1 //------------------------------------------------------------
2 // Copyright (c) Microsoft Corporation. All rights reserved.
3 //------------------------------------------------------------
4 namespace System
.ServiceModel
7 using System
.Security
.Authentication
;
8 using System
.Security
.Authentication
.ExtendedProtection
;
9 using System
.ServiceModel
.Channels
;
10 using System
.ServiceModel
.Security
;
12 using System
.Net
.Security
;
13 using System
.ComponentModel
;
15 public sealed class TcpTransportSecurity
17 internal const TcpClientCredentialType DefaultClientCredentialType
= TcpClientCredentialType
.Windows
;
18 internal const ProtectionLevel DefaultProtectionLevel
= ProtectionLevel
.EncryptAndSign
;
20 TcpClientCredentialType clientCredentialType
;
21 ProtectionLevel protectionLevel
;
22 ExtendedProtectionPolicy extendedProtectionPolicy
;
23 SslProtocols sslProtocols
;
25 public TcpTransportSecurity()
27 this.clientCredentialType
= DefaultClientCredentialType
;
28 this.protectionLevel
= DefaultProtectionLevel
;
29 this.extendedProtectionPolicy
= ChannelBindingUtility
.DefaultPolicy
;
30 this.sslProtocols
= TransportDefaults
.SslProtocols
;
33 [DefaultValue(DefaultClientCredentialType
)]
34 public TcpClientCredentialType ClientCredentialType
36 get { return this.clientCredentialType; }
39 if (!TcpClientCredentialTypeHelper
.IsDefined(value))
41 throw DiagnosticUtility
.ExceptionUtility
.ThrowHelperError(new ArgumentOutOfRangeException("value"));
43 this.clientCredentialType
= value;
47 [DefaultValue(DefaultProtectionLevel
)]
48 public ProtectionLevel ProtectionLevel
50 get { return this.protectionLevel; }
53 if (!ProtectionLevelHelper
.IsDefined(value))
55 throw DiagnosticUtility
.ExceptionUtility
.ThrowHelperError(new ArgumentOutOfRangeException("value"));
57 this.protectionLevel
= value;
61 public ExtendedProtectionPolicy ExtendedProtectionPolicy
65 return this.extendedProtectionPolicy
;
71 throw DiagnosticUtility
.ExceptionUtility
.ThrowHelperArgumentNull("value");
74 if (value.PolicyEnforcement
== PolicyEnforcement
.Always
&&
75 !System
.Security
.Authentication
.ExtendedProtection
.ExtendedProtectionPolicy
.OSSupportsExtendedProtection
)
77 throw DiagnosticUtility
.ExceptionUtility
.ThrowHelperError(
78 new PlatformNotSupportedException(SR
.GetString(SR
.ExtendedProtectionNotSupported
)));
80 this.extendedProtectionPolicy
= value;
84 [DefaultValue(TransportDefaults
.OldDefaultSslProtocols
)]
85 public SslProtocols SslProtocols
87 get { return this.sslProtocols; }
90 SslProtocolsHelper
.Validate(value);
91 this.sslProtocols
= value;
95 SslStreamSecurityBindingElement
CreateSslBindingElement(bool requireClientCertificate
)
97 if (this.protectionLevel
!= ProtectionLevel
.EncryptAndSign
)
99 throw DiagnosticUtility
.ExceptionUtility
.ThrowHelperError(new InvalidOperationException(SR
.GetString(
100 SR
.UnsupportedSslProtectionLevel
, this.protectionLevel
)));
103 SslStreamSecurityBindingElement result
= new SslStreamSecurityBindingElement();
104 result
.RequireClientCertificate
= requireClientCertificate
;
105 result
.SslProtocols
= sslProtocols
;
109 static bool IsSslBindingElement(BindingElement element
, TcpTransportSecurity transportSecurity
, out bool requireClientCertificate
, out SslProtocols sslProtocols
)
111 requireClientCertificate
= false;
112 sslProtocols
= TransportDefaults
.SslProtocols
;
113 SslStreamSecurityBindingElement ssl
= element
as SslStreamSecurityBindingElement
;
116 transportSecurity
.ProtectionLevel
= ProtectionLevel
.EncryptAndSign
;
117 requireClientCertificate
= ssl
.RequireClientCertificate
;
118 sslProtocols
= ssl
.SslProtocols
;
122 internal BindingElement
CreateTransportProtectionOnly()
124 return this.CreateSslBindingElement(false);
127 internal static bool SetTransportProtectionOnly(BindingElement transport
, TcpTransportSecurity transportSecurity
)
129 bool requireClientCertificate
;
130 SslProtocols sslProtocols
;
131 return IsSslBindingElement(transport
, transportSecurity
, out requireClientCertificate
, out sslProtocols
);
134 internal BindingElement
CreateTransportProtectionAndAuthentication()
136 if (this.clientCredentialType
== TcpClientCredentialType
.Certificate
|| this.clientCredentialType
== TcpClientCredentialType
.None
)
138 return this.CreateSslBindingElement(this.clientCredentialType
== TcpClientCredentialType
.Certificate
);
142 WindowsStreamSecurityBindingElement result
= new WindowsStreamSecurityBindingElement();
143 result
.ProtectionLevel
= this.protectionLevel
;
148 internal static bool SetTransportProtectionAndAuthentication(BindingElement transport
, TcpTransportSecurity transportSecurity
)
150 bool requireClientCertificate
= false;
151 SslProtocols sslProtocols
= TransportDefaults
.SslProtocols
;
152 if (transport
is WindowsStreamSecurityBindingElement
)
154 transportSecurity
.ClientCredentialType
= TcpClientCredentialType
.Windows
;
155 transportSecurity
.ProtectionLevel
= ((WindowsStreamSecurityBindingElement
)transport
).ProtectionLevel
;
158 else if (IsSslBindingElement(transport
, transportSecurity
, out requireClientCertificate
, out sslProtocols
))
160 transportSecurity
.ClientCredentialType
= requireClientCertificate
? TcpClientCredentialType
.Certificate
: TcpClientCredentialType
.None
;
161 transportSecurity
.SslProtocols
= sslProtocols
;
167 internal bool InternalShouldSerialize()
169 return this.ClientCredentialType
!= TcpTransportSecurity
.DefaultClientCredentialType
170 || this.ProtectionLevel
!= TcpTransportSecurity
.DefaultProtectionLevel
171 || this.SslProtocols
!= TransportDefaults
.SslProtocols
172 || ShouldSerializeExtendedProtectionPolicy();
175 [EditorBrowsable(EditorBrowsableState
.Never
)]
176 public bool ShouldSerializeExtendedProtectionPolicy()
178 return !ChannelBindingUtility
.AreEqual(this.ExtendedProtectionPolicy
, ChannelBindingUtility
.DefaultPolicy
);