public void Add(ChannelProtectionRequirements protectionRequirements, bool channelScopeOnly)
{
if (protectionRequirements == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("protectionRequirements"));
}
if (protectionRequirements.incomingSignatureParts != null)
{
this.incomingSignatureParts.AddParts(protectionRequirements.incomingSignatureParts.ChannelParts);
}
if (protectionRequirements.incomingEncryptionParts != null)
{
this.incomingEncryptionParts.AddParts(protectionRequirements.incomingEncryptionParts.ChannelParts);
}
if (protectionRequirements.outgoingSignatureParts != null)
{
this.outgoingSignatureParts.AddParts(protectionRequirements.outgoingSignatureParts.ChannelParts);
}
if (protectionRequirements.outgoingEncryptionParts != null)
{
this.outgoingEncryptionParts.AddParts(protectionRequirements.outgoingEncryptionParts.ChannelParts);
}
if (!channelScopeOnly)
{
AddActionParts(this.incomingSignatureParts, protectionRequirements.incomingSignatureParts);
AddActionParts(this.incomingEncryptionParts, protectionRequirements.incomingEncryptionParts);
AddActionParts(this.outgoingSignatureParts, protectionRequirements.outgoingSignatureParts);
AddActionParts(this.outgoingEncryptionParts, protectionRequirements.outgoingEncryptionParts);
}
}
public void Add(
ChannelProtectionRequirements protectionRequirements,
bool channelScopeOnly)
{
if (is_readonly)
{
throw new InvalidOperationException("This ChannelProtectionRequirements is read-only.");
}
AddScopedParts(
protectionRequirements.IncomingEncryptionParts,
IncomingEncryptionParts,
channelScopeOnly);
AddScopedParts(
protectionRequirements.IncomingSignatureParts,
IncomingSignatureParts,
channelScopeOnly);
AddScopedParts(
protectionRequirements.OutgoingEncryptionParts,
OutgoingEncryptionParts,
channelScopeOnly);
AddScopedParts(
protectionRequirements.OutgoingSignatureParts,
OutgoingSignatureParts,
channelScopeOnly);
}
public void AddToReadOnly ()
{
ChannelProtectionRequirements r =
new ChannelProtectionRequirements ();
r.MakeReadOnly ();
r.Add (new ChannelProtectionRequirements ());
}
public void Add(ChannelProtectionRequirements protectionRequirements, bool channelScopeOnly)
{
if (protectionRequirements == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("protectionRequirements"));
}
if (protectionRequirements._incomingSignatureParts != null)
{
_incomingSignatureParts.AddParts(protectionRequirements._incomingSignatureParts.ChannelParts);
}
if (protectionRequirements._incomingEncryptionParts != null)
{
_incomingEncryptionParts.AddParts(protectionRequirements._incomingEncryptionParts.ChannelParts);
}
if (protectionRequirements._outgoingSignatureParts != null)
{
_outgoingSignatureParts.AddParts(protectionRequirements._outgoingSignatureParts.ChannelParts);
}
if (protectionRequirements._outgoingEncryptionParts != null)
{
_outgoingEncryptionParts.AddParts(protectionRequirements._outgoingEncryptionParts.ChannelParts);
}
if (!channelScopeOnly)
{
AddActionParts(_incomingSignatureParts, protectionRequirements._incomingSignatureParts);
AddActionParts(_incomingEncryptionParts, protectionRequirements._incomingEncryptionParts);
AddActionParts(_outgoingSignatureParts, protectionRequirements._outgoingSignatureParts);
AddActionParts(_outgoingEncryptionParts, protectionRequirements._outgoingEncryptionParts);
}
}
protected MessageSecurityBindingSupport (
SecurityCapabilities elementSupport,
SecurityTokenManager manager,
ChannelProtectionRequirements requirements)
{
element_support = elementSupport;
Initialize (manager, requirements);
}
protected MessageSecurityProtocolFactory()
{
this.applyIntegrity = true;
this.applyConfidentiality = true;
this.protectionRequirements = new ChannelProtectionRequirements();
this.requireIntegrity = true;
this.requireConfidentiality = true;
}
public void Initialize (SecurityTokenManager manager,
ChannelProtectionRequirements requirements)
{
this.manager = manager;
if (requirements == null)
requirements = new ChannelProtectionRequirements ();
this.requirements = requirements;
}
protected MessageSecurityProtocolFactory()
{
this.applyIntegrity = true;
this.applyConfidentiality = true;
this.protectionRequirements = new ChannelProtectionRequirements();
this.requireIntegrity = true;
this.requireConfidentiality = true;
}
private void addProtectionRequirements(System.ServiceModel.Channels.Binding binding)
{
if ((IsSecureMessageBinding(binding) == false))
{
return;
}
System.ServiceModel.Security.ChannelProtectionRequirements cpr = new System.ServiceModel.Security.ChannelProtectionRequirements();
ApplyProtection("http://tempuri.org/IServiceBase/GetDt", cpr.IncomingSignatureParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/GetDt", cpr.IncomingEncryptionParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/GetDtByCommond", cpr.IncomingSignatureParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/GetDtByCommond", cpr.IncomingEncryptionParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/GetDtSap", cpr.IncomingSignatureParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/GetDtSap", cpr.IncomingEncryptionParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/RunSql", cpr.IncomingSignatureParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/RunSql", cpr.IncomingEncryptionParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/RunSqlSap", cpr.IncomingSignatureParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/RunSqlSap", cpr.IncomingEncryptionParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/RunSqls", cpr.IncomingSignatureParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/RunSqls", cpr.IncomingEncryptionParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/RunSqlsSap", cpr.IncomingSignatureParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/RunSqlsSap", cpr.IncomingEncryptionParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/Insert", cpr.IncomingSignatureParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/Insert", cpr.IncomingEncryptionParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/RunScalar", cpr.IncomingSignatureParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/RunScalar", cpr.IncomingEncryptionParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/SaveImage", cpr.IncomingSignatureParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/SaveImage", cpr.IncomingEncryptionParts, true);
if ((binding.MessageVersion.Addressing == System.ServiceModel.Channels.AddressingVersion.None))
{
ApplyProtection("*", cpr.OutgoingSignatureParts, true);
ApplyProtection("*", cpr.OutgoingEncryptionParts, true);
}
else
{
