2 // SecurityBindingElement.cs
5 // Atsushi Enomoto <atsushi@ximian.com>
7 // Copyright (C) 2005-2006 Novell, Inc. http://www.novell.com
9 // Permission is hereby granted, free of charge, to any person obtaining
10 // a copy of this software and associated documentation files (the
11 // "Software"), to deal in the Software without restriction, including
12 // without limitation the rights to use, copy, modify, merge, publish,
13 // distribute, sublicense, and/or sell copies of the Software, and to
14 // permit persons to whom the Software is furnished to do so, subject to
15 // the following conditions:
17 // The above copyright notice and this permission notice shall be
18 // included in all copies or substantial portions of the Software.
20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
28 using System
.Collections
.Generic
;
29 using System
.Collections
.ObjectModel
;
30 using System
.ServiceModel
.Description
;
31 using System
.ServiceModel
.Channels
;
32 using System
.ServiceModel
.Security
;
34 using System
.IdentityModel
.Selectors
;
35 using System
.IdentityModel
.Tokens
;
36 using System
.ServiceModel
.Security
.Tokens
;
39 namespace System
.ServiceModel
.Channels
41 public abstract class SecurityBindingElement
: BindingElement
43 internal SecurityBindingElement ()
46 DefaultAlgorithmSuite
= SecurityAlgorithmSuite
.Default
;
47 MessageSecurityVersion
= MessageSecurityVersion
.Default
;
48 KeyEntropyMode
= SecurityKeyEntropyMode
.CombinedEntropy
;
49 endpoint
= new SupportingTokenParameters ();
50 operation
= new Dictionary
<string,SupportingTokenParameters
> ();
51 opt_endpoint
= new SupportingTokenParameters ();
52 opt_operation
= new Dictionary
<string,SupportingTokenParameters
> ();
53 service_settings
= new LocalServiceSecuritySettings ();
55 IncludeTimestamp
= true;
56 LocalClientSettings
= new LocalClientSecuritySettings ();
59 internal SecurityBindingElement (SecurityBindingElement other
)
62 alg_suite
= other
.alg_suite
;
63 key_entropy_mode
= other
.key_entropy_mode
;
64 security_header_layout
= other
.security_header_layout
;
65 msg_security_version
= other
.msg_security_version
;
66 endpoint
= other
.endpoint
.Clone ();
67 opt_endpoint
= other
.opt_endpoint
.Clone ();
68 operation
= new Dictionary
<string,SupportingTokenParameters
> ();
69 foreach (KeyValuePair
<string,SupportingTokenParameters
> p
in other
.operation
)
70 operation
.Add (p
.Key
, p
.Value
.Clone ());
71 opt_operation
= new Dictionary
<string,SupportingTokenParameters
> ();
72 foreach (KeyValuePair
<string,SupportingTokenParameters
> p
in other
.opt_operation
)
73 opt_operation
.Add (p
.Key
, p
.Value
.Clone ());
74 service_settings
= other
.service_settings
.Clone ();
76 IncludeTimestamp
= other
.IncludeTimestamp
;
77 LocalClientSettings
= other
.LocalClientSettings
.Clone ();
81 SecurityAlgorithmSuite alg_suite
;
82 SecurityKeyEntropyMode key_entropy_mode
;
83 SecurityHeaderLayout security_header_layout
;
84 MessageSecurityVersion msg_security_version
;
85 SupportingTokenParameters endpoint
, opt_endpoint
;
86 IDictionary
<string,SupportingTokenParameters
> operation
, opt_operation
;
87 LocalServiceSecuritySettings service_settings
;
90 public bool IncludeTimestamp { get; set; }
92 public LocalClientSecuritySettings LocalClientSettings { get; private set; }
95 public SecurityAlgorithmSuite DefaultAlgorithmSuite
{
96 get { return alg_suite; }
97 set { alg_suite = value; }
100 public SecurityKeyEntropyMode KeyEntropyMode
{
101 get { return key_entropy_mode; }
102 set { key_entropy_mode = value; }
105 public LocalServiceSecuritySettings LocalServiceSettings
