Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / Channels / AsymmetricSecurityBindingElement.cs / 1 / AsymmetricSecurityBindingElement.cs
//------------------------------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
//-----------------------------------------------------------------------------
namespace System.ServiceModel.Channels
{
using System;
using System.ServiceModel.Description;
using System.Xml;
using System.Collections.Generic;
using System.Globalization;
using System.Runtime.Serialization;
using System.ServiceModel;
using System.ServiceModel.Security;
using System.ServiceModel.Security.Tokens;
using System.Net.Security;
using System.Text;
public sealed class AsymmetricSecurityBindingElement : SecurityBindingElement, IPolicyExportExtension
{
internal const bool defaultAllowSerializedSigningTokenOnReply = false;
bool allowSerializedSigningTokenOnReply;
SecurityTokenParameters initiatorTokenParameters;
MessageProtectionOrder messageProtectionOrder;
SecurityTokenParameters recipientTokenParameters;
bool requireSignatureConfirmation;
bool isCertificateSignatureBinding;
AsymmetricSecurityBindingElement(AsymmetricSecurityBindingElement elementToBeCloned)
: base(elementToBeCloned)
{
if (elementToBeCloned.initiatorTokenParameters != null)
this.initiatorTokenParameters = (SecurityTokenParameters)elementToBeCloned.initiatorTokenParameters.Clone();
this.messageProtectionOrder = elementToBeCloned.messageProtectionOrder;
if (elementToBeCloned.recipientTokenParameters != null)
this.recipientTokenParameters = (SecurityTokenParameters)elementToBeCloned.recipientTokenParameters.Clone();
this.requireSignatureConfirmation = elementToBeCloned.requireSignatureConfirmation;
this.allowSerializedSigningTokenOnReply = elementToBeCloned.allowSerializedSigningTokenOnReply;
this.isCertificateSignatureBinding = elementToBeCloned.isCertificateSignatureBinding;
}
public AsymmetricSecurityBindingElement()
: this(null, null)
{
// empty
}
public AsymmetricSecurityBindingElement(SecurityTokenParameters recipientTokenParameters)
: this(recipientTokenParameters, null)
{
// empty
}
public AsymmetricSecurityBindingElement(SecurityTokenParameters recipientTokenParameters, SecurityTokenParameters initiatorTokenParameters)
: this(recipientTokenParameters, initiatorTokenParameters, AsymmetricSecurityBindingElement.defaultAllowSerializedSigningTokenOnReply)
{
// empty
}
internal AsymmetricSecurityBindingElement(
SecurityTokenParameters recipientTokenParameters,
SecurityTokenParameters initiatorTokenParameters,
bool allowSerializedSigningTokenOnReply)
: base()
{
this.messageProtectionOrder = SecurityBindingElement.defaultMessageProtectionOrder;
this.requireSignatureConfirmation = SecurityBindingElement.defaultRequireSignatureConfirmation;
this.initiatorTokenParameters = initiatorTokenParameters;
this.recipientTokenParameters = recipientTokenParameters;
this.allowSerializedSigningTokenOnReply = allowSerializedSigningTokenOnReply;
this.isCertificateSignatureBinding = false;
}
public bool AllowSerializedSigningTokenOnReply
{
get
{
return this.allowSerializedSigningTokenOnReply;
}
set
{
this.allowSerializedSigningTokenOnReply = value;
}
}
public SecurityTokenParameters InitiatorTokenParameters
{
get
{
return this.initiatorTokenParameters;
}
set
{
this.initiatorTokenParameters = value;
}
}
public MessageProtectionOrder MessageProtectionOrder
{
get
{
return this.messageProtectionOrder;
}
set
{
if (!MessageProtectionOrderHelper.IsDefined(value))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value"));
this.messageProtectionOrder = value;
}
}
