linux-packaging-mono/mcs/class/referencesource/System.ServiceModel/System/ServiceModel/HttpTransportSecurity.cs

//------------------------------------------------------------
// Copyright (c) Microsoft Corporation.  All rights reserved.
//------------------------------------------------------------
namespace System.ServiceModel
{
    using System;
    using System.ComponentModel;
    using System.Security.Authentication.ExtendedProtection;
    using System.ServiceModel.Channels;
    using System.ServiceModel.Security;
    using System.Net;
    using System.Net.Security;

    public sealed class HttpTransportSecurity
    {
        internal const HttpClientCredentialType DefaultClientCredentialType = HttpClientCredentialType.None;
        internal const HttpProxyCredentialType DefaultProxyCredentialType = HttpProxyCredentialType.None;
        internal const string DefaultRealm = System.ServiceModel.Channels.HttpTransportDefaults.Realm;

        HttpClientCredentialType clientCredentialType;
        HttpProxyCredentialType proxyCredentialType;
        string realm;
        ExtendedProtectionPolicy extendedProtectionPolicy;

        public HttpTransportSecurity()
        {
            this.clientCredentialType = DefaultClientCredentialType;
            this.proxyCredentialType = DefaultProxyCredentialType;
            this.realm = DefaultRealm;
            this.extendedProtectionPolicy = ChannelBindingUtility.DefaultPolicy;
        }

        public HttpClientCredentialType ClientCredentialType
        {
            get { return this.clientCredentialType; }
            set
            {
                if (!HttpClientCredentialTypeHelper.IsDefined(value))
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value"));
                }
                this.clientCredentialType = value;
            }
        }

        public HttpProxyCredentialType ProxyCredentialType
        {
            get { return this.proxyCredentialType; }
            set
            {
                if (!HttpProxyCredentialTypeHelper.IsDefined(value))
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value"));
                }
                this.proxyCredentialType = value;
            }
        }

        public string Realm
        {
            get { return this.realm; }
            set { this.realm = value; }
        }

        public ExtendedProtectionPolicy ExtendedProtectionPolicy
        {
            get
            {
                return this.extendedProtectionPolicy;
            }
            set
            {
                if (value == null)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value");
                }

                if (value.PolicyEnforcement == PolicyEnforcement.Always &&
                    !System.Security.Authentication.ExtendedProtection.ExtendedProtectionPolicy.OSSupportsExtendedProtection)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(
                        new PlatformNotSupportedException(SR.GetString(SR.ExtendedProtectionNotSupported)));
                }

                this.extendedProtectionPolicy = value;
            }
        }

        internal void ConfigureTransportProtectionOnly(HttpsTransportBindingElement https)
        {
            DisableAuthentication(https);
            https.RequireClientCertificate = false;
        }

        void ConfigureAuthentication(HttpTransportBindingElement http)
        {
            http.AuthenticationScheme = HttpClientCredentialTypeHelper.MapToAuthenticationScheme(this.clientCredentialType);
            http.ProxyAuthenticationScheme = HttpProxyCredentialTypeHelper.MapToAuthenticationScheme(this.proxyCredentialType);
            http.Realm = this.Realm;
            http.ExtendedProtectionPolicy = this.extendedProtectionPolicy;
        }

        static void ConfigureAuthentication(HttpTransportBindingElement http, HttpTransportSecurity transportSecurity)
        {
            transportSecurity.clientCredentialType = HttpClientCredentialTypeHelper.MapToClientCredentialType(http.AuthenticationScheme);
            transportSecurity.proxyCredentialType = HttpProxyCredentialTypeHelper.MapToProxyCredentialType(http.ProxyAuthenticationScheme);
            transportSecurity.Realm = http.Realm;
            transportSecurity.extendedProtectionPolicy = http.ExtendedProtectionPolicy;
        }

