mcs/class/System.ServiceModel/System.ServiceModel.Channels/SecurityBindingElement.cs

   1 //
   2 // SecurityBindingElement.cs
   3 //
   4 // Author:
   5 //      Atsushi Enomoto <atsushi@ximian.com>
   6 //
   7 // Copyright (C) 2005-2006 Novell, Inc.  http://www.novell.com
   8 //
   9 // Permission is hereby granted, free of charge, to any person obtaining
  10 // a copy of this software and associated documentation files (the
  11 // "Software"), to deal in the Software without restriction, including
  12 // without limitation the rights to use, copy, modify, merge, publish,
  13 // distribute, sublicense, and/or sell copies of the Software, and to
  14 // permit persons to whom the Software is furnished to do so, subject to
  15 // the following conditions:
  16 //
  17 // The above copyright notice and this permission notice shall be
  18 // included in all copies or substantial portions of the Software.
  19 //
  20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
  24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
  25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  27 //
  28 using System.Collections.Generic;
  29 using System.Collections.ObjectModel;
  30 using System.IdentityModel.Selectors;
  31 using System.IdentityModel.Tokens;
  32 using System.ServiceModel.Description;
  33 using System.ServiceModel.Channels;
  34 using System.ServiceModel.Security;
  35 using System.ServiceModel.Security.Tokens;
  36
  37 namespace System.ServiceModel.Channels
  38 {
  39         public abstract class SecurityBindingElement : BindingElement
  40         {
  41                 internal SecurityBindingElement ()
  42                 {
  43                         DefaultAlgorithmSuite = SecurityAlgorithmSuite.Default;
  44                         MessageSecurityVersion = MessageSecurityVersion.Default;
  45                         IncludeTimestamp = true;
  46                         KeyEntropyMode = SecurityKeyEntropyMode.CombinedEntropy;
  47                         endpoint = new SupportingTokenParameters ();
  48                         operation = new Dictionary<string,SupportingTokenParameters> ();
  49                         opt_endpoint = new SupportingTokenParameters ();
  50                         opt_operation = new Dictionary<string,SupportingTokenParameters> ();
  51                         client_settings = new LocalClientSecuritySettings ();
  52                         service_settings = new LocalServiceSecuritySettings ();
  53                 }
  54
  55                 internal SecurityBindingElement (SecurityBindingElement other)
  56                 {
  57                         alg_suite = other.alg_suite;
  58                         include_timestamp = other.include_timestamp;
  59                         key_entropy_mode = other.key_entropy_mode;
  60                         security_header_layout = other.security_header_layout;
  61                         msg_security_version = other.msg_security_version;
  62                         endpoint = other.endpoint.Clone ();
  63                         opt_endpoint = other.opt_endpoint.Clone ();
  64                         operation = new Dictionary<string,SupportingTokenParameters> ();
  65                         foreach (KeyValuePair<string,SupportingTokenParameters> p in other.operation)
  66                                 operation.Add (p.Key, p.Value.Clone ());
  67                         opt_operation = new Dictionary<string,SupportingTokenParameters> ();
  68                         foreach (KeyValuePair<string,SupportingTokenParameters> p in other.opt_operation)
  69                                 opt_operation.Add (p.Key, p.Value.Clone ());
  70                         client_settings = other.client_settings.Clone ();
  71                         service_settings = other.service_settings.Clone ();
  72                 }
  73
  74                 SecurityAlgorithmSuite alg_suite;
  75                 bool include_timestamp;
  76                 SecurityKeyEntropyMode key_entropy_mode;
  77                 SecurityHeaderLayout security_header_layout;
  78                 MessageSecurityVersion msg_security_version;
  79                 SupportingTokenParameters endpoint, opt_endpoint;
  80                 IDictionary<string,SupportingTokenParameters> operation, opt_operation;
  81                 LocalClientSecuritySettings client_settings;
  82                 LocalServiceSecuritySettings service_settings;
  83
  84                 public SecurityAlgorithmSuite DefaultAlgorithmSuite {
  85                         get { return alg_suite; }
  86                         set { alg_suite = value; }
  87                 }
  88
  89                 public bool IncludeTimestamp {
  90                         get { return include_timestamp; }
  91                         set { include_timestamp = value; }
  92                 }
  93
  94                 public SecurityKeyEntropyMode KeyEntropyMode {
  95                         get { return key_entropy_mode; }
  96                         set { key_entropy_mode = value; }
  97                 }
  98
  99                 public LocalClientSecuritySettings LocalClientSettings {
 100                         get { return client_settings; }
 101                 }
 102
 103                 public LocalServiceSecuritySettings LocalServiceSettings {
 104                         get { return service_settings; }
 105                 }
 106
 107                 public SecurityHeaderLayout SecurityHeaderLayout {
 108                         get { return security_header_layout; }
 109                         set { security_header_layout = value; }
 110                 }
 111
 112                 public MessageSecurityVersion MessageSecurityVersion {
 113                         get { return msg_security_version; }
