238 lines
9.4 KiB
C#
238 lines
9.4 KiB
C#
|
//------------------------------------------------------------
|
||
|
|
// Copyright (c) Microsoft Corporation. All rights reserved.
|
||
|
|
//------------------------------------------------------------
|
||
|
|
|
||
|
|
namespace System.ServiceModel.Security
|
||
|
|
{
|
||
|
|
using System.Collections.Generic;
|
||
|
|
using System.ServiceModel.Channels;
|
||
|
|
using System.ServiceModel;
|
||
|
|
using System.ServiceModel.Description;
|
||
|
|
using System.ServiceModel.Security.Tokens;
|
||
|
|
using System.Collections.ObjectModel;
|
||
|
|
using System.IdentityModel.Policy;
|
||
|
|
using System.IdentityModel.Selectors;
|
||
|
|
using System.IdentityModel.Tokens;
|
||
|
|
|
||
|
|
using System.Xml;
|
||
|
|
using System.Runtime.CompilerServices;
|
||
|
|
|
||
|
|
class SecurityStandardsManager
|
||
|
|
{
|
||
|
|
static SecurityStandardsManager instance;
|
||
|
|
|
||
|
|
readonly SecureConversationDriver secureConversationDriver;
|
||
|
|
readonly TrustDriver trustDriver;
|
||
|
|
readonly SignatureTargetIdManager idManager;
|
||
|
|
readonly MessageSecurityVersion messageSecurityVersion;
|
||
|
|
readonly WSUtilitySpecificationVersion wsUtilitySpecificationVersion;
|
||
|
|
readonly SecurityTokenSerializer tokenSerializer;
|
||
|
|
WSSecurityTokenSerializer wsSecurityTokenSerializer;
|
||
|
|
|
||
|
|
[MethodImpl(MethodImplOptions.NoInlining)]
|
||
|
|
public SecurityStandardsManager()
|
||
|
|
: this(WSSecurityTokenSerializer.DefaultInstance)
|
||
|
|
{
|
||
|
|
}
|
||
|
|
|
||
|
|
public SecurityStandardsManager(SecurityTokenSerializer tokenSerializer)
|
||
|
|
: this(MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11, tokenSerializer)
|
||
|
|
{
|
||
|
|
}
|
||
|
|
|
||
|
|
public SecurityStandardsManager(MessageSecurityVersion messageSecurityVersion, SecurityTokenSerializer tokenSerializer)
|
||
|
|
{
|
||
|
|
if (messageSecurityVersion == null)
|
||
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("messageSecurityVersion"));
|
||
|
|
if (tokenSerializer == null)
|
||
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenSerializer");
|
||
|
|
|
||
|
|
this.messageSecurityVersion = messageSecurityVersion;
|
||
|
|
this.tokenSerializer = tokenSerializer;
|
||
|
|
if (messageSecurityVersion.SecureConversationVersion == SecureConversationVersion.WSSecureConversation13)
|
||
|
|
this.secureConversationDriver = new WSSecureConversationDec2005.DriverDec2005();
|
||
|
|
else
|
||
|
|
this.secureConversationDriver = new WSSecureConversationFeb2005.DriverFeb2005();
|
||
|
|
|
||
|
|
if (this.SecurityVersion == SecurityVersion.WSSecurity10 || this.SecurityVersion == SecurityVersion.WSSecurity11)
|
||
|
|
{
|
||
|
|
this.idManager = WSSecurityJan2004.IdManager.Instance;
|
||
|
|
}
|
||
|
|
else
|
||
|
|
{
|
||
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("messageSecurityVersion", SR.GetString(SR.MessageSecurityVersionOutOfRange)));
|
||
|
|
}
|
||
|
|
|
||
|
|
this.wsUtilitySpecificationVersion = WSUtilitySpecificationVersion.Default;
|
||
|
|
