// this method reverses CreateMutualCertificateBindingElement() logic internal static bool IsUserNameOverTransportBinding(SecurityBindingElement sbe) { // do not check local settings: sbe.LocalServiceSettings and sbe.LocalClientSettings if (!sbe.IncludeTimestamp) { return(false); } if (!(sbe is TransportSecurityBindingElement)) { return(false); } SupportingTokenParameters parameters = sbe.EndpointSupportingTokenParameters; if (parameters.Signed.Count != 0 || parameters.SignedEncrypted.Count != 1 || parameters.Endorsing.Count != 0 || parameters.SignedEndorsing.Count != 0) { return(false); } UserNameSecurityTokenParameters userNameParameters = parameters.SignedEncrypted[0] as UserNameSecurityTokenParameters; if (userNameParameters == null) { return(false); } return(true); }
internal SecurityBindingElement(SecurityBindingElement elementToBeCloned) : base(elementToBeCloned) { if (elementToBeCloned == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("elementToBeCloned"); } this.defaultAlgorithmSuite = elementToBeCloned.defaultAlgorithmSuite; this.includeTimestamp = elementToBeCloned.includeTimestamp; this.keyEntropyMode = elementToBeCloned.keyEntropyMode; this.messageSecurityVersion = elementToBeCloned.messageSecurityVersion; this.securityHeaderLayout = elementToBeCloned.securityHeaderLayout; this.endpointSupportingTokenParameters = (SupportingTokenParameters)elementToBeCloned.endpointSupportingTokenParameters.Clone(); this.optionalEndpointSupportingTokenParameters = (SupportingTokenParameters)elementToBeCloned.optionalEndpointSupportingTokenParameters.Clone(); this.operationSupportingTokenParameters = new Dictionary <string, SupportingTokenParameters>(); foreach (string key in elementToBeCloned.operationSupportingTokenParameters.Keys) { this.operationSupportingTokenParameters[key] = (SupportingTokenParameters)elementToBeCloned.operationSupportingTokenParameters[key].Clone(); } this.optionalOperationSupportingTokenParameters = new Dictionary <string, SupportingTokenParameters>(); foreach (string key in elementToBeCloned.optionalOperationSupportingTokenParameters.Keys) { this.optionalOperationSupportingTokenParameters[key] = (SupportingTokenParameters)elementToBeCloned.optionalOperationSupportingTokenParameters[key].Clone(); } this.localServiceSettings = (LocalServiceSecuritySettings)elementToBeCloned.localServiceSettings.Clone(); // this.internalDuplexBindingElement = elementToBeCloned.internalDuplexBindingElement; this.maxReceivedMessageSize = elementToBeCloned.maxReceivedMessageSize; this.readerQuotas = elementToBeCloned.readerQuotas; this.doNotEmitTrust = elementToBeCloned.doNotEmitTrust; this.allowInsecureTransport = elementToBeCloned.allowInsecureTransport; this.enableUnsecuredResponse = elementToBeCloned.enableUnsecuredResponse; this.supportsExtendedProtectionPolicy = elementToBeCloned.supportsExtendedProtectionPolicy; this.protectTokens = elementToBeCloned.protectTokens; }
private void ImportOperationScopeSupportingTokensPolicy(MetadataImporter importer, PolicyConversionContext policyContext, SecurityBindingElement binding) { foreach (OperationDescription description in policyContext.Contract.Operations) { string action = null; foreach (MessageDescription description2 in description.Messages) { if (description2.Direction == MessageDirection.Input) { action = description2.Action; break; } } SupportingTokenParameters requirements = new SupportingTokenParameters(); SupportingTokenParameters optionalRequirements = new SupportingTokenParameters(); ICollection <XmlElement> operationBindingAssertions = policyContext.GetOperationBindingAssertions(description); this.ImportSupportingTokenAssertions(importer, policyContext, operationBindingAssertions, requirements, optionalRequirements); if (((requirements.Endorsing.Count > 0) || (requirements.Signed.Count > 0)) || ((requirements.SignedEncrypted.Count > 0) || (requirements.SignedEndorsing.Count > 0))) { if (action == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("CannotImportSupportingTokensForOperationWithoutRequestAction"))); } binding.OperationSupportingTokenParameters[action] = requirements; } if (((optionalRequirements.Endorsing.Count > 0) || (optionalRequirements.Signed.Count > 0)) || ((optionalRequirements.SignedEncrypted.Count > 0) || (optionalRequirements.SignedEndorsing.Count > 0))) { if (action == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("CannotImportSupportingTokensForOperationWithoutRequestAction"))); } binding.OptionalOperationSupportingTokenParameters[action] = optionalRequirements; } } }
