linux-packaging-mono/mcs/class/referencesource/System.ServiceModel/System/ServiceModel/Channels/SslStreamSecurityBindingElement.cs

//-----------------------------------------------------------------------------
// Copyright (c) Microsoft Corporation.  All rights reserved.
//-----------------------------------------------------------------------------
namespace System.ServiceModel.Channels
{
    using System.Security.Authentication;
    using System.ComponentModel;
    using System.Collections.Generic;
    using System.Net.Security;
    using System.ServiceModel.Description;
    using System.ServiceModel;
    using System.ServiceModel.Security;
    using System.ServiceModel.Security.Tokens;
    using System.Xml;
    
    public class SslStreamSecurityBindingElement : StreamUpgradeBindingElement, ITransportTokenAssertionProvider, IPolicyExportExtension
    {
        IdentityVerifier identityVerifier;
        bool requireClientCertificate;
        SslProtocols sslProtocols;

        public SslStreamSecurityBindingElement()
        {
            this.requireClientCertificate = TransportDefaults.RequireClientCertificate;
            this.sslProtocols = TransportDefaults.SslProtocols;
        }

        protected SslStreamSecurityBindingElement(SslStreamSecurityBindingElement elementToBeCloned)
            : base(elementToBeCloned)
        {
            this.identityVerifier = elementToBeCloned.identityVerifier;
            this.requireClientCertificate = elementToBeCloned.requireClientCertificate;
            this.sslProtocols = elementToBeCloned.sslProtocols;
        }

        public IdentityVerifier IdentityVerifier
        {
            get
            {
                if (this.identityVerifier == null)
                {
                    this.identityVerifier = IdentityVerifier.CreateDefault();
                }

                return this.identityVerifier;
            }
            set
            {
                if (value == null)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value");
                }

                this.identityVerifier = value;
            }
        }

        [DefaultValue(TransportDefaults.RequireClientCertificate)]
        public bool RequireClientCertificate
        {
            get
            {
                return this.requireClientCertificate;
            }
            set
            {
                this.requireClientCertificate = value;
            }
        }

        [DefaultValue(TransportDefaults.OldDefaultSslProtocols)]
        public SslProtocols SslProtocols
        {
            get
            {
                return this.sslProtocols;
            }
            set
            {
                SslProtocolsHelper.Validate(value);
                this.sslProtocols = value;
            }
        }

        public override IChannelFactory<TChannel> BuildChannelFactory<TChannel>(BindingContext context)
        {
            if (context == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
            }

#pragma warning suppress 56506 // Microsoft, BindingContext.BindingParameters cannot be null
            context.BindingParameters.Add(this);
            return context.BuildInnerChannelFactory<TChannel>();
        }

        public override bool CanBuildChannelFactory<TChannel>(BindingContext context)
        {
            if (context == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
            }

#pragma warning suppress 56506 // Microsoft, BindingContext.BindingParameters cannot be null
            context.BindingParameters.Add(this);
            return context.CanBuildInnerChannelFactory<TChannel>();
        }

        public override IChannelListener<TChannel> BuildChannelListener<TChannel>(BindingContext context)
        {
            if (context == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
            }

#pragma warning suppress 56506 // Microsoft, BindingContext.BindingParameters cannot be null
            context.BindingParameters.Add(this);
            return context.BuildInnerChannelListener<TChannel>();
        }

        public override bool CanBuildChannelListener<TChannel>(BindingContext context)
        {
            if (context == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
            }

#pragma warning suppress 56506 // Microsoft, BindingContext.BindingParameters cannot be null
            context.BindingParameters.Add(this);
            return context.CanBuildInnerChannelListener<TChannel>();
        }

        public override BindingElement Clone()
        {
            return new SslStreamSecurityBindingElement(this);
        }

        public override T GetProperty<T>(BindingContext context)
        {
            if (context == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
            }
            if (typeof(T) == typeof(ISecurityCapabilities))
            {
                return (T)(object)new SecurityCapabilities(this.RequireClientCertificate, true, this.RequireClientCertificate,
                    ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign);
            }
            else if (typeof(T) == typeof(IdentityVerifier))
            {
                return (T)(object)this.IdentityVerifier;
            }
            else
            {
                return context.GetInnerProperty<T>();
            }
        }

        public override StreamUpgradeProvider BuildClientStreamUpgradeProvider(BindingContext context)
        {
            return SslStreamSecurityUpgradeProvider.CreateClientProvider(this, context);
        }

        public override StreamUpgradeProvider BuildServerStreamUpgradeProvider(BindingContext context)
        {
            return SslStreamSecurityUpgradeProvider.CreateServerProvider(this, context);
        }


        internal static void ImportPolicy(MetadataImporter importer, PolicyConversionContext policyContext)
        {
            XmlElement assertion = PolicyConversionContext.FindAssertion(policyContext.GetBindingAssertions(),
                TransportPolicyConstants.SslTransportSecurityName, TransportPolicyConstants.DotNetFramingNamespace, true);

            if (assertion != null)
            {
                SslStreamSecurityBindingElement sslBindingElement = new SslStreamSecurityBindingElement();

