//----------------------------------------------------------------------------- // Copyright (c) Microsoft Corporation. All rights reserved. //----------------------------------------------------------------------------- namespace System.ServiceModel.Channels { using System.Security.Authentication; using System.ComponentModel; using System.Collections.Generic; using System.Net.Security; using System.ServiceModel.Description; using System.ServiceModel; using System.ServiceModel.Security; using System.ServiceModel.Security.Tokens; using System.Xml; public class SslStreamSecurityBindingElement : StreamUpgradeBindingElement, ITransportTokenAssertionProvider, IPolicyExportExtension { IdentityVerifier identityVerifier; bool requireClientCertificate; SslProtocols sslProtocols; public SslStreamSecurityBindingElement() { this.requireClientCertificate = TransportDefaults.RequireClientCertificate; this.sslProtocols = TransportDefaults.SslProtocols; } protected SslStreamSecurityBindingElement(SslStreamSecurityBindingElement elementToBeCloned) : base(elementToBeCloned) { this.identityVerifier = elementToBeCloned.identityVerifier; this.requireClientCertificate = elementToBeCloned.requireClientCertificate; this.sslProtocols = elementToBeCloned.sslProtocols; } public IdentityVerifier IdentityVerifier { get { if (this.identityVerifier == null) { this.identityVerifier = IdentityVerifier.CreateDefault(); } return this.identityVerifier; } set { if (value == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value"); } this.identityVerifier = value; } } [DefaultValue(TransportDefaults.RequireClientCertificate)] public bool RequireClientCertificate { get { return this.requireClientCertificate; } set { this.requireClientCertificate = value; } } [DefaultValue(TransportDefaults.SslProtocols)] public SslProtocols SslProtocols { get { return this.sslProtocols; } set { SslProtocolsHelper.Validate(value); this.sslProtocols = value; } } public override IChannelFactory BuildChannelFactory(BindingContext context) { if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } #pragma warning suppress 56506 // Microsoft, BindingContext.BindingParameters cannot be null context.BindingParameters.Add(this); return context.BuildInnerChannelFactory(); } public override bool CanBuildChannelFactory(BindingContext context) { if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } #pragma warning suppress 56506 // Microsoft, BindingContext.BindingParameters cannot be null context.BindingParameters.Add(this); return context.CanBuildInnerChannelFactory(); } public override IChannelListener BuildChannelListener(BindingContext context) { if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } #pragma warning suppress 56506 // Microsoft, BindingContext.BindingParameters cannot be null context.BindingParameters.Add(this); return context.BuildInnerChannelListener(); } public override bool CanBuildChannelListener(BindingContext context) { if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } #pragma warning suppress 56506 // Microsoft, BindingContext.BindingParameters cannot be null context.BindingParameters.Add(this); return context.CanBuildInnerChannelListener(); } public override BindingElement Clone() { return new SslStreamSecurityBindingElement(this); } public override T GetProperty(BindingContext context) { if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } if (typeof(T) == typeof(ISecurityCapabilities)) { return (T)(object)new SecurityCapabilities(this.RequireClientCertificate, true, this.RequireClientCertificate, ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign); } else if (typeof(T) == typeof(IdentityVerifier)) { return (T)(object)this.IdentityVerifier; } else { return context.GetInnerProperty(); } } public override StreamUpgradeProvider BuildClientStreamUpgradeProvider(BindingContext context) { return SslStreamSecurityUpgradeProvider.CreateClientProvider(this, context); } public override StreamUpgradeProvider BuildServerStreamUpgradeProvider(BindingContext context) { return SslStreamSecurityUpgradeProvider.CreateServerProvider(this, context); } internal static void ImportPolicy(MetadataImporter importer, PolicyConversionContext policyContext) { XmlElement assertion = PolicyConversionContext.FindAssertion(policyContext.GetBindingAssertions(), TransportPolicyConstants.SslTransportSecurityName, TransportPolicyConstants.DotNetFramingNamespace, true); if (assertion != null) { SslStreamSecurityBindingElement sslBindingElement = new SslStreamSecurityBindingElement(); XmlReader reader = new XmlNodeReader(assertion); reader.ReadStartElement(); sslBindingElement.RequireClientCertificate = reader.IsStartElement( TransportPolicyConstants.RequireClientCertificateName, TransportPolicyConstants.DotNetFramingNamespace); if (sslBindingElement.RequireClientCertificate) { reader.ReadElementString(); } policyContext.BindingElements.Add(sslBindingElement); } } #region ITransportTokenAssertionProvider Members public XmlElement GetTransportTokenAssertion() { XmlDocument document = new XmlDocument(); XmlElement assertion = document.CreateElement(TransportPolicyConstants.DotNetFramingPrefix, TransportPolicyConstants.SslTransportSecurityName, TransportPolicyConstants.DotNetFramingNamespace); if (this.requireClientCertificate) { assertion.AppendChild(document.CreateElement(TransportPolicyConstants.DotNetFramingPrefix, TransportPolicyConstants.RequireClientCertificateName, TransportPolicyConstants.DotNetFramingNamespace)); } return assertion; } #endregion void IPolicyExportExtension.ExportPolicy(MetadataExporter exporter, PolicyConversionContext context) { if (exporter == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("exporter"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } SecurityBindingElement.ExportPolicyForTransportTokenAssertionProviders(exporter, context); } internal override bool IsMatch(BindingElement b) { if (b == null) { return false; } SslStreamSecurityBindingElement ssl = b as SslStreamSecurityBindingElement; if (ssl == null) { return false; } return this.requireClientCertificate == ssl.requireClientCertificate && this.sslProtocols == ssl.sslProtocols; } [EditorBrowsable(EditorBrowsableState.Never)] public bool ShouldSerializeIdentityVerifier() { // IdentifyVerifier.CreateDefault() grabs the static instance of nested DefaultIdentityVerifier. // DefaultIdentityVerifier can't be serialized directly because it's nested. return (!object.ReferenceEquals(this.IdentityVerifier, IdentityVerifier.CreateDefault())); } } }