Fixed the SecurityBindingElement creation of BasicHttpBinding

mcs/class/System.ServiceModel/System.ServiceModel.Channels/SecurityBindingElement.cs

@@ -372,27 +372,58 @@ namespace System.ServiceModel.Channels
 			throw new NotImplementedException ();
 		}
 
-		[MonoTODO]
 		public static SecurityBindingElement 
 			CreateMutualCertificateBindingElement ()
 		{
-			throw new NotImplementedException ();
+			return CreateMutualCertificateBindingElement (MessageSecurityVersion.Default, false);
 		}
 
-		[MonoTODO]
 		public static SecurityBindingElement 
 			CreateMutualCertificateBindingElement (MessageSecurityVersion version)
 		{
-			throw new NotImplementedException ();
+			return CreateMutualCertificateBindingElement (version, false);
 		}
 
-		[MonoTODO]
+		[MonoTODO("Does not support allowSerializedSigningTokenOnReply.")]
 		public static SecurityBindingElement 
 			CreateMutualCertificateBindingElement (
 			MessageSecurityVersion version,
 			bool allowSerializedSigningTokenOnReply)
 		{
-			throw new NotImplementedException ();
+			if (version == null)
+				throw new ArgumentNullException ("version");
+			
+			if (allowSerializedSigningTokenOnReply)
+				throw new NotSupportedException ("allowSerializedSigningTokenOnReply is not supported");
+			
+			if (version.SecurityVersion == SecurityVersion.WSSecurity10) {
+			
+				var recipient = new X509SecurityTokenParameters (
+					X509KeyIdentifierClauseType.Any,	
+				    SecurityTokenInclusionMode.Never);
+				recipient.RequireDerivedKeys = false;
+				
+				var initiator = new X509SecurityTokenParameters (
+				    X509KeyIdentifierClauseType.Any, 
+				    SecurityTokenInclusionMode.AlwaysToRecipient);
+				initiator.RequireDerivedKeys = false;                                          
+				                                                 
+				return new AsymmetricSecurityBindingElement(recipient, initiator) {
+					MessageSecurityVersion = version
+				};
+			} else {
+				X509SecurityTokenParameters p =
+					new X509SecurityTokenParameters (X509KeyIdentifierClauseType.Thumbprint);
+					p.RequireDerivedKeys = false;
+					
+				var sym = new SymmetricSecurityBindingElement () {
+					MessageSecurityVersion = version,
+					RequireSignatureConfirmation = true};
+				
+				sym.EndpointSupportingTokenParameters.Endorsing.Add (p);
+				return sym;
+			}
+			
 		}
 
 		[MonoTODO]

mcs/class/System.ServiceModel/System.ServiceModel/BasicHttpBinding.cs

@@ -181,23 +181,10 @@ namespace System.ServiceModel
 			CreateBindingElements ()
 		{
 			var list = new List<BindingElement> ();
-			switch (Security.Mode) {
-#if !NET_2_1
-			case BasicHttpSecurityMode.Message:
-				if (Security.Message.ClientCredentialType != BasicHttpMessageCredentialType.Certificate)
-					throw new InvalidOperationException ("When Message security is enabled in a BasicHttpBinding, the message security credential type must be BasicHttpMessageCredentialType.Certificate.");
-				goto case BasicHttpSecurityMode.TransportWithMessageCredential;
-			case BasicHttpSecurityMode.TransportWithMessageCredential:
-				SecurityBindingElement sec;
-				if (Security.Message.ClientCredentialType != BasicHttpMessageCredentialType.Certificate)
-					// FIXME: pass proper security token parameters.
-					sec = SecurityBindingElement.CreateCertificateOverTransportBindingElement ();
-				else
-					sec = new AsymmetricSecurityBindingElement ();
-				list.Add (sec);
-				break;
-#endif
-			}
+			
+			var security = CreateSecurityBindingElement ();
+			if (security != null)
+				list.Add (security);
 
 #if NET_2_1
 			if (EnableHttpCookieContainer)
@@ -209,6 +196,35 @@ namespace System.ServiceModel
 
 			return new BindingElementCollection (list.ToArray ());
 		}
+		
+		SecurityBindingElement CreateSecurityBindingElement () 
+		{
+            SecurityBindingElement element;
+			switch (Security.Mode) {
+#if !NET_2_1
+			case BasicHttpSecurityMode.Message:
+				if (Security.Message.ClientCredentialType != BasicHttpMessageCredentialType.Certificate)
+					throw new InvalidOperationException ("When Message security is enabled in a BasicHttpBinding, the message security credential type must be BasicHttpMessageCredentialType.Certificate.");
+				element = SecurityBindingElement.CreateMutualCertificateBindingElement (
+						MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
+
+                break;
+			case BasicHttpSecurityMode.TransportWithMessageCredential:
+                if (Security.Message.ClientCredentialType != BasicHttpMessageCredentialType.Certificate)
+                    // FIXME: pass proper security token parameters.
+                    element = SecurityBindingElement.CreateCertificateOverTransportBindingElement();
+                else
+                    element = new AsymmetricSecurityBindingElement();
+                break;
+#endif
+			default: 
+				return null;
+			}
+
+            element.SetKeyDerivation(false);
+            element.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
+            return element;
+		}
 
 		MessageEncodingBindingElement BuildMessageEncodingBindingElement ()
 		{