public SslStreamSecurityUpgradeInitiator(SslStreamSecurityUpgradeProvider parent, EndpointAddress remoteAddress, Uri via) : base("application/ssl-tls", remoteAddress, via) { SecurityTokenResolver resolver; this.parent = parent; InitiatorServiceModelSecurityTokenRequirement tokenRequirement = new InitiatorServiceModelSecurityTokenRequirement { TokenType = SecurityTokenTypes.X509Certificate, RequireCryptographicToken = true, KeyUsage = SecurityKeyUsage.Exchange, TargetAddress = remoteAddress, Via = via, TransportScheme = this.parent.Scheme }; this.serverCertificateAuthenticator = parent.ClientSecurityTokenManager.CreateSecurityTokenAuthenticator(tokenRequirement, out resolver); if (parent.RequireClientCertificate) { InitiatorServiceModelSecurityTokenRequirement requirement2 = new InitiatorServiceModelSecurityTokenRequirement { TokenType = SecurityTokenTypes.X509Certificate, RequireCryptographicToken = true, KeyUsage = SecurityKeyUsage.Signature, TargetAddress = remoteAddress, Via = via, TransportScheme = this.parent.Scheme }; this.clientCertificateProvider = parent.ClientSecurityTokenManager.CreateSecurityTokenProvider(requirement2); if (this.clientCertificateProvider == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("ClientCredentialsUnableToCreateLocalTokenProvider", new object[] { requirement2 }))); } } }
public SecurityTokenProviderContainer(SecurityTokenProvider tokenProvider) { if (tokenProvider == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenProvider"); } this.tokenProvider = tokenProvider; }
public ProviderBackedSecurityToken(SecurityTokenProvider tokenProvider, TimeSpan timeout) { if (tokenProvider == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("tokenProvider")); } this._tokenProvider = tokenProvider; this._timeout = timeout; }
public SupportingTokenProviderSpecification(SecurityTokenProvider tokenProvider, SecurityTokenAttachmentMode attachmentMode, SecurityTokenParameters tokenParameters) { if (tokenProvider == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenProvider"); } SecurityTokenAttachmentModeHelper.Validate(attachmentMode); if (tokenParameters == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenParameters"); } _tokenProvider = tokenProvider; _tokenAttachmentMode = attachmentMode; _tokenParameters = tokenParameters; }
public override void OnAbort() { if (this.serverTokenProvider != null) { System.ServiceModel.Security.SecurityUtils.AbortTokenProviderIfRequired(this.serverTokenProvider); this.serverTokenProvider = null; } if (this.clientTokenAuthenticator != null) { System.ServiceModel.Security.SecurityUtils.AbortTokenAuthenticatorIfRequired(this.clientTokenAuthenticator); this.clientTokenAuthenticator = null; } if (this.serverToken != null) { this.serverToken = null; } base.OnAbort(); }
public override void OnClose(TimeSpan timeout) { TimeoutHelper helper = new TimeoutHelper(timeout); if (this.serverTokenProvider != null) { System.ServiceModel.Security.SecurityUtils.CloseTokenProviderIfRequired(this.serverTokenProvider, helper.RemainingTime()); this.serverTokenProvider = null; } if (this.clientTokenAuthenticator != null) { System.ServiceModel.Security.SecurityUtils.CloseTokenAuthenticatorIfRequired(this.clientTokenAuthenticator, helper.RemainingTime()); this.clientTokenAuthenticator = null; } if (this.serverToken != null) { this.serverToken = null; } base.OnClose(helper.RemainingTime()); }
