public PeerClientSecurityTokenManager(PeerSecurityManager parent, SecurityTokenManager manager, PeerAuthenticationMode mode, bool messageAuth)
{
this.delegateManager = manager;
this.mode = mode;
this.messageAuth = messageAuth;
this.parent = parent;
}
public PeerNodeConfig(string meshId, ulong nodeId, PeerResolver resolver, PeerMessagePropagationFilter messagePropagationFilter, System.ServiceModel.Channels.MessageEncoder encoder, Uri listenUri, IPAddress listenIPAddress, int port, long maxReceivedMessageSize, int minNeighbors, int idealNeighbors, int maxNeighbors, int maxReferrals, int connectTimeout, int maintainerInterval, PeerSecurityManager securityManager, XmlDictionaryReaderQuotas readerQuotas, long maxBufferPool, int maxSendQueueSize, int maxReceiveQueueSize)
{
this.connectTimeout = connectTimeout;
this.listenIPAddress = listenIPAddress;
this.listenUri = listenUri;
this.maxReceivedMessageSize = maxReceivedMessageSize;
this.minNeighbors = minNeighbors;
this.idealNeighbors = idealNeighbors;
this.maxNeighbors = maxNeighbors;
this.maxReferrals = maxReferrals;
this.maxReferralCacheSize = 50;
this.maxResolveAddresses = 3;
this.meshId = meshId;
this.encoder = encoder;
this.messagePropagationFilter = messagePropagationFilter;
this.nodeId = nodeId;
this.port = port;
this.resolver = resolver;
this.maintainerInterval = maintainerInterval;
this.maintainerRetryInterval = new TimeSpan(0x5f5e100L);
this.maintainerTimeout = new TimeSpan(0x47868c00L);
this.unregisterTimeout = new TimeSpan(0x47868c00L);
this.securityManager = securityManager;
readerQuotas.CopyTo(this.readerQuotas);
this.maxBufferPoolSize = maxBufferPool;
this.maxIncomingConcurrentCalls = maxReceiveQueueSize;
this.maxSendQueueSize = maxSendQueueSize;
}
public PeerClientSecurityTokenManager(PeerSecurityManager parent, PeerCredential credential, PeerAuthenticationMode mode, bool messageAuth)
{
this.credential = credential;
this.mode = mode;
this.messageAuth = messageAuth;
this.parent = parent;
}
public void CheckIfCompatibleNodeSettings(object other)
{
string mismatch = null;
PeerSecurityManager that = other as PeerSecurityManager;
if (that == null)
{
mismatch = PeerBindingPropertyNames.Security;
}
else if (this.authenticationMode != that.authenticationMode)
{
mismatch = PeerBindingPropertyNames.SecurityDotMode;
}
else if (this.authenticationMode == PeerAuthenticationMode.None)
{
return;
}
else if (!this.tokenManager.Equals(that.tokenManager))
{
if (this.credManager != null)
{
this.credManager.CheckIfCompatible(that.credManager);
}
else
{
Fx.Assert(typeof(PeerSecurityCredentialsManager.PeerClientSecurityTokenManager).IsAssignableFrom(tokenManager.GetType()), "");
mismatch = PeerBindingPropertyNames.Credentials;
}
}
if (mismatch != null)
{
PeerExceptionHelper.ThrowInvalidOperation_PeerConflictingPeerNodeSettings(mismatch);
}
}
public void InitiateHandShake()
{
IPeerNeighbor neighbor = host;
Message reply = null;
Fx.Assert(host != null, "Cannot initiate security handshake without a host!");
//send the RST message.
