示例#1
0
 internal SecurityProtocolFactory(SecurityProtocolFactory factory)
     : this()
 {
     if (factory == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("factory");
     }
     this.actAsInitiator         = factory.actAsInitiator;
     this.addTimestamp           = factory.addTimestamp;
     this.detectReplays          = factory.detectReplays;
     this.incomingAlgorithmSuite = factory.incomingAlgorithmSuite;
     this.maxCachedNonces        = factory.maxCachedNonces;
     this.maxClockSkew           = factory.maxClockSkew;
     this.outgoingAlgorithmSuite = factory.outgoingAlgorithmSuite;
     this.replayWindow           = factory.replayWindow;
     // this.channelSupportingTokenAuthenticatorSpecification = (ICollection<SupportingTokenAuthenticatorSpecification>) new Collection<SupportingTokenAuthenticatorSpecification>((IList<SupportingTokenAuthenticatorSpecification>) new List<SupportingTokenAuthenticatorSpecification>((IEnumerable<SupportingTokenAuthenticatorSpecification>) factory.channelSupportingTokenAuthenticatorSpecification));
     // this.scopedSupportingTokenAuthenticatorSpecification = new Dictionary<string, ICollection<SupportingTokenAuthenticatorSpecification>>((IDictionary<string, ICollection<SupportingTokenAuthenticatorSpecification>>) factory.scopedSupportingTokenAuthenticatorSpecification);
     this.standardsManager = factory.standardsManager;
     // this.timestampValidityDuration = factory.timestampValidityDuration;
     // this.auditLogLocation = factory.auditLogLocation;
     // this.suppressAuditFailure = factory.suppressAuditFailure;
     // this.serviceAuthorizationAuditLevel = factory.serviceAuthorizationAuditLevel;
     // this.messageAuthenticationAuditLevel = factory.messageAuthenticationAuditLevel;
     if (factory.securityBindingElement != null)
     {
         this.securityBindingElement = (SecurityBindingElement)factory.securityBindingElement.Clone();
     }
     this.securityTokenManager = factory.securityTokenManager;
     this.privacyNoticeUri     = factory.privacyNoticeUri;
     this.privacyNoticeVersion = factory.privacyNoticeVersion;
     //  this.endpointFilterTable = factory.endpointFilterTable;
     this.extendedProtectionPolicy = factory.extendedProtectionPolicy;
     this.nonceCache = factory.nonceCache;
 }
 public WSSecurityOneDotOneReceiveSecurityHeader(Message message, string actor, bool mustUnderstand, bool relay,
                                                 SecurityStandardsManager standardsManager,
                                                 SecurityAlgorithmSuite algorithmSuite,
                                                 int headerIndex, MessageDirection direction)
     : base(message, actor, mustUnderstand, relay, standardsManager, algorithmSuite, headerIndex, direction)
 {
 }
 public WSSecurityOneDotZeroSendSecurityHeader(Message message, string actor, bool mustUnderstand, bool relay,
                                               SecurityStandardsManager standardsManager,
                                               SecurityAlgorithmSuite algorithmSuite,
                                               MessageDirection direction)
     : base(message, actor, mustUnderstand, relay, standardsManager, algorithmSuite, direction)
 {
 }
 public WSSecurityOneDotZeroSendSecurityHeader(Message message, string actor, bool mustUnderstand, bool relay,
     SecurityStandardsManager standardsManager,
     SecurityAlgorithmSuite algorithmSuite,
     MessageDirection direction)
     : base(message, actor, mustUnderstand, relay, standardsManager, algorithmSuite, direction)
 {
 }
 internal override SendSecurityHeader CreateSendSecurityHeader(Message message,
                                                               string actor, bool mustUnderstand, bool relay,
                                                               SecurityStandardsManager standardsManager,
                                                               SecurityAlgorithmSuite algorithmSuite, MessageDirection direction)
 {
     return(new WSSecurityOneDotOneSendSecurityHeader(message, actor, mustUnderstand, relay, standardsManager, algorithmSuite, direction));
 }
示例#6
0
 public SecurityHeader(System.ServiceModel.Channels.Message message, string actor, bool mustUnderstand, bool relay, SecurityStandardsManager standardsManager, SecurityAlgorithmSuite algorithmSuite, System.ServiceModel.Description.MessageDirection transferDirection)
 {
     if (message == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("message");
     }
     if (actor == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("actor");
     }
     if (standardsManager == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("standardsManager");
     }
     if (algorithmSuite == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("algorithmSuite");
     }
     this.message           = message;
     this.actor             = actor;
     this.mustUnderstand    = mustUnderstand;
     this.relay             = relay;
     this.standardsManager  = standardsManager;
     this.algorithmSuite    = algorithmSuite;
     this.transferDirection = transferDirection;
 }
 public SecurityHeader(System.ServiceModel.Channels.Message message, string actor, bool mustUnderstand, bool relay, SecurityStandardsManager standardsManager, SecurityAlgorithmSuite algorithmSuite, System.ServiceModel.Description.MessageDirection transferDirection)
 {
     if (message == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("message");
     }
     if (actor == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("actor");
     }
     if (standardsManager == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("standardsManager");
     }
     if (algorithmSuite == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("algorithmSuite");
     }
     this.message = message;
     this.actor = actor;
     this.mustUnderstand = mustUnderstand;
     this.relay = relay;
     this.standardsManager = standardsManager;
     this.algorithmSuite = algorithmSuite;
     this.transferDirection = transferDirection;
 }
示例#8
0
        internal SecurityProtocolFactory(SecurityProtocolFactory factory)
            : this()
        {
            if (factory == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("factory");
            }

            _actAsInitiator         = factory._actAsInitiator;
            _addTimestamp           = factory._addTimestamp;
            _detectReplays          = factory._detectReplays;
            _incomingAlgorithmSuite = factory._incomingAlgorithmSuite;
            _maxCachedNonces        = factory._maxCachedNonces;
            _maxClockSkew           = factory._maxClockSkew;
            _outgoingAlgorithmSuite = factory._outgoingAlgorithmSuite;
            _replayWindow           = factory._replayWindow;
            _channelSupportingTokenAuthenticatorSpecification = new Collection <SupportingTokenAuthenticatorSpecification>(new List <SupportingTokenAuthenticatorSpecification>(factory._channelSupportingTokenAuthenticatorSpecification));
            _scopedSupportingTokenAuthenticatorSpecification  = new Dictionary <string, ICollection <SupportingTokenAuthenticatorSpecification> >(factory._scopedSupportingTokenAuthenticatorSpecification);
            _standardsManager                = factory._standardsManager;
            _timestampValidityDuration       = factory._timestampValidityDuration;
            _auditLogLocation                = factory._auditLogLocation;
            _suppressAuditFailure            = factory._suppressAuditFailure;
            _serviceAuthorizationAuditLevel  = factory._serviceAuthorizationAuditLevel;
            _messageAuthenticationAuditLevel = factory._messageAuthenticationAuditLevel;
            if (factory._securityBindingElement != null)
            {
                _securityBindingElement = (SecurityBindingElement)factory._securityBindingElement.Clone();
            }
            _securityTokenManager     = factory._securityTokenManager;
            _privacyNoticeUri         = factory._privacyNoticeUri;
            _privacyNoticeVersion     = factory._privacyNoticeVersion;
            _extendedProtectionPolicy = factory._extendedProtectionPolicy;
            _nonceCache = factory._nonceCache;
        }
        protected override void StartPrimarySignatureCore(SecurityToken token,
                                                          SecurityKeyIdentifier keyIdentifier,
                                                          MessagePartSpecification signatureParts,
                                                          bool generateTargettableSignature)
        {
            SecurityAlgorithmSuite suite     = this.AlgorithmSuite;
            string canonicalizationAlgorithm = suite.DefaultCanonicalizationAlgorithm;
            XmlDictionaryString canonicalizationAlgorithmDictionaryString = suite.DefaultCanonicalizationAlgorithmDictionaryString;