ApplyProtection("http://tempuri.org/IServiceBase/GetDtResponse", cpr.OutgoingSignatureParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/GetDtResponse", cpr.OutgoingEncryptionParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/GetDtByCommondResponse", cpr.OutgoingSignatureParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/GetDtByCommondResponse", cpr.OutgoingEncryptionParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/GetDtSapResponse", cpr.OutgoingSignatureParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/GetDtSapResponse", cpr.OutgoingEncryptionParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/RunSqlResponse", cpr.OutgoingSignatureParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/RunSqlResponse", cpr.OutgoingEncryptionParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/RunSqlSapResponse", cpr.OutgoingSignatureParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/RunSqlSapResponse", cpr.OutgoingEncryptionParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/RunSqlsResponse", cpr.OutgoingSignatureParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/RunSqlsResponse", cpr.OutgoingEncryptionParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/RunSqlsSapResponse", cpr.OutgoingSignatureParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/RunSqlsSapResponse", cpr.OutgoingEncryptionParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/InsertResponse", cpr.OutgoingSignatureParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/InsertResponse", cpr.OutgoingEncryptionParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/RunScalarResponse", cpr.OutgoingSignatureParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/RunScalarResponse", cpr.OutgoingEncryptionParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/SaveImageResponse", cpr.OutgoingSignatureParts, true);
ApplyProtection("http://tempuri.org/IServiceBase/SaveImageResponse", cpr.OutgoingEncryptionParts, true);
}
this.Parameters.Add(cpr);
}
public void DefaultValues ()
{
ChannelProtectionRequirements r =
new ChannelProtectionRequirements ();
Assert.AreEqual (false, r.IsReadOnly, "#1");
Assert.IsNotNull (r.IncomingSignatureParts, "#2");
Assert.IsNotNull (r.IncomingEncryptionParts, "#3");
Assert.IsNotNull (r.OutgoingSignatureParts, "#4");
Assert.IsNotNull (r.OutgoingEncryptionParts, "#5");
}
internal ChannelProtectionRequirements(ChannelProtectionRequirements other, ProtectionLevel newBodyProtectionLevel)
{
if (other == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("other"));
_incomingSignatureParts = new ScopedMessagePartSpecification(other._incomingSignatureParts, newBodyProtectionLevel != ProtectionLevel.None);
_incomingEncryptionParts = new ScopedMessagePartSpecification(other._incomingEncryptionParts, newBodyProtectionLevel == ProtectionLevel.EncryptAndSign);
_outgoingSignatureParts = new ScopedMessagePartSpecification(other._outgoingSignatureParts, newBodyProtectionLevel != ProtectionLevel.None);
_outgoingEncryptionParts = new ScopedMessagePartSpecification(other._outgoingEncryptionParts, newBodyProtectionLevel == ProtectionLevel.EncryptAndSign);
}
public ChannelProtectionRequirements (
ChannelProtectionRequirements other)
{
if (other == null)
throw new ArgumentNullException ("other");
in_enc = new ScopedMessagePartSpecification (other.in_enc);
out_enc = new ScopedMessagePartSpecification (other.out_enc);
in_sign = new ScopedMessagePartSpecification (other.in_sign);
out_sign = new ScopedMessagePartSpecification (other.out_sign);
}
public ChannelProtectionRequirements(ChannelProtectionRequirements other)
{
if (other == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("other"));
_incomingSignatureParts = new ScopedMessagePartSpecification(other._incomingSignatureParts);
_incomingEncryptionParts = new ScopedMessagePartSpecification(other._incomingEncryptionParts);
_outgoingSignatureParts = new ScopedMessagePartSpecification(other._outgoingSignatureParts);
_outgoingEncryptionParts = new ScopedMessagePartSpecification(other._outgoingEncryptionParts);
}
internal static ChannelProtectionRequirements CreateFromContract(ContractDescription cd)
{
ChannelProtectionRequirements cp =
new ChannelProtectionRequirements();
List <XmlQualifiedName> enc = new List <XmlQualifiedName> ();
List <XmlQualifiedName> sig = new List <XmlQualifiedName> ();
if (cd.HasProtectionLevel)
{
switch (cd.ProtectionLevel)
{
case ProtectionLevel.EncryptAndSign:
cp.IncomingEncryptionParts.ChannelParts.IsBodyIncluded = true;
cp.OutgoingEncryptionParts.ChannelParts.IsBodyIncluded = true;
goto case ProtectionLevel.Sign;
case ProtectionLevel.Sign:
cp.IncomingSignatureParts.ChannelParts.IsBodyIncluded = true;
cp.OutgoingSignatureParts.ChannelParts.IsBodyIncluded = true;
break;
}
}
foreach (OperationDescription od in cd.Operations)
{
foreach (MessageDescription md in od.Messages)
{
enc.Clear();
sig.Clear();
ProtectionLevel mplv =
md.HasProtectionLevel ? md.ProtectionLevel :
od.HasProtectionLevel ? od.ProtectionLevel :
ProtectionLevel.EncryptAndSign; // default
foreach (MessageHeaderDescription hd in md.Headers)
{
AddPartProtectionRequirements(enc, sig, hd, cp);
}
ScopedMessagePartSpecification spec;
bool includeBodyEnc = mplv == ProtectionLevel.EncryptAndSign;
bool includeBodySig = mplv != ProtectionLevel.None;
// enc
spec = md.Direction == MessageDirection.Input ?
cp.IncomingEncryptionParts :
cp.OutgoingEncryptionParts;
spec.AddParts(new MessagePartSpecification(includeBodyEnc, enc.ToArray()), md.Action);
// sig
spec = md.Direction == MessageDirection.Input ?
cp.IncomingSignatureParts :
cp.OutgoingSignatureParts;
spec.AddParts(new MessagePartSpecification(includeBodySig, sig.ToArray()), md.Action);
}
}
return(cp);
}
internal ChannelProtectionRequirements(ChannelProtectionRequirements other, ProtectionLevel newBodyProtectionLevel)
{
if (other == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("other"));
}
this.incomingSignatureParts = new ScopedMessagePartSpecification(other.incomingSignatureParts, newBodyProtectionLevel != ProtectionLevel.None);
this.incomingEncryptionParts = new ScopedMessagePartSpecification(other.incomingEncryptionParts, newBodyProtectionLevel == ProtectionLevel.EncryptAndSign);
this.outgoingSignatureParts = new ScopedMessagePartSpecification(other.outgoingSignatureParts, newBodyProtectionLevel != ProtectionLevel.None);
this.outgoingEncryptionParts = new ScopedMessagePartSpecification(other.outgoingEncryptionParts, newBodyProtectionLevel == ProtectionLevel.EncryptAndSign);
}
public ChannelProtectionRequirements CreateInverse()
{
ChannelProtectionRequirements requirements = new ChannelProtectionRequirements();
requirements.Add(this, true);
requirements.incomingSignatureParts = new ScopedMessagePartSpecification(this.OutgoingSignatureParts);
requirements.outgoingSignatureParts = new ScopedMessagePartSpecification(this.IncomingSignatureParts);
requirements.incomingEncryptionParts = new ScopedMessagePartSpecification(this.OutgoingEncryptionParts);
requirements.outgoingEncryptionParts = new ScopedMessagePartSpecification(this.IncomingEncryptionParts);
return(requirements);
}
public ChannelProtectionRequirements(ChannelProtectionRequirements other)
{
