Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / Security / AsymmetricSecurityProtocol.cs / 1 / AsymmetricSecurityProtocol.cs
//---------------------------------------------------------- // Copyright (c) Microsoft Corporation. All rights reserved. //----------------------------------------------------------- namespace System.ServiceModel.Security { using System.IdentityModel.Tokens; using System.ServiceModel.Channels; using System.ServiceModel; using System.ServiceModel.Description; using System.IdentityModel.Policy; using System.IdentityModel.Selectors; using System.ServiceModel.Security.Tokens; using System.ServiceModel.Diagnostics; using System.Collections.Generic; using System.Collections.ObjectModel; sealed class AsymmetricSecurityProtocol : MessageSecurityProtocol { SecurityTokenAuthenticator initiatorAsymmetricTokenAuthenticator; SecurityTokenProvider initiatorAsymmetricTokenProvider; SecurityTokenProvider initiatorCryptoTokenProvider; public AsymmetricSecurityProtocol(AsymmetricSecurityProtocolFactory factory, EndpointAddress target, Uri via) : base(factory, target, via) { } protected override bool DoAutomaticEncryptionMatch { get { return false; } } AsymmetricSecurityProtocolFactory Factory { get { return (AsymmetricSecurityProtocolFactory)base.MessageSecurityProtocolFactory; } } public SecurityTokenProvider InitiatorCryptoTokenProvider { get { this.CommunicationObject.ThrowIfNotOpened(); return this.initiatorCryptoTokenProvider; } } public SecurityTokenAuthenticator InitiatorAsymmetricTokenAuthenticator { get { this.CommunicationObject.ThrowIfNotOpened(); return this.initiatorAsymmetricTokenAuthenticator; } } public SecurityTokenProvider InitiatorAsymmetricTokenProvider { get { this.CommunicationObject.ThrowIfNotOpened(); return this.initiatorAsymmetricTokenProvider; } } public override void OnOpen(TimeSpan timeout) { TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); base.OnOpen(timeoutHelper.RemainingTime()); if (this.Factory.ActAsInitiator) { if (this.Factory.ApplyIntegrity) { InitiatorServiceModelSecurityTokenRequirement requirement = CreateInitiatorSecurityTokenRequirement(); this.Factory.CryptoTokenParameters.InitializeSecurityTokenRequirement(requirement); requirement.KeyUsage = SecurityKeyUsage.Signature; requirement.Properties[ServiceModelSecurityTokenRequirement.MessageDirectionProperty] = MessageDirection.Output; this.initiatorCryptoTokenProvider = this.Factory.SecurityTokenManager.CreateSecurityTokenProvider(requirement); SecurityUtils.OpenTokenProviderIfRequired(this.initiatorCryptoTokenProvider, timeoutHelper.RemainingTime()); } if (this.Factory.RequireIntegrity || this.Factory.ApplyConfidentiality) { InitiatorServiceModelSecurityTokenRequirement providerRequirement = CreateInitiatorSecurityTokenRequirement(); this.Factory.AsymmetricTokenParameters.InitializeSecurityTokenRequirement(providerRequirement); providerRequirement.KeyUsage = SecurityKeyUsage.Exchange; providerRequirement.Properties[ServiceModelSecurityTokenRequirement.MessageDirectionProperty] = (this.Factory.ApplyConfidentiality) ? MessageDirection.Output : MessageDirection.Input; this.initiatorAsymmetricTokenProvider = this.Factory.SecurityTokenManager.CreateSecurityTokenProvider(providerRequirement); SecurityUtils.OpenTokenProviderIfRequired(this.initiatorAsymmetricTokenProvider, timeoutHelper.RemainingTime()); InitiatorServiceModelSecurityTokenRequirement authenticatorRequirement = CreateInitiatorSecurityTokenRequirement(); this.Factory.AsymmetricTokenParameters.InitializeSecurityTokenRequirement(authenticatorRequirement); authenticatorRequirement.IsOutOfBandToken = !this.Factory.AllowSerializedSigningTokenOnReply; authenticatorRequirement.KeyUsage = SecurityKeyUsage.Exchange; authenticatorRequirement.Properties[ServiceModelSecurityTokenRequirement.MessageDirectionProperty] = (this.Factory.ApplyConfidentiality) ? MessageDirection.Output : MessageDirection.Input; // Create authenticator (we dont support out of band resolvers on the client side SecurityTokenResolver outOfBandTokenResolver; this.initiatorAsymmetricTokenAuthenticator = this.Factory.SecurityTokenManager.CreateSecurityTokenAuthenticator(authenticatorRequirement, out outOfBandTokenResolver); SecurityUtils.OpenTokenAuthenticatorIfRequired(this.initiatorAsymmetricTokenAuthenticator, timeoutHelper.RemainingTime()); } } } public override void OnAbort() { if (this.Factory.ActAsInitiator) { if (this.initiatorCryptoTokenProvider != null) { SecurityUtils.AbortTokenProviderIfRequired(this.initiatorCryptoTokenProvider); } if (this.initiatorAsymmetricTokenProvider != null) { SecurityUtils.AbortTokenProviderIfRequired(this.initiatorAsymmetricTokenProvider); } if (this.initiatorAsymmetricTokenAuthenticator != null) { SecurityUtils.AbortTokenAuthenticatorIfRequired(this.initiatorAsymmetricTokenAuthenticator); } } base.OnAbort(); } public override void OnClose(TimeSpan timeout) { TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); if (this.Factory.ActAsInitiator) { if (this.initiatorCryptoTokenProvider != null) { SecurityUtils.CloseTokenProviderIfRequired(this.initiatorCryptoTokenProvider, timeoutHelper.RemainingTime()); } if (this.initiatorAsymmetricTokenProvider != null) { SecurityUtils.CloseTokenProviderIfRequired(this.initiatorAsymmetricTokenProvider, timeoutHelper.RemainingTime()); } if (this.initiatorAsymmetricTokenAuthenticator != null) { SecurityUtils.CloseTokenAuthenticatorIfRequired(this.initiatorAsymmetricTokenAuthenticator, timeoutHelper.RemainingTime()); } } base.OnClose(timeoutHelper.RemainingTime()); } protected override IAsyncResult BeginSecureOutgoingMessageCore(Message message, TimeSpan timeout, SecurityProtocolCorrelationState correlationState, AsyncCallback callback, object state) { SecurityToken encryptingToken; SecurityToken signingToken; SecurityProtocolCorrelationState newCorrelationState; IListsupportingTokens; TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); if (TryGetTokenSynchronouslyForOutgoingSecurity(message, correlationState, false, timeoutHelper.RemainingTime(), out encryptingToken, out signingToken, out supportingTokens, out newCorrelationState)) { SetUpDelayedSecurityExecution(ref message, encryptingToken, signingToken, supportingTokens, GetSignatureConfirmationCorrelationState(correlationState, newCorrelationState)); return new TypedCompletedAsyncResult (message, newCorrelationState, callback, state); } else { if (this.Factory.ActAsInitiator == false) { DiagnosticUtility.DebugAssert("Unexpected code path for server security application"); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SendingOutgoingmessageOnRecipient))); } AsymmetricSecurityProtocolFactory factory = this.Factory; SecurityTokenProvider encProvider = factory.ApplyConfidentiality ? this.initiatorAsymmetricTokenProvider : null; SecurityTokenProvider sigProvider = factory.ApplyIntegrity ? this.initiatorCryptoTokenProvider : null; return new SecureOutgoingMessageAsyncResult(message, this, encProvider, sigProvider, factory.ApplyConfidentiality, this.initiatorAsymmetricTokenAuthenticator, correlationState, timeoutHelper.RemainingTime(), callback, state); } } protected override void EndSecureOutgoingMessageCore(IAsyncResult result, out Message message, out SecurityProtocolCorrelationState newCorrelationState) { if (result is TypedCompletedAsyncResult ) { message = TypedCompletedAsyncResult .End(result, out newCorrelationState); } else { message = SecureOutgoingMessageAsyncResult.End(result, out newCorrelationState); } } protected override SecurityProtocolCorrelationState SecureOutgoingMessageCore(ref Message message, TimeSpan timeout, SecurityProtocolCorrelationState