            if (canonicalizationAlgorithm != SecurityAlgorithms.ExclusiveC14n)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(
                          new MessageSecurityException(SR.GetString(SR.UnsupportedCanonicalizationAlgorithm, suite.DefaultCanonicalizationAlgorithm)));
            }
            string signatureAlgorithm;
            XmlDictionaryString signatureAlgorithmDictionaryString;

            suite.GetSignatureAlgorithmAndKey(token, out signatureAlgorithm, out this.signatureKey, out signatureAlgorithmDictionaryString);
            string digestAlgorithm = suite.DefaultDigestAlgorithm;
            XmlDictionaryString digestAlgorithmDictionaryString = suite.DefaultDigestAlgorithmDictionaryString;

            this.signedInfo = new PreDigestedSignedInfo(ServiceModelDictionaryManager.Instance, canonicalizationAlgorithm, canonicalizationAlgorithmDictionaryString, digestAlgorithm, digestAlgorithmDictionaryString, signatureAlgorithm, signatureAlgorithmDictionaryString);
            this.signedXml  = new SignedXml(this.signedInfo, ServiceModelDictionaryManager.Instance, this.StandardsManager.SecurityTokenSerializer);
            if (keyIdentifier != null)
            {
                this.signedXml.Signature.KeyIdentifier = keyIdentifier;
            }
            if (generateTargettableSignature)
            {
                this.signedXml.Id = GenerateId();
            }
            this.effectiveSignatureParts = signatureParts;
            this.hashStream = this.signedInfo.ResourcePool.TakeHashStream(digestAlgorithm);
        }
        protected override ISignatureValueSecurityElement CreateSupportingSignature(SecurityToken token, SecurityKeyIdentifier identifier, ISecurityElement elementToSign)
        {
            string str;
            XmlDictionaryString    str2;
            SecurityKey            key;
            SecurityAlgorithmSuite algorithmSuite = base.AlgorithmSuite;

            algorithmSuite.GetSignatureAlgorithmAndKey(token, out str, out key, out str2);
            SignedXml  xml        = new SignedXml(ServiceModelDictionaryManager.Instance, base.StandardsManager.SecurityTokenSerializer);
            SignedInfo signedInfo = xml.Signature.SignedInfo;

            signedInfo.CanonicalizationMethod = algorithmSuite.DefaultCanonicalizationAlgorithm;
            signedInfo.CanonicalizationMethodDictionaryString = algorithmSuite.DefaultCanonicalizationAlgorithmDictionaryString;
            signedInfo.SignatureMethod = str;
            signedInfo.SignatureMethodDictionaryString = str2;
            if (elementToSign.Id == null)
            {
                throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("ElementToSignMustHaveId")));
            }
            Reference reference = new Reference(ServiceModelDictionaryManager.Instance, "#" + elementToSign.Id, elementToSign)
            {
                DigestMethod = algorithmSuite.DefaultDigestAlgorithm,
                DigestMethodDictionaryString = algorithmSuite.DefaultDigestAlgorithmDictionaryString
            };

            reference.AddTransform(new ExclusiveCanonicalizationTransform());
            ((StandardSignedInfo)signedInfo).AddReference(reference);
            xml.ComputeSignature(key);
            if (identifier != null)
            {
                xml.Signature.KeyIdentifier = identifier;
            }
            return(xml);
        }
 public IssuedTokenWSTrustBinding(Binding issuerBinding, EndpointAddress issuerAddress, SecurityMode mode, TrustVersion version, SecurityKeyType keyType, SecurityAlgorithmSuite algorithmSuite, string tokenType, IEnumerable<ClaimTypeRequirement> claimTypeRequirements, EndpointAddress issuerMetadataAddress)
     : base(mode, version)
 {
     this._claimTypeRequirements = new Collection<ClaimTypeRequirement>();
   
     if ((SecurityMode.Message != mode) && (SecurityMode.TransportWithMessageCredential != mode))
     {
         throw new InvalidOperationException("ID3226");
     }
     if ((this._keyType == SecurityKeyType.BearerKey) && (version == TrustVersion.WSTrustFeb2005))
     {
         throw new InvalidOperationException("ID3267");
     }
     
     this._keyType = keyType;
     this._algorithmSuite = algorithmSuite;
     this._tokenType = tokenType;
     this._issuerBinding = issuerBinding;
     this._issuerAddress = issuerAddress;
     this._issuerMetadataAddress = issuerMetadataAddress;
     
     if (claimTypeRequirements != null)
     {
         foreach (ClaimTypeRequirement requirement in claimTypeRequirements)
         {
             this._claimTypeRequirements.Add(requirement);
         }
     }
 }
        protected override void StartPrimarySignatureCore(SecurityToken token, SecurityKeyIdentifier keyIdentifier, MessagePartSpecification signatureParts, bool generateTargettableSignature)
        {
            string str3;
            XmlDictionaryString    str4;
            SecurityAlgorithmSuite algorithmSuite   = base.AlgorithmSuite;
            string defaultCanonicalizationAlgorithm = algorithmSuite.DefaultCanonicalizationAlgorithm;
            XmlDictionaryString defaultCanonicalizationAlgorithmDictionaryString = algorithmSuite.DefaultCanonicalizationAlgorithmDictionaryString;

            if (defaultCanonicalizationAlgorithm != "http://www.w3.org/2001/10/xml-exc-c14n#")
            {
                throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnsupportedCanonicalizationAlgorithm", new object[] { algorithmSuite.DefaultCanonicalizationAlgorithm })));
            }
            algorithmSuite.GetSignatureAlgorithmAndKey(token, out str3, out this.signatureKey, out str4);
            string defaultDigestAlgorithm = algorithmSuite.DefaultDigestAlgorithm;
            XmlDictionaryString defaultDigestAlgorithmDictionaryString = algorithmSuite.DefaultDigestAlgorithmDictionaryString;

            this.signedInfo = new PreDigestedSignedInfo(ServiceModelDictionaryManager.Instance, defaultCanonicalizationAlgorithm, defaultCanonicalizationAlgorithmDictionaryString, defaultDigestAlgorithm, defaultDigestAlgorithmDictionaryString, str3, str4);
            this.signedXml  = new SignedXml(this.signedInfo, ServiceModelDictionaryManager.Instance, base.StandardsManager.SecurityTokenSerializer);
            if (keyIdentifier != null)
            {
                this.signedXml.Signature.KeyIdentifier = keyIdentifier;
            }
            if (generateTargettableSignature)
            {
                this.signedXml.Id = base.GenerateId();
            }
            this.effectiveSignatureParts = signatureParts;
            this.hashStream = this.signedInfo.ResourcePool.TakeHashStream(defaultDigestAlgorithm);
        }
        private void AddAlgorithmParameters(SecurityAlgorithmSuite algorithmSuite, TrustVersion trustVersion, SecurityKeyType keyType, ref IssuedSecurityTokenParameters issuedParameters)
        {
            issuedParameters.AdditionalRequestParameters.Insert(0, this.CreateEncryptionAlgorithmElement(algorithmSuite.DefaultEncryptionAlgorithm));
            issuedParameters.AdditionalRequestParameters.Insert(0, this.CreateCanonicalizationAlgorithmElement(algorithmSuite.DefaultCanonicalizationAlgorithm));
            string signatureAlgorithm = null;
            string encryptionAlgorithm = null;
            
            switch (keyType)
            {
                case SecurityKeyType.SymmetricKey:
                    signatureAlgorithm = algorithmSuite.DefaultSymmetricSignatureAlgorithm;
                    encryptionAlgorithm = algorithmSuite.DefaultEncryptionAlgorithm;
                    break;

                case SecurityKeyType.AsymmetricKey:
                    signatureAlgorithm = algorithmSuite.DefaultAsymmetricSignatureAlgorithm;
                    encryptionAlgorithm = algorithmSuite.DefaultAsymmetricKeyWrapAlgorithm;
                    break;

                case SecurityKeyType.BearerKey:
                    return;

                default:
                    throw new ArgumentOutOfRangeException("keyType");
            }
            
