Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / Channels / AsymmetricSecurityBindingElement.cs / 1 / AsymmetricSecurityBindingElement.cs
//------------------------------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
//-----------------------------------------------------------------------------
namespace System.ServiceModel.Channels
{
using System;
using System.ServiceModel.Description;
using System.Xml;
using System.Collections.Generic;
using System.Globalization;
using System.Runtime.Serialization;
using System.ServiceModel;
using System.ServiceModel.Security;
using System.ServiceModel.Security.Tokens;
using System.Net.Security;
using System.Text;
public sealed class AsymmetricSecurityBindingElement : SecurityBindingElement, IPolicyExportExtension
{
internal const bool defaultAllowSerializedSigningTokenOnReply = false;
bool allowSerializedSigningTokenOnReply;
SecurityTokenParameters initiatorTokenParameters;
MessageProtectionOrder messageProtectionOrder;
SecurityTokenParameters recipientTokenParameters;
bool requireSignatureConfirmation;
bool isCertificateSignatureBinding;
AsymmetricSecurityBindingElement(AsymmetricSecurityBindingElement elementToBeCloned)
: base(elementToBeCloned)
{
if (elementToBeCloned.initiatorTokenParameters != null)
this.initiatorTokenParameters = (SecurityTokenParameters)elementToBeCloned.initiatorTokenParameters.Clone();
this.messageProtectionOrder = elementToBeCloned.messageProtectionOrder;
if (elementToBeCloned.recipientTokenParameters != null)
this.recipientTokenParameters = (SecurityTokenParameters)elementToBeCloned.recipientTokenParameters.Clone();
this.requireSignatureConfirmation = elementToBeCloned.requireSignatureConfirmation;
this.allowSerializedSigningTokenOnReply = elementToBeCloned.allowSerializedSigningTokenOnReply;
this.isCertificateSignatureBinding = elementToBeCloned.isCertificateSignatureBinding;
}
public AsymmetricSecurityBindingElement()
: this(null, null)
{
// empty
}
public AsymmetricSecurityBindingElement(SecurityTokenParameters recipientTokenParameters)
: this(recipientTokenParameters, null)
{
// empty
}
public AsymmetricSecurityBindingElement(SecurityTokenParameters recipientTokenParameters, SecurityTokenParameters initiatorTokenParameters)
: this(recipientTokenParameters, initiatorTokenParameters, AsymmetricSecurityBindingElement.defaultAllowSerializedSigningTokenOnReply)
{
// empty
}
internal AsymmetricSecurityBindingElement(
SecurityTokenParameters recipientTokenParameters,
SecurityTokenParameters initiatorTokenParameters,
bool allowSerializedSigningTokenOnReply)
: base()
{
this.messageProtectionOrder = SecurityBindingElement.defaultMessageProtectionOrder;
this.requireSignatureConfirmation = SecurityBindingElement.defaultRequireSignatureConfirmation;
this.initiatorTokenParameters = initiatorTokenParameters;
this.recipientTokenParameters = recipientTokenParameters;
this.allowSerializedSigningTokenOnReply = allowSerializedSigningTokenOnReply;
this.isCertificateSignatureBinding = false;
}
public bool AllowSerializedSigningTokenOnReply
{
get
{
return this.allowSerializedSigningTokenOnReply;
}
set
{
this.allowSerializedSigningTokenOnReply = value;
}
}
public SecurityTokenParameters InitiatorTokenParameters
{
get
{
return this.initiatorTokenParameters;
}
set
{
this.initiatorTokenParameters = value;
}
}
public MessageProtectionOrder MessageProtectionOrder
{
get
{
return this.messageProtectionOrder;
}
set
{
if (!MessageProtectionOrderHelper.IsDefined(value))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value"));
this.messageProtectionOrder = value;
}
}