// this method reverses CreateMutualCertificateBindingElement() logic internal static bool IsCertificateOverTransportBinding(SecurityBindingElement sbe) { // do not check local settings: sbe.LocalServiceSettings and sbe.LocalClientSettings if (!sbe.IncludeTimestamp) { return(false); } if (!(sbe is TransportSecurityBindingElement)) { return(false); } SupportingTokenParameters parameters = sbe.EndpointSupportingTokenParameters; if (parameters.Signed.Count != 0 || parameters.SignedEncrypted.Count != 0 || parameters.Endorsing.Count != 1 || parameters.SignedEndorsing.Count != 0) { return(false); } if (!(parameters.Endorsing[0] is X509SecurityTokenParameters x509Parameters)) { return(false); } if (x509Parameters.InclusionMode != SecurityTokenInclusionMode.AlwaysToRecipient) { return(false); } return(x509Parameters.X509ReferenceStyle == X509KeyIdentifierClauseType.Any || x509Parameters.X509ReferenceStyle == X509KeyIdentifierClauseType.Thumbprint); }
void ValidateTokensByParameters(SupportingTokenParameters supp, List <SupportingTokenInfo> tokens, bool optional) { ValidateTokensByParameters(supp.Endorsing, tokens, optional, SecurityTokenAttachmentMode.Endorsing); ValidateTokensByParameters(supp.Signed, tokens, optional, SecurityTokenAttachmentMode.Signed); ValidateTokensByParameters(supp.SignedEndorsing, tokens, optional, SecurityTokenAttachmentMode.SignedEndorsing); ValidateTokensByParameters(supp.SignedEncrypted, tokens, optional, SecurityTokenAttachmentMode.SignedEncrypted); }
public static void Property_Signed() { SupportingTokenParameters stp = new SupportingTokenParameters(); Assert.NotNull(stp.Signed); Assert.Equal(new Collection <SecurityTokenParameters>(), stp.Signed); }
public void DefaultItems() { SupportingTokenParameters p = new SupportingTokenParameters(); Assert.AreEqual(0, p.Endorsing.Count, "#1"); Assert.AreEqual(0, p.Signed.Count, "#2"); Assert.AreEqual(0, p.SignedEncrypted.Count, "#3"); Assert.AreEqual(0, p.SignedEndorsing.Count, "#4"); }
internal SecurityBindingElement() : base() { _messageSecurityVersion = MessageSecurityVersion.Default; _includeTimestamp = defaultIncludeTimestamp; _localClientSettings = new LocalClientSecuritySettings(); _endpointSupportingTokenParameters = new SupportingTokenParameters(); _securityHeaderLayout = SecurityProtocolFactory.defaultSecurityHeaderLayout; }
public static void AssertSupportingTokenParameters( int endorsing, int signed, int signedEncrypted, int signedEndorsing, SupportingTokenParameters tp, string label) { Assert.IsNotNull(tp, label + " IsNotNull"); Assert.AreEqual(endorsing, tp.Endorsing.Count, label + ".Endoring.Count"); Assert.AreEqual(signed, tp.Signed.Count, label + ".Signed.Count"); Assert.AreEqual(signedEncrypted, tp.SignedEncrypted.Count, label + ".SignedEncrypted.Count"); Assert.AreEqual(signedEndorsing, tp.SignedEndorsing.Count, label + ".SignedEndorsing.Count"); }
internal SecurityBindingElement() : base() { _messageSecurityVersion = MessageSecurityVersion.Default; _includeTimestamp = defaultIncludeTimestamp; _localClientSettings = new LocalClientSecuritySettings(); _endpointSupportingTokenParameters = new SupportingTokenParameters(); _securityHeaderLayout = SecurityProtocolFactory.defaultSecurityHeaderLayout; throw ExceptionHelper.PlatformNotSupported("SecurityBindingElement is not supported"); }
private SecurityBindingElement CreateSecurityBindingElement() { // Create an issued token parameters object. IssuedSecurityTokenParameters issuedSecTok = new IssuedSecurityTokenParameters(); // Create a security binding element with the parameter object. SymmetricSecurityBindingElement secBindingEle = SecurityBindingElement.CreateIssuedTokenBindingElement(issuedSecTok); // Create a Kerberos token parameter object and set the inclusion // mode to AlwaysToRecipient. Add the object as an endorsing token for // all operations of the endpoint. KerberosSecurityTokenParameters kstp = new KerberosSecurityTokenParameters(); kstp.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient; secBindingEle.EndpointSupportingTokenParameters.Endorsing.Add(kstp); // Create a username token parameter object and set its // RequireDerivedKeys to false. UserNameSecurityTokenParameters userNameParams = new UserNameSecurityTokenParameters(); userNameParams.RequireDerivedKeys = false; // Create a collection object for supporting tokens. SupportingTokenParameters stp = new SupportingTokenParameters(); // Add the previously created supporting tokens. stp.Endorsing.Add(issuedSecTok); stp.SignedEncrypted.Add(userNameParams); // Create a generic dictionary item, a KeyValuePair object // that includes all supporting token parameters. Then add // it to the dictionary for operation-scope supporting tokens. KeyValuePair <string, SupportingTokenParameters> x = new KeyValuePair <string, SupportingTokenParameters>("1", stp); secBindingEle.OperationSupportingTokenParameters.Add(x); // See all dictionary items for the supporting tokens. Console.WriteLine("Reading Kevalue pairs"); foreach (KeyValuePair <string, SupportingTokenParameters> kvp in secBindingEle.OperationSupportingTokenParameters) { Console.WriteLine("{0}: {1}", kvp.Key, kvp.Value); } Console.ReadLine(); return(secBindingEle); }
