protected override IChannelFactory <IAsyncRequestChannel> GetNegotiationChannelFactory(IChannelFactory <IAsyncRequestChannel> transportChannelFactory, ChannelBuilder channelBuilder) { ISecurityCapabilities securityCapabilities = _bootstrapSecurityBindingElement.GetProperty <ISecurityCapabilities>(IssuerBindingContext); SecurityCredentialsManager securityCredentials = IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>(); if (securityCredentials == null) { securityCredentials = ClientCredentials.CreateDefaultCredentials(); } _bootstrapSecurityBindingElement.ReaderQuotas = IssuerBindingContext.GetInnerProperty <XmlDictionaryReaderQuotas>(); if (_bootstrapSecurityBindingElement.ReaderQuotas == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.EncodingBindingElementDoesNotHandleReaderQuotas)); } TransportBindingElement transportBindingElement = IssuerBindingContext.RemainingBindingElements.Find <TransportBindingElement>(); if (transportBindingElement != null) { _bootstrapSecurityBindingElement.MaxReceivedMessageSize = transportBindingElement.MaxReceivedMessageSize; } SecurityProtocolFactory securityProtocolFactory = _bootstrapSecurityBindingElement.CreateSecurityProtocolFactory <IAsyncRequestChannel>(IssuerBindingContext.Clone(), securityCredentials, false, IssuerBindingContext.Clone()); return(new SecurityChannelFactory <IAsyncRequestChannel>( securityCapabilities, IssuerBindingContext, channelBuilder, securityProtocolFactory, transportChannelFactory)); }
internal SecurityProtocolFactory(SecurityProtocolFactory factory) : this() { if (factory == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("factory"); } this.actAsInitiator = factory.actAsInitiator; this.addTimestamp = factory.addTimestamp; this.detectReplays = factory.detectReplays; this.incomingAlgorithmSuite = factory.incomingAlgorithmSuite; this.maxCachedNonces = factory.maxCachedNonces; this.maxClockSkew = factory.maxClockSkew; this.outgoingAlgorithmSuite = factory.outgoingAlgorithmSuite; this.replayWindow = factory.replayWindow; // this.channelSupportingTokenAuthenticatorSpecification = (ICollection<SupportingTokenAuthenticatorSpecification>) new Collection<SupportingTokenAuthenticatorSpecification>((IList<SupportingTokenAuthenticatorSpecification>) new List<SupportingTokenAuthenticatorSpecification>((IEnumerable<SupportingTokenAuthenticatorSpecification>) factory.channelSupportingTokenAuthenticatorSpecification)); // this.scopedSupportingTokenAuthenticatorSpecification = new Dictionary<string, ICollection<SupportingTokenAuthenticatorSpecification>>((IDictionary<string, ICollection<SupportingTokenAuthenticatorSpecification>>) factory.scopedSupportingTokenAuthenticatorSpecification); this.standardsManager = factory.standardsManager; // this.timestampValidityDuration = factory.timestampValidityDuration; // this.auditLogLocation = factory.auditLogLocation; // this.suppressAuditFailure = factory.suppressAuditFailure; // this.serviceAuthorizationAuditLevel = factory.serviceAuthorizationAuditLevel; // this.messageAuthenticationAuditLevel = factory.messageAuthenticationAuditLevel; if (factory.securityBindingElement != null) { this.securityBindingElement = (SecurityBindingElement)factory.securityBindingElement.Clone(); } this.securityTokenManager = factory.securityTokenManager; this.privacyNoticeUri = factory.privacyNoticeUri; this.privacyNoticeVersion = factory.privacyNoticeVersion; // this.endpointFilterTable = factory.endpointFilterTable; this.extendedProtectionPolicy = factory.extendedProtectionPolicy; this.nonceCache = factory.nonceCache; }
protected SecurityProtocol(SecurityProtocolFactory factory, EndpointAddress target, Uri via) { SecurityProtocolFactory = factory; Target = target; Via = via; CommunicationObject = new WrapperSecurityCommunicationObject(this); }
protected ClientSecurityChannel(ChannelManagerBase factory, System.ServiceModel.Security.SecurityProtocolFactory securityProtocolFactory, UChannel innerChannel, EndpointAddress to, Uri via) : base(factory, innerChannel) { this.to = to; this.via = via; this.securityProtocolFactory = securityProtocolFactory; this.channelParameters = new ChannelParameterCollection(this); }
