protected SecurityTokenParameters(SecurityTokenParameters other) { if (other == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("other"); _requireDerivedKeys = other._requireDerivedKeys; }
public SupportingTokenSpecification(SecurityToken token, ReadOnlyCollection<IAuthorizationPolicy> tokenPolicies, SecurityTokenAttachmentMode attachmentMode, SecurityTokenParameters tokenParameters) : base(token, tokenPolicies) { SecurityTokenAttachmentModeHelper.Validate(attachmentMode); _tokenAttachmentMode = attachmentMode; _tokenParameters = tokenParameters; }
protected SecurityTokenParameters (SecurityTokenParameters other) { inclusion_mode = other.inclusion_mode; reference_style = other.reference_style; require_derived_keys = other.require_derived_keys; issuer_binding_context = other.issuer_binding_context != null ? other.issuer_binding_context.Clone () : null; }
protected override void InitializeNestedTokenParameterSettings(SecurityTokenParameters sp, bool initializeNestedBindings) { if (sp is SecureConversationSecurityTokenParameters) this.InitializeSecureConversationParameters((SecureConversationSecurityTokenParameters)sp, initializeNestedBindings); else base.InitializeNestedTokenParameterSettings(sp, initializeNestedBindings); }
public override void OnOpen(TimeSpan timeout) { TimeoutHelper helper = new TimeoutHelper(timeout); base.OnOpen(helper.RemainingTime()); if (this.tokenParameters == null) { base.OnPropertySettingsError("SecurityTokenParameters", true); } if (!base.ActAsInitiator) { SecurityTokenRequirement tokenRequirement = this.CreateRecipientTokenRequirement(); SecurityTokenResolver outOfBandTokenResolver = null; if (this.SecurityTokenParameters.HasAsymmetricKey) { this.recipientAsymmetricTokenProvider = base.SecurityTokenManager.CreateSecurityTokenProvider(tokenRequirement); } else { this.recipientSymmetricTokenAuthenticator = base.SecurityTokenManager.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver); } if ((this.RecipientSymmetricTokenAuthenticator != null) && (this.RecipientAsymmetricTokenProvider != null)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentException(System.ServiceModel.SR.GetString("OnlyOneOfEncryptedKeyOrSymmetricBindingCanBeSelected"))); } if (outOfBandTokenResolver != null) { Collection <SecurityTokenResolver> list = new Collection <SecurityTokenResolver> { outOfBandTokenResolver }; this.recipientOutOfBandTokenResolverList = new ReadOnlyCollection <SecurityTokenResolver>(list); } else { this.recipientOutOfBandTokenResolverList = EmptyReadOnlyCollection <SecurityTokenResolver> .Instance; } if (this.RecipientAsymmetricTokenProvider != null) { base.Open("RecipientAsymmetricTokenProvider", true, this.RecipientAsymmetricTokenProvider, helper.RemainingTime()); } else { base.Open("RecipientSymmetricTokenAuthenticator", true, this.RecipientSymmetricTokenAuthenticator, helper.RemainingTime()); } } if (this.tokenParameters.RequireDerivedKeys) { base.ExpectKeyDerivation = true; } if (this.tokenParameters.HasAsymmetricKey) { this.protectionTokenParameters = new WrappedKeySecurityTokenParameters(); this.protectionTokenParameters.RequireDerivedKeys = this.SecurityTokenParameters.RequireDerivedKeys; } else { this.protectionTokenParameters = this.tokenParameters; } }
public void Add(SecurityToken token, SecurityTokenReferenceStyle allowedReferenceStyle, SecurityTokenParameters tokenParameters) { if (token == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token"); } if ((allowedReferenceStyle == SecurityTokenReferenceStyle.External) && (tokenParameters == null)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("ResolvingExternalTokensRequireSecurityTokenParameters")); } this.EnsureCapacityToAddToken(); this.tokens[this.tokenCount++] = new SecurityTokenEntry(token, tokenParameters, allowedReferenceStyle); }
