You've already forked linux-packaging-mono
							
							
		
			
	
	
		
			357 lines
		
	
	
		
			16 KiB
		
	
	
	
		
			C#
		
	
	
	
	
	
		
		
			
		
	
	
			357 lines
		
	
	
		
			16 KiB
		
	
	
	
		
			C#
		
	
	
	
	
	
|   | //------------------------------------------------------------ | ||
|  | // Copyright (c) Microsoft Corporation.  All rights reserved. | ||
|  | //------------------------------------------------------------ | ||
|  | 
 | ||
|  | namespace System.ServiceModel.Security | ||
|  | { | ||
|  |     using System; | ||
|  |     using System.ServiceModel; | ||
|  |     using System.ServiceModel.Description; | ||
|  |     using System.Collections; | ||
|  |     using System.Collections.Generic; | ||
|  |     using System.Collections.ObjectModel; | ||
|  |     using System.Diagnostics; | ||
|  |     using System.Globalization; | ||
|  |     using System.IO; | ||
|  |     using System.Text; | ||
|  |     using System.Threading; | ||
|  |     using System.Xml; | ||
|  |     using System.IdentityModel.Claims; | ||
|  |     using System.IdentityModel.Policy; | ||
|  |     using System.IdentityModel.Tokens; | ||
|  |     using System.Security.Cryptography.X509Certificates; | ||
|  |     using System.ServiceModel.Security.Tokens; | ||
|  |     using HexBinary = System.Runtime.Remoting.Metadata.W3cXsd2001.SoapHexBinary; | ||
|  |     using System.ServiceModel.Channels; | ||
|  |     using System.ServiceModel.Security; | ||
|  |     using System.Runtime.Serialization; | ||
|  |     using System.ServiceModel.Dispatcher; | ||
|  | 
 | ||
|  |     using KeyIdentifierEntry = WSSecurityTokenSerializer.KeyIdentifierEntry; | ||
|  |     using KeyIdentifierClauseEntry = WSSecurityTokenSerializer.KeyIdentifierClauseEntry; | ||
|  |     using TokenEntry = WSSecurityTokenSerializer.TokenEntry; | ||
|  |     using StrEntry = WSSecurityTokenSerializer.StrEntry; | ||
|  | 
 | ||
|  |     class WSTrustFeb2005 : WSTrust | ||
|  |     { | ||
|  |         public WSTrustFeb2005(WSSecurityTokenSerializer tokenSerializer) | ||
|  |             : base(tokenSerializer) | ||
|  |         { | ||
|  |         } | ||
|  | 
 | ||
|  |         public override TrustDictionary SerializerDictionary | ||
|  |         { | ||
|  |             get { return XD.TrustFeb2005Dictionary; } | ||
|  |         } | ||
|  | 
 | ||
|  |         public class DriverFeb2005 : Driver | ||
|  |         { | ||
|  |             public DriverFeb2005(SecurityStandardsManager standardsManager) | ||
|  |                 : base(standardsManager) | ||
|  |             { | ||
|  |             } | ||
|  | 
 | ||
|  |             public override TrustDictionary DriverDictionary | ||
|  |             { | ||
|  |                 get | ||
|  |                 { | ||
|  |                     return XD.TrustFeb2005Dictionary; | ||
|  |                 } | ||
|  |             } | ||
|  | 
 | ||
|  |             public override XmlDictionaryString RequestSecurityTokenResponseFinalAction | ||
|  |             { | ||
|  |                 get | ||
|  |                 { | ||
|  |                     return XD.TrustFeb2005Dictionary.RequestSecurityTokenIssuanceResponse; | ||
|  |                 } | ||
|  |             } | ||
|  | 
 | ||
|  |             public override bool IsSessionSupported | ||
|  |             { | ||
|  |                 get | ||
|  |                 { | ||
|  |                     return true; | ||
|  |                 } | ||
|  |             } | ||
|  | 
 | ||
|  |             public override bool IsIssuedTokensSupported | ||
|  |             { | ||
|  |                 get | ||
|  |                 { | ||
|  |                     return true; | ||
|  |                 } | ||
|  |             } | ||
|  | 
 | ||
|  |             public override string IssuedTokensHeaderName | ||
|  |             { | ||
|  |                 get | ||
|  |                 { | ||
|  |                     return this.DriverDictionary.IssuedTokensHeader.Value; | ||
