2 // SecurityBindingElement.cs
5 // Atsushi Enomoto <atsushi@ximian.com>
7 // Copyright (C) 2005-2006 Novell, Inc. http://www.novell.com
9 // Permission is hereby granted, free of charge, to any person obtaining
10 // a copy of this software and associated documentation files (the
11 // "Software"), to deal in the Software without restriction, including
12 // without limitation the rights to use, copy, modify, merge, publish,
13 // distribute, sublicense, and/or sell copies of the Software, and to
14 // permit persons to whom the Software is furnished to do so, subject to
15 // the following conditions:
17 // The above copyright notice and this permission notice shall be
18 // included in all copies or substantial portions of the Software.
20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
28 using System.Collections.Generic;
29 using System.Collections.ObjectModel;
30 using System.IdentityModel.Selectors;
31 using System.IdentityModel.Tokens;
32 using System.ServiceModel.Description;
33 using System.ServiceModel.Channels;
34 using System.ServiceModel.Security;
35 using System.ServiceModel.Security.Tokens;
37 namespace System.ServiceModel.Channels
39 public abstract class SecurityBindingElement : BindingElement
41 internal SecurityBindingElement ()
43 DefaultAlgorithmSuite = SecurityAlgorithmSuite.Default;
44 MessageSecurityVersion = MessageSecurityVersion.Default;
45 IncludeTimestamp = true;
46 KeyEntropyMode = SecurityKeyEntropyMode.CombinedEntropy;
47 endpoint = new SupportingTokenParameters ();
48 operation = new Dictionary<string,SupportingTokenParameters> ();
49 opt_endpoint = new SupportingTokenParameters ();
50 opt_operation = new Dictionary<string,SupportingTokenParameters> ();
51 client_settings = new LocalClientSecuritySettings ();
52 service_settings = new LocalServiceSecuritySettings ();
55 internal SecurityBindingElement (SecurityBindingElement other)
57 alg_suite = other.alg_suite;
58 include_timestamp = other.include_timestamp;
59 key_entropy_mode = other.key_entropy_mode;
60 security_header_layout = other.security_header_layout;
61 msg_security_version = other.msg_security_version;
62 endpoint = other.endpoint.Clone ();
63 opt_endpoint = other.opt_endpoint.Clone ();
64 operation = new Dictionary<string,SupportingTokenParameters> ();
65 foreach (KeyValuePair<string,SupportingTokenParameters> p in other.operation)
66 operation.Add (p.Key, p.Value.Clone ());
67 opt_operation = new Dictionary<string,SupportingTokenParameters> ();
68 foreach (KeyValuePair<string,SupportingTokenParameters> p in other.opt_operation)
69 opt_operation.Add (p.Key, p.Value.Clone ());
70 client_settings = other.client_settings.Clone ();
71 service_settings = other.service_settings.Clone ();
74 SecurityAlgorithmSuite alg_suite;
75 bool include_timestamp;
76 SecurityKeyEntropyMode key_entropy_mode;
77 SecurityHeaderLayout security_header_layout;
78 MessageSecurityVersion msg_security_version;
79 SupportingTokenParameters endpoint, opt_endpoint;
80 IDictionary<string,SupportingTokenParameters> operation, opt_operation;
81 LocalClientSecuritySettings client_settings;
82 LocalServiceSecuritySettings service_settings;
84 public SecurityAlgorithmSuite DefaultAlgorithmSuite {
85 get { return alg_suite; }
86 set { alg_suite = value; }
89 public bool IncludeTimestamp {
90 get { return include_timestamp; }
91 set { include_timestamp = value; }
94 public SecurityKeyEntropyMode KeyEntropyMode {
95 get { return key_entropy_mode; }
96 set { key_entropy_mode = value; }
99 public LocalClientSecuritySettings LocalClientSettings {
100 get { return client_settings; }
103 public LocalServiceSecuritySettings LocalServiceSettings {
104 get { return service_settings; }
107 public SecurityHeaderLayout SecurityHeaderLayout {
108 get { return security_header_layout; }
109 set { security_header_layout = value; }
112 public MessageSecurityVersion MessageSecurityVersion {
113 get { return msg_security_version; }
114 set { msg_security_version = value; }
117 public SupportingTokenParameters EndpointSupportingTokenParameters {
118 get { return endpoint; }
121 public IDictionary<string,SupportingTokenParameters> OperationSupportingTokenParameters {
122 get { return operation; }
125 public SupportingTokenParameters OptionalEndpointSupportingTokenParameters {
126 get { return opt_endpoint; }
129 public IDictionary<string,SupportingTokenParameters> OptionalOperationSupportingTokenParameters {
130 get { return opt_operation; }
133 [MonoTODO ("It supports only IRequestSessionChannel")]
134 public override bool CanBuildChannelFactory<TChannel> (BindingContext context)
136 return context.CanBuildInnerChannelFactory<TChannel> ();