private WrappedKeySecurityToken CreateWrappedKeyToken(SecurityToken wrappingToken, SecurityTokenParameters wrappingTokenParameters, SecurityTokenReferenceStyle wrappingTokenReferenceStyle) { int keyLength = Math.Max(0x80, this.Factory.OutgoingAlgorithmSuite.DefaultSymmetricKeyLength); CryptoHelper.ValidateSymmetricKeyLength(keyLength, this.Factory.OutgoingAlgorithmSuite); byte[] buffer = new byte[keyLength / 8]; CryptoHelper.FillRandomBytes(buffer); string id = System.ServiceModel.Security.SecurityUtils.GenerateId(); string defaultAsymmetricKeyWrapAlgorithm = this.Factory.OutgoingAlgorithmSuite.DefaultAsymmetricKeyWrapAlgorithm; SecurityKeyIdentifierClause clause = wrappingTokenParameters.CreateKeyIdentifierClause(wrappingToken, wrappingTokenReferenceStyle); SecurityKeyIdentifier wrappingTokenReference = new SecurityKeyIdentifier(); wrappingTokenReference.Add(clause); return new WrappedKeySecurityToken(id, buffer, defaultAsymmetricKeyWrapAlgorithm, wrappingToken, wrappingTokenReference); }
public static void AssertSecurityTokenParameters ( SecurityTokenInclusionMode protectionTokenInclusionMode, SecurityTokenReferenceStyle protectionTokenReferenceStyle, bool protectionTokenRequireDerivedKeys, SecurityTokenParameters tp, string label) { Assert.IsNotNull (tp, label + " IsNotNull"); Assert.AreEqual (protectionTokenInclusionMode, tp.InclusionMode, label + ".InclusionMode"); Assert.AreEqual (protectionTokenReferenceStyle, tp.ReferenceStyle, label + ".ReferenceStyle"); Assert.AreEqual (protectionTokenRequireDerivedKeys, tp.RequireDerivedKeys, label + ".RequireDerivedKeys"); }
public SupportingTokenProviderSpecification(SecurityTokenProvider tokenProvider, SecurityTokenAttachmentMode attachmentMode, SecurityTokenParameters tokenParameters) { if (tokenProvider == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenProvider"); } SecurityTokenAttachmentModeHelper.Validate(attachmentMode); if (tokenParameters == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenParameters"); } _tokenProvider = tokenProvider; _tokenAttachmentMode = attachmentMode; _tokenParameters = tokenParameters; }
private void GetTokensForOutgoingMessages(out SecurityToken signingToken, out SecurityToken encryptionToken, out SecurityTokenParameters tokenParameters) { lock (this.ThisLock) { if (this.requireDerivedKeys) { signingToken = this.derivedSignatureToken; encryptionToken = this.derivedEncryptionToken; } else { signingToken = encryptionToken = this.outgoingSessionToken; } } tokenParameters = this.Factory.GetTokenParameters(); }
void CheckForCookie(SecurityTokenParameters tokenParameters, ServiceEndpoint endpoint) { bool cookie = false; SecureConversationSecurityTokenParameters sc = tokenParameters as SecureConversationSecurityTokenParameters; if (sc != null && sc.RequireCancellation == false) cookie = true; SspiSecurityTokenParameters sspi = tokenParameters as SspiSecurityTokenParameters; if (sspi != null && sspi.RequireCancellation == false) cookie = true; SspiSecurityTokenParameters ssl = tokenParameters as SspiSecurityTokenParameters; if (ssl != null && ssl.RequireCancellation == false) cookie = true; if (cookie) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.RequireNonCookieMode, endpoint.Binding.Name, endpoint.Binding.Namespace))); }
internal SupportingTokenAuthenticatorSpecification(SecurityTokenAuthenticator tokenAuthenticator, SecurityTokenResolver securityTokenResolver, System.ServiceModel.Security.SecurityTokenAttachmentMode attachmentMode, SecurityTokenParameters tokenParameters, bool isTokenOptional) { if (tokenAuthenticator == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenAuthenticator"); } SecurityTokenAttachmentModeHelper.Validate(attachmentMode); if (tokenParameters == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenParameters"); } this.tokenAuthenticator = tokenAuthenticator; this.tokenResolver = securityTokenResolver; this.tokenAttachmentMode = attachmentMode; this.tokenParameters = tokenParameters; this.isTokenOptional = isTokenOptional; }
public void AddEndorsingSupportingToken(SecurityToken token, SecurityTokenParameters parameters) { if (token == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token"); } if (parameters == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("parameters"); } base.ThrowIfProcessingStarted(); this.elementContainer.AddEndorsingSupportingToken(token); if (!(token is ProviderBackedSecurityToken)) { this.shouldSignToHeader |= !base.RequireMessageProtection && (System.ServiceModel.Security.SecurityUtils.GetSecurityKey<AsymmetricSecurityKey>(token) != null); } this.AddParameters(ref this.endorsingTokenParameters, parameters); }
