public void InitiateHandShake() { IPeerNeighbor neighbor = host; Message reply = null; Fx.Assert(host != null, "Cannot initiate security handshake without a host!"); //send the RST message. using (OperationContextScope scope = new OperationContextScope(new OperationContext((ServiceHostBase)null))) { PeerHashToken token = this.securityManager.GetSelfToken(); Message request = Message.CreateMessage(MessageVersion.Soap12WSAddressing10, TrustFeb2005Strings.RequestSecurityToken, new PeerRequestSecurityToken(token)); bool fatal = false; try { reply = neighbor.RequestSecurityToken(request); if (!(reply != null)) { throw Fx.AssertAndThrow("SecurityHandshake return empty message!"); } ProcessRstr(neighbor, reply, PeerSecurityManager.FindClaim(ServiceSecurityContext.Current)); } catch (Exception e) { if (Fx.IsFatal(e)) { fatal = true; throw; } DiagnosticUtility.TraceHandledException(e, TraceEventType.Information); this.state = PeerAuthState.Failed; if (DiagnosticUtility.ShouldTraceError) { ServiceSecurityContext context = ServiceSecurityContext.Current; ClaimSet claimSet = null; if (context != null && context.AuthorizationContext != null && context.AuthorizationContext.ClaimSets != null && context.AuthorizationContext.ClaimSets.Count > 0) { claimSet = context.AuthorizationContext.ClaimSets[0]; } PeerAuthenticationFailureTraceRecord record = new PeerAuthenticationFailureTraceRecord( meshId, neighbor.ListenAddress.EndpointAddress.ToString(), claimSet, e); TraceUtility.TraceEvent(TraceEventType.Error, TraceCode.PeerNodeAuthenticationFailure, SR.GetString(SR.TraceCodePeerNodeAuthenticationFailure), record, this, null); } neighbor.Abort(PeerCloseReason.AuthenticationFailure, PeerCloseInitiator.LocalNode); } finally { if (!fatal) { request.Close(); } } } }
public override bool Equals(object token) { PeerHashToken that = token as PeerHashToken; if (that == null) { return(false); } if (Object.ReferenceEquals(that, this)) { return(true); } if (this.authenticator != null && that.authenticator != null && this.authenticator.Length == that.authenticator.Length) { for (int i = 0; i < this.authenticator.Length; i++) { if (this.authenticator[i] != that.authenticator[i]) { return(false); } } return(true); } return(false); }
public PeerRequestSecurityToken(PeerHashToken token) : base() { this.token = token; this.TokenType = PeerHashToken.TokenTypeString; this.RequestType = PeerHashToken.RequestTypeString; }
public static PeerHashToken CreateHashTokenFrom(Message message) { PeerHashToken invalid = PeerHashToken.Invalid; RequestSecurityTokenResponse response = RequestSecurityTokenResponse.CreateFrom(message.GetReaderAtBodyContents(), MessageSecurityVersion.Default, new PeerSecurityTokenSerializer()); if (string.Compare(response.TokenType, "http://schemas.microsoft.com/net/2006/05/peer/peerhashtoken", StringComparison.OrdinalIgnoreCase) == 0) { XmlElement requestSecurityTokenResponseXml = response.RequestSecurityTokenResponseXml; if (requestSecurityTokenResponseXml == null) { return(invalid); } foreach (XmlElement element2 in requestSecurityTokenResponseXml.ChildNodes) { if (PeerRequestSecurityToken.CompareWithNS(element2.LocalName, element2.NamespaceURI, "Status", "http://schemas.xmlsoap.org/ws/2005/02/trust")) { if (element2.ChildNodes.Count == 1) { XmlElement element = element2.ChildNodes[0] as XmlElement; if (PeerRequestSecurityToken.CompareWithNS(element.LocalName, element.NamespaceURI, "Code", "http://schemas.xmlsoap.org/ws/2005/02/trust") && (string.Compare(XmlHelper.ReadTextElementAsTrimmedString(element), "http://schemas.xmlsoap.org/ws/2005/02/trust/status/valid", StringComparison.OrdinalIgnoreCase) != 0)) { return(invalid); } } } else if (PeerRequestSecurityToken.CompareWithNS(element2.LocalName, element2.NamespaceURI, "RequestedSecurityToken", "http://schemas.xmlsoap.org/ws/2005/02/trust")) { return(PeerHashToken.CreateFrom(element2)); } } } return(invalid); }
