示例#1
0
        internal SecurityProtocolFactory(SecurityProtocolFactory factory)
            : this()
        {
            if (factory == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("factory");
            }

            _actAsInitiator         = factory._actAsInitiator;
            _addTimestamp           = factory._addTimestamp;
            _detectReplays          = factory._detectReplays;
            _incomingAlgorithmSuite = factory._incomingAlgorithmSuite;
            _maxCachedNonces        = factory._maxCachedNonces;
            _maxClockSkew           = factory._maxClockSkew;
            _outgoingAlgorithmSuite = factory._outgoingAlgorithmSuite;
            _replayWindow           = factory._replayWindow;
            _channelSupportingTokenAuthenticatorSpecification = new Collection <SupportingTokenAuthenticatorSpecification>(new List <SupportingTokenAuthenticatorSpecification>(factory._channelSupportingTokenAuthenticatorSpecification));
            _scopedSupportingTokenAuthenticatorSpecification  = new Dictionary <string, ICollection <SupportingTokenAuthenticatorSpecification> >(factory._scopedSupportingTokenAuthenticatorSpecification);
            _standardsManager                = factory._standardsManager;
            _timestampValidityDuration       = factory._timestampValidityDuration;
            _auditLogLocation                = factory._auditLogLocation;
            _suppressAuditFailure            = factory._suppressAuditFailure;
            _serviceAuthorizationAuditLevel  = factory._serviceAuthorizationAuditLevel;
            _messageAuthenticationAuditLevel = factory._messageAuthenticationAuditLevel;
            if (factory._securityBindingElement != null)
            {
                _securityBindingElement = (SecurityBindingElement)factory._securityBindingElement.Clone();
            }
            _securityTokenManager     = factory._securityTokenManager;
            _privacyNoticeUri         = factory._privacyNoticeUri;
            _privacyNoticeVersion     = factory._privacyNoticeVersion;
            _extendedProtectionPolicy = factory._extendedProtectionPolicy;
            _nonceCache = factory._nonceCache;
        }
示例#2
0
 internal SecurityProtocolFactory(SecurityProtocolFactory factory)
     : this()
 {
     if (factory == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("factory");
     }
     this.actAsInitiator         = factory.actAsInitiator;
     this.addTimestamp           = factory.addTimestamp;
     this.detectReplays          = factory.detectReplays;
     this.incomingAlgorithmSuite = factory.incomingAlgorithmSuite;
     this.maxCachedNonces        = factory.maxCachedNonces;
     this.maxClockSkew           = factory.maxClockSkew;
     this.outgoingAlgorithmSuite = factory.outgoingAlgorithmSuite;
     this.replayWindow           = factory.replayWindow;
     // this.channelSupportingTokenAuthenticatorSpecification = (ICollection<SupportingTokenAuthenticatorSpecification>) new Collection<SupportingTokenAuthenticatorSpecification>((IList<SupportingTokenAuthenticatorSpecification>) new List<SupportingTokenAuthenticatorSpecification>((IEnumerable<SupportingTokenAuthenticatorSpecification>) factory.channelSupportingTokenAuthenticatorSpecification));
     // this.scopedSupportingTokenAuthenticatorSpecification = new Dictionary<string, ICollection<SupportingTokenAuthenticatorSpecification>>((IDictionary<string, ICollection<SupportingTokenAuthenticatorSpecification>>) factory.scopedSupportingTokenAuthenticatorSpecification);
     this.standardsManager = factory.standardsManager;
     // this.timestampValidityDuration = factory.timestampValidityDuration;
     // this.auditLogLocation = factory.auditLogLocation;
     // this.suppressAuditFailure = factory.suppressAuditFailure;
     // this.serviceAuthorizationAuditLevel = factory.serviceAuthorizationAuditLevel;
     // this.messageAuthenticationAuditLevel = factory.messageAuthenticationAuditLevel;
     if (factory.securityBindingElement != null)
     {
         this.securityBindingElement = (SecurityBindingElement)factory.securityBindingElement.Clone();
     }
     this.securityTokenManager = factory.securityTokenManager;
     this.privacyNoticeUri     = factory.privacyNoticeUri;
     this.privacyNoticeVersion = factory.privacyNoticeVersion;
     //  this.endpointFilterTable = factory.endpointFilterTable;
     this.extendedProtectionPolicy = factory.extendedProtectionPolicy;
     this.nonceCache = factory.nonceCache;
 }
 LocalClientSecuritySettings(LocalClientSecuritySettings other)
 {
     this.detectReplays = other.detectReplays;
     this.replayCacheSize = other.replayCacheSize;
     this.replayWindow = other.replayWindow;
     this.maxClockSkew = other.maxClockSkew;
     this.cacheCookies = other.cacheCookies;
     this.maxCookieCachingTime = other.maxCookieCachingTime;
     this.sessionKeyRenewalInterval = other.sessionKeyRenewalInterval;
     this.sessionKeyRolloverInterval = other.sessionKeyRolloverInterval;
     this.reconnectTransportOnFailure = other.reconnectTransportOnFailure;
     this.timestampValidityDuration = other.timestampValidityDuration;
     this.identityVerifier = other.identityVerifier;
     this.cookieRenewalThresholdPercentage = other.cookieRenewalThresholdPercentage;
     this.nonceCache = other.nonceCache;
 }
 private LocalClientSecuritySettings(LocalClientSecuritySettings other)
 {
     _detectReplays = other._detectReplays;
     _replayCacheSize = other._replayCacheSize;
     _replayWindow = other._replayWindow;
     _maxClockSkew = other._maxClockSkew;
     _cacheCookies = other._cacheCookies;
     _maxCookieCachingTime = other._maxCookieCachingTime;
     _sessionKeyRenewalInterval = other._sessionKeyRenewalInterval;
     _sessionKeyRolloverInterval = other._sessionKeyRolloverInterval;
     _reconnectTransportOnFailure = other._reconnectTransportOnFailure;
     _timestampValidityDuration = other._timestampValidityDuration;
     _identityVerifier = other._identityVerifier;
     _cookieRenewalThresholdPercentage = other._cookieRenewalThresholdPercentage;
     _nonceCache = other._nonceCache;
 }
 LocalServiceSecuritySettings(LocalServiceSecuritySettings other)
 {
     this.detectReplays = other.detectReplays;
     this.replayCacheSize = other.replayCacheSize;
     this.replayWindow = other.replayWindow;
     this.maxClockSkew = other.maxClockSkew;
     this.issuedCookieLifetime = other.issuedCookieLifetime;
     this.maxStatefulNegotiations = other.maxStatefulNegotiations;
     this.negotiationTimeout = other.negotiationTimeout;
     this.maxPendingSessions = other.maxPendingSessions;
     this.inactivityTimeout = other.inactivityTimeout;
     this.sessionKeyRenewalInterval = other.sessionKeyRenewalInterval;
     this.sessionKeyRolloverInterval = other.sessionKeyRolloverInterval;
     this.reconnectTransportOnFailure = other.reconnectTransportOnFailure;
     this.timestampValidityDuration = other.timestampValidityDuration;
     this.maxCachedCookies = other.maxCachedCookies;
     this.nonceCache = other.nonceCache;
 }
示例#6
0
        public virtual Task OnOpenAsync(TimeSpan timeout)
        {
            if (SecurityBindingElement == null)
            {
                OnPropertySettingsError(nameof(SecurityBindingElement), true);
            }