|  |                 } | ||
|  |             } | ||
|  | 
 | ||
|  |             public override string IssuedTokensHeaderNamespace | ||
|  |             { | ||
|  |                 get | ||
|  |                 { | ||
|  |                     return this.DriverDictionary.Namespace.Value; | ||
|  |                 } | ||
|  |             } | ||
|  | 
 | ||
|  |             public override string RequestTypeRenew | ||
|  |             { | ||
|  |                 get | ||
|  |                 { | ||
|  |                     return this.DriverDictionary.RequestTypeRenew.Value; | ||
|  |                 } | ||
|  |             } | ||
|  | 
 | ||
|  |             public override string RequestTypeClose | ||
|  |             { | ||
|  |                 get | ||
|  |                 { | ||
|  |                     return this.DriverDictionary.RequestTypeClose.Value; | ||
|  |                 } | ||
|  |             } | ||
|  | 
 | ||
|  |             public override Collection<XmlElement> ProcessUnknownRequestParameters(Collection<XmlElement> unknownRequestParameters, Collection<XmlElement> originalRequestParameters) | ||
|  |             { | ||
|  |                 return unknownRequestParameters; | ||
|  |             } | ||
|  | 
 | ||
|  |             protected override void ReadReferences(XmlElement rstrXml, out SecurityKeyIdentifierClause requestedAttachedReference, | ||
|  |                     out SecurityKeyIdentifierClause requestedUnattachedReference) | ||
|  |             { | ||
|  |                 XmlElement issuedTokenXml = null; | ||
|  |                 requestedAttachedReference = null; | ||
|  |                 requestedUnattachedReference = null; | ||
|  |                 for (int i = 0; i < rstrXml.ChildNodes.Count; ++i) | ||
|  |                 { | ||
|  |                     XmlElement child = rstrXml.ChildNodes[i] as XmlElement; | ||
|  |                     if (child != null) | ||
|  |                     { | ||
|  |                         if (child.LocalName == this.DriverDictionary.RequestedSecurityToken.Value && child.NamespaceURI == this.DriverDictionary.Namespace.Value) | ||
|  |                         { | ||
|  |                             issuedTokenXml = XmlHelper.GetChildElement(child); | ||
|  |                         } | ||
|  |                         else if (child.LocalName == this.DriverDictionary.RequestedAttachedReference.Value && child.NamespaceURI == this.DriverDictionary.Namespace.Value) | ||
|  |                         { | ||
|  |                             requestedAttachedReference = GetKeyIdentifierXmlReferenceClause(XmlHelper.GetChildElement(child)); | ||
|  |                         } | ||
|  |                         else if (child.LocalName == this.DriverDictionary.RequestedUnattachedReference.Value && child.NamespaceURI == this.DriverDictionary.Namespace.Value) | ||
|  |                         { | ||
|  |                             requestedUnattachedReference = GetKeyIdentifierXmlReferenceClause(XmlHelper.GetChildElement(child)); | ||
|  |                         } | ||
|  |                     } | ||
|  |                 } | ||
|  | 
 | ||
|  |                 try | ||
|  |                 { | ||
|  |                     if (issuedTokenXml != null) | ||
|  |                     { | ||
|  |                         if (requestedAttachedReference == null) | ||
|  |                         { | ||
|  |                             this.StandardsManager.TryCreateKeyIdentifierClauseFromTokenXml(issuedTokenXml, SecurityTokenReferenceStyle.Internal, out requestedAttachedReference); | ||
|  |                         } | ||
|  |                         if (requestedUnattachedReference == null) | ||
|  |                         { | ||
|  |                             this.StandardsManager.TryCreateKeyIdentifierClauseFromTokenXml(issuedTokenXml, SecurityTokenReferenceStyle.External, out requestedUnattachedReference); | ||
