1 2010-07-28 Atsushi Enomoto <atsushi@ximian.com>
3 * SecurityTokenParameters.cs, SupportingTokenParameters.cs,
4 SslSecurityTokenParameters.cs, IssuedSecurityTokenParameters.cs,
5 SspiSecurityTokenParameters.cs,
6 SecureConversationSecurityTokenParameters.cs :
9 2010-07-15 Atsushi Enomoto <atsushi@ximian.com>
11 * SslSecurityTokenProvider.cs : verify mismatch. We don't have
12 correct verification code yet, but ignoring this only brings
13 further mismatch error.
14 * TlsClientSession.cs : add some commented code.
16 2010-07-15 Atsushi Enomoto <atsushi@ximian.com>
18 * SslSecurityTokenProvider.cs : pass X509 auth credential, which
19 contains X509 validation information.
20 * TlsClientSession.cs : use x509 auth settings to validate service
23 2010-07-15 Atsushi Enomoto <atsushi@ximian.com>
25 * TlsServerSession.cs : SendRecord() somehow doesn't work, so
26 use separate stream instread.
28 2010-07-15 Atsushi Enomoto <atsushi@ximian.com>
30 * BinarySecretSecurityToken.cs : add KeySize.
31 * SslSecurityTokenAuthenticator.cs : add some comments.
33 2010-07-15 Atsushi Enomoto <atsushi@ximian.com>
35 * ServiceModelSecurityTokenRequirement.cs :
36 add ExtendedProtectionPolicy.
38 2010-07-12 Atsushi Enomoto <atsushi@ximian.com>
40 * SslSecurityTokenAuthenticator.cs,
41 AuthenticatorCommunicationObject.cs,
42 SecureConversationSecurityTokenAuthenticator.cs :
43 add timeout argument to negotication requests.
45 2008-02-27 Eyal Alaluf <eyala@mainsoft.com>
47 * InternalEncryptedKeyIdentifierClause.cs IssuedTokenCommunicationObject.cs:
48 Fix compilation warnings.
50 2007-04-17 Atsushi Enomoto <atsushi@ximian.com>
52 * IssuedSecurityTokenParameters.cs :
53 implemented CreateRequestParameters().
55 2007-04-02 Atsushi Enomoto <atsushi@ximian.com>
57 * TlsClientSession.cs, TlsServerSession.cs,
58 SslSecurityTokenProvider.cs : support mutual sslnego.
59 * SslnegoCookieResolver.cs : .net seems to include X509Certificate
60 information in the cookie.
62 2007-04-02 Atsushi Enomoto <atsushi@ximian.com>
64 * SecurityContextSecurityToken.cs : Cookie needs a setter.
65 * SslnegoCookieResolver.cs : set Cookie so that it can be serialized.
66 * SslSecurityTokenProvider.cs, SslSecurityTokenAuthenticator.cs :
67 (At provider) check contextId returned by the server.
68 Reverted ProofToken value (see comments).
69 * CommunicationSecurityTokenAuthenticator.cs : it now implements
70 IIssuanceSecurityTokenAuthenticator.
72 2007-03-30 Atsushi Enomoto <atsushi@ximian.com>
74 * AuthenticatorCommunicationObject.cs : added SecurityBindingElement.
75 * SslSecurityTokenProvider.cs : a few updates, key is now from
77 * SslSecurityTokenAuthenticator.cs :
78 use LocalServiceSecuritySettings.IssuedCookieLifetime.
79 * SpnegoSecurityTokenProvider.cs, SpnegoSecurityTokenAuthenticator.cs,
80 SspiSession.cs : some ongoing updates
81 as well as spnego (kerberos) negotiation handling.
82 * TlsClientSession.cs : by specification it is P_SHA, not PRF
83 (though not sure, as CombinedHash is for PRF).
85 2007-03-30 Atsushi Enomoto <atsushi@ximian.com>
87 * SslnegoCookieResolver.cs : ResolveCookie() should simply return
88 entire SecurityContextToken parsed by dnse:Cookie binary.