                XmlReader reader = new XmlNodeReader(assertion);
                reader.ReadStartElement();
                sslBindingElement.RequireClientCertificate = reader.IsStartElement(
                    TransportPolicyConstants.RequireClientCertificateName,
                    TransportPolicyConstants.DotNetFramingNamespace);
                if (sslBindingElement.RequireClientCertificate)
                {
                    reader.ReadElementString();
                }

                policyContext.BindingElements.Add(sslBindingElement);
            }
        }

        #region ITransportTokenAssertionProvider Members

        public XmlElement GetTransportTokenAssertion()
        {
            XmlDocument document = new XmlDocument();
            XmlElement assertion =
                document.CreateElement(TransportPolicyConstants.DotNetFramingPrefix,
                TransportPolicyConstants.SslTransportSecurityName,
                TransportPolicyConstants.DotNetFramingNamespace);
            if (this.requireClientCertificate)
            {
                assertion.AppendChild(document.CreateElement(TransportPolicyConstants.DotNetFramingPrefix,
                    TransportPolicyConstants.RequireClientCertificateName,
                    TransportPolicyConstants.DotNetFramingNamespace));
            }
            return assertion;
        }

        #endregion

        void IPolicyExportExtension.ExportPolicy(MetadataExporter exporter, PolicyConversionContext context)
        {
            if (exporter == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("exporter");
            }
            if (context == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
            }

            SecurityBindingElement.ExportPolicyForTransportTokenAssertionProviders(exporter, context);
        }

        internal override bool IsMatch(BindingElement b)
        {
            if (b == null)
            {
                return false;
            }
            SslStreamSecurityBindingElement ssl = b as SslStreamSecurityBindingElement;
            if (ssl == null)
            {
                return false;
            }

            return this.requireClientCertificate == ssl.requireClientCertificate && this.sslProtocols == ssl.sslProtocols;
        }

        [EditorBrowsable(EditorBrowsableState.Never)]
        public bool ShouldSerializeIdentityVerifier()
        {
            // IdentifyVerifier.CreateDefault() grabs the static instance of nested DefaultIdentityVerifier. 
            // DefaultIdentityVerifier can't be serialized directly because it's nested. 
            return (!object.ReferenceEquals(this.IdentityVerifier, IdentityVerifier.CreateDefault()));  
        }
    }
}
Imported Upstream version 4.6.0.125 Former-commit-id: a2155e9bd80020e49e72e86c44da02a8ac0e57a4 2016-08-03 10:59:49 +00:00			`//-----------------------------------------------------------------------------`
			`// Copyright (c) Microsoft Corporation. All rights reserved.`
			`//-----------------------------------------------------------------------------`
			`namespace System.ServiceModel.Channels`
			`{`
			`using System.Security.Authentication;`
			`using System.ComponentModel;`
			`using System.Collections.Generic;`
			`using System.Net.Security;`
			`using System.ServiceModel.Description;`
			`using System.ServiceModel;`
			`using System.ServiceModel.Security;`
			`using System.ServiceModel.Security.Tokens;`
			`using System.Xml;`

			`public class SslStreamSecurityBindingElement : StreamUpgradeBindingElement, ITransportTokenAssertionProvider, IPolicyExportExtension`
			`{`
			`IdentityVerifier identityVerifier;`
			`bool requireClientCertificate;`
			`SslProtocols sslProtocols;`

			`public SslStreamSecurityBindingElement()`
			`{`
			`this.requireClientCertificate = TransportDefaults.RequireClientCertificate;`
			`this.sslProtocols = TransportDefaults.SslProtocols;`
			`}`

			`protected SslStreamSecurityBindingElement(SslStreamSecurityBindingElement elementToBeCloned)`
			`: base(elementToBeCloned)`
			`{`
			`this.identityVerifier = elementToBeCloned.identityVerifier;`
			`this.requireClientCertificate = elementToBeCloned.requireClientCertificate;`
			`this.sslProtocols = elementToBeCloned.sslProtocols;`
			`}`

