Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / Channels / AsymmetricSecurityBindingElement.cs / 1 / AsymmetricSecurityBindingElement.cs
//------------------------------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
//-----------------------------------------------------------------------------
namespace System.ServiceModel.Channels
{
using System;
using System.ServiceModel.Description;
using System.Xml;
using System.Collections.Generic;
using System.Globalization;
using System.Runtime.Serialization;
using System.ServiceModel;
using System.ServiceModel.Security;
using System.ServiceModel.Security.Tokens;
using System.Net.Security;
using System.Text;
public sealed class AsymmetricSecurityBindingElement : SecurityBindingElement, IPolicyExportExtension
{
internal const bool defaultAllowSerializedSigningTokenOnReply = false;
bool allowSerializedSigningTokenOnReply;
SecurityTokenParameters initiatorTokenParameters;
MessageProtectionOrder messageProtectionOrder;
SecurityTokenParameters recipientTokenParameters;
bool requireSignatureConfirmation;
bool isCertificateSignatureBinding;
AsymmetricSecurityBindingElement(AsymmetricSecurityBindingElement elementToBeCloned)
: base(elementToBeCloned)
{
if (elementToBeCloned.initiatorTokenParameters != null)
this.initiatorTokenParameters = (SecurityTokenParameters)elementToBeCloned.initiatorTokenParameters.Clone();
this.messageProtectionOrder = elementToBeCloned.messageProtectionOrder;
if (elementToBeCloned.recipientTokenParameters != null)
this.recipientTokenParameters = (SecurityTokenParameters)elementToBeCloned.recipientTokenParameters.Clone();
this.requireSignatureConfirmation = elementToBeCloned.requireSignatureConfirmation;
this.allowSerializedSigningTokenOnReply = elementToBeCloned.allowSerializedSigningTokenOnReply;
this.isCertificateSignatureBinding = elementToBeCloned.isCertificateSignatureBinding;
}
public AsymmetricSecurityBindingElement()
: this(null, null)
{
// empty
}
public AsymmetricSecurityBindingElement(SecurityTokenParameters recipientTokenParameters)
: this(recipientTokenParameters, null)
{
// empty
}
public AsymmetricSecurityBindingElement(SecurityTokenParameters recipientTokenParameters, SecurityTokenParameters initiatorTokenParameters)
: this(recipientTokenParameters, initiatorTokenParameters, AsymmetricSecurityBindingElement.defaultAllowSerializedSigningTokenOnReply)
{
// empty
}
internal AsymmetricSecurityBindingElement(
SecurityTokenParameters recipientTokenParameters,
SecurityTokenParameters initiatorTokenParameters,
bool allowSerializedSigningTokenOnReply)
: base()
{
this.messageProtectionOrder = SecurityBindingElement.defaultMessageProtectionOrder;
this.requireSignatureConfirmation = SecurityBindingElement.defaultRequireSignatureConfirmation;
this.initiatorTokenParameters = initiatorTokenParameters;
this.recipientTokenParameters = recipientTokenParameters;
this.allowSerializedSigningTokenOnReply = allowSerializedSigningTokenOnReply;
this.isCertificateSignatureBinding = false;
}
public bool AllowSerializedSigningTokenOnReply
{
get
{
return this.allowSerializedSigningTokenOnReply;
}
set
{
this.allowSerializedSigningTokenOnReply = value;
}
}
public SecurityTokenParameters InitiatorTokenParameters
{
get
{
return this.initiatorTokenParameters;
}
set
{
this.initiatorTokenParameters = value;
}
}
public MessageProtectionOrder MessageProtectionOrder
{
get
{
return this.messageProtectionOrder;
}
set
{
if (!MessageProtectionOrderHelper.IsDefined(value))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value"));
this.messageProtectionOrder = value;
}
}
public SecurityTokenParameters RecipientTokenParameters
{
get
{
return this.recipientTokenParameters;
}
set
{
this.recipientTokenParameters = value;
}
}
public bool RequireSignatureConfirmation
{
get
{
return this.requireSignatureConfirmation;
}
set
{
this.requireSignatureConfirmation = value;
}
}
internal override ISecurityCapabilities GetIndividualISecurityCapabilities()
{
ProtectionLevel requestProtectionLevel = ProtectionLevel.EncryptAndSign;
ProtectionLevel responseProtectionLevel = ProtectionLevel.EncryptAndSign;
bool supportsServerAuthentication = false;
if (IsCertificateSignatureBinding)
{
requestProtectionLevel = ProtectionLevel.Sign;
responseProtectionLevel = ProtectionLevel.None;
}
else if (RecipientTokenParameters != null)
{
supportsServerAuthentication = RecipientTokenParameters.SupportsServerAuthentication;
}
bool supportsClientAuthentication;
bool supportsClientWindowsIdentity;
