MalwareSourceCode/MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-f8f9f26e940480624825f6bddbea86e70fc4aa746c4dd8efa7d98dcb477000ed/Microsoft/InfoCards/GetBrowserTokenRequest.cs
2022-08-18 06:28:56 -05:00

540 lines
27 KiB
C#

// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.GetBrowserTokenRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: 1D4D5564-A025-490C-AF1D-DF4FBB709D1F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-f8f9f26e940480624825f6bddbea86e70fc4aa746c4dd8efa7d98dcb477000ed.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Diagnostics;
using System.Globalization;
using System.IdentityModel.Policy;
using System.IdentityModel.Selectors;
using System.IdentityModel.Tokens;
using System.IO;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using System.Security.Principal;
using System.ServiceModel;
using System.ServiceModel.Channels;
using System.ServiceModel.Description;
using System.ServiceModel.Security;
using System.ServiceModel.Security.Tokens;
using System.Text;
using System.Xml;
namespace Microsoft.InfoCards
{
internal class GetBrowserTokenRequest : GetTokenRequest
{
public const int POLICY_V1 = 1;
public const int POLICY_V2 = 2;
private GetBrowserTokenParameters m_params;
private ServiceEndpoint m_svcEpr;
private byte[] m_rawToken;
private SelfIssuedAuthProofToken m_proofToken;
private ProtocolProfile m_protocolProfile;
public GetBrowserTokenRequest(
Process callingProcess,
WindowsIdentity callingIdentity,
InfoCardUIAgent uiAgent,
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs)
: base(callingProcess, callingIdentity, uiAgent, rpcHandle, inArgs, outArgs)
{
this.m_protocolProfile = new ProtocolProfile();
}
private static bool IsReferralToManagedIssuer(Binding issuerBinding)
{
bool managedIssuer = false;
if (issuerBinding != null && issuerBinding.CreateBindingElements().Find<UseManagedPresentationBindingElement>() != null)
managedIssuer = true;
return managedIssuer;
}
protected override void OnMarshalInArgs()
{
BinaryReader reader = (BinaryReader) new InfoCardBinaryReader(this.InArgs, Encoding.Unicode);
try
{
this.m_params = new GetBrowserTokenParameters();
int paramVersion = reader.ReadInt32();
if (1 != paramVersion && 2 != paramVersion)
throw InfoCardTrace.ThrowHelperError((Exception) new InfoCardArgumentException(SR.GetString("InvalidFlagsSpecified")));
this.m_params.Load(reader, paramVersion);
if ((Uri) null == this.m_params.Issuer.PolicyUrl)
{
this.CreateInfoCardPolicyFromBrowserParams();
}
else
{
if (Utility.CompareUri(XmlNames.WSIdentity.SelfIssuerUriValue, this.m_params.Issuer.Address) || Utility.CompareUri(XmlNames.WSIdentity.AnonymousIssuerUriValue, this.m_params.Issuer.Address))
throw InfoCardTrace.ThrowHelperError((Exception) new InfoCardArgumentException(SR.GetString("SelfOrAnonIssuerNotAllowedWhenMexSpecified", (object) this.m_params.Issuer.Address)));
if ((Uri) null == this.m_params.Issuer.Address)
throw InfoCardTrace.ThrowHelperError((Exception) new InfoCardArgumentException(SR.GetString("NoIssuerSpecifiedWhenMexIsSpecified")));
ServiceEndpointCollection endpointCollection;
try
{
endpointCollection = this.GetServiceEndpointCollection(this.m_params.Issuer.Address, this.m_params.Issuer.PolicyUrl);
}
catch (Exception ex)
{
if (InfoCardTrace.IsFatal(ex))
throw;
else
endpointCollection = (ServiceEndpointCollection) null;
}
if (endpointCollection != null && endpointCollection.Find(this.m_params.Issuer.Address) != null)