			`public IdentityVerifier IdentityVerifier`
			`{`
			`get`
			`{`
			`if (this.identityVerifier == null)`
			`{`
			`this.identityVerifier = IdentityVerifier.CreateDefault();`
			`}`

			`return this.identityVerifier;`
			`}`
			`set`
			`{`
			`if (value == null)`
			`{`
			`throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value");`
			`}`

			`this.identityVerifier = value;`
			`}`
			`}`

			`[DefaultValue(TransportDefaults.RequireClientCertificate)]`
			`public bool RequireClientCertificate`
			`{`
			`get`
			`{`
			`return this.requireClientCertificate;`
			`}`
			`set`
			`{`
			`this.requireClientCertificate = value;`
			`}`
			`}`

Imported Upstream version 5.10.0.47 Former-commit-id: d0813289fa2d35e1f8ed77530acb4fb1df441bc0 2018-01-24 17:04:36 +00:00			`[DefaultValue(TransportDefaults.OldDefaultSslProtocols)]`
Imported Upstream version 4.6.0.125 Former-commit-id: a2155e9bd80020e49e72e86c44da02a8ac0e57a4 2016-08-03 10:59:49 +00:00			`public SslProtocols SslProtocols`
			`{`
			`get`
			`{`
			`return this.sslProtocols;`
			`}`
			`set`
			`{`
			`SslProtocolsHelper.Validate(value);`
			`this.sslProtocols = value;`
			`}`
			`}`

			`public override IChannelFactory<TChannel> BuildChannelFactory<TChannel>(BindingContext context)`
			`{`
			`if (context == null)`
			`{`
			`throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");`
			`}`

Imported Upstream version 5.4.0.167 Former-commit-id: 5624ac747d633e885131e8349322922b6a59baaa 2017-08-21 15:34:15 +00:00			`#pragma warning suppress 56506 // Microsoft, BindingContext.BindingParameters cannot be null`
Imported Upstream version 4.6.0.125 Former-commit-id: a2155e9bd80020e49e72e86c44da02a8ac0e57a4 2016-08-03 10:59:49 +00:00			`context.BindingParameters.Add(this);`
			`return context.BuildInnerChannelFactory<TChannel>();`
			`}`

			`public override bool CanBuildChannelFactory<TChannel>(BindingContext context)`
			`{`
			`if (context == null)`
			`{`
			`throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");`
			`}`

Imported Upstream version 5.4.0.167 Former-commit-id: 5624ac747d633e885131e8349322922b6a59baaa 2017-08-21 15:34:15 +00:00			`#pragma warning suppress 56506 // Microsoft, BindingContext.BindingParameters cannot be null`
Imported Upstream version 4.6.0.125 Former-commit-id: a2155e9bd80020e49e72e86c44da02a8ac0e57a4 2016-08-03 10:59:49 +00:00			`context.BindingParameters.Add(this);`
			`return context.CanBuildInnerChannelFactory<TChannel>();`
			`}`

			`public override IChannelListener<TChannel> BuildChannelListener<TChannel>(BindingContext context)`
			`{`
			`if (context == null)`
			`{`
			`throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");`
			`}`

Imported Upstream version 5.4.0.167 Former-commit-id: 5624ac747d633e885131e8349322922b6a59baaa 2017-08-21 15:34:15 +00:00			`#pragma warning suppress 56506 // Microsoft, BindingContext.BindingParameters cannot be null`
Imported Upstream version 4.6.0.125 Former-commit-id: a2155e9bd80020e49e72e86c44da02a8ac0e57a4 2016-08-03 10:59:49 +00:00			`context.BindingParameters.Add(this);`
			`return context.BuildInnerChannelListener<TChannel>();`
			`}`

			`public override bool CanBuildChannelListener<TChannel>(BindingContext context)`
			`{`
			`if (context == null)`
			`{`
			`throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");`
			`}`

Imported Upstream version 5.4.0.167 Former-commit-id: 5624ac747d633e885131e8349322922b6a59baaa 2017-08-21 15:34:15 +00:00			`#pragma warning suppress 56506 // Microsoft, BindingContext.BindingParameters cannot be null`
Imported Upstream version 4.6.0.125 Former-commit-id: a2155e9bd80020e49e72e86c44da02a8ac0e57a4 2016-08-03 10:59:49 +00:00			`context.BindingParameters.Add(this);`
			`return context.CanBuildInnerChannelListener<TChannel>();`
			`}`