|  |                         } | ||
|  |                     } | ||
|  |                 } | ||
|  |                 catch (XmlException) | ||
|  |                 { | ||
|  |                     throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.TrustDriverIsUnableToCreatedNecessaryAttachedOrUnattachedReferences, issuedTokenXml.ToString()))); | ||
|  |                 } | ||
|  | 
 | ||
|  |             } | ||
|  | 
 | ||
|  |             protected override bool ReadRequestedTokenClosed(XmlElement rstrXml) | ||
|  |             { | ||
|  |                 for (int i = 0; i < rstrXml.ChildNodes.Count; ++i) | ||
|  |                 { | ||
|  |                     XmlElement child = (rstrXml.ChildNodes[i] as XmlElement); | ||
|  |                     if (child != null) | ||
|  |                     { | ||
|  |                         if (child.LocalName == this.DriverDictionary.RequestedTokenClosed.Value && child.NamespaceURI == this.DriverDictionary.Namespace.Value) | ||
|  |                         { | ||
|  |                             return true; | ||
|  |                         } | ||
|  |                     } | ||
|  |                 } | ||
|  |                 return false; | ||
|  |             } | ||
|  | 
 | ||
|  |             protected override void ReadTargets(XmlElement rstXml, out SecurityKeyIdentifierClause renewTarget, out SecurityKeyIdentifierClause closeTarget) | ||
|  |             { | ||
|  |                 renewTarget = null; | ||
|  |                 closeTarget = null; | ||
|  | 
 | ||
|  |                 for (int i = 0; i < rstXml.ChildNodes.Count; ++i) | ||
|  |                 { | ||
|  |                     XmlElement child = (rstXml.ChildNodes[i] as XmlElement); | ||
|  |                     if (child != null) | ||
|  |                     { | ||
|  |                         if (child.LocalName == this.DriverDictionary.RenewTarget.Value && child.NamespaceURI == this.DriverDictionary.Namespace.Value) | ||
|  |                             renewTarget = this.StandardsManager.SecurityTokenSerializer.ReadKeyIdentifierClause(new XmlNodeReader(child.FirstChild)); | ||
|  |                         else if (child.LocalName == this.DriverDictionary.CloseTarget.Value && child.NamespaceURI == this.DriverDictionary.Namespace.Value) | ||
|  |                             closeTarget = this.StandardsManager.SecurityTokenSerializer.ReadKeyIdentifierClause(new XmlNodeReader(child.FirstChild)); | ||
|  |                     } | ||
|  |                 } | ||
|  |             } | ||
|  | 
 | ||
|  |             protected override void WriteReferences(RequestSecurityTokenResponse rstr, XmlDictionaryWriter writer) | ||
|  |             { | ||
|  |                 if (rstr.RequestedAttachedReference != null) | ||
|  |                 { | ||
|  |                     writer.WriteStartElement(this.DriverDictionary.Prefix.Value, this.DriverDictionary.RequestedAttachedReference, this.DriverDictionary.Namespace); | ||
|  |                     this.StandardsManager.SecurityTokenSerializer.WriteKeyIdentifierClause(writer, rstr.RequestedAttachedReference); | ||
|  |                     writer.WriteEndElement(); | ||
|  |                 } | ||
|  | 
 | ||
|  |                 if (rstr.RequestedUnattachedReference != null) | ||
|  |                 { | ||
|  |                     writer.WriteStartElement(this.DriverDictionary.Prefix.Value, this.DriverDictionary.RequestedUnattachedReference, this.DriverDictionary.Namespace); | ||
|  |                     this.StandardsManager.SecurityTokenSerializer.WriteKeyIdentifierClause(writer, rstr.RequestedUnattachedReference); | ||
|  |                     writer.WriteEndElement(); | ||
|  |                 } | ||
|  |             } | ||
|  | 
 | ||
|  |             protected override void WriteRequestedTokenClosed(RequestSecurityTokenResponse rstr, XmlDictionaryWriter writer) | ||
|  |             { | ||
|  |                 if (rstr.IsRequestedTokenClosed) | ||
