protected override IChannelFactory <IAsyncRequestChannel> GetNegotiationChannelFactory(IChannelFactory <IAsyncRequestChannel> transportChannelFactory, ChannelBuilder channelBuilder)
{
ISecurityCapabilities securityCapabilities = _bootstrapSecurityBindingElement.GetProperty <ISecurityCapabilities>(IssuerBindingContext);
SecurityCredentialsManager securityCredentials = IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>();
if (securityCredentials == null)
{
securityCredentials = ClientCredentials.CreateDefaultCredentials();
}
_bootstrapSecurityBindingElement.ReaderQuotas = IssuerBindingContext.GetInnerProperty <XmlDictionaryReaderQuotas>();
if (_bootstrapSecurityBindingElement.ReaderQuotas == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.EncodingBindingElementDoesNotHandleReaderQuotas));
}
TransportBindingElement transportBindingElement = IssuerBindingContext.RemainingBindingElements.Find <TransportBindingElement>();
if (transportBindingElement != null)
{
_bootstrapSecurityBindingElement.MaxReceivedMessageSize = transportBindingElement.MaxReceivedMessageSize;
}
SecurityProtocolFactory securityProtocolFactory = _bootstrapSecurityBindingElement.CreateSecurityProtocolFactory <IAsyncRequestChannel>(IssuerBindingContext.Clone(), securityCredentials, false, IssuerBindingContext.Clone());
return(new SecurityChannelFactory <IAsyncRequestChannel>(
securityCapabilities, IssuerBindingContext, channelBuilder, securityProtocolFactory, transportChannelFactory));
}
internal SecurityProtocolFactory(SecurityProtocolFactory factory)
: this()
{
if (factory == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("factory");
}
this.actAsInitiator = factory.actAsInitiator;
this.addTimestamp = factory.addTimestamp;
this.detectReplays = factory.detectReplays;
this.incomingAlgorithmSuite = factory.incomingAlgorithmSuite;
this.maxCachedNonces = factory.maxCachedNonces;
this.maxClockSkew = factory.maxClockSkew;
this.outgoingAlgorithmSuite = factory.outgoingAlgorithmSuite;
this.replayWindow = factory.replayWindow;
// this.channelSupportingTokenAuthenticatorSpecification = (ICollection<SupportingTokenAuthenticatorSpecification>) new Collection<SupportingTokenAuthenticatorSpecification>((IList<SupportingTokenAuthenticatorSpecification>) new List<SupportingTokenAuthenticatorSpecification>((IEnumerable<SupportingTokenAuthenticatorSpecification>) factory.channelSupportingTokenAuthenticatorSpecification));
// this.scopedSupportingTokenAuthenticatorSpecification = new Dictionary<string, ICollection<SupportingTokenAuthenticatorSpecification>>((IDictionary<string, ICollection<SupportingTokenAuthenticatorSpecification>>) factory.scopedSupportingTokenAuthenticatorSpecification);
this.standardsManager = factory.standardsManager;
// this.timestampValidityDuration = factory.timestampValidityDuration;
// this.auditLogLocation = factory.auditLogLocation;
// this.suppressAuditFailure = factory.suppressAuditFailure;
// this.serviceAuthorizationAuditLevel = factory.serviceAuthorizationAuditLevel;
// this.messageAuthenticationAuditLevel = factory.messageAuthenticationAuditLevel;
if (factory.securityBindingElement != null)
{
this.securityBindingElement = (SecurityBindingElement)factory.securityBindingElement.Clone();
}
this.securityTokenManager = factory.securityTokenManager;
this.privacyNoticeUri = factory.privacyNoticeUri;
this.privacyNoticeVersion = factory.privacyNoticeVersion;
// this.endpointFilterTable = factory.endpointFilterTable;
this.extendedProtectionPolicy = factory.extendedProtectionPolicy;
this.nonceCache = factory.nonceCache;
}
protected SecurityProtocol(SecurityProtocolFactory factory, EndpointAddress target, Uri via)
{
SecurityProtocolFactory = factory;
Target = target;
Via = via;
CommunicationObject = new WrapperSecurityCommunicationObject(this);
}
protected ClientSecurityChannel(ChannelManagerBase factory, System.ServiceModel.Security.SecurityProtocolFactory securityProtocolFactory, UChannel innerChannel, EndpointAddress to, Uri via) : base(factory, innerChannel)
{
this.to = to;
this.via = via;
this.securityProtocolFactory = securityProtocolFactory;
this.channelParameters = new ChannelParameterCollection(this);
}
internal SecurityProtocolFactory(SecurityProtocolFactory factory)
: this()
{
if (factory == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("factory");
}
_actAsInitiator = factory._actAsInitiator;
_addTimestamp = factory._addTimestamp;
_detectReplays = factory._detectReplays;
_incomingAlgorithmSuite = factory._incomingAlgorithmSuite;
_maxCachedNonces = factory._maxCachedNonces;
_maxClockSkew = factory._maxClockSkew;
_outgoingAlgorithmSuite = factory._outgoingAlgorithmSuite;
_replayWindow = factory._replayWindow;
_channelSupportingTokenAuthenticatorSpecification = new Collection <SupportingTokenAuthenticatorSpecification>(new List <SupportingTokenAuthenticatorSpecification>(factory._channelSupportingTokenAuthenticatorSpecification));
