public void OpenWithoutSerializer()
{
IssuedSecurityTokenProvider p =
new IssuedSecurityTokenProvider();
p.Open();
}
public void GetTokenWithoutOpen()
{
IssuedSecurityTokenProvider p =
new IssuedSecurityTokenProvider();
p.GetToken(TimeSpan.FromSeconds(10));
}
/// <summary>
/// Constructor
/// </summary>
public CustomIssuedSecurityTokenProvider(IssuedSecurityTokenProvider innerProvider)
: base()
{
this.innerProvider = innerProvider;
this.CacheIssuedTokens = innerProvider.CacheIssuedTokens;
this.IdentityVerifier = innerProvider.IdentityVerifier;
this.IssuedTokenRenewalThresholdPercentage = innerProvider.IssuedTokenRenewalThresholdPercentage;
this.IssuerAddress = innerProvider.IssuerAddress;
this.IssuerBinding = innerProvider.IssuerBinding;
foreach (IEndpointBehavior behavior in innerProvider.IssuerChannelBehaviors)
{
this.IssuerChannelBehaviors.Add(behavior);
}
this.KeyEntropyMode = innerProvider.KeyEntropyMode;
this.MaxIssuedTokenCachingTime = innerProvider.MaxIssuedTokenCachingTime;
this.MessageSecurityVersion = innerProvider.MessageSecurityVersion;
this.SecurityAlgorithmSuite = innerProvider.SecurityAlgorithmSuite;
this.SecurityTokenSerializer = innerProvider.SecurityTokenSerializer;
this.TargetAddress = innerProvider.TargetAddress;
foreach (XmlElement parameter in innerProvider.TokenRequestParameters)
{
this.TokenRequestParameters.Add(parameter);
}
this.innerProvider.Open();
}
IssuedSecurityTokenProvider CreateIssuedTokenProvider(SecurityTokenRequirement requirement)
{
IssuedSecurityTokenProvider p =
new IssuedSecurityTokenProvider();
// FIXME: fill properties
EndpointAddress address;
if (requirement.TryGetProperty <EndpointAddress> (ReqType.IssuerAddressProperty, out address))
{
p.IssuerAddress = address;
}
if (requirement.TryGetProperty <EndpointAddress> (ReqType.TargetAddressProperty, out address))
{
p.TargetAddress = address;
}
Binding binding;
if (requirement.TryGetProperty <Binding> (ReqType.IssuerBindingProperty, out binding))
{
p.IssuerBinding = binding;
}
MessageSecurityVersion ver;
if (requirement.TryGetProperty <MessageSecurityVersion> (ReqType.MessageSecurityVersionProperty, out ver))
{
p.SecurityTokenSerializer = CreateSecurityTokenSerializer(ver.SecurityVersion);
}
SecurityAlgorithmSuite suite;
if (requirement.TryGetProperty <SecurityAlgorithmSuite> (ReqType.SecurityAlgorithmSuiteProperty, out suite))
{
p.SecurityAlgorithmSuite = suite;
}
return(p);
}
public void OpenWithoutIssuerAddress()
{
IssuedSecurityTokenProvider p =
new IssuedSecurityTokenProvider();
p.SecurityTokenSerializer = WSSecurityTokenSerializer.DefaultInstance;
p.Open();
}
public void OpenWithoutBinding()
{
IssuedSecurityTokenProvider p =
new IssuedSecurityTokenProvider();
p.SecurityTokenSerializer = WSSecurityTokenSerializer.DefaultInstance;
p.IssuerAddress = new EndpointAddress("http://localhost:8080");
p.Open();
}
IssuedSecurityTokenProvider CreateIssuedProviderBase(SecurityTokenRequirement r)
{
IssuedSecurityTokenProvider p =
new IssuedSecurityTokenProvider();
p.TargetAddress = r.GetProperty <EndpointAddress> (ReqType.TargetAddressProperty);
// FIXME: use it somewhere, probably to build
// IssuerBinding. However, there is also IssuerBinding
// property. SecureConversationSecurityBindingElement
// as well.
SecurityBindingElement sbe =
r.GetProperty <SecurityBindingElement> (ReqType.SecurityBindingElementProperty);
// I doubt the binding is acquired this way ...
