internal override SecurityProtocolFactory CreateSecurityProtocolFactory <TChannel>(BindingContext context, SecurityCredentialsManager credentialsManager, bool isForService, BindingContext issuerBindingContext)
{
if (context == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
}
if (credentialsManager == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("credentialsManager");
}
if (this.ProtectionTokenParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("SymmetricSecurityBindingElementNeedsProtectionTokenParameters", new object[] { this.ToString() })));
}
SymmetricSecurityProtocolFactory factory = new SymmetricSecurityProtocolFactory();
if (isForService)
{
base.ApplyAuditBehaviorSettings(context, factory);
}
factory.SecurityTokenParameters = this.ProtectionTokenParameters.Clone();
SecurityBindingElement.SetIssuerBindingContextIfRequired(factory.SecurityTokenParameters, issuerBindingContext);
factory.ApplyConfidentiality = true;
factory.RequireConfidentiality = true;
factory.ApplyIntegrity = true;
factory.RequireIntegrity = true;
factory.IdentityVerifier = base.LocalClientSettings.IdentityVerifier;
factory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
factory.MessageProtectionOrder = this.MessageProtectionOrder;
factory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, isForService));
base.ConfigureProtocolFactory(factory, credentialsManager, isForService, issuerBindingContext, context.Binding);
return(factory);
}
/*
* /// <summary>Sets a value that indicates whether derived keys are required.</summary>
* /// <param name="requireDerivedKeys">true to indicate that derived keys are required; otherwise, false.</param>
* public override void SetKeyDerivation(bool requireDerivedKeys)
* {
* base.SetKeyDerivation(requireDerivedKeys);
* if (this.protectionTokenParameters == null)
* return;
* this.protectionTokenParameters.RequireDerivedKeys = requireDerivedKeys;
* }
*
* internal override bool IsSetKeyDerivation(bool requireDerivedKeys)
* {
* return base.IsSetKeyDerivation(requireDerivedKeys) && (this.protectionTokenParameters == null || this.protectionTokenParameters.RequireDerivedKeys == requireDerivedKeys);
* }*/
// Nothing to override
internal override SecurityProtocolFactory CreateSecurityProtocolFactory <TChannel>(BindingContext context, SecurityCredentialsManager credentialsManager, bool isForService, BindingContext issuerBindingContext)
{
if (context == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
}
if (credentialsManager == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("credentialsManager");
}
if (this.ProtectionTokenParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError((Exception) new InvalidOperationException(SR.GetString("SymmetricSecurityBindingElementNeedsProtectionTokenParameters", new object[1] {
(object)this.ToString()
})));
}
#if FEATURE_CORECLR
throw new NotImplementedException("SymmetricSecurityProtocolFactory not supported in .NET Core");
#else
SymmetricSecurityProtocolFactory securityProtocolFactory = new SymmetricSecurityProtocolFactory();
if (isForService)
{
this.ApplyAuditBehaviorSettings(context, (SecurityProtocolFactory)securityProtocolFactory);
}
securityProtocolFactory.SecurityTokenParameters = this.ProtectionTokenParameters.Clone();
SecurityBindingElement.SetIssuerBindingContextIfRequired(securityProtocolFactory.SecurityTokenParameters, issuerBindingContext);
securityProtocolFactory.ApplyConfidentiality = true;
securityProtocolFactory.RequireConfidentiality = true;
securityProtocolFactory.ApplyIntegrity = true;
securityProtocolFactory.RequireIntegrity = true;
securityProtocolFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
securityProtocolFactory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
securityProtocolFactory.MessageProtectionOrder = this.MessageProtectionOrder;
securityProtocolFactory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements((SecurityBindingElement)this, context.BindingParameters, context.Binding.Elements, isForService));
this.ConfigureProtocolFactory((SecurityProtocolFactory)securityProtocolFactory, credentialsManager, isForService, issuerBindingContext, (Binding)context.Binding);
return((SecurityProtocolFactory)securityProtocolFactory);
#endif
}
internal override SecurityProtocolFactory CreateSecurityProtocolFactory <TChannel>(BindingContext context, SecurityCredentialsManager credentialsManager, bool isForService, BindingContext issuerBindingContext)
{
if (context == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
}
if (credentialsManager == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("credentialsManager");
}
if (this.InitiatorTokenParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("AsymmetricSecurityBindingElementNeedsInitiatorTokenParameters", new object[] { this.ToString() })));
}