if (other == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("other"));
}
this.incomingSignatureParts = new ScopedMessagePartSpecification(other.incomingSignatureParts);
this.incomingEncryptionParts = new ScopedMessagePartSpecification(other.incomingEncryptionParts);
this.outgoingSignatureParts = new ScopedMessagePartSpecification(other.outgoingSignatureParts);
this.outgoingEncryptionParts = new ScopedMessagePartSpecification(other.outgoingEncryptionParts);
}
public ChannelProtectionRequirements CreateInverse()
{
ChannelProtectionRequirements r =
new ChannelProtectionRequirements();
AddScopedParts(in_enc, r.out_enc, false);
AddScopedParts(in_sign, r.out_sign, false);
AddScopedParts(out_enc, r.in_enc, false);
AddScopedParts(out_sign, r.in_sign, false);
return(r);
}
internal static ChannelProtectionRequirements CreateFromContractAndUnionResponseProtectionRequirements(ContractDescription contract, ISecurityCapabilities bindingElement, bool isForClient)
{
ChannelProtectionRequirements requirements = CreateFromContract(contract, bindingElement.SupportedRequestProtectionLevel, bindingElement.SupportedResponseProtectionLevel, isForClient);
ChannelProtectionRequirements requirements2 = new ChannelProtectionRequirements();
requirements2.OutgoingEncryptionParts.AddParts(UnionMessagePartSpecifications(requirements.OutgoingEncryptionParts), "*");
requirements2.OutgoingSignatureParts.AddParts(UnionMessagePartSpecifications(requirements.OutgoingSignatureParts), "*");
requirements.IncomingEncryptionParts.CopyTo(requirements2.IncomingEncryptionParts);
requirements.IncomingSignatureParts.CopyTo(requirements2.IncomingSignatureParts);
return(requirements2);
}
protected SecureConversationSecurityTokenParameters(SecureConversationSecurityTokenParameters other)
: base(other)
{
this.requireCancellation = other.requireCancellation;
this.canRenewSession = other.canRenewSession;
if (other.bootstrapSecurityBindingElement != null)
this.bootstrapSecurityBindingElement = (SecurityBindingElement)other.bootstrapSecurityBindingElement.Clone();
if (other.bootstrapProtectionRequirements != null)
this.bootstrapProtectionRequirements = new ChannelProtectionRequirements(other.bootstrapProtectionRequirements);
if (other.issuerBindingContext != null)
this.issuerBindingContext = other.issuerBindingContext.Clone();
}
public ChannelProtectionRequirements(
ChannelProtectionRequirements other)
{
if (other == null)
{
throw new ArgumentNullException("other");
}
in_enc = new ScopedMessagePartSpecification(other.in_enc);
out_enc = new ScopedMessagePartSpecification(other.out_enc);
in_sign = new ScopedMessagePartSpecification(other.in_sign);
out_sign = new ScopedMessagePartSpecification(other.out_sign);
}
public SecureConversationSecurityTokenParameters (
SecurityBindingElement element,
bool requireCancellation,
ChannelProtectionRequirements requirements)
{
this.element = element;
this.cancellable = requireCancellation;
if (requirements == null)
this.requirements = new ChannelProtectionRequirements (default_channel_protection_requirements);
else
this.requirements = new ChannelProtectionRequirements (requirements);
}
internal MessageSecurityProtocolFactory(MessageSecurityProtocolFactory factory)
: base(factory)
{
if (factory == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("factory");
this.applyIntegrity = factory.applyIntegrity;
this.applyConfidentiality = factory.applyConfidentiality;
this.identityVerifier = factory.identityVerifier;
this.protectionRequirements = new ChannelProtectionRequirements(factory.protectionRequirements);
this.messageProtectionOrder = factory.messageProtectionOrder;
this.requireIntegrity = factory.requireIntegrity;
this.requireConfidentiality = factory.requireConfidentiality;
this.doRequestSignatureConfirmation = factory.doRequestSignatureConfirmation;
}
static SecureConversationSecurityTokenParameters ()
{
ChannelProtectionRequirements r =
new ChannelProtectionRequirements ();
r.IncomingSignatureParts.ChannelParts.IsBodyIncluded = true;
r.OutgoingSignatureParts.ChannelParts.IsBodyIncluded = true;
r.IncomingEncryptionParts.ChannelParts.IsBodyIncluded = true;
r.OutgoingEncryptionParts.ChannelParts.IsBodyIncluded = true;
r.MakeReadOnly ();
default_channel_protection_requirements = r;
dummy_context = new BindingContext (
new CustomBinding (),
new BindingParameterCollection ());
}
internal MessageSecurityProtocolFactory(MessageSecurityProtocolFactory factory)
: base((SecurityProtocolFactory)factory)
{
if (factory == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("factory");
}
this.applyIntegrity = factory.applyIntegrity;
this.applyConfidentiality = factory.applyConfidentiality;
this.identityVerifier = factory.identityVerifier;
this.protectionRequirements = new ChannelProtectionRequirements(factory.protectionRequirements);
this.messageProtectionOrder = factory.messageProtectionOrder;
this.requireIntegrity = factory.requireIntegrity;
this.requireConfidentiality = factory.requireConfidentiality;
this.doRequestSignatureConfirmation = factory.doRequestSignatureConfirmation;
}
public SecureConversationSecurityTokenParameters(SecurityBindingElement bootstrapSecurityBindingElement, bool requireCancellation, bool canRenewSession, ChannelProtectionRequirements bootstrapProtectionRequirements)
: base()
{
this.bootstrapSecurityBindingElement = bootstrapSecurityBindingElement;
this.canRenewSession = canRenewSession;
if (bootstrapProtectionRequirements != null)
this.bootstrapProtectionRequirements = new ChannelProtectionRequirements(bootstrapProtectionRequirements);
else
{
this.bootstrapProtectionRequirements = new ChannelProtectionRequirements();
this.bootstrapProtectionRequirements.IncomingEncryptionParts.AddParts(new MessagePartSpecification(true));
this.bootstrapProtectionRequirements.IncomingSignatureParts.AddParts(new MessagePartSpecification(true));
this.bootstrapProtectionRequirements.OutgoingEncryptionParts.AddParts(new MessagePartSpecification(true));
this.bootstrapProtectionRequirements.OutgoingSignatureParts.AddParts(new MessagePartSpecification(true));
}
this.requireCancellation = requireCancellation;
}
private void addProtectionRequirements(System.ServiceModel.Channels.Binding binding)
{
if ((IsSecureMessageBinding(binding) == false))
{
return;
}
System.ServiceModel.Security.ChannelProtectionRequirements cpr = new System.ServiceModel.Security.ChannelProtectionRequirements();
ApplyProtection("http://tempuri.org/IStockService/GetData", cpr.IncomingSignatureParts, true);
ApplyProtection("http://tempuri.org/IStockService/GetData", cpr.IncomingEncryptionParts, true);
ApplyProtection("http://tempuri.org/IStockService/GetDataUsingDataContract", cpr.IncomingSignatureParts, true);
ApplyProtection("http://tempuri.org/IStockService/GetDataUsingDataContract", cpr.IncomingEncryptionParts, true);
ApplyProtection("http://tempuri.org/IStockService/AuthenticateUser", cpr.IncomingSignatureParts, true);