 114                         set { msg_security_version = value; }
 115                 }
 116
 117                 public SupportingTokenParameters EndpointSupportingTokenParameters {
 118                         get { return endpoint; }
 119                 }
 120
 121                 public IDictionary<string,SupportingTokenParameters> OperationSupportingTokenParameters {
 122                         get { return operation; }
 123                 }
 124
 125                 public SupportingTokenParameters OptionalEndpointSupportingTokenParameters {
 126                         get { return opt_endpoint; }
 127                 }
 128
 129                 public IDictionary<string,SupportingTokenParameters> OptionalOperationSupportingTokenParameters {
 130                         get { return opt_operation; }
 131                 }
 132
 133                 [MonoTODO ("It supports only IRequestSessionChannel")]
 134                 public override bool CanBuildChannelFactory<TChannel> (BindingContext context)
 135                 {
 136                         return context.CanBuildInnerChannelFactory<TChannel> ();
 137                 }
 138
 139                 [MonoTODO ("It probably supports only IReplySessionChannel")]
 140                 public override bool CanBuildChannelListener<TChannel> (BindingContext context)
 141                 {
 142                         return context.CanBuildInnerChannelListener<TChannel> ();
 143                 }
 144
 145                 public override IChannelFactory<TChannel> BuildChannelFactory<TChannel> (
 146                         BindingContext context)
 147                 {
 148                         return BuildChannelFactoryCore<TChannel> (context);
 149                 }
 150
 151                 public override IChannelListener<TChannel> BuildChannelListener<TChannel> (
 152                         BindingContext context)
 153                 {
 154                         return BuildChannelListenerCore<TChannel> (context);
 155                 }
 156
 157                 public virtual void SetKeyDerivation (bool requireDerivedKeys)
 158                 {
 159                         endpoint.SetKeyDerivation (requireDerivedKeys);
 160                         opt_endpoint.SetKeyDerivation (requireDerivedKeys);
 161                         foreach (SupportingTokenParameters p in operation.Values)
 162                                 p.SetKeyDerivation (requireDerivedKeys);
 163                         foreach (SupportingTokenParameters p in opt_operation.Values)
 164                                 p.SetKeyDerivation (requireDerivedKeys);
 165                 }
 166
 167                 [MonoTODO]
 168                 public override string ToString ()
 169                 {
 170                         return base.ToString ();
 171                 }
 172
 173                 protected abstract IChannelFactory<TChannel>
 174                         BuildChannelFactoryCore<TChannel> (BindingContext context);
 175
 176                 protected abstract IChannelListener<TChannel>
 177                         BuildChannelListenerCore<TChannel> (BindingContext context)
 178                         where TChannel : class, IChannel;
 179
 180                 #region Factory methods
 181                 public static SymmetricSecurityBindingElement
 182                         CreateAnonymousForCertificateBindingElement ()
 183                 {
 184                         SymmetricSecurityBindingElement be = new SymmetricSecurityBindingElement ();
 185                         be.RequireSignatureConfirmation = true;
 186                         be.ProtectionTokenParameters = CreateProtectionTokenParameters (true);
 187                         return be;
 188                 }
 189
 190                 public static TransportSecurityBindingElement
 191                         CreateCertificateOverTransportBindingElement ()
 192                 {
 193                         return CreateCertificateOverTransportBindingElement (MessageSecurityVersion.Default);
 194                 }
 195
 196                 [MonoTODO]
 197                 public static TransportSecurityBindingElement
 198                         CreateCertificateOverTransportBindingElement (MessageSecurityVersion version)
 199                 {
 200                         throw new NotImplementedException ();
 201                 }
 202
 203                 [MonoTODO]
 204                 public static AsymmetricSecurityBindingElement
 205                         CreateCertificateSignatureBindingElement  ()
 206                 {
 207                         throw new NotImplementedException ();
 208                 }
 209
 210                 [MonoTODO]
 211                 public static SymmetricSecurityBindingElement
 212                         CreateIssuedTokenBindingElement  (
 213                         IssuedSecurityTokenParameters issuedTokenParameters)
 214                 {
 215                         SymmetricSecurityBindingElement be = new SymmetricSecurityBindingElement ();
 216                         be.ProtectionTokenParameters = issuedTokenParameters;
 217                         return be;
 218                 }
 219
 220                 public static SymmetricSecurityBindingElement
 221                         CreateIssuedTokenForCertificateBindingElement (
 222                         IssuedSecurityTokenParameters issuedTokenParameters)
 223                 {
 224                         SymmetricSecurityBindingElement be = new SymmetricSecurityBindingElement ();
 225                         be.RequireSignatureConfirmation = true;
 226                         be.ProtectionTokenParameters = CreateProtectionTokenParameters (true);
 227                         be.EndpointSupportingTokenParameters.Endorsing.Add (
 228                                 issuedTokenParameters);
