Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / Channels / AsymmetricSecurityBindingElement.cs / 1 / AsymmetricSecurityBindingElement.cs
//------------------------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //----------------------------------------------------------------------------- namespace System.ServiceModel.Channels { using System; using System.ServiceModel.Description; using System.Xml; using System.Collections.Generic; using System.Globalization; using System.Runtime.Serialization; using System.ServiceModel; using System.ServiceModel.Security; using System.ServiceModel.Security.Tokens; using System.Net.Security; using System.Text; public sealed class AsymmetricSecurityBindingElement : SecurityBindingElement, IPolicyExportExtension { internal const bool defaultAllowSerializedSigningTokenOnReply = false; bool allowSerializedSigningTokenOnReply; SecurityTokenParameters initiatorTokenParameters; MessageProtectionOrder messageProtectionOrder; SecurityTokenParameters recipientTokenParameters; bool requireSignatureConfirmation; bool isCertificateSignatureBinding; AsymmetricSecurityBindingElement(AsymmetricSecurityBindingElement elementToBeCloned) : base(elementToBeCloned) { if (elementToBeCloned.initiatorTokenParameters != null) this.initiatorTokenParameters = (SecurityTokenParameters)elementToBeCloned.initiatorTokenParameters.Clone(); this.messageProtectionOrder = elementToBeCloned.messageProtectionOrder; if (elementToBeCloned.recipientTokenParameters != null) this.recipientTokenParameters = (SecurityTokenParameters)elementToBeCloned.recipientTokenParameters.Clone(); this.requireSignatureConfirmation = elementToBeCloned.requireSignatureConfirmation; this.allowSerializedSigningTokenOnReply = elementToBeCloned.allowSerializedSigningTokenOnReply; this.isCertificateSignatureBinding = elementToBeCloned.isCertificateSignatureBinding; } public AsymmetricSecurityBindingElement() : this(null, null) { // empty } public AsymmetricSecurityBindingElement(SecurityTokenParameters recipientTokenParameters) : this(recipientTokenParameters, null) { // empty } public AsymmetricSecurityBindingElement(SecurityTokenParameters recipientTokenParameters, SecurityTokenParameters initiatorTokenParameters) : this(recipientTokenParameters, initiatorTokenParameters, AsymmetricSecurityBindingElement.defaultAllowSerializedSigningTokenOnReply) { // empty } internal AsymmetricSecurityBindingElement( SecurityTokenParameters recipientTokenParameters, SecurityTokenParameters initiatorTokenParameters, bool allowSerializedSigningTokenOnReply) : base() { this.messageProtectionOrder = SecurityBindingElement.defaultMessageProtectionOrder; this.requireSignatureConfirmation = SecurityBindingElement.defaultRequireSignatureConfirmation; this.initiatorTokenParameters = initiatorTokenParameters; this.recipientTokenParameters = recipientTokenParameters; this.allowSerializedSigningTokenOnReply = allowSerializedSigningTokenOnReply; this.isCertificateSignatureBinding = false; } public bool AllowSerializedSigningTokenOnReply { get { return this.allowSerializedSigningTokenOnReply; } set { this.allowSerializedSigningTokenOnReply = value; } } public SecurityTokenParameters InitiatorTokenParameters { get { return this.initiatorTokenParameters; } set { this.initiatorTokenParameters = value; } } public MessageProtectionOrder MessageProtectionOrder { get { return this.messageProtectionOrder; } set { if (!MessageProtectionOrderHelper.IsDefined(value)) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value")); this.messageProtectionOrder = value; } } public SecurityTokenParameters RecipientTokenParameters { get { return this.recipientTokenParameters; } set { this.recipientTokenParameters = value; } } public bool RequireSignatureConfirmation { get { return this.requireSignatureConfirmation; } set { this.requireSignatureConfirmation = value; } } internal override ISecurityCapabilities GetIndividualISecurityCapabilities() { ProtectionLevel requestProtectionLevel = ProtectionLevel.EncryptAndSign; ProtectionLevel responseProtectionLevel = ProtectionLevel.EncryptAndSign; bool supportsServerAuthentication = false; if (IsCertificateSignatureBinding) { requestProtectionLevel = ProtectionLevel.Sign; responseProtectionLevel = ProtectionLevel.None; } else if (RecipientTokenParameters != null) { supportsServerAuthentication = RecipientTokenParameters.SupportsServerAuthentication; } bool supportsClientAuthentication; bool supportsClientWindowsIdentity; GetSupportingTokensCapabilities(out