            issuedParameters.AdditionalRequestParameters.Insert(0, this.CreateSignWithElement(signatureAlgorithm));
            issuedParameters.AdditionalRequestParameters.Insert(0, this.CreateEncryptWithElement(encryptionAlgorithm));
            
            if (trustVersion != TrustVersion.WSTrustFeb2005)
            {
                issuedParameters.AdditionalRequestParameters.Insert(0, CreateKeyWrapAlgorithmElement(algorithmSuite.DefaultAsymmetricKeyWrapAlgorithm));
            }
        }
示例#14
0
        protected void ValidateKeySize(GenericXmlSecurityToken issuedToken)
        {
            CommunicationObject.ThrowIfClosedOrNotOpen();
            ReadOnlyCollection <SecurityKey> issuedKeys = issuedToken.SecurityKeys;

            if (issuedKeys != null && issuedKeys.Count == 1)
            {
                SymmetricSecurityKey symmetricKey = issuedKeys[0] as SymmetricSecurityKey;
                if (symmetricKey != null)
                {
                    if (SecurityAlgorithmSuite.IsSymmetricKeyLengthSupported(symmetricKey.KeySize))
                    {
                        return;
                    }
                    else
                    {
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.Format(SR.InvalidIssuedTokenKeySize, symmetricKey.KeySize)));
                    }
                }
            }
            else
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.CannotObtainIssuedTokenKeySize));
            }
        }
示例#15
0
        public SecurityHeader(Message message,
            string actor, bool mustUnderstand, bool relay,
            SecurityStandardsManager standardsManager, SecurityAlgorithmSuite algorithmSuite,
            MessageDirection transferDirection)
        {
            if (message == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("message");
            }
            if (actor == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("actor");
            }
            if (standardsManager == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("standardsManager");
            }
            if (algorithmSuite == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("algorithmSuite");
            }

            _message = message;
            _actor = actor;
            _mustUnderstand = mustUnderstand;
            _relay = relay;
            _standardsManager = standardsManager;
            _algorithmSuite = algorithmSuite;
            _transferDirection = transferDirection;
        }
 public WSSecurityOneDotOneReceiveSecurityHeader(Message message, string actor, bool mustUnderstand, bool relay,
     SecurityStandardsManager standardsManager,
     SecurityAlgorithmSuite algorithmSuite,
     int headerIndex, MessageDirection direction)
     : base(message, actor, mustUnderstand, relay, standardsManager, algorithmSuite, headerIndex, direction)
 {
 }
示例#17
0
        public SecurityHeader(Message message,
                              string actor, bool mustUnderstand, bool relay,
                              SecurityStandardsManager standardsManager, SecurityAlgorithmSuite algorithmSuite,
                              MessageDirection transferDirection)
        {
            if (message == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("message");
            }
            if (actor == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("actor");
            }
            if (standardsManager == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("standardsManager");
            }
            if (algorithmSuite == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("algorithmSuite");
            }

            _message           = message;
            _actor             = actor;
            _mustUnderstand    = mustUnderstand;
            _relay             = relay;
            _standardsManager  = standardsManager;
            _algorithmSuite    = algorithmSuite;
            _transferDirection = transferDirection;
        }
 protected SendSecurityHeader(Message message, string actor, bool mustUnderstand, bool relay,
     SecurityStandardsManager standardsManager,
     SecurityAlgorithmSuite algorithmSuite,
     MessageDirection transferDirection)
     : base(message, actor, mustUnderstand, relay, standardsManager, algorithmSuite, transferDirection)
 {
     throw ExceptionHelper.PlatformNotSupported();
 }
 protected SendSecurityHeader(Message message, string actor, bool mustUnderstand, bool relay,
     SecurityStandardsManager standardsManager,
     SecurityAlgorithmSuite algorithmSuite, 
     MessageDirection transferDirection)
     : base(message, actor, mustUnderstand, relay, standardsManager, algorithmSuite, transferDirection)
 {
     this.elementContainer = new SendSecurityHeaderElementContainer();
 }
示例#20
0
 protected SendSecurityHeader(Message message, string actor, bool mustUnderstand, bool relay,
                              SecurityStandardsManager standardsManager,
                              SecurityAlgorithmSuite algorithmSuite,
                              MessageDirection transferDirection)
     : base(message, actor, mustUnderstand, relay, standardsManager, algorithmSuite, transferDirection)
 {
     ElementContainer = new SendSecurityHeaderElementContainer();
 }
示例#21
0
 protected SendSecurityHeader(Message message, string actor, bool mustUnderstand, bool relay,
                              SecurityStandardsManager standardsManager,
                              SecurityAlgorithmSuite algorithmSuite,
                              MessageDirection transferDirection)
     : base(message, actor, mustUnderstand, relay, standardsManager, algorithmSuite, transferDirection)
 {
     throw ExceptionHelper.PlatformNotSupported();
 }
示例#22
0
		internal MessageSecurityOverTcp ()
		{
			alg_suite = SecurityAlgorithmSuite.Default;
			// This default value is *silly* but anyways
			// such code that does not change this ClientCredentialType 
			// won't work on Mono.
			client_credential_type = MessageCredentialType.Windows;
		}
示例#23
0
        IssuedSecurityTokenProvider CreateIssuedProviderBase(SecurityTokenRequirement r)
        {
            IssuedSecurityTokenProvider p =
                new IssuedSecurityTokenProvider();

            p.TargetAddress = r.GetProperty <EndpointAddress> (ReqType.TargetAddressProperty);

            // FIXME: use it somewhere, probably to build
            // IssuerBinding. However, there is also IssuerBinding
            // property. SecureConversationSecurityBindingElement
            // as well.
            SecurityBindingElement sbe =
                r.GetProperty <SecurityBindingElement> (ReqType.SecurityBindingElementProperty);

            // I doubt the binding is acquired this way ...
            Binding binding;

            if (!r.TryGetProperty <Binding> (ReqType.IssuerBindingProperty, out binding))
            {
                binding = new CustomBinding(sbe,
                                            new TextMessageEncodingBindingElement(),
                                            new HttpTransportBindingElement());
            }
            p.IssuerBinding = binding;

            // not sure if it is used only for this purpose though ...
            BindingContext ctx = r.GetProperty <BindingContext> (ReqType.IssuerBindingContextProperty);

            foreach (IEndpointBehavior b in ctx.BindingParameters.FindAll <IEndpointBehavior> ())
            {
                p.IssuerChannelBehaviors.Add(b);
            }

            SecurityTokenVersion ver =
                r.GetProperty <SecurityTokenVersion> (ReqType.MessageSecurityVersionProperty);

            p.SecurityTokenSerializer =
                CreateSecurityTokenSerializer(ver);

            // seems like they are optional here ... (but possibly
            // used later)
            EndpointAddress address;

            if (!r.TryGetProperty <EndpointAddress> (ReqType.IssuerAddressProperty, out address))
            {
                address = p.TargetAddress;
            }
            p.IssuerAddress = address;