ApplyProtection("http://tempuri.org/IStockService/AuthenticateUser", cpr.IncomingEncryptionParts, true);
ApplyProtection("http://tempuri.org/IStockService/GetStockItem", cpr.IncomingSignatureParts, true);
ApplyProtection("http://tempuri.org/IStockService/GetStockItem", cpr.IncomingEncryptionParts, true);
ApplyProtection("http://tempuri.org/IStockService/GetCostPlaces", cpr.IncomingSignatureParts, true);
ApplyProtection("http://tempuri.org/IStockService/GetCostPlaces", cpr.IncomingEncryptionParts, true);
ApplyProtection("http://tempuri.org/IStockService/BookStockMovement", cpr.IncomingSignatureParts, true);
ApplyProtection("http://tempuri.org/IStockService/BookStockMovement", cpr.IncomingEncryptionParts, true);
ApplyProtection("http://tempuri.org/IStockService/BookStockCount", cpr.IncomingSignatureParts, true);
ApplyProtection("http://tempuri.org/IStockService/BookStockCount", cpr.IncomingEncryptionParts, true);
if ((binding.MessageVersion.Addressing == System.ServiceModel.Channels.AddressingVersion.None))
{
ApplyProtection("*", cpr.OutgoingSignatureParts, true);
ApplyProtection("*", cpr.OutgoingEncryptionParts, true);
}
else
{
ApplyProtection("http://tempuri.org/IStockService/GetDataResponse", cpr.OutgoingSignatureParts, true);
ApplyProtection("http://tempuri.org/IStockService/GetDataResponse", cpr.OutgoingEncryptionParts, true);
ApplyProtection("http://tempuri.org/IStockService/GetDataUsingDataContractResponse", cpr.OutgoingSignatureParts, true);
ApplyProtection("http://tempuri.org/IStockService/GetDataUsingDataContractResponse", cpr.OutgoingEncryptionParts, true);
ApplyProtection("http://tempuri.org/IStockService/AuthenticateUserResponse", cpr.OutgoingSignatureParts, true);
ApplyProtection("http://tempuri.org/IStockService/AuthenticateUserResponse", cpr.OutgoingEncryptionParts, true);
ApplyProtection("http://tempuri.org/IStockService/GetStockItemResponse", cpr.OutgoingSignatureParts, true);
ApplyProtection("http://tempuri.org/IStockService/GetStockItemResponse", cpr.OutgoingEncryptionParts, true);
ApplyProtection("http://tempuri.org/IStockService/GetCostPlacesResponse", cpr.OutgoingSignatureParts, true);
ApplyProtection("http://tempuri.org/IStockService/GetCostPlacesResponse", cpr.OutgoingEncryptionParts, true);
ApplyProtection("http://tempuri.org/IStockService/BookStockMovementResponse", cpr.OutgoingSignatureParts, true);
ApplyProtection("http://tempuri.org/IStockService/BookStockMovementResponse", cpr.OutgoingEncryptionParts, true);
ApplyProtection("http://tempuri.org/IStockService/BookStockCountResponse", cpr.OutgoingSignatureParts, true);
ApplyProtection("http://tempuri.org/IStockService/BookStockCountResponse", cpr.OutgoingEncryptionParts, true);
}
this.Parameters.Add(cpr);
}
public void AddBindingParameters(ServiceEndpoint endpoint, System.ServiceModel.Channels.BindingParameterCollection bindingParameters)
{
var proReq =
bindingParameters.Remove<ChannelProtectionRequirements>();
proReq = new ChannelProtectionRequirements();
MessagePartSpecification unProtectedSpec = new MessagePartSpecification();
MessagePartSpecification protectedSpec = new MessagePartSpecification(true);
// I'm setting same protection level for all the actions.
// You could specify different protection level per action, if required.
// Also note, I haven't implemented any support for custom SOAP headers.
// However that can easily be added using the same mechansim.
switch (level)
{
case ProtectionLevel.None:
proReq.OutgoingSignatureParts.AddParts(unProtectedSpec, "*");
proReq.IncomingSignatureParts.AddParts(unProtectedSpec, "*");
proReq.OutgoingEncryptionParts.AddParts(unProtectedSpec, "*");
proReq.IncomingEncryptionParts.AddParts(unProtectedSpec, "*");
break;
case ProtectionLevel.Sign:
proReq.OutgoingSignatureParts.AddParts(protectedSpec, "*");
proReq.IncomingSignatureParts.AddParts(protectedSpec, "*");
proReq.OutgoingEncryptionParts.AddParts(unProtectedSpec, "*");
proReq.IncomingEncryptionParts.AddParts(unProtectedSpec, "*");
break;
case ProtectionLevel.EncryptAndSign:
proReq.OutgoingSignatureParts.AddParts(protectedSpec, "*");
proReq.IncomingSignatureParts.AddParts(protectedSpec, "*");
proReq.OutgoingEncryptionParts.AddParts(protectedSpec, "*");
proReq.IncomingEncryptionParts.AddParts(protectedSpec, "*");
break;
}
// Add our protection requirement for this endpoint into the binding params.
bindingParameters.Add(proReq);
}
static void AddPartProtectionRequirements(List <XmlQualifiedName> enc,
List <XmlQualifiedName> sig,
MessageHeaderDescription pd,
ChannelProtectionRequirements cp)
{
if (!pd.HasProtectionLevel)
{
return; // no specific part indication
}
switch (pd.ProtectionLevel)
{
case ProtectionLevel.EncryptAndSign:
enc.Add(new XmlQualifiedName(pd.Name, pd.Namespace));
goto case ProtectionLevel.Sign;
case ProtectionLevel.Sign:
sig.Add(new XmlQualifiedName(pd.Name, pd.Namespace));
break;
}
}
internal static ChannelProtectionRequirements GetChannelProtectionRequirements(ProtectionLevel protectionLevel)
{
ChannelProtectionRequirements result;
if (protectionLevel == ProtectionLevel.EncryptAndSign)
{
if (encryptAndSignChannelProtectionRequirements == null)
{
MessagePartSpecification header = new MessagePartSpecification();
header.HeaderTypes.Add(new XmlQualifiedName(CallbackContextHeaderName, CallbackContextHeaderNamespace));
ChannelProtectionRequirements requirements = new ChannelProtectionRequirements();
requirements.IncomingSignatureParts.AddParts(header);
requirements.IncomingEncryptionParts.AddParts(header);
requirements.OutgoingSignatureParts.AddParts(header);
requirements.OutgoingEncryptionParts.AddParts(header);
requirements.MakeReadOnly();
encryptAndSignChannelProtectionRequirements = requirements;
}
result = encryptAndSignChannelProtectionRequirements;
}
else if (protectionLevel == ProtectionLevel.Sign)
{
if (signChannelProtectionRequirements == null)
{
MessagePartSpecification header = new MessagePartSpecification();
header.HeaderTypes.Add(new XmlQualifiedName(CallbackContextHeaderName, CallbackContextHeaderNamespace));
ChannelProtectionRequirements requirements = new ChannelProtectionRequirements();
requirements.IncomingSignatureParts.AddParts(header);
requirements.OutgoingSignatureParts.AddParts(header);
requirements.MakeReadOnly();
signChannelProtectionRequirements = requirements;
}
result = signChannelProtectionRequirements;
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("protectionLevel"));
}
return result;
}
internal static ChannelProtectionRequirements CreateFromContractAndUnionResponseProtectionRequirements(ContractDescription contract, ISecurityCapabilities bindingElement, bool isForClient)
{
ChannelProtectionRequirements contractRequirements = CreateFromContract(contract, bindingElement.SupportedRequestProtectionLevel, bindingElement.SupportedResponseProtectionLevel, isForClient);
// union all the protection requirements for the response actions
