internal void ConfigureProtocolFactory(SecurityProtocolFactory factory, SecurityCredentialsManager credentialsManager, bool isForService, BindingContext issuerBindingContext, Binding binding) { if (factory == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException(nameof(factory))); } if (credentialsManager == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException(nameof(credentialsManager))); } factory.AddTimestamp = IncludeTimestamp; factory.IncomingAlgorithmSuite = DefaultAlgorithmSuite; factory.OutgoingAlgorithmSuite = DefaultAlgorithmSuite; factory.SecurityHeaderLayout = SecurityHeaderLayout; factory.TimestampValidityDuration = LocalServiceSettings.TimestampValidityDuration; factory.DetectReplays = LocalServiceSettings.DetectReplays; factory.MaxCachedNonces = LocalServiceSettings.ReplayCacheSize; factory.MaxClockSkew = LocalServiceSettings.MaxClockSkew; factory.ReplayWindow = LocalServiceSettings.ReplayWindow; if (LocalServiceSettings.DetectReplays) { factory.NonceCache = LocalServiceSettings.NonceCache; } factory.SecurityBindingElement = (SecurityBindingElement)Clone(); factory.SecurityBindingElement.SetIssuerBindingContextIfRequired(issuerBindingContext); factory.SecurityTokenManager = credentialsManager.CreateSecurityTokenManager(); SecurityTokenSerializer tokenSerializer = factory.SecurityTokenManager.CreateSecurityTokenSerializer(_messageSecurityVersion.SecurityTokenVersion); factory.StandardsManager = new SecurityStandardsManager(_messageSecurityVersion, tokenSerializer); }
public WindowsStreamSecurityUpgradeProvider(WindowsStreamSecurityBindingElement bindingElement, BindingContext context, bool isClient) : base(context.Binding) { _extractGroupsForWindowsAccounts = TransportDefaults.ExtractGroupsForWindowsAccounts; _protectionLevel = bindingElement.ProtectionLevel; _scheme = context.Binding.Scheme; _isClient = isClient; _listenUri = TransportSecurityHelpers.GetListenUri(context.ListenUriBaseAddress, context.ListenUriRelativeAddress); SecurityCredentialsManager credentialProvider = context.BindingParameters.Find <SecurityCredentialsManager>(); if (credentialProvider == null) { if (isClient) { credentialProvider = ClientCredentials.CreateDefaultCredentials(); } else { throw ExceptionHelper.PlatformNotSupported("WindowsStreamSecurityUpgradeProvider for server is not supported."); } } _securityTokenManager = credentialProvider.CreateSecurityTokenManager(); }
static PeerSecurityCredentialsManager GetCredentialsManager(PeerAuthenticationMode mode, bool signing, BindingContext context) { if (mode == PeerAuthenticationMode.None && !signing) { return(null); } ClientCredentials clientCredentials = context.BindingParameters.Find <ClientCredentials>(); if (clientCredentials != null) { return(new PeerSecurityCredentialsManager(clientCredentials.Peer, mode, signing)); } ServiceCredentials serviceCredentials = context.BindingParameters.Find <ServiceCredentials>(); if (serviceCredentials != null) { return(new PeerSecurityCredentialsManager(serviceCredentials.Peer, mode, signing)); } SecurityCredentialsManager credman = context.BindingParameters.Find <SecurityCredentialsManager>(); if (credman == null) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Credentials); } return(new PeerSecurityCredentialsManager(credman.CreateSecurityTokenManager(), mode, signing)); }
public static SslStreamSecurityUpgradeProvider CreateServerProvider(SslStreamSecurityBindingElement bindingElement, BindingContext context) { SecurityCredentialsManager manager = context.BindingParameters.Find <SecurityCredentialsManager>(); if (manager == null) { manager = ServiceCredentials.CreateDefaultCredentials(); } Uri listenUri = TransportSecurityHelpers.GetListenUri(context.ListenUriBaseAddress, context.ListenUriRelativeAddress); SecurityTokenManager tokenManager = manager.CreateSecurityTokenManager(); RecipientServiceModelSecurityTokenRequirement tokenRequirement = new RecipientServiceModelSecurityTokenRequirement { TokenType = SecurityTokenTypes.X509Certificate, RequireCryptographicToken = true, KeyUsage = SecurityKeyUsage.Exchange, TransportScheme = context.Binding.Scheme, ListenUri = listenUri }; SecurityTokenProvider serverTokenProvider = tokenManager.CreateSecurityTokenProvider(tokenRequirement); if (serverTokenProvider == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("ClientCredentialsUnableToCreateLocalTokenProvider", new object[] { tokenRequirement }))); } return(new SslStreamSecurityUpgradeProvider(context.Binding, serverTokenProvider, bindingElement.RequireClientCertificate, TransportSecurityHelpers.GetCertificateTokenAuthenticator(tokenManager, context.Binding.Scheme, listenUri), context.Binding.Scheme, bindingElement.IdentityVerifier)); }
