private AsymmetricSecurityBindingElement(AsymmetricSecurityBindingElement elementToBeCloned) : base(elementToBeCloned)
{
if (elementToBeCloned.initiatorTokenParameters != null)
{
this.initiatorTokenParameters = elementToBeCloned.initiatorTokenParameters.Clone();
}
this.messageProtectionOrder = elementToBeCloned.messageProtectionOrder;
if (elementToBeCloned.recipientTokenParameters != null)
{
this.recipientTokenParameters = elementToBeCloned.recipientTokenParameters.Clone();
}
this.requireSignatureConfirmation = elementToBeCloned.requireSignatureConfirmation;
this.allowSerializedSigningTokenOnReply = elementToBeCloned.allowSerializedSigningTokenOnReply;
this.isCertificateSignatureBinding = elementToBeCloned.isCertificateSignatureBinding;
}
private AsymmetricSecurityBindingElement(
AsymmetricSecurityBindingElement other)
: base(other)
{
msg_protection_order = other.msg_protection_order;
require_sig_confirm = other.require_sig_confirm;
if (other.initiator_token_params != null)
{
initiator_token_params = other.initiator_token_params.Clone();
}
if (other.recipient_token_params != null)
{
recipient_token_params = other.recipient_token_params.Clone();
}
allow_serialized_sign = other.allow_serialized_sign;
}
private bool TryImportAsymmetricSecurityBindingElement(MetadataImporter importer, PolicyConversionContext policyContext, out SecurityBindingElement sbe)
{
AsymmetricSecurityBindingElement binding = null;
WSSecurityPolicy policy;
if (WSSecurityPolicy.TryGetSecurityPolicyDriver(policyContext.GetBindingAssertions(), out policy))
{
XmlElement element2;
if (policy.TryImportWsspAsymmetricBindingAssertion(importer, policyContext, policyContext.GetBindingAssertions(), out binding, out element2))
{
this.ImportEndpointScopeMessageBindingAssertions(importer, policyContext, binding);
this.ImportOperationScopeSupportingTokensPolicy(importer, policyContext, binding);
this.ImportMessageScopeProtectionPolicy(importer, policyContext);
policyContext.BindingElements.Add(binding);
}
else if (element2 != null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("UnsupportedSecurityPolicyAssertion", new object[] { element2.OuterXml })));
}
}
sbe = binding;
return(binding != null);
}
private bool TryImportAsymmetricSecurityBindingElement(MetadataImporter importer, PolicyConversionContext policyContext, out SecurityBindingElement sbe)
{
AsymmetricSecurityBindingElement binding = null;
XmlElement assertion;
WSSecurityPolicy securityPolicy;
if (WSSecurityPolicy.TryGetSecurityPolicyDriver(policyContext.GetBindingAssertions(), out securityPolicy))
{
if (securityPolicy.TryImportWsspAsymmetricBindingAssertion(importer, policyContext, policyContext.GetBindingAssertions(), out binding, out assertion))
{
this.ImportEndpointScopeMessageBindingAssertions(importer, policyContext, binding);
this.ImportOperationScopeSupportingTokensPolicy(importer, policyContext, binding);
this.ImportMessageScopeProtectionPolicy(importer, policyContext);
policyContext.BindingElements.Add(binding);
}
else if (assertion != null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(string.Format(SRServiceModel.UnsupportedSecurityPolicyAssertion, assertion.OuterXml)));
}
}
sbe = binding;
return(binding != null);
}
static void Main(string[] args)
{
// Setup Log4Net configuration by loading it from configuration file
// log4net is not necessary and is only being used for demonstration
XmlConfigurator.Configure();
// To ensure that the WSP is up and running.
Thread.Sleep(1000);
// Retrieve token
IStsTokenService stsTokenService =
new StsTokenServiceCache(
TokenServiceConfigurationFactory.CreateConfiguration()
);
var securityToken = stsTokenService.GetToken();
// Call WSP with token
var hostname = "https://localhost:8443/HelloWorld/services/helloworld";
var customBinding = new Channels.CustomBinding();
var endpointAddress = new System.ServiceModel.EndpointAddress(
new Uri(hostname),
System.ServiceModel.EndpointIdentity.CreateDnsIdentity(
//"wsp.oioidws-net.dk TEST (funktionscertifikat)"
"eID JAVA test (funktionscertifikat)"
),
new Channels.AddressHeader[] { }
);
var asymmetric =
new Channels.AsymmetricSecurityBindingElement
(
new SecurityTokens.X509SecurityTokenParameters(
SecurityTokens.X509KeyIdentifierClauseType.Any,
SecurityTokens.SecurityTokenInclusionMode.AlwaysToInitiator
),
new Soap.StrCustomization.CustomizedIssuedSecurityTokenParameters(
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
)
{
UseStrTransform = true
}
)
{
AllowSerializedSigningTokenOnReply = true,
ProtectTokens = true
};
asymmetric.SetKeyDerivation(false);
var messageEncoding =
new Channels.TextMessageEncodingBindingElement
{
MessageVersion =
Channels.MessageVersion.Soap12WSAddressing10
};
var transport =
(hostname.ToLower().StartsWith("https://"))
? new Channels.HttpsTransportBindingElement()
: new Channels.HttpTransportBindingElement();
