internal static XmlElement CreateTransportBinding(XmlElement transportToken)
        {
            var doc = new XmlDocument();
            var transportBinding = doc.CreateElement(
                "sp", "TransportBinding", PolicyImportHelper.SecurityPolicyNS);

            var token = doc.CreateElement(
                "sp", "TransportToken", PolicyImportHelper.SecurityPolicyNS);

            PolicyImportHelper.AddWrappedPolicyElement(token, transportToken);

            var algorithmSuite = doc.CreateElement(
                "sp", "AlgorithmSuite", PolicyImportHelper.SecurityPolicyNS);
            var basic256 = doc.CreateElement(
                "sp", "Basic256", PolicyImportHelper.SecurityPolicyNS);

            PolicyImportHelper.AddWrappedPolicyElement(algorithmSuite, basic256);

            var layout = doc.CreateElement(
                "sp", "Layout", PolicyImportHelper.SecurityPolicyNS);
            var strict = doc.CreateElement(
                "sp", "Strict", PolicyImportHelper.SecurityPolicyNS);

            PolicyImportHelper.AddWrappedPolicyElement(layout, strict);

            PolicyImportHelper.AddWrappedPolicyElements(
                transportBinding, token, algorithmSuite, layout);

            return(transportBinding);
        }
Beispiel #2
0
        bool ImportHttpPolicy(MetadataImporter importer, PolicyConversionContext context,
                              WS.SoapBinding soap)
        {
            HttpTransportBindingElement httpTransport;
            var assertions      = context.GetBindingAssertions();
            var transportPolicy = PolicyImportHelper.GetTransportBindingPolicy(assertions);

            if (transportPolicy != null)
            {
                if (!ImportHttpTransport(importer, context, transportPolicy, out httpTransport))
                {
                    return(false);
                }
                if (!ImportTransport(importer, httpTransport, transportPolicy))
                {
                    return(false);
                }
            }
            else
            {
                httpTransport = new HttpTransportBindingElement();
            }

            if (!ImportHttpAuthScheme(importer, httpTransport, context))
            {
                return(false);
            }

            context.BindingElements.Add(httpTransport);
            return(true);
        }
Beispiel #3
0
        bool ImportTcpPolicy(MetadataImporter importer, PolicyConversionContext context,
                             WS.Soap12Binding soap)
        {
            var assertions = context.GetBindingAssertions();

            var tcpTransport = new TcpTransportBindingElement();

            var transportPolicy = PolicyImportHelper.GetTransportBindingPolicy(assertions);

            if (transportPolicy != null)
            {
                if (!ImportTcpTransport(importer, context, transportPolicy))
                {
                    return(false);
                }
                if (!ImportTransport(importer, tcpTransport, transportPolicy))
                {
                    return(false);
                }
            }

            var streamed = PolicyImportHelper.GetStreamedMessageFramingPolicy(assertions);

            if (streamed != null)
            {
                tcpTransport.TransferMode = TransferMode.Streamed;
            }

            context.BindingElements.Add(tcpTransport);
            return(true);
        }
Beispiel #4
0
        bool ImportTransport(MetadataImporter importer, TransportBindingElement bindingElement,
                             XmlElement transportPolicy)
        {
            XmlElement algorithmSuite, layout;

            if (!PolicyImportHelper.FindPolicyElement(
                    importer, transportPolicy,
                    new QName("AlgorithmSuite", PolicyImportHelper.SecurityPolicyNS),
                    false, true, out algorithmSuite) ||
                !PolicyImportHelper.FindPolicyElement(
                    importer, transportPolicy,
                    new QName("Layout", PolicyImportHelper.SecurityPolicyNS),
                    false, true, out layout))
            {
                return(false);
            }

            bool foundUnknown = false;

            foreach (var node in transportPolicy.ChildNodes)
            {
                var e = node as XmlElement;
                if (e == null)
                {
                    continue;
                }
                importer.AddWarning("Unknown policy assertion: {0}", e.OuterXml);
                foundUnknown = true;
            }

            return(!foundUnknown);
        }
Beispiel #5
0
 bool GetTransportToken(MetadataImporter importer, XmlElement transportPolicy,
                        out XmlElement transportToken)
 {
     return(PolicyImportHelper.FindPolicyElement(
                importer, transportPolicy,
                new QName("TransportToken", PolicyImportHelper.SecurityPolicyNS),
                false, true, out transportToken));
 }
Beispiel #6
0
        bool ImportHttpAuthScheme(MetadataImporter importer,
                                  HttpTransportBindingElement bindingElement,
                                  PolicyConversionContext context)
        {
            var assertions  = context.GetBindingAssertions();
            var authSchemes = AuthenticationSchemes.None;

            var  httpsTransport = bindingElement as HttpsTransportBindingElement;
            bool certificate    = httpsTransport != null ?
                                  httpsTransport.RequireClientCertificate : false;

            var authElements = PolicyImportHelper.FindAssertionByNS(
                assertions, PolicyImportHelper.HttpAuthNS);

            foreach (XmlElement authElement in authElements)
            {
                assertions.Remove(authElement);

                if (certificate)
                {
                    importer.AddWarning(
                        "Invalid authentication assertion while " +
                        "using client certificate: {0}", authElement.OuterXml);
                    return(false);
                }

                switch (authElement.LocalName)
                {
                case "BasicAuthentication":
                    authSchemes |= AuthenticationSchemes.Basic;
                    break;

