public override void OnOpen(TimeSpan timeout) { base.OnOpen(timeout); this.protectionRequirements.MakeReadOnly(); if (base.DetectReplays && !this.RequireIntegrity) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("RequireIntegrity", System.ServiceModel.SR.GetString("ForReplayDetectionToBeDoneRequireIntegrityMustBeSet")); } if (this.DoRequestSignatureConfirmation) { if (!this.SupportsRequestReply) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("SignatureConfirmationRequiresRequestReply")); } if (!base.StandardsManager.SecurityVersion.SupportsSignatureConfirmation) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("SecurityVersionDoesNotSupportSignatureConfirmation", new object[] { base.StandardsManager.SecurityVersion })); } } this.wrappedKeyTokenAuthenticator = new List <SecurityTokenAuthenticator>(1); SecurityTokenAuthenticator item = new NonValidatingSecurityTokenAuthenticator <WrappedKeySecurityToken>(); this.wrappedKeyTokenAuthenticator.Add(item); this.ValidateCorrelationSecuritySettings(); }
public virtual void OnOpen(TimeSpan timeout) { if (this.SecurityBindingElement == null) { this.OnPropertySettingsError("SecurityBindingElement", true); } if (this.SecurityTokenManager == null) { this.OnPropertySettingsError("SecurityTokenManager", true); } _messageSecurityVersion = _standardsManager.MessageSecurityVersion; TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); _expectOutgoingMessages = this.ActAsInitiator || this.SupportsRequestReply; _expectIncomingMessages = !this.ActAsInitiator || this.SupportsRequestReply; if (!_actAsInitiator) { AddSupportingTokenAuthenticators(_securityBindingElement.EndpointSupportingTokenParameters, false, (IList <SupportingTokenAuthenticatorSpecification>)_channelSupportingTokenAuthenticatorSpecification); // validate the token authenticator types and create a merged map if needed. if (!_channelSupportingTokenAuthenticatorSpecification.IsReadOnly) { if (_channelSupportingTokenAuthenticatorSpecification.Count == 0) { _channelSupportingTokenAuthenticatorSpecification = EmptyTokenAuthenticators; } else { _expectSupportingTokens = true; foreach (SupportingTokenAuthenticatorSpecification tokenAuthenticatorSpec in _channelSupportingTokenAuthenticatorSpecification) { SecurityUtils.OpenTokenAuthenticatorIfRequired(tokenAuthenticatorSpec.TokenAuthenticator, timeoutHelper.RemainingTime()); if (tokenAuthenticatorSpec.SecurityTokenAttachmentMode == SecurityTokenAttachmentMode.Endorsing || tokenAuthenticatorSpec.SecurityTokenAttachmentMode == SecurityTokenAttachmentMode.SignedEndorsing) { if (tokenAuthenticatorSpec.TokenParameters.RequireDerivedKeys && !tokenAuthenticatorSpec.TokenParameters.HasAsymmetricKey) { _expectKeyDerivation = true; } } SecurityTokenAttachmentMode mode = tokenAuthenticatorSpec.SecurityTokenAttachmentMode; if (mode == SecurityTokenAttachmentMode.SignedEncrypted || mode == SecurityTokenAttachmentMode.Signed || mode == SecurityTokenAttachmentMode.SignedEndorsing) { _expectChannelSignedTokens = true; if (mode == SecurityTokenAttachmentMode.SignedEncrypted) { _expectChannelBasicTokens = true; } } if (mode == SecurityTokenAttachmentMode.Endorsing || mode == SecurityTokenAttachmentMode.SignedEndorsing) { _expectChannelEndorsingTokens = true; } } _channelSupportingTokenAuthenticatorSpecification = new ReadOnlyCollection <SupportingTokenAuthenticatorSpecification>((Collection <SupportingTokenAuthenticatorSpecification>)_channelSupportingTokenAuthenticatorSpecification); } } VerifyTypeUniqueness(_channelSupportingTokenAuthenticatorSpecification); MergeSupportingTokenAuthenticators(timeoutHelper.RemainingTime()); } if (this.DetectReplays) { if (!this.SupportsReplayDetection) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("DetectReplays", SR.Format(SR.SecurityProtocolCannotDoReplayDetection, this)); } if (this.MaxClockSkew == TimeSpan.MaxValue || this.ReplayWindow == TimeSpan.MaxValue) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.NoncesCachedInfinitely)); } // If DetectReplays is true and nonceCache is null then use the default InMemoryNonceCache. if (_nonceCache == null) { // The nonce needs to be cached for replayWindow + 2*clockSkew to eliminate replays _nonceCache = new InMemoryNonceCache(this.ReplayWindow + this.MaxClockSkew + this.MaxClockSkew, this.MaxCachedNonces); } } _derivedKeyTokenAuthenticator = new NonValidatingSecurityTokenAuthenticator <DerivedKeySecurityToken>(); }
public override void OnOpen(TimeSpan timeout) { base.OnOpen(timeout); this.protectionRequirements.MakeReadOnly(); if (this.DetectReplays && !this.RequireIntegrity) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("RequireIntegrity", SR.GetString(SR.ForReplayDetectionToBeDoneRequireIntegrityMustBeSet)); } if (this.DoRequestSignatureConfirmation) { if (!this.SupportsRequestReply) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.SignatureConfirmationRequiresRequestReply)); } if (!this.StandardsManager.SecurityVersion.SupportsSignatureConfirmation) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.SecurityVersionDoesNotSupportSignatureConfirmation, this.StandardsManager.SecurityVersion)); } } this.wrappedKeyTokenAuthenticator = new List<SecurityTokenAuthenticator>(1); SecurityTokenAuthenticator authenticator = new NonValidatingSecurityTokenAuthenticator<WrappedKeySecurityToken>(); this.wrappedKeyTokenAuthenticator.Add(authenticator); ValidateCorrelationSecuritySettings(); }