|  |                 { | ||
|  |                     writer.WriteElementString(this.DriverDictionary.RequestedTokenClosed, this.DriverDictionary.Namespace, String.Empty); | ||
|  |                 } | ||
|  |             } | ||
|  | 
 | ||
|  |             protected override void WriteTargets(RequestSecurityToken rst, XmlDictionaryWriter writer) | ||
|  |             { | ||
|  |                 if (rst.RenewTarget != null) | ||
|  |                 { | ||
|  |                     writer.WriteStartElement(this.DriverDictionary.Prefix.Value, this.DriverDictionary.RenewTarget, this.DriverDictionary.Namespace); | ||
|  |                     this.StandardsManager.SecurityTokenSerializer.WriteKeyIdentifierClause(writer, rst.RenewTarget); | ||
|  |                     writer.WriteEndElement(); | ||
|  |                 } | ||
|  | 
 | ||
|  |                 if (rst.CloseTarget != null) | ||
|  |                 { | ||
|  |                     writer.WriteStartElement(this.DriverDictionary.Prefix.Value, this.DriverDictionary.CloseTarget, this.DriverDictionary.Namespace); | ||
|  |                     this.StandardsManager.SecurityTokenSerializer.WriteKeyIdentifierClause(writer, rst.CloseTarget); | ||
|  |                     writer.WriteEndElement(); | ||
|  |                 } | ||
|  |             } | ||
|  | 
 | ||
|  |             // this is now the abstract in WSTrust | ||
|  |             public override IChannelFactory<IRequestChannel> CreateFederationProxy(EndpointAddress address, Binding binding, KeyedByTypeCollection<IEndpointBehavior> channelBehaviors) | ||
|  |             { | ||
|  |                 if (channelBehaviors == null) | ||
|  |                     throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("channelBehaviors"); | ||
|  | 
 | ||
|  |                 ChannelFactory<IWsTrustFeb2005SecurityTokenService> result = new ChannelFactory<IWsTrustFeb2005SecurityTokenService>(binding, address); | ||
|  |                 SetProtectionLevelForFederation(result.Endpoint.Contract.Operations); | ||
|  |                 // remove the default client credentials that gets added to channel factories | ||
|  |                 result.Endpoint.Behaviors.Remove<ClientCredentials>(); | ||
|  |                 for (int i = 0; i < channelBehaviors.Count; ++i) | ||
|  |                 { | ||
|  |                     result.Endpoint.Behaviors.Add(channelBehaviors[i]); | ||
|  |                 } | ||
|  |                 // add a behavior that removes the UI channel initializer added by the client credentials since there should be no UI | ||
|  |                 // initializer popped up as part of obtaining the federation token (the UI should already have been popped up for the main channel) | ||
|  |                 result.Endpoint.Behaviors.Add(new InteractiveInitializersRemovingBehavior()); | ||
|  | 
 | ||
|  |                 return new RequestChannelFactory<IWsTrustFeb2005SecurityTokenService>(result); | ||
|  |             } | ||
|  | 
 | ||
|  |             [ServiceContract] | ||
|  |             internal interface IWsTrustFeb2005SecurityTokenService | ||
|  |             { | ||
|  |                 [OperationContract(IsOneWay = false, | ||
|  |                                    Action = TrustFeb2005Strings.RequestSecurityTokenIssuance, | ||
|  |                                    ReplyAction = TrustFeb2005Strings.RequestSecurityTokenIssuanceResponse)] | ||
|  |                 [FaultContract(typeof(string), Action = "*", ProtectionLevel = System.Net.Security.ProtectionLevel.Sign)] | ||
|  |                 Message RequestToken(Message message); | ||
|  |             } | ||
|  | 
 | ||
|  |             public class InteractiveInitializersRemovingBehavior : IEndpointBehavior | ||
|  |             { | ||
|  |                 public void Validate(ServiceEndpoint serviceEndpoint) { } | ||
|  |                 public void AddBindingParameters(ServiceEndpoint serviceEndpoint, BindingParameterCollection bindingParameters) { } | ||
