protected static void SetIssuerBindingContextIfRequired(SecurityTokenParameters parameters, BindingContext issuerBindingContext)
{
// Only needed for SslSecurityTokenParameters and SspiSecurityTokenParameters which aren't supported
}
protected internal SecurityTokenReferenceStyle GetTokenReferenceStyle(SecurityTokenParameters parameters)
{
return((ShouldSerializeToken(parameters, this.MessageDirection)) ? SecurityTokenReferenceStyle.Internal : SecurityTokenReferenceStyle.External);
}
private static bool AreTokenParametersMatching(SecurityTokenParameters p1, SecurityTokenParameters p2, bool skipRequireDerivedKeysComparison, bool exactMessageSecurityVersion)
{
if (p1 == null || p2 == null)
{
return(false);
}
if (p1.GetType() != p2.GetType())
{
return(false);
}
if (p1.InclusionMode != p2.InclusionMode)
{
return(false);
}
if (skipRequireDerivedKeysComparison == false && p1.RequireDerivedKeys != p2.RequireDerivedKeys)
{
return(false);
}
if (p1.ReferenceStyle != p2.ReferenceStyle)
{
return(false);
}
// mutual ssl and anonymous ssl differ in the client cert requirement
if (p1 is SslSecurityTokenParameters)
{
if (((SslSecurityTokenParameters)p1).RequireClientCertificate != ((SslSecurityTokenParameters)p2).RequireClientCertificate)
{
return(false);
}
}
else if (p1 is SecureConversationSecurityTokenParameters)
{
SecureConversationSecurityTokenParameters sc1 = (SecureConversationSecurityTokenParameters)p1;
SecureConversationSecurityTokenParameters sc2 = (SecureConversationSecurityTokenParameters)p2;
if (sc1.RequireCancellation != sc2.RequireCancellation)
{
return(false);
}
if (sc1.CanRenewSession != sc2.CanRenewSession)
{
return(false);
}
if (!AreBindingsMatching(sc1.BootstrapSecurityBindingElement, sc2.BootstrapSecurityBindingElement, exactMessageSecurityVersion))
{
return(false);
}
}
else if (p1 is IssuedSecurityTokenParameters)
{
if (((IssuedSecurityTokenParameters)p1).KeyType != ((IssuedSecurityTokenParameters)p2).KeyType)
{
return(false);
}
}
return(true);
}
protected override void WriteSecurityTokenReferencyEntry(XmlDictionaryWriter writer, SecurityToken securityToken, SecurityTokenParameters securityTokenParameters)
{
return;
}
public override bool TryImportWsspRsaTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters)
{
parameters = null;
SecurityTokenInclusionMode inclusionMode;
Collection <Collection <XmlElement> > alternatives;
if (IsWsspAssertion(assertion, KeyValueTokenName) &&
TryGetIncludeTokenValue(assertion, out inclusionMode) &&
TryGetNestedPolicyAlternatives(importer, assertion, out alternatives) == false)
{
parameters = new RsaSecurityTokenParameters();
parameters.InclusionMode = inclusionMode;
}
return(parameters != null);
}
public SecurityTokenEntry(SecurityToken token, SecurityTokenParameters tokenParameters, SecurityTokenReferenceStyle allowedReferenceStyle)
{
Token = token;
TokenParameters = tokenParameters;
AllowedReferenceStyle = allowedReferenceStyle;
}
public SupportingTokenAuthenticatorSpecification(SecurityTokenAuthenticator tokenAuthenticator, SecurityTokenResolver securityTokenResolver, SecurityTokenAttachmentMode attachmentMode, SecurityTokenParameters tokenParameters)
: this(tokenAuthenticator, securityTokenResolver, attachmentMode, tokenParameters, false)
{
}
public override bool TryImportWsspSecureConversationTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters)
{
parameters = null;
SecurityTokenInclusionMode inclusionMode;
Collection <Collection <XmlElement> > alternatives;
if (IsWsspAssertion(assertion, SecureConversationTokenName) &&
TryGetIncludeTokenValue(assertion, out inclusionMode))
{
if (TryGetNestedPolicyAlternatives(importer, assertion, out alternatives))
{
foreach (Collection <XmlElement> alternative in alternatives)
{
SecureConversationSecurityTokenParameters sc = new SecureConversationSecurityTokenParameters();
parameters = sc;
bool requireCancellation;
bool canRenewSession;
if (TryImportWsspRequireDerivedKeysAssertion(alternative, sc) &&
TryImportWsspMustNotSendCancelAssertion(alternative, out requireCancellation) &&
TryImportWsspMustNotSendAmendAssertion(alternative) &&
TryImportWsspMustNotSendRenewAssertion(alternative, out canRenewSession) &&
TryImportWsspBootstrapPolicyAssertion(importer, alternative, sc) &&
alternative.Count == 0)
{
sc.RequireCancellation = requireCancellation;
sc.CanRenewSession = canRenewSession;
sc.InclusionMode = inclusionMode;
break;
}