90 2007-03-27 Atsushi Enomoto <atsushi@ximian.com>
92 * SslSecurityTokenAuthenticator.cs, SslSecurityTokenProvider.cs :
93 Ongoing implementation. Applied some changes for SSPI support.
94 WSSecurityTokenSerializer is implemented to return binary-secret-
95 aware token, so just return it. Fixed some CK-HASH usage.
96 * IssuedTokenCommunicationObject.cs :
97 Applied some changes for SSPI support.
98 * SpnegoSecurityTokenAuthenticator.cs, SpnegoSecurityTokenProvider.cs,
99 SspiSession.cs : new ongoing implementation for SSPI negotiation.
100 * SspiClientSecurityTokenAuthenticator.cs : spnego authenticator
101 will go here (it is just a stub. Created when opening a channel).
103 2007-03-22 Atsushi Enomoto <atsushi@ximian.com>
105 * TlsClientSession.cs, SslSecurityTokenProvider.cs,
106 SslSecurityTokenAuthenticator.cs : added hash calculation support,
107 not working yet though (probably at service side).
109 2007-03-20 Atsushi Enomoto <atsushi@ximian.com>
111 * SslSecurityTokenAuthenticator.cs : don't reuse ContextId for SCT.
112 Process ServerFinished before ApplicationData exchange.
113 * TlsServerSession.cs : Fixed ClientKeyExchange stream processing.
115 2007-03-20 Atsushi Enomoto <atsushi@ximian.com>
117 * TlsClientSession.cs, TlsServerSession.cs :
118 added ProcessApplicationData()
119 * SslSecurityTokenAuthenticator.cs, SslSecurityTokenProvider.cs :
120 process RequestedProofToken as raw TLS negotiation data.
121 * SslnegoCookieResolver.cs : add comments on data format.
123 2007-03-19 Atsushi Enomoto <atsushi@ximian.com>
125 * TlsClientSession.cs : added CreateAuthHash(), used by authenticator.
126 * SecurityContextSecurityToken.cs : support "probably correct" rawdata
127 creation for cookie. It is not the secret key but some binary xml
129 * SslnegoCookieResolver.cs : added CreateData() for creating
130 binary-xmlized token cookie info.
131 * SslSecurityTokenAuthenticator.cs : create session key (dummy for
132 now) and use it instead of MasterSecret. Support t:Authenticator.
134 2007-03-13 Atsushi Enomoto <atsushi@ximian.com>
136 * SslSecurityTokenAuthenticator.cs, SslSecurityTokenProvider.cs :
137 (The build should be fixed at this state.)
138 Implemented RSTR consumption and RSTR collection creation (as the
139 final stage at sslnego phase).
141 Note that it is still not working, as our binary XmlDictionaryReader
142 is not working fine (and still not sure if it will work when they
143 are working fine, as currently there is no way to check if the
144 byte array binary-serialized and encrypted in the dnse:Cookie is
145 the actual symmetric key).
147 2007-03-13 Atsushi Enomoto <atsushi@ximian.com>
149 * SslSecurityTokenParameters.cs : support SecurityContextSecurityToken
150 in CreateKeyIdentifierClause(). Comment out generic xml token
151 support until we need it for sure.
153 2007-03-13 Atsushi Enomoto <atsushi@ximian.com>
155 * SecurityContextSecurityToken.cs : implemented almost all members.
156 * X509SecurityTokenParameters.cs : added comment on wrong documentation.
158 2007-03-13 Atsushi Enomoto <atsushi@ximian.com>
160 * SslnegoCookieResolver.cs : new file. It contains the resolver for
161 MS's non-standard encrypted sslnego shared key (dnse:Cookie), and
162 more importantly, the description on its data format (which was
163 almost unabled to be guessed, until I use non-protecting
164 SecurityStateEncoder and dug in depth to Binary XmlDictionaryReader).
166 2007-03-13 Atsushi Enomoto <atsushi@ximian.com>
168 * TlsServerSession.cs, TlsClientSession.cs : complete every operations
169 that depends on ReceiveRecord(). Added accessor to MasterSecret.
