void SetUpDelayedSecurityExecution(ref Message message, SecurityToken encryptingToken, SecurityToken signingToken,
                                           IList <SupportingTokenSpecification> supportingTokens, SecurityProtocolCorrelationState correlationState)
        {
            AsymmetricSecurityProtocolFactory factory         = this.Factory;
            string                  actor                     = string.Empty;
            SendSecurityHeader      securityHeader            = ConfigureSendSecurityHeader(message, actor, supportingTokens, correlationState);
            SecurityTokenParameters signingTokenParameters    = (this.Factory.ActAsInitiator) ? this.Factory.CryptoTokenParameters : this.Factory.AsymmetricTokenParameters;
            SecurityTokenParameters encryptionTokenParameters = (this.Factory.ActAsInitiator) ? this.Factory.AsymmetricTokenParameters : this.Factory.CryptoTokenParameters;

            if (this.Factory.ApplyIntegrity || securityHeader.HasSignedTokens)
            {
                if (!this.Factory.ApplyIntegrity)
                {
                    securityHeader.SignatureParts = MessagePartSpecification.NoParts;
                }
                securityHeader.SetSigningToken(signingToken, signingTokenParameters);
            }
            if (Factory.ApplyConfidentiality || securityHeader.HasEncryptedTokens)
            {
                if (!this.Factory.ApplyConfidentiality)
                {
                    securityHeader.EncryptionParts = MessagePartSpecification.NoParts;
                }
                securityHeader.SetEncryptionToken(encryptingToken, encryptionTokenParameters);
            }
            message = securityHeader.SetupExecution();
        }
        protected override IAsyncResult BeginSecureOutgoingMessageCore(Message message, TimeSpan timeout, SecurityProtocolCorrelationState correlationState, AsyncCallback callback, object state)
        {
            SecurityToken encryptingToken;
            SecurityToken signingToken;
            SecurityProtocolCorrelationState     newCorrelationState;
            IList <SupportingTokenSpecification> supportingTokens;
            TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);

            if (TryGetTokenSynchronouslyForOutgoingSecurity(message, correlationState, false, timeoutHelper.RemainingTime(), out encryptingToken, out signingToken, out supportingTokens, out newCorrelationState))
            {
                SetUpDelayedSecurityExecution(ref message, encryptingToken, signingToken, supportingTokens, GetSignatureConfirmationCorrelationState(correlationState, newCorrelationState));
                return(new CompletedAsyncResult <Message, SecurityProtocolCorrelationState>(message, newCorrelationState, callback, state));
            }
            else
            {
                if (this.Factory.ActAsInitiator == false)
                {
                    Fx.Assert("Unexpected code path for server security application");
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SendingOutgoingmessageOnRecipient)));
                }
                AsymmetricSecurityProtocolFactory factory     = this.Factory;
                SecurityTokenProvider             encProvider = factory.ApplyConfidentiality ? this.initiatorAsymmetricTokenProvider : null;
                SecurityTokenProvider             sigProvider = factory.ApplyIntegrity ? this.initiatorCryptoTokenProvider : null;
                return(new SecureOutgoingMessageAsyncResult(message, this,
                                                            encProvider, sigProvider, factory.ApplyConfidentiality, this.initiatorAsymmetricTokenAuthenticator, correlationState, timeoutHelper.RemainingTime(), callback, state));
            }
        }
        bool TryGetTokenSynchronouslyForOutgoingSecurity(Message message, SecurityProtocolCorrelationState correlationState, bool isBlockingCall, TimeSpan timeout,
                                                         out SecurityToken encryptingToken, out SecurityToken signingToken, out IList <SupportingTokenSpecification> supportingTokens, out SecurityProtocolCorrelationState newCorrelationState)
        {
            AsymmetricSecurityProtocolFactory factory = this.Factory;

            encryptingToken     = null;
            signingToken        = null;
            newCorrelationState = null;
            supportingTokens    = null;
            TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);

            if (factory.ActAsInitiator)
            {
                if (!isBlockingCall || !TryGetSupportingTokens(this.Factory, this.Target, this.Via, message, timeoutHelper.RemainingTime(), isBlockingCall, out supportingTokens))
                {
                    return(false);
                }
                if (factory.ApplyConfidentiality)
                {
                    encryptingToken = GetTokenAndEnsureOutgoingIdentity(this.initiatorAsymmetricTokenProvider, true, timeoutHelper.RemainingTime(), this.initiatorAsymmetricTokenAuthenticator);
                }
                if (factory.ApplyIntegrity)
                {
                    signingToken        = GetToken(this.initiatorCryptoTokenProvider, this.Target, timeoutHelper.RemainingTime());
                    newCorrelationState = GetCorrelationState(signingToken);
                }
            }
            else
            {
                if (factory.ApplyConfidentiality)
                {
                    encryptingToken = GetCorrelationToken(correlationState);
                }
                if (factory.ApplyIntegrity)
                {
                    signingToken = GetToken(factory.RecipientAsymmetricTokenProvider, null, timeoutHelper.RemainingTime());
                }
            }
            return(true);
        }
        protected override IAsyncResult BeginSecureOutgoingMessageCore(Message message, TimeSpan timeout, SecurityProtocolCorrelationState correlationState, AsyncCallback callback, object state)
        {
            SecurityToken token;
            SecurityToken token2;
            SecurityProtocolCorrelationState     state2;
            IList <SupportingTokenSpecification> list;
            TimeoutHelper helper = new TimeoutHelper(timeout);