using (OperationContextScope scope = new OperationContextScope(new OperationContext((ServiceHostBase)null)))
{
PeerHashToken token = this.securityManager.GetSelfToken();
Message request = Message.CreateMessage(MessageVersion.Soap12WSAddressing10, TrustFeb2005Strings.RequestSecurityToken, new PeerRequestSecurityToken(token));
bool fatal = false;
try
{
reply = neighbor.RequestSecurityToken(request);
if (!(reply != null))
{
throw Fx.AssertAndThrow("SecurityHandshake return empty message!");
}
ProcessRstr(neighbor, reply, PeerSecurityManager.FindClaim(ServiceSecurityContext.Current));
}
catch (Exception e)
{
if (Fx.IsFatal(e))
{
fatal = true;
throw;
}
DiagnosticUtility.TraceHandledException(e, TraceEventType.Information);
this.state = PeerAuthState.Failed;
if (DiagnosticUtility.ShouldTraceError)
{
ServiceSecurityContext context = ServiceSecurityContext.Current;
ClaimSet claimSet = null;
if (context != null && context.AuthorizationContext != null && context.AuthorizationContext.ClaimSets != null && context.AuthorizationContext.ClaimSets.Count > 0)
{
claimSet = context.AuthorizationContext.ClaimSets[0];
}
PeerAuthenticationFailureTraceRecord record = new PeerAuthenticationFailureTraceRecord(
meshId,
neighbor.ListenAddress.EndpointAddress.ToString(),
claimSet,
e);
TraceUtility.TraceEvent(TraceEventType.Error,
TraceCode.PeerNodeAuthenticationFailure, SR.GetString(SR.TraceCodePeerNodeAuthenticationFailure),
record, this, null);
}
neighbor.Abort(PeerCloseReason.AuthenticationFailure, PeerCloseInitiator.LocalNode);
}
finally
{
if (!fatal)
{
request.Close();
}
}
}
}
public PeerChannelAuthenticatorExtension(PeerSecurityManager securityManager, EventHandler onSucceeded, EventArgs args, string meshId)
{
this.securityManager = securityManager;
this.state = PeerAuthState.Created;
this.originalArgs = args;
this.onSucceeded = onSucceeded;
this.meshId = meshId;
}
public void InitiateHandShake()
{
IPeerNeighbor host = this.host;
Message message = null;
using (new OperationContextScope(new OperationContext(null)))
{
PeerHashToken selfToken = this.securityManager.GetSelfToken();
Message request = Message.CreateMessage(MessageVersion.Soap12WSAddressing10, "RequestSecurityToken", (BodyWriter) new PeerRequestSecurityToken(selfToken));
bool flag = false;
try
{
message = host.RequestSecurityToken(request);
if (message == null)
{
throw Fx.AssertAndThrow("SecurityHandshake return empty message!");
}
this.ProcessRstr(host, message, PeerSecurityManager.FindClaim(ServiceSecurityContext.Current));
}
catch (Exception exception)
{
if (Fx.IsFatal(exception))
{
flag = true;
throw;
}
DiagnosticUtility.ExceptionUtility.TraceHandledException(exception, TraceEventType.Information);
this.state = PeerAuthState.Failed;
if (DiagnosticUtility.ShouldTraceError)
{
ServiceSecurityContext current = ServiceSecurityContext.Current;
ClaimSet claimSet = null;
if (((current != null) && (current.AuthorizationContext != null)) && ((current.AuthorizationContext.ClaimSets != null) && (current.AuthorizationContext.ClaimSets.Count > 0)))
{
claimSet = current.AuthorizationContext.ClaimSets[0];
}
PeerAuthenticationFailureTraceRecord extendedData = new PeerAuthenticationFailureTraceRecord(this.meshId, host.ListenAddress.EndpointAddress.ToString(), claimSet, exception);
TraceUtility.TraceEvent(TraceEventType.Error, 0x4004d, System.ServiceModel.SR.GetString("TraceCodePeerNodeAuthenticationFailure"), extendedData, this, null);
}
host.Abort(PeerCloseReason.AuthenticationFailure, PeerCloseInitiator.LocalNode);
}
finally
{
if (!flag)
{
request.Close();
}
}
}
}
internal PeerChannelFactory(PeerTransportBindingElement bindingElement, BindingContext context, PeerResolver peerResolver) : base(bindingElement, context)
{
this.listenIPAddress = bindingElement.ListenIPAddress;
this.port = bindingElement.Port;
this.resolver = peerResolver;
this.readerQuotas = new XmlDictionaryReaderQuotas();
BinaryMessageEncodingBindingElement element = context.Binding.Elements.Find <BinaryMessageEncodingBindingElement>();
if (element != null)
{
element.ReaderQuotas.CopyTo(this.readerQuotas);
}
else
{
EncoderDefaults.ReaderQuotas.CopyTo(this.readerQuotas);
}
this.securityManager = PeerSecurityManager.Create(bindingElement.Security, context, this.readerQuotas);
this.securityCapabilities = bindingElement.GetProperty <ISecurityCapabilities>(context);
}
static public PeerSecurityManager Create(PeerAuthenticationMode authenticationMode, bool signMessages, BindingContext context, XmlDictionaryReaderQuotas readerQuotas)
{
if (authenticationMode == PeerAuthenticationMode.None && !signMessages)
{
return(CreateDummy());
}
// test FIPS mode
if (authenticationMode == PeerAuthenticationMode.Password)
{
try
{
using (HMACSHA256 algo = new HMACSHA256())
{
using (SHA256Managed sha = new SHA256Managed()) { }
}
}
catch (InvalidOperationException e)
{
DiagnosticUtility.TraceHandledException(e, TraceEventType.Information);
PeerExceptionHelper.ThrowInvalidOperation_InsufficientCryptoSupport(e);
}
}
ChannelProtectionRequirements reqs = context.BindingParameters.Find <ChannelProtectionRequirements>();
PeerSecurityCredentialsManager credman = GetCredentialsManager(authenticationMode, signMessages, context);
if (credman.Credential != null)
{
//for compatibility with existing code:
ValidateCredentialSettings(authenticationMode, signMessages, credman.Credential);