else
{
parameters = null;
}
}
}
else
{
parameters = new SecureConversationSecurityTokenParameters();
parameters.InclusionMode = inclusionMode;
parameters.RequireDerivedKeys = false;
}
}
return(parameters != null);
}
public AsymmetricSecurityBindingElement(
SecurityTokenParameters recipientTokenParameters)
: this(recipientTokenParameters, null)
{
}
/// <summary>Initializes a new instance of the <see cref="T:System.ServiceModel.Channels.SymmetricSecurityBindingElement" /> class using specified security token parameters. </summary>
/// <param name="protectionTokenParameters">The <see cref="T:System.ServiceModel.Security.Tokens.SecurityTokenParameters" />.</param>
public SymmetricSecurityBindingElement(SecurityTokenParameters protectionTokenParameters)
{
this.messageProtectionOrder = MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature;
this.requireSignatureConfirmation = false;
this.protectionTokenParameters = protectionTokenParameters;
}
private InitiatorServiceModelSecurityTokenRequirement CreateInitiatorSecurityTokenRequirement(SecurityTokenParameters parameters, SecurityTokenAttachmentMode attachmentMode)
{
InitiatorServiceModelSecurityTokenRequirement requirement = this.CreateInitiatorSecurityTokenRequirement();
parameters.InitializeSecurityTokenRequirement(requirement);
requirement.KeyUsage = SecurityKeyUsage.Signature;
requirement.Properties[ServiceModelSecurityTokenRequirement.MessageDirectionProperty] = MessageDirection.Output;
requirement.Properties[ServiceModelSecurityTokenRequirement.SupportingTokenAttachmentModeProperty] = attachmentMode;
return(requirement);
}
internal SupportingTokenAuthenticatorSpecification(SecurityTokenAuthenticator tokenAuthenticator, SecurityTokenResolver securityTokenResolver, SecurityTokenAttachmentMode attachmentMode, SecurityTokenParameters tokenParameters, bool isTokenOptional)
{
if (tokenAuthenticator == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenAuthenticator");
}
SecurityTokenAttachmentModeHelper.Validate(attachmentMode);
if (tokenParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenParameters");
}
_tokenAuthenticator = tokenAuthenticator;
_tokenResolver = securityTokenResolver;
_tokenAttachmentMode = attachmentMode;
_tokenParameters = tokenParameters;
_isTokenOptional = isTokenOptional;
}
void GetTokensForOutgoingMessages(out SecurityToken signingToken, out SecurityToken encryptionToken, out SecurityTokenParameters tokenParameters)
{
lock (ThisLock)
{
if (requireDerivedKeys)
{
signingToken = this.derivedSignatureToken;
encryptionToken = this.derivedEncryptionToken;
}
else
{
signingToken = encryptionToken = this.outgoingSessionToken;
}
}
tokenParameters = this.Factory.GetTokenParameters();
}
SecurityToken GetExchangeToken(SecurityTokenParameters p)
{
return(GetToken(CreateRequirement(), p, SecurityKeyUsage.Exchange));
}
internal SupportingTokenAuthenticatorSpecification(SecurityTokenAuthenticator tokenAuthenticator, SecurityTokenResolver securityTokenResolver, SecurityTokenAttachmentMode attachmentMode, SecurityTokenParameters tokenParameters, bool isTokenOptional)
{
SecurityTokenAttachmentModeHelper.Validate(attachmentMode);
TokenAuthenticator = tokenAuthenticator ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(tokenAuthenticator));
TokenResolver = securityTokenResolver;
SecurityTokenAttachmentMode = attachmentMode;
TokenParameters = tokenParameters ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(tokenParameters));
_isTokenOptional = isTokenOptional;
}
public override bool TryImportMsspSslContextTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters)
{
parameters = null;
SecurityTokenInclusionMode inclusionMode;
Collection <Collection <XmlElement> > alternatives;
if (IsMsspAssertion(assertion, SslContextTokenName) &&
TryGetIncludeTokenValue(assertion, out inclusionMode))
{
if (TryGetNestedPolicyAlternatives(importer, assertion, out alternatives))
{
foreach (Collection <XmlElement> alternative in alternatives)
{
SslSecurityTokenParameters ssl = new SslSecurityTokenParameters();
parameters = ssl;
bool requireCancellation;
bool canRenewSession;
if (TryImportWsspRequireDerivedKeysAssertion(alternative, ssl) &&
TryImportWsspMustNotSendCancelAssertion(alternative, out requireCancellation) &&
TryImportWsspMustNotSendAmendAssertion(alternative)
// We do not support Renew for spnego and sslnego. Read the
// assertion if present and ignore it.