public WindowsStreamSecurityUpgradeProvider(WindowsStreamSecurityBindingElement bindingElement, BindingContext context, bool isClient) : base(context.Binding) { this.extractGroupsForWindowsAccounts = TransportDefaults.ExtractGroupsForWindowsAccounts; this.protectionLevel = bindingElement.ProtectionLevel; this.scheme = context.Binding.Scheme; this.isClient = isClient; this.listenUri = TransportSecurityHelpers.GetListenUri(context.ListenUriBaseAddress, context.ListenUriRelativeAddress); SecurityCredentialsManager credentialProvider = context.BindingParameters.Find <SecurityCredentialsManager>(); if (credentialProvider == null) { if (isClient) { credentialProvider = ClientCredentials.CreateDefaultCredentials(); } else { credentialProvider = ServiceCredentials.CreateDefaultCredentials(); } } this.securityTokenManager = credentialProvider.CreateSecurityTokenManager(); }
public HttpsChannelListener(HttpsTransportBindingElement httpsBindingElement, BindingContext context) : base(httpsBindingElement, context) { this.requireClientCertificate = httpsBindingElement.RequireClientCertificate; SecurityCredentialsManager manager = context.BindingParameters.Find <SecurityCredentialsManager>(); if (manager == null) { manager = ServiceCredentials.CreateDefaultCredentials(); } SecurityTokenManager tokenManager = manager.CreateSecurityTokenManager(); this.certificateAuthenticator = TransportSecurityHelpers.GetCertificateTokenAuthenticator(tokenManager, context.Binding.Scheme, TransportSecurityHelpers.GetListenUri(context.ListenUriBaseAddress, context.ListenUriRelativeAddress)); ServiceCredentials credentials = manager as ServiceCredentials; if ((credentials != null) && (credentials.ClientCertificate.Authentication.CertificateValidationMode == X509CertificateValidationMode.Custom)) { this.useCustomClientCertificateVerification = true; } else { this.useCustomClientCertificateVerification = false; X509SecurityTokenAuthenticator certificateAuthenticator = this.certificateAuthenticator as X509SecurityTokenAuthenticator; if (certificateAuthenticator != null) { this.certificateAuthenticator = new X509SecurityTokenAuthenticator(X509CertificateValidator.None, certificateAuthenticator.MapCertificateToWindowsAccount, base.ExtractGroupsForWindowsAccounts, false); } } if (this.RequireClientCertificate && (base.AuthenticationScheme != AuthenticationSchemes.Anonymous)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new InvalidOperationException(System.ServiceModel.SR.GetString("HttpAuthSchemeAndClientCert", new object[] { base.AuthenticationScheme })), TraceEventType.Error); } this.channelBindingProvider = new ChannelBindingProviderHelper(); }
public static SslStreamSecurityUpgradeProvider CreateServerProvider( SslStreamSecurityBindingElement bindingElement, BindingContext context) { SecurityCredentialsManager credentialProvider = context.BindingParameters.Find <SecurityCredentialsManager>(); if (credentialProvider == null) { credentialProvider = ServiceCredentials.CreateDefaultCredentials(); } Uri listenUri = TransportSecurityHelpers.GetListenUri(context.ListenUriBaseAddress, context.ListenUriRelativeAddress); SecurityTokenManager tokenManager = credentialProvider.CreateSecurityTokenManager(); RecipientServiceModelSecurityTokenRequirement serverCertRequirement = new RecipientServiceModelSecurityTokenRequirement(); serverCertRequirement.TokenType = SecurityTokenTypes.X509Certificate; serverCertRequirement.RequireCryptographicToken = true; serverCertRequirement.KeyUsage = SecurityKeyUsage.Exchange; serverCertRequirement.TransportScheme = context.Binding.Scheme; serverCertRequirement.ListenUri = listenUri; SecurityTokenProvider tokenProvider = tokenManager.CreateSecurityTokenProvider(serverCertRequirement); if (tokenProvider == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.ClientCredentialsUnableToCreateLocalTokenProvider, serverCertRequirement))); } SecurityTokenAuthenticator certificateAuthenticator = TransportSecurityHelpers.GetCertificateTokenAuthenticator(tokenManager, context.Binding.Scheme, listenUri); return(new SslStreamSecurityUpgradeProvider(context.Binding, tokenProvider, bindingElement.RequireClientCertificate, certificateAuthenticator, context.Binding.Scheme, bindingElement.IdentityVerifier, bindingElement.SslProtocols)); }