if (messageSecurityVersion.MessageSecurityTokenVersion.TrustVersion == TrustVersion.WSTrust13)
|
||
|
|
this.trustDriver = new WSTrustDec2005.DriverDec2005(this);
|
||
|
|
else
|
||
|
|
this.trustDriver = new WSTrustFeb2005.DriverFeb2005(this);
|
||
|
|
}
|
||
|
|
|
||
|
|
public static SecurityStandardsManager DefaultInstance
|
||
|
|
{
|
||
|
|
get
|
||
|
|
{
|
||
|
|
if (instance == null)
|
||
|
|
instance = new SecurityStandardsManager();
|
||
|
|
return instance;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
public SecurityVersion SecurityVersion
|
||
|
|
{
|
||
|
|
get { return this.messageSecurityVersion == null ? null : this.messageSecurityVersion.SecurityVersion; }
|
||
|
|
}
|
||
|
|
|
||
|
|
public MessageSecurityVersion MessageSecurityVersion
|
||
|
|
{
|
||
|
|
get { return this.messageSecurityVersion; }
|
||
|
|
}
|
||
|
|
|
||
|
|
public TrustVersion TrustVersion
|
||
|
|
{
|
||
|
|
get { return this.messageSecurityVersion.TrustVersion; }
|
||
|
|
}
|
||
|
|
|
||
|
|
public SecureConversationVersion SecureConversationVersion
|
||
|
|
{
|
||
|
|
get { return this.messageSecurityVersion.SecureConversationVersion; }
|
||
|
|
}
|
||
|
|
|
||
|
|
internal SecurityTokenSerializer SecurityTokenSerializer
|
||
|
|
{
|
||
|
|
get { return this.tokenSerializer; }
|
||
|
|
}
|
||
|
|
|
||
|
|
internal WSUtilitySpecificationVersion WSUtilitySpecificationVersion
|
||
|
|
{
|
||
|
|
get { return this.wsUtilitySpecificationVersion; }
|
||
|
|
}
|
||
|
|
|
||
|
|
internal SignatureTargetIdManager IdManager
|
||
|
|
{
|
||
|
|
get { return this.idManager; }
|
||
|
|
}
|
||
|
|
|
||
|
|
internal SecureConversationDriver SecureConversationDriver
|
||
|
|
{
|
||
|
|
get { return this.secureConversationDriver; }
|
||
|
|
}
|
||
|
|
|
||
|
|
internal TrustDriver TrustDriver
|
||
|
|
{
|
||
|
|
get { return this.trustDriver; }
|
||
|
|
}
|
||
|
|
|
||
|
|
WSSecurityTokenSerializer WSSecurityTokenSerializer
|
||
|
|
{
|
||
|
|
get
|
||
|
|
{
|
||
|
|
if (this.wsSecurityTokenSerializer == null)
|
||
|
|
{
|
||
|
|
WSSecurityTokenSerializer wsSecurityTokenSerializer = this.tokenSerializer as WSSecurityTokenSerializer;
|
||
|
|
if (wsSecurityTokenSerializer == null)
|
||
|
|
{
|
||
|
|
wsSecurityTokenSerializer = new WSSecurityTokenSerializer(this.SecurityVersion);
|
||
|
|
}
|
||
|
|
this.wsSecurityTokenSerializer = wsSecurityTokenSerializer;
|
||
|
|
}
|
||
|
|
return this.wsSecurityTokenSerializer;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
internal bool TryCreateKeyIdentifierClauseFromTokenXml(XmlElement element, SecurityTokenReferenceStyle tokenReferenceStyle, out SecurityKeyIdentifierClause securityKeyIdentifierClause)
|
||
|
|
{
|
||
|
|
return this.WSSecurityTokenSerializer.TryCreateKeyIdentifierClauseFromTokenXml(element, tokenReferenceStyle, out securityKeyIdentifierClause);
|
||
|
|
}
|
||
|
|
|
||
|
|
internal SecurityKeyIdentifierClause CreateKeyIdentifierClauseFromTokenXml(XmlElement element, SecurityTokenReferenceStyle tokenReferenceStyle)
|
||
|
|
{
|
||
|
|
return this.WSSecurityTokenSerializer.CreateKeyIdentifierClauseFromTokenXml(element, tokenReferenceStyle);
|
||
|
|
}
|
