You've already forked linux-packaging-mono
							
							
		
			
	
	
		
			449 lines
		
	
	
		
			20 KiB
		
	
	
	
		
			C#
		
	
	
	
	
	
		
		
			
		
	
	
			449 lines
		
	
	
		
			20 KiB
		
	
	
	
		
			C#
		
	
	
	
	
	
|   | //----------------------------------------------------------------------------- | ||
|  | // Copyright (c) Microsoft Corporation.  All rights reserved. | ||
|  | //----------------------------------------------------------------------------- | ||
|  | 
 | ||
|  | namespace System.ServiceModel.Security | ||
|  | { | ||
|  |     using System.Collections.Generic; | ||
|  |     using System.Collections.ObjectModel; | ||
|  |     using System.IdentityModel.Policy; | ||
|  |     using System.IdentityModel.Selectors; | ||
|  |     using System.IdentityModel.Tokens; | ||
|  |     using System.IO; | ||
|  |     using System.Runtime; | ||
|  |     using System.Security.Authentication.ExtendedProtection; | ||
|  |     using System.Security.Cryptography; | ||
|  |     using System.ServiceModel; | ||
|  |     using System.ServiceModel.Channels; | ||
|  |     using System.ServiceModel.Diagnostics; | ||
|  |     using System.ServiceModel.Security.Tokens; | ||
|  |     using System.Xml; | ||
|  | 
 | ||
|  |     using CanonicalizationDriver = System.IdentityModel.CanonicalizationDriver; | ||
|  |     using Psha1DerivedKeyGenerator = System.IdentityModel.Psha1DerivedKeyGenerator; | ||
|  |     using SafeFreeCredentials = System.IdentityModel.SafeFreeCredentials; | ||
|  | 
 | ||
|  |     abstract class SspiNegotiationTokenProvider : NegotiationTokenProvider<SspiNegotiationTokenProviderState> | ||
|  |     { | ||
|  |         bool negotiateTokenOnOpen; | ||
|  |         SecurityBindingElement securityBindingElement; | ||
|  | 
 | ||
|  |         protected SspiNegotiationTokenProvider() | ||
|  |             : this(null) | ||
|  |         { | ||
|  |         } | ||
|  |          | ||
|  |         protected SspiNegotiationTokenProvider(SecurityBindingElement securityBindingElement) | ||
|  |             : base() | ||
|  |         { | ||
|  |             this.securityBindingElement = securityBindingElement; | ||
|  |         } | ||
|  | 
 | ||
|  |         public bool NegotiateTokenOnOpen | ||
|  |         { | ||
|  |             get | ||
|  |             { | ||
|  |                 return this.negotiateTokenOnOpen; | ||
|  |             } | ||
|  |             set | ||
|  |             { | ||
|  |                 this.CommunicationObject.ThrowIfDisposedOrImmutable(); | ||
|  |                 this.negotiateTokenOnOpen = value; | ||
|  |             } | ||
|  |         } | ||
|  | 
 | ||
|  |         // SspiNegotiationTokenProvider abstract methods | ||
|  |         protected abstract ReadOnlyCollection<IAuthorizationPolicy> ValidateSspiNegotiation(ISspiNegotiation sspiNegotiation); | ||
|  |         public abstract XmlDictionaryString NegotiationValueType { get; } | ||
|  |          | ||
|  |         public override void OnOpen(TimeSpan timeout) | ||
|  |         { | ||
|  |             TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); | ||
|  |             this.EnsureEndpointAddressDoesNotRequireEncryption(this.TargetAddress); | ||
|  |             base.OnOpen(timeoutHelper.RemainingTime()); | ||
|  |             if (this.negotiateTokenOnOpen) | ||
|  |             { | ||
|  |                 this.DoNegotiation(timeoutHelper.RemainingTime()); | ||
|  |             } | ||
|  |         } | ||
|  | 
 | ||
|  |         protected override IChannelFactory<IRequestChannel> GetNegotiationChannelFactory(IChannelFactory<IRequestChannel> transportChannelFactory, ChannelBuilder channelBuilder) | ||
|  |         { | ||
|  |             return transportChannelFactory; | ||
|  |         } | ||
|  | 
 | ||
|  |         // helper methods | ||
|  |         void ValidateIncomingBinaryNegotiation(BinaryNegotiation incomingNego) | ||
|  |         { | ||
|  |             incomingNego.Validate(NegotiationValueType); | ||
|  |         } | ||
|  | 
 | ||
|  |         static void AddToDigest(HashAlgorithm negotiationDigest, Stream stream) | ||