public override void OnOpen(TimeSpan timeout) { TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); base.OnOpen(timeoutHelper.RemainingTime()); if (this.Factory.ActAsInitiator) { if (this.Factory.ApplyIntegrity) { InitiatorServiceModelSecurityTokenRequirement requirement = CreateInitiatorSecurityTokenRequirement(); this.Factory.CryptoTokenParameters.InitializeSecurityTokenRequirement(requirement); requirement.KeyUsage = SecurityKeyUsage.Signature; requirement.Properties[ServiceModelSecurityTokenRequirement.MessageDirectionProperty] = MessageDirection.Output; this.initiatorCryptoTokenProvider = this.Factory.SecurityTokenManager.CreateSecurityTokenProvider(requirement); SecurityUtils.OpenTokenProviderIfRequired(this.initiatorCryptoTokenProvider, timeoutHelper.RemainingTime()); } if (this.Factory.RequireIntegrity || this.Factory.ApplyConfidentiality) { InitiatorServiceModelSecurityTokenRequirement providerRequirement = CreateInitiatorSecurityTokenRequirement(); this.Factory.AsymmetricTokenParameters.InitializeSecurityTokenRequirement(providerRequirement); providerRequirement.KeyUsage = SecurityKeyUsage.Exchange; providerRequirement.Properties[ServiceModelSecurityTokenRequirement.MessageDirectionProperty] = (this.Factory.ApplyConfidentiality) ? MessageDirection.Output : MessageDirection.Input; this.initiatorAsymmetricTokenProvider = this.Factory.SecurityTokenManager.CreateSecurityTokenProvider(providerRequirement); SecurityUtils.OpenTokenProviderIfRequired(this.initiatorAsymmetricTokenProvider, timeoutHelper.RemainingTime()); InitiatorServiceModelSecurityTokenRequirement authenticatorRequirement = CreateInitiatorSecurityTokenRequirement(); this.Factory.AsymmetricTokenParameters.InitializeSecurityTokenRequirement(authenticatorRequirement); authenticatorRequirement.IsOutOfBandToken = !this.Factory.AllowSerializedSigningTokenOnReply; authenticatorRequirement.KeyUsage = SecurityKeyUsage.Exchange; authenticatorRequirement.Properties[ServiceModelSecurityTokenRequirement.MessageDirectionProperty] = (this.Factory.ApplyConfidentiality) ? MessageDirection.Output : MessageDirection.Input; // Create authenticator (we dont support out of band resolvers on the client side SecurityTokenResolver outOfBandTokenResolver; this.initiatorAsymmetricTokenAuthenticator = this.Factory.SecurityTokenManager.CreateSecurityTokenAuthenticator(authenticatorRequirement, out outOfBandTokenResolver); SecurityUtils.OpenTokenAuthenticatorIfRequired(this.initiatorAsymmetricTokenAuthenticator, timeoutHelper.RemainingTime()); } } }
public GetTwoTokensAndSetUpSecurityAsyncResult(Message m, MessageSecurityProtocol binding, SecurityTokenProvider primaryProvider, SecurityTokenProvider secondaryProvider, bool doIdentityChecks, SecurityTokenAuthenticator identityCheckAuthenticator, SecurityProtocolCorrelationState oldCorrelationState, TimeSpan timeout, AsyncCallback callback, object state) : base(m, binding, timeout, callback, state) { this.message = m; this.binding = binding; this.primaryProvider = primaryProvider; this.secondaryProvider = secondaryProvider; this.doIdentityChecks = doIdentityChecks; this.identityCheckAuthenticator = identityCheckAuthenticator; this.oldCorrelationState = oldCorrelationState; }
protected SecurityToken GetTokenAndEnsureOutgoingIdentity(SecurityTokenProvider provider, bool isEncryptionOn, TimeSpan timeout, SecurityTokenAuthenticator authenticator) { SecurityToken token = GetToken(provider, this.Target, timeout); if (isEncryptionOn) { EnsureOutgoingIdentity(token, authenticator); } return token; }
public SecureOutgoingMessageAsyncResult(Message m, SymmetricSecurityProtocol binding, SecurityTokenProvider provider, bool doIdentityChecks, SecurityTokenAuthenticator identityCheckAuthenticator, SecurityProtocolCorrelationState correlationState, TimeSpan timeout, AsyncCallback callback, object state) : base(m, binding, provider, doIdentityChecks, identityCheckAuthenticator, correlationState, timeout, callback, state) { this.symmetricBinding = binding; base.Start(); }