internal SecurityProtocolFactory(SecurityProtocolFactory factory) : this() { if (factory == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("factory"); } _actAsInitiator = factory._actAsInitiator; _addTimestamp = factory._addTimestamp; _detectReplays = factory._detectReplays; _incomingAlgorithmSuite = factory._incomingAlgorithmSuite; _maxCachedNonces = factory._maxCachedNonces; _maxClockSkew = factory._maxClockSkew; _outgoingAlgorithmSuite = factory._outgoingAlgorithmSuite; _replayWindow = factory._replayWindow; _channelSupportingTokenAuthenticatorSpecification = new Collection <SupportingTokenAuthenticatorSpecification>(new List <SupportingTokenAuthenticatorSpecification>(factory._channelSupportingTokenAuthenticatorSpecification)); _scopedSupportingTokenAuthenticatorSpecification = new Dictionary <string, ICollection <SupportingTokenAuthenticatorSpecification> >(factory._scopedSupportingTokenAuthenticatorSpecification); _standardsManager = factory._standardsManager; _timestampValidityDuration = factory._timestampValidityDuration; _auditLogLocation = factory._auditLogLocation; _suppressAuditFailure = factory._suppressAuditFailure; _serviceAuthorizationAuditLevel = factory._serviceAuthorizationAuditLevel; _messageAuthenticationAuditLevel = factory._messageAuthenticationAuditLevel; if (factory._securityBindingElement != null) { _securityBindingElement = (SecurityBindingElement)factory._securityBindingElement.Clone(); } _securityTokenManager = factory._securityTokenManager; _privacyNoticeUri = factory._privacyNoticeUri; _privacyNoticeVersion = factory._privacyNoticeVersion; _extendedProtectionPolicy = factory._extendedProtectionPolicy; _nonceCache = factory._nonceCache; }
public SecurityListenerSettingsLifetimeManager(SecurityProtocolFactory securityProtocolFactory, SecuritySessionServerSettings sessionSettings, bool sessionMode, IChannelListener innerListener) { this.securityProtocolFactory = securityProtocolFactory; this.sessionSettings = sessionSettings; this.sessionMode = sessionMode; this.innerListener = innerListener; this.referenceCount = 1; }
private void CloseProtocolFactory(bool aborted, TimeSpan timeout) { if ((this.securityProtocolFactory != null) && !this.SessionMode) { this.securityProtocolFactory.Close(aborted, timeout); this.securityProtocolFactory = null; } }
public SecurityListenerSettingsLifetimeManager(SecurityProtocolFactory securityProtocolFactory, SecuritySessionServerSettings sessionSettings, bool sessionMode, IChannelListener innerListener) { this.securityProtocolFactory = securityProtocolFactory; this.sessionSettings = sessionSettings; this.sessionMode = sessionMode; this.innerListener = innerListener; // have a reference right from the start so that the state can be aborted before open referenceCount = 1; }
protected override SecurityProtocol OnCreateSecurityProtocol(EndpointAddress target, Uri via, object listenerSecurityState, TimeSpan timeout) { SecurityProtocolFactory protocolFactoryForOutgoingMessages = this.ProtocolFactoryForOutgoingMessages; SecurityProtocolFactory protocolFactoryForIncomingMessages = this.ProtocolFactoryForIncomingMessages; TimeoutHelper helper = new TimeoutHelper(timeout); SecurityProtocol outgoingProtocol = (protocolFactoryForOutgoingMessages == null) ? null : protocolFactoryForOutgoingMessages.CreateSecurityProtocol(target, via, listenerSecurityState, false, helper.RemainingTime()); return(new DuplexSecurityProtocol(outgoingProtocol, (protocolFactoryForIncomingMessages == null) ? null : protocolFactoryForIncomingMessages.CreateSecurityProtocol(null, null, listenerSecurityState, false, helper.RemainingTime()))); }
protected override SecurityProtocol OnCreateSecurityProtocol(EndpointAddress target, Uri via, object listenerSecurityState, TimeSpan timeout) { SecurityProtocolFactory outgoingFactory = this.ProtocolFactoryForOutgoingMessages; SecurityProtocolFactory incomingFactory = this.ProtocolFactoryForIncomingMessages; TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); SecurityProtocol outgoing = outgoingFactory == null ? null : outgoingFactory.CreateSecurityProtocol(target, via, listenerSecurityState, false, timeoutHelper.RemainingTime()); SecurityProtocol incoming = incomingFactory == null ? null : incomingFactory.CreateSecurityProtocol(null, null, listenerSecurityState, false, timeoutHelper.RemainingTime()); return(new DuplexSecurityProtocol(outgoing, incoming)); }
public override EndpointIdentity GetIdentityOfSelf() { SecurityProtocolFactory protocolFactoryForIncomingMessages = this.ProtocolFactoryForIncomingMessages; if (protocolFactoryForIncomingMessages != null) { return(protocolFactoryForIncomingMessages.GetIdentityOfSelf()); } return(base.GetIdentityOfSelf()); }
void Open(SecurityProtocolFactory factory, bool actAsInitiator, string propertyName, TimeSpan timeout) { if (factory != null) { factory.Open(actAsInitiator, timeout); } else if (this.RequireSecurityOnBothDuplexDirections) { OnPropertySettingsError(propertyName, true); } }
public override EndpointIdentity GetIdentityOfSelf() { SecurityProtocolFactory factory = this.ProtocolFactoryForIncomingMessages; if (factory != null) { return(factory.GetIdentityOfSelf()); } else { return(base.GetIdentityOfSelf()); } }
