| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297 |
- //------------------------------------------------------------
- // Copyright (c) Microsoft Corporation. All rights reserved.
- //------------------------------------------------------------
- namespace System.ServiceModel.Security
- {
- using System.Collections.Generic;
- using System.ServiceModel.Channels;
- using System.ServiceModel;
- using System.ServiceModel.Description;
- using System.IO;
- using System.IdentityModel.Claims;
- using System.IdentityModel.Policy;
- using System.ServiceModel.Security.Tokens;
- using System.Threading;
- using System.Globalization;
- using System.ServiceModel.Diagnostics;
- using System.Xml;
- using ISignatureValueSecurityElement = System.IdentityModel.ISignatureValueSecurityElement;
- public abstract class SecurityVersion
- {
- readonly XmlDictionaryString headerName;
- readonly XmlDictionaryString headerNamespace;
- readonly XmlDictionaryString headerPrefix;
- internal SecurityVersion(XmlDictionaryString headerName, XmlDictionaryString headerNamespace, XmlDictionaryString headerPrefix)
- {
- this.headerName = headerName;
- this.headerNamespace = headerNamespace;
- this.headerPrefix = headerPrefix;
- }
- internal XmlDictionaryString HeaderName
- {
- get { return this.headerName; }
- }
- internal XmlDictionaryString HeaderNamespace
- {
- get { return this.headerNamespace; }
- }
- internal XmlDictionaryString HeaderPrefix
- {
- get { return this.headerPrefix; }
- }
- internal abstract XmlDictionaryString FailedAuthenticationFaultCode
- {
- get;
- }
- internal abstract XmlDictionaryString InvalidSecurityTokenFaultCode
- {
- get;
- }
- internal abstract XmlDictionaryString InvalidSecurityFaultCode
- {
- get;
- }
- internal virtual bool SupportsSignatureConfirmation
- {
- get { return false; }
- }
- public static SecurityVersion WSSecurity10
- {
- get { return SecurityVersion10.Instance; }
- }
- public static SecurityVersion WSSecurity11
- {
- get { return SecurityVersion11.Instance; }
- }
- internal static SecurityVersion Default
- {
- get { return WSSecurity11; }
- }
- internal abstract ReceiveSecurityHeader CreateReceiveSecurityHeader(Message message,
- string actor, bool mustUnderstand, bool relay,
- SecurityStandardsManager standardsManager,
- SecurityAlgorithmSuite algorithmSuite,
- MessageDirection direction,
- int headerIndex);
- internal abstract SendSecurityHeader CreateSendSecurityHeader(Message message,
- string actor, bool mustUnderstand, bool relay,
- SecurityStandardsManager standardsManager,
- SecurityAlgorithmSuite algorithmSuite,
- MessageDirection direction);
- internal bool DoesMessageContainSecurityHeader(Message message)
- {
- return message.Headers.FindHeader(this.HeaderName.Value, this.HeaderNamespace.Value) >= 0;
- }
- internal int FindIndexOfSecurityHeader(Message message, string[] actors)
- {
- return message.Headers.FindHeader(this.HeaderName.Value, this.HeaderNamespace.Value, actors);
-
- }
- internal virtual bool IsReaderAtSignatureConfirmation(XmlDictionaryReader reader)
- {
- return false;
- }
- internal virtual ISignatureValueSecurityElement ReadSignatureConfirmation(XmlDictionaryReader reader)
- {
- throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(
- SR.GetString(SR.SignatureConfirmationNotSupported)));
- }
- // The security always look for Empty soap role. If not found, we will also look for Ultimate actors (next incl).
- // In the future, till we support intermediary scenario, we should refactor this api to do not take actor parameter.
