linux-packaging-mono/mcs/class/referencesource/System.ServiceModel/System/ServiceModel/TcpTransportSecurity.cs

//------------------------------------------------------------
// Copyright (c) Microsoft Corporation.  All rights reserved.
//------------------------------------------------------------
namespace System.ServiceModel
{
    using System;
    using System.Security.Authentication;
    using System.Security.Authentication.ExtendedProtection;
    using System.ServiceModel.Channels;
    using System.ServiceModel.Security;
    using System.Net;
    using System.Net.Security;
    using System.ComponentModel;

    public sealed class TcpTransportSecurity
    {
        internal const TcpClientCredentialType DefaultClientCredentialType = TcpClientCredentialType.Windows;
        internal const ProtectionLevel DefaultProtectionLevel = ProtectionLevel.EncryptAndSign;

        TcpClientCredentialType clientCredentialType;
        ProtectionLevel protectionLevel;
        ExtendedProtectionPolicy extendedProtectionPolicy;
        SslProtocols sslProtocols;

        public TcpTransportSecurity()
        {
            this.clientCredentialType = DefaultClientCredentialType;
            this.protectionLevel = DefaultProtectionLevel;
            this.extendedProtectionPolicy = ChannelBindingUtility.DefaultPolicy;
            this.sslProtocols = TransportDefaults.SslProtocols;
        }

        [DefaultValue(DefaultClientCredentialType)]
        public TcpClientCredentialType ClientCredentialType
        {
            get { return this.clientCredentialType; }
            set
            {
                if (!TcpClientCredentialTypeHelper.IsDefined(value))
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value"));
                }
                this.clientCredentialType = value;
            }
        }

        [DefaultValue(DefaultProtectionLevel)]
        public ProtectionLevel ProtectionLevel
        {
            get { return this.protectionLevel; }
            set
            {
                if (!ProtectionLevelHelper.IsDefined(value))
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value"));
                }
                this.protectionLevel = value;
            }
        }

        public ExtendedProtectionPolicy ExtendedProtectionPolicy
        {
            get
            {
                return this.extendedProtectionPolicy;
            }
            set
            {
                if (value == null)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value");
                }

                if (value.PolicyEnforcement == PolicyEnforcement.Always &&
                    !System.Security.Authentication.ExtendedProtection.ExtendedProtectionPolicy.OSSupportsExtendedProtection)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(
                        new PlatformNotSupportedException(SR.GetString(SR.ExtendedProtectionNotSupported)));
                }
                this.extendedProtectionPolicy = value;
            }
        }

        [DefaultValue(TransportDefaults.SslProtocols)]
        public SslProtocols SslProtocols
        {
            get { return this.sslProtocols; }
            set
            {
                SslProtocolsHelper.Validate(value);
                this.sslProtocols = value;
            }
        }

        SslStreamSecurityBindingElement CreateSslBindingElement(bool requireClientCertificate)
        {
            if (this.protectionLevel != ProtectionLevel.EncryptAndSign)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(
                    SR.UnsupportedSslProtectionLevel, this.protectionLevel)));
            }

            SslStreamSecurityBindingElement result = new SslStreamSecurityBindingElement();
            result.RequireClientCertificate = requireClientCertificate;
            result.SslProtocols = sslProtocols;
            return result;
        }

        static bool IsSslBindingElement(BindingElement element, TcpTransportSecurity transportSecurity, out bool requireClientCertificate, out SslProtocols sslProtocols)
        {
            requireClientCertificate = false;
            sslProtocols = TransportDefaults.SslProtocols;
            SslStreamSecurityBindingElement ssl = element as SslStreamSecurityBindingElement;
            if (ssl == null)
                return false;
            transportSecurity.ProtectionLevel = ProtectionLevel.EncryptAndSign;
            requireClientCertificate = ssl.RequireClientCertificate;
            sslProtocols = ssl.SslProtocols;
            return true;
        }

        internal BindingElement CreateTransportProtectionOnly()
        {
            return this.CreateSslBindingElement(false);
        }

        internal static bool SetTransportProtectionOnly(BindingElement transport, TcpTransportSecurity transportSecurity)
        {
            bool requireClientCertificate;
            SslProtocols sslProtocols;
            return IsSslBindingElement(transport, transportSecurity, out requireClientCertificate, out sslProtocols);
        }

        internal BindingElement CreateTransportProtectionAndAuthentication()
        {
            if (this.clientCredentialType == TcpClientCredentialType.Certificate || this.clientCredentialType == TcpClientCredentialType.None)
            {
                return this.CreateSslBindingElement(this.clientCredentialType == TcpClientCredentialType.Certificate);
            }
            else
            {
                WindowsStreamSecurityBindingElement result = new WindowsStreamSecurityBindingElement();
                result.ProtectionLevel = this.protectionLevel;
                return result;
            }
        }