{
ServiceEndpoint serviceEndpoint = endpointCollection.Find(this.m_params.Issuer.Address);
if (!GetBrowserTokenRequest.IsReferralToManagedIssuer(serviceEndpoint.Binding) && this.DoesEndpointSatisfySecurityRequirements(serviceEndpoint) && this.DoesEndpointSatisfyIssuedTokenRequirements(serviceEndpoint))
{
if (Uri.UriSchemeHttps != this.m_params.Recipient.Address.Scheme)
throw InfoCardTrace.ThrowHelperError((Exception) new InfoCardArgumentException(SR.GetString("RPStsWithNoSSLFailure")));
this.m_svcEpr = serviceEndpoint;
SecurityBindingElement securityBindingElement = serviceEndpoint.Binding.CreateBindingElements().Find<SecurityBindingElement>();
InfoCardTrace.Assert(null != securityBindingElement, "No SecurityBindingElement was found in the BindingElementCollection");
if (TrustVersion.WSTrust13 == securityBindingElement.MessageSecurityVersion.TrustVersion)
this.m_protocolProfile.WSTrust = (XmlNames.IWSTrust) XmlNames.WSTrustOasis2007.Instance;
}
}
this.CreateInfoCardPolicyFromBrowserParams();
}
}
catch (InfoCardBaseException ex)
{
throw;
}
catch (Exception ex)
{
if (!InfoCardTrace.IsFatal(ex))
throw InfoCardTrace.ThrowHelperError((Exception) new InfoCardArgumentException(SR.GetString("ServiceInvalidArguments"), ex));
throw;
}
}
private void CreateInfoCardPolicyFromBrowserParams()
{
CardSpacePolicyElement policyElement = this.m_params.CreatePolicyElement(this.m_protocolProfile);
InfoCardPolicy browserTokenRequest = PolicyFactory.CreatePolicyForGetBrowserTokenRequest(policyElement, policyElement.PolicyNoticeLink, (uint) policyElement.PolicyNoticeVersion, RecipientIdentity.CreateIdentity(this.m_params.Recipient.CreateEndpointAddress(), true), PolicyUsageContext.Browser);
browserTokenRequest.Validate();
this.Policy = browserTokenRequest;
}
private bool DoesEndpointSatisfyIssuedTokenRequirements(ServiceEndpoint serviceEndpoint) => serviceEndpoint != null && GetBrowserTokenRequest.TryGetNextStsIssuedTokenParameters(serviceEndpoint.Binding.CreateBindingElements()) != null;
private bool DoesEndpointSatisfySecurityRequirements(ServiceEndpoint serviceEndpoint)
{
if (serviceEndpoint != null)
{
ISecurityCapabilities property = serviceEndpoint.Binding.GetProperty<ISecurityCapabilities>(new BindingParameterCollection());
if (property != null && property.SupportedRequestProtectionLevel == ProtectionLevel.EncryptAndSign && property.SupportedResponseProtectionLevel == ProtectionLevel.EncryptAndSign && property.SupportsClientAuthentication && property.SupportsServerAuthentication)
return true;
}
return false;
}
protected override void OnMarshalOutArgs()
{
BinaryWriter binaryWriter = new BinaryWriter(this.OutArgs, Encoding.Unicode);
try
{
try
{
binaryWriter.Write(this.m_rawToken.Length);
binaryWriter.Write(this.m_rawToken, 0, this.m_rawToken.Length);
}
finally
{
Array.Clear((Array) this.m_rawToken, 0, this.m_rawToken.Length);
}
}
catch (Exception ex)
{
if (!InfoCardTrace.IsFatal(ex))
throw InfoCardTrace.ThrowHelperError((Exception) new TrustExchangeException(SR.GetString("ServiceFailedToWriteToken"), ex));
throw;
}
}
protected override void OnProcess()
{
try
{
if (this.m_svcEpr == null)
{
base.OnProcess();
if (this.ProcessingException != null)
throw InfoCardTrace.ThrowHelperError(this.ProcessingException);
using (MemoryStream output = new MemoryStream())
{
using (XmlWriter w = XmlWriter.Create((Stream) output, new XmlWriterSettings()
{
CloseOutput = false,
Encoding = Encoding.UTF8,
