internal static bool IsSecurityBindingSuitableForChannelBinding(TransportSecurityBindingElement securityBindingElement)
{
#if FEATURE_CORECLR
throw new NotImplementedException("SupportingTokenParameters.Signed is not supported in .NET Core");
#else
return(securityBindingElement != null && (SecurityUtils.AreSecurityTokenParametersSuitableForChannelBinding(securityBindingElement.EndpointSupportingTokenParameters.Endorsing) || SecurityUtils.AreSecurityTokenParametersSuitableForChannelBinding(securityBindingElement.EndpointSupportingTokenParameters.Signed) || (SecurityUtils.AreSecurityTokenParametersSuitableForChannelBinding(securityBindingElement.EndpointSupportingTokenParameters.SignedEncrypted) || SecurityUtils.AreSecurityTokenParametersSuitableForChannelBinding(securityBindingElement.EndpointSupportingTokenParameters.SignedEndorsing))));
#endif
}
internal static Exception CreateSecurityFaultException(Message unverifiedMessage)
{
return(SecurityUtils.CreateSecurityFaultException(MessageFault.CreateFault(unverifiedMessage, 16384)));
}
WrappedKeySecurityToken CreateWrappedKeyToken(string id, string encryptionMethod, string carriedKeyName,
SecurityKeyIdentifier unwrappingTokenIdentifier, byte[] wrappedKey, SecurityTokenResolver tokenResolver)
{
ISspiNegotiationInfo sspiResolver = tokenResolver as ISspiNegotiationInfo;
if (sspiResolver != null)
{
ISspiNegotiation unwrappingSspiContext = sspiResolver.SspiNegotiation;
// ensure that the encryption algorithm is compatible
if (encryptionMethod != unwrappingSspiContext.KeyEncryptionAlgorithm)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.BadKeyEncryptionAlgorithm, encryptionMethod)));
}
byte[] unwrappedKey = unwrappingSspiContext.Decrypt(wrappedKey);
return(new WrappedKeySecurityToken(id, unwrappedKey, encryptionMethod, unwrappingSspiContext, unwrappedKey));
}
else
{
if (tokenResolver == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("tokenResolver"));
}
if (unwrappingTokenIdentifier == null || unwrappingTokenIdentifier.Count == 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.MissingKeyInfoInEncryptedKey)));
}
SecurityToken unwrappingToken;
SecurityHeaderTokenResolver resolver = tokenResolver as SecurityHeaderTokenResolver;
if (resolver != null)
{
unwrappingToken = resolver.ExpectedWrapper;
if (unwrappingToken != null)
{
if (!resolver.CheckExternalWrapperMatch(unwrappingTokenIdentifier))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(
SR.GetString(SR.EncryptedKeyWasNotEncryptedWithTheRequiredEncryptingToken, unwrappingToken)));
}
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(
SR.GetString(SR.UnableToResolveKeyInfoForUnwrappingToken, unwrappingTokenIdentifier, resolver)));
}
}
else
{
try
{
unwrappingToken = tokenResolver.ResolveToken(unwrappingTokenIdentifier);
}
catch (Exception exception)
{
if (exception is MessageSecurityException)
{
throw;
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(
SR.GetString(SR.UnableToResolveKeyInfoForUnwrappingToken, unwrappingTokenIdentifier, tokenResolver), exception));
}
}
SecurityKey unwrappingSecurityKey;
byte[] unwrappedKey = SecurityUtils.DecryptKey(unwrappingToken, encryptionMethod, wrappedKey, out unwrappingSecurityKey);
return(new WrappedKeySecurityToken(id, unwrappedKey, encryptionMethod, unwrappingToken, unwrappingTokenIdentifier, wrappedKey, unwrappingSecurityKey));
}
}
public virtual void OnOpen(TimeSpan timeout)
{
TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);
if (this.factory.ActAsInitiator)
{
this.channelSupportingTokenProviderSpecification = new Collection <SupportingTokenProviderSpecification>();
this.scopedSupportingTokenProviderSpecification = new Dictionary <string, ICollection <SupportingTokenProviderSpecification> >();
AddSupportingTokenProviders(this.factory.SecurityBindingElement.EndpointSupportingTokenParameters, false, (IList <SupportingTokenProviderSpecification>) this.channelSupportingTokenProviderSpecification);
AddSupportingTokenProviders(this.factory.SecurityBindingElement.OptionalEndpointSupportingTokenParameters, true, (IList <SupportingTokenProviderSpecification>) this.channelSupportingTokenProviderSpecification);
foreach (string action in this.factory.SecurityBindingElement.OperationSupportingTokenParameters.Keys)