            if (SecurityTokenManager == null)
            {
                OnPropertySettingsError(nameof(SecurityTokenManager), true);
            }

            MessageSecurityVersion = _standardsManager.MessageSecurityVersion;
            TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);

            _expectOutgoingMessages = ActAsInitiator || SupportsRequestReply;
            _expectIncomingMessages = !ActAsInitiator || SupportsRequestReply;
            if (!ActAsInitiator)
            {
                throw ExceptionHelper.PlatformNotSupported();
            }

            if (DetectReplays)
            {
                if (!SupportsReplayDetection)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(nameof(DetectReplays), SR.Format(SR.SecurityProtocolCannotDoReplayDetection, this));
                }
                if (MaxClockSkew == TimeSpan.MaxValue || ReplayWindow == TimeSpan.MaxValue)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.NoncesCachedInfinitely));
                }

                // If DetectReplays is true and nonceCache is null then use the default InMemoryNonceCache.
                if (_nonceCache == null)
                {
                    // The nonce needs to be cached for replayWindow + 2*clockSkew to eliminate replays
                    _nonceCache = new InMemoryNonceCache(ReplayWindow + MaxClockSkew + MaxClockSkew, MaxCachedNonces);
                }
            }

            //derivedKeyTokenAuthenticator = new NonValidatingSecurityTokenAuthenticator<DerivedKeySecurityToken>();
            return(Task.CompletedTask);
        }
示例#7
0
        internal SecurityProtocolFactory(SecurityProtocolFactory factory) : this()
        {
            if (factory == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(factory));
            }