139 [MonoTODO ("It probably supports only IReplySessionChannel")]
140 public override bool CanBuildChannelListener<TChannel> (BindingContext context)
142 return context.CanBuildInnerChannelListener<TChannel> ();
145 public override IChannelFactory<TChannel> BuildChannelFactory<TChannel> (
146 BindingContext context)
148 return BuildChannelFactoryCore<TChannel> (context);
151 public override IChannelListener<TChannel> BuildChannelListener<TChannel> (
152 BindingContext context)
154 return BuildChannelListenerCore<TChannel> (context);
157 public virtual void SetKeyDerivation (bool requireDerivedKeys)
159 endpoint.SetKeyDerivation (requireDerivedKeys);
160 opt_endpoint.SetKeyDerivation (requireDerivedKeys);
161 foreach (SupportingTokenParameters p in operation.Values)
162 p.SetKeyDerivation (requireDerivedKeys);
163 foreach (SupportingTokenParameters p in opt_operation.Values)
164 p.SetKeyDerivation (requireDerivedKeys);
168 public override string ToString ()
170 return base.ToString ();
173 protected abstract IChannelFactory<TChannel>
174 BuildChannelFactoryCore<TChannel> (BindingContext context);
176 protected abstract IChannelListener<TChannel>
177 BuildChannelListenerCore<TChannel> (BindingContext context)
178 where TChannel : class, IChannel;
180 #region Factory methods
181 public static SymmetricSecurityBindingElement
182 CreateAnonymousForCertificateBindingElement ()
184 SymmetricSecurityBindingElement be = new SymmetricSecurityBindingElement ();
185 be.RequireSignatureConfirmation = true;
186 be.ProtectionTokenParameters = CreateProtectionTokenParameters (true);
190 public static TransportSecurityBindingElement
191 CreateCertificateOverTransportBindingElement ()
193 return CreateCertificateOverTransportBindingElement (MessageSecurityVersion.Default);
197 public static TransportSecurityBindingElement
198 CreateCertificateOverTransportBindingElement (MessageSecurityVersion version)
200 throw new NotImplementedException ();
204 public static AsymmetricSecurityBindingElement
205 CreateCertificateSignatureBindingElement ()
207 throw new NotImplementedException ();
211 public static SymmetricSecurityBindingElement
212 CreateIssuedTokenBindingElement (
213 IssuedSecurityTokenParameters issuedTokenParameters)
215 SymmetricSecurityBindingElement be = new SymmetricSecurityBindingElement ();
216 be.ProtectionTokenParameters = issuedTokenParameters;
220 public static SymmetricSecurityBindingElement
221 CreateIssuedTokenForCertificateBindingElement (
222 IssuedSecurityTokenParameters issuedTokenParameters)
224 SymmetricSecurityBindingElement be = new SymmetricSecurityBindingElement ();
225 be.RequireSignatureConfirmation = true;
226 be.ProtectionTokenParameters = CreateProtectionTokenParameters (true);
227 be.EndpointSupportingTokenParameters.Endorsing.Add (
228 issuedTokenParameters);
233 public static SymmetricSecurityBindingElement
234 CreateIssuedTokenForSslBindingElement (
235 IssuedSecurityTokenParameters issuedTokenParameters)
237 return CreateIssuedTokenForSslBindingElement (
238 issuedTokenParameters, false);
242 public static SymmetricSecurityBindingElement
243 CreateIssuedTokenForSslBindingElement (
244 IssuedSecurityTokenParameters issuedTokenParameters,
245 bool requireCancellation)
247 SymmetricSecurityBindingElement be = new SymmetricSecurityBindingElement ();
248 be.RequireSignatureConfirmation = true;
249 be.ProtectionTokenParameters = CreateProtectionTokenParameters (false);
250 be.EndpointSupportingTokenParameters.Endorsing.Add (
251 issuedTokenParameters);
256 public static TransportSecurityBindingElement
257 CreateIssuedTokenOverTransportBindingElement (
258 IssuedSecurityTokenParameters issuedTokenParameters)
260 throw new NotImplementedException ();
264 public static SymmetricSecurityBindingElement CreateKerberosBindingElement ()
266 SymmetricSecurityBindingElement be = new SymmetricSecurityBindingElement ();
267 be.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic128;
268 be.ProtectionTokenParameters = CreateProtectionTokenParameters (false);
269 be.ProtectionTokenParameters.InclusionMode =
270 SecurityTokenInclusionMode.Once;
275 public static TransportSecurityBindingElement
276 CreateKerberosOverTransportBindingElement ()
278 throw new NotImplementedException ();
282 public static SecurityBindingElement
283 CreateMutualCertificateBindingElement ()
285 throw new NotImplementedException ();
289 public static SecurityBindingElement
290 CreateMutualCertificateBindingElement (MessageSecurityVersion version)
292 throw new NotImplementedException ();
296 public static SecurityBindingElement
297 CreateMutualCertificateBindingElement (
