public void InitiateHandShake()
{
IPeerNeighbor neighbor = host;
Message reply = null;
Fx.Assert(host != null, "Cannot initiate security handshake without a host!");
//send the RST message.
using (OperationContextScope scope = new OperationContextScope(new OperationContext((ServiceHostBase)null)))
{
PeerHashToken token = this.securityManager.GetSelfToken();
Message request = Message.CreateMessage(MessageVersion.Soap12WSAddressing10, TrustFeb2005Strings.RequestSecurityToken, new PeerRequestSecurityToken(token));
bool fatal = false;
try
{
reply = neighbor.RequestSecurityToken(request);
if (!(reply != null))
{
throw Fx.AssertAndThrow("SecurityHandshake return empty message!");
}
ProcessRstr(neighbor, reply, PeerSecurityManager.FindClaim(ServiceSecurityContext.Current));
}
catch (Exception e)
{
if (Fx.IsFatal(e))
{
fatal = true;
throw;
}
DiagnosticUtility.TraceHandledException(e, TraceEventType.Information);
this.state = PeerAuthState.Failed;
if (DiagnosticUtility.ShouldTraceError)
{
ServiceSecurityContext context = ServiceSecurityContext.Current;
ClaimSet claimSet = null;
if (context != null && context.AuthorizationContext != null && context.AuthorizationContext.ClaimSets != null && context.AuthorizationContext.ClaimSets.Count > 0)
{
claimSet = context.AuthorizationContext.ClaimSets[0];
}
PeerAuthenticationFailureTraceRecord record = new PeerAuthenticationFailureTraceRecord(
meshId,
neighbor.ListenAddress.EndpointAddress.ToString(),
claimSet,
e);
TraceUtility.TraceEvent(TraceEventType.Error,
TraceCode.PeerNodeAuthenticationFailure, SR.GetString(SR.TraceCodePeerNodeAuthenticationFailure),
record, this, null);
}
neighbor.Abort(PeerCloseReason.AuthenticationFailure, PeerCloseInitiator.LocalNode);
}
finally
{
if (!fatal)
{
request.Close();
}
}
}
}
public PeerChannelAuthenticatorExtension(PeerSecurityManager securityManager, EventHandler onSucceeded, EventArgs args, string meshId)
{
this.securityManager = securityManager;
this.state = PeerAuthState.Created;
this.originalArgs = args;
this.onSucceeded = onSucceeded;
this.meshId = meshId;
}
void OnFailed(IPeerNeighbor neighbor)
{
lock (ThisLock)
{
this.state = PeerAuthState.Failed;
this.timer.Cancel();
this.host = null;
}
if (DiagnosticUtility.ShouldTraceError)
{
PeerAuthenticationFailureTraceRecord record = null;
String remoteUri = "";
PeerNodeAddress remoteAddress = neighbor.ListenAddress;
if (remoteAddress != null)
{
remoteUri = remoteAddress.EndpointAddress.ToString();
}
OperationContext opContext = OperationContext.Current;
if (opContext != null)
{
remoteUri = opContext.IncomingMessageProperties.Via.ToString();
ServiceSecurityContext secContext = opContext.ServiceSecurityContext;
if (secContext != null)
{
record = new PeerAuthenticationFailureTraceRecord(
meshId,
remoteUri,
secContext.AuthorizationContext.ClaimSets[0], null);
if (DiagnosticUtility.ShouldTraceError)
{
TraceUtility.TraceEvent(
TraceEventType.Error,
TraceCode.PeerNodeAuthenticationFailure,
SR.GetString(SR.TraceCodePeerNodeAuthenticationFailure),
record,
this,
null);
}
}
}
else
{
record = new PeerAuthenticationFailureTraceRecord(meshId, remoteUri);
if (DiagnosticUtility.ShouldTraceError)
{
TraceUtility.TraceEvent(TraceEventType.Error,
TraceCode.PeerNodeAuthenticationTimeout,
SR.GetString(SR.TraceCodePeerNodeAuthenticationTimeout),
record,
this,
null);
}
}
}
neighbor.Abort(PeerCloseReason.AuthenticationFailure, PeerCloseInitiator.LocalNode);
}
public void InitiateHandShake()
{
IPeerNeighbor host = this.host;
Message message = null;
using (new OperationContextScope(new OperationContext(null)))
{
PeerHashToken selfToken = this.securityManager.GetSelfToken();
Message request = Message.CreateMessage(MessageVersion.Soap12WSAddressing10, "RequestSecurityToken", (BodyWriter) new PeerRequestSecurityToken(selfToken));
bool flag = false;
try
{
message = host.RequestSecurityToken(request);
if (message == null)
{
throw Fx.AssertAndThrow("SecurityHandshake return empty message!");
}
this.ProcessRstr(host, message, PeerSecurityManager.FindClaim(ServiceSecurityContext.Current));
}
catch (Exception exception)
{
if (Fx.IsFatal(exception))
{
flag = true;
throw;
}
DiagnosticUtility.ExceptionUtility.TraceHandledException(exception, TraceEventType.Information);
this.state = PeerAuthState.Failed;
if (DiagnosticUtility.ShouldTraceError)
{
ServiceSecurityContext current = ServiceSecurityContext.Current;
ClaimSet claimSet = null;
if (((current != null) && (current.AuthorizationContext != null)) && ((current.AuthorizationContext.ClaimSets != null) && (current.AuthorizationContext.ClaimSets.Count > 0)))
{
claimSet = current.AuthorizationContext.ClaimSets[0];