internal IChannelListener <TChannel> BuildNegotiationChannelListener <TChannel>(BindingContext context) where TChannel : class, IChannel { SecurityCredentialsManager securityCredentials = this.IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>(); if (securityCredentials == null) { securityCredentials = ServiceCredentials.CreateDefaultCredentials(); } this.bootstrapSecurityBindingElement.ReaderQuotas = context.GetInnerProperty <XmlDictionaryReaderQuotas>(); if (this.bootstrapSecurityBindingElement.ReaderQuotas == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.EncodingBindingElementDoesNotHandleReaderQuotas))); } TransportBindingElement transportBindingElement = context.RemainingBindingElements.Find <TransportBindingElement>(); if (transportBindingElement != null) { this.bootstrapSecurityBindingElement.MaxReceivedMessageSize = transportBindingElement.MaxReceivedMessageSize; } SecurityProtocolFactory securityProtocolFactory = this.bootstrapSecurityBindingElement.CreateSecurityProtocolFactory <TChannel>(this.IssuerBindingContext.Clone(), securityCredentials, true, this.IssuerBindingContext.Clone()); MessageSecurityProtocolFactory soapBindingFactory = securityProtocolFactory as MessageSecurityProtocolFactory; if (soapBindingFactory != null) { soapBindingFactory.ApplyConfidentiality = soapBindingFactory.ApplyIntegrity = soapBindingFactory.RequireConfidentiality = soapBindingFactory.RequireIntegrity = true; MessagePartSpecification bodyPart = new MessagePartSpecification(true); soapBindingFactory.ProtectionRequirements.OutgoingSignatureParts.AddParts(bodyPart, RequestSecurityTokenResponseAction); soapBindingFactory.ProtectionRequirements.OutgoingEncryptionParts.AddParts(bodyPart, RequestSecurityTokenResponseAction); soapBindingFactory.ProtectionRequirements.IncomingSignatureParts.AddParts(bodyPart, RequestSecurityTokenAction); soapBindingFactory.ProtectionRequirements.IncomingEncryptionParts.AddParts(bodyPart, RequestSecurityTokenAction); } SecurityChannelListener <TChannel> securityChannelListener = new SecurityChannelListener <TChannel>(this.bootstrapSecurityBindingElement, context); securityChannelListener.SecurityProtocolFactory = securityProtocolFactory; // do not send back unsecured faults over composite duplex securityChannelListener.SendUnsecuredFaults = !SecurityUtils.IsCompositeDuplexBinding(context); ChannelBuilder channelBuilder = new ChannelBuilder(context, true); securityChannelListener.InitializeListener(channelBuilder); this.shouldMatchRstWithEndpointFilter = SecurityUtils.ShouldMatchRstWithEndpointFilter(this.bootstrapSecurityBindingElement); return(securityChannelListener); }
internal bool TryGetSupportingTokens(SecurityProtocolFactory factory, EndpointAddress target, Uri via, Message message, TimeSpan timeout, bool isBlockingCall, out IList <SupportingTokenSpecification> supportingTokens) { if (!factory.ActAsInitiator) { supportingTokens = null; return(true); } if (message == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("message"); } TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); supportingTokens = null; IList <SupportingTokenProviderSpecification> supportingTokenProviders = this.GetSupportingTokenProviders(message.Headers.Action); if (supportingTokenProviders != null && supportingTokenProviders.Count > 0) { // dont do anything if blocking is not allowed if (!isBlockingCall) { return(false); } supportingTokens = new Collection <SupportingTokenSpecification>(); for (int i = 0; i < supportingTokenProviders.Count; ++i) { SupportingTokenProviderSpecification spec = supportingTokenProviders[i]; SecurityToken supportingToken; // The ProviderBackedSecurityToken was added in Win7 to allow KerberosRequestorSecurity // to pass a channel binding to InitializeSecurityContext. if ((this is TransportSecurityProtocol) && (spec.TokenParameters is KerberosSecurityTokenParameters)) { supportingToken = new ProviderBackedSecurityToken(spec.TokenProvider, timeoutHelper.RemainingTime()); } else { supportingToken = spec.TokenProvider.GetToken(timeoutHelper.RemainingTime()); } supportingTokens.Add(new SupportingTokenSpecification(supportingToken, EmptyReadOnlyCollection <IAuthorizationPolicy> .Instance, spec.SecurityTokenAttachmentMode, spec.TokenParameters)); } } // add any runtime supporting tokens AddMessageSupportingTokens(message, ref supportingTokens); return(true); }
SendSecurityHeader CreateSendSecurityHeader(Message message, string actor, SecurityProtocolFactory factory, bool requireMessageProtection) { MessageDirection transferDirection = factory.ActAsInitiator ? MessageDirection.Input : MessageDirection.Output; SendSecurityHeader sendSecurityHeader = factory.StandardsManager.CreateSendSecurityHeader( message, actor, true, false, factory.OutgoingAlgorithmSuite, transferDirection); sendSecurityHeader.Layout = factory.SecurityHeaderLayout; sendSecurityHeader.RequireMessageProtection = requireMessageProtection; SetSecurityHeaderId(sendSecurityHeader, message); if (factory.AddTimestamp) { sendSecurityHeader.AddTimestamp(factory.TimestampValidityDuration); } sendSecurityHeader.StreamBufferManager = factory.StreamBufferManager; return(sendSecurityHeader); }