public SecurityTokenParameters RecipientTokenParameters
{
get
{
return this.recipientTokenParameters;
}
set
{
this.recipientTokenParameters = value;
}
}
public bool RequireSignatureConfirmation
{
get
{
return this.requireSignatureConfirmation;
}
set
{
this.requireSignatureConfirmation = value;
}
}
internal override ISecurityCapabilities GetIndividualISecurityCapabilities()
{
ProtectionLevel requestProtectionLevel = ProtectionLevel.EncryptAndSign;
ProtectionLevel responseProtectionLevel = ProtectionLevel.EncryptAndSign;
bool supportsServerAuthentication = false;
if (IsCertificateSignatureBinding)
{
requestProtectionLevel = ProtectionLevel.Sign;
responseProtectionLevel = ProtectionLevel.None;
}
else if (RecipientTokenParameters != null)
{
supportsServerAuthentication = RecipientTokenParameters.SupportsServerAuthentication;
}
bool supportsClientAuthentication;
bool supportsClientWindowsIdentity;
GetSupportingTokensCapabilities(out supportsClientAuthentication, out supportsClientWindowsIdentity);
if (InitiatorTokenParameters != null)
{
supportsClientAuthentication = supportsClientAuthentication || InitiatorTokenParameters.SupportsClientAuthentication;
supportsClientWindowsIdentity = supportsClientWindowsIdentity || InitiatorTokenParameters.SupportsClientWindowsIdentity;
}
return new SecurityCapabilities(supportsClientAuthentication, supportsServerAuthentication, supportsClientWindowsIdentity,
requestProtectionLevel, responseProtectionLevel);
}
internal override bool SupportsDuplex
{
get { return !this.isCertificateSignatureBinding; }
}
internal override bool SupportsRequestReply
{
get
{
return !this.isCertificateSignatureBinding;
}
}
internal bool IsCertificateSignatureBinding
{
get { return this.isCertificateSignatureBinding; }
set { this.isCertificateSignatureBinding = value; }
}
public override void SetKeyDerivation(bool requireDerivedKeys)
{
base.SetKeyDerivation(requireDerivedKeys);
if (this.initiatorTokenParameters != null)
this.initiatorTokenParameters.RequireDerivedKeys = requireDerivedKeys;
if (this.recipientTokenParameters != null)
this.recipientTokenParameters.RequireDerivedKeys = requireDerivedKeys;
}
internal override bool IsSetKeyDerivation(bool requireDerivedKeys)
{
if (!base.IsSetKeyDerivation(requireDerivedKeys))
return false;
if (this.initiatorTokenParameters != null && this.initiatorTokenParameters.RequireDerivedKeys != requireDerivedKeys)
return false;
if (this.recipientTokenParameters != null && this.recipientTokenParameters.RequireDerivedKeys != requireDerivedKeys)
return false;
return true;
}
bool HasProtectionRequirements(ScopedMessagePartSpecification scopedParts)
{
foreach (string action in scopedParts.Actions)
{
MessagePartSpecification parts;
if (scopedParts.TryGetParts(action, out parts))
{
if (!parts.IsEmpty())
{
return true;
}
}
}
return false;
}
internal override SecurityProtocolFactory CreateSecurityProtocolFactory(BindingContext context, SecurityCredentialsManager credentialsManager, bool isForService, BindingContext issuerBindingContext)
{
if (context == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
if (credentialsManager == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("credentialsManager");
if (this.InitiatorTokenParameters == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.AsymmetricSecurityBindingElementNeedsInitiatorTokenParameters, this.ToString())));
if (this.RecipientTokenParameters == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.AsymmetricSecurityBindingElementNeedsRecipientTokenParameters, this.ToString())));