            if (this.TryGetTokenSynchronouslyForOutgoingSecurity(message, correlationState, false, helper.RemainingTime(), out token, out token2, out list, out state2))
            {
                this.SetUpDelayedSecurityExecution(ref message, token, token2, list, base.GetSignatureConfirmationCorrelationState(correlationState, state2));
                return(new CompletedAsyncResult <Message, SecurityProtocolCorrelationState>(message, state2, callback, state));
            }
            if (!this.Factory.ActAsInitiator)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("SendingOutgoingmessageOnRecipient")));
            }
            AsymmetricSecurityProtocolFactory factory         = this.Factory;
            SecurityTokenProvider             primaryProvider = factory.ApplyConfidentiality ? this.initiatorAsymmetricTokenProvider : null;

            return(new SecureOutgoingMessageAsyncResult(message, this, primaryProvider, factory.ApplyIntegrity ? this.initiatorCryptoTokenProvider : null, factory.ApplyConfidentiality, this.initiatorAsymmetricTokenAuthenticator, correlationState, helper.RemainingTime(), callback, state));
        }
示例#5
0
 internal AsymmetricSecurityProtocolFactory(AsymmetricSecurityProtocolFactory factory)
     : base(factory)
 {
     this.allowSerializedSigningTokenOnReply = factory.allowSerializedSigningTokenOnReply;
 }
        protected override SecurityProtocolCorrelationState VerifyIncomingMessageCore(ref Message message, string actor, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
        {
            AsymmetricSecurityProtocolFactory factory = this.Factory;
            IList <SupportingTokenAuthenticatorSpecification> supportingAuthenticators;
            TimeoutHelper         timeoutHelper             = new TimeoutHelper(timeout);
            ReceiveSecurityHeader securityHeader            = ConfigureReceiveSecurityHeader(message, string.Empty, correlationStates, out supportingAuthenticators);
            SecurityToken         requiredReplySigningToken = null;

            if (factory.ActAsInitiator)
            {
                SecurityToken encryptionToken = null;
                SecurityToken receiverToken   = null;
                if (factory.RequireIntegrity)
                {
                    receiverToken             = GetToken(this.initiatorAsymmetricTokenProvider, null, timeoutHelper.RemainingTime());
                    requiredReplySigningToken = receiverToken;
                }
                if (factory.RequireConfidentiality)
                {
                    encryptionToken = GetCorrelationToken(correlationStates);
                    if (!SecurityUtils.HasSymmetricSecurityKey(encryptionToken))
                    {
                        securityHeader.WrappedKeySecurityTokenAuthenticator = this.Factory.WrappedKeySecurityTokenAuthenticator;
                    }
                }
                SecurityTokenAuthenticator primaryTokenAuthenticator;
                if (factory.AllowSerializedSigningTokenOnReply)
                {
                    primaryTokenAuthenticator = this.initiatorAsymmetricTokenAuthenticator;
                    requiredReplySigningToken = null;
                }
                else
                {
                    primaryTokenAuthenticator = null;
                }

                securityHeader.ConfigureAsymmetricBindingClientReceiveHeader(receiverToken,
                                                                             factory.AsymmetricTokenParameters, encryptionToken, factory.CryptoTokenParameters,
                                                                             primaryTokenAuthenticator);
            }
            else
            {
                SecurityToken wrappingToken;
                if (this.Factory.RecipientAsymmetricTokenProvider != null && this.Factory.RequireConfidentiality)
                {
                    wrappingToken = GetToken(factory.RecipientAsymmetricTokenProvider, null, timeoutHelper.RemainingTime());
                }
                else
                {
                    wrappingToken = null;
                }
                securityHeader.ConfigureAsymmetricBindingServerReceiveHeader(this.Factory.RecipientCryptoTokenAuthenticator,
                                                                             this.Factory.CryptoTokenParameters, wrappingToken, this.Factory.AsymmetricTokenParameters, supportingAuthenticators);
                securityHeader.WrappedKeySecurityTokenAuthenticator = this.Factory.WrappedKeySecurityTokenAuthenticator;

                securityHeader.ConfigureOutOfBandTokenResolver(MergeOutOfBandResolvers(supportingAuthenticators, this.Factory.RecipientOutOfBandTokenResolverList));
            }