OmitXmlDeclaration = true
}))
this.Token.ProtectedToken.WriteTo(w);
this.m_rawToken = new byte[output.Length - 3L];
Array.Copy((Array) output.GetBuffer(), 3, (Array) this.m_rawToken, 0, Convert.ToInt32(output.Length - 3L));
}
}
else
{
GetBrowserTokenRequest.CreateIssuedTokenClientCredentials clientCredentials = this.CreateClientCredentials(this.m_svcEpr);
Binding source = GetBrowserTokenRequest.ReplaceAllHttpTransportWithProxyInFederatedChain(this.m_svcEpr.Binding, this.UserProxy);
using (ChannelFactory<GetBrowserTokenRequest.ISts> channelFactory = new ChannelFactory<GetBrowserTokenRequest.ISts>(Utility.BuildBindingWithMaxMessageSize(source), this.m_svcEpr.Address))
{
channelFactory.Endpoint.Binding.OpenTimeout = new TimeSpan(5, 0, 0);
channelFactory.Endpoint.Binding.SendTimeout = new TimeSpan(5, 0, 0);
channelFactory.Endpoint.Binding.ReceiveTimeout = new TimeSpan(5, 0, 0);
channelFactory.Endpoint.Binding.CloseTimeout = new TimeSpan(5, 0, 0);
channelFactory.Endpoint.Behaviors.Remove<ClientCredentials>();
channelFactory.Endpoint.Behaviors.Add((IEndpointBehavior) clientCredentials);
GetBrowserTokenRequest.ISts sts = channelFactory.CreateChannel();
if (this.Policy == null)
this.CreateInfoCardPolicyFromBrowserParams();
Message rstMsg = Message.CreateMessage(this.m_svcEpr.Binding.MessageVersion, this.m_protocolProfile.WSTrust.RequestSecurityTokenAction, (BodyWriter) new RequestSecurityTokenForGetBrowserToken(new RequestSecurityTokenParameters(this.m_svcEpr.Binding.MessageVersion.Addressing, this.m_params, this.m_protocolProfile, this.Policy, true)));
Message rstrMsg = (Message) null;
if (XmlNames.WSSpecificationVersion.WSTrustXmlSoap2005 == this.m_protocolProfile.WSTrust.Version)
this.ExecuteCancelable((ClientRequest.AsyncEntryCallback) (() => rstrMsg = sts.ProcessRequestSecurityTokenFeb2005(rstMsg)), (ClientRequest.AsyncEntryCallback) (() => channelFactory.Abort()));
else if (XmlNames.WSSpecificationVersion.WSTrustOasis2007 == this.m_protocolProfile.WSTrust.Version)
this.ExecuteCancelable((ClientRequest.AsyncEntryCallback) (() => rstrMsg = sts.ProcessRequestSecurityTokenWSTrust13(rstMsg)), (ClientRequest.AsyncEntryCallback) (() => channelFactory.Abort()));
else
InfoCardTrace.Assert(false, "Unsupported version of WS-Trust detected");
InfoCardTrace.Assert(null != rstrMsg, "Should have thrown before this if message is null");
WSIdentityFaultException.ThrowIfFaultMessage(rstrMsg, CultureInfo.GetCultureInfo(this.UserLanguage));
using (XmlReader readerAtBodyContents = (XmlReader) rstrMsg.GetReaderAtBodyContents())
{
using (MemoryStream output = new MemoryStream())
{
using (XmlWriter writer = XmlWriter.Create((Stream) output, new XmlWriterSettings()
{
CloseOutput = false,
Encoding = Encoding.UTF8,
OmitXmlDeclaration = true
}))
this.WriteRequestedTokenFrom(readerAtBodyContents, writer);
this.m_rawToken = new byte[output.Length - 3L];
Array.Copy((Array) output.GetBuffer(), 3, (Array) this.m_rawToken, 0, Convert.ToInt32(output.Length - 3L));
}
}
channelFactory.Close();
}
}
}
catch (InfoCardBaseException ex)
{
throw;
}
catch (Exception ex)
{
if (!InfoCardTrace.IsFatal(ex))
throw InfoCardTrace.ThrowHelperError((Exception) new TrustExchangeException(SR.GetString("ServiceSTSCommunicationFailed"), ex));
throw;
}
}
public static void WriteSourceUrlAppliesTo(
XmlWriter writer,
GetBrowserTokenParameters browserParams,
ProtocolProfile profile)
{
EndpointAddress endpointAddress = browserParams.Recipient.CreateEndpointAddress();