            // It is somehow not checked as mandatory ...
            SecurityAlgorithmSuite suite = null;

            r.TryGetProperty <SecurityAlgorithmSuite> (ReqType.SecurityAlgorithmSuiteProperty, out suite);
            p.SecurityAlgorithmSuite = suite;

            return(p);
        }
 public FederatedMessageSecurityOverHttp()
 {
     negotiateServiceCredential = DefaultNegotiateServiceCredential;
     algorithmSuite = SecurityAlgorithmSuite.Default;
     issuedKeyType = DefaultIssuedKeyType;
     claimTypeRequirements = new Collection<ClaimTypeRequirement>();
     tokenRequestParameters = new Collection<XmlElement>();
     establishSecurityContext = DefaultEstablishSecurityContext;
 }
示例#25
0
 protected ReceiveSecurityHeader(Message message, string actor, bool mustUnderstand, bool relay,
     SecurityStandardsManager standardsManager,
     SecurityAlgorithmSuite algorithmSuite,
     int headerIndex,
     MessageDirection direction)
     : base(message, actor, mustUnderstand, relay, standardsManager, algorithmSuite, direction)
 {
     throw ExceptionHelper.PlatformNotSupported();
 }
 protected ReceiveSecurityHeader(Message message, string actor, bool mustUnderstand, bool relay,
                                 SecurityStandardsManager standardsManager,
                                 SecurityAlgorithmSuite algorithmSuite,
                                 int headerIndex,
                                 MessageDirection direction)
     : base(message, actor, mustUnderstand, relay, standardsManager, algorithmSuite, direction)
 {
     throw ExceptionHelper.PlatformNotSupported();
 }
示例#27
0
		internal MessageSecurityOverHttp ()
		{
			alg_suite = SecurityAlgorithmSuite.Default;
			// This default value is *silly* but anyways such
			// it is silly to expect that such code that does not 
			// change ClientCredentialType works on Mono.
			client_credential_type = MessageCredentialType.Windows;
			negotiate_service_credential = true;
		}
示例#28
0
		public MessageSecurityOverTcp ()
		{
#if !MOBILE && !XAMMAC_4_5
			alg_suite = SecurityAlgorithmSuite.Default;
#endif
			// This default value is *silly* but anyways
			// such code that does not change this ClientCredentialType 
			// won't work on Mono.
			client_credential_type = MessageCredentialType.Windows;
		}
        internal static bool IsRsaSHA256(SecurityAlgorithmSuite suite)
        {
            if (suite == null)
            {
                return(false);
            }

            return(suite == Basic128Sha256 || suite == Basic128Sha256Rsa15 || suite == Basic192Sha256 || suite == Basic192Sha256Rsa15 ||
                   suite == Basic256Sha256 || suite == Basic256Sha256Rsa15 || suite == TripleDesSha256 || suite == TripleDesSha256Rsa15);
        }
 protected ReceiveSecurityHeader(Message message, string actor, bool mustUnderstand, bool relay,
                                 SecurityStandardsManager standardsManager,
                                 SecurityAlgorithmSuite algorithmSuite,
                                 int headerIndex,
                                 MessageDirection direction)
     : base(message, actor, mustUnderstand, relay, standardsManager, algorithmSuite, direction)
 {
     HeaderIndex    = headerIndex;
     ElementManager = new ReceiveSecurityHeaderElementManager(this);
 }
示例#31
0
 internal static void ValidateSymmetricKeyLength(int keyLength, SecurityAlgorithmSuite algorithmSuite)
 {
     if (!algorithmSuite.IsSymmetricKeyLengthSupported(keyLength))
     {
         throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new ArgumentOutOfRangeException("algorithmSuite", System.ServiceModel.SR.GetString("UnsupportedKeyLength", new object[] { keyLength, algorithmSuite.ToString() })));
     }
     if ((keyLength % 8) != 0)
     {
         throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new ArgumentOutOfRangeException("algorithmSuite", System.ServiceModel.SR.GetString("KeyLengthMustBeMultipleOfEight", new object[] { keyLength })));
     }
 }
 internal void InitializeFrom(MessageSecurityOverMsmq security)
 {
     if (security == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("security");
     }
     SetPropertyValueIfNotDefaultValue(ConfigurationStrings.ClientCredentialType, security.ClientCredentialType);
     if (security.WasAlgorithmSuiteSet)
     {
         this.AlgorithmSuite = security.AlgorithmSuite;
     }
 }
示例#33
0
 internal static bool IsRsaSHA256(SecurityAlgorithmSuite suite)
 {
     if (suite == null)
     {
         return(false);
     }
     if ((((suite != Basic128Sha256) && (suite != Basic128Sha256Rsa15)) && ((suite != Basic192Sha256) && (suite != Basic192Sha256Rsa15))) && (((suite != Basic256Sha256) && (suite != Basic256Sha256Rsa15)) && (suite != TripleDesSha256)))
     {
         return(suite == TripleDesSha256Rsa15);
     }
     return(true);
 }
示例#34
0
 public SecurityHeader(Message message,
                       string actor, bool mustUnderstand, bool relay,
                       SecurityStandardsManager standardsManager, SecurityAlgorithmSuite algorithmSuite,
                       MessageDirection transferDirection)
 {
     Message          = message ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(message));
     _actor           = actor ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(actor));
     _mustUnderstand  = mustUnderstand;
     _relay           = relay;
     StandardsManager = standardsManager ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(standardsManager));
     AlgorithmSuite   = algorithmSuite ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(algorithmSuite));
     MessageDirection = transferDirection;
 }
 internal ReceiveSecurityHeader CreateReceiveSecurityHeader(Message message, string actor, SecurityAlgorithmSuite algorithmSuite, MessageDirection direction)
 {
     ReceiveSecurityHeader header = this.TryCreateReceiveSecurityHeader(message, actor, algorithmSuite, direction);
     if (header != null)
     {
         return header;
     }
     if (string.IsNullOrEmpty(actor))
     {
         throw TraceUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnableToFindSecurityHeaderInMessageNoActor")), message);
     }
     throw TraceUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnableToFindSecurityHeaderInMessage", new object[] { actor })), message);
 }
示例#36
0
 internal static void ValidateSymmetricKeyLength(int keyLength, SecurityAlgorithmSuite algorithmSuite)
 {
     if (!algorithmSuite.IsSymmetricKeyLengthSupported(keyLength))
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new ArgumentOutOfRangeException("algorithmSuite",
                                                                                                     SR.GetString(SR.UnsupportedKeyLength, keyLength, algorithmSuite.ToString())));
     }
     if (keyLength % 8 != 0)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new ArgumentOutOfRangeException("algorithmSuite",
                                                                                                     SR.GetString(SR.KeyLengthMustBeMultipleOfEight, keyLength)));
     }
 }
 internal override ReceiveSecurityHeader CreateReceiveSecurityHeader(Message message,
                                                                     string actor, bool mustUnderstand, bool relay,
                                                                     SecurityStandardsManager standardsManager,
                                                                     SecurityAlgorithmSuite algorithmSuite,
                                                                     MessageDirection direction,
                                                                     int headerIndex)
 {
     return(new WSSecurityOneDotZeroReceiveSecurityHeader(
                message,
                actor, mustUnderstand, relay,
                standardsManager,
                algorithmSuite, headerIndex, direction));
 }
 internal ReceiveSecurityHeader TryCreateReceiveSecurityHeader(Message message, string actor, SecurityStandardsManager standardsManager, SecurityAlgorithmSuite algorithmSuite, MessageDirection direction)
 {
     int headerIndex = message.Headers.FindHeader(this.HeaderName.Value, this.HeaderNamespace.Value, new string[] { actor });
     if ((headerIndex < 0) && string.IsNullOrEmpty(actor))
     {
         headerIndex = message.Headers.FindHeader(this.HeaderName.Value, this.HeaderNamespace.Value, message.Version.Envelope.UltimateDestinationActorValues);
     }
     if (headerIndex < 0)
     {
         return null;
     }
     MessageHeaderInfo info = message.Headers[headerIndex];
     return this.CreateReceiveSecurityHeader(message, info.Actor, info.MustUnderstand, info.Relay, standardsManager, algorithmSuite, direction, headerIndex);
 }
示例#39
0
        void InitializeAuthenticatorCommunicationObject(AuthenticatorCommunicationObject p, SecurityTokenRequirement r)
        {
            p.ListenUri = r.GetProperty <Uri> (ReqType.ListenUriProperty);

            // FIXME: use it somewhere, probably to build
            // IssuerBinding. However, there is also IssuerBinding
            // property. SecureConversationSecurityBindingElement
            // as well.
            SecurityBindingElement sbe =
                r.GetProperty <SecurityBindingElement> (ReqType.SecurityBindingElementProperty);

            p.SecurityBindingElement = sbe;

