protected static void SetIssuerBindingContextIfRequired(SecurityTokenParameters parameters, BindingContext issuerBindingContext) { // Only needed for SslSecurityTokenParameters and SspiSecurityTokenParameters which aren't supported }
protected internal SecurityTokenReferenceStyle GetTokenReferenceStyle(SecurityTokenParameters parameters) { return((ShouldSerializeToken(parameters, this.MessageDirection)) ? SecurityTokenReferenceStyle.Internal : SecurityTokenReferenceStyle.External); }
private static bool AreTokenParametersMatching(SecurityTokenParameters p1, SecurityTokenParameters p2, bool skipRequireDerivedKeysComparison, bool exactMessageSecurityVersion) { if (p1 == null || p2 == null) { return(false); } if (p1.GetType() != p2.GetType()) { return(false); } if (p1.InclusionMode != p2.InclusionMode) { return(false); } if (skipRequireDerivedKeysComparison == false && p1.RequireDerivedKeys != p2.RequireDerivedKeys) { return(false); } if (p1.ReferenceStyle != p2.ReferenceStyle) { return(false); } // mutual ssl and anonymous ssl differ in the client cert requirement if (p1 is SslSecurityTokenParameters) { if (((SslSecurityTokenParameters)p1).RequireClientCertificate != ((SslSecurityTokenParameters)p2).RequireClientCertificate) { return(false); } } else if (p1 is SecureConversationSecurityTokenParameters) { SecureConversationSecurityTokenParameters sc1 = (SecureConversationSecurityTokenParameters)p1; SecureConversationSecurityTokenParameters sc2 = (SecureConversationSecurityTokenParameters)p2; if (sc1.RequireCancellation != sc2.RequireCancellation) { return(false); } if (sc1.CanRenewSession != sc2.CanRenewSession) { return(false); } if (!AreBindingsMatching(sc1.BootstrapSecurityBindingElement, sc2.BootstrapSecurityBindingElement, exactMessageSecurityVersion)) { return(false); } } else if (p1 is IssuedSecurityTokenParameters) { if (((IssuedSecurityTokenParameters)p1).KeyType != ((IssuedSecurityTokenParameters)p2).KeyType) { return(false); } } return(true); }
protected override void WriteSecurityTokenReferencyEntry(XmlDictionaryWriter writer, SecurityToken securityToken, SecurityTokenParameters securityTokenParameters) { return; }
public override bool TryImportWsspRsaTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters) { parameters = null; SecurityTokenInclusionMode inclusionMode; Collection <Collection <XmlElement> > alternatives; if (IsWsspAssertion(assertion, KeyValueTokenName) && TryGetIncludeTokenValue(assertion, out inclusionMode) && TryGetNestedPolicyAlternatives(importer, assertion, out alternatives) == false) { parameters = new RsaSecurityTokenParameters(); parameters.InclusionMode = inclusionMode; } return(parameters != null); }
public SecurityTokenEntry(SecurityToken token, SecurityTokenParameters tokenParameters, SecurityTokenReferenceStyle allowedReferenceStyle) { Token = token; TokenParameters = tokenParameters; AllowedReferenceStyle = allowedReferenceStyle; }
public SupportingTokenAuthenticatorSpecification(SecurityTokenAuthenticator tokenAuthenticator, SecurityTokenResolver securityTokenResolver, SecurityTokenAttachmentMode attachmentMode, SecurityTokenParameters tokenParameters) : this(tokenAuthenticator, securityTokenResolver, attachmentMode, tokenParameters, false) { }
public override bool TryImportWsspSecureConversationTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters) { parameters = null; SecurityTokenInclusionMode inclusionMode; Collection <Collection <XmlElement> > alternatives; if (IsWsspAssertion(assertion, SecureConversationTokenName) && TryGetIncludeTokenValue(assertion, out inclusionMode)) { if (TryGetNestedPolicyAlternatives(importer, assertion, out alternatives)) { foreach (Collection <XmlElement> alternative in alternatives) { SecureConversationSecurityTokenParameters sc = new SecureConversationSecurityTokenParameters(); parameters = sc; bool requireCancellation; bool canRenewSession; if (TryImportWsspRequireDerivedKeysAssertion(alternative, sc) && TryImportWsspMustNotSendCancelAssertion(alternative, out requireCancellation) && TryImportWsspMustNotSendAmendAssertion(alternative) && TryImportWsspMustNotSendRenewAssertion(alternative, out canRenewSession) && TryImportWsspBootstrapPolicyAssertion(importer, alternative, sc) && alternative.Count == 0) { sc.RequireCancellation = requireCancellation; sc.CanRenewSession = canRenewSession; sc.InclusionMode = inclusionMode; break; } else { parameters = null; } } } else { parameters = new SecureConversationSecurityTokenParameters(); parameters.InclusionMode = inclusionMode; parameters.RequireDerivedKeys = false; } } return(parameters != null); }