public override void OnOpen(TimeSpan timeout) { TimeoutHelper helper = new TimeoutHelper(timeout); base.OnOpen(helper.RemainingTime()); if (this.Factory.ActAsInitiator) { SecurityTokenResolver resolver; InitiatorServiceModelSecurityTokenRequirement tokenRequirement = this.CreateInitiatorTokenRequirement(); SecurityTokenProvider tokenProvider = this.Factory.SecurityTokenManager.CreateSecurityTokenProvider(tokenRequirement); System.ServiceModel.Security.SecurityUtils.OpenTokenProviderIfRequired(tokenProvider, helper.RemainingTime()); if (this.Factory.SecurityTokenParameters.HasAsymmetricKey) { this.initiatorAsymmetricTokenProvider = tokenProvider; } else { this.initiatorSymmetricTokenProvider = tokenProvider; } InitiatorServiceModelSecurityTokenRequirement requirement2 = this.CreateInitiatorTokenRequirement(); this.initiatorTokenAuthenticator = this.Factory.SecurityTokenManager.CreateSecurityTokenAuthenticator(requirement2, out resolver); System.ServiceModel.Security.SecurityUtils.OpenTokenAuthenticatorIfRequired(this.initiatorTokenAuthenticator, helper.RemainingTime()); } }
public override void OnOpen(TimeSpan timeout) { TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); base.OnOpen(timeoutHelper.RemainingTime()); if (this.Factory.ActAsInitiator) { // 1. Create a token requirement for the provider InitiatorServiceModelSecurityTokenRequirement tokenProviderRequirement = CreateInitiatorTokenRequirement(); // 2. Create a provider SecurityTokenProvider tokenProvider = this.Factory.SecurityTokenManager.CreateSecurityTokenProvider(tokenProviderRequirement); SecurityUtils.OpenTokenProviderIfRequired(tokenProvider, timeoutHelper.RemainingTime()); if (this.Factory.SecurityTokenParameters.HasAsymmetricKey) { this.initiatorAsymmetricTokenProvider = tokenProvider; } else { this.initiatorSymmetricTokenProvider = tokenProvider; } // 3. Create a token requirement for authenticator InitiatorServiceModelSecurityTokenRequirement tokenAuthenticatorRequirement = CreateInitiatorTokenRequirement(); // 4. Create authenticator (we dont support out of band resolvers on the client side SecurityTokenResolver outOfBandTokenResolver; this.initiatorTokenAuthenticator = this.Factory.SecurityTokenManager.CreateSecurityTokenAuthenticator(tokenAuthenticatorRequirement, out outOfBandTokenResolver); SecurityUtils.OpenTokenAuthenticatorIfRequired(this.initiatorTokenAuthenticator, timeoutHelper.RemainingTime()); } }
internal static SecurityToken GetToken(SecurityTokenProvider provider, EndpointAddress target, TimeSpan timeout) { if (provider == null) { // should this be an ArgumentNullException ? // throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("provider")); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.TokenProviderCannotGetTokensForTarget, target))); } SecurityToken token = null; try { token = provider.GetToken(timeout); } catch (SecurityTokenException exception) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.TokenProviderCannotGetTokensForTarget, target), exception)); } catch (SecurityNegotiationException sne) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.TokenProviderCannotGetTokensForTarget, target), sne)); } return token; }
internal static SecurityToken GetToken(SecurityTokenProvider provider, EndpointAddress target, TimeSpan timeout) { if (provider == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("TokenProviderCannotGetTokensForTarget", new object[] { target }))); } SecurityToken token = null; try { token = provider.GetToken(timeout); } catch (SecurityTokenException exception) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("TokenProviderCannotGetTokensForTarget", new object[] { target }), exception)); } catch (SecurityNegotiationException exception2) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("TokenProviderCannotGetTokensForTarget", new object[] { target }), exception2)); } return token; }
