Imported Upstream version 4.6.0.125

Former-commit-id: a2155e9bd80020e49e72e86c44da02a8ac0e57a4
2016-08-03 10:59:49 +00:00
parent a569aebcfd
commit e79aa3c0ed
17047 changed files with 3137615 additions and 392334 deletions
--- a/mcs/class/referencesource/System.ServiceModel/System/ServiceModel/TcpTransportSecurity.cs
+++ b/mcs/class/referencesource/System.ServiceModel/System/ServiceModel/TcpTransportSecurity.cs
@ -0,0 +1,181 @@
+//------------------------------------------------------------
+// Copyright (c) Microsoft Corporation.  All rights reserved.
+//------------------------------------------------------------
+namespace System.ServiceModel
+{
+    using System;
+    using System.Security.Authentication;
+    using System.Security.Authentication.ExtendedProtection;
+    using System.ServiceModel.Channels;
+    using System.ServiceModel.Security;
+    using System.Net;
+    using System.Net.Security;
+    using System.ComponentModel;
+
+    public sealed class TcpTransportSecurity
+    {
+        internal const TcpClientCredentialType DefaultClientCredentialType = TcpClientCredentialType.Windows;
+        internal const ProtectionLevel DefaultProtectionLevel = ProtectionLevel.EncryptAndSign;
+
+        TcpClientCredentialType clientCredentialType;
+        ProtectionLevel protectionLevel;
+        ExtendedProtectionPolicy extendedProtectionPolicy;
+        SslProtocols sslProtocols;
+
+        public TcpTransportSecurity()
+        {
+            this.clientCredentialType = DefaultClientCredentialType;
+            this.protectionLevel = DefaultProtectionLevel;
+            this.extendedProtectionPolicy = ChannelBindingUtility.DefaultPolicy;
+            this.sslProtocols = TransportDefaults.SslProtocols;
+        }
+
+        [DefaultValue(DefaultClientCredentialType)]
+        public TcpClientCredentialType ClientCredentialType
+        {
+            get { return this.clientCredentialType; }
+            set
+            {
+                if (!TcpClientCredentialTypeHelper.IsDefined(value))
+                {
+                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value"));
+                }
+                this.clientCredentialType = value;
+            }
+        }
+
+        [DefaultValue(DefaultProtectionLevel)]
+        public ProtectionLevel ProtectionLevel
+        {
+            get { return this.protectionLevel; }
+            set
+            {
+                if (!ProtectionLevelHelper.IsDefined(value))
+                {
+                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value"));
+                }
+                this.protectionLevel = value;
+            }
+        }
+
+        public ExtendedProtectionPolicy ExtendedProtectionPolicy
+        {
+            get
+            {
+                return this.extendedProtectionPolicy;
+            }
+            set
+            {
+                if (value == null)
+                {
+                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value");
+                }
+
+                if (value.PolicyEnforcement == PolicyEnforcement.Always &&
+                    !System.Security.Authentication.ExtendedProtection.ExtendedProtectionPolicy.OSSupportsExtendedProtection)
+                {
+                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(
+                        new PlatformNotSupportedException(SR.GetString(SR.ExtendedProtectionNotSupported)));
+                }
+                this.extendedProtectionPolicy = value;
+            }
+        }
+
+        [DefaultValue(TransportDefaults.SslProtocols)]
+        public SslProtocols SslProtocols
+        {
+            get { return this.sslProtocols; }
+            set
+            {
+                SslProtocolsHelper.Validate(value);
+                this.sslProtocols = value;
+            }
+        }
+
+        SslStreamSecurityBindingElement CreateSslBindingElement(bool requireClientCertificate)
+        {
+            if (this.protectionLevel != ProtectionLevel.EncryptAndSign)
+            {
+                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(
+                    SR.UnsupportedSslProtectionLevel, this.protectionLevel)));
+            }
+
+            SslStreamSecurityBindingElement result = new SslStreamSecurityBindingElement();
+            result.RequireClientCertificate = requireClientCertificate;
+            result.SslProtocols = sslProtocols;
+            return result;
+        }
+
+        static bool IsSslBindingElement(BindingElement element, TcpTransportSecurity transportSecurity, out bool requireClientCertificate, out SslProtocols sslProtocols)
+        {
+            requireClientCertificate = false;
+            sslProtocols = TransportDefaults.SslProtocols;
+            SslStreamSecurityBindingElement ssl = element as SslStreamSecurityBindingElement;
+            if (ssl == null)
+                return false;
+            transportSecurity.ProtectionLevel = ProtectionLevel.EncryptAndSign;
+            requireClientCertificate = ssl.RequireClientCertificate;
+            sslProtocols = ssl.SslProtocols;
+            return true;
+        }
+
+        internal BindingElement CreateTransportProtectionOnly()
+        {
+            return this.CreateSslBindingElement(false);
+        }
+
+        internal static bool SetTransportProtectionOnly(BindingElement transport, TcpTransportSecurity transportSecurity)
+        {
+            bool requireClientCertificate;
+            SslProtocols sslProtocols;
+            return IsSslBindingElement(transport, transportSecurity, out requireClientCertificate, out sslProtocols);
+        }
+
+        internal BindingElement CreateTransportProtectionAndAuthentication()
+        {
+            if (this.clientCredentialType == TcpClientCredentialType.Certificate || this.clientCredentialType == TcpClientCredentialType.None)
+            {
+                return this.CreateSslBindingElement(this.clientCredentialType == TcpClientCredentialType.Certificate);
+            }
+            else
+            {
+                WindowsStreamSecurityBindingElement result = new WindowsStreamSecurityBindingElement();
+                result.ProtectionLevel = this.protectionLevel;
+                return result;
+            }
+        }
+
+        internal static bool SetTransportProtectionAndAuthentication(BindingElement transport, TcpTransportSecurity transportSecurity)
+        {
+            bool requireClientCertificate = false;
+            SslProtocols sslProtocols = TransportDefaults.SslProtocols;
+            if (transport is WindowsStreamSecurityBindingElement)
+            {
+                transportSecurity.ClientCredentialType = TcpClientCredentialType.Windows;
+                transportSecurity.ProtectionLevel = ((WindowsStreamSecurityBindingElement)transport).ProtectionLevel;
+                return true;
+            }
+            else if (IsSslBindingElement(transport, transportSecurity, out requireClientCertificate, out sslProtocols))
+            {
+                transportSecurity.ClientCredentialType = requireClientCertificate ? TcpClientCredentialType.Certificate : TcpClientCredentialType.None;
+                transportSecurity.SslProtocols = sslProtocols;
+                return true;
+            }
+            return false;
+        }
+
+        internal bool InternalShouldSerialize()
+        {
+            return this.ClientCredentialType != TcpTransportSecurity.DefaultClientCredentialType
+                || this.ProtectionLevel != TcpTransportSecurity.DefaultProtectionLevel
+                || this.SslProtocols != TransportDefaults.SslProtocols
+                || ShouldSerializeExtendedProtectionPolicy();
+        }
+
+        [EditorBrowsable(EditorBrowsableState.Never)]
+        public bool ShouldSerializeExtendedProtectionPolicy()
+        {
+            return !ChannelBindingUtility.AreEqual(this.ExtendedProtectionPolicy, ChannelBindingUtility.DefaultPolicy);
+        }
+    }
+}