void SetUpDelayedSecurityExecution(ref Message message, SecurityToken encryptingToken, SecurityToken signingToken, IList <SupportingTokenSpecification> supportingTokens, SecurityProtocolCorrelationState correlationState) { AsymmetricSecurityProtocolFactory factory = this.Factory; string actor = string.Empty; SendSecurityHeader securityHeader = ConfigureSendSecurityHeader(message, actor, supportingTokens, correlationState); SecurityTokenParameters signingTokenParameters = (this.Factory.ActAsInitiator) ? this.Factory.CryptoTokenParameters : this.Factory.AsymmetricTokenParameters; SecurityTokenParameters encryptionTokenParameters = (this.Factory.ActAsInitiator) ? this.Factory.AsymmetricTokenParameters : this.Factory.CryptoTokenParameters; if (this.Factory.ApplyIntegrity || securityHeader.HasSignedTokens) { if (!this.Factory.ApplyIntegrity) { securityHeader.SignatureParts = MessagePartSpecification.NoParts; } securityHeader.SetSigningToken(signingToken, signingTokenParameters); } if (Factory.ApplyConfidentiality || securityHeader.HasEncryptedTokens) { if (!this.Factory.ApplyConfidentiality) { securityHeader.EncryptionParts = MessagePartSpecification.NoParts; } securityHeader.SetEncryptionToken(encryptingToken, encryptionTokenParameters); } message = securityHeader.SetupExecution(); }
protected override IAsyncResult BeginSecureOutgoingMessageCore(Message message, TimeSpan timeout, SecurityProtocolCorrelationState correlationState, AsyncCallback callback, object state) { SecurityToken encryptingToken; SecurityToken signingToken; SecurityProtocolCorrelationState newCorrelationState; IList <SupportingTokenSpecification> supportingTokens; TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); if (TryGetTokenSynchronouslyForOutgoingSecurity(message, correlationState, false, timeoutHelper.RemainingTime(), out encryptingToken, out signingToken, out supportingTokens, out newCorrelationState)) { SetUpDelayedSecurityExecution(ref message, encryptingToken, signingToken, supportingTokens, GetSignatureConfirmationCorrelationState(correlationState, newCorrelationState)); return(new CompletedAsyncResult <Message, SecurityProtocolCorrelationState>(message, newCorrelationState, callback, state)); } else { if (this.Factory.ActAsInitiator == false) { Fx.Assert("Unexpected code path for server security application"); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SendingOutgoingmessageOnRecipient))); } AsymmetricSecurityProtocolFactory factory = this.Factory; SecurityTokenProvider encProvider = factory.ApplyConfidentiality ? this.initiatorAsymmetricTokenProvider : null; SecurityTokenProvider sigProvider = factory.ApplyIntegrity ? this.initiatorCryptoTokenProvider : null; return(new SecureOutgoingMessageAsyncResult(message, this, encProvider, sigProvider, factory.ApplyConfidentiality, this.initiatorAsymmetricTokenAuthenticator, correlationState, timeoutHelper.RemainingTime(), callback, state)); } }
bool TryGetTokenSynchronouslyForOutgoingSecurity(Message message, SecurityProtocolCorrelationState correlationState, bool isBlockingCall, TimeSpan timeout, out SecurityToken encryptingToken, out SecurityToken signingToken, out IList <SupportingTokenSpecification> supportingTokens, out SecurityProtocolCorrelationState newCorrelationState) { AsymmetricSecurityProtocolFactory factory = this.Factory; encryptingToken = null; signingToken = null; newCorrelationState = null; supportingTokens = null; TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); if (factory.ActAsInitiator) { if (!isBlockingCall || !TryGetSupportingTokens(this.Factory, this.Target, this.Via, message, timeoutHelper.RemainingTime(), isBlockingCall, out supportingTokens)) { return(false); } if (factory.ApplyConfidentiality) { encryptingToken = GetTokenAndEnsureOutgoingIdentity(this.initiatorAsymmetricTokenProvider, true, timeoutHelper.RemainingTime(), this.initiatorAsymmetricTokenAuthenticator); } if (factory.ApplyIntegrity) { signingToken = GetToken(this.initiatorCryptoTokenProvider, this.Target, timeoutHelper.RemainingTime()); newCorrelationState = GetCorrelationState(signingToken); } } else { if (factory.ApplyConfidentiality) { encryptingToken = GetCorrelationToken(correlationState); } if (factory.ApplyIntegrity) { signingToken = GetToken(factory.RecipientAsymmetricTokenProvider, null, timeoutHelper.RemainingTime()); } } return(true); }