|  |         { | ||
|  |             stream.Flush(); | ||
|  |             stream.Seek(0, SeekOrigin.Begin); | ||
|  |             CanonicalizationDriver canonicalizer = new CanonicalizationDriver(); | ||
|  |             canonicalizer.SetInput(stream); | ||
|  |             byte[] canonicalizedData = canonicalizer.GetBytes(); | ||
|  |             lock (negotiationDigest) | ||
|  |             { | ||
|  |                 negotiationDigest.TransformBlock(canonicalizedData, 0, canonicalizedData.Length, canonicalizedData, 0); | ||
|  |             } | ||
|  |         } | ||
|  | 
 | ||
|  |         static void AddToDigest(SspiNegotiationTokenProviderState sspiState, RequestSecurityToken rst) | ||
|  |         { | ||
|  |             MemoryStream stream = new MemoryStream(); | ||
|  |             XmlDictionaryWriter writer = XmlDictionaryWriter.CreateTextWriter(stream); | ||
|  |             rst.WriteTo(writer); | ||
|  |             writer.Flush(); | ||
|  |             AddToDigest(sspiState.NegotiationDigest, stream); | ||
|  |         } | ||
|  | 
 | ||
|  |         void AddToDigest(SspiNegotiationTokenProviderState sspiState, RequestSecurityTokenResponse rstr, bool wasReceived, bool isFinalRstr) | ||
|  |         { | ||
|  |             MemoryStream stream = new MemoryStream(); | ||
|  |             XmlDictionaryWriter writer = XmlDictionaryWriter.CreateTextWriter(stream); | ||
|  |             if (!wasReceived) | ||
|  |             { | ||
|  |                 rstr.WriteTo(writer); | ||
|  |             } | ||
|  |             else | ||
|  |             { | ||
|  |                 if (!isFinalRstr) | ||
|  |                 { | ||
|  |                     rstr.RequestSecurityTokenResponseXml.WriteTo(writer); | ||
|  |                 } | ||
|  |                 else | ||
|  |                 { | ||
|  |                     XmlElement rstrClone = (XmlElement) rstr.RequestSecurityTokenResponseXml.CloneNode(true); | ||
|  |                     List<XmlNode> nodesToRemove = new List<XmlNode>(2); | ||
|  |                     for (int i = 0; i < rstrClone.ChildNodes.Count; ++i) | ||
|  |                     { | ||
|  |                         XmlNode child = (rstrClone.ChildNodes[i]); | ||
|  |                         if (this.StandardsManager.TrustDriver.IsRequestedSecurityTokenElement(child.LocalName, child.NamespaceURI)) | ||
|  |                         { | ||
|  |                             nodesToRemove.Add(child); | ||
|  |                         } | ||
|  |                         else if (this.StandardsManager.TrustDriver.IsRequestedProofTokenElement(child.LocalName, child.NamespaceURI)) | ||
|  |                         { | ||
|  |                             nodesToRemove.Add(child); | ||
|  |                         } | ||
|  |                     } | ||
|  |                     for (int i = 0; i < nodesToRemove.Count; ++i) | ||
|  |                     { | ||
|  |                         rstrClone.RemoveChild(nodesToRemove[i]); | ||
|  |                     } | ||
|  |                     rstrClone.WriteTo(writer); | ||
|  |                 } | ||
|  |             } | ||
|  |             writer.Flush(); | ||
|  |             AddToDigest(sspiState.NegotiationDigest, stream); | ||
|  |         } | ||
|  | 
 | ||
|  |         static bool IsCorrectAuthenticator(SspiNegotiationTokenProviderState sspiState, byte[] proofKey, byte[] serverAuthenticator) | ||
|  |         { | ||
|  |             byte[] negotiationHash; | ||
|  |             lock (sspiState.NegotiationDigest) | ||
|  |             { | ||
|  |                 sspiState.NegotiationDigest.TransformFinalBlock(CryptoHelper.EmptyBuffer, 0, 0); | ||
|  |                 negotiationHash = sspiState.NegotiationDigest.Hash; | ||
|  |             } | ||
|  |             Psha1DerivedKeyGenerator generator = new Psha1DerivedKeyGenerator(proofKey); | ||
|  |             byte[] clientAuthenticator = generator.GenerateDerivedKey(SecurityUtils.CombinedHashLabel, negotiationHash, SecurityNegotiationConstants.NegotiationAuthenticatorSize, 0); | ||