298 MessageSecurityVersion version,
299 bool allowSerializedSigningTokenOnReply)
301 throw new NotImplementedException ();
305 public static AsymmetricSecurityBindingElement
306 CreateMutualCertificateDuplexBindingElement ()
308 throw new NotImplementedException ();
312 public static AsymmetricSecurityBindingElement
313 CreateMutualCertificateDuplexBindingElement (
314 MessageSecurityVersion version)
316 throw new NotImplementedException ();
319 public static SecurityBindingElement
320 CreateSecureConversationBindingElement (SecurityBindingElement binding)
322 return CreateSecureConversationBindingElement (binding, false);
325 public static SecurityBindingElement
326 CreateSecureConversationBindingElement (
327 SecurityBindingElement binding, bool requireCancellation)
329 return CreateSecureConversationBindingElement (binding, requireCancellation, null);
333 public static SecurityBindingElement
334 CreateSecureConversationBindingElement (
335 SecurityBindingElement binding, bool requireCancellation,
336 ChannelProtectionRequirements protectionRequirements)
338 SymmetricSecurityBindingElement be =
339 new SymmetricSecurityBindingElement ();
340 be.ProtectionTokenParameters =
341 new SecureConversationSecurityTokenParameters (
342 binding, requireCancellation, protectionRequirements);
347 public static SymmetricSecurityBindingElement
348 CreateSslNegotiationBindingElement (bool requireClientCertificate)
350 return CreateSslNegotiationBindingElement (
351 requireClientCertificate, false);
355 public static SymmetricSecurityBindingElement
356 CreateSslNegotiationBindingElement (
357 bool requireClientCertificate,
358 bool requireCancellation)
360 SymmetricSecurityBindingElement be = new SymmetricSecurityBindingElement ();
361 be.ProtectionTokenParameters = new SslSecurityTokenParameters (requireClientCertificate, requireCancellation);
366 public static SymmetricSecurityBindingElement
367 CreateSspiNegotiationBindingElement ()
369 return CreateSspiNegotiationBindingElement (true);
373 public static SymmetricSecurityBindingElement
374 CreateSspiNegotiationBindingElement (bool requireCancellation)
376 SymmetricSecurityBindingElement be = new SymmetricSecurityBindingElement ();
377 be.ProtectionTokenParameters = CreateProtectionTokenParameters (false);
381 public static TransportSecurityBindingElement
382 CreateSspiNegotiationOverTransportBindingElement ()
384 return CreateSspiNegotiationOverTransportBindingElement (false);
388 public static TransportSecurityBindingElement
389 CreateSspiNegotiationOverTransportBindingElement (bool requireCancellation)
391 throw new NotImplementedException ();
394 static X509SecurityTokenParameters CreateProtectionTokenParameters (bool cert)
396 X509SecurityTokenParameters p =
397 new X509SecurityTokenParameters ();
398 p.X509ReferenceStyle = X509KeyIdentifierClauseType.Thumbprint;
400 p.InclusionMode = SecurityTokenInclusionMode.Never;
405 public static SymmetricSecurityBindingElement
406 CreateUserNameForCertificateBindingElement ()
408 SymmetricSecurityBindingElement be = new SymmetricSecurityBindingElement ();
409 be.ProtectionTokenParameters = CreateProtectionTokenParameters (true);
410 UserNameSecurityTokenParameters utp =
411 new UserNameSecurityTokenParameters ();
412 be.EndpointSupportingTokenParameters.SignedEncrypted.Add (utp);
417 public static SymmetricSecurityBindingElement
418 CreateUserNameForSslBindingElement ()
420 return CreateUserNameForSslBindingElement (false);
424 public static SymmetricSecurityBindingElement
425 CreateUserNameForSslBindingElement (bool requireCancellation)
427 SymmetricSecurityBindingElement be = new SymmetricSecurityBindingElement ();
428 be.ProtectionTokenParameters = CreateProtectionTokenParameters (false);
429 UserNameSecurityTokenParameters utp =
430 new UserNameSecurityTokenParameters ();
431 be.EndpointSupportingTokenParameters.SignedEncrypted.Add (utp);
436 public static TransportSecurityBindingElement
437 CreateUserNameOverTransportBindingElement ()
439 throw new NotImplementedException ();
443 // It seems almost internal, hardcoded like this (I tried
444 // custom parameters that sets IssuedTokenSecurityTokenParameters
445 // like below ones, but that didn't trigger this method).
446 protected static void SetIssuerBindingContextIfRequired (
447 SecurityTokenParameters parameters,
448 BindingContext issuerBindingContext)
450 if (parameters is IssuedSecurityTokenParameters ||
451 parameters is SecureConversationSecurityTokenParameters ||
452 parameters is SslSecurityTokenParameters ||
453 parameters is SspiSecurityTokenParameters) {
454 parameters.IssuerBindingContext = issuerBindingContext;