public AsymmetricSecurityBindingElement( SecurityTokenParameters recipientTokenParameters) : this(recipientTokenParameters, null) { }
/// <summary>Initializes a new instance of the <see cref="T:System.ServiceModel.Channels.SymmetricSecurityBindingElement" /> class using specified security token parameters. </summary> /// <param name="protectionTokenParameters">The <see cref="T:System.ServiceModel.Security.Tokens.SecurityTokenParameters" />.</param> public SymmetricSecurityBindingElement(SecurityTokenParameters protectionTokenParameters) { this.messageProtectionOrder = MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature; this.requireSignatureConfirmation = false; this.protectionTokenParameters = protectionTokenParameters; }
private InitiatorServiceModelSecurityTokenRequirement CreateInitiatorSecurityTokenRequirement(SecurityTokenParameters parameters, SecurityTokenAttachmentMode attachmentMode) { InitiatorServiceModelSecurityTokenRequirement requirement = this.CreateInitiatorSecurityTokenRequirement(); parameters.InitializeSecurityTokenRequirement(requirement); requirement.KeyUsage = SecurityKeyUsage.Signature; requirement.Properties[ServiceModelSecurityTokenRequirement.MessageDirectionProperty] = MessageDirection.Output; requirement.Properties[ServiceModelSecurityTokenRequirement.SupportingTokenAttachmentModeProperty] = attachmentMode; return(requirement); }
internal SupportingTokenAuthenticatorSpecification(SecurityTokenAuthenticator tokenAuthenticator, SecurityTokenResolver securityTokenResolver, SecurityTokenAttachmentMode attachmentMode, SecurityTokenParameters tokenParameters, bool isTokenOptional) { if (tokenAuthenticator == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenAuthenticator"); } SecurityTokenAttachmentModeHelper.Validate(attachmentMode); if (tokenParameters == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenParameters"); } _tokenAuthenticator = tokenAuthenticator; _tokenResolver = securityTokenResolver; _tokenAttachmentMode = attachmentMode; _tokenParameters = tokenParameters; _isTokenOptional = isTokenOptional; }
void GetTokensForOutgoingMessages(out SecurityToken signingToken, out SecurityToken encryptionToken, out SecurityTokenParameters tokenParameters) { lock (ThisLock) { if (requireDerivedKeys) { signingToken = this.derivedSignatureToken; encryptionToken = this.derivedEncryptionToken; } else { signingToken = encryptionToken = this.outgoingSessionToken; } } tokenParameters = this.Factory.GetTokenParameters(); }
SecurityToken GetExchangeToken(SecurityTokenParameters p) { return(GetToken(CreateRequirement(), p, SecurityKeyUsage.Exchange)); }
internal SupportingTokenAuthenticatorSpecification(SecurityTokenAuthenticator tokenAuthenticator, SecurityTokenResolver securityTokenResolver, SecurityTokenAttachmentMode attachmentMode, SecurityTokenParameters tokenParameters, bool isTokenOptional) { SecurityTokenAttachmentModeHelper.Validate(attachmentMode); TokenAuthenticator = tokenAuthenticator ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(tokenAuthenticator)); TokenResolver = securityTokenResolver; SecurityTokenAttachmentMode = attachmentMode; TokenParameters = tokenParameters ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(tokenParameters)); _isTokenOptional = isTokenOptional; }
public override bool TryImportMsspSslContextTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters) { parameters = null; SecurityTokenInclusionMode inclusionMode; Collection <Collection <XmlElement> > alternatives; if (IsMsspAssertion(assertion, SslContextTokenName) && TryGetIncludeTokenValue(assertion, out inclusionMode)) { if (TryGetNestedPolicyAlternatives(importer, assertion, out alternatives)) { foreach (Collection <XmlElement> alternative in alternatives) { SslSecurityTokenParameters ssl = new SslSecurityTokenParameters(); parameters = ssl; bool requireCancellation; bool canRenewSession; if (TryImportWsspRequireDerivedKeysAssertion(alternative, ssl) && TryImportWsspMustNotSendCancelAssertion(alternative, out requireCancellation) && TryImportWsspMustNotSendAmendAssertion(alternative) // We do not support Renew for spnego and sslnego. Read the // assertion if present and ignore it. && TryImportWsspMustNotSendRenewAssertion(alternative, out canRenewSession) && TryImportMsspRequireClientCertificateAssertion(alternative, ssl) && alternative.Count == 0) { // Client always set this to true to match the standardbinding. // This setting on client has no effect for spnego and sslnego. ssl.RequireCancellation = true; ssl.InclusionMode = inclusionMode; break; } else { parameters = null; } } } else { parameters = new SslSecurityTokenParameters(); parameters.RequireDerivedKeys = false; parameters.InclusionMode = inclusionMode; } } return(parameters != null); }