bool isDuplexSecurity = !this.isCertificateSignatureBinding && (typeof(IDuplexChannel) == typeof(TChannel) || typeof(IDuplexSessionChannel) == typeof(TChannel));
SecurityProtocolFactory protocolFactory;
AsymmetricSecurityProtocolFactory forward = new AsymmetricSecurityProtocolFactory();
forward.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, isForService));
forward.RequireConfidentiality = this.HasProtectionRequirements(forward.ProtectionRequirements.IncomingEncryptionParts);
forward.RequireIntegrity = this.HasProtectionRequirements(forward.ProtectionRequirements.IncomingSignatureParts);
if (this.isCertificateSignatureBinding)
{
if (isForService)
{
forward.ApplyIntegrity = forward.ApplyConfidentiality = false;
}
else
{
forward.ApplyConfidentiality = forward.RequireIntegrity = false;
}
}
else
{
forward.ApplyIntegrity = this.HasProtectionRequirements(forward.ProtectionRequirements.OutgoingSignatureParts);
forward.ApplyConfidentiality = this.HasProtectionRequirements(forward.ProtectionRequirements.OutgoingEncryptionParts);
}
if (isForService)
{
base.ApplyAuditBehaviorSettings(context, forward);
if (forward.RequireConfidentiality || (!this.isCertificateSignatureBinding && forward.ApplyIntegrity))
{
forward.AsymmetricTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone();
}
else
{
forward.AsymmetricTokenParameters = null;
}
forward.CryptoTokenParameters = this.InitiatorTokenParameters.Clone();
SetIssuerBindingContextIfRequired(forward.CryptoTokenParameters, issuerBindingContext);
}
else
{
if (forward.ApplyConfidentiality || (!this.isCertificateSignatureBinding && forward.RequireIntegrity))
{
forward.AsymmetricTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone();
}
else
{
forward.AsymmetricTokenParameters = null;
}
forward.CryptoTokenParameters = this.InitiatorTokenParameters.Clone();
SetIssuerBindingContextIfRequired(forward.CryptoTokenParameters, issuerBindingContext);
}
if (isDuplexSecurity)
{
if (isForService)
{
forward.ApplyConfidentiality = forward.ApplyIntegrity = false;
}
else
{
forward.RequireIntegrity = forward.RequireConfidentiality = false;
}
}
else
{
if (!isForService)
{
forward.AllowSerializedSigningTokenOnReply = this.AllowSerializedSigningTokenOnReply;
}
}
forward.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
forward.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
forward.MessageProtectionOrder = this.MessageProtectionOrder;
base.ConfigureProtocolFactory(forward, credentialsManager, isForService, issuerBindingContext, context.Binding);
if (!forward.RequireIntegrity)
forward.DetectReplays = false;
if (isDuplexSecurity)
{
AsymmetricSecurityProtocolFactory reverse = new AsymmetricSecurityProtocolFactory();
if (isForService)
{
reverse.AsymmetricTokenParameters = this.InitiatorTokenParameters.Clone();
reverse.AsymmetricTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External;
reverse.AsymmetricTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never;
reverse.CryptoTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone();
reverse.CryptoTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
reverse.CryptoTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
reverse.IdentityVerifier = null;
}
else
{
reverse.AsymmetricTokenParameters = this.InitiatorTokenParameters.Clone();
reverse.AsymmetricTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External;
reverse.AsymmetricTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never;
reverse.CryptoTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone();
reverse.CryptoTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
reverse.CryptoTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