Binding binding;
if (!r.TryGetProperty <Binding> (ReqType.IssuerBindingProperty, out binding))
{
binding = new CustomBinding(sbe,
new TextMessageEncodingBindingElement(),
new HttpTransportBindingElement());
}
p.IssuerBinding = binding;
// not sure if it is used only for this purpose though ...
BindingContext ctx = r.GetProperty <BindingContext> (ReqType.IssuerBindingContextProperty);
foreach (IEndpointBehavior b in ctx.BindingParameters.FindAll <IEndpointBehavior> ())
{
p.IssuerChannelBehaviors.Add(b);
}
SecurityTokenVersion ver =
r.GetProperty <SecurityTokenVersion> (ReqType.MessageSecurityVersionProperty);
p.SecurityTokenSerializer =
CreateSecurityTokenSerializer(ver);
// seems like they are optional here ... (but possibly
// used later)
EndpointAddress address;
if (!r.TryGetProperty <EndpointAddress> (ReqType.IssuerAddressProperty, out address))
{
address = p.TargetAddress;
}
p.IssuerAddress = address;
// It is somehow not checked as mandatory ...
SecurityAlgorithmSuite suite = null;
r.TryGetProperty <SecurityAlgorithmSuite> (ReqType.SecurityAlgorithmSuiteProperty, out suite);
p.SecurityAlgorithmSuite = suite;
return(p);
}
// FIXME: it is far from done.
SecurityTokenProvider CreateSecureConversationProvider(SecurityTokenRequirement r)
{
IssuedSecurityTokenProvider p =
CreateIssuedProviderBase(r);
// FIXME: use it somewhere.
int keySize = r.KeySize;
return(p);
}
// FIXME: it is far from done.
SecurityTokenProvider CreateSecureConversationProvider(SecurityTokenRequirement r)
{
IssuedSecurityTokenProvider p =
new IssuedSecurityTokenProvider();
InitializeProviderCommunicationObject(p.Communication, r);
// FIXME: use it somewhere.
int keySize = r.KeySize;
return(p);
}
public override System.IdentityModel.Selectors.SecurityTokenProvider CreateSecurityTokenProvider(System.IdentityModel.Selectors.SecurityTokenRequirement tokenRequirement)
{
if (!this.IsIssuedSecurityTokenRequirement(tokenRequirement))
{
return(base.CreateSecurityTokenProvider(tokenRequirement));
}
IssuedSecurityTokenProvider provider = base.CreateSecurityTokenProvider(tokenRequirement) as IssuedSecurityTokenProvider;
CachedIssuedSecurityTokenProvider cachedProvider = new CachedIssuedSecurityTokenProvider(provider.IssuerBinding, provider.IssuerAddress, provider.TargetAddress, (CachedClientCredentials)this.ClientCredentials);
return(cachedProvider);
}
private static SecurityTokenProvider CreateTokenProviderForNextLeg(SecurityTokenRequirement tokenRequirement, EndpointAddress target, EndpointAddress issuerAddress, Uri relyingPartyIssuer, ClientCredentialsSecurityTokenManager clientCredentialsTokenManager, InfoCardChannelParameter infocardChannelParameter)
{
if (((null == relyingPartyIssuer) && (null == issuerAddress)) || (issuerAddress.Uri == relyingPartyIssuer))
{
return(new InternalInfoCardTokenProvider(infocardChannelParameter));
}
IssuedSecurityTokenProvider provider = (IssuedSecurityTokenProvider)clientCredentialsTokenManager.CreateSecurityTokenProvider(tokenRequirement, true);
provider.IssuerChannelBehaviors.Remove <SecurityCredentialsManager>();
provider.IssuerChannelBehaviors.Add(new InternalClientCredentials(clientCredentialsTokenManager.ClientCredentials, target, relyingPartyIssuer, infocardChannelParameter));
return(provider);
}
/// <summary>
/// Returns a custom token provider when a issued token is required
/// </summary>
public override System.IdentityModel.Selectors.SecurityTokenProvider CreateSecurityTokenProvider(System.IdentityModel.Selectors.SecurityTokenRequirement tokenRequirement)
{
if (this.IsIssuedSecurityTokenRequirement(tokenRequirement))
{
IssuedSecurityTokenProvider baseProvider = (IssuedSecurityTokenProvider)base.CreateSecurityTokenProvider(tokenRequirement);
CustomIssuedSecurityTokenProvider provider = new CustomIssuedSecurityTokenProvider(baseProvider);
return(provider);
}
else
{
