You've already forked linux-packaging-mono
							
							
		
			
	
	
		
			270 lines
		
	
	
		
			9.5 KiB
		
	
	
	
		
			C#
		
	
	
	
	
	
		
		
			
		
	
	
			270 lines
		
	
	
		
			9.5 KiB
		
	
	
	
		
			C#
		
	
	
	
	
	
|   | //------------------------------------------------------------ | ||
|  | // Copyright (c) Microsoft Corporation.  All rights reserved. | ||
|  | //------------------------------------------------------------ | ||
|  | 
 | ||
|  | using System; | ||
|  | using System.Collections.Generic; | ||
|  | using System.Collections.ObjectModel; | ||
|  | using System.Globalization; | ||
|  | using System.IdentityModel.Policy; | ||
|  | using System.IdentityModel.Selectors; | ||
|  | using System.IdentityModel.Tokens; | ||
|  | using System.Reflection; | ||
|  | using System.ServiceModel; | ||
|  | using System.ServiceModel.Security.Tokens; | ||
|  | using SysClaim = System.IdentityModel.Claims.Claim; | ||
|  | using SystemAuthorizationContext = System.IdentityModel.Policy.AuthorizationContext; | ||
|  | 
 | ||
|  | using System.Security.Claims; | ||
|  | 
 | ||
|  | 
 | ||
|  | namespace System.ServiceModel.Security | ||
|  | { | ||
|  | 
 | ||
|  |     /// <summary> | ||
|  |     /// Wraps a SessionSecurityTokenHandler. Delegates the token authentication call to | ||
|  |     /// this wrapped tokenAuthenticator. Wraps the returned ClaimsIdentities into | ||
|  |     /// an IAuthorizationPolicy. This class is wired into WCF and actually receives  | ||
|  |     /// SecurityContextSecurityTokens which are then wrapped into SessionSecurityTokens for | ||
|  |     /// validation. | ||
|  |     /// </summary> | ||
|  |     internal class WrappedSessionSecurityTokenAuthenticator : SecurityTokenAuthenticator, IIssuanceSecurityTokenAuthenticator, ICommunicationObject | ||
|  |     { | ||
|  |         SessionSecurityTokenHandler _sessionTokenHandler; | ||
|  |         IIssuanceSecurityTokenAuthenticator _issuanceSecurityTokenAuthenticator; | ||
|  |         ICommunicationObject _communicationObject; | ||
|  | 
 | ||
|  |         SctClaimsHandler _sctClaimsHandler; | ||
|  |         ExceptionMapper _exceptionMapper; | ||
|  | 
 | ||
|  |         /// <summary> | ||
|  |         /// Initializes an instance of <see cref="WrappedRsaSecurityTokenAuthenticator"/> | ||
|  |         /// </summary> | ||
|  |         /// <param name="sessionTokenHandler">The sessionTokenHandler to wrap</param> | ||
|  |         /// <param name="wcfSessionAuthenticator">The wcf SessionTokenAuthenticator.</param> | ||
|  |         /// <param name="sctClaimsHandler">Handler that converts WCF generated IAuthorizationPolicy to <see cref="AuthorizationPolicy"/></param> | ||
|  |         /// <param name="exceptionMapper">Converts token validation exception to SOAP faults.</param> | ||
|  |         public WrappedSessionSecurityTokenAuthenticator( SessionSecurityTokenHandler sessionTokenHandler, | ||
|  |                                                          SecurityTokenAuthenticator wcfSessionAuthenticator, | ||
|  |                                                          SctClaimsHandler sctClaimsHandler, | ||
|  |                                                          ExceptionMapper exceptionMapper ) | ||
|  |             : base() | ||
|  |         { | ||
|  |             if ( sessionTokenHandler == null ) | ||
|  |             { | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "sessionTokenHandler" ); | ||
|  |             } | ||
|  | 
 | ||
|  |             if ( wcfSessionAuthenticator == null ) | ||
|  |             { | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "wcfSessionAuthenticator" ); | ||
|  |             } | ||
|  | 
 | ||
|  |             if ( sctClaimsHandler == null ) | ||
|  |             { | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "sctClaimsHandler" ); | ||
|  |             } | ||
|  | 
 | ||
|  |             if ( exceptionMapper == null ) | ||
|  |             { | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "exceptionMapper" ); | ||
|  |             } | ||
|  | 
 | ||
|  |             _issuanceSecurityTokenAuthenticator = wcfSessionAuthenticator as IIssuanceSecurityTokenAuthenticator; | ||