        void DisableAuthentication(HttpTransportBindingElement http)
        {
            http.AuthenticationScheme = AuthenticationSchemes.Anonymous;
            http.ProxyAuthenticationScheme = AuthenticationSchemes.Anonymous;
            http.Realm = DefaultRealm;
            //ExtendedProtectionPolicy is always copied - even for security mode None, Message and TransportWithMessageCredential,
            //because the settings for ExtendedProtectionPolicy are always below the <security><transport> element
            http.ExtendedProtectionPolicy = this.extendedProtectionPolicy;
        }

        static bool IsDisabledAuthentication(HttpTransportBindingElement http)
        {
            return http.AuthenticationScheme == AuthenticationSchemes.Anonymous && http.ProxyAuthenticationScheme == AuthenticationSchemes.Anonymous && http.Realm == DefaultRealm;
        }

        internal void ConfigureTransportProtectionAndAuthentication(HttpsTransportBindingElement https)
        {
            ConfigureAuthentication(https);
            https.RequireClientCertificate = (this.clientCredentialType == HttpClientCredentialType.Certificate);
        }

        internal static void ConfigureTransportProtectionAndAuthentication(HttpsTransportBindingElement https, HttpTransportSecurity transportSecurity)
        {
            ConfigureAuthentication(https, transportSecurity);
            if (https.RequireClientCertificate)
                transportSecurity.ClientCredentialType = HttpClientCredentialType.Certificate;
        }

        internal void ConfigureTransportAuthentication(HttpTransportBindingElement http)
        {
            if (this.clientCredentialType == HttpClientCredentialType.Certificate)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.CertificateUnsupportedForHttpTransportCredentialOnly)));
            }
            ConfigureAuthentication(http);
        }

        internal static bool IsConfiguredTransportAuthentication(HttpTransportBindingElement http, HttpTransportSecurity transportSecurity)
        {
            if (HttpClientCredentialTypeHelper.MapToClientCredentialType(http.AuthenticationScheme) == HttpClientCredentialType.Certificate)
                return false;
            ConfigureAuthentication(http, transportSecurity);
            return true;
        }

        internal void DisableTransportAuthentication(HttpTransportBindingElement http)
        {
            DisableAuthentication(http);
        }

        internal static bool IsDisabledTransportAuthentication(HttpTransportBindingElement http)
        {
            return IsDisabledAuthentication(http);
        }

        internal bool InternalShouldSerialize()
        {
            return this.ShouldSerializeClientCredentialType()
                || this.ShouldSerializeProxyCredentialType()
                || this.ShouldSerializeRealm()
                || this.ShouldSerializeExtendedProtectionPolicy();
        }

        [EditorBrowsable(EditorBrowsableState.Never)]
        public bool ShouldSerializeClientCredentialType()
        {
            return this.ClientCredentialType != DefaultClientCredentialType;
        }

        [EditorBrowsable(EditorBrowsableState.Never)]
        public bool ShouldSerializeProxyCredentialType()
        {
            return this.proxyCredentialType != DefaultProxyCredentialType;
        }

        [EditorBrowsable(EditorBrowsableState.Never)]
        public bool ShouldSerializeRealm()
        {
            return this.Realm != DefaultRealm;
        }

        [EditorBrowsable(EditorBrowsableState.Never)]
        public bool ShouldSerializeExtendedProtectionPolicy()
        {
            return !ChannelBindingUtility.AreEqual(this.ExtendedProtectionPolicy, ChannelBindingUtility.DefaultPolicy);
        }
    }
}
Imported Upstream version 4.6.0.125 Former-commit-id: a2155e9bd80020e49e72e86c44da02a8ac0e57a4 2016-08-03 10:59:49 +00:00			`//------------------------------------------------------------`
			`// Copyright (c) Microsoft Corporation. All rights reserved.`
			`//------------------------------------------------------------`
			`namespace System.ServiceModel`
			`{`
			`using System;`
			`using System.ComponentModel;`
			`using System.Security.Authentication.ExtendedProtection;`
			`using System.ServiceModel.Channels;`
			`using System.ServiceModel.Security;`
			`using System.Net;`
			`using System.Net.Security;`

