negotiationState.Context;
authenticatorRstr.SetAuthenticator(authenticator);
authenticatorRstr.MakeReadOnly();
List <RequestSecurityTokenResponse> rstrList = new List <RequestSecurityTokenResponse>(2);
rstrList.Add(negotiationRstr);
rstrList.Add(authenticatorRstr);
replyBody = new RequestSecurityTokenResponseCollection(rstrList, this.StandardsManager);
}
else
{
RequestSecurityTokenResponse rstr = new RequestSecurityTokenResponse(this.StandardsManager);
rstr.Context = negotiationState.Context;
rstr.SetBinaryNegotiation(outgoingBinaryNegotiation);
rstr.MakeReadOnly();
AddToDigest(negotiationState, rstr, false);
replyBody = rstr;
}
return(replyBody);
}
protected override void ValidateIncomingBinaryNegotiation(BinaryNegotiation incomingNego)
{
// Accept both strings for WSTrustFeb2005
if (incomingNego != null &&
incomingNego.ValueTypeUri != this.NegotiationValueType.Value &&
this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005)
{
incomingNego.Validate(DXD.TrustDec2005Dictionary.TlsnegoValueTypeUri);
}
else
{
base.ValidateIncomingBinaryNegotiation(incomingNego);
}
}
private void ValidateIncomingBinaryNegotiation(BinaryNegotiation incomingNego)
{
incomingNego.Validate(this.NegotiationValueType);
}
protected override BodyWriter GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState)
{
byte[] negotiationData;
try
{
IssuanceTokenProviderBase <SspiNegotiationTokenProviderState> .ThrowIfFault(incomingMessage, base.TargetAddress);
}
catch (FaultException exception)
{
if (!exception.Code.IsSenderFault)
{
throw;
}
if (!(exception.Code.SubCode.Name == "FailedAuthentication") && !(exception.Code.SubCode.Name == "FailedAuthentication"))
{
throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("FailedSspiNegotiation"), exception), incomingMessage);
}
throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("AuthenticationOfClientFailed"), exception), incomingMessage);
}
RequestSecurityTokenResponse rstr = null;
RequestSecurityTokenResponse authenticatorRstr = null;
XmlDictionaryReader readerAtBodyContents = incomingMessage.GetReaderAtBodyContents();
using (readerAtBodyContents)
{
if (base.StandardsManager.TrustDriver.IsAtRequestSecurityTokenResponseCollection(readerAtBodyContents))
{
using (IEnumerator <RequestSecurityTokenResponse> enumerator = base.StandardsManager.TrustDriver.CreateRequestSecurityTokenResponseCollection(readerAtBodyContents).RstrCollection.GetEnumerator())
{
enumerator.MoveNext();
rstr = enumerator.Current;
if (enumerator.MoveNext())
{
authenticatorRstr = enumerator.Current;
}
}
if (authenticatorRstr == null)
{
throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("AuthenticatorNotPresentInRSTRCollection")), incomingMessage);
}
if (authenticatorRstr.Context != rstr.Context)
{
throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("RSTRAuthenticatorHasBadContext")), incomingMessage);
}
this.AddToDigest(sspiState, rstr, true, true);
}
else if (base.StandardsManager.TrustDriver.IsAtRequestSecurityTokenResponse(readerAtBodyContents))
{
rstr = RequestSecurityTokenResponse.CreateFrom(base.StandardsManager, readerAtBodyContents);
this.AddToDigest(sspiState, rstr, true, false);
}
else
{
base.StandardsManager.TrustDriver.OnRSTRorRSTRCMissingException();
}
incomingMessage.ReadFromBodyContentsToEnd(readerAtBodyContents);
}
if (rstr.Context != sspiState.Context)
{
throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("BadSecurityNegotiationContext")), incomingMessage);
}
BinaryNegotiation binaryNegotiation = rstr.GetBinaryNegotiation();
if (binaryNegotiation != null)
{
this.ValidateIncomingBinaryNegotiation(binaryNegotiation);
negotiationData = binaryNegotiation.GetNegotiationData();
}
else
{
negotiationData = null;
}
if ((negotiationData == null) && !sspiState.SspiNegotiation.IsCompleted)
{
throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("NoBinaryNegoToReceive")), incomingMessage);
}
if ((negotiationData == null) && sspiState.SspiNegotiation.IsCompleted)
{
this.OnNegotiationComplete(sspiState, rstr, authenticatorRstr);
return(null);
}
byte[] outgoingBlob = sspiState.SspiNegotiation.GetOutgoingBlob(negotiationData, System.ServiceModel.Security.SecurityUtils.GetChannelBindingFromMessage(incomingMessage), null);
if ((outgoingBlob == null) && !sspiState.SspiNegotiation.IsCompleted)
{
throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("NoBinaryNegoToSend")), incomingMessage);