bool CardSpaceTryCreateSecurityTokenProviderStub(SecurityTokenRequirement tokenRequirement, ClientCredentialsSecurityTokenManager clientCredentialsTokenManager, out SecurityTokenProvider provider) { return InfoCardHelper.TryCreateSecurityTokenProvider(tokenRequirement, clientCredentialsTokenManager, out provider); }
void AddSupportingTokenProviders(SupportingTokenParameters supportingTokenParameters, bool isOptional, IList <SupportingTokenProviderSpecification> providerSpecList) { for (int i = 0; i < supportingTokenParameters.Endorsing.Count; ++i) { SecurityTokenRequirement requirement = this.CreateInitiatorSecurityTokenRequirement(supportingTokenParameters.Endorsing[i], SecurityTokenAttachmentMode.Endorsing); try { if (isOptional) { requirement.IsOptionalToken = true; } System.IdentityModel.Selectors.SecurityTokenProvider provider = this.factory.SecurityTokenManager.CreateSecurityTokenProvider(requirement); if (provider == null) { continue; } SupportingTokenProviderSpecification providerSpec = new SupportingTokenProviderSpecification(provider, SecurityTokenAttachmentMode.Endorsing, supportingTokenParameters.Endorsing[i]); providerSpecList.Add(providerSpec); } catch (Exception e) { if (!isOptional || Fx.IsFatal(e)) { throw; } } } for (int i = 0; i < supportingTokenParameters.SignedEndorsing.Count; ++i) { SecurityTokenRequirement requirement = this.CreateInitiatorSecurityTokenRequirement(supportingTokenParameters.SignedEndorsing[i], SecurityTokenAttachmentMode.SignedEndorsing); try { if (isOptional) { requirement.IsOptionalToken = true; } System.IdentityModel.Selectors.SecurityTokenProvider provider = this.factory.SecurityTokenManager.CreateSecurityTokenProvider(requirement); if (provider == null) { continue; } SupportingTokenProviderSpecification providerSpec = new SupportingTokenProviderSpecification(provider, SecurityTokenAttachmentMode.SignedEndorsing, supportingTokenParameters.SignedEndorsing[i]); providerSpecList.Add(providerSpec); } catch (Exception e) { if (!isOptional || Fx.IsFatal(e)) { throw; } } } for (int i = 0; i < supportingTokenParameters.SignedEncrypted.Count; ++i) { SecurityTokenRequirement requirement = this.CreateInitiatorSecurityTokenRequirement(supportingTokenParameters.SignedEncrypted[i], SecurityTokenAttachmentMode.SignedEncrypted); try { if (isOptional) { requirement.IsOptionalToken = true; } System.IdentityModel.Selectors.SecurityTokenProvider provider = this.factory.SecurityTokenManager.CreateSecurityTokenProvider(requirement); if (provider == null) { continue; } SupportingTokenProviderSpecification providerSpec = new SupportingTokenProviderSpecification(provider, SecurityTokenAttachmentMode.SignedEncrypted, supportingTokenParameters.SignedEncrypted[i]); providerSpecList.Add(providerSpec); } catch (Exception e) { if (!isOptional || Fx.IsFatal(e)) { throw; } } } for (int i = 0; i < supportingTokenParameters.Signed.Count; ++i) { SecurityTokenRequirement requirement = this.CreateInitiatorSecurityTokenRequirement(supportingTokenParameters.Signed[i], SecurityTokenAttachmentMode.Signed); try { if (isOptional) { requirement.IsOptionalToken = true; } System.IdentityModel.Selectors.SecurityTokenProvider provider = this.factory.SecurityTokenManager.CreateSecurityTokenProvider(requirement); if (provider == null) { continue; } SupportingTokenProviderSpecification providerSpec = new SupportingTokenProviderSpecification(provider, SecurityTokenAttachmentMode.Signed, supportingTokenParameters.Signed[i]); providerSpecList.Add(providerSpec); } catch (Exception e) { if (!isOptional || Fx.IsFatal(e)) { throw; } } } }