|  |             if (clientAuthenticator.Length != serverAuthenticator.Length) | ||
|  |             { | ||
|  |                 return false; | ||
|  |             } | ||
|  |             for (int i = 0; i < clientAuthenticator.Length; ++i) | ||
|  |             { | ||
|  |                 if (clientAuthenticator[i] != serverAuthenticator[i]) | ||
|  |                 { | ||
|  |                     return false; | ||
|  |                 } | ||
|  |             } | ||
|  |             return true; | ||
|  |         } | ||
|  | 
 | ||
|  |         BodyWriter PrepareRstr( SspiNegotiationTokenProviderState sspiState, byte[] outgoingBlob ) | ||
|  |         { | ||
|  |             RequestSecurityTokenResponse rstr = new RequestSecurityTokenResponse(this.StandardsManager); | ||
|  |             rstr.Context = sspiState.Context; | ||
|  |             rstr.SetBinaryNegotiation(new BinaryNegotiation(NegotiationValueType, outgoingBlob)); | ||
|  |             rstr.MakeReadOnly(); | ||
|  |             AddToDigest(sspiState, rstr, false, false); | ||
|  |             return rstr; | ||
|  |         } | ||
|  | 
 | ||
|  |         protected override BodyWriter GetFirstOutgoingMessageBody( SspiNegotiationTokenProviderState sspiState, out MessageProperties messageProperties ) | ||
|  |         { | ||
|  |             messageProperties = null; | ||
|  | 
 | ||
|  |             // both message logging and Visual Studio trigger message serialization and hence can cause  | ||
|  |             // premature invocation of OnGetBinaryNegotiation(); flag this RST as streamed to block  | ||
|  |             // serialization of its body and hence premature calls to InitializeSecurityContext() | ||
|  | 
 | ||
|  |             RequestSecurityToken rst = new RequestSecurityToken(this.StandardsManager, false); | ||
|  |             rst.Context = sspiState.Context; | ||
|  |             rst.TokenType = this.StandardsManager.SecureConversationDriver.TokenTypeUri; | ||
|  |             rst.KeySize = this.SecurityAlgorithmSuite.DefaultSymmetricKeyLength; | ||
|  | 
 | ||
|  |             // delay GetOutgoingBlob()'s first call to InitializeSecurityContext() until a channel binding | ||
|  |             // is available | ||
|  | 
 | ||
|  |             rst.OnGetBinaryNegotiation = (new GetOutgoingBlobProxy(sspiState, this, rst)).GetOutgoingBlob; | ||
|  | 
 | ||
|  |             return rst; | ||
|  |         } | ||
|  | 
 | ||
|  |         protected override IRequestChannel CreateClientChannel( EndpointAddress target, Uri via ) | ||
|  |         { | ||
|  |             IRequestChannel rstChannel = base.CreateClientChannel(target, via); | ||
|  | 
 | ||
|  |             if (!SecurityUtils.IsChannelBindingDisabled && (this.securityBindingElement is TransportSecurityBindingElement)) | ||
|  |             { | ||
|  |                 // enable channel binding on this side channel | ||
|  |                 IChannelBindingProvider cbp = rstChannel.GetProperty<IChannelBindingProvider>(); | ||
|  |                 if (cbp != null) | ||
|  |                 { | ||
|  |                     cbp.EnableChannelBindingSupport(); | ||
|  |                 } | ||
|  |             } | ||
|  | 
 | ||
|  |             return rstChannel; | ||
|  |         } | ||
|  | 
 | ||
|  |         /// <summary> | ||
|  |         /// Proxy helps in implementating the delay of obtaining the binary data till later in the stack until the  | ||
|  |         /// ChannelBinding is obtained from the message. | ||
|  |         /// </summary> | ||
|  |         class GetOutgoingBlobProxy | ||
|  |         { | ||
|  |             RequestSecurityToken _rst; | ||
|  |             SspiNegotiationTokenProvider _sspiProvider; | ||
|  |             SspiNegotiationTokenProviderState _sspiState; | ||
|  | 
 | ||
|  |             public GetOutgoingBlobProxy( SspiNegotiationTokenProviderState sspiState, SspiNegotiationTokenProvider sspiProvider, RequestSecurityToken rst ) | ||
|  |             { | ||
|  |                 _sspiState = sspiState; | ||
|  |                 _sspiProvider = sspiProvider; | ||