GetSupportingTokensCapabilities(out supportsClientAuthentication, out supportsClientWindowsIdentity);
if (InitiatorTokenParameters != null)
{
supportsClientAuthentication = supportsClientAuthentication || InitiatorTokenParameters.SupportsClientAuthentication;
supportsClientWindowsIdentity = supportsClientWindowsIdentity || InitiatorTokenParameters.SupportsClientWindowsIdentity;
}
return new SecurityCapabilities(supportsClientAuthentication, supportsServerAuthentication, supportsClientWindowsIdentity,
requestProtectionLevel, responseProtectionLevel);
}
internal override bool SupportsDuplex
{
get { return !this.isCertificateSignatureBinding; }
}
internal override bool SupportsRequestReply
{
get
{
return !this.isCertificateSignatureBinding;
}
}
internal bool IsCertificateSignatureBinding
{
get { return this.isCertificateSignatureBinding; }
set { this.isCertificateSignatureBinding = value; }
}
public override void SetKeyDerivation(bool requireDerivedKeys)
{
base.SetKeyDerivation(requireDerivedKeys);
if (this.initiatorTokenParameters != null)
this.initiatorTokenParameters.RequireDerivedKeys = requireDerivedKeys;
if (this.recipientTokenParameters != null)
this.recipientTokenParameters.RequireDerivedKeys = requireDerivedKeys;
}
internal override bool IsSetKeyDerivation(bool requireDerivedKeys)
{
if (!base.IsSetKeyDerivation(requireDerivedKeys))
return false;
if (this.initiatorTokenParameters != null && this.initiatorTokenParameters.RequireDerivedKeys != requireDerivedKeys)
return false;
if (this.recipientTokenParameters != null && this.recipientTokenParameters.RequireDerivedKeys != requireDerivedKeys)
return false;
return true;
}
bool HasProtectionRequirements(ScopedMessagePartSpecification scopedParts)
{
foreach (string action in scopedParts.Actions)
{
MessagePartSpecification parts;
if (scopedParts.TryGetParts(action, out parts))
{
if (!parts.IsEmpty())
{
return true;
}
}
}
return false;
}
internal override SecurityProtocolFactory CreateSecurityProtocolFactory(BindingContext context, SecurityCredentialsManager credentialsManager, bool isForService, BindingContext issuerBindingContext)
{
if (context == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
if (credentialsManager == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("credentialsManager");
if (this.InitiatorTokenParameters == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.AsymmetricSecurityBindingElementNeedsInitiatorTokenParameters, this.ToString())));
if (this.RecipientTokenParameters == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.AsymmetricSecurityBindingElementNeedsRecipientTokenParameters, this.ToString())));
bool isDuplexSecurity = !this.isCertificateSignatureBinding && (typeof(IDuplexChannel) == typeof(TChannel) || typeof(IDuplexSessionChannel) == typeof(TChannel));
SecurityProtocolFactory protocolFactory;
AsymmetricSecurityProtocolFactory forward = new AsymmetricSecurityProtocolFactory();
forward.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, isForService));
forward.RequireConfidentiality = this.HasProtectionRequirements(forward.ProtectionRequirements.IncomingEncryptionParts);
forward.RequireIntegrity = this.HasProtectionRequirements(forward.ProtectionRequirements.IncomingSignatureParts);
if (this.isCertificateSignatureBinding)
{
if (isForService)
{
forward.ApplyIntegrity = forward.ApplyConfidentiality = false;
}
else
{
forward.ApplyConfidentiality = forward.RequireIntegrity = false;
}
}
else
{
forward.ApplyIntegrity = this.HasProtectionRequirements(forward.ProtectionRequirements.OutgoingSignatureParts);
forward.ApplyConfidentiality = this.HasProtectionRequirements(forward.ProtectionRequirements.OutgoingEncryptionParts);
}
if (isForService)
{
base.ApplyAuditBehaviorSettings(context, forward);
if (forward.RequireConfidentiality || (!this.isCertificateSignatureBinding && forward.ApplyIntegrity))
{
forward.AsymmetricTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone();
}
else
{
forward.AsymmetricTokenParameters = null;
}
forward.CryptoTokenParameters = this.InitiatorTokenParameters.Clone();
SetIssuerBindingContextIfRequired(forward.CryptoTokenParameters, issuerBindingContext);
}
else
{
if (forward.ApplyConfidentiality || (!this.isCertificateSignatureBinding && forward.RequireIntegrity))
{
forward.AsymmetricTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone();
}
else
{
forward.AsymmetricTokenParameters = null;
}
forward.CryptoTokenParameters = this.InitiatorTokenParameters.Clone();