}
PeerSecurityManager manager = Create(authenticationMode, signMessages, credman, reqs, readerQuotas);
credman.Parent = manager;
manager.ApplyAuditBehaviorSettings(context);
return(manager);
}
public void CheckIfCompatibleNodeSettings(object other)
{
string propertyName = null;
PeerSecurityManager manager = other as PeerSecurityManager;
if (manager == null)
{
propertyName = PeerBindingPropertyNames.Security;
}
else if (this.authenticationMode != manager.authenticationMode)
{
propertyName = PeerBindingPropertyNames.SecurityDotMode;
}
else
{
if (this.authenticationMode == PeerAuthenticationMode.None)
{
return;
}
if (!this.tokenManager.Equals(manager.tokenManager))
{
if (this.credManager != null)
{
this.credManager.CheckIfCompatible(manager.credManager);
}
else
{
propertyName = PeerBindingPropertyNames.Credentials;
}
}
}
if (propertyName != null)
{
PeerExceptionHelper.ThrowInvalidOperation_PeerConflictingPeerNodeSettings(propertyName);
}
}
public bool HasCompatibleMessageSecurity(PeerSecurityManager that)
{
return(this.MessageAuthentication == that.MessageAuthentication);
}
static public PeerSecurityManager Create(PeerAuthenticationMode authenticationMode, bool messageAuthentication, PeerSecurityCredentialsManager credman, ChannelProtectionRequirements reqs, XmlDictionaryReaderQuotas readerQuotas)
{
PeerSecurityManager manager = null;
X509CertificateValidator connectionValidator = null;
X509CertificateValidator messageValidator = null;
PeerCredential credential = credman.Credential;
if (null == credential && credman == null)
{
if (authenticationMode != PeerAuthenticationMode.None || messageAuthentication)
{
PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Credentials);
}
//create one that doesnt have any credentials in it.
return(CreateDummy());
}
manager = new PeerSecurityManager(authenticationMode, messageAuthentication);
manager.credManager = credman;
manager.password = credman.Password;
manager.readerQuotas = readerQuotas;
if (reqs != null)
{
manager.protection = new ChannelProtectionRequirements(reqs);
}
manager.tokenManager = credman.CreateSecurityTokenManager();
if (credential == null)
{
return(manager);
}
switch (authenticationMode)
{
case PeerAuthenticationMode.None:
break;
case PeerAuthenticationMode.Password:
{
manager.password = credential.MeshPassword;
if (String.IsNullOrEmpty(manager.credManager.Password))
{
PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Password);
}
connectionValidator = X509CertificateValidator.None;
}
break;
case PeerAuthenticationMode.MutualCertificate:
{
if (manager.credManager.Certificate == null)
{
PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Certificate);
}
if (!credential.PeerAuthentication.TryGetCertificateValidator(out connectionValidator))
{
PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.PeerAuthentication);
}
}
break;
}
if (messageAuthentication)
{
if (credential.MessageSenderAuthentication != null)
{
if (!credential.MessageSenderAuthentication.TryGetCertificateValidator(out messageValidator))
{
PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.MessageSenderAuthentication);
}
}
else
{
PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.MessageSenderAuthentication);
}
}
return(manager);
}
internal static PeerSecurityManager CreateDummy()
{
PeerSecurityManager manager = new PeerSecurityManager(PeerAuthenticationMode.None, false);
return(manager);
}
public static PeerSecurityManager Create(PeerAuthenticationMode authenticationMode, bool messageAuthentication, PeerSecurityCredentialsManager credman, ChannelProtectionRequirements reqs, XmlDictionaryReaderQuotas readerQuotas)
{
PeerSecurityManager manager = null;
X509CertificateValidator none = null;
X509CertificateValidator validator2 = null;
PeerCredential credential = credman.Credential;
if ((credential == null) && (credman == null))
{
if ((authenticationMode != PeerAuthenticationMode.None) || messageAuthentication)
{
PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Credentials);
}
return(CreateDummy());
}
manager = new PeerSecurityManager(authenticationMode, messageAuthentication)
{
credManager = credman,
password = credman.Password,
readerQuotas = readerQuotas
};
if (reqs != null)
{
manager.protection = new ChannelProtectionRequirements(reqs);
}
manager.tokenManager = credman.CreateSecurityTokenManager();
if (credential != null)
{
switch (authenticationMode)
{
case PeerAuthenticationMode.Password:
manager.password = credential.MeshPassword;
if (string.IsNullOrEmpty(manager.credManager.Password))
{
PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Password);
}
none = X509CertificateValidator.None;
break;
case PeerAuthenticationMode.MutualCertificate:
if (manager.credManager.Certificate == null)
{
PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Certificate);
}
if (!credential.PeerAuthentication.TryGetCertificateValidator(out none))
{
PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.PeerAuthentication);
}
break;
}
if (messageAuthentication)
{
if (credential.MessageSenderAuthentication != null)
{
if (!credential.MessageSenderAuthentication.TryGetCertificateValidator(out validator2))
{
PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.MessageSenderAuthentication);
}
return(manager);
}
PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.MessageSenderAuthentication);
}
}
return(manager);
}