            ActAsInitiator          = factory.ActAsInitiator;
            _addTimestamp           = factory._addTimestamp;
            _detectReplays          = factory._detectReplays;
            _incomingAlgorithmSuite = factory._incomingAlgorithmSuite;
            _maxCachedNonces        = factory._maxCachedNonces;
            _maxClockSkew           = factory._maxClockSkew;
            _outgoingAlgorithmSuite = factory._outgoingAlgorithmSuite;
            _replayWindow           = factory._replayWindow;
            _channelSupportingTokenAuthenticatorSpecification = new Collection <SupportingTokenAuthenticatorSpecification>(new List <SupportingTokenAuthenticatorSpecification>(factory._channelSupportingTokenAuthenticatorSpecification));
            _standardsManager          = factory._standardsManager;
            _timestampValidityDuration = factory._timestampValidityDuration;
            _securityBindingElement    = (SecurityBindingElement)factory._securityBindingElement?.Clone();
            _securityTokenManager      = factory._securityTokenManager;
            _nonceCache = factory._nonceCache;
        }
示例#8
0
        public virtual void OnOpen(TimeSpan timeout)
        {
            if (this.SecurityBindingElement == null)
            {
                this.OnPropertySettingsError("SecurityBindingElement", true);
            }
            if (this.SecurityTokenManager == null)
            {
                this.OnPropertySettingsError("SecurityTokenManager", true);
            }
            _messageSecurityVersion = _standardsManager.MessageSecurityVersion;
            TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);

            _expectOutgoingMessages = this.ActAsInitiator || this.SupportsRequestReply;
            _expectIncomingMessages = !this.ActAsInitiator || this.SupportsRequestReply;
            if (!_actAsInitiator)
            {
                AddSupportingTokenAuthenticators(_securityBindingElement.EndpointSupportingTokenParameters, false, (IList <SupportingTokenAuthenticatorSpecification>)_channelSupportingTokenAuthenticatorSpecification);
                // validate the token authenticator types and create a merged map if needed.
                if (!_channelSupportingTokenAuthenticatorSpecification.IsReadOnly)
                {
                    if (_channelSupportingTokenAuthenticatorSpecification.Count == 0)
                    {
                        _channelSupportingTokenAuthenticatorSpecification = EmptyTokenAuthenticators;
                    }
                    else
                    {
                        _expectSupportingTokens = true;
                        foreach (SupportingTokenAuthenticatorSpecification tokenAuthenticatorSpec in _channelSupportingTokenAuthenticatorSpecification)
                        {
                            SecurityUtils.OpenTokenAuthenticatorIfRequired(tokenAuthenticatorSpec.TokenAuthenticator, timeoutHelper.RemainingTime());
                            if (tokenAuthenticatorSpec.SecurityTokenAttachmentMode == SecurityTokenAttachmentMode.Endorsing ||
                                tokenAuthenticatorSpec.SecurityTokenAttachmentMode == SecurityTokenAttachmentMode.SignedEndorsing)
                            {
                                if (tokenAuthenticatorSpec.TokenParameters.RequireDerivedKeys && !tokenAuthenticatorSpec.TokenParameters.HasAsymmetricKey)
                                {
                                    _expectKeyDerivation = true;
                                }
                            }
                            SecurityTokenAttachmentMode mode = tokenAuthenticatorSpec.SecurityTokenAttachmentMode;
                            if (mode == SecurityTokenAttachmentMode.SignedEncrypted ||
                                mode == SecurityTokenAttachmentMode.Signed ||
                                mode == SecurityTokenAttachmentMode.SignedEndorsing)
                            {
                                _expectChannelSignedTokens = true;
                                if (mode == SecurityTokenAttachmentMode.SignedEncrypted)
                                {
                                    _expectChannelBasicTokens = true;
                                }
                            }
                            if (mode == SecurityTokenAttachmentMode.Endorsing || mode == SecurityTokenAttachmentMode.SignedEndorsing)
                            {
                                _expectChannelEndorsingTokens = true;
                            }
                        }
                        _channelSupportingTokenAuthenticatorSpecification =
                            new ReadOnlyCollection <SupportingTokenAuthenticatorSpecification>((Collection <SupportingTokenAuthenticatorSpecification>)_channelSupportingTokenAuthenticatorSpecification);
                    }
                }
                VerifyTypeUniqueness(_channelSupportingTokenAuthenticatorSpecification);
                MergeSupportingTokenAuthenticators(timeoutHelper.RemainingTime());
            }

            if (this.DetectReplays)
            {
                if (!this.SupportsReplayDetection)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("DetectReplays", SR.Format(SR.SecurityProtocolCannotDoReplayDetection, this));
                }
                if (this.MaxClockSkew == TimeSpan.MaxValue || this.ReplayWindow == TimeSpan.MaxValue)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.NoncesCachedInfinitely));
                }