return(base.CreateSecurityTokenProvider(tokenRequirement));
}
}
public void OpenWithoutTargetAddress()
{
IssuedSecurityTokenProvider p =
new IssuedSecurityTokenProvider();
p.SecurityTokenSerializer = WSSecurityTokenSerializer.DefaultInstance;
p.IssuerAddress = new EndpointAddress("http://localhost:8080");
p.IssuerBinding = new BasicHttpBinding();
// wiithout it indigo causes NRE
p.SecurityAlgorithmSuite = SecurityAlgorithmSuite.Default;
p.Open();
}
public void Open()
{
IssuedSecurityTokenProvider p = SetupProvider(new BasicHttpBinding());
try {
p.Open();
} finally {
if (p.State == CommunicationState.Opened)
{
p.Close();
}
}
}
public void GetToken()
{
IssuedSecurityTokenProvider p = SetupProvider(CreateIssuerBinding(new RequestSender(OnGetToken), true));
try {
p.Open(TimeSpan.FromSeconds(5));
p.GetToken(TimeSpan.FromSeconds(10));
} finally {
if (p.State == CommunicationState.Opened)
{
p.Close();
}
}
}
public void GetTokenWithoutProtectionTokenParameters()
{
IssuedSecurityTokenProvider p = SetupProvider(CreateIssuerBinding(null, false));
try {
p.Open();
p.GetToken(TimeSpan.FromSeconds(10));
} finally {
if (p.State == CommunicationState.Opened)
{
p.Close();
}
}
}
public void GetTokenNoSecureBinding()
{
IssuedSecurityTokenProvider p = SetupProvider(new BasicHttpBinding());
try {
p.Open();
p.GetToken(TimeSpan.FromSeconds(10));
} finally {
if (p.State == CommunicationState.Opened)
{
p.Close();
}
}
}
IssuedSecurityTokenProvider SetupProvider(Binding binding)
{
IssuedSecurityTokenProvider p =
new IssuedSecurityTokenProvider();
p.SecurityTokenSerializer = WSSecurityTokenSerializer.DefaultInstance;
p.IssuerAddress = GetSecureEndpointAddress("stream:dummy");
p.IssuerBinding = binding;
// wiithout it indigo causes NRE
p.SecurityAlgorithmSuite = SecurityAlgorithmSuite.Default;
p.TargetAddress = new EndpointAddress("http://localhost:9090");
return(p);
}
public void GetTokenWithoutServiceCertificate()
{
IssuedSecurityTokenProvider p = SetupProvider(CreateIssuerBinding(null, true));
p.IssuerAddress = new EndpointAddress("stream:dummy");
try {
p.Open(TimeSpan.FromSeconds(5));
p.GetToken(TimeSpan.FromSeconds(10));
} finally {
if (p.State == CommunicationState.Opened)
{
p.Close();
}
}
}
static SecurityTokenProvider CreateTokenProviderForNextLeg(SecurityTokenRequirement tokenRequirement, EndpointAddress target, EndpointAddress issuerAddress, Uri relyingPartyIssuer, ClientCredentialsSecurityTokenManager clientCredentialsTokenManager, InfoCardChannelParameter infocardChannelParameter)
{
if (((null == relyingPartyIssuer && null == issuerAddress) || issuerAddress.Uri == relyingPartyIssuer))
{
return(new InternalInfoCardTokenProvider(infocardChannelParameter));
}
else
{
// create a federation token provider and add an internal client credentials shim that contains the chain
IssuedSecurityTokenProvider federationTokenProvider = (IssuedSecurityTokenProvider)clientCredentialsTokenManager.CreateSecurityTokenProvider(tokenRequirement, true);
federationTokenProvider.IssuerChannelBehaviors.Remove <SecurityCredentialsManager>();
federationTokenProvider.IssuerChannelBehaviors.Add(new InternalClientCredentials(clientCredentialsTokenManager.ClientCredentials, target, relyingPartyIssuer, infocardChannelParameter));
return(federationTokenProvider);
}
}
public DurableIssuedSecurityTokenProvider(IssuedSecurityTokenProvider innerTokenProvider, IssuedTokenCache cache)
{
if (cache == null)
{
throw new ArgumentNullException("cache");
}
if (innerTokenProvider == null)
{
throw new ArgumentNullException("innerTokenProvider");
}
this.innerTokenProvider = innerTokenProvider;
this.cache = cache;
this.target = innerTokenProvider.TargetAddress;
this.issuer = innerTokenProvider.IssuerAddress;
}
private void CopyIssuerChannelBehaviorsAndAddSecurityCredentials(IssuedSecurityTokenProvider federationTokenProvider, KeyedByTypeCollection <IEndpointBehavior> issuerChannelBehaviors, EndpointAddress issuerAddress)