protected static void SetIssuerBindingContextIfRequired(SecurityTokenParameters parameters, BindingContext issuerBindingContext) { throw ExceptionHelper.PlatformNotSupported("SetIssuerBindingContextIfRequired is not supported."); }
public override bool TryImportWsspRequireDerivedKeysAssertion(ICollection <XmlElement> assertions, SecurityTokenParameters parameters) { parameters.RequireDerivedKeys = TryImportWsspAssertion(assertions, WSSecurityPolicy.RequireDerivedKeysName); if (!parameters.RequireDerivedKeys) { parameters.RequireDerivedKeys = TryImportWsspAssertion(assertions, WSSecurityPolicy12.RequireExplicitDerivedKeysName); } if (!parameters.RequireDerivedKeys) { XmlElement assertion = null; if (TryImportWsspAssertion(assertions, WSSecurityPolicy12.RequireImpliedDerivedKeysName, out assertion)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(string.Format(SRServiceModel.UnsupportedSecurityPolicyAssertion, assertion.OuterXml))); } } return(true); }
internal bool RequiresChannelDemuxer(SecurityTokenParameters parameters) { throw ExceptionHelper.PlatformNotSupported("RequiresChannelDemuxer is not supported."); }
CustomBinding CreateBinding(RequestSender sender, SecurityTokenParameters protectionTokenParameters) { return(CreateBinding(sender, protectionTokenParameters, false)); }
public SupportingTokenProviderSpecification(SecurityTokenProvider tokenProvider, SecurityTokenAttachmentMode attachmentMode, SecurityTokenParameters tokenParameters) { if (tokenProvider == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenProvider"); } SecurityTokenAttachmentModeHelper.Validate(attachmentMode); if (tokenParameters == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenParameters"); } this.tokenProvider = tokenProvider; this.tokenAttachmentMode = attachmentMode; this.tokenParameters = tokenParameters; }
public void Add(SecurityToken token, SecurityTokenReferenceStyle allowedReferenceStyle, SecurityTokenParameters tokenParameters) { if (token == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(token)); } if ((allowedReferenceStyle == SecurityTokenReferenceStyle.External) && (tokenParameters == null)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.ResolvingExternalTokensRequireSecurityTokenParameters); } EnsureCapacityToAddToken(); _tokens[_tokenCount++] = new SecurityTokenEntry(token, tokenParameters, allowedReferenceStyle); }
public SymmetricSecurityBindingElement( SecurityTokenParameters protectionTokenParameters) { ProtectionTokenParameters = protectionTokenParameters; }
private RecipientServiceModelSecurityTokenRequirement CreateRecipientSecurityTokenRequirement(SecurityTokenParameters parameters, SecurityTokenAttachmentMode attachmentMode) { RecipientServiceModelSecurityTokenRequirement requirement = CreateRecipientSecurityTokenRequirement(); requirement.KeyUsage = SecurityKeyUsage.Signature; requirement.Properties[ServiceModelSecurityTokenRequirement.MessageDirectionProperty] = MessageDirection.Input; requirement.Properties[ServiceModelSecurityTokenRequirement.SupportingTokenAttachmentModeProperty] = attachmentMode; requirement.Properties[ServiceModelSecurityTokenRequirement.ExtendedProtectionPolicy] = _extendedProtectionPolicy; return(requirement); }
public abstract SecurityTokenAuthenticator CreateTokenAuthenticator(SecurityTokenParameters p, out SecurityTokenResolver resolver);
private void AddPrimaryTokenSignatureReference(SecurityToken token, SecurityTokenParameters securityTokenParameters) { return; }
SecurityToken GetSigningToken(SecurityTokenParameters p) { return(GetToken(CreateRequirement(), p, SecurityKeyUsage.Signature)); }
internal bool RequiresChannelDemuxer(SecurityTokenParameters parameters) { return(parameters is SecureConversationSecurityTokenParameters); }
protected abstract void WriteSecurityTokenReferencyEntry(XmlDictionaryWriter writer, SecurityToken securityToken, SecurityTokenParameters securityTokenParameters);