            /*
             *                      // I doubt the binding is acquired this way ...
             *                      Binding binding;
             *                      if (!r.TryGetProperty<Binding> (ReqType.IssuerBindingProperty, out binding))
             *                              binding = new CustomBinding (
             *                                      new TextMessageEncodingBindingElement (),
             *                                      new HttpTransportBindingElement ());
             *                      p.IssuerBinding = binding;
             *
             *                      // not sure if it is used only for this purpose though ...
             *                      BindingContext ctx = r.GetProperty<BindingContext> (ReqType.IssuerBindingContextProperty);
             *                      foreach (IEndpointBehavior b in ctx.BindingParameters.FindAll<IEndpointBehavior> ())
             *                              p.IssuerChannelBehaviors.Add (b);
             */

            SecurityTokenVersion ver =
                r.GetProperty <SecurityTokenVersion> (ReqType.MessageSecurityVersionProperty);

            p.SecurityTokenSerializer =
                CreateSecurityTokenSerializer(ver);

            /*
             *                      // seems like they are optional here ... (but possibly
             *                      // used later)
             *                      EndpointAddress address;
             *                      if (!r.TryGetProperty<EndpointAddress> (ReqType.IssuerAddressProperty, out address))
             *                              address = p.TargetAddress;
             *                      p.IssuerAddress = address;
             */

            // It is somehow not checked as mandatory ...
            SecurityAlgorithmSuite suite = null;

            r.TryGetProperty <SecurityAlgorithmSuite> (ReqType.SecurityAlgorithmSuiteProperty, out suite);
            p.SecurityAlgorithmSuite = suite;
        }
 protected SecurityProtocolFactory()
 {
     this.addTimestamp              = true;
     this.detectReplays             = true;
     this.incomingAlgorithmSuite    = SecurityAlgorithmSuite.Default;
     this.maxCachedNonces           = 0xdbba0;
     this.maxClockSkew              = defaultMaxClockSkew;
     this.outgoingAlgorithmSuite    = SecurityAlgorithmSuite.Default;
     this.replayWindow              = defaultReplayWindow;
     this.standardsManager          = SecurityStandardsManager.DefaultInstance;
     this.timestampValidityDuration = defaultTimestampValidityDuration;
     this.channelSupportingTokenAuthenticatorSpecification = new Collection <SupportingTokenAuthenticatorSpecification>();
     this.scopedSupportingTokenAuthenticatorSpecification  = new Dictionary <string, ICollection <SupportingTokenAuthenticatorSpecification> >();
     this.communicationObject = new WrapperSecurityCommunicationObject(this);
 }
        protected override void StartPrimarySignatureCore(SecurityToken token,
                                                          SecurityKeyIdentifier keyIdentifier,
                                                          MessagePartSpecification signatureParts,
                                                          bool generateTargettableSignature)
        {
            SecurityAlgorithmSuite suite     = AlgorithmSuite;
            string canonicalizationAlgorithm = suite.DefaultCanonicalizationAlgorithm;

            if (canonicalizationAlgorithm != SecurityAlgorithms.ExclusiveC14n)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(
                          new MessageSecurityException(SR.Format(SR.UnsupportedCanonicalizationAlgorithm, suite.DefaultCanonicalizationAlgorithm)));
            }
            string signatureAlgorithm;
            XmlDictionaryString signatureAlgorithmDictionaryString;
            SecurityKey         signatureKey;

            suite.GetSignatureAlgorithmAndKey(token, out signatureAlgorithm, out signatureKey, out signatureAlgorithmDictionaryString);
            AsymmetricAlgorithm asymmetricAlgorithm = null;

            GetSigningAlgorithm(signatureKey, signatureAlgorithm, out _signingKey, out asymmetricAlgorithm);

            _signedXml = new SignedXml();
            _signedXml.SignedInfo.CanonicalizationMethod = canonicalizationAlgorithm;
            _signedXml.SignedInfo.SignatureMethod        = signatureAlgorithm;
            _signedXml.SigningKey = asymmetricAlgorithm;
            if (keyIdentifier != null)
            {
                var stream = new MemoryStream();
                using (var xmlWriter = XmlDictionaryWriter.CreateTextWriter(stream, Encoding.UTF8, false))
                {
                    StandardsManager.SecurityTokenSerializer.WriteKeyIdentifier(xmlWriter, keyIdentifier);
                }

                stream.Position = 0;
                XmlDocument doc = new XmlDocument();
                doc.Load(stream);
                var keyInfo = new KeyInfo();
                keyInfo.LoadXml(doc.DocumentElement);
                _signedXml.KeyInfo = keyInfo;
            }

            if (generateTargettableSignature)
            {
                _signedXml.Signature.Id = GenerateId();
            }
            _effectiveSignatureParts = signatureParts;
        }
示例#42
0
		static void AssertSecurityAlgorithmSuite (
			string defaultAsymmetricKeyWrapAlgorithm,
			string defaultAsymmetricSignatureAlgorithm,
			string defaultCanonicalizationAlgorithm,
			string defaultDigestAlgorithm,
			string defaultEncryptionAlgorithm,
			int defaultEncryptionKeyDerivationLength,
			int defaultSignatureKeyDerivationLength,
			int defaultSymmetricKeyLength,
			string defaultSymmetricKeyWrapAlgorithm,
			string defaultSymmetricSignatureAlgorithm,
			SecurityAlgorithmSuite target,
			string label)
		{
			Assert.AreEqual (defaultAsymmetricKeyWrapAlgorithm,
				target.DefaultAsymmetricKeyWrapAlgorithm,
				label + ".DefaultAsymmetricKeyWrapAlgorithm");
			Assert.AreEqual (defaultAsymmetricSignatureAlgorithm,
				target.DefaultAsymmetricSignatureAlgorithm,
				label + ".DefaultAsymmetricSignatureAlgorithm");
			Assert.AreEqual (defaultCanonicalizationAlgorithm,
				target.DefaultCanonicalizationAlgorithm,
				label + ".DefaultCanonicalizationAlgorithm");
			Assert.AreEqual (defaultDigestAlgorithm,
				target.DefaultDigestAlgorithm,
				label + ".DefaultDigestAlgorithm");
			Assert.AreEqual (defaultEncryptionAlgorithm,
				target.DefaultEncryptionAlgorithm,
				label + ".DefaultEncryptionAlgorithm");
			Assert.AreEqual (defaultEncryptionKeyDerivationLength,
				target.DefaultEncryptionKeyDerivationLength,
				label + ".DefaultEncryptionKeyDerivationLength");
			Assert.AreEqual (defaultSignatureKeyDerivationLength,
				target.DefaultSignatureKeyDerivationLength,
				label + ".DefaultSignatureKeyDerivationLength");
			Assert.AreEqual (defaultSymmetricKeyLength,
				target.DefaultSymmetricKeyLength,
				label + ".DefaultSymmetricKeyLength");
			Assert.AreEqual (defaultSymmetricKeyWrapAlgorithm,
				target.DefaultSymmetricKeyWrapAlgorithm,
				label + ".DefaultSymmetricKeyWrapAlgorithm");
			Assert.AreEqual (defaultSymmetricSignatureAlgorithm,
				target.DefaultSymmetricSignatureAlgorithm,
				label + ".DefaultSymmetricSignatureAlgorithm");
		}
 static SecurityAlgorithmSuite()
 {
     b128    = new BasicSecurityAlgorithmSuite(128, false, false);
     b128r   = new BasicSecurityAlgorithmSuite(128, false, true);
     b128s   = new BasicSecurityAlgorithmSuite(128, true, false);
     b128sr  = new BasicSecurityAlgorithmSuite(128, true, true);
     b192    = new BasicSecurityAlgorithmSuite(192, false, false);
     b192r   = new BasicSecurityAlgorithmSuite(192, false, true);
     b192s   = new BasicSecurityAlgorithmSuite(192, true, false);
     b192sr  = new BasicSecurityAlgorithmSuite(192, true, true);
     b256    = new BasicSecurityAlgorithmSuite(256, false, false);
     b256r   = new BasicSecurityAlgorithmSuite(256, false, true);
     b256s   = new BasicSecurityAlgorithmSuite(256, true, false);
     b256sr  = new BasicSecurityAlgorithmSuite(256, true, true);
     tdes    = new TripleDESSecurityAlgorithmSuite(false, false);
     tdes_r  = new TripleDESSecurityAlgorithmSuite(false, true);
     tdes_s  = new TripleDESSecurityAlgorithmSuite(true, false);
     tdes_sr = new TripleDESSecurityAlgorithmSuite(true, true);
 }
示例#44
0
        /// <summary>
        /// Creates a SAML assertion based on a symmetric proof key
        /// </summary>
        /// <param name="claims">A ClaimSet containing the claims to be placed into the SAML assertion</param>
        /// <param name="signatureToken">An X509SecurityToken that will be used to sign the SAML assertion</param>
        /// <param name="encryptionToken">An X509SecurityToken that will be used to encrypt the proof key</param>
        /// <param name="proofToken">A BinarySecretSecurityToken containing the proof key</param>
        /// <param name="algoSuite">The algorithm suite to use when performing cryptographic operations</param>
        /// <returns>A SAML assertion containing the passed in claims and proof key, signed by the provided signature token</returns>
        public static SamlAssertion CreateSymmetricKeyBasedAssertion(ClaimSet claims, X509SecurityToken signatureToken, X509SecurityToken encryptionToken, BinarySecretSecurityToken proofToken, SecurityAlgorithmSuite algoSuite)
        {
            // Check various input parameters
            if (claims == null)
                throw new ArgumentNullException("claims");

