protected SslStreamSecurityBindingElement(SslStreamSecurityBindingElement elementToBeCloned)
: base(elementToBeCloned)
{
_identityVerifier = elementToBeCloned._identityVerifier;
RequireClientCertificate = elementToBeCloned.RequireClientCertificate;
_sslProtocols = elementToBeCloned._sslProtocols;
}
public static SslStreamSecurityUpgradeProvider CreateServerProvider(SslStreamSecurityBindingElement bindingElement, BindingContext context)
{
SecurityCredentialsManager manager = context.BindingParameters.Find <SecurityCredentialsManager>();
if (manager == null)
{
manager = ServiceCredentials.CreateDefaultCredentials();
}
Uri listenUri = TransportSecurityHelpers.GetListenUri(context.ListenUriBaseAddress, context.ListenUriRelativeAddress);
SecurityTokenManager tokenManager = manager.CreateSecurityTokenManager();
RecipientServiceModelSecurityTokenRequirement tokenRequirement = new RecipientServiceModelSecurityTokenRequirement {
TokenType = SecurityTokenTypes.X509Certificate,
RequireCryptographicToken = true,
KeyUsage = SecurityKeyUsage.Exchange,
TransportScheme = context.Binding.Scheme,
ListenUri = listenUri
};
SecurityTokenProvider serverTokenProvider = tokenManager.CreateSecurityTokenProvider(tokenRequirement);
if (serverTokenProvider == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("ClientCredentialsUnableToCreateLocalTokenProvider", new object[] { tokenRequirement })));
}
return(new SslStreamSecurityUpgradeProvider(context.Binding, serverTokenProvider, bindingElement.RequireClientCertificate, TransportSecurityHelpers.GetCertificateTokenAuthenticator(tokenManager, context.Binding.Scheme, listenUri), context.Binding.Scheme, bindingElement.IdentityVerifier));
}
private SslStreamSecurityBindingElement(
SslStreamSecurityBindingElement other)
: base(other)
{
verifier = other.verifier;
require_client_certificate = other.require_client_certificate;
}
protected SslStreamSecurityBindingElement(SslStreamSecurityBindingElement elementToBeCloned)
: base(elementToBeCloned)
{
this.identityVerifier = elementToBeCloned.identityVerifier;
this.requireClientCertificate = elementToBeCloned.requireClientCertificate;
this.sslProtocols = elementToBeCloned.sslProtocols;
}
void ITransportPolicyImport.ImportPolicy(MetadataImporter importer, PolicyConversionContext policyContext)
{
if (PolicyConversionContext.FindAssertion(policyContext.GetBindingAssertions(), "Streamed", "http://schemas.microsoft.com/ws/2006/05/framing/policy", true) != null)
{
this.TransferMode = System.ServiceModel.TransferMode.Streamed;
}
WindowsStreamSecurityBindingElement.ImportPolicy(importer, policyContext);
SslStreamSecurityBindingElement.ImportPolicy(importer, policyContext);
}
private SslStreamSecurityBindingElement(
SslStreamSecurityBindingElement other)
: base(other)
{
#if !MOBILE && !XAMMAC_4_5
verifier = other.verifier;
#endif
require_client_certificate = other.require_client_certificate;
}
public static SslStreamSecurityUpgradeProvider CreateClientProvider(SslStreamSecurityBindingElement bindingElement, BindingContext context)
{
SecurityCredentialsManager manager = context.BindingParameters.Find <SecurityCredentialsManager>();
if (manager == null)
{
manager = ClientCredentials.CreateDefaultCredentials();
}
return(new SslStreamSecurityUpgradeProvider(context.Binding, manager.CreateSecurityTokenManager(), bindingElement.RequireClientCertificate, context.Binding.Scheme, bindingElement.IdentityVerifier));
}
void ITransportPolicyImport.ImportPolicy(MetadataImporter importer, PolicyConversionContext policyContext)
{
if (PolicyConversionContext.FindAssertion(policyContext.GetBindingAssertions(), TransportPolicyConstants.StreamedName, TransportPolicyConstants.DotNetFramingNamespace, true) != null)
{
this.TransferMode = TransferMode.Streamed;
}
WindowsStreamSecurityBindingElement.ImportPolicy(importer, policyContext);
SslStreamSecurityBindingElement.ImportPolicy(importer, policyContext);
}
public BindingElement GetSecurityBindingElement()
{
SslStreamSecurityBindingElement security = null;
if (this.AuthenticationMode != PeerAuthenticationMode.None)
{
security = new SslStreamSecurityBindingElement();
security.IdentityVerifier = new PeerIdentityVerifier();
security.RequireClientCertificate = true;
}
return(security);
}
public BindingElement GetSecurityBindingElement()
{
SslStreamSecurityBindingElement element = null;
if (this.AuthenticationMode != PeerAuthenticationMode.None)
{
element = new SslStreamSecurityBindingElement {
IdentityVerifier = new PeerIdentityVerifier(),
RequireClientCertificate = true
};
}
return(element);
}
internal override bool IsMatch(BindingElement b)
{
if (b == null)
{
return(false);
}
SslStreamSecurityBindingElement element = b as SslStreamSecurityBindingElement;
if (element == null)
