linux-packaging-mono/mcs/class/referencesource/System.ServiceModel/System/ServiceModel/MessageSecurityOverMsmq.cs

//------------------------------------------------------------
// Copyright (c) Microsoft Corporation.  All rights reserved.
//------------------------------------------------------------
namespace System.ServiceModel
{
    using System.Runtime;
    using System.ComponentModel;
    using System.Runtime.CompilerServices;
    using System.ServiceModel.Channels;
    using System.ServiceModel.Security;
    using System.ServiceModel.Security.Tokens;

    public sealed class MessageSecurityOverMsmq
    {
        internal const MessageCredentialType DefaultClientCredentialType = MessageCredentialType.Windows;

        MessageCredentialType clientCredentialType;
        SecurityAlgorithmSuite algorithmSuite;
        bool wasAlgorithmSuiteSet;

        public MessageSecurityOverMsmq()
        {
            clientCredentialType = DefaultClientCredentialType;
            algorithmSuite = SecurityAlgorithmSuite.Default;
        }

        [DefaultValue(MsmqDefaults.DefaultClientCredentialType)]
        public MessageCredentialType ClientCredentialType
        {
            get { return this.clientCredentialType; }
            set
            {
                if (!MessageCredentialTypeHelper.IsDefined(value))
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value"));
                }
                this.clientCredentialType = value;
            }
        }

        [DefaultValue(typeof(SecurityAlgorithmSuite), System.ServiceModel.Configuration.ConfigurationStrings.Default)]
        public SecurityAlgorithmSuite AlgorithmSuite
        {
            get { return this.algorithmSuite; }
            set
            {
                if (value == null)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value");
                }
                this.algorithmSuite = value;
                wasAlgorithmSuiteSet = true;
            }
        }

        internal bool WasAlgorithmSuiteSet
        {
            get { return this.wasAlgorithmSuiteSet; }
        }

        [MethodImpl(MethodImplOptions.NoInlining)]
        internal SecurityBindingElement CreateSecurityBindingElement()
        {
            SymmetricSecurityBindingElement result;
            bool isKerberosSelected = false;
            switch (this.clientCredentialType)
            {
                case MessageCredentialType.None:
                    result = SecurityBindingElement.CreateAnonymousForCertificateBindingElement();
                    break;
                case MessageCredentialType.UserName:
                    result = SecurityBindingElement.CreateUserNameForCertificateBindingElement();
                    break;
                case MessageCredentialType.Certificate:
                    result = (SymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement();
                    break;
                case MessageCredentialType.Windows:
                    result = SecurityBindingElement.CreateKerberosBindingElement();
                    isKerberosSelected = true;
                    break;
                case MessageCredentialType.IssuedToken:
                    result = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(), this.algorithmSuite));
                    break;
                default:
                    Fx.Assert("unknown ClientCredentialType");
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
            }

            result.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11;

            // set the algorithm suite and issued token params if required
            if (wasAlgorithmSuiteSet || !isKerberosSelected)
            {
                result.DefaultAlgorithmSuite = this.AlgorithmSuite;
            }
            else if (isKerberosSelected)
            {
                result.DefaultAlgorithmSuite = SecurityAlgorithmSuite.KerberosDefault;
            }

            result.IncludeTimestamp = false;
            result.LocalServiceSettings.DetectReplays = false;
            result.LocalClientSettings.DetectReplays = false;

            return result;
        }

        internal static bool TryCreate(SecurityBindingElement sbe, out MessageSecurityOverMsmq messageSecurity)
        {
            messageSecurity = null;
            if (sbe == null)
                return false;

            SymmetricSecurityBindingElement ssbe = sbe as SymmetricSecurityBindingElement;
            if (ssbe == null)
                return false;

            if (sbe.MessageSecurityVersion != MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10
                && sbe.MessageSecurityVersion != MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11)
            {
                return false;
            }