public void AddBasicSupportingToken(SecurityToken token, SecurityTokenParameters parameters) { if (token == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token"); } if (parameters == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("parameters"); } base.ThrowIfProcessingStarted(); SendSecurityHeaderElement tokenElement = new SendSecurityHeaderElement(token.Id, new TokenElement(token, base.StandardsManager)) { MarkedForEncryption = true }; this.elementContainer.AddBasicSupportingToken(tokenElement); this.hasEncryptedTokens = true; this.hasSignedTokens = true; this.AddParameters(ref this.basicSupportingTokenParameters, parameters); }
public virtual XmlElement CreateTokenAssertion(MetadataExporter exporter, SecurityTokenParameters parameters, bool isOptional) { if (parameters == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("parameters"); } XmlElement result; if (parameters is KerberosSecurityTokenParameters) { result = CreateWsspKerberosTokenAssertion(exporter, (KerberosSecurityTokenParameters)parameters); } else if (parameters is X509SecurityTokenParameters) { result = CreateWsspX509TokenAssertion(exporter, (X509SecurityTokenParameters)parameters); } else if (parameters is UserNameSecurityTokenParameters) { result = CreateWsspUsernameTokenAssertion(exporter, (UserNameSecurityTokenParameters)parameters); } else if (parameters is IssuedSecurityTokenParameters) { result = CreateWsspIssuedTokenAssertion(exporter, (IssuedSecurityTokenParameters)parameters); } else if (parameters is SspiSecurityTokenParameters) { result = CreateWsspSpnegoContextTokenAssertion(exporter, (SspiSecurityTokenParameters)parameters); } else if (parameters is SslSecurityTokenParameters) { result = CreateMsspSslContextTokenAssertion(exporter, (SslSecurityTokenParameters)parameters); } else if (parameters is SecureConversationSecurityTokenParameters) { result = CreateWsspSecureConversationTokenAssertion(exporter, (SecureConversationSecurityTokenParameters)parameters); } else if (parameters is RsaSecurityTokenParameters) { result = CreateWsspRsaTokenAssertion((RsaSecurityTokenParameters)parameters); } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("parameters")); } if (result != null && isOptional) { result.SetAttribute(OptionalName, exporter.PolicyVersion.Namespace, TrueName); } return result; }
public virtual XmlElement CreateTokenAssertion(MetadataExporter exporter, SecurityTokenParameters parameters) { return CreateTokenAssertion(exporter, parameters, false); }
public virtual XmlElement CreateWsspRecipientTokenAssertion(MetadataExporter exporter, SecurityTokenParameters parameters) { XmlElement result = CreateWsspAssertion(RecipientTokenName); result.AppendChild( CreateWspPolicyWrapper( exporter, CreateTokenAssertion(exporter, parameters) )); return result; }
public virtual bool TryImportWsspIssuedTokenAssertion(MetadataImporter importer, PolicyConversionContext policyContext, XmlElement assertion, out SecurityTokenParameters parameters) { parameters = null; SecurityTokenInclusionMode inclusionMode; Collection<Collection<XmlElement>> alternatives; EndpointAddress issuer; EndpointAddress issuerMetadata; Collection<XmlElement> requestSecurityTokenTemplate; if (IsWsspAssertion(assertion, IssuedTokenName) && TryGetIncludeTokenValue(assertion, out inclusionMode) && TryGetIssuer(assertion, out issuer, out issuerMetadata) && TryGetRequestSecurityTokenTemplate(assertion, out requestSecurityTokenTemplate)) { if (TryGetNestedPolicyAlternatives(importer, assertion, out alternatives)) { foreach (Collection<XmlElement> alternative in alternatives) { IssuedSecurityTokenParameters issued = new IssuedSecurityTokenParameters(); parameters = issued; if (TryImportWsspRequireDerivedKeysAssertion(alternative, issued) && TryImportReferenceStyleAssertion(alternative, issued) && alternative.Count == 0) { issued.InclusionMode = inclusionMode; issued.IssuerAddress = issuer; issued.IssuerMetadataAddress = issuerMetadata; issued.SetRequestParameters(requestSecurityTokenTemplate, this.TrustDriver); TokenIssuerPolicyResolver policyResolver = new TokenIssuerPolicyResolver(this.TrustDriver); policyResolver.ResolveTokenIssuerPolicy(importer, policyContext, issued); break; } else { parameters = null; } } } else { IssuedSecurityTokenParameters issued = new IssuedSecurityTokenParameters(); parameters = issued; issued.InclusionMode = inclusionMode; issued.IssuerAddress = issuer; issued.IssuerMetadataAddress = issuerMetadata; issued.SetRequestParameters(requestSecurityTokenTemplate, this.TrustDriver); issued.RequireDerivedKeys = false; } } return parameters != null; }