{
106 get { return service_settings; }
109 public SecurityHeaderLayout SecurityHeaderLayout
{
110 get { return security_header_layout; }
111 set { security_header_layout = value; }
114 public MessageSecurityVersion MessageSecurityVersion
{
115 get { return msg_security_version; }
116 set { msg_security_version = value; }
119 public SupportingTokenParameters EndpointSupportingTokenParameters
{
120 get { return endpoint; }
123 public IDictionary
<string,SupportingTokenParameters
> OperationSupportingTokenParameters
{
124 get { return operation; }
127 public SupportingTokenParameters OptionalEndpointSupportingTokenParameters
{
128 get { return opt_endpoint; }
131 public IDictionary
<string,SupportingTokenParameters
> OptionalOperationSupportingTokenParameters
{
132 get { return opt_operation; }
136 [MonoTODO ("It supports only IRequestSessionChannel")]
137 public override bool CanBuildChannelFactory
<TChannel
> (BindingContext context
)
139 return context
.CanBuildInnerChannelFactory
<TChannel
> ();
142 public override IChannelFactory
<TChannel
> BuildChannelFactory
<TChannel
> (
143 BindingContext context
)
145 return BuildChannelFactoryCore
<TChannel
> (context
);
148 protected abstract IChannelFactory
<TChannel
>
149 BuildChannelFactoryCore
<TChannel
> (BindingContext context
);
152 [MonoTODO ("It probably supports only IReplySessionChannel")]
153 public override bool CanBuildChannelListener
<TChannel
> (BindingContext context
)
155 return context
.CanBuildInnerChannelListener
<TChannel
> ();
158 public override IChannelListener
<TChannel
> BuildChannelListener
<TChannel
> (
159 BindingContext context
)
161 return BuildChannelListenerCore
<TChannel
> (context
);
164 protected abstract IChannelListener
<TChannel
>
165 BuildChannelListenerCore
<TChannel
> (BindingContext context
)
166 where TChannel
: class, IChannel
;
168 public virtual void SetKeyDerivation (bool requireDerivedKeys
)
170 endpoint
.SetKeyDerivation (requireDerivedKeys
);
171 opt_endpoint
.SetKeyDerivation (requireDerivedKeys
);
172 foreach (SupportingTokenParameters p
in operation
.Values
)
173 p
.SetKeyDerivation (requireDerivedKeys
);
174 foreach (SupportingTokenParameters p
in opt_operation
.Values
)
175 p
.SetKeyDerivation (requireDerivedKeys
);
179 public override string ToString ()
181 return base.ToString ();
185 public override T GetProperty
<T
> (BindingContext context
)
191 #region Factory methods
193 public static SymmetricSecurityBindingElement
194 CreateAnonymousForCertificateBindingElement ()
196 SymmetricSecurityBindingElement be
= new SymmetricSecurityBindingElement ();
197 be
.RequireSignatureConfirmation
= true;
198 be
.ProtectionTokenParameters
= CreateProtectionTokenParameters (true);
202 public static TransportSecurityBindingElement
203 CreateCertificateOverTransportBindingElement ()
205 return CreateCertificateOverTransportBindingElement (MessageSecurityVersion
.Default
);
209 public static TransportSecurityBindingElement
210 CreateCertificateOverTransportBindingElement (MessageSecurityVersion version
)
212 var be
= new TransportSecurityBindingElement () { MessageSecurityVersion = version }
;
213 be
.EndpointSupportingTokenParameters
.SignedEncrypted
.Add (new X509SecurityTokenParameters ());
218 public static AsymmetricSecurityBindingElement
219 CreateCertificateSignatureBindingElement ()
221 throw new NotImplementedException ();
225 public static SymmetricSecurityBindingElement
226 CreateIssuedTokenBindingElement (
227 IssuedSecurityTokenParameters issuedTokenParameters
)
229 SymmetricSecurityBindingElement be
= new SymmetricSecurityBindingElement ();
230 be