_scopedSupportingTokenAuthenticatorSpecification = new Dictionary <string, ICollection <SupportingTokenAuthenticatorSpecification> >(factory._scopedSupportingTokenAuthenticatorSpecification);
_standardsManager = factory._standardsManager;
_timestampValidityDuration = factory._timestampValidityDuration;
_auditLogLocation = factory._auditLogLocation;
_suppressAuditFailure = factory._suppressAuditFailure;
_serviceAuthorizationAuditLevel = factory._serviceAuthorizationAuditLevel;
_messageAuthenticationAuditLevel = factory._messageAuthenticationAuditLevel;
if (factory._securityBindingElement != null)
{
_securityBindingElement = (SecurityBindingElement)factory._securityBindingElement.Clone();
}
_securityTokenManager = factory._securityTokenManager;
_privacyNoticeUri = factory._privacyNoticeUri;
_privacyNoticeVersion = factory._privacyNoticeVersion;
_extendedProtectionPolicy = factory._extendedProtectionPolicy;
_nonceCache = factory._nonceCache;
}
public SecurityListenerSettingsLifetimeManager(SecurityProtocolFactory securityProtocolFactory, SecuritySessionServerSettings sessionSettings, bool sessionMode, IChannelListener innerListener)
{
this.securityProtocolFactory = securityProtocolFactory;
this.sessionSettings = sessionSettings;
this.sessionMode = sessionMode;
this.innerListener = innerListener;
this.referenceCount = 1;
}
private void CloseProtocolFactory(bool aborted, TimeSpan timeout)
{
if ((this.securityProtocolFactory != null) && !this.SessionMode)
{
this.securityProtocolFactory.Close(aborted, timeout);
this.securityProtocolFactory = null;
}
}
public SecurityListenerSettingsLifetimeManager(SecurityProtocolFactory securityProtocolFactory, SecuritySessionServerSettings sessionSettings, bool sessionMode, IChannelListener innerListener)
{
this.securityProtocolFactory = securityProtocolFactory;
this.sessionSettings = sessionSettings;
this.sessionMode = sessionMode;
this.innerListener = innerListener;
// have a reference right from the start so that the state can be aborted before open
referenceCount = 1;
}
protected override SecurityProtocol OnCreateSecurityProtocol(EndpointAddress target, Uri via, object listenerSecurityState, TimeSpan timeout)
{
SecurityProtocolFactory protocolFactoryForOutgoingMessages = this.ProtocolFactoryForOutgoingMessages;
SecurityProtocolFactory protocolFactoryForIncomingMessages = this.ProtocolFactoryForIncomingMessages;
TimeoutHelper helper = new TimeoutHelper(timeout);
SecurityProtocol outgoingProtocol = (protocolFactoryForOutgoingMessages == null) ? null : protocolFactoryForOutgoingMessages.CreateSecurityProtocol(target, via, listenerSecurityState, false, helper.RemainingTime());
return(new DuplexSecurityProtocol(outgoingProtocol, (protocolFactoryForIncomingMessages == null) ? null : protocolFactoryForIncomingMessages.CreateSecurityProtocol(null, null, listenerSecurityState, false, helper.RemainingTime())));
}
protected override SecurityProtocol OnCreateSecurityProtocol(EndpointAddress target, Uri via, object listenerSecurityState, TimeSpan timeout)
{
SecurityProtocolFactory outgoingFactory = this.ProtocolFactoryForOutgoingMessages;
SecurityProtocolFactory incomingFactory = this.ProtocolFactoryForIncomingMessages;
TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);
SecurityProtocol outgoing = outgoingFactory == null ? null : outgoingFactory.CreateSecurityProtocol(target, via, listenerSecurityState, false, timeoutHelper.RemainingTime());
SecurityProtocol incoming = incomingFactory == null ? null : incomingFactory.CreateSecurityProtocol(null, null, listenerSecurityState, false, timeoutHelper.RemainingTime());
return(new DuplexSecurityProtocol(outgoing, incoming));
}
public override EndpointIdentity GetIdentityOfSelf()
{
SecurityProtocolFactory protocolFactoryForIncomingMessages = this.ProtocolFactoryForIncomingMessages;
if (protocolFactoryForIncomingMessages != null)
{
return(protocolFactoryForIncomingMessages.GetIdentityOfSelf());
}
return(base.GetIdentityOfSelf());
}
void Open(SecurityProtocolFactory factory, bool actAsInitiator, string propertyName, TimeSpan timeout)
{
if (factory != null)
{
factory.Open(actAsInitiator, timeout);
}
else if (this.RequireSecurityOnBothDuplexDirections)
{
OnPropertySettingsError(propertyName, true);
}
}
public override EndpointIdentity GetIdentityOfSelf()
{
SecurityProtocolFactory factory = this.ProtocolFactoryForIncomingMessages;
if (factory != null)
{
return(factory.GetIdentityOfSelf());
}
else
{
return(base.GetIdentityOfSelf());
}
}
internal IChannelListener <TChannel> BuildNegotiationChannelListener <TChannel>(BindingContext context)
where TChannel : class, IChannel
{
SecurityCredentialsManager securityCredentials = this.IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>();
if (securityCredentials == null)
{
securityCredentials = ServiceCredentials.CreateDefaultCredentials();
}