public virtual bool TryImportWsspUsernameTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters) { parameters = null; SecurityTokenInclusionMode inclusionMode; Collection<Collection<XmlElement>> alternatives; if (IsWsspAssertion(assertion, UsernameTokenName) && TryGetIncludeTokenValue(assertion, out inclusionMode)) { if (TryGetNestedPolicyAlternatives(importer, assertion, out alternatives)) { foreach (Collection<XmlElement> alternative in alternatives) { if (TryImportWsspAssertion(alternative, WssUsernameToken10Name) && alternative.Count == 0) { parameters = new UserNameSecurityTokenParameters(); parameters.InclusionMode = inclusionMode; break; } } } else { parameters = new UserNameSecurityTokenParameters(); parameters.InclusionMode = inclusionMode; } } return parameters != null; }
public virtual bool TryImportWsspKerberosTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters) { parameters = null; SecurityTokenInclusionMode inclusionMode; Collection<Collection<XmlElement>> alternatives; if (IsWsspAssertion(assertion, KerberosTokenName) && TryGetIncludeTokenValue(assertion, out inclusionMode)) { if (TryGetNestedPolicyAlternatives(importer, assertion, out alternatives)) { foreach (Collection<XmlElement> alternative in alternatives) { parameters = new KerberosSecurityTokenParameters(); if (TryImportWsspRequireDerivedKeysAssertion(alternative, parameters) && TryImportWsspAssertion(alternative, WssGssKerberosV5ApReqToken11Name, true) && alternative.Count == 0) { parameters.InclusionMode = inclusionMode; break; } else { parameters = null; } } } else { parameters = new KerberosSecurityTokenParameters(); parameters.RequireDerivedKeys = false; parameters.InclusionMode = inclusionMode; } } return parameters != null; }
public virtual bool TryImportWsspSecureConversationTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters) { parameters = null; SecurityTokenInclusionMode inclusionMode; Collection<Collection<XmlElement>> alternatives; if (IsWsspAssertion(assertion, SecureConversationTokenName) && TryGetIncludeTokenValue(assertion, out inclusionMode)) { if (TryGetNestedPolicyAlternatives(importer, assertion, out alternatives)) { foreach (Collection<XmlElement> alternative in alternatives) { SecureConversationSecurityTokenParameters sc = new SecureConversationSecurityTokenParameters(); parameters = sc; bool requireCancellation; if (TryImportWsspRequireDerivedKeysAssertion(alternative, sc) && TryImportWsspMustNotSendCancelAssertion(alternative, out requireCancellation) && TryImportWsspBootstrapPolicyAssertion(importer, alternative, sc) && alternative.Count == 0) { sc.RequireCancellation = requireCancellation; sc.InclusionMode = inclusionMode; break; } else { parameters = null; } } } else { parameters = new SecureConversationSecurityTokenParameters(); parameters.InclusionMode = inclusionMode; parameters.RequireDerivedKeys = false; } } return parameters != null; }
private SecurityToken GetInitiatorToken(SecurityToken providerToken, Message message, TimeSpan timeout, out SecurityTokenParameters tokenParameters, out SecurityToken prerequisiteWrappingToken) { SecurityToken token; tokenParameters = null; prerequisiteWrappingToken = null; if (this.Factory.SecurityTokenParameters.HasAsymmetricKey) { SecurityToken wrappingToken = providerToken; bool flag = SendSecurityHeader.ShouldSerializeToken(this.Factory.SecurityTokenParameters, MessageDirection.Input); if (flag) { prerequisiteWrappingToken = wrappingToken; } token = this.CreateWrappedKeyToken(wrappingToken, this.Factory.SecurityTokenParameters, flag ? SecurityTokenReferenceStyle.Internal : SecurityTokenReferenceStyle.External); } else { token = providerToken; } tokenParameters = this.Factory.GetProtectionTokenParameters(); return token; }