{
if (issuerChannelBehaviors != null)
{
foreach (IEndpointBehavior behavior in issuerChannelBehaviors)
{
if (behavior is SecurityCredentialsManager)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("IssuerChannelBehaviorsCannotContainSecurityCredentialsManager", new object[] { issuerAddress, typeof(SecurityCredentialsManager) })));
}
federationTokenProvider.IssuerChannelBehaviors.Add(behavior);
}
}
federationTokenProvider.IssuerChannelBehaviors.Add(this.parent);
}
public static void Main()
{
IssuedSecurityTokenProvider p =
new IssuedSecurityTokenProvider();
p.SecurityTokenSerializer = WSSecurityTokenSerializer.DefaultInstance;
p.IssuerAddress = new EndpointAddress("http://localhost:8080");
WSHttpBinding binding = new WSHttpBinding();
//binding.Security.Mode = SecurityMode.Message;
p.IssuerBinding = binding;
p.SecurityAlgorithmSuite = SecurityAlgorithmSuite.Default;
p.TargetAddress = new EndpointAddress("http://localhost:8080");
p.Open();
p.GetToken(TimeSpan.FromSeconds(10));
p.Close();
}
public void DefaultValues()
{
IssuedSecurityTokenProvider p =
new IssuedSecurityTokenProvider();
Assert.AreEqual(true, p.CacheIssuedTokens, "#1");
Assert.AreEqual(TimeSpan.FromMinutes(1), p.DefaultOpenTimeout, "#2");
Assert.AreEqual(TimeSpan.FromMinutes(1), p.DefaultCloseTimeout, "#3");
Assert.IsNotNull(p.IdentityVerifier, "#4");
Assert.AreEqual(60, p.IssuedTokenRenewalThresholdPercentage, "#5");
Assert.IsNull(p.IssuerAddress, "#6");
Assert.AreEqual(0, p.IssuerChannelBehaviors.Count, "#7");
Assert.AreEqual(SecurityKeyEntropyMode.CombinedEntropy, p.KeyEntropyMode, "#8");
Assert.AreEqual(TimeSpan.MaxValue, p.MaxIssuedTokenCachingTime, "#9");
Assert.AreEqual(MessageSecurityVersion.Default,
p.MessageSecurityVersion, "#10");
Assert.IsNull(p.SecurityAlgorithmSuite, "#11");
Assert.IsNull(p.SecurityTokenSerializer, "#12");
Assert.IsNull(p.TargetAddress, "#13");
Assert.AreEqual(true, p.SupportsTokenCancellation, "#14");
Assert.AreEqual(0, p.TokenRequestParameters.Count, "#15");
Assert.IsNull(p.IssuerBinding, "#16");
}
public static eHtalkMessage GetResponseSync(eHtalkMessage msg, X509Certificate2 extInterfaCertificate, string esbEndpoint, string relyingParty, string identityProviderURL, X509Certificate2 userCertificate, string wsaddressingTo, Stopwatch stopw)
{
#if !CC
IssuedSecurityTokenProvider provider = new IssuedSecurityTokenProvider();
provider.SecurityTokenSerializer = new WSSecurityTokenSerializer();
provider.TargetAddress = new EndpointAddress(new Uri(relyingParty), new AddressHeader[0]);
provider.IssuerAddress = new EndpointAddress(new Uri(identityProviderURL), new AddressHeader[0]);
provider.SecurityAlgorithmSuite = SecurityAlgorithmSuite.Basic256;
provider.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
ClientCredentials credentials = new ClientCredentials
{
ClientCertificate = { Certificate = userCertificate }
};
provider.IssuerChannelBehaviors.Add(credentials);
HttpsTransportBindingElement tbe = new HttpsTransportBindingElement
{
AuthenticationScheme = AuthenticationSchemes.Digest,
RequireClientCertificate = true,
KeepAliveEnabled = false
};
CustomBinding stsBinding = new CustomBinding(new BindingElement[] { tbe });
provider.IssuerBinding = stsBinding;
provider.Open();
var token = provider.GetToken(TimeSpan.FromSeconds(30.0)) as GenericXmlSecurityToken;
#endif
#if CC
var cc = new EhealthCryptoController();
var token = cc.GetSamlTokenForHealthProfessional(relyingParty);
#endif
if (token == null)
{
throw new ApplicationException("No AT token received");
}
Console.WriteLine(string.Format("Ziskany AT token in {0}", stopw.ElapsedMilliseconds));
CustomBinding binding = new CustomBinding();
SecurityBindingElement sbe = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(new IssuedSecurityTokenParameters()
{