public SecurityTokenParameters RecipientTokenParameters
{
get
{
return this.recipientTokenParameters;
}
set
{
this.recipientTokenParameters = value;
}
}
public bool RequireSignatureConfirmation
{
get
{
return this.requireSignatureConfirmation;
}
set
{
this.requireSignatureConfirmation = value;
}
}
internal override ISecurityCapabilities GetIndividualISecurityCapabilities()
{
ProtectionLevel requestProtectionLevel = ProtectionLevel.EncryptAndSign;
ProtectionLevel responseProtectionLevel = ProtectionLevel.EncryptAndSign;
bool supportsServerAuthentication = false;
if (IsCertificateSignatureBinding)
{
requestProtectionLevel = ProtectionLevel.Sign;
responseProtectionLevel = ProtectionLevel.None;
}
else if (RecipientTokenParameters != null)
{
supportsServerAuthentication = RecipientTokenParameters.SupportsServerAuthentication;
}
bool supportsClientAuthentication;
bool supportsClientWindowsIdentity;
GetSupportingTokensCapabilities(out supportsClientAuthentication, out supportsClientWindowsIdentity);
if (InitiatorTokenParameters != null)
{
supportsClientAuthentication = supportsClientAuthentication || InitiatorTokenParameters.SupportsClientAuthentication;
supportsClientWindowsIdentity = supportsClientWindowsIdentity || InitiatorTokenParameters.SupportsClientWindowsIdentity;
}
return new SecurityCapabilities(supportsClientAuthentication, supportsServerAuthentication, supportsClientWindowsIdentity,
requestProtectionLevel, responseProtectionLevel);
}
internal override bool SupportsDuplex
{
get { return !this.isCertificateSignatureBinding; }
}
internal override bool SupportsRequestReply
{
get
{
return !this.isCertificateSignatureBinding;
}
}
internal bool IsCertificateSignatureBinding
{
get { return this.isCertificateSignatureBinding; }
set { this.isCertificateSignatureBinding = value; }
}
public override void SetKeyDerivation(bool requireDerivedKeys)
{
base.SetKeyDerivation(requireDerivedKeys);
if (this.initiatorTokenParameters != null)
this.initiatorTokenParameters.RequireDerivedKeys = requireDerivedKeys;
if (this.recipientTokenParameters != null)
this.recipientTokenParameters.RequireDerivedKeys = requireDerivedKeys;
}
internal override bool IsSetKeyDerivation(bool requireDerivedKeys)
{
if (!base.IsSetKeyDerivation(requireDerivedKeys))
return false;
if (this.initiatorTokenParameters != null && this.initiatorTokenParameters.RequireDerivedKeys != requireDerivedKeys)
return false;
if (this.recipientTokenParameters != null && this.recipientTokenParameters.RequireDerivedKeys != requireDerivedKeys)
return false;
return true;
}
bool HasProtectionRequirements(ScopedMessagePartSpecification scopedParts)
{
foreach (string action in scopedParts.Actions)
{
MessagePartSpecification parts;
if (scopedParts.TryGetParts(action, out parts))
{
if (!parts.IsEmpty())
{
return true;
}
}
}
return false;
}
internal override SecurityProtocolFactory CreateSecurityProtocolFactory(BindingContext context, SecurityCredentialsManager credentialsManager, bool isForService, BindingContext issuerBindingContext)
{
if (context == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
if (credentialsManager == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("credentialsManager");
if (this.InitiatorTokenParameters == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.AsymmetricSecurityBindingElementNeedsInitiatorTokenParameters, this.ToString())));
if (this.RecipientTokenParameters == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.AsymmetricSecurityBindingElementNeedsRecipientTokenParameters, this.ToString())));