|  |                 _rst = rst; | ||
|  |             } | ||
|  | 
 | ||
|  |             public void GetOutgoingBlob( ChannelBinding channelBinding ) | ||
|  |             {                 | ||
|  |                 byte[] outgoingBlob = _sspiState.SspiNegotiation.GetOutgoingBlob(null, channelBinding, null); | ||
|  | 
 | ||
|  |                 if (outgoingBlob == null && _sspiState.SspiNegotiation.IsCompleted == false) | ||
|  |                 { | ||
|  |                     throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.NoBinaryNegoToSend))); | ||
|  |                 } | ||
|  | 
 | ||
|  |                 _rst.SetBinaryNegotiation(new BinaryNegotiation(_sspiProvider.NegotiationValueType, outgoingBlob)); | ||
|  |                 SspiNegotiationTokenProvider.AddToDigest(_sspiState, _rst); | ||
|  |                 _rst.MakeReadOnly(); | ||
|  |             } | ||
|  |         } | ||
|  | 
 | ||
|  |         protected override BodyWriter GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState) | ||
|  |         { | ||
|  |             try | ||
|  |             { | ||
|  |                 ThrowIfFault(incomingMessage, this.TargetAddress); | ||
|  |             } | ||
|  |             catch (FaultException fault) | ||
|  |             { | ||
|  |                 if (fault.Code.IsSenderFault) | ||
|  |                 { | ||
|  |                     if (fault.Code.SubCode.Name == TrustApr2004Strings.FailedAuthenticationFaultCode || fault.Code.SubCode.Name == TrustFeb2005Strings.FailedAuthenticationFaultCode) | ||
|  |                         throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.AuthenticationOfClientFailed), fault), incomingMessage); | ||
|  | 
 | ||
|  |                     throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.FailedSspiNegotiation), fault), incomingMessage); | ||
|  |                 } | ||
|  |                 else | ||
|  |                 { | ||
|  |                     throw; | ||
|  |                 } | ||
|  |             } | ||
|  |             RequestSecurityTokenResponse negotiationRstr = null; | ||
|  |             RequestSecurityTokenResponse authenticatorRstr = null; | ||
|  |             XmlDictionaryReader bodyReader = incomingMessage.GetReaderAtBodyContents(); | ||
|  |             using (bodyReader) | ||
|  |             { | ||
|  |                 if (this.StandardsManager.TrustDriver.IsAtRequestSecurityTokenResponseCollection(bodyReader)) | ||
|  |                 { | ||
|  |                     RequestSecurityTokenResponseCollection rstrCollection = this.StandardsManager.TrustDriver.CreateRequestSecurityTokenResponseCollection(bodyReader); | ||
|  |                     using (IEnumerator<RequestSecurityTokenResponse> enumerator = rstrCollection.RstrCollection.GetEnumerator()) | ||
|  |                     { | ||
|  |                         enumerator.MoveNext(); | ||
|  |                         negotiationRstr = enumerator.Current; | ||
|  |                         if (enumerator.MoveNext()) | ||
|  |                         { | ||
|  |                             authenticatorRstr = enumerator.Current; | ||
|  |                         } | ||
|  |                     } | ||
|  |                     if (authenticatorRstr == null) | ||
|  |                     { | ||
|  |                         throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.AuthenticatorNotPresentInRSTRCollection)), incomingMessage); | ||
|  |                     } | ||
|  |                     else if (authenticatorRstr.Context != negotiationRstr.Context) | ||
|  |                     { | ||
|  |                         throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.RSTRAuthenticatorHasBadContext)), incomingMessage); | ||
|  |                     } | ||
|  |                     AddToDigest(sspiState, negotiationRstr, true, true); | ||
|  |                 } | ||
|  |                 else if (this.StandardsManager.TrustDriver.IsAtRequestSecurityTokenResponse(bodyReader)) | ||
|  |                 { | ||