reverse.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
}
reverse.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
reverse.MessageProtectionOrder = this.MessageProtectionOrder;
reverse.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, isForService));
if (isForService)
{
reverse.ApplyConfidentiality = this.HasProtectionRequirements(reverse.ProtectionRequirements.OutgoingEncryptionParts);
reverse.ApplyIntegrity = true;
reverse.RequireIntegrity = reverse.RequireConfidentiality = false;
}
else
{
reverse.RequireConfidentiality = this.HasProtectionRequirements(reverse.ProtectionRequirements.IncomingEncryptionParts);
reverse.RequireIntegrity = true;
reverse.ApplyIntegrity = reverse.ApplyConfidentiality = false;
}
base.ConfigureProtocolFactory(reverse, credentialsManager, !isForService, issuerBindingContext, context.Binding);
if (!reverse.RequireIntegrity)
reverse.DetectReplays = false;
// setup reverse here
reverse.IsDuplexReply = true;
DuplexSecurityProtocolFactory duplex = new DuplexSecurityProtocolFactory();
duplex.ForwardProtocolFactory = forward;
duplex.ReverseProtocolFactory = reverse;
protocolFactory = duplex;
}
else
{
protocolFactory = forward;
}
return protocolFactory;
}
internal override bool RequiresChannelDemuxer()
{
return (base.RequiresChannelDemuxer() || RequiresChannelDemuxer(this.InitiatorTokenParameters));
}
protected override IChannelFactory BuildChannelFactoryCore(BindingContext context)
{
ISecurityCapabilities securityCapabilities = this.GetProperty(context);
ChannelBuilder channelBuilder = new ChannelBuilder(context, RequiresChannelDemuxer());
BindingContext issuerBindingContext = context.Clone();
SecurityCredentialsManager credentialsManager = context.BindingParameters.Find();
if (credentialsManager == null)
{
credentialsManager = ClientCredentials.CreateDefaultCredentials();
}
SecurityProtocolFactory protocolFactory =
this.CreateSecurityProtocolFactory(context, credentialsManager, false, issuerBindingContext);
return new SecurityChannelFactory(securityCapabilities, context, channelBuilder, protocolFactory);
}
protected override IChannelListener BuildChannelListenerCore(BindingContext context)
{
ChannelBuilder channelBuilder = new ChannelBuilder(context, RequiresChannelDemuxer());
BindingContext issuerBindingContext = context.Clone();
SecurityChannelListener channelListener = new SecurityChannelListener(this, context);
SecurityCredentialsManager credentialsManager = context.BindingParameters.Find();
if (credentialsManager == null)
credentialsManager = ServiceCredentials.CreateDefaultCredentials();
SecurityProtocolFactory protocolFactory = this.CreateSecurityProtocolFactory(context, credentialsManager, true, issuerBindingContext);
channelListener.SecurityProtocolFactory = protocolFactory;
channelListener.InitializeListener(channelBuilder);
return channelListener;
}
public override T GetProperty(BindingContext context)
{
if (context == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
if (typeof(T) == typeof(ChannelProtectionRequirements))
{
AddressingVersion addressing = MessageVersion.Default.Addressing;
#pragma warning suppress 56506
MessageEncodingBindingElement encoding = context.Binding.Elements.Find();
if (encoding != null)
{
addressing = encoding.MessageVersion.Addressing;
}
ChannelProtectionRequirements myRequirements = base.GetProtectionRequirements(addressing, this.GetIndividualProperty().SupportedRequestProtectionLevel);
myRequirements.Add(context.GetInnerProperty()??new ChannelProtectionRequirements());
return (T)(object)myRequirements;
}
else
{
return base.GetProperty(context);