 229                         return be;
 230                 }
 231
 232                 [MonoTODO]
 233                 public static SymmetricSecurityBindingElement
 234                         CreateIssuedTokenForSslBindingElement (
 235                         IssuedSecurityTokenParameters issuedTokenParameters)
 236                 {
 237                         return CreateIssuedTokenForSslBindingElement (
 238                                 issuedTokenParameters, false);
 239                 }
 240
 241                 [MonoTODO]
 242                 public static SymmetricSecurityBindingElement
 243                         CreateIssuedTokenForSslBindingElement (
 244                         IssuedSecurityTokenParameters issuedTokenParameters,
 245                         bool requireCancellation)
 246                 {
 247                         SymmetricSecurityBindingElement be = new SymmetricSecurityBindingElement ();
 248                         be.RequireSignatureConfirmation = true;
 249                         be.ProtectionTokenParameters = CreateProtectionTokenParameters (false);
 250                         be.EndpointSupportingTokenParameters.Endorsing.Add (
 251                                 issuedTokenParameters);
 252                         return be;
 253                 }
 254
 255                 [MonoTODO]
 256                 public static TransportSecurityBindingElement
 257                         CreateIssuedTokenOverTransportBindingElement (
 258                         IssuedSecurityTokenParameters issuedTokenParameters)
 259                 {
 260                         throw new NotImplementedException ();
 261                 }
 262
 263                 [MonoTODO]
 264                 public static SymmetricSecurityBindingElement CreateKerberosBindingElement ()
 265                 {
 266                         SymmetricSecurityBindingElement be = new SymmetricSecurityBindingElement ();
 267                         be.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic128;
 268                         be.ProtectionTokenParameters = CreateProtectionTokenParameters (false);
 269                         be.ProtectionTokenParameters.InclusionMode =
 270                                 SecurityTokenInclusionMode.Once;
 271                         return be;
 272                 }
 273
 274                 [MonoTODO]
 275                 public static TransportSecurityBindingElement
 276                         CreateKerberosOverTransportBindingElement ()
 277                 {
 278                         throw new NotImplementedException ();
 279                 }
 280
 281                 [MonoTODO]
 282                 public static SecurityBindingElement
 283                         CreateMutualCertificateBindingElement ()
 284                 {
 285                         throw new NotImplementedException ();
 286                 }
 287
 288                 [MonoTODO]
 289                 public static SecurityBindingElement
 290                         CreateMutualCertificateBindingElement (MessageSecurityVersion version)
 291                 {
 292                         throw new NotImplementedException ();
 293                 }
 294
 295                 [MonoTODO]
 296                 public static SecurityBindingElement
 297                         CreateMutualCertificateBindingElement (
 298                         MessageSecurityVersion version,
 299                         bool allowSerializedSigningTokenOnReply)
 300                 {
 301                         throw new NotImplementedException ();
 302                 }
 303
 304                 [MonoTODO]
 305                 public static AsymmetricSecurityBindingElement
 306                         CreateMutualCertificateDuplexBindingElement ()
 307                 {
 308                         throw new NotImplementedException ();
 309                 }
 310
 311                 [MonoTODO]
 312                 public static AsymmetricSecurityBindingElement
 313                         CreateMutualCertificateDuplexBindingElement (
 314                         MessageSecurityVersion version)
 315                 {
 316                         throw new NotImplementedException ();
 317                 }
 318
 319                 public static SecurityBindingElement
 320                         CreateSecureConversationBindingElement (SecurityBindingElement binding)
 321                 {
 322                         return CreateSecureConversationBindingElement (binding, false);
 323                 }
 324
 325                 public static SecurityBindingElement
 326                         CreateSecureConversationBindingElement (
 327                         SecurityBindingElement binding, bool requireCancellation)
 328                 {
 329                         return CreateSecureConversationBindingElement (binding, requireCancellation, null);
 330                 }
 331
 332                 [MonoTODO]
 333                 public static SecurityBindingElement
 334                         CreateSecureConversationBindingElement (
 335                         SecurityBindingElement binding, bool requireCancellation,
 336                         ChannelProtectionRequirements protectionRequirements)
 337                 {
 338                         SymmetricSecurityBindingElement be =
 339                                 new SymmetricSecurityBindingElement ();
 340                         be.ProtectionTokenParameters =
 341                                 new SecureConversationSecurityTokenParameters (
 342                                         binding, requireCancellation, protectionRequirements);
 343                         return be;
 344                 }
 345
 346                 [MonoTODO]
 347                 public static SymmetricSecurityBindingElement