171 2007-03-09 Atsushi Enomoto <atsushi@ximian.com>
173 * TlsServerSession.cs : now ssl negotiation is functional enough to
174 implement SecurityContextToken(Collection) transmit.
175 * TlsClientSession.cs : cosmetic code consistency fix.
177 2007-03-09 Atsushi Enomoto <atsushi@ximian.com>
179 * TlsClientSession.cs, TlsServerSession.cs :
180 okay, there is RecordProtocol, which makes things much easier and
181 correct. Now client seems to be interoperable with .net.
183 2007-03-08 Atsushi Enomoto <atsushi@ximian.com>
185 * TlsClientSession.cs, TlsServerSession.cs :
186 several fixes; Fixed content type processing (Handshake and
187 ChangeCipherSpec). Fixed chunk output of handshake messages.
188 Set server side key verifier.
189 * SslSecurityTokenProvider.cs : use IssueReply for RSTR (fixed SOAP
191 * SslSecurityTokenAuthenticator.cs : implemented most of TLS
192 negotiation support, except for the final stage (still not clear
195 2007-03-07 Atsushi Enomoto <atsushi@ximian.com>
197 * AuthenticatorCommunicationObject.cs,
198 CommunicationSecurityTokenAuthenticator.cs,
199 SecureConversationSecurityTokenAuthenticator.cs :
200 new classes for negotiation-based token authenticators.
201 * SslSecurityTokenAuthenticator.cs : now it is based on
202 CommunicationSecurityTokenAuthenticator (like corresponding
205 2007-03-06 Atsushi Enomoto <atsushi@ximian.com>
207 * SecureConversationSecurityTokenParameters.cs :
208 implemented protected properties.
209 * X509SecurityTokenParameters.cs : added missing ToString().
211 2007-03-05 Atsushi Enomoto <atsushi@ximian.com>
213 * SslSecurityTokenProvider.cs : implemented some client negotiation
214 based on Mono.Security.Protocols.Tls.* and WSTrust contracts.
215 * TlsServerSession.cs, TlsClientSession.cs : session state transition
216 manager (controls Tls Context).
218 2007-03-05 Atsushi Enomoto <atsushi@ximian.com>
220 * UserNameSecurityTokenParameters.cs,
221 RsaSecurityTokenParameters.cs,
222 IssuedSecurityTokenParameters.cs,
223 SslSecurityTokenParameters.cs
224 SspiSecurityTokenParameters.cs,
225 KerberosSecurityTokenParameters.cs,
226 SecureConversationSecurityTokenParameters.cs : updated
227 InitializeSecurityTokenRequirement() based on updated MSDN docs.
228 Implemented Ssl CreateKeyIdentifierClause().
229 Implemented IssuedToken copy .ctor().
231 2007-03-01 Atsushi Enomoto <atsushi@ximian.com>
233 * ServiceModelSecurityTokenRequirement.cs,
234 RecipientServiceModelSecurityTokenRequirement.cs,
235 InitiatorServiceModelSecurityTokenRequirement.cs :
236 implemented ToString().
238 2007-03-01 Atsushi Enomoto <atsushi@ximian.com>
240 * SslSecurityTokenParameters.cs : more initialization of requirement.
241 * SslSecurityTokenAuthenticator.cs : new file.
243 2007-02-27 Atsushi Enomoto <atsushi@ximian.com>
245 * WrappedKeySecurityToken.cs : okkk, HMAC is extra. Just use SHA1,
246 and not for raw key but for wrapped key.
248 2007-02-27 Atsushi Enomoto <atsushi@ximian.com>
250 * WrappedKeySecurityToken.cs :
251 create HMACSHA1 always with the key to compute hash (I'm not sure
252 it is correct; it is rather to adjust all hash consistent.)
254 2007-02-21 Atsushi Enomoto <atsushi@ximian.com>
256 * DerivedKeySecurityToken.cs : added ReferenceList for corresponding
257 references to this key.