SetIssuerBindingContextIfRequired(forward.CryptoTokenParameters, issuerBindingContext);
}
if (isDuplexSecurity)
{
if (isForService)
{
forward.ApplyConfidentiality = forward.ApplyIntegrity = false;
}
else
{
forward.RequireIntegrity = forward.RequireConfidentiality = false;
}
}
else
{
if (!isForService)
{
forward.AllowSerializedSigningTokenOnReply = this.AllowSerializedSigningTokenOnReply;
}
}
forward.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
forward.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
forward.MessageProtectionOrder = this.MessageProtectionOrder;
base.ConfigureProtocolFactory(forward, credentialsManager, isForService, issuerBindingContext, context.Binding);
if (!forward.RequireIntegrity)
forward.DetectReplays = false;
if (isDuplexSecurity)
{
AsymmetricSecurityProtocolFactory reverse = new AsymmetricSecurityProtocolFactory();
if (isForService)
{
reverse.AsymmetricTokenParameters = this.InitiatorTokenParameters.Clone();
reverse.AsymmetricTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External;
reverse.AsymmetricTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never;
reverse.CryptoTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone();
reverse.CryptoTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
reverse.CryptoTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
reverse.IdentityVerifier = null;
}
else
{
reverse.AsymmetricTokenParameters = this.InitiatorTokenParameters.Clone();
reverse.AsymmetricTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External;
reverse.AsymmetricTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never;
reverse.CryptoTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone();
reverse.CryptoTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
reverse.CryptoTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
reverse.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
}
reverse.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
reverse.MessageProtectionOrder = this.MessageProtectionOrder;
reverse.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, isForService));
if (isForService)
{
reverse.ApplyConfidentiality = this.HasProtectionRequirements(reverse.ProtectionRequirements.OutgoingEncryptionParts);
reverse.ApplyIntegrity = true;
reverse.RequireIntegrity = reverse.RequireConfidentiality = false;
}
else
{
reverse.RequireConfidentiality = this.HasProtectionRequirements(reverse.ProtectionRequirements.IncomingEncryptionParts);
reverse.RequireIntegrity = true;
reverse.ApplyIntegrity = reverse.ApplyConfidentiality = false;
}
base.ConfigureProtocolFactory(reverse, credentialsManager, !isForService, issuerBindingContext, context.Binding);
if (!reverse.RequireIntegrity)
reverse.DetectReplays = false;
// setup reverse here
reverse.IsDuplexReply = true;
DuplexSecurityProtocolFactory duplex = new DuplexSecurityProtocolFactory();
duplex.ForwardProtocolFactory = forward;
duplex.ReverseProtocolFactory = reverse;
protocolFactory = duplex;
}
else
{
protocolFactory = forward;
}
return protocolFactory;
}
internal override bool RequiresChannelDemuxer()
{
return (base.RequiresChannelDemuxer() || RequiresChannelDemuxer(this.InitiatorTokenParameters));
}
protected override IChannelFactory BuildChannelFactoryCore(BindingContext context)
{
ISecurityCapabilities securityCapabilities = this.GetProperty(context);
ChannelBuilder channelBuilder = new ChannelBuilder(context, RequiresChannelDemuxer());
BindingContext issuerBindingContext = context.Clone();
SecurityCredentialsManager credentialsManager = context.BindingParameters.Find();
if (credentialsManager == null)
{
credentialsManager = ClientCredentials.CreateDefaultCredentials();
}
SecurityProtocolFactory protocolFactory =
this.CreateSecurityProtocolFactory(context, credentialsManager, false, issuerBindingContext);
return new SecurityChannelFactory(securityCapabilities, context, channelBuilder, protocolFactory);
}
protected override IChannelListener BuildChannelListenerCore(BindingContext context)
{
ChannelBuilder channelBuilder = new ChannelBuilder(context, RequiresChannelDemuxer());
BindingContext issuerBindingContext = context.Clone();
SecurityChannelListener channelListener = new SecurityChannelListener(this, context);
SecurityCredentialsManager credentialsManager = context.BindingParameters.Find();
if (credentialsManager == null)
credentialsManager = ServiceCredentials.CreateDefaultCredentials();
SecurityProtocolFactory protocolFactory = this.CreateSecurityProtocolFactory(context, credentialsManager, true, issuerBindingContext);