}
if ((outgoingBlob == null) && sspiState.SspiNegotiation.IsCompleted)
{
this.OnNegotiationComplete(sspiState, rstr, authenticatorRstr);
return(null);
}
return(this.PrepareRstr(sspiState, outgoingBlob));
}
protected override BodyWriter GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState)
{
try
{
ThrowIfFault(incomingMessage, this.TargetAddress);
}
catch (FaultException fault)
{
if (fault.Code.IsSenderFault)
{
if (fault.Code.SubCode.Name == TrustApr2004Strings.FailedAuthenticationFaultCode || fault.Code.SubCode.Name == TrustFeb2005Strings.FailedAuthenticationFaultCode)
{
throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.AuthenticationOfClientFailed), fault), incomingMessage);
}
throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.FailedSspiNegotiation), fault), incomingMessage);
}
else
{
throw;
}
}
RequestSecurityTokenResponse negotiationRstr = null;
RequestSecurityTokenResponse authenticatorRstr = null;
XmlDictionaryReader bodyReader = incomingMessage.GetReaderAtBodyContents();
using (bodyReader)
{
if (this.StandardsManager.TrustDriver.IsAtRequestSecurityTokenResponseCollection(bodyReader))
{
RequestSecurityTokenResponseCollection rstrCollection = this.StandardsManager.TrustDriver.CreateRequestSecurityTokenResponseCollection(bodyReader);
using (IEnumerator <RequestSecurityTokenResponse> enumerator = rstrCollection.RstrCollection.GetEnumerator())
{
enumerator.MoveNext();
negotiationRstr = enumerator.Current;
if (enumerator.MoveNext())
{
authenticatorRstr = enumerator.Current;
}
}
if (authenticatorRstr == null)
{
throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.AuthenticatorNotPresentInRSTRCollection)), incomingMessage);
}
else if (authenticatorRstr.Context != negotiationRstr.Context)
{
throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.RSTRAuthenticatorHasBadContext)), incomingMessage);
}
AddToDigest(sspiState, negotiationRstr, true, true);
}
else if (this.StandardsManager.TrustDriver.IsAtRequestSecurityTokenResponse(bodyReader))
{
negotiationRstr = RequestSecurityTokenResponse.CreateFrom(this.StandardsManager, bodyReader);
AddToDigest(sspiState, negotiationRstr, true, false);
}
else
{
this.StandardsManager.TrustDriver.OnRSTRorRSTRCMissingException();
}
incomingMessage.ReadFromBodyContentsToEnd(bodyReader);
}
if (negotiationRstr.Context != sspiState.Context)
{
throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.BadSecurityNegotiationContext)), incomingMessage);
}
BinaryNegotiation incomingBinaryNego = negotiationRstr.GetBinaryNegotiation();
byte[] incomingBlob;
if (incomingBinaryNego != null)
{
ValidateIncomingBinaryNegotiation(incomingBinaryNego);
incomingBlob = incomingBinaryNego.GetNegotiationData();
}
else
{
incomingBlob = null;
}
BodyWriter nextMessageBody;
if (incomingBlob == null && sspiState.SspiNegotiation.IsCompleted == false)
{
throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.NoBinaryNegoToReceive)), incomingMessage);
}
else if (incomingBlob == null && sspiState.SspiNegotiation.IsCompleted == true)
{
// the incoming RSTR must have the negotiated token
OnNegotiationComplete(sspiState, negotiationRstr, authenticatorRstr);
nextMessageBody = null;
}
else
{
// we got an incoming blob. Process it and see if there is an outgoing blob
byte[] outgoingBlob = sspiState.SspiNegotiation.GetOutgoingBlob(incomingBlob,
SecurityUtils.GetChannelBindingFromMessage(incomingMessage),
null);
if (outgoingBlob == null && sspiState.SspiNegotiation.IsCompleted == false)
{
throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.NoBinaryNegoToSend)), incomingMessage);
}
else if (outgoingBlob == null && sspiState.SspiNegotiation.IsCompleted == true)
{
// the incoming RSTR had the last blob. It must have the token too
this.OnNegotiationComplete(sspiState, negotiationRstr, authenticatorRstr);
nextMessageBody = null;
}
else
{
nextMessageBody = PrepareRstr(sspiState, outgoingBlob);
}
}
return(nextMessageBody);
}
private BodyWriter ProcessNegotiation(SspiNegotiationTokenAuthenticatorState negotiationState, Message incomingMessage, BinaryNegotiation incomingNego)
{
BinaryNegotiation outgoingBinaryNegotiation;
ISspiNegotiation sspiNegotiation = negotiationState.SspiNegotiation;
byte[] outgoingBlob = sspiNegotiation.GetOutgoingBlob(incomingNego.GetNegotiationData(), System.ServiceModel.Security.SecurityUtils.GetChannelBindingFromMessage(incomingMessage), this.extendedProtectionPolicy);