bool isDuplexSecurity = !this.isCertificateSignatureBinding && (typeof(IDuplexChannel) == typeof(TChannel) || typeof(IDuplexSessionChannel) == typeof(TChannel));
SecurityProtocolFactory protocolFactory;
AsymmetricSecurityProtocolFactory forward = new AsymmetricSecurityProtocolFactory();
forward.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, isForService));
forward.RequireConfidentiality = this.HasProtectionRequirements(forward.ProtectionRequirements.IncomingEncryptionParts);
forward.RequireIntegrity = this.HasProtectionRequirements(forward.ProtectionRequirements.IncomingSignatureParts);
if (this.isCertificateSignatureBinding)
{
if (isForService)
{
forward.ApplyIntegrity = forward.ApplyConfidentiality = false;
}
else
{
forward.ApplyConfidentiality = forward.RequireIntegrity = false;
}
}
else
{
forward.ApplyIntegrity = this.HasProtectionRequirements(forward.ProtectionRequirements.OutgoingSignatureParts);
forward.ApplyConfidentiality = this.HasProtectionRequirements(forward.ProtectionRequirements.OutgoingEncryptionParts);
}
if (isForService)
{
base.ApplyAuditBehaviorSettings(context, forward);
if (forward.RequireConfidentiality || (!this.isCertificateSignatureBinding && forward.ApplyIntegrity))
{
forward.AsymmetricTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone();
}
else
{
forward.AsymmetricTokenParameters = null;
}
forward.CryptoTokenParameters = this.InitiatorTokenParameters.Clone();
SetIssuerBindingContextIfRequired(forward.CryptoTokenParameters, issuerBindingContext);
}
else
{
if (forward.ApplyConfidentiality || (!this.isCertificateSignatureBinding && forward.RequireIntegrity))
{
forward.AsymmetricTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone();
}
else
{
forward.AsymmetricTokenParameters = null;
}
forward.CryptoTokenParameters = this.InitiatorTokenParameters.Clone();
SetIssuerBindingContextIfRequired(forward.CryptoTokenParameters, issuerBindingContext);
}
if (isDuplexSecurity)
{
if (isForService)
{
forward.ApplyConfidentiality = forward.ApplyIntegrity = false;
}
else
{
forward.RequireIntegrity = forward.RequireConfidentiality = false;
}
}
else
{
if (!isForService)
{
forward.AllowSerializedSigningTokenOnReply = this.AllowSerializedSigningTokenOnReply;
}
}
forward.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
forward.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
forward.MessageProtectionOrder = this.MessageProtectionOrder;
base.ConfigureProtocolFactory(forward, credentialsManager, isForService, issuerBindingContext, context.Binding);
if (!forward.RequireIntegrity)
forward.DetectReplays = false;
if (isDuplexSecurity)
{
AsymmetricSecurityProtocolFactory reverse = new AsymmetricSecurityProtocolFactory();
if (isForService)
{
reverse.AsymmetricTokenParameters = this.InitiatorTokenParameters.Clone();
reverse.AsymmetricTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External;
reverse.AsymmetricTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never;
reverse.CryptoTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone();
reverse.CryptoTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
reverse.CryptoTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
reverse.IdentityVerifier = null;
}
else
{
reverse.AsymmetricTokenParameters = this.InitiatorTokenParameters.Clone();
reverse.AsymmetricTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External;
reverse.AsymmetricTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never;
reverse.CryptoTokenParameters = (SecurityTokenParameters)this.RecipientTokenParameters.Clone();
reverse.CryptoTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
reverse.CryptoTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
