internal override SecurityProtocolFactory CreateSecurityProtocolFactory <TChannel>(BindingContext context, SecurityCredentialsManager credentialsManager, bool isForService, BindingContext issuerBindingContext) { if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } if (credentialsManager == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("credentialsManager"); } if (this.ProtectionTokenParameters == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("SymmetricSecurityBindingElementNeedsProtectionTokenParameters", new object[] { this.ToString() }))); } SymmetricSecurityProtocolFactory factory = new SymmetricSecurityProtocolFactory(); if (isForService) { base.ApplyAuditBehaviorSettings(context, factory); } factory.SecurityTokenParameters = this.ProtectionTokenParameters.Clone(); SecurityBindingElement.SetIssuerBindingContextIfRequired(factory.SecurityTokenParameters, issuerBindingContext); factory.ApplyConfidentiality = true; factory.RequireConfidentiality = true; factory.ApplyIntegrity = true; factory.RequireIntegrity = true; factory.IdentityVerifier = base.LocalClientSettings.IdentityVerifier; factory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation; factory.MessageProtectionOrder = this.MessageProtectionOrder; factory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, isForService)); base.ConfigureProtocolFactory(factory, credentialsManager, isForService, issuerBindingContext, context.Binding); return(factory); }
/* * /// <summary>Sets a value that indicates whether derived keys are required.</summary> * /// <param name="requireDerivedKeys">true to indicate that derived keys are required; otherwise, false.</param> * public override void SetKeyDerivation(bool requireDerivedKeys) * { * base.SetKeyDerivation(requireDerivedKeys); * if (this.protectionTokenParameters == null) * return; * this.protectionTokenParameters.RequireDerivedKeys = requireDerivedKeys; * } * * internal override bool IsSetKeyDerivation(bool requireDerivedKeys) * { * return base.IsSetKeyDerivation(requireDerivedKeys) && (this.protectionTokenParameters == null || this.protectionTokenParameters.RequireDerivedKeys == requireDerivedKeys); * }*/ // Nothing to override internal override SecurityProtocolFactory CreateSecurityProtocolFactory <TChannel>(BindingContext context, SecurityCredentialsManager credentialsManager, bool isForService, BindingContext issuerBindingContext) { if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } if (credentialsManager == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("credentialsManager"); } if (this.ProtectionTokenParameters == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError((Exception) new InvalidOperationException(SR.GetString("SymmetricSecurityBindingElementNeedsProtectionTokenParameters", new object[1] { (object)this.ToString() }))); } #if FEATURE_CORECLR throw new NotImplementedException("SymmetricSecurityProtocolFactory not supported in .NET Core"); #else SymmetricSecurityProtocolFactory securityProtocolFactory = new SymmetricSecurityProtocolFactory(); if (isForService) { this.ApplyAuditBehaviorSettings(context, (SecurityProtocolFactory)securityProtocolFactory); } securityProtocolFactory.SecurityTokenParameters = this.ProtectionTokenParameters.Clone(); SecurityBindingElement.SetIssuerBindingContextIfRequired(securityProtocolFactory.SecurityTokenParameters, issuerBindingContext); securityProtocolFactory.ApplyConfidentiality = true; securityProtocolFactory.RequireConfidentiality = true; securityProtocolFactory.ApplyIntegrity = true; securityProtocolFactory.RequireIntegrity = true; securityProtocolFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier; securityProtocolFactory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation; securityProtocolFactory.MessageProtectionOrder = this.MessageProtectionOrder; securityProtocolFactory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements((SecurityBindingElement)this, context.BindingParameters, context.Binding.Elements, isForService)); this.ConfigureProtocolFactory((SecurityProtocolFactory)securityProtocolFactory, credentialsManager, isForService, issuerBindingContext, (Binding)context.Binding); return((SecurityProtocolFactory)securityProtocolFactory); #endif }