RequireDerivedKeys = true, KeyType = SecurityKeyType.SymmetricKey
});
sbe.MessageSecurityVersion =
MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
sbe.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
sbe.IncludeTimestamp = true;
//sbe.AllowInsecureTransport = true;
sbe.SetKeyDerivation(true);
sbe.KeyEntropyMode = SecurityKeyEntropyMode.ClientEntropy;
binding.Elements.Add(sbe);
binding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap12WSAddressing10, System.Text.Encoding.UTF8));
binding.Elements.Add(new HttpsTransportBindingElement()
{
RequireClientCertificate = true, KeepAliveEnabled = true
});
var regEx = new Regex(@"https?://([^/]+)");
var dnsIdentity = regEx.Match(wsaddressingTo).Groups[1].Captures[0].Value;
var channelFactory = new ChannelFactory <IeHealthSyncService>(binding,
new EndpointAddress(
new Uri(wsaddressingTo),
new DnsEndpointIdentity(dnsIdentity),
new AddressHeader[] { }));
channelFactory.Credentials.SupportInteractive = false;
channelFactory.Credentials.ClientCertificate.Certificate = userCertificate;
channelFactory.Credentials.ServiceCertificate.DefaultCertificate = extInterfaCertificate;
channelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode =
X509CertificateValidationMode.None;
channelFactory.ConfigureChannelFactory <IeHealthSyncService>();
channelFactory.Endpoint.Behaviors.Add(new ClientViaBehavior(new Uri(esbEndpoint)));
var channel = channelFactory.CreateChannelWithIssuedToken(token);
Console.WriteLine(string.Format("vytvoreny kanal: {0}", stopw.ElapsedMilliseconds));
var stopw1 = new Stopwatch();
eHtalkMessage data = null;
int wait = 1;
for (int i = 0; i < 20; i++)
{
stopw1.Reset();
stopw1.Start();
msg.Header.MessageInfo.MessageID = Guid.NewGuid().ToString("D");
Debug.WriteLine("Start calling", "MyCustom");
try
{
data = channel.GetData(msg);
}
catch (CommunicationException ex)
{
data = channel.GetData(msg);
}
Console.WriteLine(string.Format("po {1} sekundach: {0}", stopw1.ElapsedMilliseconds, wait));
Thread.Sleep(wait * 1000);
wait = wait * 2;
}
return(data);
}
/// <summary>
/// CacheSecurityTokenProvider
/// </summary>
public CacheSecurityTokenProvider(SecurityTokenRequirement requirement, IssuedSecurityTokenProvider federatedSecurityTokenProvider) : base( )
{
innerProvider = federatedSecurityTokenProvider;
innerProvider.Open();
}
private IssuedSecurityTokenProvider CreateIssuedSecurityTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement)
{
KeyedByTypeCollection <IEndpointBehavior> localIssuerChannelBehaviors;
MessageSecurityVersion version;
SecurityTokenSerializer serializer;
ChannelParameterCollection parameters2;
if (initiatorRequirement.TargetAddress == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenRequirementDoesNotSpecifyTargetAddress", new object[] { initiatorRequirement }));
}
SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement;
if (securityBindingElement == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenProviderRequiresSecurityBindingElement", new object[] { initiatorRequirement }));
}
EndpointAddress issuerAddress = initiatorRequirement.IssuerAddress;
Binding issuerBinding = initiatorRequirement.IssuerBinding;
bool flag = (issuerAddress == null) || issuerAddress.Equals(EndpointAddress.AnonymousAddress);
if (flag)
{
issuerAddress = this.parent.IssuedToken.LocalIssuerAddress;
issuerBinding = this.parent.IssuedToken.LocalIssuerBinding;
}
if (issuerAddress == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("StsAddressNotSet", new object[] { initiatorRequirement.TargetAddress })));
}
if (issuerBinding == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("StsBindingNotSet", new object[] { issuerAddress })));
}
Uri uri = issuerAddress.Uri;
if (!this.parent.IssuedToken.IssuerChannelBehaviors.TryGetValue(issuerAddress.Uri, out localIssuerChannelBehaviors) && flag)
{
localIssuerChannelBehaviors = this.parent.IssuedToken.LocalIssuerChannelBehaviors;