|  |                 public void ApplyDispatchBehavior(ServiceEndpoint serviceEndpoint, EndpointDispatcher endpointDispatcher) { } | ||
|  |                 public void ApplyClientBehavior(ServiceEndpoint serviceEndpoint, ClientRuntime behavior) | ||
|  |                 { | ||
|  |                     // it is very unlikely that InteractiveChannelInitializers will be null, this is defensive in case ClientRuntime every has a  | ||
|  |                     // bug.  I am OK with this as ApplyingClientBehavior is a one-time channel setup. | ||
|  |                     if (behavior != null && behavior.InteractiveChannelInitializers != null) | ||
|  |                     { | ||
|  |                         // clear away any interactive initializer | ||
|  |                         behavior.InteractiveChannelInitializers.Clear(); | ||
|  |                     } | ||
|  |                 } | ||
|  |             } | ||
|  | 
 | ||
|  |             public class RequestChannelFactory<TokenService> : ChannelFactoryBase, IChannelFactory<IRequestChannel> | ||
|  |             { | ||
|  |                 ChannelFactory<TokenService> innerChannelFactory; | ||
|  | 
 | ||
|  |                 public RequestChannelFactory(ChannelFactory<TokenService> innerChannelFactory) | ||
|  |                 { | ||
|  |                     this.innerChannelFactory = innerChannelFactory; | ||
|  |                 } | ||
|  | 
 | ||
|  |                 public IRequestChannel CreateChannel(EndpointAddress address) | ||
|  |                 { | ||
|  |                     return this.innerChannelFactory.CreateChannel<IRequestChannel>(address); | ||
|  |                 } | ||
|  | 
 | ||
|  |                 public IRequestChannel CreateChannel(EndpointAddress address, Uri via) | ||
|  |                 { | ||
|  |                     return this.innerChannelFactory.CreateChannel<IRequestChannel>(address, via); | ||
|  |                 } | ||
|  | 
 | ||
|  |                 protected override void OnAbort() | ||
|  |                 { | ||
|  |                     this.innerChannelFactory.Abort(); | ||
|  |                 } | ||
|  | 
 | ||
|  |                 protected override IAsyncResult OnBeginOpen(TimeSpan timeout, AsyncCallback callback, object state) | ||
|  |                 { | ||
|  |                     return this.innerChannelFactory.BeginOpen(timeout, callback, state); | ||
|  |                 } | ||
|  | 
 | ||
|  |                 protected override void OnEndOpen(IAsyncResult result) | ||
|  |                 { | ||
|  |                     this.innerChannelFactory.EndOpen(result); | ||
|  |                 } | ||
|  | 
 | ||
|  |                 protected override IAsyncResult OnBeginClose(TimeSpan timeout, AsyncCallback callback, object state) | ||
|  |                 { | ||
|  |                     return this.innerChannelFactory.BeginClose(timeout, callback, state); | ||
|  |                 } | ||
|  | 
 | ||
|  |                 protected override void OnEndClose(IAsyncResult result) | ||
|  |                 { | ||
|  |                     this.innerChannelFactory.EndClose(result); | ||
|  |                 } | ||
|  | 
 | ||
|  |                 protected override void OnClose(TimeSpan timeout) | ||
|  |                 { | ||
|  |                     this.innerChannelFactory.Close(timeout); | ||
|  |                 } | ||
|  | 
 | ||
|  |                 protected override void OnOpen(TimeSpan timeout) | ||
|  |                 { | ||
|  |                     this.innerChannelFactory.Open(timeout); | ||
|  |                 } | ||
|  | 
 | ||
|  |                 public override T GetProperty<T>() | ||
|  |                 { | ||
|  |                     return this.innerChannelFactory.GetProperty<T>(); | ||
|  |                 } | ||
|  |             } | ||
|  |         } | ||
|  | 
 | ||
|  |     } | ||
|  | } |