internal override SecurityProtocolFactory CreateSecurityProtocolFactory <TChannel>(BindingContext context, SecurityCredentialsManager credentialsManager, bool isForService, BindingContext issuerBindingContext) { if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } if (credentialsManager == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("credentialsManager"); } if (this.InitiatorTokenParameters == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("AsymmetricSecurityBindingElementNeedsInitiatorTokenParameters", new object[] { this.ToString() }))); } if (this.RecipientTokenParameters == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("AsymmetricSecurityBindingElementNeedsRecipientTokenParameters", new object[] { this.ToString() }))); } bool flag = !this.isCertificateSignatureBinding && ((typeof(IDuplexChannel) == typeof(TChannel)) || (typeof(IDuplexSessionChannel) == typeof(TChannel))); AsymmetricSecurityProtocolFactory factory = new AsymmetricSecurityProtocolFactory(); factory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, isForService)); factory.RequireConfidentiality = this.HasProtectionRequirements(factory.ProtectionRequirements.IncomingEncryptionParts); factory.RequireIntegrity = this.HasProtectionRequirements(factory.ProtectionRequirements.IncomingSignatureParts); if (this.isCertificateSignatureBinding) { if (isForService) { factory.ApplyIntegrity = factory.ApplyConfidentiality = false; } else { factory.ApplyConfidentiality = factory.RequireIntegrity = false; } } else { factory.ApplyIntegrity = this.HasProtectionRequirements(factory.ProtectionRequirements.OutgoingSignatureParts); factory.ApplyConfidentiality = this.HasProtectionRequirements(factory.ProtectionRequirements.OutgoingEncryptionParts); } if (isForService) { base.ApplyAuditBehaviorSettings(context, factory); if (factory.RequireConfidentiality || (!this.isCertificateSignatureBinding && factory.ApplyIntegrity)) { factory.AsymmetricTokenParameters = this.RecipientTokenParameters.Clone(); } else { factory.AsymmetricTokenParameters = null; } factory.CryptoTokenParameters = this.InitiatorTokenParameters.Clone(); SecurityBindingElement.SetIssuerBindingContextIfRequired(factory.CryptoTokenParameters, issuerBindingContext); } else { if (factory.ApplyConfidentiality || (!this.isCertificateSignatureBinding && factory.RequireIntegrity)) { factory.AsymmetricTokenParameters = this.RecipientTokenParameters.Clone(); } else { factory.AsymmetricTokenParameters = null; } factory.CryptoTokenParameters = this.InitiatorTokenParameters.Clone(); SecurityBindingElement.SetIssuerBindingContextIfRequired(factory.CryptoTokenParameters, issuerBindingContext); } if (flag) { if (isForService) { factory.ApplyConfidentiality = factory.ApplyIntegrity = false; } else { factory.RequireIntegrity = factory.RequireConfidentiality = false; } } else if (!isForService) { factory.AllowSerializedSigningTokenOnReply = this.AllowSerializedSigningTokenOnReply; } factory.IdentityVerifier = base.LocalClientSettings.IdentityVerifier; factory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation; factory.MessageProtectionOrder = this.MessageProtectionOrder; base.ConfigureProtocolFactory(factory, credentialsManager, isForService, issuerBindingContext, context.Binding); if (!factory.RequireIntegrity) { factory.DetectReplays = false; } if (!flag) { return(factory); } AsymmetricSecurityProtocolFactory factory3 = new AsymmetricSecurityProtocolFactory(); if (isForService) { factory3.AsymmetricTokenParameters = this.InitiatorTokenParameters.Clone(); factory3.AsymmetricTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External; factory3.AsymmetricTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never; factory3.CryptoTokenParameters = this.RecipientTokenParameters.Clone(); factory3.CryptoTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal; factory3.CryptoTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient; factory3.IdentityVerifier = null; } else { factory3.AsymmetricTokenParameters = this.InitiatorTokenParameters.Clone(); factory3.AsymmetricTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External; factory3.AsymmetricTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never; factory3.CryptoTokenParameters = this.RecipientTokenParameters.Clone(); factory3.CryptoTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal; factory3.CryptoTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient; factory3.IdentityVerifier = base.LocalClientSettings.IdentityVerifier; } factory3.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation; factory3.MessageProtectionOrder = this.MessageProtectionOrder; factory3.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, isForService)); if (isForService) { factory3.ApplyConfidentiality = this.HasProtectionRequirements(factory3.ProtectionRequirements.OutgoingEncryptionParts); factory3.ApplyIntegrity = true; factory3.RequireIntegrity = factory3.RequireConfidentiality = false; } else { factory3.RequireConfidentiality = this.HasProtectionRequirements(factory3.ProtectionRequirements.IncomingEncryptionParts); factory3.RequireIntegrity = true; factory3.ApplyIntegrity = factory3.ApplyConfidentiality = false; } base.ConfigureProtocolFactory(factory3, credentialsManager, !isForService, issuerBindingContext, context.Binding); if (!factory3.RequireIntegrity) { factory3.DetectReplays = false; } factory3.IsDuplexReply = true; return(new DuplexSecurityProtocolFactory { ForwardProtocolFactory = factory, ReverseProtocolFactory = factory3 }); }