 348                         CreateSslNegotiationBindingElement (bool requireClientCertificate)
 349                 {
 350                         return CreateSslNegotiationBindingElement (
 351                                 requireClientCertificate, false);
 352                 }
 353
 354                 [MonoTODO]
 355                 public static SymmetricSecurityBindingElement
 356                         CreateSslNegotiationBindingElement (
 357                         bool requireClientCertificate,
 358                         bool requireCancellation)
 359                 {
 360                         SymmetricSecurityBindingElement be = new SymmetricSecurityBindingElement ();
 361                         be.ProtectionTokenParameters = new SslSecurityTokenParameters (requireClientCertificate, requireCancellation);
 362                         return be;
 363                 }
 364
 365                 [MonoTODO]
 366                 public static SymmetricSecurityBindingElement
 367                         CreateSspiNegotiationBindingElement ()
 368                 {
 369                         return CreateSspiNegotiationBindingElement (true);
 370                 }
 371
 372                 [MonoTODO]
 373                 public static SymmetricSecurityBindingElement
 374                         CreateSspiNegotiationBindingElement (bool requireCancellation)
 375                 {
 376                         SymmetricSecurityBindingElement be = new SymmetricSecurityBindingElement ();
 377                         be.ProtectionTokenParameters = CreateProtectionTokenParameters (false);
 378                         return be;
 379                 }
 380
 381                 public static TransportSecurityBindingElement
 382                         CreateSspiNegotiationOverTransportBindingElement ()
 383                 {
 384                         return CreateSspiNegotiationOverTransportBindingElement (false);
 385                 }
 386
 387                 [MonoTODO]
 388                 public static TransportSecurityBindingElement
 389                         CreateSspiNegotiationOverTransportBindingElement (bool requireCancellation)
 390                 {
 391                         throw new NotImplementedException ();
 392                 }
 393
 394                 static X509SecurityTokenParameters CreateProtectionTokenParameters (bool cert)
 395                 {
 396                         X509SecurityTokenParameters p =
 397                                 new X509SecurityTokenParameters ();
 398                         p.X509ReferenceStyle = X509KeyIdentifierClauseType.Thumbprint;
 399                         if (cert)
 400                                 p.InclusionMode = SecurityTokenInclusionMode.Never;
 401                         return p;
 402                 }
 403
 404                 [MonoTODO]
 405                 public static SymmetricSecurityBindingElement
 406                         CreateUserNameForCertificateBindingElement ()
 407                 {
 408                         SymmetricSecurityBindingElement be = new SymmetricSecurityBindingElement ();
 409                         be.ProtectionTokenParameters = CreateProtectionTokenParameters (true);
 410                         UserNameSecurityTokenParameters utp =
 411                                 new UserNameSecurityTokenParameters ();
 412                         be.EndpointSupportingTokenParameters.SignedEncrypted.Add (utp);
 413                         return be;
 414                 }
 415
 416                 [MonoTODO]
 417                 public static SymmetricSecurityBindingElement
 418                         CreateUserNameForSslBindingElement ()
 419                 {
 420                         return CreateUserNameForSslBindingElement (false);
 421                 }
 422
 423                 [MonoTODO]
 424                 public static SymmetricSecurityBindingElement
 425                         CreateUserNameForSslBindingElement (bool requireCancellation)
 426                 {
 427                         SymmetricSecurityBindingElement be = new SymmetricSecurityBindingElement ();
 428                         be.ProtectionTokenParameters = CreateProtectionTokenParameters (false);
 429                         UserNameSecurityTokenParameters utp =
 430                                 new UserNameSecurityTokenParameters ();
 431                         be.EndpointSupportingTokenParameters.SignedEncrypted.Add (utp);
 432                         return be;
 433                 }
 434
 435                 [MonoTODO]
 436                 public static TransportSecurityBindingElement
 437                         CreateUserNameOverTransportBindingElement ()
 438                 {
 439                         throw new NotImplementedException ();
 440                 }
 441                 #endregion
 442
 443                 // It seems almost internal, hardcoded like this (I tried
 444                 // custom parameters that sets IssuedTokenSecurityTokenParameters
 445                 // like below ones, but that didn't trigger this method).
 446                 protected static void SetIssuerBindingContextIfRequired (
 447                         SecurityTokenParameters parameters,
 448                         BindingContext issuerBindingContext)
 449                 {
 450                         if (parameters is IssuedSecurityTokenParameters ||
 451                             parameters is SecureConversationSecurityTokenParameters ||
 452                             parameters is SslSecurityTokenParameters ||
 453                             parameters is SspiSecurityTokenParameters) {
 454                                 parameters.IssuerBindingContext = issuerBindingContext;
 455                         }
 456                 }
 457         }
 458 }