}
IssuedSecurityTokenProvider federationTokenProvider = new IssuedSecurityTokenProvider(this.GetCredentialsHandle(initiatorRequirement))
{
TargetAddress = initiatorRequirement.TargetAddress
};
this.CopyIssuerChannelBehaviorsAndAddSecurityCredentials(federationTokenProvider, localIssuerChannelBehaviors, issuerAddress);
federationTokenProvider.CacheIssuedTokens = this.parent.IssuedToken.CacheIssuedTokens;
federationTokenProvider.IdentityVerifier = securityBindingElement.LocalClientSettings.IdentityVerifier;
federationTokenProvider.IssuerAddress = issuerAddress;
federationTokenProvider.IssuerBinding = issuerBinding;
federationTokenProvider.KeyEntropyMode = this.GetIssuerBindingKeyEntropyModeOrDefault(issuerBinding);
federationTokenProvider.MaxIssuedTokenCachingTime = this.parent.IssuedToken.MaxIssuedTokenCachingTime;
federationTokenProvider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite;
IssuedSecurityTokenParameters property = initiatorRequirement.GetProperty <IssuedSecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty);
this.GetIssuerBindingSecurityVersion(issuerBinding, property.DefaultMessageSecurityVersion, initiatorRequirement.SecurityBindingElement, out version, out serializer);
federationTokenProvider.MessageSecurityVersion = version;
federationTokenProvider.SecurityTokenSerializer = serializer;
federationTokenProvider.IssuedTokenRenewalThresholdPercentage = this.parent.IssuedToken.IssuedTokenRenewalThresholdPercentage;
IEnumerable <XmlElement> enumerable = property.CreateRequestParameters(version, serializer);
if (enumerable != null)
{
foreach (XmlElement element2 in enumerable)
{
federationTokenProvider.TokenRequestParameters.Add(element2);
}
}
if (initiatorRequirement.TryGetProperty <ChannelParameterCollection>(ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty, out parameters2))
{
federationTokenProvider.ChannelParameters = parameters2;
}
return(federationTokenProvider);
}
IssuedSecurityTokenProvider CreateIssuedSecurityTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement, FederatedClientCredentialsParameters actAsOnBehalfOfParameters)
{
if (initiatorRequirement.TargetAddress == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenRequirementDoesNotSpecifyTargetAddress, initiatorRequirement));
}
SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement;
if (securityBindingElement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenProviderRequiresSecurityBindingElement, initiatorRequirement));
}
EndpointAddress issuerAddress = initiatorRequirement.IssuerAddress;
Binding issuerBinding = initiatorRequirement.IssuerBinding;
//
// If the issuer address is indeed anonymous or null, we will try the local issuer
//
bool isLocalIssuer = (issuerAddress == null || issuerAddress.Equals(EndpointAddress.AnonymousAddress));
if (isLocalIssuer)
{
issuerAddress = parent.IssuedToken.LocalIssuerAddress;
issuerBinding = parent.IssuedToken.LocalIssuerBinding;
}
if (issuerAddress == null)
{
// if issuer address is still null then the user forgot to specify the local issuer
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.StsAddressNotSet, initiatorRequirement.TargetAddress)));
}
if (issuerBinding == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.StsBindingNotSet, issuerAddress)));
}
Uri issuerUri = issuerAddress.Uri;
KeyedByTypeCollection <IEndpointBehavior> issuerChannelBehaviors;
if (!parent.IssuedToken.IssuerChannelBehaviors.TryGetValue(issuerAddress.Uri, out issuerChannelBehaviors) && isLocalIssuer)
{
issuerChannelBehaviors = parent.IssuedToken.LocalIssuerChannelBehaviors;
}
IssuedSecurityTokenProvider federationTokenProvider = new IssuedSecurityTokenProvider(GetCredentialsHandle(initiatorRequirement));
federationTokenProvider.TokenHandlerCollectionManager = this.parent.SecurityTokenHandlerCollectionManager;