ChannelProtectionRequirements result = new ChannelProtectionRequirements();
if (isForClient)
{
result.IncomingEncryptionParts.AddParts(UnionMessagePartSpecifications(contractRequirements.IncomingEncryptionParts), MessageHeaders.WildcardAction);
result.IncomingSignatureParts.AddParts(UnionMessagePartSpecifications(contractRequirements.IncomingSignatureParts), MessageHeaders.WildcardAction);
contractRequirements.OutgoingEncryptionParts.CopyTo(result.OutgoingEncryptionParts);
contractRequirements.OutgoingSignatureParts.CopyTo(result.OutgoingSignatureParts);
}
else
{
result.OutgoingEncryptionParts.AddParts(UnionMessagePartSpecifications(contractRequirements.OutgoingEncryptionParts), MessageHeaders.WildcardAction);
result.OutgoingSignatureParts.AddParts(UnionMessagePartSpecifications(contractRequirements.OutgoingSignatureParts), MessageHeaders.WildcardAction);
contractRequirements.IncomingEncryptionParts.CopyTo(result.IncomingEncryptionParts);
contractRequirements.IncomingSignatureParts.CopyTo(result.IncomingSignatureParts);
}
return(result);
}
internal static ChannelProtectionRequirements GetChannelProtectionRequirements(ProtectionLevel protectionLevel)
{
if (protectionLevel == ProtectionLevel.EncryptAndSign)
{
if (encryptAndSignChannelProtectionRequirements == null)
{
MessagePartSpecification parts = new MessagePartSpecification {
HeaderTypes = { new XmlQualifiedName("CallbackContext", "http://schemas.microsoft.com/ws/2008/02/context") }
};
ChannelProtectionRequirements requirements2 = new ChannelProtectionRequirements();
requirements2.IncomingSignatureParts.AddParts(parts);
requirements2.IncomingEncryptionParts.AddParts(parts);
requirements2.OutgoingSignatureParts.AddParts(parts);
requirements2.OutgoingEncryptionParts.AddParts(parts);
requirements2.MakeReadOnly();
encryptAndSignChannelProtectionRequirements = requirements2;
}
return encryptAndSignChannelProtectionRequirements;
}
if (protectionLevel != ProtectionLevel.Sign)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("protectionLevel"));
}
if (signChannelProtectionRequirements == null)
{
MessagePartSpecification specification2 = new MessagePartSpecification {
HeaderTypes = { new XmlQualifiedName("CallbackContext", "http://schemas.microsoft.com/ws/2008/02/context") }
};
ChannelProtectionRequirements requirements3 = new ChannelProtectionRequirements();
requirements3.IncomingSignatureParts.AddParts(specification2);
requirements3.OutgoingSignatureParts.AddParts(specification2);
requirements3.MakeReadOnly();
signChannelProtectionRequirements = requirements3;
}
return signChannelProtectionRequirements;
}
internal static ChannelProtectionRequirements CreateFromContract(ContractDescription contract, ProtectionLevel defaultRequestProtectionLevel, ProtectionLevel defaultResponseProtectionLevel, bool isForClient)
{
if (contract == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("contract"));
}
ChannelProtectionRequirements requirements = new ChannelProtectionRequirements();
ProtectionLevel contractScopeDefaultRequestProtectionLevel;
ProtectionLevel contractScopeDefaultResponseProtectionLevel;
if (contract.HasProtectionLevel)
{
contractScopeDefaultRequestProtectionLevel = contract.ProtectionLevel;
contractScopeDefaultResponseProtectionLevel = contract.ProtectionLevel;
}
else
{
contractScopeDefaultRequestProtectionLevel = defaultRequestProtectionLevel;
contractScopeDefaultResponseProtectionLevel = defaultResponseProtectionLevel;
}
foreach (OperationDescription operation in contract.Operations)
{
ProtectionLevel operationScopeDefaultRequestProtectionLevel;
ProtectionLevel operationScopeDefaultResponseProtectionLevel;
operationScopeDefaultRequestProtectionLevel = contractScopeDefaultRequestProtectionLevel;
operationScopeDefaultResponseProtectionLevel = contractScopeDefaultResponseProtectionLevel;
foreach (MessageDescription message in operation.Messages)
{
ProtectionLevel messageScopeDefaultProtectionLevel;
if (message.HasProtectionLevel)
{
messageScopeDefaultProtectionLevel = message.ProtectionLevel;
}
else if (message.Direction == MessageDirection.Input)
{
messageScopeDefaultProtectionLevel = operationScopeDefaultRequestProtectionLevel;
}
else
{
messageScopeDefaultProtectionLevel = operationScopeDefaultResponseProtectionLevel;
}
MessagePartSpecification signedParts = new MessagePartSpecification();
MessagePartSpecification encryptedParts = new MessagePartSpecification();
// determine header protection requirements for message
foreach (MessageHeaderDescription header in message.Headers)
{
AddHeaderProtectionRequirements(header, signedParts, encryptedParts, messageScopeDefaultProtectionLevel);
}
// determine body protection requirements for message
ProtectionLevel bodyProtectionLevel;
if (message.Body.Parts.Count > 0)
{
// initialize the body protection level to none. all the body parts will be
// unioned to get the effective body protection level
bodyProtectionLevel = ProtectionLevel.None;
}
else if (message.Body.ReturnValue != null)
{
if (!(message.Body.ReturnValue.GetType().Equals(typeof(MessagePartDescription))))
{
Fx.Assert("Only body return values are supported currently");
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.OnlyBodyReturnValuesSupported));
}
MessagePartDescription desc = message.Body.ReturnValue;
bodyProtectionLevel = desc.HasProtectionLevel ? desc.ProtectionLevel : messageScopeDefaultProtectionLevel;
}
else
{
bodyProtectionLevel = messageScopeDefaultProtectionLevel;
}
// determine body protection requirements for message
if (message.Body.Parts.Count > 0)
{
foreach (MessagePartDescription body in message.Body.Parts)
{
ProtectionLevel partProtectionLevel = body.HasProtectionLevel ? body.ProtectionLevel : messageScopeDefaultProtectionLevel;
bodyProtectionLevel = ProtectionLevelHelper.Max(bodyProtectionLevel, partProtectionLevel);
if (bodyProtectionLevel == ProtectionLevel.EncryptAndSign)
{
break;
}
}
}
if (bodyProtectionLevel != ProtectionLevel.None)
{
signedParts.IsBodyIncluded = true;
if (bodyProtectionLevel == ProtectionLevel.EncryptAndSign)
{
encryptedParts.IsBodyIncluded = true;
}
}
// add requirements for message
if (message.Direction == MessageDirection.Input)
{
requirements.IncomingSignatureParts.AddParts(signedParts, message.Action);
requirements.IncomingEncryptionParts.AddParts(encryptedParts, message.Action);
}
else
{
requirements.OutgoingSignatureParts.AddParts(signedParts, message.Action);
requirements.OutgoingEncryptionParts.AddParts(encryptedParts, message.Action);
}
}
if (operation.Faults != null)
{
if (operation.IsServerInitiated())
{
AddFaultProtectionRequirements(operation.Faults, requirements, operationScopeDefaultRequestProtectionLevel, true);
}
else
{
AddFaultProtectionRequirements(operation.Faults, requirements, operationScopeDefaultResponseProtectionLevel, false);
}
}
}
return(requirements);
}