.ProtectionTokenParameters
= issuedTokenParameters
;
234 public static SymmetricSecurityBindingElement
235 CreateIssuedTokenForCertificateBindingElement (
236 IssuedSecurityTokenParameters issuedTokenParameters
)
238 SymmetricSecurityBindingElement be
= new SymmetricSecurityBindingElement ();
239 be
.RequireSignatureConfirmation
= true;
240 be
.ProtectionTokenParameters
= CreateProtectionTokenParameters (true);
241 be
.EndpointSupportingTokenParameters
.Endorsing
.Add (
242 issuedTokenParameters
);
247 public static SymmetricSecurityBindingElement
248 CreateIssuedTokenForSslBindingElement (
249 IssuedSecurityTokenParameters issuedTokenParameters
)
251 return CreateIssuedTokenForSslBindingElement (
252 issuedTokenParameters
, false);
256 public static SymmetricSecurityBindingElement
257 CreateIssuedTokenForSslBindingElement (
258 IssuedSecurityTokenParameters issuedTokenParameters
,
259 bool requireCancellation
)
261 SymmetricSecurityBindingElement be
= new SymmetricSecurityBindingElement ();
262 be
.RequireSignatureConfirmation
= true;
263 be
.ProtectionTokenParameters
= CreateProtectionTokenParameters (false);
264 be
.EndpointSupportingTokenParameters
.Endorsing
.Add (
265 issuedTokenParameters
);
270 public static TransportSecurityBindingElement
271 CreateIssuedTokenOverTransportBindingElement (
272 IssuedSecurityTokenParameters issuedTokenParameters
)
274 throw new NotImplementedException ();
278 public static SymmetricSecurityBindingElement
CreateKerberosBindingElement ()
280 SymmetricSecurityBindingElement be
= new SymmetricSecurityBindingElement ();
281 be
.DefaultAlgorithmSuite
= SecurityAlgorithmSuite
.Basic128
;
282 be
.ProtectionTokenParameters
= CreateProtectionTokenParameters (false);
283 be
.ProtectionTokenParameters
.InclusionMode
=
284 SecurityTokenInclusionMode
.Once
;
289 public static TransportSecurityBindingElement
290 CreateKerberosOverTransportBindingElement ()
292 throw new NotImplementedException ();
296 public static SecurityBindingElement
297 CreateMutualCertificateBindingElement ()
299 throw new NotImplementedException ();
303 public static SecurityBindingElement
304 CreateMutualCertificateBindingElement (MessageSecurityVersion version
)
306 throw new NotImplementedException ();
310 public static SecurityBindingElement
311 CreateMutualCertificateBindingElement (
312 MessageSecurityVersion version
,
313 bool allowSerializedSigningTokenOnReply
)
315 throw new NotImplementedException ();
319 public static AsymmetricSecurityBindingElement
320 CreateMutualCertificateDuplexBindingElement ()
322 throw new NotImplementedException ();
326 public static AsymmetricSecurityBindingElement
327 CreateMutualCertificateDuplexBindingElement (
328 MessageSecurityVersion version
)
330 throw new NotImplementedException ();
333 public static SecurityBindingElement
334 CreateSecureConversationBindingElement (SecurityBindingElement binding
)
336 return CreateSecureConversationBindingElement (binding
, false);
339 public static SecurityBindingElement
340 CreateSecureConversationBindingElement (
341 SecurityBindingElement binding
, bool requireCancellation
)
343 return CreateSecureConversationBindingElement (binding
, requireCancellation
, null);
347 public static SecurityBindingElement
348 CreateSecureConversationBindingElement (
349 SecurityBindingElement binding
, bool requireCancellation
,
350 ChannelProtectionRequirements protectionRequirements
)
352 SymmetricSecurityBindingElement be
=
353 new SymmetricSecurityBindingElement ();
354 be
.ProtectionTokenParameters
=
355 new SecureConversationSecurityTokenParameters (
356 binding
, requireCancellation