||
|
|
|
||
|
|
internal SendSecurityHeader CreateSendSecurityHeader(Message message,
|
||
|
|
string actor, bool mustUnderstand, bool relay,
|
||
|
|
SecurityAlgorithmSuite algorithmSuite, MessageDirection direction)
|
||
|
|
{
|
||
|
|
return this.SecurityVersion.CreateSendSecurityHeader(message, actor, mustUnderstand, relay, this, algorithmSuite, direction);
|
||
|
|
}
|
||
|
|
|
||
|
|
internal ReceiveSecurityHeader CreateReceiveSecurityHeader(Message message,
|
||
|
|
string actor,
|
||
|
|
SecurityAlgorithmSuite algorithmSuite, MessageDirection direction)
|
||
|
|
{
|
||
|
|
ReceiveSecurityHeader header = TryCreateReceiveSecurityHeader(message, actor, algorithmSuite, direction);
|
||
|
|
if (header == null)
|
||
|
|
{
|
||
|
|
if (String.IsNullOrEmpty(actor))
|
||
|
|
throw System.ServiceModel.Diagnostics.TraceUtility.ThrowHelperError(new MessageSecurityException(
|
||
|
|
SR.GetString(SR.UnableToFindSecurityHeaderInMessageNoActor)), message);
|
||
|
|
else
|
||
|
|
throw System.ServiceModel.Diagnostics.TraceUtility.ThrowHelperError(new MessageSecurityException(
|
||
|
|
SR.GetString(SR.UnableToFindSecurityHeaderInMessage, actor)), message);
|
||
|
|
}
|
||
|
|
return header;
|
||
|
|
}
|
||
|
|
|
||
|
|
internal ReceiveSecurityHeader TryCreateReceiveSecurityHeader(Message message,
|
||
|
|
string actor,
|
||
|
|
SecurityAlgorithmSuite algorithmSuite, MessageDirection direction)
|
||
|
|
{
|
||
|
|
return this.SecurityVersion.TryCreateReceiveSecurityHeader(message, actor, this, algorithmSuite, direction);
|
||
|
|
}
|
||
|
|
|
||
|
|
internal bool DoesMessageContainSecurityHeader(Message message)
|
||
|
|
{
|
||
|
|
return this.SecurityVersion.DoesMessageContainSecurityHeader(message);
|
||
|
|
}
|
||
|
|
|
||
|
|
internal bool TryGetSecurityContextIds(Message message, string[] actors, bool isStrictMode, ICollection<UniqueId> results)
|
||
|
|
{
|
||
|
|
if (results == null)
|
||
|
|
{
|
||
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("results");
|
||
|
|
}
|
||
|
|
SecureConversationDriver driver = this.SecureConversationDriver;
|
||
|
|
int securityHeaderIndex = this.SecurityVersion.FindIndexOfSecurityHeader(message, actors);
|
||
|
|
if (securityHeaderIndex < 0)
|
||
|
|
{
|
||
|
|
return false;
|
||
|
|
}
|
||
|
|
bool addedContextIds = false;
|
||
|
|
using (XmlDictionaryReader reader = message.Headers.GetReaderAtHeader(securityHeaderIndex))
|
||
|
|
{
|
||
|
|
if (!reader.IsStartElement())
|
||
|
|
{
|
||
|
|
return false;
|
||
|
|
}
|
||
|
|
if (reader.IsEmptyElement)
|
||
|
|
{
|
||
|
|
return false;
|
||
|
|
}
|
||
|
|
reader.ReadStartElement();
|
||
|
|
while (reader.IsStartElement())
|
||
|
|
{
|
||
|
|
if (driver.IsAtSecurityContextToken(reader))
|
||
|
|
{
|
||
|
|
results.Add(driver.GetSecurityContextTokenId(reader));
|
||
|
|
addedContextIds = true;
|
||
|
|
if (isStrictMode)
|
||
|
|
{
|
||
|
|
break;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
else
|
||
|
|
{
|
||
|
|
reader.Skip();
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
return addedContextIds;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
|