internal IChannelListener <TChannel> BuildNegotiationChannelListener <TChannel>(BindingContext context) where TChannel : class, IChannel { SecurityCredentialsManager credentialsManager = base.IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>(); if (credentialsManager == null) { credentialsManager = ServiceCredentials.CreateDefaultCredentials(); } this.bootstrapSecurityBindingElement.ReaderQuotas = context.GetInnerProperty <XmlDictionaryReaderQuotas>(); if (this.bootstrapSecurityBindingElement.ReaderQuotas == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("EncodingBindingElementDoesNotHandleReaderQuotas"))); } TransportBindingElement element = context.RemainingBindingElements.Find <TransportBindingElement>(); if (element != null) { this.bootstrapSecurityBindingElement.MaxReceivedMessageSize = element.MaxReceivedMessageSize; } SecurityProtocolFactory factory = this.bootstrapSecurityBindingElement.CreateSecurityProtocolFactory <TChannel>(base.IssuerBindingContext.Clone(), credentialsManager, true, base.IssuerBindingContext.Clone()); MessageSecurityProtocolFactory factory2 = factory as MessageSecurityProtocolFactory; if (factory2 != null) { factory2.ApplyConfidentiality = factory2.ApplyIntegrity = factory2.RequireConfidentiality = factory2.RequireIntegrity = true; MessagePartSpecification parts = new MessagePartSpecification(true); factory2.ProtectionRequirements.OutgoingSignatureParts.AddParts(parts, this.RequestSecurityTokenResponseAction); factory2.ProtectionRequirements.OutgoingEncryptionParts.AddParts(parts, this.RequestSecurityTokenResponseAction); factory2.ProtectionRequirements.IncomingSignatureParts.AddParts(parts, this.RequestSecurityTokenAction); factory2.ProtectionRequirements.IncomingEncryptionParts.AddParts(parts, this.RequestSecurityTokenAction); } SecurityChannelListener <TChannel> listener = new SecurityChannelListener <TChannel>(this.bootstrapSecurityBindingElement, context) { SecurityProtocolFactory = factory, SendUnsecuredFaults = !System.ServiceModel.Security.SecurityUtils.IsCompositeDuplexBinding(context) }; ChannelBuilder channelBuilder = new ChannelBuilder(context, true); listener.InitializeListener(channelBuilder); this.shouldMatchRstWithEndpointFilter = System.ServiceModel.Security.SecurityUtils.ShouldMatchRstWithEndpointFilter(this.bootstrapSecurityBindingElement); return(listener); }
protected override IChannelFactory <IRequestChannel> GetNegotiationChannelFactory(IChannelFactory <IRequestChannel> transportChannelFactory, ChannelBuilder channelBuilder) { ISecurityCapabilities securityCapabilities = this.bootstrapSecurityBindingElement.GetProperty <ISecurityCapabilities>(this.IssuerBindingContext); SecurityCredentialsManager securityCredentials = this.IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>(); if (securityCredentials == null) { securityCredentials = ClientCredentials.CreateDefaultCredentials(); } this.bootstrapSecurityBindingElement.ReaderQuotas = this.IssuerBindingContext.GetInnerProperty <XmlDictionaryReaderQuotas>(); if (this.bootstrapSecurityBindingElement.ReaderQuotas == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.EncodingBindingElementDoesNotHandleReaderQuotas))); } TransportBindingElement transportBindingElement = this.IssuerBindingContext.RemainingBindingElements.Find <TransportBindingElement>(); if (transportBindingElement != null) { this.bootstrapSecurityBindingElement.MaxReceivedMessageSize = transportBindingElement.MaxReceivedMessageSize; } SecurityProtocolFactory securityProtocolFactory = this.bootstrapSecurityBindingElement.CreateSecurityProtocolFactory <IRequestChannel>(this.IssuerBindingContext.Clone(), securityCredentials, false, this.IssuerBindingContext.Clone()); MessageSecurityProtocolFactory soapBindingFactory = (securityProtocolFactory as MessageSecurityProtocolFactory); if (soapBindingFactory != null) { soapBindingFactory.ApplyConfidentiality = soapBindingFactory.ApplyIntegrity = soapBindingFactory.RequireConfidentiality = soapBindingFactory.RequireIntegrity = true; MessagePartSpecification bodyPart = new MessagePartSpecification(true); soapBindingFactory.ProtectionRequirements.IncomingSignatureParts.AddParts(bodyPart, RequestSecurityTokenAction); soapBindingFactory.ProtectionRequirements.IncomingEncryptionParts.AddParts(bodyPart, RequestSecurityTokenAction); soapBindingFactory.ProtectionRequirements.OutgoingSignatureParts.AddParts(bodyPart, RequestSecurityTokenResponseAction); soapBindingFactory.ProtectionRequirements.OutgoingEncryptionParts.AddParts(bodyPart, RequestSecurityTokenResponseAction); } securityProtocolFactory.PrivacyNoticeUri = this.PrivacyNoticeUri; securityProtocolFactory.PrivacyNoticeVersion = this.PrivacyNoticeVersion; return(new SecurityChannelFactory <IRequestChannel>( securityCapabilities, this.IssuerBindingContext, channelBuilder, securityProtocolFactory, transportChannelFactory)); }