                // If DetectReplays is true and nonceCache is null then use the default InMemoryNonceCache.
                if (_nonceCache == null)
                {
                    // The nonce needs to be cached for replayWindow + 2*clockSkew to eliminate replays
                    _nonceCache = new InMemoryNonceCache(this.ReplayWindow + this.MaxClockSkew + this.MaxClockSkew, this.MaxCachedNonces);
                }
            }

            _derivedKeyTokenAuthenticator = new NonValidatingSecurityTokenAuthenticator <DerivedKeySecurityToken>();
        }
 public LocalClientSecuritySettings()
 {
     this.DetectReplays = SecurityProtocolFactory.defaultDetectReplays;
     this.ReplayCacheSize = SecurityProtocolFactory.defaultMaxCachedNonces;
     this.ReplayWindow = SecurityProtocolFactory.defaultReplayWindow;
     this.MaxClockSkew = SecurityProtocolFactory.defaultMaxClockSkew;
     this.TimestampValidityDuration = SecurityProtocolFactory.defaultTimestampValidityDuration;
     this.CacheCookies = IssuanceTokenProviderBase<IssuanceTokenProviderState>.defaultClientCacheTokens;
     this.MaxCookieCachingTime = IssuanceTokenProviderBase<IssuanceTokenProviderState>.DefaultClientMaxTokenCachingTime;
     this.SessionKeyRenewalInterval = SecuritySessionClientSettings.defaultKeyRenewalInterval;
     this.SessionKeyRolloverInterval = SecuritySessionClientSettings.defaultKeyRolloverInterval;
     this.ReconnectTransportOnFailure = SecuritySessionClientSettings.defaultTolerateTransportFailures;
     this.CookieRenewalThresholdPercentage = SpnegoTokenProvider.defaultServiceTokenValidityThresholdPercentage;
     this.IdentityVerifier = IdentityVerifier.CreateDefault();
     this.nonceCache = null;
 }
 // replay detection done if enableReplayDetection is set to true.
 public void SetTimeParameters(NonceCache nonceCache, TimeSpan replayWindow, TimeSpan clockSkew)
 {
     _nonceCache   = nonceCache;
     _replayWindow = replayWindow;
     _clockSkew    = clockSkew;
 }
 public LocalServiceSecuritySettings()
 {
     this.DetectReplays = SecurityProtocolFactory.defaultDetectReplays;
     this.ReplayCacheSize = SecurityProtocolFactory.defaultMaxCachedNonces;
     this.ReplayWindow = SecurityProtocolFactory.defaultReplayWindow;
     this.MaxClockSkew = SecurityProtocolFactory.defaultMaxClockSkew;
     this.IssuedCookieLifetime = NegotiationTokenAuthenticator<NegotiationTokenAuthenticatorState>.defaultServerIssuedTokenLifetime;
     this.MaxStatefulNegotiations = NegotiationTokenAuthenticator<NegotiationTokenAuthenticatorState>.defaultServerMaxActiveNegotiations;
     this.NegotiationTimeout = NegotiationTokenAuthenticator<NegotiationTokenAuthenticatorState>.defaultServerMaxNegotiationLifetime;
     this.maxPendingSessions = SecuritySessionServerSettings.defaultMaximumPendingSessions;
     this.inactivityTimeout = SecuritySessionServerSettings.defaultInactivityTimeout;
     this.sessionKeyRenewalInterval = SecuritySessionServerSettings.defaultKeyRenewalInterval;
     this.sessionKeyRolloverInterval = SecuritySessionServerSettings.defaultKeyRolloverInterval;
     this.reconnectTransportOnFailure = SecuritySessionServerSettings.defaultTolerateTransportFailures;
     this.TimestampValidityDuration = SecurityProtocolFactory.defaultTimestampValidityDuration;
     this.maxCachedCookies = NegotiationTokenAuthenticator<NegotiationTokenAuthenticatorState>.defaultServerMaxCachedTokens;
     this.nonceCache = null;
 }