internal SecurityBindingElement() { DefaultAlgorithmSuite = SecurityAlgorithmSuite.Default; MessageSecurityVersion = MessageSecurityVersion.Default; IncludeTimestamp = true; KeyEntropyMode = SecurityKeyEntropyMode.CombinedEntropy; endpoint = new SupportingTokenParameters(); operation = new Dictionary <string, SupportingTokenParameters> (); opt_endpoint = new SupportingTokenParameters(); opt_operation = new Dictionary <string, SupportingTokenParameters> (); client_settings = new LocalClientSecuritySettings(); service_settings = new LocalServiceSecuritySettings(); }
internal SecurityBindingElement() : base() { _messageSecurityVersion = MessageSecurityVersion.Default; _keyEntropyMode = AcceleratedTokenProvider.defaultKeyEntropyMode; IncludeTimestamp = defaultIncludeTimestamp; _defaultAlgorithmSuite = defaultDefaultAlgorithmSuite; LocalClientSettings = new LocalClientSecuritySettings(); EndpointSupportingTokenParameters = new SupportingTokenParameters(); OptionalEndpointSupportingTokenParameters = new SupportingTokenParameters(); _operationSupportingTokenParameters = new Dictionary <string, SupportingTokenParameters>(); _optionalOperationSupportingTokenParameters = new Dictionary <string, SupportingTokenParameters>(); _securityHeaderLayout = SecurityProtocolFactory.defaultSecurityHeaderLayout; }
internal SecurityBindingElement(SecurityBindingElement elementToBeCloned) : base(elementToBeCloned) { if (elementToBeCloned == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("elementToBeCloned"); } _includeTimestamp = elementToBeCloned._includeTimestamp; _messageSecurityVersion = elementToBeCloned._messageSecurityVersion; _securityHeaderLayout = elementToBeCloned._securityHeaderLayout; _endpointSupportingTokenParameters = elementToBeCloned._endpointSupportingTokenParameters.Clone(); _localClientSettings = elementToBeCloned._localClientSettings.Clone(); throw ExceptionHelper.PlatformNotSupported("SecurityBindingElement cloning not supported."); }
private void ImportOperationScopeSupportingTokensPolicy(MetadataImporter importer, PolicyConversionContext policyContext, SecurityBindingElement binding) { foreach (OperationDescription operation in policyContext.Contract.Operations) { string requestAction = null; foreach (MessageDescription message in operation.Messages) { if (message.Direction == MessageDirection.Input) { requestAction = message.Action; break; } } SupportingTokenParameters requirements = new SupportingTokenParameters(); SupportingTokenParameters optionalRequirements = new SupportingTokenParameters(); ICollection <XmlElement> operationBindingAssertions = policyContext.GetOperationBindingAssertions(operation); this.ImportSupportingTokenAssertions(importer, policyContext, operationBindingAssertions, requirements, optionalRequirements); if (requirements.Endorsing.Count > 0 || requirements.Signed.Count > 0 || requirements.SignedEncrypted.Count > 0 || requirements.SignedEndorsing.Count > 0) { if (requestAction != null) { binding.OperationSupportingTokenParameters[requestAction] = requirements; } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SRServiceModel.CannotImportSupportingTokensForOperationWithoutRequestAction)); } } if (optionalRequirements.Endorsing.Count > 0 || optionalRequirements.Signed.Count > 0 || optionalRequirements.SignedEncrypted.Count > 0 || optionalRequirements.SignedEndorsing.Count > 0) { if (requestAction != null) { binding.OptionalOperationSupportingTokenParameters[requestAction] = optionalRequirements; } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(string.Format(SRServiceModel.CannotImportSupportingTokensForOperationWithoutRequestAction))); } } } }
private void GetSupportingTokensCapabilities(SupportingTokenParameters requirements, out bool supportsClientAuth, out bool supportsWindowsIdentity) { supportsClientAuth = false; supportsWindowsIdentity = false; GetSupportingTokensCapabilities(requirements.Endorsing, out bool tmpSupportsClientAuth, out bool tmpSupportsWindowsIdentity); supportsClientAuth = supportsClientAuth || tmpSupportsClientAuth; supportsWindowsIdentity = supportsWindowsIdentity || tmpSupportsWindowsIdentity; GetSupportingTokensCapabilities(requirements.SignedEndorsing, out tmpSupportsClientAuth, out tmpSupportsWindowsIdentity); supportsClientAuth = supportsClientAuth || tmpSupportsClientAuth; supportsWindowsIdentity = supportsWindowsIdentity || tmpSupportsWindowsIdentity; GetSupportingTokensCapabilities(requirements.SignedEncrypted, out tmpSupportsClientAuth, out tmpSupportsWindowsIdentity); supportsClientAuth = supportsClientAuth || tmpSupportsClientAuth; supportsWindowsIdentity = supportsWindowsIdentity || tmpSupportsWindowsIdentity; }