private static void AddFaultProtectionRequirements(FaultDescriptionCollection faults, ChannelProtectionRequirements requirements, ProtectionLevel defaultProtectionLevel, bool addToIncoming)
{
if (faults == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("faults"));
}
if (requirements == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("requirements"));
}
foreach (FaultDescription fault in faults)
{
MessagePartSpecification signedParts = new MessagePartSpecification();
MessagePartSpecification encryptedParts = new MessagePartSpecification();
ProtectionLevel p = fault.HasProtectionLevel ? fault.ProtectionLevel : defaultProtectionLevel;
if (p != ProtectionLevel.None)
{
signedParts.IsBodyIncluded = true;
if (p == ProtectionLevel.EncryptAndSign)
{
encryptedParts.IsBodyIncluded = true;
}
}
if (addToIncoming)
{
requirements.IncomingSignatureParts.AddParts(signedParts, fault.Action);
requirements.IncomingEncryptionParts.AddParts(encryptedParts, fault.Action);
}
else
{
requirements.OutgoingSignatureParts.AddParts(signedParts, fault.Action);
requirements.OutgoingEncryptionParts.AddParts(encryptedParts, fault.Action);
}
}
}
public void Add(ChannelProtectionRequirements protectionRequirements)
{
this.Add(protectionRequirements, false);
}
public void SendRequestWithSignatureMessagePart ()
{
CustomBinding b = CreateBinding ();
ChannelProtectionRequirements cp =
new ChannelProtectionRequirements ();
cp.IncomingSignatureParts.AddParts (new MessagePartSpecification (true), "myAction");
cp.IncomingEncryptionParts.AddParts (new MessagePartSpecification (true), "myAction");
BindingParameterCollection parameters =
new BindingParameterCollection ();
parameters.Add (cp);
IChannelFactory<IRequestChannel> f =
b.BuildChannelFactory<IRequestChannel> (parameters);
f.Open ();
IRequestChannel ch = f.CreateChannel (CreateX509EndpointAddress ("stream:dummy"));
ch.Open ();
ch.Request (Message.CreateMessage (b.MessageVersion, "myAction"));
}
public void Add(ChannelProtectionRequirements protectionRequirements)
{
this.Add(protectionRequirements, false);
}
public void AddBindingParameters(ServiceEndpoint endpoint, BindingParameterCollection parameters)
{
// get Contract info security needs, and put in BindingParameterCollection
ISecurityCapabilities isc = null;
BindingElementCollection elements = endpoint.Binding.CreateBindingElements();
if (isc != null)
{
// ensure existence of binding parameter
ChannelProtectionRequirements requirements = parameters.Find<ChannelProtectionRequirements>();
if (requirements == null)
{
requirements = new ChannelProtectionRequirements();
parameters.Add(requirements);
}
MessageEncodingBindingElement encoding = elements.Find<MessageEncodingBindingElement>();
// use endpoint.Binding.Version
if (encoding != null && encoding.MessageVersion.Addressing == AddressingVersion.None)
{
// This binding does not support response actions, so...
requirements.Add(ChannelProtectionRequirements.CreateFromContractAndUnionResponseProtectionRequirements(endpoint.Contract, isc, _isForClient));
}
else
{
requirements.Add(ChannelProtectionRequirements.CreateFromContract(endpoint.Contract, isc, _isForClient));
}
}
}
private static void AddFaultProtectionRequirements(FaultDescriptionCollection faults, ChannelProtectionRequirements requirements, ProtectionLevel defaultProtectionLevel, bool addToIncoming)
{
if (faults == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("faults"));
if (requirements == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("requirements"));
foreach (FaultDescription fault in faults)
{
MessagePartSpecification signedParts = new MessagePartSpecification();
MessagePartSpecification encryptedParts = new MessagePartSpecification();
ProtectionLevel p = fault.HasProtectionLevel ? fault.ProtectionLevel : defaultProtectionLevel;
if (p != ProtectionLevel.None)
{
signedParts.IsBodyIncluded = true;
if (p == ProtectionLevel.EncryptAndSign)
{
encryptedParts.IsBodyIncluded = true;
}
}
if (addToIncoming)
{
requirements.IncomingSignatureParts.AddParts(signedParts, fault.Action);
requirements.IncomingEncryptionParts.AddParts(encryptedParts, fault.Action);
}
else
{
requirements.OutgoingSignatureParts.AddParts(signedParts, fault.Action);
requirements.OutgoingEncryptionParts.AddParts(encryptedParts, fault.Action);
}
}
}
internal static ChannelProtectionRequirements CreateFromContract(ContractDescription contract, ProtectionLevel defaultRequestProtectionLevel, ProtectionLevel defaultResponseProtectionLevel, bool isForClient)
{
if (contract == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("contract"));
ChannelProtectionRequirements requirements = new ChannelProtectionRequirements();
ProtectionLevel contractScopeDefaultRequestProtectionLevel;
ProtectionLevel contractScopeDefaultResponseProtectionLevel;
if (contract.HasProtectionLevel)
{
contractScopeDefaultRequestProtectionLevel = contract.ProtectionLevel;
contractScopeDefaultResponseProtectionLevel = contract.ProtectionLevel;
}
else
{
contractScopeDefaultRequestProtectionLevel = defaultRequestProtectionLevel;
contractScopeDefaultResponseProtectionLevel = defaultResponseProtectionLevel;
}
foreach (OperationDescription operation in contract.Operations)
{
ProtectionLevel operationScopeDefaultRequestProtectionLevel;
ProtectionLevel operationScopeDefaultResponseProtectionLevel;
operationScopeDefaultRequestProtectionLevel = contractScopeDefaultRequestProtectionLevel;
operationScopeDefaultResponseProtectionLevel = contractScopeDefaultResponseProtectionLevel;
foreach (MessageDescription message in operation.Messages)
{
ProtectionLevel messageScopeDefaultProtectionLevel;
if (message.HasProtectionLevel)
{
messageScopeDefaultProtectionLevel = message.ProtectionLevel;
}
else if (message.Direction == MessageDirection.Input)
{
messageScopeDefaultProtectionLevel = operationScopeDefaultRequestProtectionLevel;
}
else
{
messageScopeDefaultProtectionLevel = operationScopeDefaultResponseProtectionLevel;
}
MessagePartSpecification signedParts = new MessagePartSpecification();
MessagePartSpecification encryptedParts = new MessagePartSpecification();
// determine header protection requirements for message
foreach (MessageHeaderDescription header in message.Headers)
{
AddHeaderProtectionRequirements(header, signedParts, encryptedParts, messageScopeDefaultProtectionLevel);
}
// determine body protection requirements for message
ProtectionLevel bodyProtectionLevel;
if (message.Body.Parts.Count > 0)
{
// initialize the body protection level to none. all the body parts will be
// unioned to get the effective body protection level
bodyProtectionLevel = ProtectionLevel.None;
}
else if (message.Body.ReturnValue != null)
{
if (!(message.Body.ReturnValue.GetType().Equals(typeof(MessagePartDescription))))
{
Fx.Assert("Only body return values are supported currently");
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.OnlyBodyReturnValuesSupported));
}
MessagePartDescription desc = message.Body.ReturnValue;