|  |             if ( _issuanceSecurityTokenAuthenticator == null ) | ||
|  |             { | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation( SR.GetString( SR.ID4244 ) ); | ||
|  |             } | ||
|  | 
 | ||
|  |             _communicationObject = wcfSessionAuthenticator as ICommunicationObject; | ||
|  |             if ( _communicationObject == null ) | ||
|  |             { | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation( SR.GetString( SR.ID4245 ) ); | ||
|  |             } | ||
|  | 
 | ||
|  |             _sessionTokenHandler = sessionTokenHandler; | ||
|  |             _sctClaimsHandler = sctClaimsHandler; | ||
|  | 
 | ||
|  |             _exceptionMapper = exceptionMapper; | ||
|  |         } | ||
|  | 
 | ||
|  |         /// <summary> | ||
|  |         /// Validates the token using the wrapped token handler and generates IAuthorizationPolicy | ||
|  |         /// wrapping the returned ClaimsIdentities. | ||
|  |         /// </summary> | ||
|  |         /// <param name="token">Token to be validated. This is always a SecurityContextSecurityToken.</param> | ||
|  |         /// <returns>Read-only collection of IAuthorizationPolicy</returns> | ||
|  |         protected override ReadOnlyCollection<IAuthorizationPolicy> ValidateTokenCore( SecurityToken token ) | ||
|  |         { | ||
|  |             SecurityContextSecurityToken sct = token as SecurityContextSecurityToken; | ||
|  |             SessionSecurityToken sessionToken = SecurityContextSecurityTokenHelper.ConvertSctToSessionToken( sct ); | ||
|  |             IEnumerable<ClaimsIdentity> identities = null; | ||
|  | 
 | ||
|  |             try | ||
|  |             { | ||
|  |                 identities = _sessionTokenHandler.ValidateToken(sessionToken, _sctClaimsHandler.EndpointId); | ||
|  |             } | ||
|  |             catch (Exception ex) | ||
|  |             { | ||
|  |                 if (!_exceptionMapper.HandleSecurityTokenProcessingException(ex)) | ||
|  |                 { | ||
|  |                     throw; | ||
|  |                 } | ||
|  |             } | ||
|  | 
 | ||
|  |             return new List<IAuthorizationPolicy>(new AuthorizationPolicy[] { new AuthorizationPolicy(identities) }).AsReadOnly(); | ||
|  |         } | ||
|  | 
 | ||
|  |         protected override bool CanValidateTokenCore( SecurityToken token ) | ||
|  |         { | ||
|  |             return ( token is SecurityContextSecurityToken ); | ||
|  |         } | ||
|  | 
 | ||
|  |         #region IIssuanceSecurityTokenAuthenticator Members | ||
|  | 
 | ||
|  |         public IssuedSecurityTokenHandler IssuedSecurityTokenHandler | ||
|  |         { | ||
|  |             get | ||
|  |             { | ||
|  |                 return _issuanceSecurityTokenAuthenticator.IssuedSecurityTokenHandler; | ||
|  |             } | ||
|  |             set | ||
|  |             { | ||
|  |                 _issuanceSecurityTokenAuthenticator.IssuedSecurityTokenHandler = value; | ||
|  |             } | ||
|  |         } | ||
|  | 
 | ||
|  |         public RenewedSecurityTokenHandler RenewedSecurityTokenHandler | ||
|  |         { | ||
|  |             get | ||
|  |             { | ||
|  |                 return _issuanceSecurityTokenAuthenticator.RenewedSecurityTokenHandler; | ||
|  |             } | ||
|  |             set | ||
|  |             { | ||
|  |                 _issuanceSecurityTokenAuthenticator.RenewedSecurityTokenHandler = value; | ||
|  |             } | ||
|  |         } | ||
|  | 
 | ||
|  |         #endregion | ||
|  | 
 | ||
|  | 
 | ||
|  |         #region ICommunicationObject Members | ||
|  | 
 | ||
|  |         // all these methods are passthroughs | ||
|  | 
 | ||
|  |         public void Abort() | ||
|  |         { | ||
|  |             _communicationObject.Abort(); | ||
|  |         } | ||
|  | 
 | ||
|  |         public System.IAsyncResult BeginClose( System.TimeSpan timeout, System.AsyncCallback callback, object state ) | ||
|  |         { | ||
|  |             return _communicationObject.BeginClose( timeout, callback, state ); | ||
|  |         } | ||