reverse.IdentityVerifier = this.LocalClientSettings.IdentityVerifier;
}
reverse.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation;
reverse.MessageProtectionOrder = this.MessageProtectionOrder;
reverse.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, isForService));
if (isForService)
{
reverse.ApplyConfidentiality = this.HasProtectionRequirements(reverse.ProtectionRequirements.OutgoingEncryptionParts);
reverse.ApplyIntegrity = true;
reverse.RequireIntegrity = reverse.RequireConfidentiality = false;
}
else
{
reverse.RequireConfidentiality = this.HasProtectionRequirements(reverse.ProtectionRequirements.IncomingEncryptionParts);
reverse.RequireIntegrity = true;
reverse.ApplyIntegrity = reverse.ApplyConfidentiality = false;
}
base.ConfigureProtocolFactory(reverse, credentialsManager, !isForService, issuerBindingContext, context.Binding);
if (!reverse.RequireIntegrity)
reverse.DetectReplays = false;
// setup reverse here
reverse.IsDuplexReply = true;
DuplexSecurityProtocolFactory duplex = new DuplexSecurityProtocolFactory();
duplex.ForwardProtocolFactory = forward;
duplex.ReverseProtocolFactory = reverse;
protocolFactory = duplex;
}
else
{
protocolFactory = forward;
}
return protocolFactory;
}
internal override bool RequiresChannelDemuxer()
{
return (base.RequiresChannelDemuxer() || RequiresChannelDemuxer(this.InitiatorTokenParameters));
}
protected override IChannelFactory BuildChannelFactoryCore(BindingContext context)
{
ISecurityCapabilities securityCapabilities = this.GetProperty(context);
ChannelBuilder channelBuilder = new ChannelBuilder(context, RequiresChannelDemuxer());
BindingContext issuerBindingContext = context.Clone();
SecurityCredentialsManager credentialsManager = context.BindingParameters.Find();
if (credentialsManager == null)
{
credentialsManager = ClientCredentials.CreateDefaultCredentials();
}
SecurityProtocolFactory protocolFactory =
this.CreateSecurityProtocolFactory(context, credentialsManager, false, issuerBindingContext);
return new SecurityChannelFactory(securityCapabilities, context, channelBuilder, protocolFactory);
}
protected override IChannelListener BuildChannelListenerCore(BindingContext context)
{
ChannelBuilder channelBuilder = new ChannelBuilder(context, RequiresChannelDemuxer());
BindingContext issuerBindingContext = context.Clone();
SecurityChannelListener channelListener = new SecurityChannelListener(this, context);
SecurityCredentialsManager credentialsManager = context.BindingParameters.Find();
if (credentialsManager == null)
credentialsManager = ServiceCredentials.CreateDefaultCredentials();
SecurityProtocolFactory protocolFactory = this.CreateSecurityProtocolFactory(context, credentialsManager, true, issuerBindingContext);
channelListener.SecurityProtocolFactory = protocolFactory;
channelListener.InitializeListener(channelBuilder);
return channelListener;
}
public override T GetProperty(BindingContext context)
{
if (context == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
if (typeof(T) == typeof(ChannelProtectionRequirements))
{
AddressingVersion addressing = MessageVersion.Default.Addressing;
#pragma warning suppress 56506
MessageEncodingBindingElement encoding = context.Binding.Elements.Find();
if (encoding != null)
{
addressing = encoding.MessageVersion.Addressing;
}
ChannelProtectionRequirements myRequirements = base.GetProtectionRequirements(addressing, this.GetIndividualProperty().SupportedRequestProtectionLevel);
myRequirements.Add(context.GetInnerProperty()??new ChannelProtectionRequirements());
return (T)(object)myRequirements;
}