bodyProtectionLevel = desc.HasProtectionLevel ? desc.ProtectionLevel : messageScopeDefaultProtectionLevel;
}
else
{
bodyProtectionLevel = messageScopeDefaultProtectionLevel;
}
// determine body protection requirements for message
if (message.Body.Parts.Count > 0)
{
foreach (MessagePartDescription body in message.Body.Parts)
{
ProtectionLevel partProtectionLevel = body.HasProtectionLevel ? body.ProtectionLevel : messageScopeDefaultProtectionLevel;
bodyProtectionLevel = ProtectionLevelHelper.Max(bodyProtectionLevel, partProtectionLevel);
if (bodyProtectionLevel == ProtectionLevel.EncryptAndSign)
break;
}
}
if (bodyProtectionLevel != ProtectionLevel.None)
{
signedParts.IsBodyIncluded = true;
if (bodyProtectionLevel == ProtectionLevel.EncryptAndSign)
encryptedParts.IsBodyIncluded = true;
}
// add requirements for message
if (message.Direction == MessageDirection.Input)
{
requirements.IncomingSignatureParts.AddParts(signedParts, message.Action);
requirements.IncomingEncryptionParts.AddParts(encryptedParts, message.Action);
}
else
{
requirements.OutgoingSignatureParts.AddParts(signedParts, message.Action);
requirements.OutgoingEncryptionParts.AddParts(encryptedParts, message.Action);
}
}
if (operation.Faults != null)
{
if (operation.IsServerInitiated())
{
AddFaultProtectionRequirements(operation.Faults, requirements, operationScopeDefaultRequestProtectionLevel, true);
}
else
{
AddFaultProtectionRequirements(operation.Faults, requirements, operationScopeDefaultResponseProtectionLevel, false);
}
}
}
return requirements;
}
internal static ChannelProtectionRequirements CreateFromContractAndUnionResponseProtectionRequirements(ContractDescription contract, ISecurityCapabilities bindingElement, bool isForClient)
{
ChannelProtectionRequirements contractRequirements = CreateFromContract(contract, bindingElement.SupportedRequestProtectionLevel, bindingElement.SupportedResponseProtectionLevel, isForClient);
// union all the protection requirements for the response actions
ChannelProtectionRequirements result = new ChannelProtectionRequirements();
if (isForClient)
{
result.IncomingEncryptionParts.AddParts(UnionMessagePartSpecifications(contractRequirements.IncomingEncryptionParts), MessageHeaders.WildcardAction);
result.IncomingSignatureParts.AddParts(UnionMessagePartSpecifications(contractRequirements.IncomingSignatureParts), MessageHeaders.WildcardAction);
contractRequirements.OutgoingEncryptionParts.CopyTo(result.OutgoingEncryptionParts);
contractRequirements.OutgoingSignatureParts.CopyTo(result.OutgoingSignatureParts);
}
else
{
result.OutgoingEncryptionParts.AddParts(UnionMessagePartSpecifications(contractRequirements.OutgoingEncryptionParts), MessageHeaders.WildcardAction);
result.OutgoingSignatureParts.AddParts(UnionMessagePartSpecifications(contractRequirements.OutgoingSignatureParts), MessageHeaders.WildcardAction);
contractRequirements.IncomingEncryptionParts.CopyTo(result.IncomingEncryptionParts);
contractRequirements.IncomingSignatureParts.CopyTo(result.IncomingSignatureParts);
}
return result;
}
public ChannelProtectionRequirements CreateInverse()
{
ChannelProtectionRequirements result = new ChannelProtectionRequirements();
result.Add(this, true);
result._incomingSignatureParts = new ScopedMessagePartSpecification(this.OutgoingSignatureParts);
result._outgoingSignatureParts = new ScopedMessagePartSpecification(this.IncomingSignatureParts);
result._incomingEncryptionParts = new ScopedMessagePartSpecification(this.OutgoingEncryptionParts);
result._outgoingEncryptionParts = new ScopedMessagePartSpecification(this.IncomingEncryptionParts);
return result;
}
internal static ChannelProtectionRequirements CreateFromContract(ContractDescription contract, ProtectionLevel defaultRequestProtectionLevel, ProtectionLevel defaultResponseProtectionLevel, bool isForClient)
{
ProtectionLevel protectionLevel;
ProtectionLevel level2;
if (contract == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("contract"));
}
ChannelProtectionRequirements requirements = new ChannelProtectionRequirements();
if (contract.HasProtectionLevel)
{
protectionLevel = contract.ProtectionLevel;
level2 = contract.ProtectionLevel;
}
else
{
protectionLevel = defaultRequestProtectionLevel;
level2 = defaultResponseProtectionLevel;
}
foreach (OperationDescription description in contract.Operations)
{
ProtectionLevel level3;
ProtectionLevel level4;
if (description.HasProtectionLevel)
{
level3 = description.ProtectionLevel;
level4 = description.ProtectionLevel;
}
else
{
level3 = protectionLevel;
level4 = level2;
}
foreach (MessageDescription description2 in description.Messages)
{
ProtectionLevel level5;
ProtectionLevel none;
if (description2.HasProtectionLevel)
{
level5 = description2.ProtectionLevel;
}
else if (description2.Direction == MessageDirection.Input)
{
level5 = level3;
}
else
{
level5 = level4;
}
MessagePartSpecification signedParts = new MessagePartSpecification();
MessagePartSpecification encryptedParts = new MessagePartSpecification();
foreach (MessageHeaderDescription description3 in description2.Headers)
{
AddHeaderProtectionRequirements(description3, signedParts, encryptedParts, level5);
}
if (description2.Body.Parts.Count > 0)
{
none = ProtectionLevel.None;
}
else if (description2.Body.ReturnValue != null)
{
if (!description2.Body.ReturnValue.GetType().Equals(typeof(MessagePartDescription)))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("OnlyBodyReturnValuesSupported")));
}
MessagePartDescription returnValue = description2.Body.ReturnValue;
none = returnValue.HasProtectionLevel ? returnValue.ProtectionLevel : level5;
}
else
{
none = level5;
}
if (description2.Body.Parts.Count > 0)
{
foreach (MessagePartDescription description5 in description2.Body.Parts)
{
ProtectionLevel level7 = description5.HasProtectionLevel ? description5.ProtectionLevel : level5;
none = ProtectionLevelHelper.Max(none, level7);
if (none == ProtectionLevel.EncryptAndSign)
{
break;
}
}
}
if (none != ProtectionLevel.None)
{
signedParts.IsBodyIncluded = true;
if (none == ProtectionLevel.EncryptAndSign)
{
encryptedParts.IsBodyIncluded = true;
}
}
if (description2.Direction == MessageDirection.Input)
{
requirements.IncomingSignatureParts.AddParts(signedParts, description2.Action);
requirements.IncomingEncryptionParts.AddParts(encryptedParts, description2.Action);
}
else
{
requirements.OutgoingSignatureParts.AddParts(signedParts, description2.Action);
requirements.OutgoingEncryptionParts.AddParts(encryptedParts, description2.Action);
}
}
if (description.Faults != null)
{
if (description.IsServerInitiated())
{
AddFaultProtectionRequirements(description.Faults, requirements, level3, true);
}
else
{
AddFaultProtectionRequirements(description.Faults, requirements, level4, false);
}
}
}
return(requirements);
}
// It is problematic, but there is no option to disable establishing security context in this binding unlike WSHttpBinding...
