//------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //------------------------------------------------------------ namespace System.ServiceModel.Security { using System.ServiceModel; using System.ServiceModel.Channels; using System.Collections.ObjectModel; using System.Collections.Generic; using System.IdentityModel.Claims; using System.IdentityModel.Policy; using System.IdentityModel.Tokens; using System.ServiceModel.Security.Tokens; using System.Net.Security; public class SecurityMessageProperty : IMessageProperty, IDisposable { // This is the list of outgoing supporting tokens Collection outgoingSupportingTokens; Collection incomingSupportingTokens; SecurityTokenSpecification transportToken; SecurityTokenSpecification protectionToken; SecurityTokenSpecification initiatorToken; SecurityTokenSpecification recipientToken; ServiceSecurityContext securityContext; ReadOnlyCollection externalAuthorizationPolicies; string senderIdPrefix = "_"; bool disposed = false; public SecurityMessageProperty() { this.securityContext = ServiceSecurityContext.Anonymous; } public ServiceSecurityContext ServiceSecurityContext { get { ThrowIfDisposed(); return this.securityContext; } set { ThrowIfDisposed(); this.securityContext = value; } } public ReadOnlyCollection ExternalAuthorizationPolicies { get { return this.externalAuthorizationPolicies; } set { this.externalAuthorizationPolicies = value; } } public SecurityTokenSpecification ProtectionToken { get { ThrowIfDisposed(); return this.protectionToken; } set { ThrowIfDisposed(); this.protectionToken = value; } } public SecurityTokenSpecification InitiatorToken { get { ThrowIfDisposed(); return this.initiatorToken; } set { ThrowIfDisposed(); this.initiatorToken = value; } } public SecurityTokenSpecification RecipientToken { get { ThrowIfDisposed(); return this.recipientToken; } set { ThrowIfDisposed(); this.recipientToken = value; } } public SecurityTokenSpecification TransportToken { get { ThrowIfDisposed(); return this.transportToken; } set { ThrowIfDisposed(); this.transportToken = value; } } public string SenderIdPrefix { get { return this.senderIdPrefix; } set { XmlHelper.ValidateIdPrefix(value); this.senderIdPrefix = value; } } public bool HasIncomingSupportingTokens { get { ThrowIfDisposed(); return ((this.incomingSupportingTokens != null) && (this.incomingSupportingTokens.Count > 0)); } } public Collection IncomingSupportingTokens { get { ThrowIfDisposed(); if (this.incomingSupportingTokens == null) { this.incomingSupportingTokens = new Collection(); } return this.incomingSupportingTokens; } } public Collection OutgoingSupportingTokens { get { if (this.outgoingSupportingTokens == null) { this.outgoingSupportingTokens = new Collection(); } return this.outgoingSupportingTokens; } } internal bool HasOutgoingSupportingTokens { get { return ((this.outgoingSupportingTokens != null) && (this.outgoingSupportingTokens.Count > 0)); } } public IMessageProperty CreateCopy() { ThrowIfDisposed(); SecurityMessageProperty result = new SecurityMessageProperty(); if (this.HasOutgoingSupportingTokens) { for (int i = 0; i < this.outgoingSupportingTokens.Count; ++i) { result.OutgoingSupportingTokens.Add(this.outgoingSupportingTokens[i]); } } if (this.HasIncomingSupportingTokens) { for (int i = 0; i < this.incomingSupportingTokens.Count; ++i) { result.IncomingSupportingTokens.Add(this.incomingSupportingTokens[i]); } } result.securityContext = this.securityContext; result.externalAuthorizationPolicies = this.externalAuthorizationPolicies; result.senderIdPrefix = this.senderIdPrefix; result.protectionToken = this.protectionToken; result.initiatorToken = this.initiatorToken; result.recipientToken = this.recipientToken; result.transportToken = this.transportToken; return result; } public static SecurityMessageProperty GetOrCreate(Message message) { if (message == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("message"); SecurityMessageProperty result = null; if (message.Properties != null) result = message.Properties.Security; if (result == null) { result = new SecurityMessageProperty(); message.Properties.Security = result; } return result; } void AddAuthorizationPolicies(SecurityTokenSpecification spec, Collection policies) { if (spec != null && spec.SecurityTokenPolicies != null && spec.SecurityTokenPolicies.Count > 0) { for (int i = 0; i < spec.SecurityTokenPolicies.Count; ++i) { policies.Add(spec.SecurityTokenPolicies[i]); } } } internal ReadOnlyCollection GetInitiatorTokenAuthorizationPolicies() { return GetInitiatorTokenAuthorizationPolicies(true); } internal ReadOnlyCollection GetInitiatorTokenAuthorizationPolicies(bool includeTransportToken) { return GetInitiatorTokenAuthorizationPolicies(includeTransportToken, null); } internal ReadOnlyCollection GetInitiatorTokenAuthorizationPolicies(bool includeTransportToken, SecurityContextSecurityToken supportingSessionTokenToExclude) { // fast path if (!this.HasIncomingSupportingTokens) { if (this.transportToken != null && this.initiatorToken == null && this.protectionToken == null) { if (includeTransportToken && this.transportToken.SecurityTokenPolicies != null) { return this.transportToken.SecurityTokenPolicies; } else { return EmptyReadOnlyCollection.Instance; } } else if (this.transportToken == null && this.initiatorToken != null && this.protectionToken == null) { return this.initiatorToken.SecurityTokenPolicies ?? EmptyReadOnlyCollection.Instance; } else if (this.transportToken == null && this.initiatorToken == null && this.protectionToken != null) { return this.protectionToken.SecurityTokenPolicies ?? EmptyReadOnlyCollection.Instance; } } Collection policies = new Collection(); if (includeTransportToken) { AddAuthorizationPolicies(this.transportToken, policies); } AddAuthorizationPolicies(this.initiatorToken, policies); AddAuthorizationPolicies(this.protectionToken, policies); if (this.HasIncomingSupportingTokens) { for (int i = 0; i < this.incomingSupportingTokens.Count; ++i) { if (supportingSessionTokenToExclude != null) { SecurityContextSecurityToken sct = this.incomingSupportingTokens[i].SecurityToken as SecurityContextSecurityToken; if (sct != null && sct.ContextId == supportingSessionTokenToExclude.ContextId) { continue; } } SecurityTokenAttachmentMode attachmentMode = this.incomingSupportingTokens[i].SecurityTokenAttachmentMode; // a safety net in case more attachment modes get added to the product without // reviewing this code. if (attachmentMode == SecurityTokenAttachmentMode.Endorsing || attachmentMode == SecurityTokenAttachmentMode.Signed || attachmentMode == SecurityTokenAttachmentMode.SignedEncrypted || attachmentMode == SecurityTokenAttachmentMode.SignedEndorsing) { AddAuthorizationPolicies(this.incomingSupportingTokens[i], policies); } } } return new ReadOnlyCollection(policies); } public void Dispose() { // do no-op for future V2 if (!this.disposed) { this.disposed = true; } } void ThrowIfDisposed() { if (this.disposed) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ObjectDisposedException(this.GetType().FullName)); } } } }