writer.WriteStartElement(profile.WSPolicy.DefaultPrefix, profile.WSPolicy.AppliesTo, profile.WSPolicy.Namespace);
endpointAddress.WriteTo(AddressingVersion.WSAddressing10, writer);
writer.WriteEndElement();
}
private static IssuedSecurityTokenParameters TryGetNextStsIssuedTokenParameters(
BindingElementCollection bindingElements)
{
if (bindingElements == null)
return (IssuedSecurityTokenParameters) null;
ThrowOnMultipleAssignment<IssuedSecurityTokenParameters> issuedTokenParameters = new ThrowOnMultipleAssignment<IssuedSecurityTokenParameters>(SR.GetString("TooManyIssuedSecurityTokenParameters"));
SecurityBindingElement securityBindingElement1 = bindingElements.Find<SecurityBindingElement>();
if (securityBindingElement1 == null)
return (IssuedSecurityTokenParameters) null;
GetBrowserTokenRequest.GetIssuedSecurityTokenParametersFromSupportingTokenParameters(securityBindingElement1.EndpointSupportingTokenParameters, issuedTokenParameters);
foreach (SupportingTokenParameters parameters in (IEnumerable<SupportingTokenParameters>) securityBindingElement1.OperationSupportingTokenParameters.Values)
GetBrowserTokenRequest.GetIssuedSecurityTokenParametersFromSupportingTokenParameters(parameters, issuedTokenParameters);
switch (securityBindingElement1)
{
case AsymmetricSecurityBindingElement _:
AsymmetricSecurityBindingElement securityBindingElement2 = (AsymmetricSecurityBindingElement) securityBindingElement1;
issuedTokenParameters.Value = securityBindingElement2.InitiatorTokenParameters as IssuedSecurityTokenParameters;
issuedTokenParameters.Value = securityBindingElement2.RecipientTokenParameters as IssuedSecurityTokenParameters;
break;
case SymmetricSecurityBindingElement _:
SecurityTokenParameters protectionTokenParameters = ((SymmetricSecurityBindingElement) securityBindingElement1).ProtectionTokenParameters;
if (protectionTokenParameters is SecureConversationSecurityTokenParameters)
{
SecureConversationSecurityTokenParameters securityTokenParameters = (SecureConversationSecurityTokenParameters) protectionTokenParameters;
BindingElementCollection bindingElements1 = new BindingElementCollection();
if (securityTokenParameters.BootstrapSecurityBindingElement != null)
bindingElements1.Add((BindingElement) securityTokenParameters.BootstrapSecurityBindingElement);
issuedTokenParameters.Value = GetBrowserTokenRequest.TryGetNextStsIssuedTokenParameters(bindingElements1);
break;
}
issuedTokenParameters.Value = protectionTokenParameters as IssuedSecurityTokenParameters;
break;
}
return issuedTokenParameters.Value;
}
private static void GetIssuedSecurityTokenParametersFromSupportingTokenParameters(
SupportingTokenParameters parameters,
ThrowOnMultipleAssignment<IssuedSecurityTokenParameters> issuedTokenParameters)
{
GetBrowserTokenRequest.GetIssuedSecurityTokenParametersFromCollection(parameters.Endorsing, issuedTokenParameters);
GetBrowserTokenRequest.GetIssuedSecurityTokenParametersFromCollection(parameters.SignedEndorsing, issuedTokenParameters);
}
private static void GetIssuedSecurityTokenParametersFromCollection(
Collection<SecurityTokenParameters> collection,
ThrowOnMultipleAssignment<IssuedSecurityTokenParameters> issuedTokenParameters)
{
foreach (SecurityTokenParameters securityTokenParameters1 in collection)
{
if (securityTokenParameters1 is SecureConversationSecurityTokenParameters)
{
