void RemoveIdentityMapping(bool aborting)
{
if (this.cleanupIdentity)
{
lock (this.ThisLock)
{
if (this.cleanupIdentity)
{
this.cleanupIdentity = false;
HttpTransportSecurityHelpers.RemoveIdentityMapping(Via, RemoteAddress, !aborting);
}
}
}
}
private void AddServerCertMappingOrSetRemoteCertificateValidationCallback(HttpClientHandler httpClientHandler, EndpointAddress to)
{
Fx.Assert(httpClientHandler != null, "httpClientHandler should not be null.");
if (_sslCertificateValidator != null)
{
httpClientHandler.ServerCertificateCustomValidationCallback = _remoteCertificateValidationCallback;
}
else
{
if (to.Identity is X509CertificateEndpointIdentity)
{
HttpTransportSecurityHelpers.SetServerCertificateValidationCallback(httpClientHandler);
}
}
}
private void AddServerCertMappingOrSetRemoteCertificateValidationCallback(ServiceModelHttpMessageHandler messageHandler, EndpointAddress to)
{
Fx.Assert(messageHandler != null, "httpMessageHandler should not be null.");
if (_sslCertificateValidator != null)
{
if (!messageHandler.SupportsClientCertificates)
{
throw ExceptionHelper.PlatformNotSupported("Client certificates not supported yet");
}
messageHandler.ServerCertificateValidationCallback = _remoteCertificateValidationCallback;
}
else
{
HttpTransportSecurityHelpers.SetServerCertificateValidationCallback(messageHandler);
}
}
HttpWebRequest CreateHttpWebRequest(TimeSpan timeout)
{
TimeoutHelper helper = new TimeoutHelper(timeout);
ChannelParameterCollection channelParameterCollection = new ChannelParameterCollection();
HttpWebRequest request;
if (HttpChannelFactory <IDuplexSessionChannel> .MapIdentity(this.RemoteAddress, this.channelFactory.AuthenticationScheme))
{
lock (ThisLock)
{
this.cleanupIdentity = HttpTransportSecurityHelpers.AddIdentityMapping(Via, RemoteAddress);
}
}
this.channelFactory.CreateAndOpenTokenProviders(
this.RemoteAddress,
this.Via,
channelParameterCollection,
helper.RemainingTime(),
out this.webRequestTokenProvider,
out this.webRequestProxyTokenProvider);
SecurityTokenContainer clientCertificateToken = null;
HttpsChannelFactory <IDuplexSessionChannel> httpsChannelFactory = this.channelFactory as HttpsChannelFactory <IDuplexSessionChannel>;
if (httpsChannelFactory != null && httpsChannelFactory.RequireClientCertificate)
{
SecurityTokenProvider certificateProvider = httpsChannelFactory.CreateAndOpenCertificateTokenProvider(this.RemoteAddress, this.Via, channelParameterCollection, helper.RemainingTime());
clientCertificateToken = httpsChannelFactory.GetCertificateSecurityToken(certificateProvider, this.RemoteAddress, this.Via, channelParameterCollection, ref helper);
}
request = this.channelFactory.GetWebRequest(this.RemoteAddress, this.Via, this.webRequestTokenProvider, this.webRequestProxyTokenProvider, clientCertificateToken, helper.RemainingTime(), true);
// If a web socket connection factory is specified (for example, when using web sockets on pre-Win8 OS),
// we're going to use the protocol version from it. At the moment, on pre-Win8 OS, the HttpWebRequest
// created above doesn't have the version header specified.
if (this.connectionFactory != null)
{
this.UseWebSocketVersionFromFactory(request);
}
this.webSocketKey = request.Headers[WebSocketHelper.SecWebSocketKey];
this.ConfigureHttpWebRequestHeader(request);
request.Timeout = (int)helper.RemainingTime().TotalMilliseconds;
return(request);
}
private static void OnGetBaseWebRequestCallback(IAsyncResult result)
{
if (!result.CompletedSynchronously)
{
HttpsChannelFactory.HttpsRequestChannel.GetWebRequestAsyncResult asyncState = (HttpsChannelFactory.HttpsRequestChannel.GetWebRequestAsyncResult)result.AsyncState;
Exception exception = null;
try
{
asyncState.request = asyncState.httpsChannel.EndBaseGetWebRequest(result);
HttpTransportSecurityHelpers.AddServerCertMapping(asyncState.request, asyncState.to);
}
catch (Exception exception2)
{
if (Fx.IsFatal(exception2))
{
throw;
}
exception = exception2;
}
asyncState.Complete(false, exception);
}
}
protected internal override async Task OnOpenAsync(TimeSpan timeout)
{
TimeoutHelper helper = new TimeoutHelper(timeout);
bool success = false;
try
{
if (WcfEventSource.Instance.WebSocketConnectionRequestSendStartIsEnabled())
{
WcfEventSource.Instance.WebSocketConnectionRequestSendStart(
EventTraceActivity,
RemoteAddress != null ? RemoteAddress.ToString() : string.Empty);
}
ChannelParameterCollection channelParameterCollection = new ChannelParameterCollection();
if (HttpChannelFactory <IDuplexSessionChannel> .MapIdentity(this.RemoteAddress, _channelFactory.AuthenticationScheme))