{
Collection <SupportingTokenProviderSpecification> providerSpecList = new Collection <SupportingTokenProviderSpecification>();
AddSupportingTokenProviders(this.factory.SecurityBindingElement.OperationSupportingTokenParameters[action], false, providerSpecList);
this.scopedSupportingTokenProviderSpecification.Add(action, providerSpecList);
}
foreach (string action in this.factory.SecurityBindingElement.OptionalOperationSupportingTokenParameters.Keys)
{
Collection <SupportingTokenProviderSpecification> providerSpecList;
ICollection <SupportingTokenProviderSpecification> existingList;
if (this.scopedSupportingTokenProviderSpecification.TryGetValue(action, out existingList))
{
providerSpecList = ((Collection <SupportingTokenProviderSpecification>)existingList);
}
else
{
providerSpecList = new Collection <SupportingTokenProviderSpecification>();
this.scopedSupportingTokenProviderSpecification.Add(action, providerSpecList);
}
this.AddSupportingTokenProviders(this.factory.SecurityBindingElement.OptionalOperationSupportingTokenParameters[action], true, providerSpecList);
}
if (!this.channelSupportingTokenProviderSpecification.IsReadOnly)
{
if (this.channelSupportingTokenProviderSpecification.Count == 0)
{
this.channelSupportingTokenProviderSpecification = EmptyTokenProviders;
}
else
{
this.factory.ExpectSupportingTokens = true;
foreach (SupportingTokenProviderSpecification tokenProviderSpec in this.channelSupportingTokenProviderSpecification)
{
SecurityUtils.OpenTokenProviderIfRequired(tokenProviderSpec.TokenProvider, timeoutHelper.RemainingTime());
if (tokenProviderSpec.SecurityTokenAttachmentMode == SecurityTokenAttachmentMode.Endorsing || tokenProviderSpec.SecurityTokenAttachmentMode == SecurityTokenAttachmentMode.SignedEndorsing)
{
if (tokenProviderSpec.TokenParameters.RequireDerivedKeys && !tokenProviderSpec.TokenParameters.HasAsymmetricKey)
{
this.factory.ExpectKeyDerivation = true;
}
}
}
this.channelSupportingTokenProviderSpecification =
new ReadOnlyCollection <SupportingTokenProviderSpecification>((Collection <SupportingTokenProviderSpecification>) this.channelSupportingTokenProviderSpecification);
}
}
// create a merged map of the per operation supporting tokens
MergeSupportingTokenProviders(timeoutHelper.RemainingTime());
}
}
protected override void ReadCipherData(XmlDictionaryReader reader, long maxBufferSize)
{
_cipherText = SecurityUtils.ReadContentAsBase64(reader, maxBufferSize);
}
static protected void ThrowIfFault(Message message, EndpointAddress target)
{
SecurityUtils.ThrowIfNegotiationFault(message, target);
}
internal HttpDigestClientCredential(HttpDigestClientCredential other)
{
_allowedImpersonationLevel = other._allowedImpersonationLevel;
_digestCredentials = SecurityUtils.GetNetworkCredentialsCopy(other._digestCredentials);
_isReadOnly = other._isReadOnly;
}
public void SetOutgoingSessionToken(SecurityToken token)
{
if (token == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token");
}
lock (ThisLock)
{
this.outgoingSessionToken = token;
if (this.requireDerivedKeys)
{
string derivationAlgorithm = SecurityUtils.GetKeyDerivationAlgorithm(this.sessionStandardsManager.MessageSecurityVersion.SecureConversationVersion);
this.derivedSignatureToken = new DerivedKeySecurityToken(-1, 0,
this.Factory.OutgoingAlgorithmSuite.GetSignatureKeyDerivationLength(token, this.sessionStandardsManager.MessageSecurityVersion.SecureConversationVersion), null,
DerivedKeySecurityToken.DefaultNonceLength, token, this.Factory.SecurityTokenParameters.CreateKeyIdentifierClause(token, SecurityTokenReferenceStyle.External), derivationAlgorithm, SecurityUtils.GenerateId());
this.derivedEncryptionToken = new DerivedKeySecurityToken(-1, 0,
this.Factory.OutgoingAlgorithmSuite.GetEncryptionKeyDerivationLength(token, this.sessionStandardsManager.MessageSecurityVersion.SecureConversationVersion), null,
DerivedKeySecurityToken.DefaultNonceLength, token, this.Factory.SecurityTokenParameters.CreateKeyIdentifierClause(token, SecurityTokenReferenceStyle.External), derivationAlgorithm, SecurityUtils.GenerateId());
}
}
}
internal static WindowsIdentity CloneWindowsIdentityIfNecessary(WindowsIdentity wid)
{
return(SecurityUtils.CloneWindowsIdentityIfNecessary(wid, null));
}