internal SecurityProtocolFactory(SecurityProtocolFactory factory) : this() { if (factory == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(factory)); } ActAsInitiator = factory.ActAsInitiator; _addTimestamp = factory._addTimestamp; _detectReplays = factory._detectReplays; _incomingAlgorithmSuite = factory._incomingAlgorithmSuite; _maxCachedNonces = factory._maxCachedNonces; _maxClockSkew = factory._maxClockSkew; _outgoingAlgorithmSuite = factory._outgoingAlgorithmSuite; _replayWindow = factory._replayWindow; _channelSupportingTokenAuthenticatorSpecification = new Collection <SupportingTokenAuthenticatorSpecification>(new List <SupportingTokenAuthenticatorSpecification>(factory._channelSupportingTokenAuthenticatorSpecification)); _standardsManager = factory._standardsManager; _timestampValidityDuration = factory._timestampValidityDuration; _securityBindingElement = (SecurityBindingElement)factory._securityBindingElement?.Clone(); _securityTokenManager = factory._securityTokenManager; _nonceCache = factory._nonceCache; }
protected override IChannelFactory <IRequestChannel> GetNegotiationChannelFactory(IChannelFactory <IRequestChannel> transportChannelFactory, ChannelBuilder channelBuilder) { ISecurityCapabilities property = this.bootstrapSecurityBindingElement.GetProperty <ISecurityCapabilities>(base.IssuerBindingContext); SecurityCredentialsManager credentialsManager = base.IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>(); if (credentialsManager == null) { credentialsManager = ClientCredentials.CreateDefaultCredentials(); } this.bootstrapSecurityBindingElement.ReaderQuotas = base.IssuerBindingContext.GetInnerProperty <XmlDictionaryReaderQuotas>(); if (this.bootstrapSecurityBindingElement.ReaderQuotas == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("EncodingBindingElementDoesNotHandleReaderQuotas"))); } TransportBindingElement element = base.IssuerBindingContext.RemainingBindingElements.Find <TransportBindingElement>(); if (element != null) { this.bootstrapSecurityBindingElement.MaxReceivedMessageSize = element.MaxReceivedMessageSize; } SecurityProtocolFactory protocolFactory = this.bootstrapSecurityBindingElement.CreateSecurityProtocolFactory <IRequestChannel>(base.IssuerBindingContext.Clone(), credentialsManager, false, base.IssuerBindingContext.Clone()); MessageSecurityProtocolFactory factory2 = protocolFactory as MessageSecurityProtocolFactory; if (factory2 != null) { factory2.ApplyConfidentiality = factory2.ApplyIntegrity = factory2.RequireConfidentiality = factory2.RequireIntegrity = true; MessagePartSpecification parts = new MessagePartSpecification(true); factory2.ProtectionRequirements.IncomingSignatureParts.AddParts(parts, this.RequestSecurityTokenAction); factory2.ProtectionRequirements.IncomingEncryptionParts.AddParts(parts, this.RequestSecurityTokenAction); factory2.ProtectionRequirements.OutgoingSignatureParts.AddParts(parts, this.RequestSecurityTokenResponseAction); factory2.ProtectionRequirements.OutgoingEncryptionParts.AddParts(parts, this.RequestSecurityTokenResponseAction); } protocolFactory.PrivacyNoticeUri = this.PrivacyNoticeUri; protocolFactory.PrivacyNoticeVersion = this.PrivacyNoticeVersion; return(new SecurityChannelFactory <IRequestChannel>(property, base.IssuerBindingContext, channelBuilder, protocolFactory, transportChannelFactory)); }
private void InitializeFactories() { ISecurityCapabilities securityCapabilities = BootstrapSecurityBindingElement.GetProperty <ISecurityCapabilities>(IssuerBindingContext); SecurityCredentialsManager securityCredentials = IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>(); if (securityCredentials == null) { securityCredentials = ClientCredentials.CreateDefaultCredentials(); } BindingContext context = IssuerBindingContext; _bootstrapSecurityBindingElement.ReaderQuotas = context.GetInnerProperty <XmlDictionaryReaderQuotas>(); if (_bootstrapSecurityBindingElement.ReaderQuotas == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.EncodingBindingElementDoesNotHandleReaderQuotas)); } TransportBindingElement transportBindingElement = context.RemainingBindingElements.Find <TransportBindingElement>(); if (transportBindingElement != null) { _bootstrapSecurityBindingElement.MaxReceivedMessageSize = transportBindingElement.MaxReceivedMessageSize; } SecurityProtocolFactory securityProtocolFactory = BootstrapSecurityBindingElement.CreateSecurityProtocolFactory <IRequestChannel>(IssuerBindingContext.Clone(), securityCredentials, false, IssuerBindingContext.Clone()); if (_localAddress != null) { MessageFilter issueAndRenewFilter = new SessionActionFilter(_standardsManager, IssueResponseAction.Value, RenewResponseAction.Value); context.BindingParameters.Add(new LocalAddressProvider(_localAddress, issueAndRenewFilter)); } ChannelBuilder channelBuilder = new ChannelBuilder(context, true); IChannelFactory