protected override IAsyncResult BeginSecureOutgoingMessageCore(Message message, TimeSpan timeout, SecurityProtocolCorrelationState correlationState, AsyncCallback callback, object state) { SecurityToken token; SecurityToken token2; SecurityProtocolCorrelationState state2; IList <SupportingTokenSpecification> list; TimeoutHelper helper = new TimeoutHelper(timeout); if (this.TryGetTokenSynchronouslyForOutgoingSecurity(message, correlationState, false, helper.RemainingTime(), out token, out token2, out list, out state2)) { this.SetUpDelayedSecurityExecution(ref message, token, token2, list, base.GetSignatureConfirmationCorrelationState(correlationState, state2)); return(new CompletedAsyncResult <Message, SecurityProtocolCorrelationState>(message, state2, callback, state)); } if (!this.Factory.ActAsInitiator) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("SendingOutgoingmessageOnRecipient"))); } AsymmetricSecurityProtocolFactory factory = this.Factory; SecurityTokenProvider primaryProvider = factory.ApplyConfidentiality ? this.initiatorAsymmetricTokenProvider : null; return(new SecureOutgoingMessageAsyncResult(message, this, primaryProvider, factory.ApplyIntegrity ? this.initiatorCryptoTokenProvider : null, factory.ApplyConfidentiality, this.initiatorAsymmetricTokenAuthenticator, correlationState, helper.RemainingTime(), callback, state)); }
internal AsymmetricSecurityProtocolFactory(AsymmetricSecurityProtocolFactory factory) : base(factory) { this.allowSerializedSigningTokenOnReply = factory.allowSerializedSigningTokenOnReply; }
protected override SecurityProtocolCorrelationState VerifyIncomingMessageCore(ref Message message, string actor, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates) { AsymmetricSecurityProtocolFactory factory = this.Factory; IList <SupportingTokenAuthenticatorSpecification> supportingAuthenticators; TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); ReceiveSecurityHeader securityHeader = ConfigureReceiveSecurityHeader(message, string.Empty, correlationStates, out supportingAuthenticators); SecurityToken requiredReplySigningToken = null; if (factory.ActAsInitiator) { SecurityToken encryptionToken = null; SecurityToken receiverToken = null; if (factory.RequireIntegrity) { receiverToken = GetToken(this.initiatorAsymmetricTokenProvider, null, timeoutHelper.RemainingTime()); requiredReplySigningToken = receiverToken; } if (factory.RequireConfidentiality) { encryptionToken = GetCorrelationToken(correlationStates); if (!SecurityUtils.HasSymmetricSecurityKey(encryptionToken)) { securityHeader.WrappedKeySecurityTokenAuthenticator = this.Factory.WrappedKeySecurityTokenAuthenticator; } } SecurityTokenAuthenticator primaryTokenAuthenticator; if (factory.AllowSerializedSigningTokenOnReply) { primaryTokenAuthenticator = this.initiatorAsymmetricTokenAuthenticator; requiredReplySigningToken = null; } else { primaryTokenAuthenticator = null; } securityHeader.ConfigureAsymmetricBindingClientReceiveHeader(receiverToken, factory.AsymmetricTokenParameters, encryptionToken, factory.CryptoTokenParameters, primaryTokenAuthenticator); } else { SecurityToken wrappingToken; if (this.Factory.RecipientAsymmetricTokenProvider != null && this.Factory.RequireConfidentiality) { wrappingToken = GetToken(factory.RecipientAsymmetricTokenProvider, null, timeoutHelper.RemainingTime()); } else { wrappingToken = null; } securityHeader.ConfigureAsymmetricBindingServerReceiveHeader(this.Factory.RecipientCryptoTokenAuthenticator, this.Factory.CryptoTokenParameters, wrappingToken, this.Factory.AsymmetricTokenParameters, supportingAuthenticators); securityHeader.WrappedKeySecurityTokenAuthenticator = this.Factory.WrappedKeySecurityTokenAuthenticator; securityHeader.ConfigureOutOfBandTokenResolver(MergeOutOfBandResolvers(supportingAuthenticators, this.Factory.RecipientOutOfBandTokenResolverList)); } ProcessSecurityHeader(securityHeader, ref message, requiredReplySigningToken, timeoutHelper.RemainingTime(), correlationStates); SecurityToken signingToken = securityHeader.SignatureToken; SecurityToken encryptingToken = securityHeader.EncryptionToken; if (factory.RequireIntegrity) { if (factory.ActAsInitiator) { ReadOnlyCollection <IAuthorizationPolicy> signingTokenPolicies = this.initiatorAsymmetricTokenAuthenticator.ValidateToken(signingToken); EnsureNonWrappedToken(signingToken, message); DoIdentityCheckAndAttachInitiatorSecurityProperty(message, encryptingToken, signingToken, signingTokenPolicies); } else { EnsureNonWrappedToken(signingToken, message); AttachRecipientSecurityProperty(message, signingToken, encryptingToken, securityHeader.BasicSupportingTokens, securityHeader.EndorsingSupportingTokens, securityHeader.SignedEndorsingSupportingTokens, securityHeader.SignedSupportingTokens, securityHeader.SecurityTokenAuthorizationPoliciesMapping); } } return(GetCorrelationState(signingToken, securityHeader)); }
public AsymmetricSecurityProtocol(AsymmetricSecurityProtocolFactory factory, EndpointAddress target, Uri via) : base(factory, target, via) { }
protected override SecurityProtocolCorrelationState VerifyIncomingMessageCore(ref Message message, string actor, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates) { IList <SupportingTokenAuthenticatorSpecification> list; AsymmetricSecurityProtocolFactory factory = this.Factory; TimeoutHelper helper = new TimeoutHelper(timeout); ReceiveSecurityHeader securityHeader = base.ConfigureReceiveSecurityHeader(message, string.Empty, correlationStates, out list); SecurityToken requiredSigningToken = null; if (factory.ActAsInitiator) { SecurityTokenAuthenticator initiatorAsymmetricTokenAuthenticator; SecurityToken token = null; SecurityToken primaryToken = null; if (factory.RequireIntegrity) { primaryToken = SecurityProtocol.GetToken(this.initiatorAsymmetricTokenProvider, null, helper.RemainingTime()); requiredSigningToken = primaryToken; } if (factory.RequireConfidentiality) { token = base.GetCorrelationToken(correlationStates); if (!System.ServiceModel.Security.SecurityUtils.HasSymmetricSecurityKey(token)) { securityHeader.WrappedKeySecurityTokenAuthenticator = this.Factory.WrappedKeySecurityTokenAuthenticator; } } if (factory.AllowSerializedSigningTokenOnReply) { initiatorAsymmetricTokenAuthenticator = this.initiatorAsymmetricTokenAuthenticator; requiredSigningToken = null; } else { initiatorAsymmetricTokenAuthenticator = null; } securityHeader.ConfigureAsymmetricBindingClientReceiveHeader(primaryToken, factory.AsymmetricTokenParameters, token, factory.CryptoTokenParameters, initiatorAsymmetricTokenAuthenticator); } else { SecurityToken token4; if ((this.Factory.RecipientAsymmetricTokenProvider != null) && this.Factory.RequireConfidentiality) { token4 = SecurityProtocol.GetToken(factory.RecipientAsymmetricTokenProvider, null, helper.RemainingTime()); } else { token4 = null; } securityHeader.ConfigureAsymmetricBindingServerReceiveHeader(this.Factory.RecipientCryptoTokenAuthenticator, this.Factory.CryptoTokenParameters, token4, this.Factory.AsymmetricTokenParameters, list); securityHeader.WrappedKeySecurityTokenAuthenticator = this.Factory.WrappedKeySecurityTokenAuthenticator; securityHeader.ConfigureOutOfBandTokenResolver(base.MergeOutOfBandResolvers(list, this.Factory.RecipientOutOfBandTokenResolverList)); } base.ProcessSecurityHeader(securityHeader, ref message, requiredSigningToken, helper.RemainingTime(), correlationStates); SecurityToken signatureToken = securityHeader.SignatureToken; SecurityToken encryptionToken = securityHeader.EncryptionToken; if (factory.RequireIntegrity) { if (factory.ActAsInitiator) { ReadOnlyCollection <IAuthorizationPolicy> recipientTokenPolicies = this.initiatorAsymmetricTokenAuthenticator.ValidateToken(signatureToken); MessageSecurityProtocol.EnsureNonWrappedToken(signatureToken, message); this.DoIdentityCheckAndAttachInitiatorSecurityProperty(message, encryptionToken, signatureToken, recipientTokenPolicies); } else { MessageSecurityProtocol.EnsureNonWrappedToken(signatureToken, message); this.AttachRecipientSecurityProperty(message, signatureToken, encryptionToken, securityHeader.BasicSupportingTokens, securityHeader.EndorsingSupportingTokens, securityHeader.SignedEndorsingSupportingTokens, securityHeader.SignedSupportingTokens, securityHeader.SecurityTokenAuthorizationPoliciesMapping); } } return(base.GetCorrelationState(signatureToken, securityHeader)); }