			`public override BindingElement Clone()`
			`{`
			`return new SslStreamSecurityBindingElement(this);`
			`}`

			`public override T GetProperty<T>(BindingContext context)`
			`{`
			`if (context == null)`
			`{`
			`throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");`
			`}`
			`if (typeof(T) == typeof(ISecurityCapabilities))`
			`{`
			`return (T)(object)new SecurityCapabilities(this.RequireClientCertificate, true, this.RequireClientCertificate,`
			`ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign);`
			`}`
			`else if (typeof(T) == typeof(IdentityVerifier))`
			`{`
			`return (T)(object)this.IdentityVerifier;`
			`}`
			`else`
			`{`
			`return context.GetInnerProperty<T>();`
			`}`
			`}`

			`public override StreamUpgradeProvider BuildClientStreamUpgradeProvider(BindingContext context)`
			`{`
			`return SslStreamSecurityUpgradeProvider.CreateClientProvider(this, context);`
			`}`

			`public override StreamUpgradeProvider BuildServerStreamUpgradeProvider(BindingContext context)`
			`{`
			`return SslStreamSecurityUpgradeProvider.CreateServerProvider(this, context);`
			`}`


			`internal static void ImportPolicy(MetadataImporter importer, PolicyConversionContext policyContext)`
			`{`
			`XmlElement assertion = PolicyConversionContext.FindAssertion(policyContext.GetBindingAssertions(),`
			`TransportPolicyConstants.SslTransportSecurityName, TransportPolicyConstants.DotNetFramingNamespace, true);`

			`if (assertion != null)`
			`{`
			`SslStreamSecurityBindingElement sslBindingElement = new SslStreamSecurityBindingElement();`

			`XmlReader reader = new XmlNodeReader(assertion);`
			`reader.ReadStartElement();`
			`sslBindingElement.RequireClientCertificate = reader.IsStartElement(`
			`TransportPolicyConstants.RequireClientCertificateName,`
			`TransportPolicyConstants.DotNetFramingNamespace);`
			`if (sslBindingElement.RequireClientCertificate)`
			`{`
			`reader.ReadElementString();`
			`}`

			`policyContext.BindingElements.Add(sslBindingElement);`
			`}`
			`}`

			`#region ITransportTokenAssertionProvider Members`

			`public XmlElement GetTransportTokenAssertion()`
			`{`
			`XmlDocument document = new XmlDocument();`
			`XmlElement assertion =`
			`document.CreateElement(TransportPolicyConstants.DotNetFramingPrefix,`
			`TransportPolicyConstants.SslTransportSecurityName,`
			`TransportPolicyConstants.DotNetFramingNamespace);`
			`if (this.requireClientCertificate)`
			`{`
			`assertion.AppendChild(document.CreateElement(TransportPolicyConstants.DotNetFramingPrefix,`
			`TransportPolicyConstants.RequireClientCertificateName,`
			`TransportPolicyConstants.DotNetFramingNamespace));`
			`}`
			`return assertion;`
			`}`

			`#endregion`

			`void IPolicyExportExtension.ExportPolicy(MetadataExporter exporter, PolicyConversionContext context)`
			`{`
			`if (exporter == null)`
			`{`
			`throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("exporter");`
			`}`
			`if (context == null)`
			`{`
			`throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");`
			`}`

			`SecurityBindingElement.ExportPolicyForTransportTokenAssertionProviders(exporter, context);`
			`}`

			`internal override bool IsMatch(BindingElement b)`
			`{`
			`if (b == null)`
			`{`
			`return false;`
			`}`
			`SslStreamSecurityBindingElement ssl = b as SslStreamSecurityBindingElement;`
			`if (ssl == null)`
			`{`
			`return false;`
			`}`

			`return this.requireClientCertificate == ssl.requireClientCertificate && this.sslProtocols == ssl.sslProtocols;`
			`}`

			`[EditorBrowsable(EditorBrowsableState.Never)]`
			`public bool ShouldSerializeIdentityVerifier()`
			`{`
			`// IdentifyVerifier.CreateDefault() grabs the static instance of nested DefaultIdentityVerifier.`
			`// DefaultIdentityVerifier can't be serialized directly because it's nested.`
			`return (!object.ReferenceEquals(this.IdentityVerifier, IdentityVerifier.CreateDefault()));`
			`}`
			`}`
			`}`