        internal static bool SetTransportProtectionAndAuthentication(BindingElement transport, TcpTransportSecurity transportSecurity)
        {
            bool requireClientCertificate = false;
            SslProtocols sslProtocols = TransportDefaults.SslProtocols;
            if (transport is WindowsStreamSecurityBindingElement)
            {
                transportSecurity.ClientCredentialType = TcpClientCredentialType.Windows;
                transportSecurity.ProtectionLevel = ((WindowsStreamSecurityBindingElement)transport).ProtectionLevel;
                return true;
            }
            else if (IsSslBindingElement(transport, transportSecurity, out requireClientCertificate, out sslProtocols))
            {
                transportSecurity.ClientCredentialType = requireClientCertificate ? TcpClientCredentialType.Certificate : TcpClientCredentialType.None;
                transportSecurity.SslProtocols = sslProtocols;
                return true;
            }
            return false;
        }

        internal bool InternalShouldSerialize()
        {
            return this.ClientCredentialType != TcpTransportSecurity.DefaultClientCredentialType
                || this.ProtectionLevel != TcpTransportSecurity.DefaultProtectionLevel
                || this.SslProtocols != TransportDefaults.SslProtocols
                || ShouldSerializeExtendedProtectionPolicy();
        }

        [EditorBrowsable(EditorBrowsableState.Never)]
        public bool ShouldSerializeExtendedProtectionPolicy()
        {
            return !ChannelBindingUtility.AreEqual(this.ExtendedProtectionPolicy, ChannelBindingUtility.DefaultPolicy);
        }
    }
}
Imported Upstream version 4.6.0.125 Former-commit-id: a2155e9bd80020e49e72e86c44da02a8ac0e57a4 2016-08-03 10:59:49 +00:00			`//------------------------------------------------------------`
			`// Copyright (c) Microsoft Corporation. All rights reserved.`
			`//------------------------------------------------------------`
			`namespace System.ServiceModel`
			`{`
			`using System;`
			`using System.Security.Authentication;`
			`using System.Security.Authentication.ExtendedProtection;`
			`using System.ServiceModel.Channels;`
			`using System.ServiceModel.Security;`
			`using System.Net;`
			`using System.Net.Security;`
			`using System.ComponentModel;`

			`public sealed class TcpTransportSecurity`
			`{`
			`internal const TcpClientCredentialType DefaultClientCredentialType = TcpClientCredentialType.Windows;`
			`internal const ProtectionLevel DefaultProtectionLevel = ProtectionLevel.EncryptAndSign;`

			`TcpClientCredentialType clientCredentialType;`
			`ProtectionLevel protectionLevel;`
			`ExtendedProtectionPolicy extendedProtectionPolicy;`
			`SslProtocols sslProtocols;`

			`public TcpTransportSecurity()`
			`{`
			`this.clientCredentialType = DefaultClientCredentialType;`
			`this.protectionLevel = DefaultProtectionLevel;`
			`this.extendedProtectionPolicy = ChannelBindingUtility.DefaultPolicy;`
			`this.sslProtocols = TransportDefaults.SslProtocols;`
			`}`

			`[DefaultValue(DefaultClientCredentialType)]`
			`public TcpClientCredentialType ClientCredentialType`
			`{`
			`get { return this.clientCredentialType; }`
			`set`
			`{`
			`if (!TcpClientCredentialTypeHelper.IsDefined(value))`
			`{`
			`throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value"));`
			`}`
			`this.clientCredentialType = value;`
			`}`
			`}`

			`[DefaultValue(DefaultProtectionLevel)]`
			`public ProtectionLevel ProtectionLevel`
			`{`
			`get { return this.protectionLevel; }`
			`set`
			`{`
			`if (!ProtectionLevelHelper.IsDefined(value))`
			`{`
			`throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value"));`
			`}`
			`this.protectionLevel = value;`
			`}`
			`}`

			`public ExtendedProtectionPolicy ExtendedProtectionPolicy`
			`{`
			`get`
			`{`
			`return this.extendedProtectionPolicy;`
			`}`
			`set`
			`{`
			`if (value == null)`
			`{`
			`throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value");`
			`}`