channelListener.SecurityProtocolFactory = protocolFactory;
channelListener.InitializeListener(channelBuilder);
return channelListener;
}
public override T GetProperty(BindingContext context)
{
if (context == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
if (typeof(T) == typeof(ChannelProtectionRequirements))
{
AddressingVersion addressing = MessageVersion.Default.Addressing;
#pragma warning suppress 56506
MessageEncodingBindingElement encoding = context.Binding.Elements.Find();
if (encoding != null)
{
addressing = encoding.MessageVersion.Addressing;
}
ChannelProtectionRequirements myRequirements = base.GetProtectionRequirements(addressing, this.GetIndividualProperty().SupportedRequestProtectionLevel);
myRequirements.Add(context.GetInnerProperty()??new ChannelProtectionRequirements());
return (T)(object)myRequirements;
}
else
{
return base.GetProperty(context);
}
}
public override string ToString()
{
StringBuilder sb = new StringBuilder();
sb.AppendLine(base.ToString());
sb.AppendLine(String.Format(CultureInfo.InvariantCulture, "MessageProtectionOrder: {0}", this.messageProtectionOrder.ToString()));
sb.AppendLine(String.Format(CultureInfo.InvariantCulture, "RequireSignatureConfirmation: {0}", this.requireSignatureConfirmation.ToString()));
sb.Append("InitiatorTokenParameters: ");
if (this.initiatorTokenParameters != null)
sb.AppendLine(this.initiatorTokenParameters.ToString().Trim().Replace("\n", "\n "));
else
sb.AppendLine("null");
sb.Append("RecipientTokenParameters: ");
if (this.recipientTokenParameters != null)
sb.AppendLine(this.recipientTokenParameters.ToString().Trim().Replace("\n", "\n "));
else
sb.AppendLine("null");
return sb.ToString().Trim();
}
public override BindingElement Clone()
{
return new AsymmetricSecurityBindingElement(this);
}
void IPolicyExportExtension.ExportPolicy(MetadataExporter exporter, PolicyConversionContext context)
{
SecurityBindingElement.ExportPolicy(exporter, context);
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- XmlReflectionImporter.cs
- BindableTemplateBuilder.cs
- StructuredTypeInfo.cs
- WorkflowPersistenceService.cs
- Package.cs
- ReservationNotFoundException.cs
- CombinedTcpChannel.cs
- XPathItem.cs
- FileUpload.cs
- FixedPageAutomationPeer.cs
- MembershipUser.cs
- TabControl.cs
- MailMessageEventArgs.cs
- DataControlCommands.cs
- EditorPartCollection.cs
- PersonalizationAdministration.cs
- ObjectDataSourceStatusEventArgs.cs
- DynamicQueryStringParameter.cs
- WebPartEditorApplyVerb.cs
- EncodingTable.cs
- ConfigPathUtility.cs
- Glyph.cs
- ImportContext.cs
- IDQuery.cs
- TextUtf8RawTextWriter.cs
- StructureChangedEventArgs.cs
- BitmapMetadataBlob.cs
- QilParameter.cs
- ClientSideProviderDescription.cs
- FrameworkElement.cs
- ClaimSet.cs
- EmptyEnumerable.cs
- ImpersonateTokenRef.cs
- GridViewHeaderRowPresenterAutomationPeer.cs
- PanelContainerDesigner.cs
- PrivilegeNotHeldException.cs
- DependsOnAttribute.cs
- AnnotationComponentChooser.cs
- RenamedEventArgs.cs
- ItemCollection.cs
- ChannelTracker.cs
- SqlAliaser.cs
- EntityConnectionStringBuilder.cs
- QilUnary.cs
- KnownIds.cs
- SqlTypesSchemaImporter.cs
- DetailsViewInsertEventArgs.cs
- TabControlAutomationPeer.cs
- WebServiceAttribute.cs
- HttpHandlersSection.cs
- FontCacheUtil.cs
- HijriCalendar.cs
- VisualBasicSettingsConverter.cs
- HebrewCalendar.cs
- ThreadStartException.cs
- Triplet.cs
- KnownTypesHelper.cs
- ipaddressinformationcollection.cs
- ConfigXmlComment.cs
- DataGridHyperlinkColumn.cs
- DriveNotFoundException.cs
- Constraint.cs
- ProcessDesigner.cs
- TemplateBuilder.cs
- RuleSettings.cs
- metadatamappinghashervisitor.cs
- ScriptServiceAttribute.cs
- ApplicationManager.cs
- DeleteHelper.cs
- TextProviderWrapper.cs
- ExpressionEvaluator.cs
- AnimationStorage.cs
- QueryValue.cs
- DataBoundLiteralControl.cs
- xmlformatgeneratorstatics.cs
- ParagraphResult.cs
- Visual.cs
- ColumnHeader.cs
- DebugController.cs
- ServerIdentity.cs
- UDPClient.cs
- BatchParser.cs
- SimpleWorkerRequest.cs
- isolationinterop.cs
- GeneralTransform3DGroup.cs
- Baml2006KeyRecord.cs
- DataGridPageChangedEventArgs.cs
- ConsumerConnectionPointCollection.cs
- SynchronizationLockException.cs
- HtmlElementEventArgs.cs
- ValidateNames.cs
- CannotUnloadAppDomainException.cs
- CorrelationService.cs
- NullableBoolConverter.cs
- Rule.cs
- SystemKeyConverter.cs
- LinqDataSource.cs
- KeyValueConfigurationCollection.cs
- ModulesEntry.cs
- NavigationCommands.cs