, protectionRequirements
);
361 public static SymmetricSecurityBindingElement
362 CreateSslNegotiationBindingElement (bool requireClientCertificate
)
364 return CreateSslNegotiationBindingElement (
365 requireClientCertificate
, false);
369 public static SymmetricSecurityBindingElement
370 CreateSslNegotiationBindingElement (
371 bool requireClientCertificate
,
372 bool requireCancellation
)
374 SymmetricSecurityBindingElement be
= new SymmetricSecurityBindingElement ();
375 be
.ProtectionTokenParameters
= new SslSecurityTokenParameters (requireClientCertificate
, requireCancellation
);
380 public static SymmetricSecurityBindingElement
381 CreateSspiNegotiationBindingElement ()
383 return CreateSspiNegotiationBindingElement (true);
387 public static SymmetricSecurityBindingElement
388 CreateSspiNegotiationBindingElement (bool requireCancellation
)
390 SymmetricSecurityBindingElement be
= new SymmetricSecurityBindingElement ();
391 be
.ProtectionTokenParameters
= CreateProtectionTokenParameters (false);
395 public static TransportSecurityBindingElement
396 CreateSspiNegotiationOverTransportBindingElement ()
398 return CreateSspiNegotiationOverTransportBindingElement (false);
402 public static TransportSecurityBindingElement
403 CreateSspiNegotiationOverTransportBindingElement (bool requireCancellation
)
405 throw new NotImplementedException ();
408 static X509SecurityTokenParameters
CreateProtectionTokenParameters (bool cert
)
410 X509SecurityTokenParameters p
=
411 new X509SecurityTokenParameters ();
412 p
.X509ReferenceStyle
= X509KeyIdentifierClauseType
.Thumbprint
;
414 p
.InclusionMode
= SecurityTokenInclusionMode
.Never
;
419 public static SymmetricSecurityBindingElement
420 CreateUserNameForCertificateBindingElement ()
422 SymmetricSecurityBindingElement be
= new SymmetricSecurityBindingElement ();
423 be
.ProtectionTokenParameters
= CreateProtectionTokenParameters (true);
424 UserNameSecurityTokenParameters utp
=
425 new UserNameSecurityTokenParameters ();
426 be
.EndpointSupportingTokenParameters
.SignedEncrypted
.Add (utp
);
431 public static SymmetricSecurityBindingElement
432 CreateUserNameForSslBindingElement ()
434 return CreateUserNameForSslBindingElement (false);
438 public static SymmetricSecurityBindingElement
439 CreateUserNameForSslBindingElement (bool requireCancellation
)
441 SymmetricSecurityBindingElement be
= new SymmetricSecurityBindingElement ();
442 be
.ProtectionTokenParameters
= CreateProtectionTokenParameters (false);
443 UserNameSecurityTokenParameters utp
=
444 new UserNameSecurityTokenParameters ();
445 be
.EndpointSupportingTokenParameters
.SignedEncrypted
.Add (utp
);
451 public static TransportSecurityBindingElement
452 CreateUserNameOverTransportBindingElement ()
454 var be
= new TransportSecurityBindingElement ();
455 #if !NET_2_1 // FIXME: there should be whatever else to do for 2.1 instead.
456 be
.EndpointSupportingTokenParameters
.SignedEncrypted
.Add (new UserNameSecurityTokenParameters ());
463 // It seems almost internal, hardcoded like this (I tried
464 // custom parameters that sets IssuedTokenSecurityTokenParameters
465 // like below ones, but that didn't trigger this method).
466 protected static void SetIssuerBindingContextIfRequired (
467 SecurityTokenParameters parameters
,
468 BindingContext issuerBindingContext
)
470 if (parameters
is IssuedSecurityTokenParameters
||
471 parameters
is SecureConversationSecurityTokenParameters
||
472 parameters
is SslSecurityTokenParameters
||
473 parameters
is SspiSecurityTokenParameters
) {
474 parameters
.IssuerBindingContext
= issuerBindingContext
;