            if (claims.Count == 0)
                throw new ArgumentException("Provided ClaimSet must contain at least one claim");

            if (proofToken == null)
                throw new ArgumentNullException("proofToken");

            if (signatureToken == null)
                throw new ArgumentNullException("signatureToken");

            if (encryptionToken == null)
                throw new ArgumentNullException("encryptionToken");

            if (proofToken == null)
                throw new ArgumentNullException("proofToken");

            if (algoSuite == null)
                throw new ArgumentNullException("algoSuite");

            // Get signing key and a key identifier for same
            SecurityKey signatureKey = signatureToken.SecurityKeys[0];
            SecurityKeyIdentifierClause signatureSkic = signatureToken.CreateKeyIdentifierClause<X509ThumbprintKeyIdentifierClause>();
            SecurityKeyIdentifier signatureKeyIdentifier  = new SecurityKeyIdentifier(signatureSkic);

            // Get encryption key and a key identifier for same
            SecurityKey encryptionKey = encryptionToken.SecurityKeys[0];
            SecurityKeyIdentifierClause encryptionSkic = encryptionToken.CreateKeyIdentifierClause<X509ThumbprintKeyIdentifierClause>();
            SecurityKeyIdentifier encryptionKeyIdentifier = new SecurityKeyIdentifier(encryptionSkic);

            // Encrypt the proof key and create a key identifier for same
            byte[] proofKey = proofToken.GetKeyBytes();
            byte[] encryptedSecret = new byte[proofKey.Length];
            encryptedSecret = encryptionKey.EncryptKey(algoSuite.DefaultAsymmetricKeyWrapAlgorithm, proofKey);
            SecurityKeyIdentifier proofKeyIdentifier = new SecurityKeyIdentifier(new EncryptedKeyIdentifierClause(encryptedSecret, algoSuite.DefaultAsymmetricKeyWrapAlgorithm, encryptionKeyIdentifier));

            // Create the assertion
            return CreateAssertion(claims, signatureKey, signatureKeyIdentifier, proofKeyIdentifier, algoSuite);
        }
 protected static SymmetricAlgorithm CreateDecryptionAlgorithm(SecurityToken token, string encryptionMethod, SecurityAlgorithmSuite suite)
 {
     if (encryptionMethod == null)
     {
         throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("EncryptionMethodMissingInEncryptedData")));
     }
     suite.EnsureAcceptableEncryptionAlgorithm(encryptionMethod);
     SymmetricSecurityKey securityKey = System.ServiceModel.Security.SecurityUtils.GetSecurityKey<SymmetricSecurityKey>(token);
     if (securityKey == null)
     {
         throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("TokenCannotCreateSymmetricCrypto", new object[] { token })));
     }
     suite.EnsureAcceptableDecryptionSymmetricKeySize(securityKey, token);
     SymmetricAlgorithm symmetricAlgorithm = securityKey.GetSymmetricAlgorithm(encryptionMethod);
     if (symmetricAlgorithm == null)
     {
         throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnableToCreateSymmetricAlgorithmFromToken", new object[] { encryptionMethod })));
     }
     return symmetricAlgorithm;
 }
示例#46
0
        /// <summary>
        /// Creates a SAML assertion based on an Asymmetric proof key
        /// </summary>
        /// <param name="claims">A ClaimSet containing the claims to be placed into the SAML assertion</param>
        /// <param name="proofToken">An  RsaSecurityToken containing the proof key</param>
        /// <param name="algoSuite">The algorithm suite to use when performing cryptographic operations</param>
        /// <returns>A SAML assertion containing the passed in claims and proof key, signed by the proof key</returns>
        public static SamlAssertion CreateAsymmetricKeyBasedAssertion(ClaimSet claims, SecurityToken proofToken, SecurityAlgorithmSuite algoSuite)
        {
            // Check various input parameters
            if (claims == null)
                throw new ArgumentNullException("claims");

            if (proofToken == null)
                throw new ArgumentNullException("proofToken");

            if (claims.Count == 0)
                throw new ArgumentException("Provided ClaimSet must contain at least one claim");

            // Create key identifier for proof key
            SecurityKeyIdentifier proofKeyIdentifier = new SecurityKeyIdentifier(proofToken.CreateKeyIdentifierClause<RsaKeyIdentifierClause>());
            // Get signing key and a key identifier for same
            SecurityKey signatureKey = proofToken.SecurityKeys[0];
            SecurityKeyIdentifier signatureKeyIdentifier = proofKeyIdentifier;

            // Create the assertion
            return CreateAssertion(claims, signatureKey, signatureKeyIdentifier, proofKeyIdentifier, algoSuite);
        }
        internal ReceiveSecurityHeader CreateReceiveSecurityHeader(Message message,
                                                                   string actor,
                                                                   SecurityAlgorithmSuite algorithmSuite, MessageDirection direction)
        {
            ReceiveSecurityHeader header = TryCreateReceiveSecurityHeader(message, actor, algorithmSuite, direction);

            if (header == null)
            {
                if (String.IsNullOrEmpty(actor))
                {
                    throw System.ServiceModel.Diagnostics.TraceUtility.ThrowHelperError(new MessageSecurityException(
                                                                                            SR.GetString(SR.UnableToFindSecurityHeaderInMessageNoActor)), message);
                }
                else
                {
                    throw System.ServiceModel.Diagnostics.TraceUtility.ThrowHelperError(new MessageSecurityException(
                                                                                            SR.GetString(SR.UnableToFindSecurityHeaderInMessage, actor)), message);
                }
            }
            return(header);
        }
示例#48
0
        internal SecurityProtocolFactory(SecurityProtocolFactory factory) : this()
        {
            if (factory == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(factory));
            }