void InitializeSecurityTokenManager(BindingContext context) { SecurityCredentialsManager credentials = context.BindingParameters.Find <SecurityCredentialsManager>(); if (credentials != null) { this.securityTokenManager = credentials.CreateSecurityTokenManager(); } }
public static SslStreamSecurityUpgradeProvider CreateClientProvider(SslStreamSecurityBindingElement bindingElement, BindingContext context) { SecurityCredentialsManager manager = context.BindingParameters.Find <SecurityCredentialsManager>(); if (manager == null) { manager = ClientCredentials.CreateDefaultCredentials(); } return(new SslStreamSecurityUpgradeProvider(context.Binding, manager.CreateSecurityTokenManager(), bindingElement.RequireClientCertificate, context.Binding.Scheme, bindingElement.IdentityVerifier)); }
public HttpsChannelListener(HttpsTransportBindingElement httpsBindingElement, BindingContext context) : base(httpsBindingElement, context) { this.requireClientCertificate = httpsBindingElement.RequireClientCertificate; this.shouldValidateClientCertificate = ShouldValidateClientCertificate(this.requireClientCertificate, context); // Pick up the MapCertificateToWindowsAccount setting from the configured token authenticator. SecurityCredentialsManager credentialProvider = context.BindingParameters.Find <SecurityCredentialsManager>(); if (credentialProvider == null) { credentialProvider = ServiceCredentials.CreateDefaultCredentials(); } SecurityTokenManager tokenManager = credentialProvider.CreateSecurityTokenManager(); this.certificateAuthenticator = TransportSecurityHelpers.GetCertificateTokenAuthenticator(tokenManager, context.Binding.Scheme, TransportSecurityHelpers.GetListenUri(context.ListenUriBaseAddress, context.ListenUriRelativeAddress)); ServiceCredentials serviceCredentials = credentialProvider as ServiceCredentials; if (serviceCredentials != null && serviceCredentials.ClientCertificate.Authentication.CertificateValidationMode == X509CertificateValidationMode.Custom) { useCustomClientCertificateVerification = true; } else { useCustomClientCertificateVerification = false; X509SecurityTokenAuthenticator authenticator = this.certificateAuthenticator as X509SecurityTokenAuthenticator; if (authenticator != null) { this.certificateAuthenticator = new X509SecurityTokenAuthenticator(X509CertificateValidator.None, authenticator.MapCertificateToWindowsAccount, this.ExtractGroupsForWindowsAccounts, false); } } if (this.RequireClientCertificate && this.AuthenticationScheme.IsNotSet(AuthenticationSchemes.Anonymous)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new InvalidOperationException(SR.GetString( SR.HttpAuthSchemeAndClientCert, this.AuthenticationScheme)), TraceEventType.Error); } this.channelBindingProvider = new ChannelBindingProviderHelper(); }
protected void SetSecurityTokenAuthenticator(string scheme, BindingContext context) { if (base.ReceiveParameters.TransportSecurity.MsmqAuthenticationMode == MsmqAuthenticationMode.Certificate) { SecurityTokenResolver resolver; SecurityCredentialsManager manager = context.BindingParameters.Find <SecurityCredentialsManager>(); if (manager == null) { manager = ServiceCredentials.CreateDefaultCredentials(); } SecurityTokenManager manager2 = manager.CreateSecurityTokenManager(); RecipientServiceModelSecurityTokenRequirement tokenRequirement = new RecipientServiceModelSecurityTokenRequirement { TokenType = SecurityTokenTypes.X509Certificate, TransportScheme = scheme, ListenUri = this.Uri, KeyUsage = SecurityKeyUsage.Signature }; this.x509SecurityTokenAuthenticator = manager2.CreateSecurityTokenAuthenticator(tokenRequirement, out resolver); } }
public WindowsStreamSecurityUpgradeProvider(WindowsStreamSecurityBindingElement bindingElement, BindingContext context, bool isClient) : base(context.Binding) { Contract.Assert(isClient, ".NET Core and .NET Native does not support server side"); _extractGroupsForWindowsAccounts = TransportDefaults.ExtractGroupsForWindowsAccounts; _protectionLevel = bindingElement.ProtectionLevel; _scheme = context.Binding.Scheme; _isClient = isClient; _listenUri = TransportSecurityHelpers.GetListenUri(context.ListenUriBaseAddress, context.ListenUriRelativeAddress); SecurityCredentialsManager credentialProvider = context.BindingParameters.Find <SecurityCredentialsManager>(); if (credentialProvider == null) { credentialProvider = ClientCredentials.CreateDefaultCredentials(); } _securityTokenManager = credentialProvider.CreateSecurityTokenManager(); }