			`if (value.PolicyEnforcement == PolicyEnforcement.Always &&`
			`!System.Security.Authentication.ExtendedProtection.ExtendedProtectionPolicy.OSSupportsExtendedProtection)`
			`{`
			`throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(`
			`new PlatformNotSupportedException(SR.GetString(SR.ExtendedProtectionNotSupported)));`
			`}`
			`this.extendedProtectionPolicy = value;`
			`}`
			`}`

			`[DefaultValue(TransportDefaults.SslProtocols)]`
			`public SslProtocols SslProtocols`
			`{`
			`get { return this.sslProtocols; }`
			`set`
			`{`
			`SslProtocolsHelper.Validate(value);`
			`this.sslProtocols = value;`
			`}`
			`}`

			`SslStreamSecurityBindingElement CreateSslBindingElement(bool requireClientCertificate)`
			`{`
			`if (this.protectionLevel != ProtectionLevel.EncryptAndSign)`
			`{`
			`throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(`
			`SR.UnsupportedSslProtectionLevel, this.protectionLevel)));`
			`}`

			`SslStreamSecurityBindingElement result = new SslStreamSecurityBindingElement();`
			`result.RequireClientCertificate = requireClientCertificate;`
			`result.SslProtocols = sslProtocols;`
			`return result;`
			`}`

			`static bool IsSslBindingElement(BindingElement element, TcpTransportSecurity transportSecurity, out bool requireClientCertificate, out SslProtocols sslProtocols)`
			`{`
			`requireClientCertificate = false;`
			`sslProtocols = TransportDefaults.SslProtocols;`
			`SslStreamSecurityBindingElement ssl = element as SslStreamSecurityBindingElement;`
			`if (ssl == null)`
			`return false;`
			`transportSecurity.ProtectionLevel = ProtectionLevel.EncryptAndSign;`
			`requireClientCertificate = ssl.RequireClientCertificate;`
			`sslProtocols = ssl.SslProtocols;`
			`return true;`
			`}`

			`internal BindingElement CreateTransportProtectionOnly()`
			`{`
			`return this.CreateSslBindingElement(false);`
			`}`

			`internal static bool SetTransportProtectionOnly(BindingElement transport, TcpTransportSecurity transportSecurity)`
			`{`
			`bool requireClientCertificate;`
			`SslProtocols sslProtocols;`
			`return IsSslBindingElement(transport, transportSecurity, out requireClientCertificate, out sslProtocols);`
			`}`

			`internal BindingElement CreateTransportProtectionAndAuthentication()`
			`{`
			`if (this.clientCredentialType == TcpClientCredentialType.Certificate \|\| this.clientCredentialType == TcpClientCredentialType.None)`
			`{`
			`return this.CreateSslBindingElement(this.clientCredentialType == TcpClientCredentialType.Certificate);`
			`}`
			`else`
			`{`
			`WindowsStreamSecurityBindingElement result = new WindowsStreamSecurityBindingElement();`
			`result.ProtectionLevel = this.protectionLevel;`
			`return result;`
			`}`
			`}`

			`internal static bool SetTransportProtectionAndAuthentication(BindingElement transport, TcpTransportSecurity transportSecurity)`
			`{`
			`bool requireClientCertificate = false;`
			`SslProtocols sslProtocols = TransportDefaults.SslProtocols;`
			`if (transport is WindowsStreamSecurityBindingElement)`
			`{`
			`transportSecurity.ClientCredentialType = TcpClientCredentialType.Windows;`
			`transportSecurity.ProtectionLevel = ((WindowsStreamSecurityBindingElement)transport).ProtectionLevel;`
			`return true;`
			`}`
			`else if (IsSslBindingElement(transport, transportSecurity, out requireClientCertificate, out sslProtocols))`
			`{`
			`transportSecurity.ClientCredentialType = requireClientCertificate ? TcpClientCredentialType.Certificate : TcpClientCredentialType.None;`
			`transportSecurity.SslProtocols = sslProtocols;`
			`return true;`
			`}`
			`return false;`
			`}`

			`internal bool InternalShouldSerialize()`
			`{`
			`return this.ClientCredentialType != TcpTransportSecurity.DefaultClientCredentialType`
			`\|\| this.ProtectionLevel != TcpTransportSecurity.DefaultProtectionLevel`
			`\|\| this.SslProtocols != TransportDefaults.SslProtocols`
			`\|\| ShouldSerializeExtendedProtectionPolicy();`
			`}`

			`[EditorBrowsable(EditorBrowsableState.Never)]`
			`public bool ShouldSerializeExtendedProtectionPolicy()`
			`{`
			`return !ChannelBindingUtility.AreEqual(this.ExtendedProtectionPolicy, ChannelBindingUtility.DefaultPolicy);`
			`}`
			`}`
			`}`