259 2007-02-21 Atsushi Enomoto <atsushi@ximian.com>
261 * DerivedKeySecurityToken.cs : new internal class to represent
262 wssc:DerivedKeyToken.
264 2007-02-16 Atsushi Enomoto <atsushi@ximian.com>
266 * WrappedKeySecurityToken.cs : reverted previous change. Key hash
267 could not be identical for the same key, but EncryptedKeySHA1 is
268 based on the wrapped key. So, there is an issue that .NET returns
269 different key than the one in the request message.
271 2007-02-15 Atsushi Enomoto <atsushi@ximian.com>
273 * WrappedKeySecurityToken.cs : SecurityKey should hold raw key, not
276 2007-02-06 Atsushi Enomoto <atsushi@ximian.com>
278 * WrappedKeySecurityToken.cs : it cannot resolve clauses from its
279 .ctor() argument identifier clauses. Match EncrypedKeySHA1 clause
280 if the hash values match.
281 * InternalEncryptedKeyIdentifierClause.cs :
282 derive from Binary clause.
284 2007-02-05 Atsushi Enomoto <atsushi@ximian.com>
286 * InternalEncryptedKeyIdentifierClause.cs : new file. It might not be
287 required, but for now it is used to write embedded EncryptedKey in
288 o:SecurityTokenReference.
290 2007-01-11 Atsushi Enomoto <atsushi@ximian.com>
292 * WrappedKeySecurityToken.cs : added internal ReferenceList, to
293 output e:ReferenceList (kind of compromised solution; see comments).
295 2007-01-09 Atsushi Enomoto <atsushi@ximian.com>
297 * WrappedKeySecurityToken.cs : GetWrappedKey() return value should
298 be the encrypted value of argument keyToWrap. Added several argument
301 2006-12-09 Atsushi Enomoto <atsushi@ximian.com>
303 * WrappedKeySecurityToken.cs : implemented missing members, except for
304 incomplete MatchKeyIdentifierClause().
305 * SecureConversationSecurityTokenParameters.cs : default
306 ChannelProtectionRequirements should cover all body parts i.e.
307 IsBodyIncluded should be true.
309 2006-12-06 Atsushi Enomoto <atsushi@ximian.com>
311 * SupportingTokenParameters.cs : implemented SetKeyDerivation().
313 2006-10-05 Atsushi Enomoto <atsushi@ximian.com>
315 * X509SecurityTokenParameters.cs : additional constructors.
317 2006-10-03 Atsushi Enomoto <atsushi@ximian.com>
319 * BinarySecretSecurityToken.cs : it does not seem that it uses
320 urn:uuid:blah ("urn:" is extraneous).
322 2006-09-27 Atsushi Enomoto <atsushi@ximian.com>
324 * SecurityTokenParameters.cs : added internal properties to access
325 protected properties.
326 * UserNameSecurityTokenParameters.cs : it's done now.
328 2006-09-19 Atsushi Enomoto <atsushi@ximian.com>
330 * SecurityTokenParameters.cs : removed MonoTODOs.
331 * X509SecurityTokenParameters.cs :
332 InitializeSecurityTokenRequirement() is done.
334 2006-09-17 Atsushi Enomoto <atsushi@ximian.com>
336 * ProviderCommunicationObject.cs, IssuedTokenCommunicationObject.cs,
337 SslSecurityTokenProvider.cs : both of issued token and ssl requires
338 connection requirement, so commonize the check.
340 2006-09-15 Atsushi Enomoto <atsushi@ximian.com>
342 * X509SecurityTokenParameters.cs,
343 SspiSecurityTokenParameters.cs,
344 UserNameSecurityTokenParameters.cs,
345 RsaSecurityTokenParameters.cs,
346 IssuedSecurityTokenParameters.cs,
347 SslSecurityTokenParameters.cs : implemented security feature
348 declaration properties (HasAsymmetricKey etc.) and implemented
351 2006-09-15 Atsushi Enomoto <atsushi@ximian.com>
353 * RsaSecurityTokenParameters.cs : TokenType fix.