            // do not check local settings: sbe.LocalServiceSettings and sbe.LocalClientSettings

            if (ssbe.IncludeTimestamp)
                return false;

            bool isKerberosSelected = false;
            MessageCredentialType clientCredentialType;
            IssuedSecurityTokenParameters issuedParameters;
            if (SecurityBindingElement.IsAnonymousForCertificateBinding(sbe))
            {
                clientCredentialType = MessageCredentialType.None;
            }
            else if (SecurityBindingElement.IsUserNameForCertificateBinding(sbe))
            {
                clientCredentialType = MessageCredentialType.UserName;
            }
            else if (SecurityBindingElement.IsMutualCertificateBinding(sbe))
            {
                clientCredentialType = MessageCredentialType.Certificate;
            }
            else if (SecurityBindingElement.IsKerberosBinding(sbe))
            {
                clientCredentialType = MessageCredentialType.Windows;
                isKerberosSelected = true;
            }
            else if (SecurityBindingElement.IsIssuedTokenForCertificateBinding(sbe, out issuedParameters))
            {
                if (!IssuedSecurityTokenParameters.IsInfoCardParameters(
                        issuedParameters,
                        new SecurityStandardsManager(
                            sbe.MessageSecurityVersion,
                            new WSSecurityTokenSerializer(
                                sbe.MessageSecurityVersion.SecurityVersion,
                                sbe.MessageSecurityVersion.TrustVersion,
                                sbe.MessageSecurityVersion.SecureConversationVersion,
                                true,
                                null, null, null))))
                    return false;
                clientCredentialType = MessageCredentialType.IssuedToken;
            }
            else
            {
                return false;
            }

            messageSecurity = new MessageSecurityOverMsmq();
            messageSecurity.ClientCredentialType = clientCredentialType;
            // set the algorithm suite and issued token params if required
            if (clientCredentialType != MessageCredentialType.IssuedToken && !isKerberosSelected)
            {
                messageSecurity.AlgorithmSuite = ssbe.DefaultAlgorithmSuite;
            }
            return true;
        }
    }
}
Imported Upstream version 4.6.0.125 Former-commit-id: a2155e9bd80020e49e72e86c44da02a8ac0e57a4 2016-08-03 10:59:49 +00:00			`//------------------------------------------------------------`
			`// Copyright (c) Microsoft Corporation. All rights reserved.`
			`//------------------------------------------------------------`
			`namespace System.ServiceModel`
			`{`
			`using System.Runtime;`
			`using System.ComponentModel;`
			`using System.Runtime.CompilerServices;`
			`using System.ServiceModel.Channels;`
			`using System.ServiceModel.Security;`
			`using System.ServiceModel.Security.Tokens;`

			`public sealed class MessageSecurityOverMsmq`
			`{`
			`internal const MessageCredentialType DefaultClientCredentialType = MessageCredentialType.Windows;`

			`MessageCredentialType clientCredentialType;`
			`SecurityAlgorithmSuite algorithmSuite;`
			`bool wasAlgorithmSuiteSet;`

			`public MessageSecurityOverMsmq()`
			`{`
			`clientCredentialType = DefaultClientCredentialType;`
			`algorithmSuite = SecurityAlgorithmSuite.Default;`
			`}`

			`[DefaultValue(MsmqDefaults.DefaultClientCredentialType)]`
			`public MessageCredentialType ClientCredentialType`
			`{`
			`get { return this.clientCredentialType; }`
			`set`
			`{`
			`if (!MessageCredentialTypeHelper.IsDefined(value))`
			`{`
			`throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value"));`
			`}`
			`this.clientCredentialType = value;`
			`}`
			`}`

			`[DefaultValue(typeof(SecurityAlgorithmSuite), System.ServiceModel.Configuration.ConfigurationStrings.Default)]`
			`public SecurityAlgorithmSuite AlgorithmSuite`
			`{`
			`get { return this.algorithmSuite; }`
			`set`
			`{`
			`if (value == null)`
			`{`
			`throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value");`
			`}`
			`this.algorithmSuite = value;`
			`wasAlgorithmSuiteSet = true;`
			`}`
			`}`

			`internal bool WasAlgorithmSuiteSet`
			`{`
			`get { return this.wasAlgorithmSuiteSet; }`
			`}`