|  |                     negotiationRstr = RequestSecurityTokenResponse.CreateFrom(this.StandardsManager, bodyReader); | ||
|  |                     AddToDigest(sspiState, negotiationRstr, true, false); | ||
|  |                 } | ||
|  |                 else | ||
|  |                 { | ||
|  |                     this.StandardsManager.TrustDriver.OnRSTRorRSTRCMissingException(); | ||
|  |                 } | ||
|  |                 incomingMessage.ReadFromBodyContentsToEnd(bodyReader); | ||
|  |             } | ||
|  |             if (negotiationRstr.Context != sspiState.Context) | ||
|  |             { | ||
|  |                 throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.BadSecurityNegotiationContext)), incomingMessage); | ||
|  |             } | ||
|  |             BinaryNegotiation incomingBinaryNego = negotiationRstr.GetBinaryNegotiation(); | ||
|  |             byte[] incomingBlob; | ||
|  |             if (incomingBinaryNego != null) | ||
|  |             { | ||
|  |                 ValidateIncomingBinaryNegotiation(incomingBinaryNego); | ||
|  |                 incomingBlob = incomingBinaryNego.GetNegotiationData(); | ||
|  |             } | ||
|  |             else | ||
|  |             { | ||
|  |                 incomingBlob = null; | ||
|  |             } | ||
|  |             BodyWriter nextMessageBody; | ||
|  |             if (incomingBlob == null && sspiState.SspiNegotiation.IsCompleted == false) | ||
|  |             { | ||
|  |                 throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.NoBinaryNegoToReceive)), incomingMessage); | ||
|  |             } | ||
|  |             else if (incomingBlob == null && sspiState.SspiNegotiation.IsCompleted == true) | ||
|  |             { | ||
|  |                 // the incoming RSTR must have the negotiated token | ||
|  |                 OnNegotiationComplete(sspiState, negotiationRstr, authenticatorRstr); | ||
|  |                 nextMessageBody = null; | ||
|  |             } | ||
|  |             else | ||
|  |             { | ||
|  |                 // we got an incoming blob. Process it and see if there is an outgoing blob | ||
|  |                 byte[] outgoingBlob = sspiState.SspiNegotiation.GetOutgoingBlob(incomingBlob,  | ||
|  |                                                             SecurityUtils.GetChannelBindingFromMessage(incomingMessage),  | ||
|  |                                                             null); | ||
|  | 
 | ||
|  |                 if (outgoingBlob == null && sspiState.SspiNegotiation.IsCompleted == false) | ||
|  |                 { | ||
|  |                     throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.NoBinaryNegoToSend)), incomingMessage); | ||
|  |                 } | ||
|  |                 else if (outgoingBlob == null && sspiState.SspiNegotiation.IsCompleted == true) | ||
|  |                 { | ||
|  |                     // the incoming RSTR had the last blob. It must have the token too | ||
|  |                     this.OnNegotiationComplete(sspiState, negotiationRstr, authenticatorRstr); | ||
|  |                     nextMessageBody = null; | ||
|  |                 } | ||
|  |                 else | ||
|  |                 { | ||
|  |                     nextMessageBody = PrepareRstr(sspiState, outgoingBlob); | ||
|  |                 } | ||
|  |             } | ||
|  |             return nextMessageBody; | ||
|  |         } | ||
|  | 
 | ||
|  |         void OnNegotiationComplete(SspiNegotiationTokenProviderState sspiState, RequestSecurityTokenResponse negotiationRstr, RequestSecurityTokenResponse authenticatorRstr) | ||
|  |         { | ||
|  |             ISspiNegotiation sspiNegotiation = sspiState.SspiNegotiation; | ||
|  |             ReadOnlyCollection<IAuthorizationPolicy> authorizationPolicies = ValidateSspiNegotiation(sspiNegotiation); | ||
|  |             // the negotiation has completed successfully - the service token needs to be extracted from the | ||
|  |             // negotiationRstr | ||
|  |             SecurityTokenResolver tokenResolver = new SspiSecurityTokenResolver(sspiNegotiation); | ||