innerChannelFactory; // if the underlying transport does not support request/reply, wrap it inside // a service channel factory. if (channelBuilder.CanBuildChannelFactory <IRequestChannel>()) { innerChannelFactory = channelBuilder.BuildChannelFactory <IRequestChannel>(); _requiresManualReplyAddressing = true; } else { ClientRuntime clientRuntime = new ClientRuntime("RequestSecuritySession", NamingHelper.DefaultNamespace); clientRuntime.UseSynchronizationContext = false; clientRuntime.AddTransactionFlowProperties = false; clientRuntime.ValidateMustUnderstand = false; ServiceChannelFactory serviceChannelFactory = ServiceChannelFactory.BuildChannelFactory(channelBuilder, clientRuntime); ClientOperation issueOperation = new ClientOperation(serviceChannelFactory.ClientRuntime, "Issue", IssueAction.Value); issueOperation.Formatter = s_operationFormatter; serviceChannelFactory.ClientRuntime.Operations.Add(issueOperation); ClientOperation renewOperation = new ClientOperation(serviceChannelFactory.ClientRuntime, "Renew", RenewAction.Value); renewOperation.Formatter = s_operationFormatter; serviceChannelFactory.ClientRuntime.Operations.Add(renewOperation); innerChannelFactory = new RequestChannelFactory(serviceChannelFactory); _requiresManualReplyAddressing = false; } SecurityChannelFactory <IAsyncRequestChannel> securityChannelFactory = new SecurityChannelFactory <IAsyncRequestChannel>( securityCapabilities, IssuerBindingContext, channelBuilder, securityProtocolFactory, innerChannelFactory); // attach the ExtendedProtectionPolicy to the securityProtcolFactory so it will be // available when building the channel. if (transportBindingElement != null) { if (securityChannelFactory.SecurityProtocolFactory != null) { securityChannelFactory.SecurityProtocolFactory.ExtendedProtectionPolicy = transportBindingElement.GetProperty <ExtendedProtectionPolicy>(context); } } _rstChannelFactory = securityChannelFactory; MessageVersion = securityChannelFactory.MessageVersion; }
public DuplexSecurityProtocolFactory(SecurityProtocolFactory forwardProtocolFactory, SecurityProtocolFactory reverseProtocolFactory) : this() { this.forwardProtocolFactory = forwardProtocolFactory; this.reverseProtocolFactory = reverseProtocolFactory; }
protected SendSecurityHeader CreateSendSecurityHeader(Message message, string actor, SecurityProtocolFactory factory) { return(CreateSendSecurityHeader(message, actor, factory, true)); }
protected SendSecurityHeader CreateSendSecurityHeaderForTransportProtocol(Message message, string actor, SecurityProtocolFactory factory) { return(CreateSendSecurityHeader(message, actor, factory, false)); }
internal async Task <IList <SupportingTokenSpecification> > TryGetSupportingTokensAsync(SecurityProtocolFactory factory, EndpointAddress target, Uri via, Message message, TimeSpan timeout) { IList <SupportingTokenSpecification> supportingTokens = null; if (!factory.ActAsInitiator) { return(null); } if (message == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(message)); } TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); IList <SupportingTokenProviderSpecification> supportingTokenProviders = GetSupportingTokenProviders(message.Headers.Action); if (supportingTokenProviders != null && supportingTokenProviders.Count > 0) { supportingTokens = new Collection <SupportingTokenSpecification>(); for (int i = 0; i < supportingTokenProviders.Count; ++i) { SupportingTokenProviderSpecification spec = supportingTokenProviders[i]; SecurityToken supportingToken; supportingToken = await spec.TokenProvider.GetTokenAsync(timeoutHelper.RemainingTime()); supportingTokens.Add(new SupportingTokenSpecification(supportingToken, EmptyReadOnlyCollection <IAuthorizationPolicy> .Instance, spec.SecurityTokenAttachmentMode, spec.TokenParameters)); } } // add any runtime supporting tokens AddMessageSupportingTokens(message, ref supportingTokens); return(supportingTokens); }
public SecurityChannelFactory(ISecurityCapabilities securityCapabilities, BindingContext context, System.ServiceModel.Channels.ChannelBuilder channelBuilder, System.ServiceModel.Security.SecurityProtocolFactory protocolFactory, IChannelFactory innerChannelFactory) : this(securityCapabilities, context, channelBuilder, innerChannelFactory) { this.securityProtocolFactory = protocolFactory; }
public SecurityChannelFactory(ISecurityCapabilities securityCapabilities, BindingContext context, System.ServiceModel.Channels.ChannelBuilder channelBuilder, System.ServiceModel.Security.SecurityProtocolFactory protocolFactory) : this(securityCapabilities, context, channelBuilder, protocolFactory, channelBuilder.BuildChannelFactory <TChannel>()) { }
internal SecurityChannelFactory(Binding binding, System.ServiceModel.Security.SecurityProtocolFactory protocolFactory, IChannelFactory innerChannelFactory) : base(binding, innerChannelFactory) { this.securityProtocolFactory = protocolFactory; }