public SupportingTokenSpecification(SecurityToken token, ReadOnlyCollection <IAuthorizationPolicy> tokenPolicies, System.ServiceModel.Security.SecurityTokenAttachmentMode attachmentMode, System.ServiceModel.Security.Tokens.SecurityTokenParameters tokenParameters) : base(token, tokenPolicies) { SecurityTokenAttachmentModeHelper.Validate(attachmentMode); this.tokenAttachmentMode = attachmentMode; this.tokenParameters = tokenParameters; }
public virtual bool TryImportTokenAssertion(MetadataImporter importer, PolicyConversionContext policyContext, Collection<XmlElement> assertions, out SecurityTokenParameters parameters, out bool isOptional) { parameters = null; isOptional = false; if (assertions.Count >= 1) { XmlElement tokenAssertion = assertions[0]; if (TryImportWsspKerberosTokenAssertion(importer, tokenAssertion, out parameters) || TryImportWsspX509TokenAssertion(importer, tokenAssertion, out parameters) || TryImportWsspUsernameTokenAssertion(importer, tokenAssertion, out parameters) || TryImportWsspIssuedTokenAssertion(importer, policyContext, tokenAssertion, out parameters) || TryImportWsspSpnegoContextTokenAssertion(importer, tokenAssertion, out parameters) || TryImportMsspSslContextTokenAssertion(importer, tokenAssertion, out parameters) || TryImportWsspSecureConversationTokenAssertion(importer, tokenAssertion, out parameters) || TryImportWsspRsaTokenAssertion(importer, tokenAssertion, out parameters)) { string optionalAttribute = tokenAssertion.GetAttribute(OptionalName, WspNamespace); if (String.IsNullOrEmpty(optionalAttribute)) { optionalAttribute = tokenAssertion.GetAttribute(OptionalName, Wsp15Namespace); } try { isOptional = XmlUtil.IsTrue(optionalAttribute); } catch ( Exception e ) { if (Fx.IsFatal(e)) throw; if (e is NullReferenceException) throw; importer.Errors.Add(new MetadataConversionError(SR.GetString(SR.UnsupportedBooleanAttribute, OptionalName, e.Message), false)); return false; } assertions.RemoveAt(0); } } return (parameters != null); }
public virtual bool TryImportWsspRequireDerivedKeysAssertion(ICollection<XmlElement> assertions, SecurityTokenParameters parameters) { parameters.RequireDerivedKeys = TryImportWsspAssertion(assertions, RequireDerivedKeysName); return true; }
protected SecurityTokenParameters(SecurityTokenParameters other) { }
public virtual bool TryImportWsspX509TokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters) { parameters = null; SecurityTokenInclusionMode inclusionMode; Collection<Collection<XmlElement>> alternatives; if (IsWsspAssertion(assertion, X509TokenName) && TryGetIncludeTokenValue(assertion, out inclusionMode)) { if (TryGetNestedPolicyAlternatives(importer, assertion, out alternatives)) { foreach (Collection<XmlElement> alternative in alternatives) { X509SecurityTokenParameters x509 = new X509SecurityTokenParameters(); parameters = x509; if (TryImportWsspRequireDerivedKeysAssertion(alternative, x509) && TryImportX509ReferenceStyleAssertion(alternative, x509) && TryImportWsspAssertion(alternative, WssX509V3Token10Name, true) && alternative.Count == 0) { parameters.InclusionMode = inclusionMode; break; } else { parameters = null; } } } else { parameters = new X509SecurityTokenParameters(); parameters.RequireDerivedKeys = false; parameters.InclusionMode = inclusionMode; } } return parameters != null; }
protected override void WriteSecurityTokenReferencyEntry(XmlDictionaryWriter writer, SecurityToken securityToken, SecurityTokenParameters securityTokenParameters) { SecurityKeyIdentifierClause keyIdentifierClause = null; // Given a token this method writes its corresponding security token reference entry in the security header // 1. If the token parameters is an issuedSecurityTokenParamter // 2. If UseStrTransform is enabled on it. IssuedSecurityTokenParameters issuedSecurityTokenParameters = securityTokenParameters as IssuedSecurityTokenParameters; if (issuedSecurityTokenParameters == null || !issuedSecurityTokenParameters.UseStrTransform) return; if (this.ElementContainer.TryGetIdentifierClauseFromSecurityToken(securityToken, out keyIdentifierClause)) { if (keyIdentifierClause != null && !String.IsNullOrEmpty(keyIdentifierClause.Id)) { WrappedXmlDictionaryWriter wrappedLocalWriter = new WrappedXmlDictionaryWriter(writer, keyIdentifierClause.Id); this.StandardsManager.SecurityTokenSerializer.WriteKeyIdentifierClause(wrappedLocalWriter, keyIdentifierClause); } else throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.TokenManagerCannotCreateTokenReference)), this.Message); } }