SecureConversationSecurityTokenParameters securityTokenParameters2 = (SecureConversationSecurityTokenParameters) securityTokenParameters1;
BindingElementCollection bindingElements = new BindingElementCollection();
if (securityTokenParameters2.BootstrapSecurityBindingElement != null)
bindingElements.Add((BindingElement) securityTokenParameters2.BootstrapSecurityBindingElement);
issuedTokenParameters.Value = GetBrowserTokenRequest.TryGetNextStsIssuedTokenParameters(bindingElements);
}
else
issuedTokenParameters.Value = securityTokenParameters1 as IssuedSecurityTokenParameters;
}
}
private GetBrowserTokenRequest.CreateIssuedTokenClientCredentials CreateClientCredentials(
ServiceEndpoint svcEpr)
{
GetBrowserTokenRequest.CreateIssuedTokenClientCredentials clientCredentials = new GetBrowserTokenRequest.CreateIssuedTokenClientCredentials(this);
EndpointAddress endpointAddress = svcEpr.Address;
Binding binding = svcEpr.Binding;
X509Certificate2Collection certificate2Collection = new X509Certificate2Collection();
try
{
while (binding != null)
{
IssuedSecurityTokenParameters issuedTokenParameters = GetBrowserTokenRequest.TryGetNextStsIssuedTokenParameters(binding.CreateBindingElements());
if (issuedTokenParameters != null && !((EndpointAddress) null == issuedTokenParameters.IssuerAddress) && !((Uri) null == issuedTokenParameters.IssuerAddress.Uri))
{
if (endpointAddress.Identity is X509CertificateEndpointIdentity identity)
{
certificate2Collection.AddRange(identity.Certificates);
certificate2Collection.Remove(identity.Certificates[0]);
bool chainTrustPassed = false;
InfoCardX509Validator.ValidateChainOrPeer(identity.Certificates[0], certificate2Collection, out chainTrustPassed);
clientCredentials.ServiceCertificate.ScopedCertificates.Add(endpointAddress.Uri, identity.Certificates[0]);
}
binding = issuedTokenParameters.IssuerBinding;
endpointAddress = issuedTokenParameters.IssuerAddress;
}
else
break;
}
if (this.m_params.Issuer.LeafCertificate != null)
{
bool chainTrustPassed = false;
InfoCardX509Validator.ValidateChainOrPeer(this.m_params.Issuer.LeafCertificate, this.m_params.Issuer.SupportingCertificates, out chainTrustPassed);
clientCredentials.ServiceCertificate.DefaultCertificate = this.m_params.Issuer.LeafCertificate;
certificate2Collection.AddRange(this.m_params.Issuer.SupportingCertificates);
}
else
{
if (!(svcEpr.Address.Identity is X509CertificateEndpointIdentity identity))
throw InfoCardTrace.ThrowHelperError((Exception) new TrustExchangeException(SR.GetString("InvalidIPSTSPolicy")));
clientCredentials.ServiceCertificate.DefaultCertificate = identity.Certificates[0];
certificate2Collection.AddRange(identity.Certificates);
certificate2Collection.Remove(identity.Certificates[0]);
}
InfoCardTrace.Assert(null != clientCredentials.ServiceCertificate.DefaultCertificate, "This is configured in both cases above - either via the incoming params or via the endpoint retrieved from mex");
clientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.Custom;
clientCredentials.ServiceCertificate.Authentication.CustomCertificateValidator = InfoCardX509Validator.Create(certificate2Collection);
}
catch (SecurityTokenValidationException ex)
{
throw InfoCardTrace.ThrowHelperError((Exception) new IdentityValidationException(SR.GetString("RecipientCertificateNotValid"), (Exception) ex));
}
return clientCredentials;
}
private void WriteRequestedTokenFrom(XmlReader reader, XmlWriter writer)
{
while (reader.Read())
{