federationTokenProvider.TargetAddress = initiatorRequirement.TargetAddress;
CopyIssuerChannelBehaviorsAndAddSecurityCredentials(federationTokenProvider, issuerChannelBehaviors, issuerAddress);
federationTokenProvider.CacheIssuedTokens = parent.IssuedToken.CacheIssuedTokens;
federationTokenProvider.IdentityVerifier = securityBindingElement.LocalClientSettings.IdentityVerifier;
federationTokenProvider.IssuerAddress = issuerAddress;
federationTokenProvider.IssuerBinding = issuerBinding;
federationTokenProvider.KeyEntropyMode = GetIssuerBindingKeyEntropyModeOrDefault(issuerBinding);
federationTokenProvider.MaxIssuedTokenCachingTime = parent.IssuedToken.MaxIssuedTokenCachingTime;
federationTokenProvider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite;
MessageSecurityVersion issuerSecurityVersion;
SecurityTokenSerializer issuerSecurityTokenSerializer;
IssuedSecurityTokenParameters issuedTokenParameters = initiatorRequirement.GetProperty <IssuedSecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty);
GetIssuerBindingSecurityVersion(issuerBinding, issuedTokenParameters.DefaultMessageSecurityVersion, initiatorRequirement.SecurityBindingElement, out issuerSecurityVersion, out issuerSecurityTokenSerializer);
federationTokenProvider.MessageSecurityVersion = issuerSecurityVersion;
federationTokenProvider.SecurityTokenSerializer = issuerSecurityTokenSerializer;
federationTokenProvider.IssuedTokenRenewalThresholdPercentage = parent.IssuedToken.IssuedTokenRenewalThresholdPercentage;
IEnumerable <XmlElement> tokenRequestParameters = issuedTokenParameters.CreateRequestParameters(issuerSecurityVersion, issuerSecurityTokenSerializer);
if (tokenRequestParameters != null)
{
foreach (XmlElement requestParameter in tokenRequestParameters)
{
federationTokenProvider.TokenRequestParameters.Add(requestParameter);
}
}
ChannelParameterCollection channelParameters;
if (initiatorRequirement.TryGetProperty <ChannelParameterCollection>(ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty, out channelParameters))
{
federationTokenProvider.ChannelParameters = channelParameters;
}
federationTokenProvider.SetupActAsOnBehalfOfParameters(actAsOnBehalfOfParameters);
return(federationTokenProvider);
}
public static void Main(string [] args)
{
bool no_nego = false, no_sc = false;
foreach (string arg in args)
{
if (arg == "--no-nego")
{
no_nego = true;
}
else if (arg == "--no-sc")
{
no_sc = true;
}
else
{
Console.WriteLine("Unrecognized option '{0}'", arg);
return;
}
}
X509Certificate2 cert = new X509Certificate2("test.pfx", "mono");
IssuedSecurityTokenProvider p =
new IssuedSecurityTokenProvider();
p.IssuerAddress = new EndpointAddress(new Uri("http://localhost:8080"), new X509CertificateEndpointIdentity(cert));
p.TargetAddress = new EndpointAddress("http://localhost:8080");
WSHttpBinding binding = new WSHttpBinding();
// the following lines are required to not depend on
// MessageCredentialType.Windows (which uses SSPI).
binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
ClientCredentials cred = new ClientCredentials();
cred.ClientCertificate.Certificate = cert;
cred.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
p.IssuerChannelBehaviors.Add(cred);
if (no_sc)
{
binding.Security.Message.EstablishSecurityContext = false;
}
if (no_nego)
{
binding.Security.Message.NegotiateServiceCredential = false;
}
p.IssuerBinding = binding;
p.SecurityTokenSerializer = new WSSecurityTokenSerializer();
p.SecurityAlgorithmSuite = SecurityAlgorithmSuite.Default;
p.KeyEntropyMode = SecurityKeyEntropyMode.ClientEntropy;
p.Open();
SecurityToken token = p.GetToken(TimeSpan.FromSeconds(10));
p.Close();
XmlWriter writer = XmlWriter.Create(Console.Out);
new ClientCredentialsSecurityTokenManager(cred).CreateSecurityTokenSerializer(MessageSecurityVersion.Default.SecurityTokenVersion).WriteToken(writer, token);
writer.Close();
}