public virtual bool TryImportWsspRsaTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters) { parameters = null; SecurityTokenInclusionMode inclusionMode; Collection<Collection<XmlElement>> alternatives; if (IsMsspAssertion(assertion, RsaTokenName) && TryGetIncludeTokenValue(assertion, out inclusionMode) && TryGetNestedPolicyAlternatives(importer, assertion, out alternatives) == false) { parameters = new RsaSecurityTokenParameters(); parameters.InclusionMode = inclusionMode; } return parameters != null; }
void AddPrimaryTokenSignatureReference(SecurityToken token, SecurityTokenParameters securityTokenParameters) { // Currently we only support signing the primary token if the primary token is an issued token and protectTokens knob is set to true. // We will get rid of the below check when we support all token types. IssuedSecurityTokenParameters istp = securityTokenParameters as IssuedSecurityTokenParameters; if (istp == null) { return; } bool strTransformEnabled = istp != null && istp.UseStrTransform; SecurityKeyIdentifierClause keyIdentifierClause = null; // Only if the primary token is included in the message that we sign it because WCF at present does not resolve externally referenced tokens. // This means in the server's response if (ShouldSerializeToken(securityTokenParameters, this.MessageDirection)) { if (strTransformEnabled) { keyIdentifierClause = securityTokenParameters.CreateKeyIdentifierClause(token, GetTokenReferenceStyle(securityTokenParameters)); } AddTokenSignatureReference(token, keyIdentifierClause, strTransformEnabled); } }
public virtual bool TryImportMsspSslContextTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters) { parameters = null; SecurityTokenInclusionMode inclusionMode; Collection<Collection<XmlElement>> alternatives; if (IsMsspAssertion(assertion, SslContextTokenName) && TryGetIncludeTokenValue(assertion, out inclusionMode)) { if (TryGetNestedPolicyAlternatives(importer, assertion, out alternatives)) { foreach (Collection<XmlElement> alternative in alternatives) { SslSecurityTokenParameters ssl = new SslSecurityTokenParameters(); parameters = ssl; bool requireCancellation; if (TryImportWsspRequireDerivedKeysAssertion(alternative, ssl) && TryImportWsspMustNotSendCancelAssertion(alternative, out requireCancellation) && TryImportMsspRequireClientCertificateAssertion(alternative, ssl) && alternative.Count == 0) { ssl.RequireCancellation = requireCancellation; ssl.InclusionMode = inclusionMode; break; } else { parameters = null; } } } else { parameters = new SslSecurityTokenParameters(); parameters.RequireDerivedKeys = false; parameters.InclusionMode = inclusionMode; } } return parameters != null; }
public virtual XmlElement CreateWsspProtectionTokenAssertion(MetadataExporter exporter, SecurityTokenParameters parameters) { XmlElement result = CreateWsspAssertion(ProtectionTokenName); result.AppendChild( CreateWspPolicyWrapper( exporter, CreateTokenAssertion(exporter, parameters) )); _protectionTokenHasAsymmetricKey = parameters.HasAsymmetricKey; return result; }
void SetUpDelayedSecurityExecution(ref Message message, SecurityToken signingToken, SecurityToken encryptionToken, SecurityTokenParameters tokenParameters, SecurityProtocolCorrelationState correlationState) { string actor = string.Empty; SendSecurityHeader securityHeader = ConfigureSendSecurityHeader(message, actor, null, correlationState); if (this.Factory.ApplyIntegrity) { securityHeader.SetSigningToken(signingToken, tokenParameters); } if (Factory.ApplyConfidentiality) { securityHeader.SetEncryptionToken(encryptionToken, tokenParameters); } message = securityHeader.SetupExecution(); }
protected SecurityTokenParameters(SecurityTokenParameters source) { }