354 * ProviderCommunicationObject.cs,
355 CommunicationSecurityTokenProvider.cs : an abstract token provider
356 that implements ICommunicationObject, and the abstract communication
357 object that is used in the provider.
358 * SslSecurityTokenProvider.cs : a practical example of the above,
360 * IssuedTokenCommunicationObject.cs, IssuedSecurityTokenProvider.cs :
361 it is also significantly refactored like the above.
362 The ICommunicationObject part of this provider class now just wraps
363 the intermediate object.
365 2006-09-12 Atsushi Enomoto <atsushi@ximian.com>
367 * X509SecurityTokenParameters.cs : when token reference style is
368 Internal, use LocalIdKeyIdentifierClause. The default for this type
371 2006-09-05 Atsushi Enomoto <atsushi@ximian.com>
373 * ServiceModelSecurityTokenRequirement.cs : implemented IsInitiator.
374 * InitiatorServiceModelSecurityTokenRequirement.cs :
375 initialize IsInitiator as true.
377 2006-09-05 Atsushi Enomoto <atsushi@ximian.com>
379 * SecurityContextSecurityTokenAuthenticator.cs,
380 SspiSecurityToken.cs : new files.
381 * SupportingTokenParameters.cs : copy ctor became private.
383 2006-08-30 Atsushi Enomoto <atsushi@ximian.com>
385 * X509SecurityTokenParameters.cs,
386 UserNameSecurityTokenParameters.cs : implemented properties.
387 * RsaSecurityTokenParameters.cs : new file.
389 2006-08-28 Atsushi Enomoto <atsushi@ximian.com>
391 * IssuedSecurityTokenProvider.cs : (GetToken) partly implemented
392 response message consumption.
394 2006-08-28 Atsushi Enomoto <atsushi@ximian.com>
396 * X509SecurityTokenParameters.cs :
397 implemented CreateKeyIdentifierClause().
399 2006-08-28 Atsushi Enomoto <atsushi@ximian.com>
401 * SupportingTokenParameters.cs : added some missing members.
403 2006-08-25 Atsushi Enomoto <atsushi@ximian.com>
405 * BinarySecretSecurityToken.cs : some .ctor() are protected.
407 2006-08-25 Atsushi Enomoto <atsushi@ximian.com>
409 * KerberosSecurityTokenParameters.cs : new test.
411 2006-08-25 Atsushi Enomoto <atsushi@ximian.com>
413 * InitiatorServiceModelSecurityTokenRequirement.cs,
414 RecipientServiceModelSecurityTokenRequirement.cs :
415 just use Properties to set and get each property.
416 * SslSecurityTokenParameters.cs : fix ctor chain.
417 hacky InitializeSecurityTokenRequirement implementation.
419 2006-08-24 Atsushi Enomoto <atsushi@ximian.com>
421 * SecureConversationSecurityTokenParameters.cs :
422 fill SecurityAlgorithmSuite to the requirement.
423 * SecurityTokenParameters.cs :
424 added internal IssuerBindingContext property for
425 SecurityBindingElement.SetIssuerBindingContextIfRequired().
426 Use this context in CallInitializeSecurityTokenParameters().
428 2006-08-23 Atsushi Enomoto <atsushi@ximian.com>
430 * IssuedSecurityTokenParameters.cs : oops, oops. fix build.
432 2006-08-23 Atsushi Enomoto <atsushi@ximian.com>
434 * IssuedSecurityTokenParameters.cs : added missing members.
435 * IssuedSecurityTokenProvider.cs : replacing broken data contract
436 based contracts with message based contract.
437 Support IssuerChannelBehaviors.
438 * SecureConversationSecurityTokenParameters.cs :
439 more InitializeSerurityTokenRequirement().