supportsClientAuthentication, out supportsClientWindowsIdentity); if (InitiatorTokenParameters != null) { supportsClientAuthentication = supportsClientAuthentication || InitiatorTokenParameters.SupportsClientAuthentication; supportsClientWindowsIdentity = supportsClientWindowsIdentity || InitiatorTokenParameters.SupportsClientWindowsIdentity; } return new SecurityCapabilities(supportsClientAuthentication, supportsServerAuthentication, supportsClientWindowsIdentity, requestProtectionLevel, responseProtectionLevel); } internal override bool SupportsDuplex { get { return !this.isCertificateSignatureBinding; } } internal override bool SupportsRequestReply { get { return !this.isCertificateSignatureBinding; } } internal bool IsCertificateSignatureBinding { get { return this.isCertificateSignatureBinding; } set { this.isCertificateSignatureBinding = value; } } public override void SetKeyDerivation(bool requireDerivedKeys) { base.SetKeyDerivation(requireDerivedKeys); if (this.initiatorTokenParameters != null) this.initiatorTokenParameters.RequireDerivedKeys = requireDerivedKeys; if (this.recipientTokenParameters != null) this.recipientTokenParameters.RequireDerivedKeys = requireDerivedKeys; } internal override bool IsSetKeyDerivation(bool requireDerivedKeys) { if (!base.IsSetKeyDerivation(requireDerivedKeys)) return false; if (this.initiatorTokenParameters != null && this.initiatorTokenParameters.RequireDerivedKeys != requireDerivedKeys) return false; if (this.recipientTokenParameters != null && this.recipientTokenParameters.RequireDerivedKeys != requireDerivedKeys) return false; return true; } bool HasProtectionRequirements(ScopedMessagePartSpecification scopedParts) { foreach (string action in scopedParts.Actions) { MessagePartSpecification parts; if (scopedParts.TryGetParts(action, out parts)) { if (!parts.IsEmpty()) { return true; } } } return false; } internal override SecurityProtocolFactory CreateSecurityProtocolFactory(BindingContext context, SecurityCredentialsManager credentialsManager, bool isForService, BindingContext issuerBindingContext) { if (context == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); if (credentialsManager == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("credentialsManager"); if (this.InitiatorTokenParameters == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.AsymmetricSecurityBindingElementNeedsInitiatorTokenParameters, this.ToString()))); if (this.RecipientTokenParameters == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.AsymmetricSecurityBindingElementNeedsRecipientTokenParameters, this.ToString()))); bool isDuplexSecurity = !this.isCertificateSignatureBinding && (typeof(IDuplexChannel) == typeof(TChannel) || typeof(IDuplexSessionChannel) == typeof(TChannel)); SecurityProtocolFactory protocolFactory; AsymmetricSecurityProtocolFactory forward = new AsymmetricSecurityProtocolFactory(); forward.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, isForService)); forward.RequireConfidentiality = this.HasProtectionRequirements(forward.ProtectionRequirements.IncomingEncryptionParts); forward.RequireIntegrity = this.HasProtectionRequirements(forward.ProtectionRequirements.IncomingSignatureParts); if (this.isCertificateSignatureBinding) { if (isForService) { forward.ApplyIntegrity = forward.ApplyConfidentiality = false; } else { forward.ApplyConfidentiality = forward.RequireIntegrity = false; } } else { forward.ApplyIntegrity = this.HasProtectionRequirements(forward.ProtectionRequirements.OutgoingSignatureParts); forward.ApplyConfidentiality = this.HasProtectionRequirements(forward.ProtectionRequirements.OutgoingEncryptionParts); } if (isForService) { base.ApplyAuditBehaviorSettings(context, forward); if (forward.RequireConfidentiality || (!this.isCertificateSignatureBinding && forward.ApplyIntegrity)) { forward.AsymmetricTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone(); } else { forward.AsymmetricTokenParameters = null; } forward.CryptoTokenParameters = this.InitiatorTokenParameters.Clone(); SetIssuerBindingContextIfRequired(forward.CryptoTokenParameters, issuerBindingContext); } else { if (forward.ApplyConfidentiality || (!this.isCertificateSignatureBinding && forward.RequireIntegrity)) { forward.AsymmetricTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone(); } else { forward.AsymmetricTokenParameters = null; } forward.CryptoTokenParameters = this.InitiatorTokenParameters.Clone(); SetIssuerBindingContextIfRequired(forward.CryptoTokenParameters, issuerBindingContext); } if (isDuplexSecurity) { if (isForService) { forward.ApplyConfidentiality = forward.ApplyIntegrity = false; } else { forward.RequireIntegrity = forward.RequireConfidentiality = false; } } else { if (!isForService) { forward.AllowSerializedSigningTokenOnReply = this.AllowSerializedSigningTokenOnReply; } } forward.IdentityVerifier = this.LocalClientSettings.IdentityVerifier; forward.