if (!sspiNegotiation.IsValidContext)
{
throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("InvalidSspiNegotiation")), incomingMessage);
}
if ((outgoingBlob == null) && !sspiNegotiation.IsCompleted)
{
throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("NoBinaryNegoToSend")), incomingMessage);
}
if (outgoingBlob != null)
{
outgoingBinaryNegotiation = this.GetOutgoingBinaryNegotiation(sspiNegotiation, outgoingBlob);
}
else
{
outgoingBinaryNegotiation = null;
}
if (sspiNegotiation.IsCompleted)
{
SecurityContextSecurityToken token;
WrappedKeySecurityToken token2;
int num;
ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies = this.ValidateSspiNegotiation(sspiNegotiation);
this.IssueServiceToken(negotiationState, authorizationPolicies, out token, out token2, out num);
negotiationState.SetServiceToken(token);
SecurityKeyIdentifierClause clause = base.IssuedSecurityTokenParameters.CreateKeyIdentifierClause(token, SecurityTokenReferenceStyle.External);
SecurityKeyIdentifierClause clause2 = base.IssuedSecurityTokenParameters.CreateKeyIdentifierClause(token, SecurityTokenReferenceStyle.Internal);
RequestSecurityTokenResponse response = new RequestSecurityTokenResponse(base.StandardsManager)
{
Context = negotiationState.Context,
KeySize = num,
TokenType = base.SecurityContextTokenUri
};
if (outgoingBinaryNegotiation != null)
{
response.SetBinaryNegotiation(outgoingBinaryNegotiation);
}
response.RequestedUnattachedReference = clause;
response.RequestedAttachedReference = clause2;
response.SetLifetime(token.ValidFrom, token.ValidTo);
if (negotiationState.AppliesTo != null)
{
if (incomingMessage.Version.Addressing != AddressingVersion.WSAddressing10)
{
if (incomingMessage.Version.Addressing != AddressingVersion.WSAddressingAugust2004)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ProtocolException(System.ServiceModel.SR.GetString("AddressingVersionNotSupported", new object[] { incomingMessage.Version.Addressing })));
}
response.SetAppliesTo <EndpointAddressAugust2004>(EndpointAddressAugust2004.FromEndpointAddress(negotiationState.AppliesTo), negotiationState.AppliesToSerializer);
}
else
{
response.SetAppliesTo <EndpointAddress10>(EndpointAddress10.FromEndpointAddress(negotiationState.AppliesTo), negotiationState.AppliesToSerializer);
}
}
response.MakeReadOnly();
AddToDigest(negotiationState, response, false);
RequestSecurityTokenResponse response2 = new RequestSecurityTokenResponse(base.StandardsManager)
{
RequestedSecurityToken = token,
RequestedProofToken = token2,
Context = negotiationState.Context,
KeySize = num,
TokenType = base.SecurityContextTokenUri
};
if (outgoingBinaryNegotiation != null)
{
response2.SetBinaryNegotiation(outgoingBinaryNegotiation);
}
response2.RequestedAttachedReference = clause2;
response2.RequestedUnattachedReference = clause;
if (negotiationState.AppliesTo != null)
{
if (incomingMessage.Version.Addressing != AddressingVersion.WSAddressing10)
{
if (incomingMessage.Version.Addressing != AddressingVersion.WSAddressingAugust2004)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ProtocolException(System.ServiceModel.SR.GetString("AddressingVersionNotSupported", new object[] { incomingMessage.Version.Addressing })));
}
response2.SetAppliesTo <EndpointAddressAugust2004>(EndpointAddressAugust2004.FromEndpointAddress(negotiationState.AppliesTo), negotiationState.AppliesToSerializer);
}
else
{
response2.SetAppliesTo <EndpointAddress10>(EndpointAddress10.FromEndpointAddress(negotiationState.AppliesTo), negotiationState.AppliesToSerializer);
}
}
response2.MakeReadOnly();
byte[] authenticator = ComputeAuthenticator(negotiationState, token.GetKeyBytes());
RequestSecurityTokenResponse response3 = new RequestSecurityTokenResponse(base.StandardsManager)
{
Context = negotiationState.Context
};
response3.SetAuthenticator(authenticator);
response3.MakeReadOnly();
return(new RequestSecurityTokenResponseCollection(new List <RequestSecurityTokenResponse>(2)
{
response2, response3
}, base.StandardsManager));
}
RequestSecurityTokenResponse rstr = new RequestSecurityTokenResponse(base.StandardsManager)
{
Context = negotiationState.Context
};
rstr.SetBinaryNegotiation(outgoingBinaryNegotiation);
rstr.MakeReadOnly();
AddToDigest(negotiationState, rstr, false);
return(rstr);
}