private void InitializeFactories() { IChannelFactory <IRequestChannel> factory3; ISecurityCapabilities property = this.BootstrapSecurityBindingElement.GetProperty <ISecurityCapabilities>(this.IssuerBindingContext); SecurityCredentialsManager credentialsManager = this.IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>(); if (credentialsManager == null) { credentialsManager = ClientCredentials.CreateDefaultCredentials(); } BindingContext issuerBindingContext = this.IssuerBindingContext; this.bootstrapSecurityBindingElement.ReaderQuotas = issuerBindingContext.GetInnerProperty <XmlDictionaryReaderQuotas>(); if (this.bootstrapSecurityBindingElement.ReaderQuotas == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("EncodingBindingElementDoesNotHandleReaderQuotas"))); } TransportBindingElement element = issuerBindingContext.RemainingBindingElements.Find <TransportBindingElement>(); if (element != null) { this.bootstrapSecurityBindingElement.MaxReceivedMessageSize = element.MaxReceivedMessageSize; } SecurityProtocolFactory protocolFactory = this.BootstrapSecurityBindingElement.CreateSecurityProtocolFactory <IRequestChannel>(this.IssuerBindingContext.Clone(), credentialsManager, false, this.IssuerBindingContext.Clone()); if (protocolFactory is MessageSecurityProtocolFactory) { MessageSecurityProtocolFactory factory2 = protocolFactory as MessageSecurityProtocolFactory; factory2.ApplyConfidentiality = factory2.ApplyIntegrity = factory2.RequireConfidentiality = factory2.RequireIntegrity = true; factory2.ProtectionRequirements.IncomingSignatureParts.ChannelParts.IsBodyIncluded = true; factory2.ProtectionRequirements.OutgoingSignatureParts.ChannelParts.IsBodyIncluded = true; MessagePartSpecification parts = new MessagePartSpecification(true); factory2.ProtectionRequirements.IncomingSignatureParts.AddParts(parts, this.IssueAction); factory2.ProtectionRequirements.IncomingEncryptionParts.AddParts(parts, this.IssueAction); factory2.ProtectionRequirements.IncomingSignatureParts.AddParts(parts, this.RenewAction); factory2.ProtectionRequirements.IncomingEncryptionParts.AddParts(parts, this.RenewAction); factory2.ProtectionRequirements.OutgoingSignatureParts.AddParts(parts, this.IssueResponseAction); factory2.ProtectionRequirements.OutgoingEncryptionParts.AddParts(parts, this.IssueResponseAction); factory2.ProtectionRequirements.OutgoingSignatureParts.AddParts(parts, this.RenewResponseAction); factory2.ProtectionRequirements.OutgoingEncryptionParts.AddParts(parts, this.RenewResponseAction); } protocolFactory.PrivacyNoticeUri = this.PrivacyNoticeUri; protocolFactory.PrivacyNoticeVersion = this.privacyNoticeVersion; if (this.localAddress != null) { MessageFilter filter = new SessionActionFilter(this.standardsManager, new string[] { this.IssueResponseAction.Value, this.RenewResponseAction.Value }); issuerBindingContext.BindingParameters.Add(new LocalAddressProvider(this.localAddress, filter)); } ChannelBuilder channelBuilder = new ChannelBuilder(issuerBindingContext, true); if (channelBuilder.CanBuildChannelFactory <IRequestChannel>()) { factory3 = channelBuilder.BuildChannelFactory <IRequestChannel>(); this.requiresManualReplyAddressing = true; } else { ClientRuntime clientRuntime = new ClientRuntime("RequestSecuritySession", "http://tempuri.org/") { UseSynchronizationContext = false, AddTransactionFlowProperties = false, ValidateMustUnderstand = false }; ServiceChannelFactory serviceChannelFactory = ServiceChannelFactory.BuildChannelFactory(channelBuilder, clientRuntime); ClientOperation item = new ClientOperation(serviceChannelFactory.ClientRuntime, "Issue", this.IssueAction.Value) { Formatter = operationFormatter }; serviceChannelFactory.ClientRuntime.Operations.Add(item); ClientOperation operation2 = new ClientOperation(serviceChannelFactory.ClientRuntime, "Renew", this.RenewAction.Value) { Formatter = operationFormatter }; serviceChannelFactory.ClientRuntime.Operations.Add(operation2); factory3 = new RequestChannelFactory(serviceChannelFactory); this.requiresManualReplyAddressing = false; } SecurityChannelFactory <IRequestChannel> factory5 = new SecurityChannelFactory <IRequestChannel>(property, this.IssuerBindingContext, channelBuilder, protocolFactory, factory3); if ((element != null) && (factory5.SecurityProtocolFactory != null)) { factory5.SecurityProtocolFactory.ExtendedProtectionPolicy = element.GetProperty <ExtendedProtectionPolicy>(issuerBindingContext); } this.rstChannelFactory = factory5; this.messageVersion = factory5.MessageVersion; }