public void InitiateHandShake() { IPeerNeighbor host = this.host; Message message = null; using (new OperationContextScope(new OperationContext(null))) { PeerHashToken selfToken = this.securityManager.GetSelfToken(); Message request = Message.CreateMessage(MessageVersion.Soap12WSAddressing10, "RequestSecurityToken", (BodyWriter) new PeerRequestSecurityToken(selfToken)); bool flag = false; try { message = host.RequestSecurityToken(request); if (message == null) { throw Fx.AssertAndThrow("SecurityHandshake return empty message!"); } this.ProcessRstr(host, message, PeerSecurityManager.FindClaim(ServiceSecurityContext.Current)); } catch (Exception exception) { if (Fx.IsFatal(exception)) { flag = true; throw; } DiagnosticUtility.ExceptionUtility.TraceHandledException(exception, TraceEventType.Information); this.state = PeerAuthState.Failed; if (DiagnosticUtility.ShouldTraceError) { ServiceSecurityContext current = ServiceSecurityContext.Current; ClaimSet claimSet = null; if (((current != null) && (current.AuthorizationContext != null)) && ((current.AuthorizationContext.ClaimSets != null) && (current.AuthorizationContext.ClaimSets.Count > 0))) { claimSet = current.AuthorizationContext.ClaimSets[0]; } PeerAuthenticationFailureTraceRecord extendedData = new PeerAuthenticationFailureTraceRecord(this.meshId, host.ListenAddress.EndpointAddress.ToString(), claimSet, exception); TraceUtility.TraceEvent(TraceEventType.Error, 0x4004d, System.ServiceModel.SR.GetString("TraceCodePeerNodeAuthenticationFailure"), extendedData, this, null); } host.Abort(PeerCloseReason.AuthenticationFailure, PeerCloseInitiator.LocalNode); } finally { if (!flag) { request.Close(); } } } }
public void ProcessRstr(IPeerNeighbor neighbor, Message message, Claim claim) { PeerHashToken token = PeerRequestSecurityTokenResponse.CreateHashTokenFrom(message); if (!token.IsValid) { this.OnFailed(neighbor); } else if (!this.securityManager.GetExpectedTokenForClaim(claim).Equals(token)) { this.OnFailed(neighbor); } else { this.OnAuthenticated(); } }
public static PeerHashToken CreateHashTokenFrom(Message message) { PeerHashToken invalid = PeerHashToken.Invalid; RequestSecurityToken token2 = RequestSecurityToken.CreateFrom(message.GetReaderAtBodyContents()); if (token2.RequestSecurityTokenXml != null) { foreach (System.Xml.XmlNode node in token2.RequestSecurityTokenXml.ChildNodes) { XmlElement child = (XmlElement)node; if ((child != null) && CompareWithNS(child.LocalName, child.NamespaceURI, "RequestedSecurityToken", "http://schemas.xmlsoap.org/ws/2005/02/trust")) { invalid = PeerHashToken.CreateFrom(child); } } } return(invalid); }
public Message ProcessRst(Message message, Claim claim) { IPeerNeighbor neighbor = host; PeerRequestSecurityTokenResponse response = null; Message reply = null; lock (ThisLock) { if (this.state != PeerAuthState.Created || neighbor == null || neighbor.IsInitiator || neighbor.State != PeerNeighborState.Opened) { OnFailed(neighbor); return(null); } } try { PeerHashToken receivedToken = PeerRequestSecurityToken.CreateHashTokenFrom(message); PeerHashToken expectedToken = securityManager.GetExpectedTokenForClaim(claim); if (!expectedToken.Equals(receivedToken)) { OnFailed(neighbor); } else { this.state = PeerAuthState.Authenticated; PeerHashToken selfToken = securityManager.GetSelfToken(); response = new PeerRequestSecurityTokenResponse(selfToken); reply = Message.CreateMessage(MessageVersion.Soap12WSAddressing10, TrustFeb2005Strings.RequestSecurityTokenResponse, response); OnAuthenticated(); } } catch (Exception e) { if (Fx.IsFatal(e)) { throw; } DiagnosticUtility.TraceHandledException(e, TraceEventType.Information); OnFailed(neighbor); } return(reply); }