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation; forward.MessageProtectionOrder = this.MessageProtectionOrder; base.ConfigureProtocolFactory(forward, credentialsManager, isForService, issuerBindingContext, context.Binding); if (!forward.RequireIntegrity) forward.DetectReplays = false; if (isDuplexSecurity) { AsymmetricSecurityProtocolFactory reverse = new AsymmetricSecurityProtocolFactory(); if (isForService) { reverse.AsymmetricTokenParameters = this.InitiatorTokenParameters.Clone(); reverse.AsymmetricTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External; reverse.AsymmetricTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never; reverse.CryptoTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone(); reverse.CryptoTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal; reverse.CryptoTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient; reverse.IdentityVerifier = null; } else { reverse.AsymmetricTokenParameters = this.InitiatorTokenParameters.Clone(); reverse.AsymmetricTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External; reverse.AsymmetricTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never; reverse.CryptoTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone(); reverse.CryptoTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal; reverse.CryptoTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient; reverse.IdentityVerifier = this.LocalClientSettings.IdentityVerifier; } reverse.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation; reverse.MessageProtectionOrder = this.MessageProtectionOrder; reverse.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, isForService)); if (isForService) { reverse.ApplyConfidentiality = this.HasProtectionRequirements(reverse.ProtectionRequirements.OutgoingEncryptionParts); reverse.ApplyIntegrity = true; reverse.RequireIntegrity = reverse.RequireConfidentiality = false; } else { reverse.RequireConfidentiality = this.HasProtectionRequirements(reverse.ProtectionRequirements.IncomingEncryptionParts); reverse.RequireIntegrity = true; reverse.ApplyIntegrity = reverse.ApplyConfidentiality = false; } base.ConfigureProtocolFactory(reverse, credentialsManager, !isForService, issuerBindingContext, context.Binding); if (!reverse.RequireIntegrity) reverse.DetectReplays = false; // setup reverse here reverse.IsDuplexReply = true; DuplexSecurityProtocolFactory duplex = new DuplexSecurityProtocolFactory(); duplex.ForwardProtocolFactory = forward; duplex.ReverseProtocolFactory = reverse; protocolFactory = duplex; } else { protocolFactory = forward; } return protocolFactory; } internal override bool RequiresChannelDemuxer() { return (base.RequiresChannelDemuxer() || RequiresChannelDemuxer(this.InitiatorTokenParameters)); } protected override IChannelFactory BuildChannelFactoryCore (BindingContext context) { ISecurityCapabilities securityCapabilities = this.GetProperty (context); ChannelBuilder channelBuilder = new ChannelBuilder(context, RequiresChannelDemuxer()); BindingContext issuerBindingContext = context.Clone(); SecurityCredentialsManager credentialsManager = context.BindingParameters.Find (); if (credentialsManager == null) { credentialsManager = ClientCredentials.CreateDefaultCredentials(); } SecurityProtocolFactory protocolFactory = this.CreateSecurityProtocolFactory (context, credentialsManager, false, issuerBindingContext); return new SecurityChannelFactory (securityCapabilities, context, channelBuilder, protocolFactory); } protected override IChannelListener BuildChannelListenerCore (BindingContext context) { ChannelBuilder channelBuilder = new ChannelBuilder(context, RequiresChannelDemuxer()); BindingContext issuerBindingContext = context.Clone(); SecurityChannelListener channelListener = new SecurityChannelListener (this, context); SecurityCredentialsManager credentialsManager = context.BindingParameters.Find (); if (credentialsManager == null) credentialsManager = ServiceCredentials.CreateDefaultCredentials(); SecurityProtocolFactory protocolFactory = this.CreateSecurityProtocolFactory (context, credentialsManager, true, issuerBindingContext); channelListener.SecurityProtocolFactory = protocolFactory; channelListener.InitializeListener(channelBuilder); return channelListener; } public override T GetProperty (BindingContext context) { if (context == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); if (typeof(T) == typeof(ChannelProtectionRequirements)) { AddressingVersion addressing = MessageVersion.Default.Addressing; #pragma warning suppress 56506 MessageEncodingBindingElement encoding = context.Binding.Elements.Find (); if (encoding != null) { addressing = encoding.MessageVersion.Addressing; } ChannelProtectionRequirements myRequirements = base.GetProtectionRequirements(addressing, this.GetIndividualProperty ().SupportedRequestProtectionLevel); myRequirements.Add(context.GetInnerProperty ()??new ChannelProtectionRequirements()); return (T)(object)myRequirements; } else { return base.GetProperty (context); } } public override string ToString() { StringBuilder sb = new StringBuilder(); sb.AppendLine(base.ToString()); sb.AppendLine(String.Format(CultureInfo.InvariantCulture, "MessageProtectionOrder: {0}", this.messageProtectionOrder.ToString())); sb.AppendLine(String.Format(CultureInfo.InvariantCulture, "RequireSignatureConfirmation: {0}", this.requireSignatureConfirmation.ToString())); sb.Append("InitiatorTokenParameters: "); if (this.initiatorTokenParameters != null) sb.AppendLine(this.initiatorTokenParameters.ToString().Trim().Replace("\n", "\n ")); else sb.AppendLine("null"); sb.Append("RecipientTokenParameters: "); if (this.recipientTokenParameters != null) sb.AppendLine(this.recipientTokenParameters.ToString().Trim().Replace("\n", "\n ")); else sb.AppendLine("null"); return sb.ToString().Trim(); } public override BindingElement Clone() { return new AsymmetricSecurityBindingElement(this); } void IPolicyExportExtension.ExportPolicy(MetadataExporter exporter, PolicyConversionContext context) { SecurityBindingElement.ExportPolicy(exporter, context); } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu

This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- KoreanCalendar.cs
- StorageAssociationTypeMapping.cs
- errorpatternmatcher.cs
- XmlCharCheckingWriter.cs
- FormViewUpdatedEventArgs.cs
- OrderedEnumerableRowCollection.cs
- IndexedEnumerable.cs
- _CookieModule.cs
- SqlTrackingWorkflowInstance.cs
- EdgeProfileValidation.cs
- UserNameSecurityToken.cs
- SmiGettersStream.cs
- PersistChildrenAttribute.cs
- AssemblyBuilder.cs
- SecondaryViewProvider.cs
- XmlCollation.cs
- Light.cs
- XhtmlMobileTextWriter.cs
- CodeTypeConstructor.cs
- TextPattern.cs
- InvalidEnumArgumentException.cs
- HttpRawResponse.cs
- SerializerWriterEventHandlers.cs
- Attachment.cs
- IERequestCache.cs
- CharEnumerator.cs
- TypeSystem.cs
- TypeBuilder.cs
- PathSegment.cs
- DesignObjectWrapper.cs
- GroupBoxAutomationPeer.cs
- AssociationSetMetadata.cs
- ISO2022Encoding.cs
- FacetDescription.cs
- MethodBody.cs
- SafeLibraryHandle.cs
- _ListenerRequestStream.cs
- AutomationFocusChangedEventArgs.cs
- FormsAuthenticationModule.cs
- Object.cs
- FeatureAttribute.cs
- ClientEventManager.cs
- ModelPropertyImpl.cs
- DiscoveryViaBehavior.cs
- RtfToken.cs
- UITypeEditors.cs
- DesignerVerbCollection.cs
- ToolStripLabel.cs
- SessionEndingCancelEventArgs.cs
- ValidateNames.cs
- EtwTrace.cs
- TypeDependencyAttribute.cs
- DataGridViewIntLinkedList.cs
- LinkedList.cs
- EncoderBestFitFallback.cs
- MsmqChannelFactoryBase.cs
- DataViewSetting.cs
- OletxDependentTransaction.cs
- DataGridColumnHeaderItemAutomationPeer.cs
- EdmItemCollection.cs
- DictionaryManager.cs
- DesignerHierarchicalDataSourceView.cs
- Environment.cs
- AllowedAudienceUriElementCollection.cs
- HttpRequest.cs
- XmlSchemaChoice.cs
- CompoundFileReference.cs
- SessionIDManager.cs
- Vector3D.cs
- FormsIdentity.cs
- DbTransaction.cs
- DataGridViewColumnEventArgs.cs
- WebPartEventArgs.cs
- SafeRightsManagementSessionHandle.cs
- TextOnlyOutput.cs
- X509CertificateTrustedIssuerElement.cs
- TagPrefixInfo.cs
- OleDbParameter.cs
- TableCellsCollectionEditor.cs
- SystemWebCachingSectionGroup.cs
- xml.cs
- RotateTransform.cs
- VariableBinder.cs
- SQLInt64Storage.cs
- BitmapEncoder.cs
- DataGridTextBox.cs
- ComboBoxRenderer.cs
- PerformanceCounterLib.cs
- StringComparer.cs
- HostedImpersonationContext.cs
- COAUTHINFO.cs
- AddDataControlFieldDialog.cs
- HtmlInputPassword.cs
- DecoderFallbackWithFailureFlag.cs
- Delegate.cs
- RichTextBoxConstants.cs
- RecognizerBase.cs
- SystemDropShadowChrome.cs
- Misc.cs
- AsyncPostBackErrorEventArgs.cs