441 2006-08-23 Atsushi Enomoto <atsushi@ximian.com>
443 * SecurityContextSecurityTokenResolver.cs
444 ISecurityContextSecurityTokenCache.cs
445 SecurityContextSecurityToken.cs : new files.
447 2006-08-22 Atsushi Enomoto <atsushi@ximian.com>
449 * SecureConversationSecurityTokenParameters.cs :
450 partially implemented InitializeSecurityTokenRequirement().
451 * X509SecurityTokenParameters.cs : added X509ReferenceStyle.
452 * SspiSecurityTokenParameters.cs : new file.
454 2006-08-22 Atsushi Enomoto <atsushi@ximian.com>
456 * SslSecurityTokenParameters.cs,
457 SecureConversationSecurityTokenParameters.cs : new files.
458 * SecurityTokenParameters.cs : added internal invoker for
459 InitializeSecurityTokenRequirement().
460 * IssuedSecurityTokenParameters.cs, X509SecurityTokenParameters.cs :
461 implement InitializeSecurityTokenRequirement() (incomplete).
462 * ServiceModelSecurityTokenRequirement.cs :
463 MessageSecurityVersion is of type SecurityTokenVersion.
465 2006-08-17 Atsushi Enomoto <atsushi@ximian.com>
467 * ServiceModelSecurityTokenTypes.cs : new file.
469 2006-08-16 Atsushi Enomoto <atsushi@ximian.com>
471 * IssuedSecurityTokenProvider.cs :
472 WST request and response types are renamed.
474 2006-08-14 Atsushi Enomoto <atsushi@ximian.com>
476 * IssuedSecurityTokenProvider.cs : use new WSTrust proxy (ClientBase)
477 instead of ChannelFactory.
478 * SecurityTokenParameters.cs : added internal helper method for
479 CreateKeyIdentifierClause().
480 * ServiceModelSecurityTokenRequirement.cs : in several properties,
481 use TryGetProperty<T>() instead of having direct fields (so that
482 only setting items to "Properties" also affects on those props).
484 2006-08-11 Atsushi Enomoto <atsushi@ximian.com>
486 * InitiatorServiceModelSecurityTokenRequirement.cs,
487 RecipientServiceModelSecurityTokenRequirement.cs,
488 ServiceModelSecurityTokenRequirement.cs : new files.
490 2006-08-07 Atsushi Enomoto <atsushi@ximian.com>
492 * IssuedSecurityTokenProvider.cs : moved some premise checks from
493 GetTokenCore() to Open().
495 2006-08-04 Atsushi Enomoto <atsushi@ximian.com>
497 * WrappedKeySecurityToken.cs : new file.
499 2006-08-04 Atsushi Enomoto <atsushi@ximian.com>
501 * BinarySecretSecurityToken.cs : new file.
503 2006-08-03 Atsushi Enomoto <atsushi@ximian.com>
505 * UserNameSecurityTokenParameters.cs,
506 X509SecurityTokenParameters.cs : new files.
508 2006-08-02 Atsushi Enomoto <atsushi@ximian.com>
510 * IssuedSecurityTokenProvider.cs : (GetTokenCore) some premise check.
512 2006-08-01 Atsushi Enomoto <atsushi@ximian.com>
514 * IssuedSecurityTokenProvider.cs : implemented some properties.
515 * RenewedSecurityTokenHandler.cs, IssuedSecurityTokenHandler.cs,
516 IIssuanceSecurityTokenAuthenticator.cs : new files.
518 2006-08-01 Atsushi Enomoto <atsushi@ximian.com>
520 * IssuedSecurityTokenProvider.cs, ClaimTypeRequirement.cs : new files.
521 * IssuedSecurityTokenParameters.cs : added some missing members.
523 2006-07-21 Atsushi Enomoto <atsushi@ximian.com>
525 * SecurityTokenReferenceStyle.cs : moved from S.SM.Security namespace.
527 2006-07-21 Atsushi Enomoto <atsushi@ximian.com>
529 * IssuedSecurityTokenParameters.cs, SecurityTokenParameters.cs :
532 2006-07-10 Atsushi Enomoto <atsushi@ximian.com>
534 * SupportingTokenParameters.cs : new file.