public static PeerHashToken CreateHashTokenFrom(Message message) { PeerHashToken token = PeerHashToken.Invalid; RequestSecurityTokenResponse response = RequestSecurityTokenResponse.CreateFrom(message.GetReaderAtBodyContents(), MessageSecurityVersion.Default, new PeerSecurityTokenSerializer()); if (String.Compare(response.TokenType, PeerHashToken.TokenTypeString, StringComparison.OrdinalIgnoreCase) != 0) { return(token); } XmlElement responseXml = response.RequestSecurityTokenResponseXml; if (responseXml != null) { foreach (XmlElement child in responseXml.ChildNodes) { if (PeerRequestSecurityToken.CompareWithNS(child.LocalName, child.NamespaceURI, StatusString, TrustFeb2005Strings.Namespace)) { if (child.ChildNodes.Count == 1) { XmlElement desc = (child.ChildNodes[0] as XmlElement); if (PeerRequestSecurityToken.CompareWithNS(desc.LocalName, desc.NamespaceURI, CodeString, TrustFeb2005Strings.Namespace)) { string code = XmlHelper.ReadTextElementAsTrimmedString(desc); if (String.Compare(code, ValidString, StringComparison.OrdinalIgnoreCase) != 0) { break; } } } } else if (PeerRequestSecurityToken.CompareWithNS(child.LocalName, child.NamespaceURI, TrustFeb2005Strings.RequestedSecurityToken, TrustFeb2005Strings.Namespace)) { token = PeerHashToken.CreateFrom(child); break; } } } return(token); }
public static PeerHashToken CreateHashTokenFrom(Message message) { PeerHashToken token = PeerHashToken.Invalid; XmlReader reader = message.GetReaderAtBodyContents(); RequestSecurityToken rst = RequestSecurityToken.CreateFrom(reader); XmlElement rstXml = rst.RequestSecurityTokenXml; if (rstXml != null) { //find the wrapper element foreach (XmlNode node in rst.RequestSecurityTokenXml.ChildNodes) { XmlElement element = (XmlElement)node; if (element == null || !PeerRequestSecurityToken.CompareWithNS(element.LocalName, element.NamespaceURI, PeerRequestSecurityToken.RequestedSecurityTokenElementName, TrustFeb2005Strings.Namespace)) { continue; } token = PeerHashToken.CreateFrom(element); } } return(token); }
public Message ProcessRst(Message message, Claim claim) { IPeerNeighbor host = this.host; PeerRequestSecurityTokenResponse response = null; Message message2 = null; lock (this.ThisLock) { if (((this.state != PeerAuthState.Created) || (host == null)) || (host.IsInitiator || (host.State != PeerNeighborState.Opened))) { this.OnFailed(host); return(null); } } try { PeerHashToken token = PeerRequestSecurityToken.CreateHashTokenFrom(message); if (!this.securityManager.GetExpectedTokenForClaim(claim).Equals(token)) { this.OnFailed(host); return(message2); } this.state = PeerAuthState.Authenticated; response = new PeerRequestSecurityTokenResponse(this.securityManager.GetSelfToken()); message2 = Message.CreateMessage(MessageVersion.Soap12WSAddressing10, "RequestSecurityTokenResponse", (BodyWriter)response); this.OnAuthenticated(); } catch (Exception exception) { if (Fx.IsFatal(exception)) { throw; } DiagnosticUtility.ExceptionUtility.TraceHandledException(exception, TraceEventType.Information); this.OnFailed(host); } return(message2); }
public override bool Equals(object token) { PeerHashToken objA = token as PeerHashToken; if (objA == null) { return(false); } if (!object.ReferenceEquals(objA, this)) { if (((this.authenticator == null) || (objA.authenticator == null)) || (this.authenticator.Length != objA.authenticator.Length)) { return(false); } for (int i = 0; i < this.authenticator.Length; i++) { if (this.authenticator[i] != objA.authenticator[i]) { return(false); } } } return(true); }
public static RequestSecurityTokenResponse CreateFrom(X509Certificate2 credential, string password) { PeerHashToken token = new PeerHashToken(credential, password); return(new PeerRequestSecurityTokenResponse(token)); }
public PeerRequestSecurityTokenResponse(PeerHashToken token) { this.token = token; this.isValid = (token != null && token.IsValid); }
public static bool AuthenticateResponse(Claim claim, string password, Message message) { PeerHashToken request = PeerRequestSecurityTokenResponse.CreateHashTokenFrom(message); return(request.Validate(claim, password)); }
public PeerRequestSecurityToken(PeerHashToken token) { this.token = token; base.TokenType = "http://schemas.microsoft.com/net/2006/05/peer/peerhashtoken"; base.RequestType = "http://schemas.xmlsoap.org/ws/2005/02/trust/Validate"; }