customBinding.Elements.Add(asymmetric);
customBinding.Elements.Add(messageEncoding);
customBinding.Elements.Add(transport);
System.ServiceModel.ChannelFactory <HelloWorldPortType> factory =
new System.ServiceModel.ChannelFactory <HelloWorldPortType>(
customBinding, endpointAddress
);
factory.Credentials.UseIdentityConfiguration = true;
factory.Credentials.ServiceCertificate.SetScopedCertificate(
X509Certificates.StoreLocation.LocalMachine,
X509Certificates.StoreName.My,
X509Certificates.X509FindType.FindByThumbprint,
//"1F0830937C74B0567D6B05C07B6155059D9B10C7",
"85398FCF737FB76F554C6F2422CC39D3A35EC26F",
new Uri(hostname)
);
factory.Endpoint.Behaviors.Add(
new Soap.Behaviors.SoapClientBehavior()
);
var channelWithIssuedToken =
factory.CreateChannelWithIssuedToken(securityToken);
var helloWorldRequestJohn = new HelloWorldRequest("John");
Console.WriteLine(
channelWithIssuedToken.HelloWorld(helloWorldRequestJohn).response
);
var helloWorldRequestJane = new HelloWorldRequest("Jane");
Console.WriteLine(
channelWithIssuedToken.HelloWorld(helloWorldRequestJane).response
);
try
{
// third call will trigger a SOAPFault
var helloWorldRequest = new HelloWorldRequest("");
Console.WriteLine(
channelWithIssuedToken.HelloWorld(helloWorldRequest).response
);
}
catch (Exception ex)
{
Console.WriteLine("Expected SOAPFault caught: " + ex.Message);
}
// Encrypted calls fails client side. However, encryption at message
// level is not required and no further investigation has been
// putted into this issue yet.
//
// Console.WriteLine(channelWithIssuedToken.HelloEncryptAndSign("Schultz"));
Console.WriteLine("Press <Enter> to stop the service.");
Console.ReadLine();
}
public AsymmetricSecurityCapabilities(
AsymmetricSecurityBindingElement element)
{
this.element = element;
}
static void Main(string[] args)
{
// Setup Log4Net configuration by loading it from configuration file
// log4net is not necessary and is only being used for demonstration
XmlConfigurator.Configure();
// To ensure that the WSP is up and running.
Thread.Sleep(1000);
// Retrieve token
IStsTokenService stsTokenService =
new StsTokenServiceCache(
TokenServiceConfigurationFactory.CreateConfiguration()
);
var securityToken = stsTokenService.GetToken();
// Call WSP with token
var hostname = "https://Digst.OioIdws.Wsp:9090/HelloWorld";
var customBinding = new Channels.CustomBinding();
var endpointAddress = new System.ServiceModel.EndpointAddress(
new Uri(hostname),
System.ServiceModel.EndpointIdentity.CreateDnsIdentity(
"wsp.oioidws-net.dk TEST (funktionscertifikat)"
),
new Channels.AddressHeader[] { }
);
var asymmetric =
new Channels.AsymmetricSecurityBindingElement
(
new SecurityTokens.X509SecurityTokenParameters(
SecurityTokens.X509KeyIdentifierClauseType.Any,
SecurityTokens.SecurityTokenInclusionMode.AlwaysToInitiator
),
new Soap.StrCustomization.CustomizedIssuedSecurityTokenParameters(
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
)
{
UseStrTransform = true
}
)
{
AllowSerializedSigningTokenOnReply = true,
ProtectTokens = true
};
asymmetric.SetKeyDerivation(false);
var messageEncoding =
new Channels.TextMessageEncodingBindingElement
{
MessageVersion =
Channels.MessageVersion.Soap12WSAddressing10
};
var transport =
(hostname.ToLower().StartsWith("https://"))
? new Channels.HttpsTransportBindingElement()
: new Channels.HttpTransportBindingElement();
customBinding.Elements.Add(asymmetric);
customBinding.Elements.Add(messageEncoding);
customBinding.Elements.Add(transport);
System.ServiceModel.ChannelFactory <IHelloWorld> factory =
new System.ServiceModel.ChannelFactory <IHelloWorld>(
customBinding, endpointAddress
);
factory.Credentials.UseIdentityConfiguration = true;
factory.Credentials.ServiceCertificate.SetScopedCertificate(
X509Certificates.StoreLocation.LocalMachine,
X509Certificates.StoreName.My,
X509Certificates.X509FindType.FindByThumbprint,
"1F0830937C74B0567D6B05C07B6155059D9B10C7",
new Uri(hostname)
);
factory.Endpoint.Behaviors.Add(
new Soap.Behaviors.SoapClientBehavior()
);
var channelWithIssuedToken =
factory.CreateChannelWithIssuedToken(securityToken);
Console.WriteLine(channelWithIssuedToken.HelloNone("Schultz"));
Console.WriteLine(channelWithIssuedToken.HelloSign("Schultz"));
Console.WriteLine(channelWithIssuedToken.HelloEncryptAndSign("Schultz"));
// Checking that SOAP faults can be read. SOAP faults are encrypted
// in Sign and EncryptAndSign mode if no special care is taken.
try
{
channelWithIssuedToken.HelloSignError("Schultz");
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
// Checking that SOAP faults can be read when only being signed.
// SOAP faults are only signed if special care is taken.
try
{
channelWithIssuedToken.HelloSignErrorNotEncrypted("Schultz");
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
Console.ReadLine();
}