{
lock (ThisLock)
{
_cleanupIdentity = HttpTransportSecurityHelpers.AddIdentityMapping(Via, RemoteAddress);
}
}
X509Certificate2 clientCertificate = null;
HttpsChannelFactory <IDuplexSessionChannel> httpsChannelFactory = _channelFactory as HttpsChannelFactory <IDuplexSessionChannel>;
if (httpsChannelFactory != null && httpsChannelFactory.RequireClientCertificate)
{
var certificateProvider = httpsChannelFactory.CreateAndOpenCertificateTokenProvider(RemoteAddress, Via, channelParameterCollection, helper.RemainingTime());
var clientCertificateToken = httpsChannelFactory.GetCertificateSecurityToken(certificateProvider, RemoteAddress, Via, channelParameterCollection, ref helper);
var x509Token = (X509SecurityToken)clientCertificateToken.Token;
clientCertificate = x509Token.Certificate;
}
try
{
WebSocket = await CreateWebSocketWithFactoryAsync(clientCertificate, helper);
}
finally
{
if (WebSocket != null && _cleanupStarted)
{
WebSocket.Abort();
CommunicationObjectAbortedException communicationObjectAbortedException = new CommunicationObjectAbortedException(
new WebSocketException(WebSocketError.ConnectionClosedPrematurely).Message);
FxTrace.Exception.AsWarning(communicationObjectAbortedException);
throw communicationObjectAbortedException;
}
}
bool inputUseStreaming = TransferModeHelper.IsResponseStreamed(TransferMode);
SetMessageSource(new WebSocketMessageSource(
this,
WebSocket,
inputUseStreaming,
this));
success = true;
if (WcfEventSource.Instance.WebSocketConnectionRequestSendStopIsEnabled())
{
WcfEventSource.Instance.WebSocketConnectionRequestSendStop(
EventTraceActivity,
WebSocket != null ? WebSocket.GetHashCode() : -1);
}
}
catch (WebSocketException ex)
{
if (WcfEventSource.Instance.WebSocketConnectionFailedIsEnabled())
{
WcfEventSource.Instance.WebSocketConnectionFailed(EventTraceActivity, ex.Message);
}
TryConvertAndThrow(ex);
}
finally
{
CleanupTokenProviders();
if (!success)
{
CleanupOnError();
}
}
}
internal override void OnWebRequestCompleted(HttpWebRequest request)
{
HttpTransportSecurityHelpers.RemoveServerCertMapping(request);
}
private async Task <WebSocket> CreateWebSocketWithFactoryAsync(X509Certificate2 certificate, TimeoutHelper timeoutHelper)
{
Contract.Assert(_connectionFactory != null, "Invalid call: CreateWebSocketWithFactory.");
if (WcfEventSource.Instance.WebSocketCreateClientWebSocketWithFactoryIsEnabled())
{
WcfEventSource.Instance.WebSocketCreateClientWebSocketWithFactory(EventTraceActivity, _connectionFactory.GetType().FullName);
}
// Create the client WebSocket with the factory.
WebSocket ws;
try
{
if (certificate != null)
{
throw ExceptionHelper.PlatformNotSupported("client certificates not supported yet");
}
var headers = new WebHeaderCollection();
headers[WebSocketTransportSettings.SoapContentTypeHeader] = _channelFactory.WebSocketSoapContentType;
if (_channelFactory.MessageEncoderFactory is BinaryMessageEncoderFactory)
{
headers[WebSocketTransportSettings.BinaryEncoderTransferModeHeader] = _channelFactory.TransferMode.ToString();
}
if (HttpChannelFactory <IDuplexSessionChannel> .MapIdentity(RemoteAddress, _channelFactory.AuthenticationScheme))
{
headers[HttpRequestHeader.Host] = HttpTransportSecurityHelpers.GeIdentityHostHeader(RemoteAddress);
}
var credentials = _channelFactory.GetCredentials();
ws = await _connectionFactory.CreateWebSocketAsync(Via, headers, credentials, WebSocketSettings.Clone(), timeoutHelper);
}
catch (Exception e)
{
if (Fx.IsFatal(e))
{
throw;
}
throw FxTrace.Exception.AsError(new InvalidOperationException(SR.Format(SR.ClientWebSocketFactory_CreateWebSocketFailed, _connectionFactory.GetType().Name), e));
}
// The returned WebSocket should be valid (non-null), in an opened state and with the same SubProtocol that we requested.
if (ws == null)
{
throw FxTrace.Exception.AsError(new InvalidOperationException(SR.Format(SR.ClientWebSocketFactory_InvalidWebSocket, _connectionFactory.GetType().Name)));
}
if (ws.State != WebSocketState.Open)
{
ws.Dispose();
throw FxTrace.Exception.AsError(new InvalidOperationException(SR.Format(SR.ClientWebSocketFactory_InvalidWebSocket, _connectionFactory.GetType().Name)));
}
string requested = WebSocketSettings.SubProtocol;
string obtained = ws.SubProtocol;
if (!(requested == null ? string.IsNullOrWhiteSpace(obtained) : requested.Equals(obtained, StringComparison.OrdinalIgnoreCase)))
{
ws.Dispose();
throw FxTrace.Exception.AsError(new InvalidOperationException(SR.Format(SR.ClientWebSocketFactory_InvalidSubProtocol, _connectionFactory.GetType().Name, obtained, requested)));
}
return(ws);
}