this.bootstrapSecurityBindingElement.ReaderQuotas = context.GetInnerProperty <XmlDictionaryReaderQuotas>();
if (this.bootstrapSecurityBindingElement.ReaderQuotas == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.EncodingBindingElementDoesNotHandleReaderQuotas)));
}
TransportBindingElement transportBindingElement = context.RemainingBindingElements.Find <TransportBindingElement>();
if (transportBindingElement != null)
{
this.bootstrapSecurityBindingElement.MaxReceivedMessageSize = transportBindingElement.MaxReceivedMessageSize;
}
SecurityProtocolFactory securityProtocolFactory = this.bootstrapSecurityBindingElement.CreateSecurityProtocolFactory <TChannel>(this.IssuerBindingContext.Clone(), securityCredentials, true, this.IssuerBindingContext.Clone());
MessageSecurityProtocolFactory soapBindingFactory = securityProtocolFactory as MessageSecurityProtocolFactory;
if (soapBindingFactory != null)
{
soapBindingFactory.ApplyConfidentiality = soapBindingFactory.ApplyIntegrity
= soapBindingFactory.RequireConfidentiality = soapBindingFactory.RequireIntegrity = true;
MessagePartSpecification bodyPart = new MessagePartSpecification(true);
soapBindingFactory.ProtectionRequirements.OutgoingSignatureParts.AddParts(bodyPart, RequestSecurityTokenResponseAction);
soapBindingFactory.ProtectionRequirements.OutgoingEncryptionParts.AddParts(bodyPart, RequestSecurityTokenResponseAction);
soapBindingFactory.ProtectionRequirements.IncomingSignatureParts.AddParts(bodyPart, RequestSecurityTokenAction);
soapBindingFactory.ProtectionRequirements.IncomingEncryptionParts.AddParts(bodyPart, RequestSecurityTokenAction);
}
SecurityChannelListener <TChannel> securityChannelListener =
new SecurityChannelListener <TChannel>(this.bootstrapSecurityBindingElement, context);
securityChannelListener.SecurityProtocolFactory = securityProtocolFactory;
// do not send back unsecured faults over composite duplex
securityChannelListener.SendUnsecuredFaults = !SecurityUtils.IsCompositeDuplexBinding(context);
ChannelBuilder channelBuilder = new ChannelBuilder(context, true);
securityChannelListener.InitializeListener(channelBuilder);
this.shouldMatchRstWithEndpointFilter = SecurityUtils.ShouldMatchRstWithEndpointFilter(this.bootstrapSecurityBindingElement);
return(securityChannelListener);
}
internal bool TryGetSupportingTokens(SecurityProtocolFactory factory, EndpointAddress target, Uri via, Message message, TimeSpan timeout, bool isBlockingCall, out IList <SupportingTokenSpecification> supportingTokens)
{
if (!factory.ActAsInitiator)
{
supportingTokens = null;
return(true);
}
if (message == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("message");
}
TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);
supportingTokens = null;
IList <SupportingTokenProviderSpecification> supportingTokenProviders = this.GetSupportingTokenProviders(message.Headers.Action);
if (supportingTokenProviders != null && supportingTokenProviders.Count > 0)
{
// dont do anything if blocking is not allowed
if (!isBlockingCall)
{
return(false);
}
supportingTokens = new Collection <SupportingTokenSpecification>();
for (int i = 0; i < supportingTokenProviders.Count; ++i)
{
SupportingTokenProviderSpecification spec = supportingTokenProviders[i];
SecurityToken supportingToken;
// The ProviderBackedSecurityToken was added in Win7 to allow KerberosRequestorSecurity
// to pass a channel binding to InitializeSecurityContext.
if ((this is TransportSecurityProtocol) && (spec.TokenParameters is KerberosSecurityTokenParameters))
{
supportingToken = new ProviderBackedSecurityToken(spec.TokenProvider, timeoutHelper.RemainingTime());
}
else
{
supportingToken = spec.TokenProvider.GetToken(timeoutHelper.RemainingTime());
}
supportingTokens.Add(new SupportingTokenSpecification(supportingToken, EmptyReadOnlyCollection <IAuthorizationPolicy> .Instance, spec.SecurityTokenAttachmentMode, spec.TokenParameters));
}
}
// add any runtime supporting tokens
AddMessageSupportingTokens(message, ref supportingTokens);
return(true);
}
SendSecurityHeader CreateSendSecurityHeader(Message message, string actor, SecurityProtocolFactory factory, bool requireMessageProtection)
{
MessageDirection transferDirection = factory.ActAsInitiator ? MessageDirection.Input : MessageDirection.Output;
SendSecurityHeader sendSecurityHeader = factory.StandardsManager.CreateSendSecurityHeader(
message,
actor, true, false,
factory.OutgoingAlgorithmSuite, transferDirection);
sendSecurityHeader.Layout = factory.SecurityHeaderLayout;
sendSecurityHeader.RequireMessageProtection = requireMessageProtection;
SetSecurityHeaderId(sendSecurityHeader, message);
if (factory.AddTimestamp)
{
sendSecurityHeader.AddTimestamp(factory.TimestampValidityDuration);
}
sendSecurityHeader.StreamBufferManager = factory.StreamBufferManager;
return(sendSecurityHeader);
}
internal IChannelListener <TChannel> BuildNegotiationChannelListener <TChannel>(BindingContext context) where TChannel : class, IChannel