void InitializeFactories() { ISecurityCapabilities securityCapabilities = this.BootstrapSecurityBindingElement.GetProperty <ISecurityCapabilities>(this.IssuerBindingContext); SecurityCredentialsManager securityCredentials = this.IssuerBindingContext.BindingParameters.Find <SecurityCredentialsManager>(); if (securityCredentials == null) { securityCredentials = ClientCredentials.CreateDefaultCredentials(); } BindingContext context = this.IssuerBindingContext; this.bootstrapSecurityBindingElement.ReaderQuotas = context.GetInnerProperty <XmlDictionaryReaderQuotas>(); if (this.bootstrapSecurityBindingElement.ReaderQuotas == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.EncodingBindingElementDoesNotHandleReaderQuotas))); } TransportBindingElement transportBindingElement = context.RemainingBindingElements.Find <TransportBindingElement>(); if (transportBindingElement != null) { this.bootstrapSecurityBindingElement.MaxReceivedMessageSize = transportBindingElement.MaxReceivedMessageSize; } SecurityProtocolFactory securityProtocolFactory = this.BootstrapSecurityBindingElement.CreateSecurityProtocolFactory <IRequestChannel>(this.IssuerBindingContext.Clone(), securityCredentials, false, this.IssuerBindingContext.Clone()); if (securityProtocolFactory is MessageSecurityProtocolFactory) { MessageSecurityProtocolFactory soapBindingFactory = securityProtocolFactory as MessageSecurityProtocolFactory; soapBindingFactory.ApplyConfidentiality = soapBindingFactory.ApplyIntegrity = soapBindingFactory.RequireConfidentiality = soapBindingFactory.RequireIntegrity = true; soapBindingFactory.ProtectionRequirements.IncomingSignatureParts.ChannelParts.IsBodyIncluded = true; soapBindingFactory.ProtectionRequirements.OutgoingSignatureParts.ChannelParts.IsBodyIncluded = true; MessagePartSpecification bodyPart = new MessagePartSpecification(true); soapBindingFactory.ProtectionRequirements.IncomingSignatureParts.AddParts(bodyPart, IssueAction); soapBindingFactory.ProtectionRequirements.IncomingEncryptionParts.AddParts(bodyPart, IssueAction); soapBindingFactory.ProtectionRequirements.IncomingSignatureParts.AddParts(bodyPart, RenewAction); soapBindingFactory.ProtectionRequirements.IncomingEncryptionParts.AddParts(bodyPart, RenewAction); soapBindingFactory.ProtectionRequirements.OutgoingSignatureParts.AddParts(bodyPart, IssueResponseAction); soapBindingFactory.ProtectionRequirements.OutgoingEncryptionParts.AddParts(bodyPart, IssueResponseAction); soapBindingFactory.ProtectionRequirements.OutgoingSignatureParts.AddParts(bodyPart, RenewResponseAction); soapBindingFactory.ProtectionRequirements.OutgoingEncryptionParts.AddParts(bodyPart, RenewResponseAction); } securityProtocolFactory.PrivacyNoticeUri = this.PrivacyNoticeUri; securityProtocolFactory.PrivacyNoticeVersion = this.privacyNoticeVersion; if (this.localAddress != null) { MessageFilter issueAndRenewFilter = new SessionActionFilter(this.standardsManager, this.IssueResponseAction.Value, this.RenewResponseAction.Value); context.BindingParameters.Add(new LocalAddressProvider(localAddress, issueAndRenewFilter)); } ChannelBuilder channelBuilder = new ChannelBuilder(context, true); IChannelFactory <IRequestChannel> innerChannelFactory; // if the underlying transport does not support request/reply, wrap it inside // a service channel factory. if (channelBuilder.CanBuildChannelFactory <IRequestChannel>()) { innerChannelFactory = channelBuilder.BuildChannelFactory <IRequestChannel>(); requiresManualReplyAddressing = true; } else { ClientRuntime clientRuntime = new ClientRuntime("RequestSecuritySession", NamingHelper.DefaultNamespace); clientRuntime.UseSynchronizationContext = false; clientRuntime.AddTransactionFlowProperties = false; clientRuntime.ValidateMustUnderstand = false; ServiceChannelFactory serviceChannelFactory = ServiceChannelFactory.BuildChannelFactory(channelBuilder, clientRuntime); ClientOperation issueOperation = new ClientOperation(serviceChannelFactory.ClientRuntime, "Issue", IssueAction.Value); issueOperation.Formatter = operationFormatter; serviceChannelFactory.ClientRuntime.Operations.Add(issueOperation); ClientOperation renewOperation = new ClientOperation(serviceChannelFactory.ClientRuntime, "Renew", RenewAction.Value); renewOperation.Formatter = operationFormatter; serviceChannelFactory.ClientRuntime.Operations.Add(renewOperation); innerChannelFactory = new RequestChannelFactory(serviceChannelFactory); requiresManualReplyAddressing = false; } SecurityChannelFactory <IRequestChannel> securityChannelFactory = new SecurityChannelFactory <IRequestChannel>( securityCapabilities, this.IssuerBindingContext, channelBuilder, securityProtocolFactory, innerChannelFactory); // attach the ExtendedProtectionPolicy to the securityProtcolFactory so it will be // available when building the channel. if (transportBindingElement != null) { if (securityChannelFactory.SecurityProtocolFactory != null) { securityChannelFactory.SecurityProtocolFactory.ExtendedProtectionPolicy = transportBindingElement.GetProperty <ExtendedProtectionPolicy>(context); } } this.rstChannelFactory = securityChannelFactory; this.messageVersion = securityChannelFactory.MessageVersion; }