}
}
public override string ToString()
{
StringBuilder sb = new StringBuilder();
sb.AppendLine(base.ToString());
sb.AppendLine(String.Format(CultureInfo.InvariantCulture, "MessageProtectionOrder: {0}", this.messageProtectionOrder.ToString()));
sb.AppendLine(String.Format(CultureInfo.InvariantCulture, "RequireSignatureConfirmation: {0}", this.requireSignatureConfirmation.ToString()));
sb.Append("InitiatorTokenParameters: ");
if (this.initiatorTokenParameters != null)
sb.AppendLine(this.initiatorTokenParameters.ToString().Trim().Replace("\n", "\n "));
else
sb.AppendLine("null");
sb.Append("RecipientTokenParameters: ");
if (this.recipientTokenParameters != null)
sb.AppendLine(this.recipientTokenParameters.ToString().Trim().Replace("\n", "\n "));
else
sb.AppendLine("null");
return sb.ToString().Trim();
}
public override BindingElement Clone()
{
return new AsymmetricSecurityBindingElement(this);
}
void IPolicyExportExtension.ExportPolicy(MetadataExporter exporter, PolicyConversionContext context)
{
SecurityBindingElement.ExportPolicy(exporter, context);
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- FormViewCommandEventArgs.cs
- LoadedEvent.cs
- CustomErrorCollection.cs
- SelectionRangeConverter.cs
- ToolZone.cs
- WebPartZoneCollection.cs
- XpsViewerException.cs
- BaseProcessProtocolHandler.cs
- HttpRequest.cs
- DataServiceClientException.cs
- ParameterBuilder.cs
- ContextCorrelationInitializer.cs
- WebServiceClientProxyGenerator.cs
- WCFBuildProvider.cs
- CollectionMarkupSerializer.cs
- TextEffect.cs
- KeyPressEvent.cs
- HtmlTableCell.cs
- DiscoveryClientChannelFactory.cs
- OracleParameterCollection.cs
- ImageBrush.cs
- ParameterDataSourceExpression.cs
- SQLMembershipProvider.cs
- DataList.cs
- XmlLinkedNode.cs
- SerialPinChanges.cs
- CustomAttributeSerializer.cs
- BitmapDownload.cs
- EntityDesignerUtils.cs
- NTAccount.cs
- TextParagraphCache.cs
- WorkItem.cs
- SqlNodeTypeOperators.cs
- SelectQueryOperator.cs
- ExtenderProvidedPropertyAttribute.cs
- FactoryId.cs
- EventManager.cs
- ConnectionPoolManager.cs
- RoleManagerModule.cs
- ComNativeDescriptor.cs
- InteropTrackingRecord.cs
- LocationReferenceValue.cs
- FocusTracker.cs
- WeakRefEnumerator.cs
- indexingfiltermarshaler.cs
- DataGridViewAutoSizeColumnModeEventArgs.cs
- WebAdminConfigurationHelper.cs
- SpeakCompletedEventArgs.cs
- SqlConnectionHelper.cs
- HtmlHistory.cs
- CodePrimitiveExpression.cs
- CopyAction.cs
- JumpPath.cs
- ProjectionQueryOptionExpression.cs
- XmlEntityReference.cs
- WebEvents.cs
- DataGridViewCellCollection.cs
- ClientUtils.cs
- FileCodeGroup.cs
- SystemWebCachingSectionGroup.cs
- OpenTypeCommon.cs
- BaseCollection.cs
- ToolStripDropDownClosedEventArgs.cs
- HtmlTable.cs
- HTMLTextWriter.cs
- BorderGapMaskConverter.cs
- StringBuilder.cs
- XmlNamespaceDeclarationsAttribute.cs
- SecurityManager.cs
- _CommandStream.cs
- TransportSecurityHelpers.cs
- DesignerActionListCollection.cs
- exports.cs
- DomainConstraint.cs
- TextBox.cs
- COM2ExtendedUITypeEditor.cs
- HtmlButton.cs
- SharedPersonalizationStateInfo.cs
- DbConnectionPoolGroupProviderInfo.cs
- ExtensibleClassFactory.cs
- HtmlInputControl.cs
- WaitForChangedResult.cs
- HttpWrapper.cs
- PropertyGridView.cs
- StateItem.cs
- Selection.cs
- FixedNode.cs
- TextTrailingCharacterEllipsis.cs
- SqlAliasesReferenced.cs
- EventWaitHandleSecurity.cs
- JpegBitmapEncoder.cs
- PowerEase.cs
- StylusCollection.cs
- bidPrivateBase.cs
- TextServicesCompartment.cs
- FunctionDescription.cs
- UnaryExpression.cs
- AuthenticationModuleElementCollection.cs
- InkCanvasFeedbackAdorner.cs
- CellTreeNode.cs