{
SecurityCredentialsManager credentialsManager = base.IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>();
if (credentialsManager == null)
{
credentialsManager = ServiceCredentials.CreateDefaultCredentials();
}
this.bootstrapSecurityBindingElement.ReaderQuotas = context.GetInnerProperty <XmlDictionaryReaderQuotas>();
if (this.bootstrapSecurityBindingElement.ReaderQuotas == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("EncodingBindingElementDoesNotHandleReaderQuotas")));
}
TransportBindingElement element = context.RemainingBindingElements.Find <TransportBindingElement>();
if (element != null)
{
this.bootstrapSecurityBindingElement.MaxReceivedMessageSize = element.MaxReceivedMessageSize;
}
SecurityProtocolFactory factory = this.bootstrapSecurityBindingElement.CreateSecurityProtocolFactory <TChannel>(base.IssuerBindingContext.Clone(), credentialsManager, true, base.IssuerBindingContext.Clone());
MessageSecurityProtocolFactory factory2 = factory as MessageSecurityProtocolFactory;
if (factory2 != null)
{
factory2.ApplyConfidentiality = factory2.ApplyIntegrity = factory2.RequireConfidentiality = factory2.RequireIntegrity = true;
MessagePartSpecification parts = new MessagePartSpecification(true);
factory2.ProtectionRequirements.OutgoingSignatureParts.AddParts(parts, this.RequestSecurityTokenResponseAction);
factory2.ProtectionRequirements.OutgoingEncryptionParts.AddParts(parts, this.RequestSecurityTokenResponseAction);
factory2.ProtectionRequirements.IncomingSignatureParts.AddParts(parts, this.RequestSecurityTokenAction);
factory2.ProtectionRequirements.IncomingEncryptionParts.AddParts(parts, this.RequestSecurityTokenAction);
}
SecurityChannelListener <TChannel> listener = new SecurityChannelListener <TChannel>(this.bootstrapSecurityBindingElement, context)
{
SecurityProtocolFactory = factory,
SendUnsecuredFaults = !System.ServiceModel.Security.SecurityUtils.IsCompositeDuplexBinding(context)
};
ChannelBuilder channelBuilder = new ChannelBuilder(context, true);
listener.InitializeListener(channelBuilder);
this.shouldMatchRstWithEndpointFilter = System.ServiceModel.Security.SecurityUtils.ShouldMatchRstWithEndpointFilter(this.bootstrapSecurityBindingElement);
return(listener);
}
protected override IChannelFactory <IRequestChannel> GetNegotiationChannelFactory(IChannelFactory <IRequestChannel> transportChannelFactory, ChannelBuilder channelBuilder)
{
ISecurityCapabilities securityCapabilities = this.bootstrapSecurityBindingElement.GetProperty <ISecurityCapabilities>(this.IssuerBindingContext);
SecurityCredentialsManager securityCredentials = this.IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>();
if (securityCredentials == null)
{
securityCredentials = ClientCredentials.CreateDefaultCredentials();
}
this.bootstrapSecurityBindingElement.ReaderQuotas = this.IssuerBindingContext.GetInnerProperty <XmlDictionaryReaderQuotas>();
if (this.bootstrapSecurityBindingElement.ReaderQuotas == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.EncodingBindingElementDoesNotHandleReaderQuotas)));
}
TransportBindingElement transportBindingElement = this.IssuerBindingContext.RemainingBindingElements.Find <TransportBindingElement>();
if (transportBindingElement != null)
{
this.bootstrapSecurityBindingElement.MaxReceivedMessageSize = transportBindingElement.MaxReceivedMessageSize;
}
SecurityProtocolFactory securityProtocolFactory = this.bootstrapSecurityBindingElement.CreateSecurityProtocolFactory <IRequestChannel>(this.IssuerBindingContext.Clone(), securityCredentials, false, this.IssuerBindingContext.Clone());
MessageSecurityProtocolFactory soapBindingFactory = (securityProtocolFactory as MessageSecurityProtocolFactory);
if (soapBindingFactory != null)
{
soapBindingFactory.ApplyConfidentiality = soapBindingFactory.ApplyIntegrity
= soapBindingFactory.RequireConfidentiality = soapBindingFactory.RequireIntegrity = true;
MessagePartSpecification bodyPart = new MessagePartSpecification(true);
soapBindingFactory.ProtectionRequirements.IncomingSignatureParts.AddParts(bodyPart, RequestSecurityTokenAction);
soapBindingFactory.ProtectionRequirements.IncomingEncryptionParts.AddParts(bodyPart, RequestSecurityTokenAction);
soapBindingFactory.ProtectionRequirements.OutgoingSignatureParts.AddParts(bodyPart, RequestSecurityTokenResponseAction);
soapBindingFactory.ProtectionRequirements.OutgoingEncryptionParts.AddParts(bodyPart, RequestSecurityTokenResponseAction);
}
securityProtocolFactory.PrivacyNoticeUri = this.PrivacyNoticeUri;
securityProtocolFactory.PrivacyNoticeVersion = this.PrivacyNoticeVersion;
return(new SecurityChannelFactory <IRequestChannel>(
securityCapabilities, this.IssuerBindingContext, channelBuilder, securityProtocolFactory, transportChannelFactory));
}
internal SecurityProtocolFactory(SecurityProtocolFactory factory) : this()
{