{
return(false);
}
return(this.requireClientCertificate == element.requireClientCertificate);
}
internal override bool IsMatch(BindingElement b)
{
if (b == null)
{
return(false);
}
SslStreamSecurityBindingElement ssl = b as SslStreamSecurityBindingElement;
if (ssl == null)
{
return(false);
}
return(RequireClientCertificate == ssl.RequireClientCertificate && _sslProtocols == ssl._sslProtocols);
}
internal static void ImportPolicy(MetadataImporter importer, PolicyConversionContext policyContext)
{
XmlElement node = PolicyConversionContext.FindAssertion(policyContext.GetBindingAssertions(), "SslTransportSecurity", "http://schemas.microsoft.com/ws/2006/05/framing/policy", true);
if (node != null)
{
SslStreamSecurityBindingElement item = new SslStreamSecurityBindingElement();
XmlReader reader = new XmlNodeReader(node);
reader.ReadStartElement();
item.RequireClientCertificate = reader.IsStartElement("RequireClientCertificate", "http://schemas.microsoft.com/ws/2006/05/framing/policy");
if (item.RequireClientCertificate)
{
reader.ReadElementString();
}
policyContext.BindingElements.Add(item);
}
}
internal static void ImportPolicy(MetadataImporter importer, PolicyConversionContext policyContext)
{
XmlElement assertion = PolicyConversionContext.FindAssertion(policyContext.GetBindingAssertions(),
TransportPolicyConstants.SslTransportSecurityName, TransportPolicyConstants.DotNetFramingNamespace, true);
if (assertion != null)
{
SslStreamSecurityBindingElement sslBindingElement = new SslStreamSecurityBindingElement();
XmlReader reader = new XmlNodeReader(assertion);
reader.ReadStartElement();
sslBindingElement.RequireClientCertificate = reader.IsStartElement(
TransportPolicyConstants.RequireClientCertificateName,
TransportPolicyConstants.DotNetFramingNamespace);
if (sslBindingElement.RequireClientCertificate)
{
reader.ReadElementString();
}
policyContext.BindingElements.Add(sslBindingElement);
}
}
public SslStreamSecurityUpgradeProvider(SslStreamSecurityBindingElement source)
{
this.source = source;
}
protected SslStreamSecurityBindingElement(SslStreamSecurityBindingElement elementToBeCloned)
: base(elementToBeCloned)
{
_identityVerifier = elementToBeCloned._identityVerifier;
_requireClientCertificate = elementToBeCloned._requireClientCertificate;
}
bool ImportNetTcpBinding(
WsdlImporter importer, WsdlEndpointConversionContext context,
CustomBinding custom, WS.Soap12Binding soap)
{
TcpTransportBindingElement transportElement = null;
BinaryMessageEncodingBindingElement binaryElement = null;
TransactionFlowBindingElement transactionFlowElement = null;
WindowsStreamSecurityBindingElement windowsStreamElement = null;
SslStreamSecurityBindingElement sslStreamElement = null;
bool foundUnknownElement = false;
foreach (var element in custom.Elements)
{
if (element is TcpTransportBindingElement)
{
transportElement = (TcpTransportBindingElement)element;
}
else if (element is BinaryMessageEncodingBindingElement)
{
binaryElement = (BinaryMessageEncodingBindingElement)element;
}
else if (element is TransactionFlowBindingElement)
{
transactionFlowElement = (TransactionFlowBindingElement)element;
}
else if (element is WindowsStreamSecurityBindingElement)
{
windowsStreamElement = (WindowsStreamSecurityBindingElement)element;
}
else if (element is SslStreamSecurityBindingElement)
{
sslStreamElement = (SslStreamSecurityBindingElement)element;
}
else
{
importer.AddWarning(
"Found unknown binding element `{0}' while importing " +
"binding `{1}'.", element.GetType(), custom.Name);
foundUnknownElement = true;
}
}
if (foundUnknownElement)
{
return(false);
}
if (transportElement == null)
{
importer.AddWarning(
"Missing TcpTransportBindingElement while importing " +
"binding `{0}'.", custom.Name);
return(false);
}
if (binaryElement == null)
{
importer.AddWarning(
"Missing BinaryMessageEncodingBindingElement while importing " +
"binding `{0}'.", custom.Name);
return(false);
}
if ((windowsStreamElement != null) && (sslStreamElement != null))
{
importer.AddWarning(
"Found both WindowsStreamSecurityBindingElement and " +
"SslStreamSecurityBindingElement while importing binding `{0}.",
custom.Name);
return(false);
}
NetTcpSecurity security;
if (windowsStreamElement != null)
{
security = new NetTcpSecurity(SecurityMode.Transport);
security.Transport.ProtectionLevel = windowsStreamElement.ProtectionLevel;
}
else if (sslStreamElement != null)
{
security = new NetTcpSecurity(SecurityMode.TransportWithMessageCredential);
}
else
{
security = new NetTcpSecurity(SecurityMode.None);
}
var netTcp = new NetTcpBinding(transportElement, security, false);
netTcp.Name = context.Endpoint.Binding.Name;
netTcp.Namespace = context.Endpoint.Binding.Namespace;
context.Endpoint.Binding = netTcp;
return(true);
}
