public override void OnOpen(TimeSpan timeout)
{
base.OnOpen(timeout);
this.protectionRequirements.MakeReadOnly();
if (base.DetectReplays && !this.RequireIntegrity)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("RequireIntegrity", System.ServiceModel.SR.GetString("ForReplayDetectionToBeDoneRequireIntegrityMustBeSet"));
}
if (this.DoRequestSignatureConfirmation)
{
if (!this.SupportsRequestReply)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("SignatureConfirmationRequiresRequestReply"));
}
if (!base.StandardsManager.SecurityVersion.SupportsSignatureConfirmation)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("SecurityVersionDoesNotSupportSignatureConfirmation", new object[] { base.StandardsManager.SecurityVersion }));
}
}
this.wrappedKeyTokenAuthenticator = new List <SecurityTokenAuthenticator>(1);
SecurityTokenAuthenticator item = new NonValidatingSecurityTokenAuthenticator <WrappedKeySecurityToken>();
this.wrappedKeyTokenAuthenticator.Add(item);
this.ValidateCorrelationSecuritySettings();
}
public virtual void OnOpen(TimeSpan timeout)
{
if (this.SecurityBindingElement == null)
{
this.OnPropertySettingsError("SecurityBindingElement", true);
}
if (this.SecurityTokenManager == null)
{
this.OnPropertySettingsError("SecurityTokenManager", true);
}
_messageSecurityVersion = _standardsManager.MessageSecurityVersion;
TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);
_expectOutgoingMessages = this.ActAsInitiator || this.SupportsRequestReply;
_expectIncomingMessages = !this.ActAsInitiator || this.SupportsRequestReply;
if (!_actAsInitiator)
{
AddSupportingTokenAuthenticators(_securityBindingElement.EndpointSupportingTokenParameters, false, (IList <SupportingTokenAuthenticatorSpecification>)_channelSupportingTokenAuthenticatorSpecification);
// validate the token authenticator types and create a merged map if needed.
if (!_channelSupportingTokenAuthenticatorSpecification.IsReadOnly)
{
if (_channelSupportingTokenAuthenticatorSpecification.Count == 0)
{
_channelSupportingTokenAuthenticatorSpecification = EmptyTokenAuthenticators;
}
else
{
_expectSupportingTokens = true;
foreach (SupportingTokenAuthenticatorSpecification tokenAuthenticatorSpec in _channelSupportingTokenAuthenticatorSpecification)
{
SecurityUtils.OpenTokenAuthenticatorIfRequired(tokenAuthenticatorSpec.TokenAuthenticator, timeoutHelper.RemainingTime());
if (tokenAuthenticatorSpec.SecurityTokenAttachmentMode == SecurityTokenAttachmentMode.Endorsing ||
tokenAuthenticatorSpec.SecurityTokenAttachmentMode == SecurityTokenAttachmentMode.SignedEndorsing)
{
if (tokenAuthenticatorSpec.TokenParameters.RequireDerivedKeys && !tokenAuthenticatorSpec.TokenParameters.HasAsymmetricKey)
{
_expectKeyDerivation = true;
}
}
SecurityTokenAttachmentMode mode = tokenAuthenticatorSpec.SecurityTokenAttachmentMode;
if (mode == SecurityTokenAttachmentMode.SignedEncrypted ||
mode == SecurityTokenAttachmentMode.Signed ||
mode == SecurityTokenAttachmentMode.SignedEndorsing)
{
_expectChannelSignedTokens = true;
if (mode == SecurityTokenAttachmentMode.SignedEncrypted)
{
_expectChannelBasicTokens = true;
}
}
if (mode == SecurityTokenAttachmentMode.Endorsing || mode == SecurityTokenAttachmentMode.SignedEndorsing)
{
_expectChannelEndorsingTokens = true;
}
}
_channelSupportingTokenAuthenticatorSpecification =
new ReadOnlyCollection <SupportingTokenAuthenticatorSpecification>((Collection <SupportingTokenAuthenticatorSpecification>)_channelSupportingTokenAuthenticatorSpecification);
}
}
VerifyTypeUniqueness(_channelSupportingTokenAuthenticatorSpecification);
MergeSupportingTokenAuthenticators(timeoutHelper.RemainingTime());
}
if (this.DetectReplays)
{
if (!this.SupportsReplayDetection)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("DetectReplays", SR.Format(SR.SecurityProtocolCannotDoReplayDetection, this));
}
if (this.MaxClockSkew == TimeSpan.MaxValue || this.ReplayWindow == TimeSpan.MaxValue)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.NoncesCachedInfinitely));
}
// If DetectReplays is true and nonceCache is null then use the default InMemoryNonceCache.