            ProcessSecurityHeader(securityHeader, ref message, requiredReplySigningToken, timeoutHelper.RemainingTime(), correlationStates);
            SecurityToken signingToken    = securityHeader.SignatureToken;
            SecurityToken encryptingToken = securityHeader.EncryptionToken;

            if (factory.RequireIntegrity)
            {
                if (factory.ActAsInitiator)
                {
                    ReadOnlyCollection <IAuthorizationPolicy> signingTokenPolicies = this.initiatorAsymmetricTokenAuthenticator.ValidateToken(signingToken);
                    EnsureNonWrappedToken(signingToken, message);
                    DoIdentityCheckAndAttachInitiatorSecurityProperty(message, encryptingToken, signingToken, signingTokenPolicies);
                }
                else
                {
                    EnsureNonWrappedToken(signingToken, message);
                    AttachRecipientSecurityProperty(message, signingToken, encryptingToken, securityHeader.BasicSupportingTokens, securityHeader.EndorsingSupportingTokens, securityHeader.SignedEndorsingSupportingTokens,
                                                    securityHeader.SignedSupportingTokens, securityHeader.SecurityTokenAuthorizationPoliciesMapping);
                }
            }

            return(GetCorrelationState(signingToken, securityHeader));
        }
 public AsymmetricSecurityProtocol(AsymmetricSecurityProtocolFactory factory,
                                   EndpointAddress target, Uri via)
     : base(factory, target, via)
 {
 }
        protected override SecurityProtocolCorrelationState VerifyIncomingMessageCore(ref Message message, string actor, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
        {
            IList <SupportingTokenAuthenticatorSpecification> list;
            AsymmetricSecurityProtocolFactory factory = this.Factory;
            TimeoutHelper         helper               = new TimeoutHelper(timeout);
            ReceiveSecurityHeader securityHeader       = base.ConfigureReceiveSecurityHeader(message, string.Empty, correlationStates, out list);
            SecurityToken         requiredSigningToken = null;

            if (factory.ActAsInitiator)
            {
                SecurityTokenAuthenticator initiatorAsymmetricTokenAuthenticator;
                SecurityToken token        = null;
                SecurityToken primaryToken = null;
                if (factory.RequireIntegrity)
                {
                    primaryToken         = SecurityProtocol.GetToken(this.initiatorAsymmetricTokenProvider, null, helper.RemainingTime());
                    requiredSigningToken = primaryToken;
                }
                if (factory.RequireConfidentiality)
                {
                    token = base.GetCorrelationToken(correlationStates);
                    if (!System.ServiceModel.Security.SecurityUtils.HasSymmetricSecurityKey(token))
                    {
                        securityHeader.WrappedKeySecurityTokenAuthenticator = this.Factory.WrappedKeySecurityTokenAuthenticator;
                    }
                }
                if (factory.AllowSerializedSigningTokenOnReply)
                {
                    initiatorAsymmetricTokenAuthenticator = this.initiatorAsymmetricTokenAuthenticator;
                    requiredSigningToken = null;
                }
                else
                {
                    initiatorAsymmetricTokenAuthenticator = null;
                }
                securityHeader.ConfigureAsymmetricBindingClientReceiveHeader(primaryToken, factory.AsymmetricTokenParameters, token, factory.CryptoTokenParameters, initiatorAsymmetricTokenAuthenticator);
            }
            else
            {
                SecurityToken token4;
                if ((this.Factory.RecipientAsymmetricTokenProvider != null) && this.Factory.RequireConfidentiality)
                {
                    token4 = SecurityProtocol.GetToken(factory.RecipientAsymmetricTokenProvider, null, helper.RemainingTime());
                }
                else
                {
                    token4 = null;
                }
                securityHeader.ConfigureAsymmetricBindingServerReceiveHeader(this.Factory.RecipientCryptoTokenAuthenticator, this.Factory.CryptoTokenParameters, token4, this.Factory.AsymmetricTokenParameters, list);
                securityHeader.WrappedKeySecurityTokenAuthenticator = this.Factory.WrappedKeySecurityTokenAuthenticator;
                securityHeader.ConfigureOutOfBandTokenResolver(base.MergeOutOfBandResolvers(list, this.Factory.RecipientOutOfBandTokenResolverList));
            }
            base.ProcessSecurityHeader(securityHeader, ref message, requiredSigningToken, helper.RemainingTime(), correlationStates);
            SecurityToken signatureToken  = securityHeader.SignatureToken;
            SecurityToken encryptionToken = securityHeader.EncryptionToken;

            if (factory.RequireIntegrity)
            {
                if (factory.ActAsInitiator)
                {
                    ReadOnlyCollection <IAuthorizationPolicy> recipientTokenPolicies = this.initiatorAsymmetricTokenAuthenticator.ValidateToken(signatureToken);
                    MessageSecurityProtocol.EnsureNonWrappedToken(signatureToken, message);
                    this.DoIdentityCheckAndAttachInitiatorSecurityProperty(message, encryptionToken, signatureToken, recipientTokenPolicies);
                }
                else
                {
                    MessageSecurityProtocol.EnsureNonWrappedToken(signatureToken, message);
                    this.AttachRecipientSecurityProperty(message, signatureToken, encryptionToken, securityHeader.BasicSupportingTokens, securityHeader.EndorsingSupportingTokens, securityHeader.SignedEndorsingSupportingTokens, securityHeader.SignedSupportingTokens, securityHeader.SecurityTokenAuthorizationPoliciesMapping);
                }
            }
            return(base.GetCorrelationState(signatureToken, securityHeader));
        }