if (reader.IsStartElement(this.m_protocolProfile.WSTrust.RequestedSecurityToken, this.m_protocolProfile.WSTrust.Namespace))
{
reader.Read();
writer.WriteNode(reader, false);
return;
}
}
throw InfoCardTrace.ThrowHelperError((Exception) new TrustExchangeException(SR.GetString("NoTokenReturned")));
}
private ServiceEndpointCollection GetServiceEndpointCollection(
Uri serviceUri,
Uri mexUri)
{
bool flag = false;
InfoCardMetadataExchangeClient mex = new InfoCardMetadataExchangeClient(Utility.BuildBindingWithMaxMessageSize((Binding) new WSHttpBinding(SecurityMode.Transport)));
mex.Proxy = this.UserProxy;
MetadataSet metadataSet = (MetadataSet) null;
mex.ResolveMetadataReferences = true;
mex.MaximumResolvedReferences = InfoCardConstants.MaximumMexChainLength;
EndpointAddress metadataAddress = new EndpointAddress(mexUri, new AddressHeader[0]);
try
{
this.ExecuteCancelable((ClientRequest.AsyncEntryCallback) (() => metadataSet = mex.GetMetadata(metadataAddress)), (ClientRequest.AsyncEntryCallback) (() => mex.Abort()));
flag = true;
}
catch (Exception ex)
{
if (InfoCardTrace.IsFatal(ex))
throw;
}
if (!flag)
{
try
{
this.ExecuteCancelable((ClientRequest.AsyncEntryCallback) (() => metadataSet = mex.GetMetadata(mexUri, MetadataExchangeClientMode.HttpGet)), (ClientRequest.AsyncEntryCallback) (() => mex.Abort()));
flag = true;
}
catch (Exception ex)
{
if (InfoCardTrace.IsFatal(ex))
throw;
}
}
if (!flag)
throw InfoCardTrace.ThrowHelperError((Exception) new TrustExchangeException(SR.GetString("EndpointNotFound")));
WsdlImporter imp = new WsdlImporter(metadataSet);
imp.State.Add((object) "MetadataExchangeClientKey", (object) mex);
ServiceEndpointCollection serviceEndpoints = (ServiceEndpointCollection) null;
this.ExecuteCancelable((ClientRequest.AsyncEntryCallback) (() => serviceEndpoints = imp.ImportAllEndpoints()), (ClientRequest.AsyncEntryCallback) null);
return serviceEndpoints;
}
private static BindingElementCollection UpdateBindingElementsToProxy(
BindingElementCollection bindingElements,
IWebProxy proxy)
{
bindingElements = HttpProxyTransportBindingElement.ReplaceHttpTransportWithProxy(bindingElements, proxy);
IssuedSecurityTokenParameters issuedTokenParameters = GetBrowserTokenRequest.TryGetNextStsIssuedTokenParameters(bindingElements);
if (issuedTokenParameters != null && (EndpointAddress) null != issuedTokenParameters.IssuerAddress && (Uri) null != issuedTokenParameters.IssuerAddress.Uri && issuedTokenParameters.IssuerBinding != null)
issuedTokenParameters.IssuerBinding = (Binding) new CustomBinding((IEnumerable<BindingElement>) GetBrowserTokenRequest.UpdateBindingElementsToProxy(issuedTokenParameters.IssuerBinding.CreateBindingElements(), proxy));
return bindingElements;
}
private static Binding ReplaceAllHttpTransportWithProxyInFederatedChain(
Binding binding,
IWebProxy proxy)
{
return (Binding) new CustomBinding((IEnumerable<BindingElement>) GetBrowserTokenRequest.UpdateBindingElementsToProxy(binding.CreateBindingElements(), proxy));
}
private SecurityToken CreateIssuedToken(
CardSpacePolicyElement[] policyElements,
SecurityTokenSerializer tokenSerializer)
{
WindowsImpersonationContext impersonationContext = this.RequestorIdentity.Impersonate();
try
{
try
{
int index1 = policyElements.Length - 1;
InfoCardTrace.Assert(0 <= index1, "lastElementIndex should be non-negative");
if (policyElements[index1].IsManagedIssuer)
--index1;
int length = index1;
if (0 < length)
{
InfoCardPolicy[] infoCardPolicyArray = new InfoCardPolicy[length];