if (factory == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(factory));
}
ActAsInitiator = factory.ActAsInitiator;
_addTimestamp = factory._addTimestamp;
_detectReplays = factory._detectReplays;
_incomingAlgorithmSuite = factory._incomingAlgorithmSuite;
_maxCachedNonces = factory._maxCachedNonces;
_maxClockSkew = factory._maxClockSkew;
_outgoingAlgorithmSuite = factory._outgoingAlgorithmSuite;
_replayWindow = factory._replayWindow;
_channelSupportingTokenAuthenticatorSpecification = new Collection <SupportingTokenAuthenticatorSpecification>(new List <SupportingTokenAuthenticatorSpecification>(factory._channelSupportingTokenAuthenticatorSpecification));
_standardsManager = factory._standardsManager;
_timestampValidityDuration = factory._timestampValidityDuration;
_securityBindingElement = (SecurityBindingElement)factory._securityBindingElement?.Clone();
_securityTokenManager = factory._securityTokenManager;
_nonceCache = factory._nonceCache;
}
protected override IChannelFactory <IRequestChannel> GetNegotiationChannelFactory(IChannelFactory <IRequestChannel> transportChannelFactory, ChannelBuilder channelBuilder)
{
ISecurityCapabilities property = this.bootstrapSecurityBindingElement.GetProperty <ISecurityCapabilities>(base.IssuerBindingContext);
SecurityCredentialsManager credentialsManager = base.IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>();
if (credentialsManager == null)
{
credentialsManager = ClientCredentials.CreateDefaultCredentials();
}
this.bootstrapSecurityBindingElement.ReaderQuotas = base.IssuerBindingContext.GetInnerProperty <XmlDictionaryReaderQuotas>();
if (this.bootstrapSecurityBindingElement.ReaderQuotas == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("EncodingBindingElementDoesNotHandleReaderQuotas")));
}
TransportBindingElement element = base.IssuerBindingContext.RemainingBindingElements.Find <TransportBindingElement>();
if (element != null)
{
this.bootstrapSecurityBindingElement.MaxReceivedMessageSize = element.MaxReceivedMessageSize;
}
SecurityProtocolFactory protocolFactory = this.bootstrapSecurityBindingElement.CreateSecurityProtocolFactory <IRequestChannel>(base.IssuerBindingContext.Clone(), credentialsManager, false, base.IssuerBindingContext.Clone());
MessageSecurityProtocolFactory factory2 = protocolFactory as MessageSecurityProtocolFactory;
if (factory2 != null)
{
factory2.ApplyConfidentiality = factory2.ApplyIntegrity = factory2.RequireConfidentiality = factory2.RequireIntegrity = true;
MessagePartSpecification parts = new MessagePartSpecification(true);
factory2.ProtectionRequirements.IncomingSignatureParts.AddParts(parts, this.RequestSecurityTokenAction);
factory2.ProtectionRequirements.IncomingEncryptionParts.AddParts(parts, this.RequestSecurityTokenAction);
factory2.ProtectionRequirements.OutgoingSignatureParts.AddParts(parts, this.RequestSecurityTokenResponseAction);
factory2.ProtectionRequirements.OutgoingEncryptionParts.AddParts(parts, this.RequestSecurityTokenResponseAction);
}
protocolFactory.PrivacyNoticeUri = this.PrivacyNoticeUri;
protocolFactory.PrivacyNoticeVersion = this.PrivacyNoticeVersion;
return(new SecurityChannelFactory <IRequestChannel>(property, base.IssuerBindingContext, channelBuilder, protocolFactory, transportChannelFactory));
}
private void InitializeFactories()
{
ISecurityCapabilities securityCapabilities = BootstrapSecurityBindingElement.GetProperty <ISecurityCapabilities>(IssuerBindingContext);
SecurityCredentialsManager securityCredentials = IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>();
if (securityCredentials == null)
{
securityCredentials = ClientCredentials.CreateDefaultCredentials();
}
BindingContext context = IssuerBindingContext;
_bootstrapSecurityBindingElement.ReaderQuotas = context.GetInnerProperty <XmlDictionaryReaderQuotas>();
if (_bootstrapSecurityBindingElement.ReaderQuotas == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.EncodingBindingElementDoesNotHandleReaderQuotas));
}
TransportBindingElement transportBindingElement = context.RemainingBindingElements.Find <TransportBindingElement>();
if (transportBindingElement != null)
{
_bootstrapSecurityBindingElement.MaxReceivedMessageSize = transportBindingElement.MaxReceivedMessageSize;
}
SecurityProtocolFactory securityProtocolFactory = BootstrapSecurityBindingElement.CreateSecurityProtocolFactory <IRequestChannel>(IssuerBindingContext.Clone(), securityCredentials, false, IssuerBindingContext.Clone());
if (_localAddress != null)
{
MessageFilter issueAndRenewFilter = new SessionActionFilter(_standardsManager, IssueResponseAction.Value, RenewResponseAction.Value);
context.BindingParameters.Add(new LocalAddressProvider(_localAddress, issueAndRenewFilter));
}
ChannelBuilder channelBuilder = new ChannelBuilder(context, true);
IChannelFactory innerChannelFactory;
// if the underlying transport does not support request/reply, wrap it inside
// a service channel factory.