|  | 
 | ||
|  |         public System.IAsyncResult BeginClose( System.AsyncCallback callback, object state ) | ||
|  |         { | ||
|  |             return _communicationObject.BeginClose( callback, state ); | ||
|  |         } | ||
|  | 
 | ||
|  |         public System.IAsyncResult BeginOpen( System.TimeSpan timeout, System.AsyncCallback callback, object state ) | ||
|  |         { | ||
|  |             return _communicationObject.BeginOpen( timeout, callback, state ); | ||
|  |         } | ||
|  | 
 | ||
|  |         public System.IAsyncResult BeginOpen( System.AsyncCallback callback, object state ) | ||
|  |         { | ||
|  |             return _communicationObject.BeginOpen( callback, state ); | ||
|  |         } | ||
|  | 
 | ||
|  |         public void Close( System.TimeSpan timeout ) | ||
|  |         { | ||
|  |             _communicationObject.Close( timeout ); | ||
|  |         } | ||
|  | 
 | ||
|  |         public void Close() | ||
|  |         { | ||
|  |             _communicationObject.Close(); | ||
|  |         } | ||
|  | 
 | ||
|  |         public event System.EventHandler Closed | ||
|  |         { | ||
|  |             add { _communicationObject.Closed += value; } | ||
|  |             remove { _communicationObject.Closed -= value; } | ||
|  |         } | ||
|  | 
 | ||
|  |         public event System.EventHandler Closing | ||
|  |         { | ||
|  |             add { _communicationObject.Closing += value; } | ||
|  |             remove { _communicationObject.Closing -= value; } | ||
|  |         } | ||
|  | 
 | ||
|  |         public void EndClose( System.IAsyncResult result ) | ||
|  |         { | ||
|  |             _communicationObject.EndClose( result ); | ||
|  |         } | ||
|  | 
 | ||
|  |         public void EndOpen( System.IAsyncResult result ) | ||
|  |         { | ||
|  |             _communicationObject.EndOpen( result ); | ||
|  |         } | ||
|  | 
 | ||
|  |         public event System.EventHandler Faulted | ||
|  |         { | ||
|  |             add { _communicationObject.Faulted += value; } | ||
|  |             remove { _communicationObject.Faulted -= value; } | ||
|  |         } | ||
|  | 
 | ||
|  |         public void Open( System.TimeSpan timeout ) | ||
|  |         { | ||
|  |             _communicationObject.Open( timeout ); | ||
|  |         } | ||
|  | 
 | ||
|  |         public void Open() | ||
|  |         { | ||
|  |             _communicationObject.Open(); | ||
|  |         } | ||
|  | 
 | ||
|  |         public event System.EventHandler Opened | ||
|  |         { | ||
|  |             add { _communicationObject.Opened += value; } | ||
|  |             remove { _communicationObject.Opened -= value; } | ||
|  |         } | ||
|  | 
 | ||
|  |         public event System.EventHandler Opening | ||
|  |         { | ||
|  |             add { _communicationObject.Opening += value; } | ||
|  |             remove { _communicationObject.Opening -= value; } | ||
|  |         } | ||
|  | 
 | ||
|  |         public CommunicationState State | ||
|  |         { | ||
|  | 
 | ||
|  |             get { return _communicationObject.State; } | ||
|  |         } | ||
|  | 
 | ||
|  |         #endregion | ||
|  |     } | ||
|  | 
 | ||
|  |     /// <summary> | ||
|  |     /// Defines a SecurityStateEncoder whose Encode and Decode operations are  | ||
|  |     /// a no-op. This class is used to null WCF SecurityContextToken creation | ||
|  |     /// code to skip any encryption and decryption cost. When SessionSecurityTokenHandler | ||
|  |     /// is being used we will use our own EncryptionTransform and ignore the WCF  | ||
|  |     /// generated cookie. | ||
|  |     /// </summary> | ||
|  |     internal class NoOpSecurityStateEncoder : SecurityStateEncoder | ||
|  |     { | ||
|  |         protected internal override byte[] EncodeSecurityState( byte[] data ) | ||
|  |         { | ||
|  |             return data; | ||
|  |         } | ||
|  | 
 | ||
|  |         protected internal override byte[] DecodeSecurityState( byte[] data ) | ||
|  |         { | ||
|  |             return data; | ||
|  |         } | ||
|  |     } | ||
|  | } |