public virtual void OnOpen(TimeSpan timeout) { if (this.SecurityBindingElement == null) { this.OnPropertySettingsError("SecurityBindingElement", true); } if (this.SecurityTokenManager == null) { this.OnPropertySettingsError("SecurityTokenManager", true); } this.messageSecurityVersion = this.standardsManager.MessageSecurityVersion; TimeoutHelper helper = new TimeoutHelper(timeout); this.expectOutgoingMessages = this.ActAsInitiator || this.SupportsRequestReply; this.expectIncomingMessages = !this.ActAsInitiator || this.SupportsRequestReply; if (!this.actAsInitiator) { this.AddSupportingTokenAuthenticators(this.securityBindingElement.EndpointSupportingTokenParameters, false, (IList <SupportingTokenAuthenticatorSpecification>) this.channelSupportingTokenAuthenticatorSpecification); this.AddSupportingTokenAuthenticators(this.securityBindingElement.OptionalEndpointSupportingTokenParameters, true, (IList <SupportingTokenAuthenticatorSpecification>) this.channelSupportingTokenAuthenticatorSpecification); foreach (string str in this.securityBindingElement.OperationSupportingTokenParameters.Keys) { Collection <SupportingTokenAuthenticatorSpecification> authenticatorSpecList = new Collection <SupportingTokenAuthenticatorSpecification>(); this.AddSupportingTokenAuthenticators(this.securityBindingElement.OperationSupportingTokenParameters[str], false, authenticatorSpecList); this.scopedSupportingTokenAuthenticatorSpecification.Add(str, authenticatorSpecList); } foreach (string str2 in this.securityBindingElement.OptionalOperationSupportingTokenParameters.Keys) { Collection <SupportingTokenAuthenticatorSpecification> collection2; ICollection <SupportingTokenAuthenticatorSpecification> is2; if (this.scopedSupportingTokenAuthenticatorSpecification.TryGetValue(str2, out is2)) { collection2 = (Collection <SupportingTokenAuthenticatorSpecification>)is2; } else { collection2 = new Collection <SupportingTokenAuthenticatorSpecification>(); this.scopedSupportingTokenAuthenticatorSpecification.Add(str2, collection2); } this.AddSupportingTokenAuthenticators(this.securityBindingElement.OptionalOperationSupportingTokenParameters[str2], true, collection2); } if (!this.channelSupportingTokenAuthenticatorSpecification.IsReadOnly) { if (this.channelSupportingTokenAuthenticatorSpecification.Count == 0) { this.channelSupportingTokenAuthenticatorSpecification = EmptyTokenAuthenticators; } else { this.expectSupportingTokens = true; foreach (SupportingTokenAuthenticatorSpecification specification in this.channelSupportingTokenAuthenticatorSpecification) { System.ServiceModel.Security.SecurityUtils.OpenTokenAuthenticatorIfRequired(specification.TokenAuthenticator, helper.RemainingTime()); if (((specification.SecurityTokenAttachmentMode == SecurityTokenAttachmentMode.Endorsing) || (specification.SecurityTokenAttachmentMode == SecurityTokenAttachmentMode.SignedEndorsing)) && (specification.TokenParameters.RequireDerivedKeys && !specification.TokenParameters.HasAsymmetricKey)) { this.expectKeyDerivation = true; } SecurityTokenAttachmentMode securityTokenAttachmentMode = specification.SecurityTokenAttachmentMode; switch (securityTokenAttachmentMode) { case SecurityTokenAttachmentMode.SignedEncrypted: case SecurityTokenAttachmentMode.Signed: case SecurityTokenAttachmentMode.SignedEndorsing: this.expectChannelSignedTokens = true; if (securityTokenAttachmentMode == SecurityTokenAttachmentMode.SignedEncrypted) { this.expectChannelBasicTokens = true; } break; } if ((securityTokenAttachmentMode == SecurityTokenAttachmentMode.Endorsing) || (securityTokenAttachmentMode == SecurityTokenAttachmentMode.SignedEndorsing)) { this.expectChannelEndorsingTokens = true; } } this.channelSupportingTokenAuthenticatorSpecification = new ReadOnlyCollection <SupportingTokenAuthenticatorSpecification>((Collection <SupportingTokenAuthenticatorSpecification>) this.channelSupportingTokenAuthenticatorSpecification); } } this.VerifyTypeUniqueness(this.channelSupportingTokenAuthenticatorSpecification); this.MergeSupportingTokenAuthenticators(helper.RemainingTime()); } if (this.DetectReplays) { if (!this.SupportsReplayDetection) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("DetectReplays", System.ServiceModel.SR.GetString("SecurityProtocolCannotDoReplayDetection", new object[] { this })); } if ((this.MaxClockSkew == TimeSpan.MaxValue) || (this.ReplayWindow == TimeSpan.MaxValue)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("NoncesCachedInfinitely"))); } this.nonceCache = new System.ServiceModel.Security.NonceCache((this.ReplayWindow + this.MaxClockSkew) + this.MaxClockSkew, this.MaxCachedNonces); } this.derivedKeyTokenAuthenticator = new NonValidatingSecurityTokenAuthenticator <DerivedKeySecurityToken>(); }