internal SecurityBindingElement(SecurityBindingElement elementToBeCloned) : base(elementToBeCloned) { if (elementToBeCloned == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("elementToBeCloned"); } _includeTimestamp = elementToBeCloned._includeTimestamp; _messageSecurityVersion = elementToBeCloned._messageSecurityVersion; _securityHeaderLayout = elementToBeCloned._securityHeaderLayout; _endpointSupportingTokenParameters = elementToBeCloned._endpointSupportingTokenParameters.Clone(); _localClientSettings = elementToBeCloned._localClientSettings.Clone(); _maxReceivedMessageSize = elementToBeCloned._maxReceivedMessageSize; _readerQuotas = elementToBeCloned._readerQuotas; }
internal SecurityBindingElement() : base() { _messageSecurityVersion = MessageSecurityVersion.Default; _keyEntropyMode = SecurityKeyEntropyMode.CombinedEntropy; // AcceleratedTokenProvider.defaultKeyEntropyMode; IncludeTimestamp = DefaultIncludeTimestamp; _defaultAlgorithmSuite = s_defaultDefaultAlgorithmSuite; LocalServiceSettings = new LocalServiceSecuritySettings(); EndpointSupportingTokenParameters = new SupportingTokenParameters(); OptionalEndpointSupportingTokenParameters = new SupportingTokenParameters(); _operationSupportingTokenParameters = new Dictionary <string, SupportingTokenParameters>(); _optionalOperationSupportingTokenParameters = new Dictionary <string, SupportingTokenParameters>(); _securityHeaderLayout = SecurityHeaderLayout.Strict; // SecurityProtocolFactory.defaultSecurityHeaderLayout; AllowInsecureTransport = DefaultAllowInsecureTransport; EnableUnsecuredResponse = DefaultEnableUnsecuredResponse; ProtectTokens = DefaultProtectTokens; }
private static ServiceHost StartSTS(Type type, string stsLabel, Uri baseAddress, Uri baseMexAddress) { // Create the service host Uri stsAddress = new Uri(baseAddress.AbsoluteUri + "/" + stsLabel); ServiceHost serviceHost = new ServiceHost(type, stsAddress); // Don't require derived keys for the issue method ServiceEndpoint stsEndpoint = serviceHost.Description.Endpoints.Find(typeof(nl.telin.authep.sts.IWSTrustContract)); BindingElementCollection bindingElements = stsEndpoint.Binding.CreateBindingElements(); SecurityBindingElement sbe = bindingElements.Find <SecurityBindingElement>(); RsaSecurityTokenParameters rsaParams = new RsaSecurityTokenParameters(); rsaParams.InclusionMode = SecurityTokenInclusionMode.Never; rsaParams.RequireDerivedKeys = false; SupportingTokenParameters requirements = new SupportingTokenParameters(); requirements.Endorsing.Add(rsaParams); sbe.OptionalOperationSupportingTokenParameters.Add(nl.telin.authep.sts.Constants.WSTrust.Actions.Issue, requirements); stsEndpoint.Binding = new CustomBinding(bindingElements); serviceHost.Credentials.ServiceCertificate.Certificate = SigningCertificate; // Add an https mex listener string mexAddress = baseMexAddress.AbsoluteUri + "/" + stsLabel + "/mex"; serviceHost.AddServiceEndpoint(ServiceMetadataBehavior.MexContractName, MetadataExchangeBindings.CreateMexHttpsBinding(), mexAddress); // Disable CRL serviceHost.Credentials.IssuedTokenAuthentication.RevocationMode = X509RevocationMode.NoCheck; // Open the service serviceHost.Open(); // Display the endpoints foreach (ChannelDispatcher cd in serviceHost.ChannelDispatchers) { foreach (EndpointDispatcher ed in cd.Endpoints) { Console.WriteLine("Listener = {0}, State = {1}", ed.EndpointAddress.ToString(), cd.State.ToString()); } } return(serviceHost); }
private static void SetIssuerBindingContextIfRequired(SupportingTokenParameters supportingParameters, BindingContext issuerBindingContext) { for (int i = 0; i < supportingParameters.Endorsing.Count; ++i) { SetIssuerBindingContextIfRequired(supportingParameters.Endorsing[i], issuerBindingContext); } for (int i = 0; i < supportingParameters.SignedEndorsing.Count; ++i) { SetIssuerBindingContextIfRequired(supportingParameters.SignedEndorsing[i], issuerBindingContext); } for (int i = 0; i < supportingParameters.Signed.Count; ++i) { SetIssuerBindingContextIfRequired(supportingParameters.Signed[i], issuerBindingContext); } for (int i = 0; i < supportingParameters.SignedEncrypted.Count; ++i) { SetIssuerBindingContextIfRequired(supportingParameters.SignedEncrypted[i], issuerBindingContext); } }
public void DefaultMessageSecurity() { WSHttpBinding b = new WSHttpBinding(); SymmetricSecurityBindingElement sbe = b.CreateBindingElements().Find <SymmetricSecurityBindingElement> (); Assert.IsNotNull(sbe, "#0"); SecureConversationSecurityTokenParameters p = sbe.ProtectionTokenParameters as SecureConversationSecurityTokenParameters; Assert.IsNotNull(p, "#1"); SymmetricSecurityBindingElement scbe = p.BootstrapSecurityBindingElement as SymmetricSecurityBindingElement; Assert.IsNotNull(scbe, "#1.1"); // since the default w/o SecureConv is SSPI ... Assert.IsTrue(scbe.ProtectionTokenParameters is SspiSecurityTokenParameters, "#1.2"); Assert.AreEqual(SecurityAlgorithmSuite.Default, sbe.DefaultAlgorithmSuite, "#2"); SupportingTokenParameters s = sbe.EndpointSupportingTokenParameters; Assert.IsNotNull(s, "#3"); Assert.AreEqual(0, s.Endorsing.Count, "#3-1"); Assert.AreEqual(0, s.Signed.Count, "#3-2"); Assert.AreEqual(0, s.SignedEndorsing.Count, "#3-3"); Assert.AreEqual(0, s.SignedEncrypted.Count, "#3-4"); Assert.AreEqual(0, sbe.OperationSupportingTokenParameters.Count, "#4"); s = sbe.OptionalEndpointSupportingTokenParameters; Assert.IsNotNull(s, "#5"); Assert.AreEqual(0, s.Endorsing.Count, "#5-1"); Assert.AreEqual(0, s.Signed.Count, "#5-2"); Assert.AreEqual(0, s.SignedEndorsing.Count, "#5-3"); Assert.AreEqual(0, s.SignedEncrypted.Count, "#5-4"); Assert.AreEqual(0, sbe.OptionalOperationSupportingTokenParameters.Count, "#6"); }