            ActAsInitiator          = factory.ActAsInitiator;
            _addTimestamp           = factory._addTimestamp;
            _detectReplays          = factory._detectReplays;
            _incomingAlgorithmSuite = factory._incomingAlgorithmSuite;
            _maxCachedNonces        = factory._maxCachedNonces;
            _maxClockSkew           = factory._maxClockSkew;
            _outgoingAlgorithmSuite = factory._outgoingAlgorithmSuite;
            _replayWindow           = factory._replayWindow;
            _channelSupportingTokenAuthenticatorSpecification = new Collection <SupportingTokenAuthenticatorSpecification>(new List <SupportingTokenAuthenticatorSpecification>(factory._channelSupportingTokenAuthenticatorSpecification));
            _standardsManager          = factory._standardsManager;
            _timestampValidityDuration = factory._timestampValidityDuration;
            _securityBindingElement    = (SecurityBindingElement)factory._securityBindingElement?.Clone();
            _securityTokenManager      = factory._securityTokenManager;
            _nonceCache = factory._nonceCache;
        }
        // The security always look for Empty soap role.  If not found, we will also look for Ultimate actors (next incl).
        // In the future, till we support intermediary scenario, we should refactor this api to do not take actor parameter.
        internal ReceiveSecurityHeader TryCreateReceiveSecurityHeader(Message message,
                                                                      string actor,
                                                                      SecurityStandardsManager standardsManager,
                                                                      SecurityAlgorithmSuite algorithmSuite, MessageDirection direction)
        {
            int headerIndex = message.Headers.FindHeader(HeaderName.Value, HeaderNamespace.Value, actor);

            if (headerIndex < 0 && String.IsNullOrEmpty(actor))
            {
                headerIndex = message.Headers.FindHeader(HeaderName.Value, HeaderNamespace.Value, message.Version.Envelope.UltimateDestinationActorValues);
            }

            if (headerIndex < 0)
            {
                return(null);
            }
            MessageHeaderInfo headerInfo = message.Headers[headerIndex];

            return(CreateReceiveSecurityHeader(message,
                                               headerInfo.Actor, headerInfo.MustUnderstand, headerInfo.Relay,
                                               standardsManager, algorithmSuite,
                                               direction, headerIndex));
        }
        protected static SymmetricAlgorithm CreateDecryptionAlgorithm(SecurityToken token, string encryptionMethod, SecurityAlgorithmSuite suite)
        {
            if (encryptionMethod == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(
                    SR.GetString(SR.EncryptionMethodMissingInEncryptedData)));
            }
            suite.EnsureAcceptableEncryptionAlgorithm(encryptionMethod);
            SymmetricSecurityKey symmetricSecurityKey = SecurityUtils.GetSecurityKey<SymmetricSecurityKey>(token);
            if (symmetricSecurityKey == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(
                    SR.GetString(SR.TokenCannotCreateSymmetricCrypto, token)));
            }
            suite.EnsureAcceptableDecryptionSymmetricKeySize(symmetricSecurityKey, token);
            SymmetricAlgorithm algorithm = symmetricSecurityKey.GetSymmetricAlgorithm(encryptionMethod);
            if (algorithm == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(
                    SR.GetString(SR.UnableToCreateSymmetricAlgorithmFromToken, encryptionMethod)));
            }

            return algorithm;
        }
 internal void AddAlgorithmParameters(SecurityAlgorithmSuite algorithmSuite, SecurityStandardsManager standardsManager, SecurityKeyType issuedKeyType)
 {
     this.additionalRequestParameters.Insert(0, standardsManager.TrustDriver.CreateEncryptionAlgorithmElement(algorithmSuite.DefaultEncryptionAlgorithm));
     this.additionalRequestParameters.Insert(0, standardsManager.TrustDriver.CreateCanonicalizationAlgorithmElement(algorithmSuite.DefaultCanonicalizationAlgorithm));
     if (this.keyType != SecurityKeyType.BearerKey)
     {
         string defaultEncryptionAlgorithm;
         string signatureAlgorithm = (this.keyType == SecurityKeyType.SymmetricKey) ? algorithmSuite.DefaultSymmetricSignatureAlgorithm : algorithmSuite.DefaultAsymmetricSignatureAlgorithm;
         this.additionalRequestParameters.Insert(0, standardsManager.TrustDriver.CreateSignWithElement(signatureAlgorithm));
         if (issuedKeyType == SecurityKeyType.SymmetricKey)
         {
             defaultEncryptionAlgorithm = algorithmSuite.DefaultEncryptionAlgorithm;
         }
         else
         {
             defaultEncryptionAlgorithm = algorithmSuite.DefaultAsymmetricKeyWrapAlgorithm;
         }
         this.additionalRequestParameters.Insert(0, standardsManager.TrustDriver.CreateEncryptWithElement(defaultEncryptionAlgorithm));
         if (standardsManager.TrustVersion != TrustVersion.WSTrustFeb2005)
         {
             this.additionalRequestParameters.Insert(0, ((WSTrustDec2005.DriverDec2005) standardsManager.TrustDriver).CreateKeyWrapAlgorithmElement(algorithmSuite.DefaultAsymmetricKeyWrapAlgorithm));
         }
     }
 }
 internal static IssuedSecurityTokenParameters CreateInfoCardParameters(SecurityStandardsManager standardsManager, SecurityAlgorithmSuite algorithm)
 {
     IssuedSecurityTokenParameters parameters = new IssuedSecurityTokenParameters("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1") {
         KeyType = SecurityKeyType.AsymmetricKey
     };
     parameters.ClaimTypeRequirements.Add(new ClaimTypeRequirement(wsidPPIClaim));
     parameters.IssuerAddress = null;
     parameters.AddAlgorithmParameters(algorithm, standardsManager, parameters.KeyType);
     return parameters;
 }
        public virtual bool TryImportAlgorithmSuiteAssertion(ICollection<XmlElement> assertions, out SecurityAlgorithmSuite suite)
        {
            if (TryImportWsspAssertion(assertions, Basic256Name))
                suite = SecurityAlgorithmSuite.Basic256;
            else if (TryImportWsspAssertion(assertions, Basic192Name))
                suite = SecurityAlgorithmSuite.Basic192;
            else if (TryImportWsspAssertion(assertions, Basic128Name))
                suite = SecurityAlgorithmSuite.Basic128;
            else if (TryImportWsspAssertion(assertions, TripleDesName))
                suite = SecurityAlgorithmSuite.TripleDes;
            else if (TryImportWsspAssertion(assertions, Basic256Rsa15Name))
                suite = SecurityAlgorithmSuite.Basic256Rsa15;
            else if (TryImportWsspAssertion(assertions, Basic192Rsa15Name))
                suite = SecurityAlgorithmSuite.Basic192Rsa15;
            else if (TryImportWsspAssertion(assertions, Basic128Rsa15Name))
                suite = SecurityAlgorithmSuite.Basic128Rsa15;
            else if (TryImportWsspAssertion(assertions, TripleDesRsa15Name))
                suite = SecurityAlgorithmSuite.TripleDesRsa15;
            else if (TryImportWsspAssertion(assertions, Basic256Sha256Name))
                suite = SecurityAlgorithmSuite.Basic256Sha256;
            else if (TryImportWsspAssertion(assertions, Basic192Sha256Name))
                suite = SecurityAlgorithmSuite.Basic192Sha256;
            else if (TryImportWsspAssertion(assertions, Basic128Sha256Name))
                suite = SecurityAlgorithmSuite.Basic128Sha256;
            else if (TryImportWsspAssertion(assertions, TripleDesSha256Name))
                suite = SecurityAlgorithmSuite.TripleDesSha256;
            else if (TryImportWsspAssertion(assertions, Basic256Sha256Rsa15Name))
                suite = SecurityAlgorithmSuite.Basic256Sha256Rsa15;
            else if (TryImportWsspAssertion(assertions, Basic192Sha256Rsa15Name))
                suite = SecurityAlgorithmSuite.Basic192Sha256Rsa15;
            else if (TryImportWsspAssertion(assertions, Basic128Sha256Rsa15Name))
                suite = SecurityAlgorithmSuite.Basic128Sha256Rsa15;
            else if (TryImportWsspAssertion(assertions, TripleDesSha256Rsa15Name))
                suite = SecurityAlgorithmSuite.TripleDesSha256Rsa15;
            else
                suite = null;

            return suite != null;
        }
        public virtual XmlElement CreateAlgorithmSuiteAssertion(SecurityAlgorithmSuite suite)
        {
            if (suite == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("suite");
            }