if (_nonceCache == null)
{
// The nonce needs to be cached for replayWindow + 2*clockSkew to eliminate replays
_nonceCache = new InMemoryNonceCache(this.ReplayWindow + this.MaxClockSkew + this.MaxClockSkew, this.MaxCachedNonces);
}
}
_derivedKeyTokenAuthenticator = new NonValidatingSecurityTokenAuthenticator <DerivedKeySecurityToken>();
}
public override void OnOpen(TimeSpan timeout)
{
base.OnOpen(timeout);
this.protectionRequirements.MakeReadOnly();
if (this.DetectReplays && !this.RequireIntegrity)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("RequireIntegrity", SR.GetString(SR.ForReplayDetectionToBeDoneRequireIntegrityMustBeSet));
}
if (this.DoRequestSignatureConfirmation)
{
if (!this.SupportsRequestReply)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.SignatureConfirmationRequiresRequestReply));
}
if (!this.StandardsManager.SecurityVersion.SupportsSignatureConfirmation)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.SecurityVersionDoesNotSupportSignatureConfirmation, this.StandardsManager.SecurityVersion));
}
}
this.wrappedKeyTokenAuthenticator = new List<SecurityTokenAuthenticator>(1);
SecurityTokenAuthenticator authenticator = new NonValidatingSecurityTokenAuthenticator<WrappedKeySecurityToken>();
this.wrappedKeyTokenAuthenticator.Add(authenticator);
ValidateCorrelationSecuritySettings();
}
public virtual void OnOpen(TimeSpan timeout)
{
if (this.SecurityBindingElement == null)
{
this.OnPropertySettingsError("SecurityBindingElement", true);
}
if (this.SecurityTokenManager == null)
{
this.OnPropertySettingsError("SecurityTokenManager", true);
}
this.messageSecurityVersion = this.standardsManager.MessageSecurityVersion;
TimeoutHelper helper = new TimeoutHelper(timeout);
this.expectOutgoingMessages = this.ActAsInitiator || this.SupportsRequestReply;
this.expectIncomingMessages = !this.ActAsInitiator || this.SupportsRequestReply;
if (!this.actAsInitiator)
{
this.AddSupportingTokenAuthenticators(this.securityBindingElement.EndpointSupportingTokenParameters, false, (IList <SupportingTokenAuthenticatorSpecification>) this.channelSupportingTokenAuthenticatorSpecification);
this.AddSupportingTokenAuthenticators(this.securityBindingElement.OptionalEndpointSupportingTokenParameters, true, (IList <SupportingTokenAuthenticatorSpecification>) this.channelSupportingTokenAuthenticatorSpecification);
foreach (string str in this.securityBindingElement.OperationSupportingTokenParameters.Keys)
{
Collection <SupportingTokenAuthenticatorSpecification> authenticatorSpecList = new Collection <SupportingTokenAuthenticatorSpecification>();
this.AddSupportingTokenAuthenticators(this.securityBindingElement.OperationSupportingTokenParameters[str], false, authenticatorSpecList);
this.scopedSupportingTokenAuthenticatorSpecification.Add(str, authenticatorSpecList);
}
foreach (string str2 in this.securityBindingElement.OptionalOperationSupportingTokenParameters.Keys)
{
Collection <SupportingTokenAuthenticatorSpecification> collection2;
ICollection <SupportingTokenAuthenticatorSpecification> is2;
if (this.scopedSupportingTokenAuthenticatorSpecification.TryGetValue(str2, out is2))
{
collection2 = (Collection <SupportingTokenAuthenticatorSpecification>)is2;
}
else
{
collection2 = new Collection <SupportingTokenAuthenticatorSpecification>();
this.scopedSupportingTokenAuthenticatorSpecification.Add(str2, collection2);
}
this.AddSupportingTokenAuthenticators(this.securityBindingElement.OptionalOperationSupportingTokenParameters[str2], true, collection2);
}
if (!this.channelSupportingTokenAuthenticatorSpecification.IsReadOnly)
{
if (this.channelSupportingTokenAuthenticatorSpecification.Count == 0)
{
this.channelSupportingTokenAuthenticatorSpecification = EmptyTokenAuthenticators;
}
else
{
this.expectSupportingTokens = true;
foreach (SupportingTokenAuthenticatorSpecification specification in this.channelSupportingTokenAuthenticatorSpecification)
{
System.ServiceModel.Security.SecurityUtils.OpenTokenAuthenticatorIfRequired(specification.TokenAuthenticator, helper.RemainingTime());
if (((specification.SecurityTokenAttachmentMode == SecurityTokenAttachmentMode.Endorsing) || (specification.SecurityTokenAttachmentMode == SecurityTokenAttachmentMode.SignedEndorsing)) && (specification.TokenParameters.RequireDerivedKeys && !specification.TokenParameters.HasAsymmetricKey))
{
this.expectKeyDerivation = true;
}
SecurityTokenAttachmentMode securityTokenAttachmentMode = specification.SecurityTokenAttachmentMode;
switch (securityTokenAttachmentMode)
{
case SecurityTokenAttachmentMode.SignedEncrypted:
case SecurityTokenAttachmentMode.Signed:
case SecurityTokenAttachmentMode.SignedEndorsing:
this.expectChannelSignedTokens = true;
if (securityTokenAttachmentMode == SecurityTokenAttachmentMode.SignedEncrypted)
{
this.expectChannelBasicTokens = true;
}
break;
}
if ((securityTokenAttachmentMode == SecurityTokenAttachmentMode.Endorsing) || (securityTokenAttachmentMode == SecurityTokenAttachmentMode.SignedEndorsing))
{
this.expectChannelEndorsingTokens = true;
}
}
this.channelSupportingTokenAuthenticatorSpecification = new ReadOnlyCollection <SupportingTokenAuthenticatorSpecification>((Collection <SupportingTokenAuthenticatorSpecification>) this.channelSupportingTokenAuthenticatorSpecification);
}
}
this.VerifyTypeUniqueness(this.channelSupportingTokenAuthenticatorSpecification);
this.MergeSupportingTokenAuthenticators(helper.RemainingTime());
}
if (this.DetectReplays)
{
if (!this.SupportsReplayDetection)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("DetectReplays", System.ServiceModel.SR.GetString("SecurityProtocolCannotDoReplayDetection", new object[] { this }));
}
if ((this.MaxClockSkew == TimeSpan.MaxValue) || (this.ReplayWindow == TimeSpan.MaxValue))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("NoncesCachedInfinitely")));
}
this.nonceCache = new System.ServiceModel.Security.NonceCache((this.ReplayWindow + this.MaxClockSkew) + this.MaxClockSkew, this.MaxCachedNonces);
}
this.derivedKeyTokenAuthenticator = new NonValidatingSecurityTokenAuthenticator <DerivedKeySecurityToken>();
}