}
PeerAuthenticationFailureTraceRecord extendedData = new PeerAuthenticationFailureTraceRecord(this.meshId, host.ListenAddress.EndpointAddress.ToString(), claimSet, exception);
TraceUtility.TraceEvent(TraceEventType.Error, 0x4004d, System.ServiceModel.SR.GetString("TraceCodePeerNodeAuthenticationFailure"), extendedData, this, null);
}
host.Abort(PeerCloseReason.AuthenticationFailure, PeerCloseInitiator.LocalNode);
}
finally
{
if (!flag)
{
request.Close();
}
}
}
}
public void OnAuthenticated()
{
IPeerNeighbor sender = null;
lock (this.ThisLock)
{
this.timer.Cancel();
sender = this.host;
this.state = PeerAuthState.Authenticated;
}
if (sender != null)
{
sender.TrySetState(PeerNeighborState.Authenticated);
this.onSucceeded(sender, this.originalArgs);
}
}
public void OnAuthenticated()
{
IPeerNeighbor neighbor = null;
lock (ThisLock)
{
this.timer.Cancel();
neighbor = this.host;
this.state = PeerAuthState.Authenticated;
}
if (neighbor == null)
{
return;
}
neighbor.TrySetState(PeerNeighborState.Authenticated);
onSucceeded(neighbor, originalArgs);
}
public Message ProcessRst(Message message, Claim claim)
{
IPeerNeighbor neighbor = host;
PeerRequestSecurityTokenResponse response = null;
Message reply = null;
lock (ThisLock)
{
if (this.state != PeerAuthState.Created || neighbor == null || neighbor.IsInitiator || neighbor.State != PeerNeighborState.Opened)
{
OnFailed(neighbor);
return(null);
}
}
try
{
PeerHashToken receivedToken = PeerRequestSecurityToken.CreateHashTokenFrom(message);
PeerHashToken expectedToken = securityManager.GetExpectedTokenForClaim(claim);
if (!expectedToken.Equals(receivedToken))
{
OnFailed(neighbor);
}
else
{
this.state = PeerAuthState.Authenticated;
PeerHashToken selfToken = securityManager.GetSelfToken();
response = new PeerRequestSecurityTokenResponse(selfToken);
reply = Message.CreateMessage(MessageVersion.Soap12WSAddressing10, TrustFeb2005Strings.RequestSecurityTokenResponse, response);
OnAuthenticated();
}
}
catch (Exception e)
{
if (Fx.IsFatal(e))
{
throw;
}
DiagnosticUtility.TraceHandledException(e, TraceEventType.Information);
OnFailed(neighbor);
}
return(reply);
}
private void OnFailed(IPeerNeighbor neighbor)
{
lock (this.ThisLock)
{
this.state = PeerAuthState.Failed;
this.timer.Cancel();
this.host = null;
}
if (DiagnosticUtility.ShouldTraceError)
{
PeerAuthenticationFailureTraceRecord extendedData = null;
string remoteAddress = "";
PeerNodeAddress listenAddress = neighbor.ListenAddress;
if (listenAddress != null)
{
remoteAddress = listenAddress.EndpointAddress.ToString();
}
OperationContext current = OperationContext.Current;
if (current != null)
{
remoteAddress = current.IncomingMessageProperties.Via.ToString();
ServiceSecurityContext serviceSecurityContext = current.ServiceSecurityContext;
if (serviceSecurityContext != null)
{
extendedData = new PeerAuthenticationFailureTraceRecord(this.meshId, remoteAddress, serviceSecurityContext.AuthorizationContext.ClaimSets[0], null);
if (DiagnosticUtility.ShouldTraceError)
{
TraceUtility.TraceEvent(TraceEventType.Error, 0x4004d, System.ServiceModel.SR.GetString("TraceCodePeerNodeAuthenticationFailure"), extendedData, this, null);
}
}
}
else
{
extendedData = new PeerAuthenticationFailureTraceRecord(this.meshId, remoteAddress);
if (DiagnosticUtility.ShouldTraceError)
{
TraceUtility.TraceEvent(TraceEventType.Error, 0x4004e, System.ServiceModel.SR.GetString("TraceCodePeerNodeAuthenticationTimeout"), extendedData, this, null);
}
}
}
neighbor.Abort(PeerCloseReason.AuthenticationFailure, PeerCloseInitiator.LocalNode);
}
public Message ProcessRst(Message message, Claim claim)
{
IPeerNeighbor host = this.host;
PeerRequestSecurityTokenResponse response = null;
Message message2 = null;
lock (this.ThisLock)
{
if (((this.state != PeerAuthState.Created) || (host == null)) || (host.IsInitiator || (host.State != PeerNeighborState.Opened)))
{
this.OnFailed(host);
return(null);
}
}
try
{
PeerHashToken token = PeerRequestSecurityToken.CreateHashTokenFrom(message);
if (!this.securityManager.GetExpectedTokenForClaim(claim).Equals(token))
{
this.OnFailed(host);
return(message2);
}
this.state = PeerAuthState.Authenticated;
response = new PeerRequestSecurityTokenResponse(this.securityManager.GetSelfToken());
message2 = Message.CreateMessage(MessageVersion.Soap12WSAddressing10, "RequestSecurityTokenResponse", (BodyWriter)response);
this.OnAuthenticated();
}
catch (Exception exception)
{
if (Fx.IsFatal(exception))
{
throw;
}
DiagnosticUtility.ExceptionUtility.TraceHandledException(exception, TraceEventType.Information);
this.OnFailed(host);
}
return(message2);
}