- internal ReceiveSecurityHeader TryCreateReceiveSecurityHeader(Message message,
- string actor,
- SecurityStandardsManager standardsManager,
- SecurityAlgorithmSuite algorithmSuite, MessageDirection direction)
- {
- int headerIndex = message.Headers.FindHeader(this.HeaderName.Value, this.HeaderNamespace.Value, actor);
- if (headerIndex < 0 && String.IsNullOrEmpty(actor))
- {
- headerIndex = message.Headers.FindHeader(this.HeaderName.Value, this.HeaderNamespace.Value, message.Version.Envelope.UltimateDestinationActorValues);
- }
-
- if (headerIndex < 0)
- {
- return null;
- }
- MessageHeaderInfo headerInfo = message.Headers[headerIndex];
- return CreateReceiveSecurityHeader(message,
- headerInfo.Actor, headerInfo.MustUnderstand, headerInfo.Relay,
- standardsManager, algorithmSuite,
- direction, headerIndex);
- }
- internal virtual void WriteSignatureConfirmation(XmlDictionaryWriter writer, string id, byte[] signatureConfirmation)
- {
- throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(
- SR.GetString(SR.SignatureConfirmationNotSupported)));
- }
- internal void WriteStartHeader(XmlDictionaryWriter writer)
- {
- writer.WriteStartElement(this.HeaderPrefix.Value, this.HeaderName, this.HeaderNamespace);
- }
- class SecurityVersion10 : SecurityVersion
- {
- static readonly SecurityVersion10 instance = new SecurityVersion10();
- protected SecurityVersion10()
- : base(XD.SecurityJan2004Dictionary.Security, XD.SecurityJan2004Dictionary.Namespace, XD.SecurityJan2004Dictionary.Prefix)
- {
- }
- public static SecurityVersion10 Instance
- {
- get { return instance; }
- }
- internal override XmlDictionaryString FailedAuthenticationFaultCode
- {
- get { return XD.SecurityJan2004Dictionary.FailedAuthenticationFaultCode; }
- }
- internal override XmlDictionaryString InvalidSecurityTokenFaultCode
- {
- get { return XD.SecurityJan2004Dictionary.InvalidSecurityTokenFaultCode; }
- }
- internal override XmlDictionaryString InvalidSecurityFaultCode
- {
- get { return XD.SecurityJan2004Dictionary.InvalidSecurityFaultCode; }
- }
- internal override SendSecurityHeader CreateSendSecurityHeader(Message message,
- string actor, bool mustUnderstand, bool relay,
- SecurityStandardsManager standardsManager,
- SecurityAlgorithmSuite algorithmSuite,
- MessageDirection direction)
- {
- return new WSSecurityOneDotZeroSendSecurityHeader(message, actor, mustUnderstand, relay, standardsManager, algorithmSuite, direction);
- }
- internal override ReceiveSecurityHeader CreateReceiveSecurityHeader(Message message,
- string actor, bool mustUnderstand, bool relay,
- SecurityStandardsManager standardsManager,
- SecurityAlgorithmSuite algorithmSuite,
- MessageDirection direction,
- int headerIndex)
- {
- return new WSSecurityOneDotZeroReceiveSecurityHeader(
- message,
- actor, mustUnderstand, relay,
- standardsManager,
- algorithmSuite, headerIndex, direction);
- }
- public override string ToString()
- {
- return "WSSecurity10";
- }
- }
- sealed class SecurityVersion11 : SecurityVersion10
- {
- static readonly SecurityVersion11 instance = new SecurityVersion11();
- SecurityVersion11()
- : base()
- {
- }
- public new static SecurityVersion11 Instance
- {
- get { return instance; }
- }
- internal override bool SupportsSignatureConfirmation
- {
- get { return true; }
- }
- internal override ReceiveSecurityHeader CreateReceiveSecurityHeader(Message message,
- string actor, bool mustUnderstand, bool relay,
- SecurityStandardsManager standardsManager,
- SecurityAlgorithmSuite algorithmSuite,
- MessageDirection direction,
- int headerIndex)
- {
- return new WSSecurityOneDotOneReceiveSecurityHeader(
- message,
- actor, mustUnderstand, relay,
- standardsManager,
- algorithmSuite, headerIndex, direction);
- }
- internal override SendSecurityHeader CreateSendSecurityHeader(Message message,
- string actor, bool mustUnderstand, bool relay,
- SecurityStandardsManager standardsManager,
- SecurityAlgorithmSuite algorithmSuite, MessageDirection direction)
- {
- return new WSSecurityOneDotOneSendSecurityHeader(message, actor, mustUnderstand, relay, standardsManager, algorithmSuite, direction);
- }
- internal override bool IsReaderAtSignatureConfirmation(XmlDictionaryReader reader)
- {
- return reader.IsStartElement(XD.SecurityXXX2005Dictionary.SignatureConfirmation, XD.SecurityXXX2005Dictionary.Namespace);
- }
- internal override ISignatureValueSecurityElement ReadSignatureConfirmation(XmlDictionaryReader reader)
- {
- reader.MoveToStartElement(XD.SecurityXXX2005Dictionary.SignatureConfirmation, XD.SecurityXXX2005Dictionary.Namespace);
- bool isEmptyElement = reader.IsEmptyElement;
- string id = XmlHelper.GetRequiredNonEmptyAttribute(reader, XD.UtilityDictionary.IdAttribute, XD.UtilityDictionary.Namespace);
- byte[] signatureValue = XmlHelper.GetRequiredBase64Attribute(reader, XD.SecurityXXX2005Dictionary.ValueAttribute, null);
- reader.ReadStartElement();
- if (!isEmptyElement)
- {
- reader.ReadEndElement();
- }
- return new SignatureConfirmationElement(id, signatureValue, this);
- }
- internal override void WriteSignatureConfirmation(XmlDictionaryWriter writer, string id, byte[] signature)
- {
- if (id == null)
- {
- throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("id");
- }
- if (signature == null)
- {
- throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("signature");
- }
- writer.WriteStartElement(XD.SecurityXXX2005Dictionary.Prefix.Value, XD.SecurityXXX2005Dictionary.SignatureConfirmation, XD.SecurityXXX2005Dictionary.Namespace);
- writer.WriteAttributeString(XD.UtilityDictionary.Prefix.Value, XD.UtilityDictionary.IdAttribute, XD.UtilityDictionary.Namespace, id);
- writer.WriteStartAttribute(XD.SecurityXXX2005Dictionary.ValueAttribute, null);
- writer.WriteBase64(signature, 0, signature.Length);
- writer.WriteEndAttribute();
- writer.WriteEndElement();
- }
- public override string ToString()
- {
- return "WSSecurity11";
- }
- }
- }
- }
|