			`[MethodImpl(MethodImplOptions.NoInlining)]`
			`internal SecurityBindingElement CreateSecurityBindingElement()`
			`{`
			`SymmetricSecurityBindingElement result;`
			`bool isKerberosSelected = false;`
			`switch (this.clientCredentialType)`
			`{`
			`case MessageCredentialType.None:`
			`result = SecurityBindingElement.CreateAnonymousForCertificateBindingElement();`
			`break;`
			`case MessageCredentialType.UserName:`
			`result = SecurityBindingElement.CreateUserNameForCertificateBindingElement();`
			`break;`
			`case MessageCredentialType.Certificate:`
			`result = (SymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement();`
			`break;`
			`case MessageCredentialType.Windows:`
			`result = SecurityBindingElement.CreateKerberosBindingElement();`
			`isKerberosSelected = true;`
			`break;`
			`case MessageCredentialType.IssuedToken:`
			`result = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(), this.algorithmSuite));`
			`break;`
			`default:`
			`Fx.Assert("unknown ClientCredentialType");`
			`throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());`
			`}`

			`result.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11;`

			`// set the algorithm suite and issued token params if required`
			`if (wasAlgorithmSuiteSet \|\| !isKerberosSelected)`
			`{`
			`result.DefaultAlgorithmSuite = this.AlgorithmSuite;`
			`}`
			`else if (isKerberosSelected)`
			`{`
			`result.DefaultAlgorithmSuite = SecurityAlgorithmSuite.KerberosDefault;`
			`}`

			`result.IncludeTimestamp = false;`
			`result.LocalServiceSettings.DetectReplays = false;`
			`result.LocalClientSettings.DetectReplays = false;`

			`return result;`
			`}`

			`internal static bool TryCreate(SecurityBindingElement sbe, out MessageSecurityOverMsmq messageSecurity)`
			`{`
			`messageSecurity = null;`
			`if (sbe == null)`
			`return false;`

			`SymmetricSecurityBindingElement ssbe = sbe as SymmetricSecurityBindingElement;`
			`if (ssbe == null)`
			`return false;`

			`if (sbe.MessageSecurityVersion != MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10`
			`&& sbe.MessageSecurityVersion != MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11)`
			`{`
			`return false;`
			`}`

			`// do not check local settings: sbe.LocalServiceSettings and sbe.LocalClientSettings`

			`if (ssbe.IncludeTimestamp)`
			`return false;`

			`bool isKerberosSelected = false;`
			`MessageCredentialType clientCredentialType;`
			`IssuedSecurityTokenParameters issuedParameters;`
			`if (SecurityBindingElement.IsAnonymousForCertificateBinding(sbe))`
			`{`
			`clientCredentialType = MessageCredentialType.None;`
			`}`
			`else if (SecurityBindingElement.IsUserNameForCertificateBinding(sbe))`
			`{`
			`clientCredentialType = MessageCredentialType.UserName;`
			`}`
			`else if (SecurityBindingElement.IsMutualCertificateBinding(sbe))`
			`{`
			`clientCredentialType = MessageCredentialType.Certificate;`
			`}`
			`else if (SecurityBindingElement.IsKerberosBinding(sbe))`
			`{`
			`clientCredentialType = MessageCredentialType.Windows;`
			`isKerberosSelected = true;`
			`}`
			`else if (SecurityBindingElement.IsIssuedTokenForCertificateBinding(sbe, out issuedParameters))`
			`{`
			`if (!IssuedSecurityTokenParameters.IsInfoCardParameters(`
			`issuedParameters,`
			`new SecurityStandardsManager(`
			`sbe.MessageSecurityVersion,`
			`new WSSecurityTokenSerializer(`
			`sbe.MessageSecurityVersion.SecurityVersion,`
			`sbe.MessageSecurityVersion.TrustVersion,`
			`sbe.MessageSecurityVersion.SecureConversationVersion,`
			`true,`
			`null, null, null))))`
			`return false;`
			`clientCredentialType = MessageCredentialType.IssuedToken;`
			`}`
			`else`
			`{`
			`return false;`
			`}`

			`messageSecurity = new MessageSecurityOverMsmq();`
			`messageSecurity.ClientCredentialType = clientCredentialType;`
			`// set the algorithm suite and issued token params if required`
			`if (clientCredentialType != MessageCredentialType.IssuedToken && !isKerberosSelected)`
			`{`
			`messageSecurity.AlgorithmSuite = ssbe.DefaultAlgorithmSuite;`
			`}`
			`return true;`
			`}`
			`}`
			`}`