			`public sealed class HttpTransportSecurity`
			`{`
			`internal const HttpClientCredentialType DefaultClientCredentialType = HttpClientCredentialType.None;`
			`internal const HttpProxyCredentialType DefaultProxyCredentialType = HttpProxyCredentialType.None;`
			`internal const string DefaultRealm = System.ServiceModel.Channels.HttpTransportDefaults.Realm;`

			`HttpClientCredentialType clientCredentialType;`
			`HttpProxyCredentialType proxyCredentialType;`
			`string realm;`
			`ExtendedProtectionPolicy extendedProtectionPolicy;`

			`public HttpTransportSecurity()`
			`{`
			`this.clientCredentialType = DefaultClientCredentialType;`
			`this.proxyCredentialType = DefaultProxyCredentialType;`
			`this.realm = DefaultRealm;`
			`this.extendedProtectionPolicy = ChannelBindingUtility.DefaultPolicy;`
			`}`

			`public HttpClientCredentialType ClientCredentialType`
			`{`
			`get { return this.clientCredentialType; }`
			`set`
			`{`
			`if (!HttpClientCredentialTypeHelper.IsDefined(value))`
			`{`
			`throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value"));`
			`}`
			`this.clientCredentialType = value;`
			`}`
			`}`

			`public HttpProxyCredentialType ProxyCredentialType`
			`{`
			`get { return this.proxyCredentialType; }`
			`set`
			`{`
			`if (!HttpProxyCredentialTypeHelper.IsDefined(value))`
			`{`
			`throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value"));`
			`}`
			`this.proxyCredentialType = value;`
			`}`
			`}`

			`public string Realm`
			`{`
			`get { return this.realm; }`
			`set { this.realm = value; }`
			`}`

			`public ExtendedProtectionPolicy ExtendedProtectionPolicy`
			`{`
			`get`
			`{`
			`return this.extendedProtectionPolicy;`
			`}`
			`set`
			`{`
			`if (value == null)`
			`{`
			`throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value");`
			`}`

			`if (value.PolicyEnforcement == PolicyEnforcement.Always &&`
			`!System.Security.Authentication.ExtendedProtection.ExtendedProtectionPolicy.OSSupportsExtendedProtection)`
			`{`
			`throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(`
			`new PlatformNotSupportedException(SR.GetString(SR.ExtendedProtectionNotSupported)));`
			`}`

			`this.extendedProtectionPolicy = value;`
			`}`
			`}`

			`internal void ConfigureTransportProtectionOnly(HttpsTransportBindingElement https)`
			`{`
			`DisableAuthentication(https);`
			`https.RequireClientCertificate = false;`
			`}`

			`void ConfigureAuthentication(HttpTransportBindingElement http)`
			`{`
			`http.AuthenticationScheme = HttpClientCredentialTypeHelper.MapToAuthenticationScheme(this.clientCredentialType);`
			`http.ProxyAuthenticationScheme = HttpProxyCredentialTypeHelper.MapToAuthenticationScheme(this.proxyCredentialType);`
			`http.Realm = this.Realm;`
			`http.ExtendedProtectionPolicy = this.extendedProtectionPolicy;`
			`}`

			`static void ConfigureAuthentication(HttpTransportBindingElement http, HttpTransportSecurity transportSecurity)`
			`{`
			`transportSecurity.clientCredentialType = HttpClientCredentialTypeHelper.MapToClientCredentialType(http.AuthenticationScheme);`
			`transportSecurity.proxyCredentialType = HttpProxyCredentialTypeHelper.MapToProxyCredentialType(http.ProxyAuthenticationScheme);`
			`transportSecurity.Realm = http.Realm;`
			`transportSecurity.extendedProtectionPolicy = http.ExtendedProtectionPolicy;`
			`}`