&& TryImportWsspMustNotSendRenewAssertion(alternative, out canRenewSession) &&
TryImportMsspRequireClientCertificateAssertion(alternative, ssl) &&
alternative.Count == 0)
{
// Client always set this to true to match the standardbinding.
// This setting on client has no effect for spnego and sslnego.
ssl.RequireCancellation = true;
ssl.InclusionMode = inclusionMode;
break;
}
else
{
parameters = null;
}
}
}
else
{
parameters = new SslSecurityTokenParameters();
parameters.RequireDerivedKeys = false;
parameters.InclusionMode = inclusionMode;
}
}
return(parameters != null);
}
protected static void SetIssuerBindingContextIfRequired(SecurityTokenParameters parameters, BindingContext issuerBindingContext)
{
throw ExceptionHelper.PlatformNotSupported("SetIssuerBindingContextIfRequired is not supported.");
}
public override bool TryImportWsspRequireDerivedKeysAssertion(ICollection <XmlElement> assertions, SecurityTokenParameters parameters)
{
parameters.RequireDerivedKeys = TryImportWsspAssertion(assertions, WSSecurityPolicy.RequireDerivedKeysName);
if (!parameters.RequireDerivedKeys)
{
parameters.RequireDerivedKeys = TryImportWsspAssertion(assertions, WSSecurityPolicy12.RequireExplicitDerivedKeysName);
}
if (!parameters.RequireDerivedKeys)
{
XmlElement assertion = null;
if (TryImportWsspAssertion(assertions, WSSecurityPolicy12.RequireImpliedDerivedKeysName, out assertion))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(string.Format(SRServiceModel.UnsupportedSecurityPolicyAssertion, assertion.OuterXml)));
}
}
return(true);
}
internal bool RequiresChannelDemuxer(SecurityTokenParameters parameters)
{
throw ExceptionHelper.PlatformNotSupported("RequiresChannelDemuxer is not supported.");
}
CustomBinding CreateBinding(RequestSender sender,
SecurityTokenParameters protectionTokenParameters)
{
return(CreateBinding(sender, protectionTokenParameters, false));
}
public SupportingTokenProviderSpecification(SecurityTokenProvider tokenProvider, SecurityTokenAttachmentMode attachmentMode, SecurityTokenParameters tokenParameters)
{
if (tokenProvider == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenProvider");
}
SecurityTokenAttachmentModeHelper.Validate(attachmentMode);
if (tokenParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenParameters");
}
this.tokenProvider = tokenProvider;
this.tokenAttachmentMode = attachmentMode;
this.tokenParameters = tokenParameters;
}
public void Add(SecurityToken token, SecurityTokenReferenceStyle allowedReferenceStyle, SecurityTokenParameters tokenParameters)
{
if (token == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(token));
}
if ((allowedReferenceStyle == SecurityTokenReferenceStyle.External) && (tokenParameters == null))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.ResolvingExternalTokensRequireSecurityTokenParameters);
}
EnsureCapacityToAddToken();
_tokens[_tokenCount++] = new SecurityTokenEntry(token, tokenParameters, allowedReferenceStyle);
}
public SymmetricSecurityBindingElement(
SecurityTokenParameters protectionTokenParameters)
{
ProtectionTokenParameters = protectionTokenParameters;
}
private RecipientServiceModelSecurityTokenRequirement CreateRecipientSecurityTokenRequirement(SecurityTokenParameters parameters, SecurityTokenAttachmentMode attachmentMode)
{
RecipientServiceModelSecurityTokenRequirement requirement = CreateRecipientSecurityTokenRequirement();
requirement.KeyUsage = SecurityKeyUsage.Signature;
requirement.Properties[ServiceModelSecurityTokenRequirement.MessageDirectionProperty] = MessageDirection.Input;
requirement.Properties[ServiceModelSecurityTokenRequirement.SupportingTokenAttachmentModeProperty] = attachmentMode;
requirement.Properties[ServiceModelSecurityTokenRequirement.ExtendedProtectionPolicy] = _extendedProtectionPolicy;
return(requirement);
}
public abstract SecurityTokenAuthenticator CreateTokenAuthenticator(SecurityTokenParameters p, out SecurityTokenResolver resolver);
private void AddPrimaryTokenSignatureReference(SecurityToken token, SecurityTokenParameters securityTokenParameters)
{
return;
}
SecurityToken GetSigningToken(SecurityTokenParameters p)
{
return(GetToken(CreateRequirement(), p, SecurityKeyUsage.Signature));
}
internal bool RequiresChannelDemuxer(SecurityTokenParameters parameters)
{
return(parameters is SecureConversationSecurityTokenParameters);
}
protected abstract void WriteSecurityTokenReferencyEntry(XmlDictionaryWriter writer, SecurityToken securityToken, SecurityTokenParameters securityTokenParameters);