else
{
return base.GetProperty(context);
}
}
public override string ToString()
{
StringBuilder sb = new StringBuilder();
sb.AppendLine(base.ToString());
sb.AppendLine(String.Format(CultureInfo.InvariantCulture, "MessageProtectionOrder: {0}", this.messageProtectionOrder.ToString()));
sb.AppendLine(String.Format(CultureInfo.InvariantCulture, "RequireSignatureConfirmation: {0}", this.requireSignatureConfirmation.ToString()));
sb.Append("InitiatorTokenParameters: ");
if (this.initiatorTokenParameters != null)
sb.AppendLine(this.initiatorTokenParameters.ToString().Trim().Replace("\n", "\n "));
else
sb.AppendLine("null");
sb.Append("RecipientTokenParameters: ");
if (this.recipientTokenParameters != null)
sb.AppendLine(this.recipientTokenParameters.ToString().Trim().Replace("\n", "\n "));
else
sb.AppendLine("null");
return sb.ToString().Trim();
}
public override BindingElement Clone()
{
return new AsymmetricSecurityBindingElement(this);
}
void IPolicyExportExtension.ExportPolicy(MetadataExporter exporter, PolicyConversionContext context)
{
SecurityBindingElement.ExportPolicy(exporter, context);
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- SqlDataSource.cs
- NamedPipeTransportManager.cs
- ExpressionEditor.cs
- ActivityTypeResolver.xaml.cs
- GiveFeedbackEvent.cs
- GeometryCombineModeValidation.cs
- TransactionBehavior.cs
- DataTableMappingCollection.cs
- WorkflowPersistenceContext.cs
- ListViewItemEventArgs.cs
- BasicHttpMessageSecurityElement.cs
- NullExtension.cs
- StateDesigner.TransitionInfo.cs
- AlphaSortedEnumConverter.cs
- SecurityCriticalDataForSet.cs
- ObjectItemConventionAssemblyLoader.cs
- StreamBodyWriter.cs
- Rect.cs
- ServiceDescriptionData.cs
- TableItemProviderWrapper.cs
- HierarchicalDataSourceControl.cs
- BrowserDefinition.cs
- ComplexPropertyEntry.cs
- WebPartManagerDesigner.cs
- ObjectTypeMapping.cs
- DataGridViewAutoSizeColumnsModeEventArgs.cs
- ObjectCloneHelper.cs
- TCPListener.cs
- PrintPreviewGraphics.cs
- WindowsTab.cs
- NonPrimarySelectionGlyph.cs
- Maps.cs
- dtdvalidator.cs
- NameValueFileSectionHandler.cs
- SqlDependency.cs
- ObjectCacheSettings.cs
- TypeExtension.cs
- GAC.cs
- SequenceNumber.cs
- XPathCompileException.cs
- EmptyReadOnlyDictionaryInternal.cs
- BaseCAMarshaler.cs
- WriteFileContext.cs
- NavigationExpr.cs
- ZoneIdentityPermission.cs
- UmAlQuraCalendar.cs
- CodeGotoStatement.cs
- ValueUtilsSmi.cs
- DesignerAdapterUtil.cs
- HierarchicalDataBoundControl.cs
- AuthorizationSection.cs
- InvokeGenerator.cs
- FactoryMaker.cs
- FormsIdentity.cs
- ControlSerializer.cs
- EasingQuaternionKeyFrame.cs
- HttpAsyncResult.cs
- Style.cs
- DataGridViewEditingControlShowingEventArgs.cs
- BamlRecordReader.cs
- ImpersonationContext.cs
- PropertyStore.cs
- NodeLabelEditEvent.cs
- ConnectionPoint.cs
- InputScopeConverter.cs
- HtmlTextArea.cs
- AsyncOperation.cs
- ItemCollection.cs
- RangeValuePatternIdentifiers.cs
- ClientUrlResolverWrapper.cs
- MultiTouchSystemGestureLogic.cs
- ItemCollection.cs
- CompilationRelaxations.cs
- LicenseContext.cs
- IPHostEntry.cs
- XmlSchemaSimpleContent.cs
- PixelFormat.cs
- DefaultAssemblyResolver.cs
- DoubleCollectionValueSerializer.cs
- WebPartEditorCancelVerb.cs
- EncoderParameter.cs
- VersionedStream.cs
- QilLiteral.cs
- Win32MouseDevice.cs
- MSG.cs
- xsdvalidator.cs
- NativeWindow.cs
- DataServiceBuildProvider.cs
- PropertyTab.cs
- ObsoleteAttribute.cs
- CombinedGeometry.cs
- BulletChrome.cs
- NullRuntimeConfig.cs
- MimeParameter.cs
- IPipelineRuntime.cs
- ColumnMapVisitor.cs
- BindingNavigator.cs
- CapabilitiesRule.cs
- DBDataPermissionAttribute.cs
- WindowsIdentity.cs