			`void DisableAuthentication(HttpTransportBindingElement http)`
			`{`
			`http.AuthenticationScheme = AuthenticationSchemes.Anonymous;`
			`http.ProxyAuthenticationScheme = AuthenticationSchemes.Anonymous;`
			`http.Realm = DefaultRealm;`
			`//ExtendedProtectionPolicy is always copied - even for security mode None, Message and TransportWithMessageCredential,`
			`//because the settings for ExtendedProtectionPolicy are always below the <security><transport> element`
			`http.ExtendedProtectionPolicy = this.extendedProtectionPolicy;`
			`}`

			`static bool IsDisabledAuthentication(HttpTransportBindingElement http)`
			`{`
			`return http.AuthenticationScheme == AuthenticationSchemes.Anonymous && http.ProxyAuthenticationScheme == AuthenticationSchemes.Anonymous && http.Realm == DefaultRealm;`
			`}`

			`internal void ConfigureTransportProtectionAndAuthentication(HttpsTransportBindingElement https)`
			`{`
			`ConfigureAuthentication(https);`
			`https.RequireClientCertificate = (this.clientCredentialType == HttpClientCredentialType.Certificate);`
			`}`

			`internal static void ConfigureTransportProtectionAndAuthentication(HttpsTransportBindingElement https, HttpTransportSecurity transportSecurity)`
			`{`
			`ConfigureAuthentication(https, transportSecurity);`
			`if (https.RequireClientCertificate)`
			`transportSecurity.ClientCredentialType = HttpClientCredentialType.Certificate;`
			`}`

			`internal void ConfigureTransportAuthentication(HttpTransportBindingElement http)`
			`{`
			`if (this.clientCredentialType == HttpClientCredentialType.Certificate)`
			`{`
			`throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.CertificateUnsupportedForHttpTransportCredentialOnly)));`
			`}`
			`ConfigureAuthentication(http);`
			`}`

			`internal static bool IsConfiguredTransportAuthentication(HttpTransportBindingElement http, HttpTransportSecurity transportSecurity)`
			`{`
			`if (HttpClientCredentialTypeHelper.MapToClientCredentialType(http.AuthenticationScheme) == HttpClientCredentialType.Certificate)`
			`return false;`
			`ConfigureAuthentication(http, transportSecurity);`
			`return true;`
			`}`

			`internal void DisableTransportAuthentication(HttpTransportBindingElement http)`
			`{`
			`DisableAuthentication(http);`
			`}`

			`internal static bool IsDisabledTransportAuthentication(HttpTransportBindingElement http)`
			`{`
			`return IsDisabledAuthentication(http);`
			`}`

			`internal bool InternalShouldSerialize()`
			`{`
			`return this.ShouldSerializeClientCredentialType()`
			`\|\| this.ShouldSerializeProxyCredentialType()`
			`\|\| this.ShouldSerializeRealm()`
			`\|\| this.ShouldSerializeExtendedProtectionPolicy();`
			`}`

			`[EditorBrowsable(EditorBrowsableState.Never)]`
			`public bool ShouldSerializeClientCredentialType()`
			`{`
			`return this.ClientCredentialType != DefaultClientCredentialType;`
			`}`

			`[EditorBrowsable(EditorBrowsableState.Never)]`
			`public bool ShouldSerializeProxyCredentialType()`
			`{`
			`return this.proxyCredentialType != DefaultProxyCredentialType;`
			`}`

			`[EditorBrowsable(EditorBrowsableState.Never)]`
			`public bool ShouldSerializeRealm()`
			`{`
			`return this.Realm != DefaultRealm;`
			`}`

			`[EditorBrowsable(EditorBrowsableState.Never)]`
			`public bool ShouldSerializeExtendedProtectionPolicy()`
			`{`
			`return !ChannelBindingUtility.AreEqual(this.ExtendedProtectionPolicy, ChannelBindingUtility.DefaultPolicy);`
			`}`
			`}`
			`}`