for (int index2 = 0; index2 < length; ++index2)
{
infoCardPolicyArray[index2] = PolicyFactory.CreatePolicyForIntermediateGetBrowserTokenRequest(policyElements[index2], (Uri) null, 0U, (RecipientIdentity) null);
infoCardPolicyArray[index2].Validate();
}
}
InfoCardPolicy browserTokenRequest = PolicyFactory.CreatePolicyForGetBrowserTokenRequest(policyElements[index1], this.m_params.PrivacyUrl, this.m_params.PrivacyVersion, RecipientIdentity.CreateIdentity(this.m_params.Recipient.CreateEndpointAddress(), true), PolicyUsageContext.GetToken);
browserTokenRequest.Validate();
this.Policy = browserTokenRequest;
base.OnProcess();
if (this.ProcessingException != null)
throw InfoCardTrace.ThrowHelperError(this.ProcessingException);
SecurityKeyIdentifierClause internalTokenReference = tokenSerializer.ReadKeyIdentifierClause((XmlReader) Utility.CreateReaderWithQuotas(this.Token.InternalTokenReference));
SecurityKeyIdentifierClause externalTokenReference = tokenSerializer.ReadKeyIdentifierClause((XmlReader) Utility.CreateReaderWithQuotas(this.Token.ExternalTokenReference));
this.m_proofToken = this.Token.SymmetricProof != null ? new SelfIssuedAuthProofToken(new InMemorySymmetricSecurityKey(this.Token.SymmetricProof.Key), this.Token.ExpirationTime) : new SelfIssuedAuthProofToken(this.GetPrivateCryptography(), this.Token.ExpirationTime);
return (SecurityToken) new GenericXmlSecurityToken(this.Token.ProtectedToken, (SecurityToken) this.m_proofToken, this.Token.EffectiveTime, this.Token.ExpirationTime, internalTokenReference, externalTokenReference, (ReadOnlyCollection<IAuthorizationPolicy>) null);
}
finally
{
impersonationContext.Undo();
}
}
catch
{
throw;
}
}
protected override void OnDisposeAsUser()
{
base.OnDisposeAsUser();
if (this.m_proofToken == null)
return;
this.m_proofToken.Dispose();
this.m_proofToken = (SelfIssuedAuthProofToken) null;
}
private class CreateIssuedTokenClientCredentials : ClientCredentials
{
private GetBrowserTokenRequest request;
public CreateIssuedTokenClientCredentials(GetBrowserTokenRequest request)
{
InfoCardTrace.ThrowInvalidArgumentConditional(request == null, nameof (request));
this.request = request;
}
protected internal CreateIssuedTokenClientCredentials(
GetBrowserTokenRequest.CreateIssuedTokenClientCredentials other)
: base((ClientCredentials) other)
{
this.request = other.request;
}
protected override ClientCredentials CloneCore() => (ClientCredentials) new GetBrowserTokenRequest.CreateIssuedTokenClientCredentials(this);
protected override SecurityToken GetInfoCardSecurityToken(
bool requiresInfoCard,
CardSpacePolicyElement[] chain,
SecurityTokenSerializer tokenSerializer)
{
return this.request.CreateIssuedToken(chain, tokenSerializer);
}
}
[ServiceContract]
internal interface ISts
{
[OperationContract(Action = "http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue", Name = "ProcessRequestSecurityTokenFeb2005", ProtectionLevel = ProtectionLevel.EncryptAndSign, ReplyAction = "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue")]
Message ProcessRequestSecurityTokenFeb2005(Message rstMessage);
[OperationContract(Action = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue", Name = "ProcessRequestSecurityTokenWSTrust13", ProtectionLevel = ProtectionLevel.EncryptAndSign, ReplyAction = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal")]
Message ProcessRequestSecurityTokenWSTrust13(Message rstMessage);
}
}
}