if (channelBuilder.CanBuildChannelFactory <IRequestChannel>())
{
innerChannelFactory = channelBuilder.BuildChannelFactory <IRequestChannel>();
_requiresManualReplyAddressing = true;
}
else
{
ClientRuntime clientRuntime = new ClientRuntime("RequestSecuritySession", NamingHelper.DefaultNamespace);
clientRuntime.UseSynchronizationContext = false;
clientRuntime.AddTransactionFlowProperties = false;
clientRuntime.ValidateMustUnderstand = false;
ServiceChannelFactory serviceChannelFactory = ServiceChannelFactory.BuildChannelFactory(channelBuilder, clientRuntime);
ClientOperation issueOperation = new ClientOperation(serviceChannelFactory.ClientRuntime, "Issue", IssueAction.Value);
issueOperation.Formatter = s_operationFormatter;
serviceChannelFactory.ClientRuntime.Operations.Add(issueOperation);
ClientOperation renewOperation = new ClientOperation(serviceChannelFactory.ClientRuntime, "Renew", RenewAction.Value);
renewOperation.Formatter = s_operationFormatter;
serviceChannelFactory.ClientRuntime.Operations.Add(renewOperation);
innerChannelFactory = new RequestChannelFactory(serviceChannelFactory);
_requiresManualReplyAddressing = false;
}
SecurityChannelFactory <IAsyncRequestChannel> securityChannelFactory = new SecurityChannelFactory <IAsyncRequestChannel>(
securityCapabilities, IssuerBindingContext, channelBuilder, securityProtocolFactory, innerChannelFactory);
// attach the ExtendedProtectionPolicy to the securityProtcolFactory so it will be
// available when building the channel.
if (transportBindingElement != null)
{
if (securityChannelFactory.SecurityProtocolFactory != null)
{
securityChannelFactory.SecurityProtocolFactory.ExtendedProtectionPolicy = transportBindingElement.GetProperty <ExtendedProtectionPolicy>(context);
}
}
_rstChannelFactory = securityChannelFactory;
MessageVersion = securityChannelFactory.MessageVersion;
}
public DuplexSecurityProtocolFactory(SecurityProtocolFactory forwardProtocolFactory, SecurityProtocolFactory reverseProtocolFactory)
: this()
{
this.forwardProtocolFactory = forwardProtocolFactory;
this.reverseProtocolFactory = reverseProtocolFactory;
}
protected SendSecurityHeader CreateSendSecurityHeader(Message message, string actor, SecurityProtocolFactory factory)
{
return(CreateSendSecurityHeader(message, actor, factory, true));
}
protected SendSecurityHeader CreateSendSecurityHeaderForTransportProtocol(Message message, string actor, SecurityProtocolFactory factory)
{
return(CreateSendSecurityHeader(message, actor, factory, false));
}
internal async Task <IList <SupportingTokenSpecification> > TryGetSupportingTokensAsync(SecurityProtocolFactory factory, EndpointAddress target, Uri via, Message message, TimeSpan timeout)
{
IList <SupportingTokenSpecification> supportingTokens = null;
if (!factory.ActAsInitiator)
{
return(null);
}
if (message == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(message));
}
TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);
IList <SupportingTokenProviderSpecification> supportingTokenProviders = GetSupportingTokenProviders(message.Headers.Action);
if (supportingTokenProviders != null && supportingTokenProviders.Count > 0)
{
supportingTokens = new Collection <SupportingTokenSpecification>();
for (int i = 0; i < supportingTokenProviders.Count; ++i)
{
SupportingTokenProviderSpecification spec = supportingTokenProviders[i];
SecurityToken supportingToken;
supportingToken = await spec.TokenProvider.GetTokenAsync(timeoutHelper.RemainingTime());
supportingTokens.Add(new SupportingTokenSpecification(supportingToken, EmptyReadOnlyCollection <IAuthorizationPolicy> .Instance, spec.SecurityTokenAttachmentMode, spec.TokenParameters));
}
}
// add any runtime supporting tokens
AddMessageSupportingTokens(message, ref supportingTokens);
return(supportingTokens);
}
public SecurityChannelFactory(ISecurityCapabilities securityCapabilities, BindingContext context, System.ServiceModel.Channels.ChannelBuilder channelBuilder, System.ServiceModel.Security.SecurityProtocolFactory protocolFactory, IChannelFactory innerChannelFactory) : this(securityCapabilities, context, channelBuilder, innerChannelFactory)
{
this.securityProtocolFactory = protocolFactory;
}
public SecurityChannelFactory(ISecurityCapabilities securityCapabilities, BindingContext context, System.ServiceModel.Channels.ChannelBuilder channelBuilder, System.ServiceModel.Security.SecurityProtocolFactory protocolFactory) : this(securityCapabilities, context, channelBuilder, protocolFactory, channelBuilder.BuildChannelFactory <TChannel>())
{
}
internal SecurityChannelFactory(Binding binding, System.ServiceModel.Security.SecurityProtocolFactory protocolFactory, IChannelFactory innerChannelFactory) : base(binding, innerChannelFactory)
{
this.securityProtocolFactory = protocolFactory;
}
private void InitializeFactories()
{