// this method reverses CreateMutualCertificateBindingElement() logic internal static bool IsCertificateOverTransportBinding(SecurityBindingElement sbe) { // do not check local settings: sbe.LocalServiceSettings and sbe.LocalClientSettings if (!sbe.IncludeTimestamp) { return(false); } if (!(sbe is TransportSecurityBindingElement)) { return(false); } SupportingTokenParameters parameters = sbe.EndpointSupportingTokenParameters; if (parameters.Signed.Count != 0 || parameters.SignedEncrypted.Count != 0 || parameters.Endorsing.Count != 1 || parameters.SignedEndorsing.Count != 0) { return(false); } throw ExceptionHelper.PlatformNotSupported("SecurityBindingElement.IsCertificateOverTransportBinding is not supported."); }
void CollectSupportingTokensCore( SupportingTokenInfoCollection l, SupportingTokenParameters s, bool required) { foreach (SecurityTokenParameters p in s.Signed) { l.Add(new SupportingTokenInfo(GetSigningToken(p), SecurityTokenAttachmentMode.Signed, required)); } foreach (SecurityTokenParameters p in s.Endorsing) { l.Add(new SupportingTokenInfo(GetSigningToken(p), SecurityTokenAttachmentMode.Endorsing, required)); } foreach (SecurityTokenParameters p in s.SignedEndorsing) { l.Add(new SupportingTokenInfo(GetSigningToken(p), SecurityTokenAttachmentMode.SignedEndorsing, required)); } foreach (SecurityTokenParameters p in s.SignedEncrypted) { l.Add(new SupportingTokenInfo(GetSigningToken(p), SecurityTokenAttachmentMode.SignedEncrypted, required)); } }
//<snippet7> // This method creates a CustomBinding that includes two tokens of a given type. //<snippet8> public static Binding CreateCustomBinding(EndpointAddress issuerEndpointAddress1, Binding issuerBinding1, EndpointAddress issuerEndpointAddress2, Binding issuerBinding2) { //<snippet9> // Create an empty BindingElementCollection to populate, // then create a custom binding from it. BindingElementCollection bec = new BindingElementCollection(); //</snippet9> //<snippet10> SecurityBindingElement sbe = SecurityBindingElement.CreateMutualCertificateBindingElement(); //</snippet10> //<snippet11> SupportingTokenParameters supportParams = new SupportingTokenParameters(); //</snippet11> //<snippet12> // Two supporting SAML tokens are being added. supportParams.SignedEndorsing.Add(new IssuedSecurityTokenParameters("samlTokenType", issuerEndpointAddress1, issuerBinding1)); supportParams.SignedEndorsing.Add(new IssuedSecurityTokenParameters("samlTokenType", issuerEndpointAddress2, issuerBinding2)); //</snippet12> //<snippet13> ((SymmetricSecurityBindingElement)sbe).OperationSupportingTokenParameters.Add("*", supportParams); //</snippet13> //<snippet14> bec.Add(sbe); bec.Add(new TextMessageEncodingBindingElement()); bec.Add(new HttpTransportBindingElement()); //</snippet14> //<snippet15> // Create a CustomBinding and return it; otherwise, return null. return(new CustomBinding(bec)); //</snippet15> }
internal static bool AreBindingsMatching(SecurityBindingElement b1, SecurityBindingElement b2, bool exactMessageSecurityVersion) { if (b1 == null || b2 == null) { return(b1 == b2); } if (b1.GetType() != b2.GetType()) { return(false); } if (b1.MessageSecurityVersion != b2.MessageSecurityVersion) { // exactMessageSecurityVersion meant that BSP mismatch could be ignored if (exactMessageSecurityVersion) { return(false); } if (b1.MessageSecurityVersion.SecurityVersion != b2.MessageSecurityVersion.SecurityVersion || b1.MessageSecurityVersion.TrustVersion != b2.MessageSecurityVersion.TrustVersion || b1.MessageSecurityVersion.SecureConversationVersion != b2.MessageSecurityVersion.SecureConversationVersion || b1.MessageSecurityVersion.SecurityPolicyVersion != b2.MessageSecurityVersion.SecurityPolicyVersion) { return(false); } } if (b1.SecurityHeaderLayout != b2.SecurityHeaderLayout) { return(false); } if (b1.DefaultAlgorithmSuite != b2.DefaultAlgorithmSuite) { return(false); } if (b1.IncludeTimestamp != b2.IncludeTimestamp) { return(false); } if (b1.SecurityHeaderLayout != b2.SecurityHeaderLayout) { return(false); } if (b1.KeyEntropyMode != b2.KeyEntropyMode) { return(false); } if (!AreTokenParameterCollectionsMatching(b1.EndpointSupportingTokenParameters.Endorsing, b2.EndpointSupportingTokenParameters.Endorsing, exactMessageSecurityVersion)) { return(false); } if (!AreTokenParameterCollectionsMatching(b1.EndpointSupportingTokenParameters.SignedEncrypted, b2.EndpointSupportingTokenParameters.SignedEncrypted, exactMessageSecurityVersion)) { return(false); } if (!AreTokenParameterCollectionsMatching(b1.EndpointSupportingTokenParameters.Signed, b2.EndpointSupportingTokenParameters.Signed, exactMessageSecurityVersion)) { return(false); } if (!AreTokenParameterCollectionsMatching(b1.EndpointSupportingTokenParameters.SignedEndorsing, b2.EndpointSupportingTokenParameters.SignedEndorsing, exactMessageSecurityVersion)) { return(false); } if (b1.OperationSupportingTokenParameters.Count != b2.OperationSupportingTokenParameters.Count) { return(false); } foreach (KeyValuePair <string, SupportingTokenParameters> operation1 in b1.OperationSupportingTokenParameters) { if (!b2.OperationSupportingTokenParameters.ContainsKey(operation1.Key)) { return(false); } SupportingTokenParameters stp2 = b2.OperationSupportingTokenParameters[operation1.Key]; if (!AreTokenParameterCollectionsMatching(operation1.Value.Endorsing, stp2.Endorsing, exactMessageSecurityVersion)) { return(false); } if (!AreTokenParameterCollectionsMatching(operation1.Value.SignedEncrypted, stp2.SignedEncrypted, exactMessageSecurityVersion)) { return(false); } if (!AreTokenParameterCollectionsMatching(operation1.Value.Signed, stp2.Signed, exactMessageSecurityVersion)) { return(false); } if (!AreTokenParameterCollectionsMatching(operation1.Value.SignedEndorsing, stp2.SignedEndorsing, exactMessageSecurityVersion)) { return(false); } } SymmetricSecurityBindingElement ssbe1 = b1 as SymmetricSecurityBindingElement; if (ssbe1 != null) { SymmetricSecurityBindingElement ssbe2 = (SymmetricSecurityBindingElement)b2; if (ssbe1.MessageProtectionOrder != ssbe2.MessageProtectionOrder) { return(false); } if (!AreTokenParametersMatching(ssbe1.ProtectionTokenParameters, ssbe2.ProtectionTokenParameters, false, exactMessageSecurityVersion)) { return(false); } } AsymmetricSecurityBindingElement asbe1 = b1 as AsymmetricSecurityBindingElement; if (asbe1 != null) { AsymmetricSecurityBindingElement asbe2 = (AsymmetricSecurityBindingElement)b2; if (asbe1.MessageProtectionOrder != asbe2.MessageProtectionOrder) { return(false); } if (asbe1.RequireSignatureConfirmation != asbe2.RequireSignatureConfirmation) { return(false); } if (!AreTokenParametersMatching(asbe1.InitiatorTokenParameters, asbe2.InitiatorTokenParameters, true, exactMessageSecurityVersion) || !AreTokenParametersMatching(asbe1.RecipientTokenParameters, asbe2.RecipientTokenParameters, true, exactMessageSecurityVersion)) { return(false); } } return(true); }
private void ImportSupportingTokenAssertions(MetadataImporter importer, PolicyConversionContext policyContext, ICollection <XmlElement> assertions, SupportingTokenParameters requirements, SupportingTokenParameters optionalRequirements) { WSSecurityPolicy securityPolicy; if (WSSecurityPolicy.TryGetSecurityPolicyDriver(assertions, out securityPolicy)) { securityPolicy.TryImportWsspSupportingTokensAssertion( importer, policyContext, assertions, requirements.Signed, requirements.SignedEncrypted, requirements.Endorsing, requirements.SignedEndorsing, optionalRequirements.Signed, optionalRequirements.SignedEncrypted, optionalRequirements.Endorsing, optionalRequirements.SignedEndorsing); } }
private static ServiceHost CreateServiceHost(Type component) { ServiceHost sh = new ServiceHost(component); sh.Open(); Console.WriteLine("Endpoint Listeners:"); Console.WriteLine("----------------"); foreach (ChannelDispatcher cd in sh.ChannelDispatchers) { foreach (EndpointDispatcher epd in cd.Endpoints) { Console.Write(epd.EndpointAddress.Uri.AbsoluteUri); ConsoleColor origCol = Console.ForegroundColor; ServiceEndpoint servend = sh.Description.Endpoints.Find(epd.EndpointAddress.Uri); if (servend != null) { Console.WriteLine("\tPhysical listeningURI: " + servend.ListenUri.AbsoluteUri); Console.ForegroundColor = ConsoleColor.DarkYellow; BindingElementCollection bec = servend.Binding.CreateBindingElements(); foreach (BindingElement be in bec) { Console.WriteLine("\t" + be.GetType().ToString()); SymmetricSecurityBindingElement symBe = be as SymmetricSecurityBindingElement; AsymmetricSecurityBindingElement asymBe = be as AsymmetricSecurityBindingElement; TransportSecurityBindingElement transBe = be as TransportSecurityBindingElement; if (symBe != null) { Console.WriteLine("\t\t" + symBe.ProtectionTokenParameters.GetType().ToString()); } if (asymBe != null) { X509SecurityTokenParameters initParms = asymBe.InitiatorTokenParameters as X509SecurityTokenParameters; X509SecurityTokenParameters recParms = asymBe.RecipientTokenParameters as X509SecurityTokenParameters; if (initParms != null) { Console.WriteLine("\t\tInitiator Security Token Parmeter type"); Console.WriteLine("\t\t\t" + initParms.GetType().ToString() + Environment.NewLine + "\t\t\tInclusionMode: " + initParms.InclusionMode.ToString()); } if (recParms != null) { Console.WriteLine("\t\tRecipient Security Token Parmeter type"); Console.WriteLine("\t\t\t" + recParms.GetType().ToString() + Environment.NewLine + "\t\t\tInclusionMode: " + recParms.InclusionMode.ToString()); } } if (transBe != null) { SupportingTokenParameters supTokParms = transBe.EndpointSupportingTokenParameters; if (supTokParms.Endorsing.Count > 0) { ShowSecurityTokenParmeters(supTokParms.Endorsing, "Endorsing"); } } } } Console.ForegroundColor = origCol; Console.WriteLine(); } } return(sh); }