                case "NtlmAuthentication":
                    authSchemes |= AuthenticationSchemes.Ntlm;
                    break;

                case "DigestAuthentication":
                    authSchemes |= AuthenticationSchemes.Digest;
                    break;

                case "NegotiateAuthentication":
                    authSchemes |= AuthenticationSchemes.Negotiate;
                    break;

                default:
                    importer.AddWarning(
                        "Invalid policy assertion: {0}", authElement.OuterXml);
                    return(false);
                }
            }

            bindingElement.AuthenticationScheme = authSchemes;
            return(true);
        }
Beispiel #7
0
        bool ImportHttpTransport(MetadataImporter importer, PolicyConversionContext context,
                                 XmlElement transportPolicy,
                                 out HttpTransportBindingElement bindingElement)
        {
            XmlElement transportToken;

            if (!GetTransportToken(importer, transportPolicy, out transportToken))
            {
                bindingElement = null;
                return(false);
            }

            if (transportToken == null)
            {
                bindingElement = new HttpTransportBindingElement();
                return(true);
            }

            bool error;
            var  tokenElementList = PolicyImportHelper.GetPolicyElements(transportToken, out error);

            if (error || (tokenElementList.Count != 1))
            {
                importer.AddWarning("Invalid policy assertion: {0}", transportToken.OuterXml);
                bindingElement = null;
                return(false);
            }

            var tokenElement = tokenElementList [0];

            if (!PolicyImportHelper.SecurityPolicyNS.Equals(tokenElement.NamespaceURI) ||
                !tokenElement.LocalName.Equals("HttpsToken"))
            {
                importer.AddWarning("Invalid policy assertion: {0}", tokenElement.OuterXml);
                bindingElement = null;
                return(false);
            }

            var httpsTransport = new HttpsTransportBindingElement();

            bindingElement = httpsTransport;

            var certAttr = tokenElement.GetAttribute("RequireClientCertificate");

            if (!String.IsNullOrEmpty(certAttr))
            {
                httpsTransport.RequireClientCertificate = Boolean.Parse(certAttr);
            }
            return(true);
        }
Beispiel #8
0
        bool ImportTcpTransport(MetadataImporter importer, PolicyConversionContext context,
                                XmlElement transportPolicy)
        {
            XmlElement transportToken;

            if (!GetTransportToken(importer, transportPolicy, out transportToken))
            {
                return(false);
            }

            if (transportToken == null)
            {
                return(true);
            }

            bool error;
            var  tokenElementList = PolicyImportHelper.GetPolicyElements(transportToken, out error);

            if (error || (tokenElementList.Count != 1))
            {
                importer.AddWarning("Invalid policy assertion: {0}", transportToken.OuterXml);
                return(false);
            }

            var tokenElement = tokenElementList [0];

            if (!PolicyImportHelper.FramingPolicyNS.Equals(tokenElement.NamespaceURI))
            {
                importer.AddWarning("Invalid policy assertion: {0}", tokenElement.OuterXml);
                return(false);
            }

            if (tokenElement.LocalName.Equals("WindowsTransportSecurity"))
            {
                if (!ImportWindowsTransportSecurity(importer, context, tokenElement))
                {
                    return(false);
                }
            }
            else if (tokenElement.LocalName.Equals("SslTransportSecurity"))
            {
                context.BindingElements.Add(new SslStreamSecurityBindingElement());
            }

            return(true);
        }
Beispiel #9
0
        bool ImportWindowsTransportSecurity(MetadataImporter importer,
                                            PolicyConversionContext context,
                                            XmlElement policyElement)
        {
            var protectionLevel = PolicyImportHelper.GetElement(
                importer, policyElement, "ProtectionLevel",
                PolicyImportHelper.FramingPolicyNS, true);

            if (protectionLevel == null)
            {
                importer.AddWarning(
                    "Invalid policy assertion: {0}", policyElement.OuterXml);
                return(false);
            }

            var element = new WindowsStreamSecurityBindingElement();

            switch (protectionLevel.InnerText.ToLowerInvariant())
            {
            case "none":
                element.ProtectionLevel = ProtectionLevel.None;
                break;

            case "sign":
                element.ProtectionLevel = ProtectionLevel.Sign;
                break;

            case "encryptandsign":
                element.ProtectionLevel = ProtectionLevel.EncryptAndSign;
                break;

            default:
                importer.AddWarning(
                    "Invalid policy assertion: {0}", protectionLevel.OuterXml);
                return(false);
            }

            context.BindingElements.Add(element);
            return(true);
        }
Beispiel #10
0
        void IPolicyImportExtension.ImportPolicy(MetadataImporter importer,
                                                 PolicyConversionContext context)
        {
            var assertions = context.GetBindingAssertions();

            var mtom = PolicyImportHelper.GetMtomMessageEncodingPolicy(assertions);

            if (mtom != null)
            {
                // http://www.w3.org/Submission/WS-MTOMPolicy/
                context.BindingElements.Add(new MtomMessageEncodingBindingElement());
                return;
            }

            var binary = PolicyImportHelper.GetBinaryMessageEncodingPolicy(assertions);

            if (binary != null)
            {
                context.BindingElements.Add(new BinaryMessageEncodingBindingElement());
                return;
            }

            context.BindingElements.Add(new TextMessageEncodingBindingElement());
        }