IChannelFactory <IRequestChannel> factory3;
ISecurityCapabilities property = this.BootstrapSecurityBindingElement.GetProperty <ISecurityCapabilities>(this.IssuerBindingContext);
SecurityCredentialsManager credentialsManager = this.IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>();
if (credentialsManager == null)
{
credentialsManager = ClientCredentials.CreateDefaultCredentials();
}
BindingContext issuerBindingContext = this.IssuerBindingContext;
this.bootstrapSecurityBindingElement.ReaderQuotas = issuerBindingContext.GetInnerProperty <XmlDictionaryReaderQuotas>();
if (this.bootstrapSecurityBindingElement.ReaderQuotas == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("EncodingBindingElementDoesNotHandleReaderQuotas")));
}
TransportBindingElement element = issuerBindingContext.RemainingBindingElements.Find <TransportBindingElement>();
if (element != null)
{
this.bootstrapSecurityBindingElement.MaxReceivedMessageSize = element.MaxReceivedMessageSize;
}
SecurityProtocolFactory protocolFactory = this.BootstrapSecurityBindingElement.CreateSecurityProtocolFactory <IRequestChannel>(this.IssuerBindingContext.Clone(), credentialsManager, false, this.IssuerBindingContext.Clone());
if (protocolFactory is MessageSecurityProtocolFactory)
{
MessageSecurityProtocolFactory factory2 = protocolFactory as MessageSecurityProtocolFactory;
factory2.ApplyConfidentiality = factory2.ApplyIntegrity = factory2.RequireConfidentiality = factory2.RequireIntegrity = true;
factory2.ProtectionRequirements.IncomingSignatureParts.ChannelParts.IsBodyIncluded = true;
factory2.ProtectionRequirements.OutgoingSignatureParts.ChannelParts.IsBodyIncluded = true;
MessagePartSpecification parts = new MessagePartSpecification(true);
factory2.ProtectionRequirements.IncomingSignatureParts.AddParts(parts, this.IssueAction);
factory2.ProtectionRequirements.IncomingEncryptionParts.AddParts(parts, this.IssueAction);
factory2.ProtectionRequirements.IncomingSignatureParts.AddParts(parts, this.RenewAction);
factory2.ProtectionRequirements.IncomingEncryptionParts.AddParts(parts, this.RenewAction);
factory2.ProtectionRequirements.OutgoingSignatureParts.AddParts(parts, this.IssueResponseAction);
factory2.ProtectionRequirements.OutgoingEncryptionParts.AddParts(parts, this.IssueResponseAction);
factory2.ProtectionRequirements.OutgoingSignatureParts.AddParts(parts, this.RenewResponseAction);
factory2.ProtectionRequirements.OutgoingEncryptionParts.AddParts(parts, this.RenewResponseAction);
}
protocolFactory.PrivacyNoticeUri = this.PrivacyNoticeUri;
protocolFactory.PrivacyNoticeVersion = this.privacyNoticeVersion;
if (this.localAddress != null)
{
MessageFilter filter = new SessionActionFilter(this.standardsManager, new string[] { this.IssueResponseAction.Value, this.RenewResponseAction.Value });
issuerBindingContext.BindingParameters.Add(new LocalAddressProvider(this.localAddress, filter));
}
ChannelBuilder channelBuilder = new ChannelBuilder(issuerBindingContext, true);
if (channelBuilder.CanBuildChannelFactory <IRequestChannel>())
{
factory3 = channelBuilder.BuildChannelFactory <IRequestChannel>();
this.requiresManualReplyAddressing = true;
}
else
{
ClientRuntime clientRuntime = new ClientRuntime("RequestSecuritySession", "http://tempuri.org/")
{
UseSynchronizationContext = false,
AddTransactionFlowProperties = false,
ValidateMustUnderstand = false
};
ServiceChannelFactory serviceChannelFactory = ServiceChannelFactory.BuildChannelFactory(channelBuilder, clientRuntime);
ClientOperation item = new ClientOperation(serviceChannelFactory.ClientRuntime, "Issue", this.IssueAction.Value)
{
Formatter = operationFormatter
};
serviceChannelFactory.ClientRuntime.Operations.Add(item);
ClientOperation operation2 = new ClientOperation(serviceChannelFactory.ClientRuntime, "Renew", this.RenewAction.Value)
{
Formatter = operationFormatter
};
serviceChannelFactory.ClientRuntime.Operations.Add(operation2);
factory3 = new RequestChannelFactory(serviceChannelFactory);
this.requiresManualReplyAddressing = false;
}
SecurityChannelFactory <IRequestChannel> factory5 = new SecurityChannelFactory <IRequestChannel>(property, this.IssuerBindingContext, channelBuilder, protocolFactory, factory3);
if ((element != null) && (factory5.SecurityProtocolFactory != null))
{
factory5.SecurityProtocolFactory.ExtendedProtectionPolicy = element.GetProperty <ExtendedProtectionPolicy>(issuerBindingContext);
}
this.rstChannelFactory = factory5;
this.messageVersion = factory5.MessageVersion;
}
void InitializeFactories()
{
ISecurityCapabilities securityCapabilities = this.BootstrapSecurityBindingElement.GetProperty <ISecurityCapabilities>(this.IssuerBindingContext);
SecurityCredentialsManager securityCredentials = this.IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>();
if (securityCredentials == null)
{