public static void AssertSecurityBindingElement( SecurityAlgorithmSuite algorithm, bool includeTimestamp, SecurityKeyEntropyMode keyEntropyMode, MessageSecurityVersion messageSecurityVersion, SecurityHeaderLayout securityHeaderLayout, // EndpointSupportingTokenParameters int endorsing, int signed, int signedEncrypted, int signedEndorsing, // LocalClientSettings bool cacheCookies, int renewalThresholdPercentage, bool detectReplays, SecurityBindingElement be, string label) { Assert.AreEqual(algorithm, be.DefaultAlgorithmSuite, label + ".DefaultAlgorithmSuite"); Assert.AreEqual(includeTimestamp, be.IncludeTimestamp, label + ".KeyEntropyMode"); Assert.AreEqual(keyEntropyMode, be.KeyEntropyMode, label + "#3"); Assert.AreEqual(messageSecurityVersion, be.MessageSecurityVersion, label + ".MessageSecurityVersion"); Assert.AreEqual(securityHeaderLayout, be.SecurityHeaderLayout, label + ".SecurityHeaderLayout"); // FIXME: they should be extracted step by step... // EndpointSupportingTokenParameters SupportingTokenParameters tp = be.EndpointSupportingTokenParameters; AssertSupportingTokenParameters( endorsing, signed, signedEncrypted, signedEndorsing, tp, label + ".Endpoint"); // OptionalEndpointSupportingTokenParameters tp = be.OptionalEndpointSupportingTokenParameters; Assert.IsNotNull(tp, label + "#3-0"); Assert.AreEqual(0, tp.Endorsing.Count, label + "#3-1"); Assert.AreEqual(0, tp.Signed.Count, label + "#3-2"); Assert.AreEqual(0, tp.SignedEncrypted.Count, label + "#3-3"); Assert.AreEqual(0, tp.SignedEndorsing.Count, label + "#3-4"); // OperationSupportingTokenParameters IDictionary <string, SupportingTokenParameters> oper = be.OperationSupportingTokenParameters; Assert.IsNotNull(oper, label + "#4-1"); Assert.AreEqual(0, oper.Count, label + "#4-2"); // OptionalOperationSupportingTokenParameters oper = be.OptionalOperationSupportingTokenParameters; Assert.IsNotNull(oper, label + "#5-1"); Assert.AreEqual(0, oper.Count, label + "#5-2"); // LocalClientSettings LocalClientSecuritySettings lc = be.LocalClientSettings; AssertLocalClientSecuritySettings( cacheCookies, renewalThresholdPercentage, detectReplays, lc, ""); // FIXME: IdentityVerifier Assert.AreEqual(TimeSpan.FromMinutes(5), lc.MaxClockSkew, label + "#7-5"); Assert.AreEqual(TimeSpan.MaxValue, lc.MaxCookieCachingTime, label + "#7-6"); Assert.AreEqual(true, lc.ReconnectTransportOnFailure, label + "#7-7"); Assert.AreEqual(900000, lc.ReplayCacheSize, label + "#7-8"); Assert.AreEqual(TimeSpan.FromMinutes(5), lc.ReplayWindow, label + "#7-9"); Assert.AreEqual(TimeSpan.FromHours(10), lc.SessionKeyRenewalInterval, label + "#7-10"); Assert.AreEqual(TimeSpan.FromMinutes(5), lc.SessionKeyRolloverInterval, label + "#7-11"); Assert.AreEqual(TimeSpan.FromMinutes(5), lc.TimestampValidityDuration, label + "#7-12"); // FIXME: LocalServiceSettings }
private void AddSupportingTokenAuthenticators(SupportingTokenParameters supportingTokenParameters, bool isOptional, IList <SupportingTokenAuthenticatorSpecification> authenticatorSpecList) { for (int i = 0; i < supportingTokenParameters.Endorsing.Count; ++i) { SecurityTokenRequirement requirement = this.CreateRecipientSecurityTokenRequirement(supportingTokenParameters.Endorsing[i], SecurityTokenAttachmentMode.Endorsing); try { System.IdentityModel.Selectors.SecurityTokenResolver resolver; System.IdentityModel.Selectors.SecurityTokenAuthenticator authenticator = this.SecurityTokenManager.CreateSecurityTokenAuthenticator(requirement, out resolver); SupportingTokenAuthenticatorSpecification authenticatorSpec = new SupportingTokenAuthenticatorSpecification(authenticator, resolver, SecurityTokenAttachmentMode.Endorsing, supportingTokenParameters.Endorsing[i], isOptional); authenticatorSpecList.Add(authenticatorSpec); } catch (Exception e) { if (!isOptional || Fx.IsFatal(e)) { throw; } } } for (int i = 0; i < supportingTokenParameters.SignedEndorsing.Count; ++i) { SecurityTokenRequirement requirement = this.CreateRecipientSecurityTokenRequirement(supportingTokenParameters.SignedEndorsing[i], SecurityTokenAttachmentMode.SignedEndorsing); try { System.IdentityModel.Selectors.SecurityTokenResolver resolver; System.IdentityModel.Selectors.SecurityTokenAuthenticator authenticator = this.SecurityTokenManager.CreateSecurityTokenAuthenticator(requirement, out resolver); SupportingTokenAuthenticatorSpecification authenticatorSpec = new SupportingTokenAuthenticatorSpecification(authenticator, resolver, SecurityTokenAttachmentMode.SignedEndorsing, supportingTokenParameters.SignedEndorsing[i], isOptional); authenticatorSpecList.Add(authenticatorSpec); } catch (Exception e) { if (!isOptional || Fx.IsFatal(e)) { throw; } } } for (int i = 0; i < supportingTokenParameters.SignedEncrypted.Count; ++i) { SecurityTokenRequirement requirement = this.CreateRecipientSecurityTokenRequirement(supportingTokenParameters.SignedEncrypted[i], SecurityTokenAttachmentMode.SignedEncrypted); try { System.IdentityModel.Selectors.SecurityTokenResolver resolver; System.IdentityModel.Selectors.SecurityTokenAuthenticator authenticator = this.SecurityTokenManager.CreateSecurityTokenAuthenticator(requirement, out resolver); SupportingTokenAuthenticatorSpecification authenticatorSpec = new SupportingTokenAuthenticatorSpecification(authenticator, resolver, SecurityTokenAttachmentMode.SignedEncrypted, supportingTokenParameters.SignedEncrypted[i], isOptional); authenticatorSpecList.Add(authenticatorSpec); } catch (Exception e) { if (!isOptional || Fx.IsFatal(e)) { throw; } } } for (int i = 0; i < supportingTokenParameters.Signed.Count; ++i) { SecurityTokenRequirement requirement = this.CreateRecipientSecurityTokenRequirement(supportingTokenParameters.Signed[i], SecurityTokenAttachmentMode.Signed); try { System.IdentityModel.Selectors.SecurityTokenResolver resolver; System.IdentityModel.Selectors.SecurityTokenAuthenticator authenticator = this.SecurityTokenManager.CreateSecurityTokenAuthenticator(requirement, out resolver); SupportingTokenAuthenticatorSpecification authenticatorSpec = new SupportingTokenAuthenticatorSpecification(authenticator, resolver, SecurityTokenAttachmentMode.Signed, supportingTokenParameters.Signed[i], isOptional); authenticatorSpecList.Add(authenticatorSpec); } catch (Exception e) { if (!isOptional || Fx.IsFatal(e)) { throw; } } } }
private void AddSupportingTokenProviders(SupportingTokenParameters supportingTokenParameters, bool isOptional, IList <SupportingTokenProviderSpecification> providerSpecList) { for (int i = 0; i < supportingTokenParameters.Endorsing.Count; ++i) { SecurityTokenRequirement requirement = CreateInitiatorSecurityTokenRequirement(supportingTokenParameters.Endorsing[i], SecurityTokenAttachmentMode.Endorsing); try { if (isOptional) { requirement.IsOptionalToken = true; } SecurityTokenProvider provider = SecurityProtocolFactory.SecurityTokenManager.CreateSecurityTokenProvider(requirement); if (provider == null) { continue; } SupportingTokenProviderSpecification providerSpec = new SupportingTokenProviderSpecification(provider, SecurityTokenAttachmentMode.Endorsing, supportingTokenParameters.Endorsing[i]); providerSpecList.Add(providerSpec); } catch (Exception e) { if (!isOptional || Fx.IsFatal(e)) { throw; } } } for (int i = 0; i < supportingTokenParameters.SignedEndorsing.Count; ++i) { SecurityTokenRequirement requirement = CreateInitiatorSecurityTokenRequirement(supportingTokenParameters.SignedEndorsing[i], SecurityTokenAttachmentMode.SignedEndorsing); try { if (isOptional) { requirement.IsOptionalToken = true; } SecurityTokenProvider provider = SecurityProtocolFactory.SecurityTokenManager.CreateSecurityTokenProvider(requirement); if (provider == null) { continue; } SupportingTokenProviderSpecification providerSpec = new SupportingTokenProviderSpecification(provider, SecurityTokenAttachmentMode.SignedEndorsing, supportingTokenParameters.SignedEndorsing[i]); providerSpecList.Add(providerSpec); } catch (Exception e) { if (!isOptional || Fx.IsFatal(e)) { throw; } } } for (int i = 0; i < supportingTokenParameters.SignedEncrypted.Count; ++i) { SecurityTokenRequirement requirement = CreateInitiatorSecurityTokenRequirement(supportingTokenParameters.SignedEncrypted[i], SecurityTokenAttachmentMode.SignedEncrypted); try { if (isOptional) { requirement.IsOptionalToken = true; } SecurityTokenProvider provider = SecurityProtocolFactory.SecurityTokenManager.CreateSecurityTokenProvider(requirement); if (provider == null) { continue; } SupportingTokenProviderSpecification providerSpec = new SupportingTokenProviderSpecification(provider, SecurityTokenAttachmentMode.SignedEncrypted, supportingTokenParameters.SignedEncrypted[i]); providerSpecList.Add(providerSpec); } catch (Exception e) { if (!isOptional || Fx.IsFatal(e)) { throw; } } } for (int i = 0; i < supportingTokenParameters.Signed.Count; ++i) { SecurityTokenRequirement requirement = CreateInitiatorSecurityTokenRequirement(supportingTokenParameters.Signed[i], SecurityTokenAttachmentMode.Signed); try { if (isOptional) { requirement.IsOptionalToken = true; } SecurityTokenProvider provider = SecurityProtocolFactory.SecurityTokenManager.CreateSecurityTokenProvider(requirement); if (provider == null) { continue; } SupportingTokenProviderSpecification providerSpec = new SupportingTokenProviderSpecification(provider, SecurityTokenAttachmentMode.Signed, supportingTokenParameters.Signed[i]); providerSpecList.Add(providerSpec); } catch (Exception e) { if (!isOptional || Fx.IsFatal(e)) { throw; } } } }