            XmlElement result;

            if (suite == SecurityAlgorithmSuite.Basic256)
                result = CreateWsspAssertion(Basic256Name);
            else if (suite == SecurityAlgorithmSuite.Basic192)
                result = CreateWsspAssertion(Basic192Name);
            else if (suite == SecurityAlgorithmSuite.Basic128)
                result = CreateWsspAssertion(Basic128Name);
            else if (suite == SecurityAlgorithmSuite.TripleDes)
                result = CreateWsspAssertion(TripleDesName);
            else if (suite == SecurityAlgorithmSuite.Basic256Rsa15)
                result = CreateWsspAssertion(Basic256Rsa15Name);
            else if (suite == SecurityAlgorithmSuite.Basic192Rsa15)
                result = CreateWsspAssertion(Basic192Rsa15Name);
            else if (suite == SecurityAlgorithmSuite.Basic128Rsa15)
                result = CreateWsspAssertion(Basic128Rsa15Name);
            else if (suite == SecurityAlgorithmSuite.TripleDesRsa15)
                result = CreateWsspAssertion(TripleDesRsa15Name);
            else if (suite == SecurityAlgorithmSuite.Basic256Sha256)
                result = CreateWsspAssertion(Basic256Sha256Name);
            else if (suite == SecurityAlgorithmSuite.Basic192Sha256)
                result = CreateWsspAssertion(Basic192Sha256Name);
            else if (suite == SecurityAlgorithmSuite.Basic128Sha256)
                result = CreateWsspAssertion(Basic128Sha256Name);
            else if (suite == SecurityAlgorithmSuite.TripleDesSha256)
                result = CreateWsspAssertion(TripleDesSha256Name);
            else if (suite == SecurityAlgorithmSuite.Basic256Sha256Rsa15)
                result = CreateWsspAssertion(Basic256Sha256Rsa15Name);
            else if (suite == SecurityAlgorithmSuite.Basic192Sha256Rsa15)
                result = CreateWsspAssertion(Basic192Sha256Rsa15Name);
            else if (suite == SecurityAlgorithmSuite.Basic128Sha256Rsa15)
                result = CreateWsspAssertion(Basic128Sha256Rsa15Name);
            else if (suite == SecurityAlgorithmSuite.TripleDesSha256Rsa15)
                result = CreateWsspAssertion(TripleDesSha256Rsa15Name);
            else
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("suite"));
            }

            return result;
        }
        public virtual XmlElement CreateWsspAlgorithmSuiteAssertion(MetadataExporter exporter, SecurityAlgorithmSuite suite)
        {
            XmlElement result = CreateWsspAssertion(AlgorithmSuiteName);
            result.AppendChild(
                CreateWspPolicyWrapper(
                    exporter,
                    CreateAlgorithmSuiteAssertion(suite)
            ));

            return result;
        }
 public MessageSecurityOverMsmq()
 {
     clientCredentialType = DefaultClientCredentialType;
     algorithmSuite = SecurityAlgorithmSuite.Default;
 }
示例#57
0
        internal static bool IsRsaSHA256(SecurityAlgorithmSuite suite)
        {
            if (suite == null)
                return false;

            return (suite == Basic128Sha256 || suite == Basic128Sha256Rsa15 || suite == Basic192Sha256 || suite == Basic192Sha256Rsa15 ||
                suite == Basic256Sha256 || suite == Basic256Sha256Rsa15 || suite == TripleDesSha256 || suite == TripleDesSha256Rsa15);
        }
示例#58
0
 internal static void ValidateSymmetricKeyLength(int keyLength, SecurityAlgorithmSuite algorithmSuite)
 {
     if (!algorithmSuite.IsSymmetricKeyLengthSupported(keyLength))
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new ArgumentOutOfRangeException("algorithmSuite",
            SR.GetString(SR.UnsupportedKeyLength, keyLength, algorithmSuite.ToString())));
     }
     if (keyLength % 8 != 0)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new ArgumentOutOfRangeException("algorithmSuite",
            SR.GetString(SR.KeyLengthMustBeMultipleOfEight, keyLength)));
     }
 }
 internal bool DoAlgorithmsMatch(SecurityAlgorithmSuite algorithmSuite, SecurityStandardsManager standardsManager, out Collection<XmlElement> otherRequestParameters)
 {
     Collection<XmlElement> additionalRequestParameters;
     bool flag = false;
     bool flag2 = false;
     bool flag3 = false;
     bool flag4 = false;
     bool flag5 = false;
     otherRequestParameters = new Collection<XmlElement>();
     bool flag6 = false;
     if (((standardsManager.TrustVersion == TrustVersion.WSTrust13) && (this.AdditionalRequestParameters.Count == 1)) && ((WSTrustDec2005.DriverDec2005) standardsManager.TrustDriver).IsSecondaryParametersElement(this.AdditionalRequestParameters[0]))
     {
         flag6 = true;
         additionalRequestParameters = new Collection<XmlElement>();
         foreach (XmlElement element in this.AdditionalRequestParameters[0])
         {
             additionalRequestParameters.Add(element);
         }
     }
     else
     {
         additionalRequestParameters = this.AdditionalRequestParameters;
     }
     for (int i = 0; i < additionalRequestParameters.Count; i++)
     {
         string str;
         XmlElement element2 = additionalRequestParameters[i];
         if (standardsManager.TrustDriver.IsCanonicalizationAlgorithmElement(element2, out str))
         {
             if (algorithmSuite.DefaultCanonicalizationAlgorithm != str)
             {
                 return false;
             }
             flag4 = true;
         }
         else if (standardsManager.TrustDriver.IsSignWithElement(element2, out str))
         {
             if (((this.keyType == SecurityKeyType.SymmetricKey) && (str != algorithmSuite.DefaultSymmetricSignatureAlgorithm)) || ((this.keyType == SecurityKeyType.AsymmetricKey) && (str != algorithmSuite.DefaultAsymmetricSignatureAlgorithm)))
             {
                 return false;
             }
             flag = true;
         }
         else if (standardsManager.TrustDriver.IsEncryptWithElement(element2, out str))
         {
             if (((this.keyType == SecurityKeyType.SymmetricKey) && (str != algorithmSuite.DefaultEncryptionAlgorithm)) || ((this.keyType == SecurityKeyType.AsymmetricKey) && (str != algorithmSuite.DefaultAsymmetricKeyWrapAlgorithm)))
             {
                 return false;
             }
             flag2 = true;
         }
         else if (standardsManager.TrustDriver.IsEncryptionAlgorithmElement(element2, out str))
         {
             if (str != algorithmSuite.DefaultEncryptionAlgorithm)
             {
                 return false;
             }
             flag3 = true;
         }
         else if (standardsManager.TrustDriver.IsKeyWrapAlgorithmElement(element2, out str))
         {
             if (str != algorithmSuite.DefaultAsymmetricKeyWrapAlgorithm)
             {
                 return false;
             }
             flag5 = true;
         }
         else
         {
             otherRequestParameters.Add(element2);
         }
     }
     if (flag6)
     {
         otherRequestParameters = this.AdditionalRequestParameters;
     }
     if (this.keyType == SecurityKeyType.BearerKey)
     {
         return true;
     }
     if (standardsManager.TrustVersion == TrustVersion.WSTrustFeb2005)
     {
         return (((flag && flag4) && flag3) && flag2);
     }
     return (((flag && flag4) && (flag3 && flag2)) && flag5);
 }
        protected static SymmetricAlgorithm CreateDecryptionAlgorithm(SecurityToken token, string encryptionMethod, SecurityAlgorithmSuite suite)
        {
            if (encryptionMethod == null)
            {
                throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("EncryptionMethodMissingInEncryptedData")));
            }
            suite.EnsureAcceptableEncryptionAlgorithm(encryptionMethod);
            SymmetricSecurityKey securityKey = System.ServiceModel.Security.SecurityUtils.GetSecurityKey <SymmetricSecurityKey>(token);

            if (securityKey == null)
            {
                throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("TokenCannotCreateSymmetricCrypto", new object[] { token })));
            }
            suite.EnsureAcceptableDecryptionSymmetricKeySize(securityKey, token);
            SymmetricAlgorithm symmetricAlgorithm = securityKey.GetSymmetricAlgorithm(encryptionMethod);

            if (symmetricAlgorithm == null)
            {
                throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnableToCreateSymmetricAlgorithmFromToken", new object[] { encryptionMethod })));
            }
            return(symmetricAlgorithm);
        }