securityCredentials = ClientCredentials.CreateDefaultCredentials();
}
BindingContext context = this.IssuerBindingContext;
this.bootstrapSecurityBindingElement.ReaderQuotas = context.GetInnerProperty <XmlDictionaryReaderQuotas>();
if (this.bootstrapSecurityBindingElement.ReaderQuotas == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.EncodingBindingElementDoesNotHandleReaderQuotas)));
}
TransportBindingElement transportBindingElement = context.RemainingBindingElements.Find <TransportBindingElement>();
if (transportBindingElement != null)
{
this.bootstrapSecurityBindingElement.MaxReceivedMessageSize = transportBindingElement.MaxReceivedMessageSize;
}
SecurityProtocolFactory securityProtocolFactory = this.BootstrapSecurityBindingElement.CreateSecurityProtocolFactory <IRequestChannel>(this.IssuerBindingContext.Clone(), securityCredentials, false, this.IssuerBindingContext.Clone());
if (securityProtocolFactory is MessageSecurityProtocolFactory)
{
MessageSecurityProtocolFactory soapBindingFactory = securityProtocolFactory as MessageSecurityProtocolFactory;
soapBindingFactory.ApplyConfidentiality = soapBindingFactory.ApplyIntegrity
= soapBindingFactory.RequireConfidentiality = soapBindingFactory.RequireIntegrity = true;
soapBindingFactory.ProtectionRequirements.IncomingSignatureParts.ChannelParts.IsBodyIncluded = true;
soapBindingFactory.ProtectionRequirements.OutgoingSignatureParts.ChannelParts.IsBodyIncluded = true;
MessagePartSpecification bodyPart = new MessagePartSpecification(true);
soapBindingFactory.ProtectionRequirements.IncomingSignatureParts.AddParts(bodyPart, IssueAction);
soapBindingFactory.ProtectionRequirements.IncomingEncryptionParts.AddParts(bodyPart, IssueAction);
soapBindingFactory.ProtectionRequirements.IncomingSignatureParts.AddParts(bodyPart, RenewAction);
soapBindingFactory.ProtectionRequirements.IncomingEncryptionParts.AddParts(bodyPart, RenewAction);
soapBindingFactory.ProtectionRequirements.OutgoingSignatureParts.AddParts(bodyPart, IssueResponseAction);
soapBindingFactory.ProtectionRequirements.OutgoingEncryptionParts.AddParts(bodyPart, IssueResponseAction);
soapBindingFactory.ProtectionRequirements.OutgoingSignatureParts.AddParts(bodyPart, RenewResponseAction);
soapBindingFactory.ProtectionRequirements.OutgoingEncryptionParts.AddParts(bodyPart, RenewResponseAction);
}
securityProtocolFactory.PrivacyNoticeUri = this.PrivacyNoticeUri;
securityProtocolFactory.PrivacyNoticeVersion = this.privacyNoticeVersion;
if (this.localAddress != null)
{
MessageFilter issueAndRenewFilter = new SessionActionFilter(this.standardsManager, this.IssueResponseAction.Value, this.RenewResponseAction.Value);
context.BindingParameters.Add(new LocalAddressProvider(localAddress, issueAndRenewFilter));
}
ChannelBuilder channelBuilder = new ChannelBuilder(context, true);
IChannelFactory <IRequestChannel> innerChannelFactory;
// if the underlying transport does not support request/reply, wrap it inside
// a service channel factory.
if (channelBuilder.CanBuildChannelFactory <IRequestChannel>())
{
innerChannelFactory = channelBuilder.BuildChannelFactory <IRequestChannel>();
requiresManualReplyAddressing = true;
}
else
{
ClientRuntime clientRuntime = new ClientRuntime("RequestSecuritySession", NamingHelper.DefaultNamespace);
clientRuntime.UseSynchronizationContext = false;
clientRuntime.AddTransactionFlowProperties = false;
clientRuntime.ValidateMustUnderstand = false;
ServiceChannelFactory serviceChannelFactory = ServiceChannelFactory.BuildChannelFactory(channelBuilder, clientRuntime);
ClientOperation issueOperation = new ClientOperation(serviceChannelFactory.ClientRuntime, "Issue", IssueAction.Value);
issueOperation.Formatter = operationFormatter;
serviceChannelFactory.ClientRuntime.Operations.Add(issueOperation);
ClientOperation renewOperation = new ClientOperation(serviceChannelFactory.ClientRuntime, "Renew", RenewAction.Value);
renewOperation.Formatter = operationFormatter;
serviceChannelFactory.ClientRuntime.Operations.Add(renewOperation);
innerChannelFactory = new RequestChannelFactory(serviceChannelFactory);
requiresManualReplyAddressing = false;
}
SecurityChannelFactory <IRequestChannel> securityChannelFactory = new SecurityChannelFactory <IRequestChannel>(
securityCapabilities, this.IssuerBindingContext, channelBuilder, securityProtocolFactory, innerChannelFactory);
// attach the ExtendedProtectionPolicy to the securityProtcolFactory so it will be
// available when building the channel.
if (transportBindingElement != null)
{
if (securityChannelFactory.SecurityProtocolFactory != null)
{
securityChannelFactory.SecurityProtocolFactory.ExtendedProtectionPolicy = transportBindingElement.GetProperty <ExtendedProtectionPolicy>(context);
}
}
this.rstChannelFactory = securityChannelFactory;
this.messageVersion = securityChannelFactory.MessageVersion;
}