if (this.RecipientTokenParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("AsymmetricSecurityBindingElementNeedsRecipientTokenParameters", new object[] { this.ToString() })));
}
bool flag = !this.isCertificateSignatureBinding && ((typeof(IDuplexChannel) == typeof(TChannel)) || (typeof(IDuplexSessionChannel) == typeof(TChannel)));
AsymmetricSecurityProtocolFactory factory = new AsymmetricSecurityProtocolFactory();
factory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, isForService));
factory.RequireConfidentiality = this.HasProtectionRequirements(factory.ProtectionRequirements.IncomingEncryptionParts);
factory.RequireIntegrity = this.HasProtectionRequirements(factory.ProtectionRequirements.IncomingSignatureParts);
if (this.isCertificateSignatureBinding)
{
if (isForService)
{
factory.ApplyIntegrity = factory.ApplyConfidentiality = false;
}
else
{
factory.ApplyConfidentiality = factory.RequireIntegrity = false;
}
}
else
{
factory.ApplyIntegrity = this.HasProtectionRequirements(factory.ProtectionRequirements.OutgoingSignatureParts);
factory.ApplyConfidentiality = this.HasProtectionRequirements(factory.ProtectionRequirements.OutgoingEncryptionParts);
}
if (isForService)
{
base.ApplyAuditBehaviorSettings(context, factory);
if (factory.RequireConfidentiality || (!this.isCertificateSignatureBinding && factory.ApplyIntegrity))
{
factory.AsymmetricTokenParameters = this.RecipientTokenParameters.Clone();
}
else
{
factory.AsymmetricTokenParameters = null;
}
factory.CryptoTokenParameters = this.InitiatorTokenParameters.Clone();
SecurityBindingElement.SetIssuerBindingContextIfRequired(factory.CryptoTokenParameters, issuerBindingContext);
}
else
{
if (factory.ApplyConfidentiality || (!this.isCertificateSignatureBinding && factory.RequireIntegrity))
{
factory.AsymmetricTokenParameters = this.RecipientTokenParameters.Clone();
}
else
{
factory.AsymmetricTokenParameters = null;
}
factory.CryptoTokenParameters = this.InitiatorTokenParameters.Clone();
SecurityBindingElement.SetIssuerBindingContextIfRequired(factory.CryptoTokenParameters, issuerBindingContext);
}
if (flag)
{
if (isForService)
{
factory.ApplyConfidentiality = factory.ApplyIntegrity = false;
}
else
{
factory.RequireIntegrity = factory.RequireConfidentiality = false;
}
}
else if (!isForService)
{
factory.AllowSerializedSigningTokenOnReply = this.AllowSerializedSigningTokenOnReply;
}
factory.IdentityVerifier = base.LocalClientSettings.IdentityVerifier;
factory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
factory.MessageProtectionOrder = this.MessageProtectionOrder;
base.ConfigureProtocolFactory(factory, credentialsManager, isForService, issuerBindingContext, context.Binding);
if (!factory.RequireIntegrity)
{
factory.DetectReplays = false;
}
if (!flag)
{
return(factory);
}
AsymmetricSecurityProtocolFactory factory3 = new AsymmetricSecurityProtocolFactory();
if (isForService)
{
factory3.AsymmetricTokenParameters = this.InitiatorTokenParameters.Clone();
factory3.AsymmetricTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External;
factory3.AsymmetricTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never;
factory3.CryptoTokenParameters = this.RecipientTokenParameters.Clone();
factory3.CryptoTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
factory3.CryptoTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
factory3.IdentityVerifier = null;
}
else
{
factory3.AsymmetricTokenParameters = this.InitiatorTokenParameters.Clone();
factory3.AsymmetricTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External;
factory3.AsymmetricTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never;
factory3.CryptoTokenParameters = this.RecipientTokenParameters.Clone();
factory3.CryptoTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
factory3.CryptoTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
factory3.IdentityVerifier = base.LocalClientSettings.IdentityVerifier;
}
factory3.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
factory3.MessageProtectionOrder = this.MessageProtectionOrder;
factory3.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, isForService));
if (isForService)
{
factory3.ApplyConfidentiality = this.HasProtectionRequirements(factory3.ProtectionRequirements.OutgoingEncryptionParts);
factory3.ApplyIntegrity = true;
factory3.RequireIntegrity = factory3.RequireConfidentiality = false;
}
else
{
factory3.RequireConfidentiality = this.HasProtectionRequirements(factory3.ProtectionRequirements.IncomingEncryptionParts);
factory3.RequireIntegrity = true;
factory3.ApplyIntegrity = factory3.ApplyConfidentiality = false;
}
base.ConfigureProtocolFactory(factory3, credentialsManager, !isForService, issuerBindingContext, context.Binding);
if (!factory3.RequireIntegrity)
{
factory3.DetectReplays = false;
}
factory3.IsDuplexReply = true;
return(new DuplexSecurityProtocolFactory {
ForwardProtocolFactory = factory, ReverseProtocolFactory = factory3
});
}