correlationState) { SecurityToken encryptingToken; SecurityToken signingToken; SecurityProtocolCorrelationState newCorrelationState; IList supportingTokens; TryGetTokenSynchronouslyForOutgoingSecurity(message, correlationState, true, timeout, out encryptingToken, out signingToken, out supportingTokens, out newCorrelationState); SetUpDelayedSecurityExecution(ref message, encryptingToken, signingToken, supportingTokens, GetSignatureConfirmationCorrelationState(correlationState, newCorrelationState)); return newCorrelationState; } void SetUpDelayedSecurityExecution(ref Message message, SecurityToken encryptingToken, SecurityToken signingToken, IList supportingTokens, SecurityProtocolCorrelationState correlationState) { AsymmetricSecurityProtocolFactory factory = this.Factory; string actor = string.Empty; SendSecurityHeader securityHeader = ConfigureSendSecurityHeader(message, actor, supportingTokens, correlationState); SecurityTokenParameters signingTokenParameters = (this.Factory.ActAsInitiator) ? this.Factory.CryptoTokenParameters : this.Factory.AsymmetricTokenParameters; SecurityTokenParameters encryptionTokenParameters = (this.Factory.ActAsInitiator) ? this.Factory.AsymmetricTokenParameters : this.Factory.CryptoTokenParameters; if (this.Factory.ApplyIntegrity || securityHeader.HasSignedTokens) { if (!this.Factory.ApplyIntegrity) { securityHeader.SignatureParts = MessagePartSpecification.NoParts; } securityHeader.SetSigningToken(signingToken, signingTokenParameters); } if (Factory.ApplyConfidentiality || securityHeader.HasEncryptedTokens) { if (!this.Factory.ApplyConfidentiality) { securityHeader.EncryptionParts = MessagePartSpecification.NoParts; } securityHeader.SetEncryptionToken(encryptingToken, encryptionTokenParameters); } message = securityHeader.SetupExecution(); } void AttachRecipientSecurityProperty(Message message, SecurityToken initiatorToken, SecurityToken recipientToken, IList basicTokens, IList endorsingTokens, IList signedEndorsingTokens, IList signedTokens, Dictionary > tokenPoliciesMapping) { SecurityMessageProperty security = SecurityMessageProperty.GetOrCreate(message); security.InitiatorToken = (initiatorToken != null) ? new SecurityTokenSpecification(initiatorToken, tokenPoliciesMapping[initiatorToken]) : null; security.RecipientToken = (recipientToken != null) ? new SecurityTokenSpecification(recipientToken, EmptyReadOnlyCollection .Instance) : null; AddSupportingTokenSpecification(security, basicTokens, endorsingTokens, signedEndorsingTokens, signedTokens, tokenPoliciesMapping); security.ServiceSecurityContext = new ServiceSecurityContext(security.GetInitiatorTokenAuthorizationPolicies()); } void DoIdentityCheckAndAttachInitiatorSecurityProperty(Message message, SecurityToken initiatorToken, SecurityToken recipientToken, ReadOnlyCollection recipientTokenPolicies) { AuthorizationContext recipientAuthorizationContext = base.EnsureIncomingIdentity(message, recipientToken, recipientTokenPolicies); SecurityMessageProperty security = SecurityMessageProperty.GetOrCreate(message); security.InitiatorToken = (initiatorToken != null) ? new SecurityTokenSpecification(initiatorToken, EmptyReadOnlyCollection .Instance) : null; security.RecipientToken = new SecurityTokenSpecification(recipientToken, recipientTokenPolicies); security.ServiceSecurityContext = new ServiceSecurityContext(recipientAuthorizationContext, recipientTokenPolicies ?? EmptyReadOnlyCollection .Instance); } protected override SecurityProtocolCorrelationState VerifyIncomingMessageCore(ref Message message, string actor, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates) { AsymmetricSecurityProtocolFactory factory = this.Factory; IList supportingAuthenticators; TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); ReceiveSecurityHeader securityHeader = ConfigureReceiveSecurityHeader(message, string.Empty, correlationStates, out supportingAuthenticators); SecurityToken requiredReplySigningToken = null; if (factory.ActAsInitiator) { SecurityToken encryptionToken = null; SecurityToken receiverToken = null; if (factory.RequireIntegrity) { receiverToken = GetToken(this.initiatorAsymmetricTokenProvider, null, timeoutHelper.RemainingTime()); requiredReplySigningToken = receiverToken; } if (factory.RequireConfidentiality) { encryptionToken = GetCorrelationToken(correlationStates); if (!SecurityUtils.HasSymmetricSecurityKey(encryptionToken)) { securityHeader.WrappedKeySecurityTokenAuthenticator = this.Factory.WrappedKeySecurityTokenAuthenticator; } } SecurityTokenAuthenticator primaryTokenAuthenticator; if (factory.AllowSerializedSigningTokenOnReply) { primaryTokenAuthenticator = this.initiatorAsymmetricTokenAuthenticator; requiredReplySigningToken = null; } else { primaryTokenAuthenticator = null; } securityHeader.ConfigureAsymmetricBindingClientReceiveHeader(receiverToken, factory.AsymmetricTokenParameters, encryptionToken, factory.CryptoTokenParameters, primaryTokenAuthenticator); } else { SecurityToken wrappingToken; if (this.Factory.RecipientAsymmetricTokenProvider != null && this.Factory.RequireConfidentiality) { wrappingToken = GetToken(factory.RecipientAsymmetricTokenProvider, null, timeoutHelper.RemainingTime()); } else { wrappingToken = null; } securityHeader.ConfigureAsymmetricBindingServerReceiveHeader(this.Factory.RecipientCryptoTokenAuthenticator, this.Factory.CryptoTokenParameters, wrappingToken, this.Factory.AsymmetricTokenParameters, supportingAuthenticators); securityHeader.WrappedKeySecurityTokenAuthenticator = this.Factory.WrappedKeySecurityTokenAuthenticator; securityHeader.ConfigureOutOfBandTokenResolver(MergeOutOfBandResolvers(supportingAuthenticators, this.Factory.RecipientOutOfBandTokenResolverList)); } ProcessSecurityHeader(securityHeader, ref message, requiredReplySigningToken, timeoutHelper.RemainingTime(), correlationStates); SecurityToken signingToken = securityHeader.SignatureToken; SecurityToken encryptingToken = securityHeader.EncryptionToken; if (factory.RequireIntegrity) { if (factory.ActAsInitiator) { ReadOnlyCollection signingTokenPolicies = this.initiatorAsymmetricTokenAuthenticator.ValidateToken(signingToken); EnsureNonWrappedToken(signingToken, message); DoIdentityCheckAndAttachInitiatorSecurityProperty(message, encryptingToken, signingToken, signingTokenPolicies); } else { EnsureNonWrappedToken(signingToken, message); AttachRecipientSecurityProperty(message, signingToken, encryptingToken, securityHeader.BasicSupportingTokens, securityHeader.EndorsingSupportingTokens, securityHeader.SignedEndorsingSupportingTokens, securityHeader.SignedSupportingTokens, securityHeader.SecurityTokenAuthorizationPoliciesMapping); } } return GetCorrelationState(signingToken, securityHeader); } bool TryGetTokenSynchronouslyForOutgoingSecurity(Message message, SecurityProtocolCorrelationState correlationState, bool isBlockingCall, TimeSpan timeout, out SecurityToken encryptingToken, out SecurityToken signingToken, out IList supportingTokens, out SecurityProtocolCorrelationState newCorrelationState) { AsymmetricSecurityProtocolFactory factory = this.Factory; encryptingToken = null; signingToken = null; newCorrelationState = null; supportingTokens = null; TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); if (factory.ActAsInitiator) { if (!isBlockingCall || !TryGetSupportingTokens(this.Factory, this.Target, this.Via, message, timeoutHelper.RemainingTime(), isBlockingCall, out supportingTokens)) { return false; } if (factory.ApplyConfidentiality) { encryptingToken = GetTokenAndEnsureOutgoingIdentity(this.initiatorAsymmetricTokenProvider, true, timeoutHelper.RemainingTime(), this.initiatorAsymmetricTokenAuthenticator); } if (factory.ApplyIntegrity) { signingToken = GetToken(this.initiatorCryptoTokenProvider, this.Target, timeoutHelper.RemainingTime()); newCorrelationState = GetCorrelationState(signingToken); } } else { if (factory.ApplyConfidentiality) { encryptingToken = GetCorrelationToken(correlationState); } if (factory.ApplyIntegrity) { signingToken = GetToken(factory.RecipientAsymmetricTokenProvider, null, timeoutHelper.RemainingTime()); } } return true; } sealed class SecureOutgoingMessageAsyncResult : GetTwoTokensAndSetUpSecurityAsyncResult { public SecureOutgoingMessageAsyncResult(Message m, AsymmetricSecurityProtocol binding, SecurityTokenProvider primaryProvider, SecurityTokenProvider secondaryProvider, bool doIdentityChecks, SecurityTokenAuthenticator identityCheckAuthenticator, SecurityProtocolCorrelationState correlationState, TimeSpan timeout, AsyncCallback callback, object state) : base(m, binding, primaryProvider, secondaryProvider, doIdentityChecks, identityCheckAuthenticator, correlationState, timeout, callback, state) { Start(); } protected override void OnBothGetTokenCallsDone(ref Message message, SecurityToken primaryToken, SecurityToken secondaryToken, TimeSpan timeout) { AsymmetricSecurityProtocol binding = (AsymmetricSecurityProtocol)this.Binding; if (secondaryToken != null) this.SetCorrelationToken(secondaryToken); binding.SetUpDelayedSecurityExecution(ref message, primaryToken, secondaryToken, this.SupportingTokens, binding.GetSignatureConfirmationCorrelationState(OldCorrelationState, NewCorrelationState)); } } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- WsdlEndpointConversionContext.cs
- BamlBinaryReader.cs
- DataSourceComponent.cs
- InternalBufferOverflowException.cs
- SerialStream.cs
- GroupBox.cs
- DataGridTable.cs
- FormView.cs
- ColumnBinding.cs
- LockingPersistenceProvider.cs
- VariableExpressionConverter.cs
- DeclarationUpdate.cs
- OracleBFile.cs
- ManagementClass.cs
- DiscoveryDocument.cs
- ContextProperty.cs
- RequiredFieldValidator.cs
- SafeSystemMetrics.cs
- JsonReader.cs
- DataSetFieldSchema.cs
- _SslStream.cs
- VisualBasicExpressionConverter.cs
- WebPartsPersonalization.cs
- FixedSOMElement.cs
- CompilerCollection.cs
- ReadWriteSpinLock.cs
- InstanceKey.cs
- XPathItem.cs
- DecimalAnimationBase.cs
- User.cs
- FunctionImportMapping.cs
- LinkArea.cs
- StrongName.cs
- EventManager.cs
- ToolStripSeparatorRenderEventArgs.cs
- IISMapPath.cs
- Column.cs
- DrawingVisual.cs
- NamedElement.cs
- RequestCacheEntry.cs
- DateTimeFormatInfoScanner.cs
- SwitchExpression.cs
- DiscoveryServerProtocol.cs
- NodeFunctions.cs
- FixUpCollection.cs
- SqlBulkCopyColumnMappingCollection.cs
- StylusButton.cs
- GACMembershipCondition.cs
- PeerNameRecord.cs
- ClientSettings.cs
- EntryIndex.cs
- LabelLiteral.cs
- NextPreviousPagerField.cs
- UniqueIdentifierService.cs
- Vector.cs
- SessionIDManager.cs
- VerticalAlignConverter.cs
- XPathItem.cs
- CacheChildrenQuery.cs
- WindowsGrip.cs
- SmiXetterAccessMap.cs
- WindowsListViewGroup.cs
- DiscoveryClientElement.cs
- ModuleBuilderData.cs
- SignedXml.cs
- ControlParameter.cs
- SecurityPermission.cs
- GridViewColumnHeaderAutomationPeer.cs
- HttpStreamFormatter.cs
- FormClosedEvent.cs
- AQNBuilder.cs
- ProviderConnectionPoint.cs
- UIAgentMonitorHandle.cs
- BooleanSwitch.cs
- ImmutableCollection.cs
- Version.cs
- SqlCommandBuilder.cs
- FtpRequestCacheValidator.cs
- ValidationSummary.cs
- IconEditor.cs
- EventWaitHandleSecurity.cs
- ToolStripSeparator.cs
- ButtonColumn.cs
- TemplateContent.cs
- Choices.cs
- BufferedMessageWriter.cs
- DelegateHelpers.Generated.cs
- WebPartVerbsEventArgs.cs
- PageRequestManager.cs
- diagnosticsswitches.cs
- TraceSwitch.cs
- _SafeNetHandles.cs
- FilteredXmlReader.cs
- Journaling.cs
- Mouse.cs
- EpmCustomContentDeSerializer.cs
- CorrelationService.cs
- Line.cs
- WindowsGraphicsCacheManager.cs
- Size3DConverter.cs