|  |             GenericXmlSecurityToken serviceToken = negotiationRstr.GetIssuedToken(tokenResolver, EmptyReadOnlyCollection<SecurityTokenAuthenticator>.Instance,  | ||
|  |                 SecurityKeyEntropyMode.ServerEntropy, null, this.SecurityContextTokenUri, authorizationPolicies, 0, false); | ||
|  |             if (serviceToken == null) | ||
|  |             { | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.NoServiceTokenReceived))); | ||
|  |             } | ||
|  |             WrappedKeySecurityToken wrappedToken = (serviceToken.ProofToken as WrappedKeySecurityToken); | ||
|  |             if (wrappedToken == null || wrappedToken.WrappingAlgorithm != sspiNegotiation.KeyEncryptionAlgorithm) | ||
|  |             { | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.ProofTokenWasNotWrappedCorrectly))); | ||
|  |             } | ||
|  |             byte[] proofKey = wrappedToken.GetWrappedKey(); | ||
|  |             if (authenticatorRstr == null) | ||
|  |             { | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.RSTRAuthenticatorNotPresent))); | ||
|  |             } | ||
|  |             byte[] serverAuthenticator = authenticatorRstr.GetAuthenticator(); | ||
|  |             if (serverAuthenticator == null) | ||
|  |             { | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.RSTRAuthenticatorNotPresent))); | ||
|  |             } | ||
|  |             if (!IsCorrectAuthenticator(sspiState, proofKey, serverAuthenticator)) | ||
|  |             { | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.RSTRAuthenticatorIncorrect))); | ||
|  |             } | ||
|  |             sspiState.SetServiceToken(serviceToken); | ||
|  |         } | ||
|  | 
 | ||
|  |         class SspiSecurityTokenResolver : SecurityTokenResolver, ISspiNegotiationInfo | ||
|  |         { | ||
|  |             ISspiNegotiation sspiNegotiation; | ||
|  | 
 | ||
|  |             public SspiSecurityTokenResolver(ISspiNegotiation sspiNegotiation) | ||
|  |             { | ||
|  |                 this.sspiNegotiation = sspiNegotiation; | ||
|  |             } | ||
|  | 
 | ||
|  |             public ISspiNegotiation SspiNegotiation  | ||
|  |             { | ||
|  |                 get { return this.sspiNegotiation; } | ||
|  |             } | ||
|  | 
 | ||
|  |             protected override bool TryResolveTokenCore(SecurityKeyIdentifier keyIdentifier, out SecurityToken token) | ||
|  |             { | ||
|  |                 token = null; | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotImplementedException()); | ||
|  |             } | ||
|  | 
 | ||
|  |             protected override bool TryResolveTokenCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityToken token) | ||
|  |             { | ||
|  |                 token = null; | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotImplementedException()); | ||
|  |             } | ||
|  | 
 | ||
|  |             protected override bool TryResolveSecurityKeyCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityKey key) | ||
|  |             { | ||
|  |                 key = null; | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotImplementedException()); | ||
|  |             } | ||
|  |         } | ||
|  |     } | ||
|  | 
 | ||
|  |     class SspiIssuanceChannelParameter | ||
|  |     { | ||
|  |         bool getTokenOnOpen; | ||
|  |         SafeFreeCredentials credentialsHandle; | ||
|  | 
 | ||
|  |         public SspiIssuanceChannelParameter(bool getTokenOnOpen, SafeFreeCredentials credentialsHandle) | ||
|  |         { | ||
|  |             this.getTokenOnOpen = getTokenOnOpen; | ||
|  |             this.credentialsHandle = credentialsHandle; | ||
|  |         } | ||
|  | 
 | ||
|  |         public bool GetTokenOnOpen | ||
|  |         { | ||
|  |             get { return this.getTokenOnOpen; } | ||
|  |         } | ||
|  | 
 | ||
|  |         public SafeFreeCredentials CredentialsHandle | ||
|  |         { | ||
|  |             get { return this.credentialsHandle; } | ||
|  |         } | ||
|  |     } | ||
|  | 
 | ||
|  | } |