SecurityBindingElement CreateMessageSecurity ()
{
if (Security.Mode == SecurityMode.Transport ||
Security.Mode == SecurityMode.None)
return null;
// FIXME: this is wrong. Could be Asymmetric, depends on Security.Message.AlgorithmSuite value.
SymmetricSecurityBindingElement element =
new SymmetricSecurityBindingElement ();
element.MessageSecurityVersion = MessageSecurityVersion.Default;
element.SetKeyDerivation (false);
switch (Security.Message.ClientCredentialType) {
case MessageCredentialType.Certificate:
element.EndpointSupportingTokenParameters.Endorsing.Add (
new X509SecurityTokenParameters ());
goto default;
case MessageCredentialType.IssuedToken:
IssuedSecurityTokenParameters istp =
new IssuedSecurityTokenParameters ();
// FIXME: issuer binding must be secure.
istp.IssuerBinding = new CustomBinding (
new TextMessageEncodingBindingElement (),
GetTransport ());
element.EndpointSupportingTokenParameters.Endorsing.Add (istp);
goto default;
case MessageCredentialType.UserName:
element.EndpointSupportingTokenParameters.SignedEncrypted.Add (
new UserNameSecurityTokenParameters ());
goto default;
case MessageCredentialType.Windows:
element.ProtectionTokenParameters =
new KerberosSecurityTokenParameters ();
break;
default: // including .None
X509SecurityTokenParameters p =
new X509SecurityTokenParameters ();
p.X509ReferenceStyle = X509KeyIdentifierClauseType.Thumbprint;
element.ProtectionTokenParameters = p;
break;
}
// SecureConversation enabled
ChannelProtectionRequirements reqs =
new ChannelProtectionRequirements ();
// FIXME: fill the reqs
return SecurityBindingElement.CreateSecureConversationBindingElement (
// FIXME: requireCancellation
element, true, reqs);
}
public MySecureConversationSecurityTokenParameters (SecurityBindingElement element, bool requireCancel, ChannelProtectionRequirements cpr)
: base (element, requireCancel, cpr)
{
}
public void AddBindingParameters(ServiceEndpoint endpoint, BindingParameterCollection parameters)
{
// get Contract info security needs, and put in BindingParameterCollection
ISecurityCapabilities isc = null;
BindingElementCollection elements = endpoint.Binding.CreateBindingElements();
for (int i = 0; i < elements.Count; ++i)
{
if (!(elements[i] is ITransportTokenAssertionProvider))
{
ISecurityCapabilities tmp = elements[i].GetIndividualProperty<ISecurityCapabilities>();
if (tmp != null)
{
isc = tmp;
break;
}
}
}
if (isc != null)
{
// ensure existence of binding parameter
ChannelProtectionRequirements requirements = parameters.Find<ChannelProtectionRequirements>();
if (requirements == null)
{
requirements = new ChannelProtectionRequirements();
parameters.Add(requirements);
}
MessageEncodingBindingElement encoding = elements.Find<MessageEncodingBindingElement>();
// use endpoint.Binding.Version
if (encoding != null && encoding.MessageVersion.Addressing == AddressingVersion.None)
{
// This binding does not support response actions, so...
requirements.Add(ChannelProtectionRequirements.CreateFromContractAndUnionResponseProtectionRequirements(endpoint.Contract, isc, isForClient));
}
else
{
requirements.Add(ChannelProtectionRequirements.CreateFromContract(endpoint.Contract, isc, isForClient));
}
}
}
protected SecureConversationSecurityTokenParameters (SecureConversationSecurityTokenParameters source)
: base (source)
{
this.element = (SecurityBindingElement) source.element.Clone ();
this.cancellable = source.cancellable;
#if !MOBILE && !XAMMAC_4_5
this.requirements = new ChannelProtectionRequirements (default_channel_protection_requirements);
#endif
}
public virtual XmlElement CreateWsspBootstrapPolicyAssertion(MetadataExporter exporter, SecurityBindingElement bootstrapSecurity)
{
if (bootstrapSecurity == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("bootstrapBinding");
WSSecurityPolicy sp = WSSecurityPolicy.GetSecurityPolicyDriver(bootstrapSecurity.MessageSecurityVersion);
// create complete bootstrap binding
CustomBinding bootstrapBinding = new CustomBinding(bootstrapSecurity);
if (exporter.State.ContainsKey(SecurityPolicyStrings.SecureConversationBootstrapBindingElementsBelowSecurityKey))
{
BindingElementCollection bindingElementsBelowSecurity = exporter.State[SecurityPolicyStrings.SecureConversationBootstrapBindingElementsBelowSecurityKey] as BindingElementCollection;
if (bindingElementsBelowSecurity != null)
{
foreach (BindingElement be in bindingElementsBelowSecurity)
{
bootstrapBinding.Elements.Add(be);
}
}
}
// generate policy for the "how" of security
ServiceEndpoint bootstrapEndpoint = new ServiceEndpoint(NullContract);
bootstrapEndpoint.Binding = bootstrapBinding;
PolicyConversionContext policyContext = exporter.ExportPolicy(bootstrapEndpoint);
// generate policy for the "what" of security (protection assertions)
// hard-coded requirements in V1: sign and encrypt RST and RSTR body
ChannelProtectionRequirements bootstrapProtection = new ChannelProtectionRequirements();
bootstrapProtection.IncomingEncryptionParts.AddParts(new MessagePartSpecification(true));
bootstrapProtection.OutgoingEncryptionParts.AddParts(new MessagePartSpecification(true));
bootstrapProtection.IncomingSignatureParts.AddParts(new MessagePartSpecification(true));
bootstrapProtection.OutgoingSignatureParts.AddParts(new MessagePartSpecification(true));
// add boostrap binding protection requirements (e.g. addressing headers)
ChannelProtectionRequirements cpr = bootstrapBinding.GetProperty<ChannelProtectionRequirements>(new BindingParameterCollection());
if (cpr != null)
{
bootstrapProtection.Add(cpr);
}
// extract channel-scope protection requirements and union them across request and response
MessagePartSpecification encryption = new MessagePartSpecification();
encryption.Union(bootstrapProtection.IncomingEncryptionParts.ChannelParts);
encryption.Union(bootstrapProtection.OutgoingEncryptionParts.ChannelParts);
encryption.MakeReadOnly();
MessagePartSpecification signature = new MessagePartSpecification();
signature.Union(bootstrapProtection.IncomingSignatureParts.ChannelParts);
signature.Union(bootstrapProtection.OutgoingSignatureParts.ChannelParts);
signature.MakeReadOnly();
// create final boostrap policy assertion
XmlElement nestedPolicy = CreateWspPolicyWrapper(
exporter,
sp.CreateWsspSignedPartsAssertion(signature),
sp.CreateWsspEncryptedPartsAssertion(encryption));
foreach (XmlElement e in sp.FilterWsspPolicyAssertions(policyContext.GetBindingAssertions()))
{
nestedPolicy.AppendChild(e);
}
XmlElement result = CreateWsspAssertion(BootstrapPolicyName);
result.AppendChild(nestedPolicy);
return result;
}
public RecipientMessageSecurityBindingSupport (
SecurityCapabilities elementSupport,
SecurityTokenManager manager,
ChannelProtectionRequirements requirements)
: base (elementSupport, manager, requirements)
{
}
