void ImportMessageScopeProtectionPolicy(MetadataImporter importer, PolicyConversionContext policyContext) { MessagePartSpecification endpointSignedParts; MessagePartSpecification endpointEncryptedParts; bool isContractAssociatedWithAtLeastOneOtherBinding; ContractProtectionLevel otherBindingProtectionLevel = null; bool hasContractProtectionLevel = false; bool isContractProtectionLevelUniform = true; ProtectionLevel contractProtectionLevel = ProtectionLevel.None; string contractAssociationName = String.Format("{0}:{1}:{2}", ContractProtectionLevelKey, policyContext.Contract.Name, policyContext.Contract.Namespace); if (importer.State.ContainsKey(contractAssociationName)) { isContractAssociatedWithAtLeastOneOtherBinding = true; otherBindingProtectionLevel = (ContractProtectionLevel)importer.State[contractAssociationName]; } else { isContractAssociatedWithAtLeastOneOtherBinding = false; } ICollection<XmlElement> endpointBindingAssertions = policyContext.GetBindingAssertions(); this.ImportProtectionAssertions(endpointBindingAssertions, out endpointSignedParts, out endpointEncryptedParts); if (importer.State.ContainsKey(InSecureConversationBootstrapBindingImportMode)) { // when importing secure conversation boostrap binding, add the endpoint scope protection requirements // to the importer state to be consumed in SecurityPolicy11.TryImportWsspBootrstapPolicyAssertion if (endpointEncryptedParts != null) importer.State[SecureConversationBootstrapEncryptionRequirements] = endpointEncryptedParts; if (endpointSignedParts != null) importer.State[SecureConversationBootstrapSignatureRequirements] = endpointSignedParts; } foreach (OperationDescription operation in policyContext.Contract.Operations) { MessagePartSpecification operationSignedParts; MessagePartSpecification operationEncryptedParts; ICollection<XmlElement> operationBindingAssertions = policyContext.GetOperationBindingAssertions(operation); this.ImportProtectionAssertions(operationBindingAssertions, out operationSignedParts, out operationEncryptedParts); this.AddParts(ref operationSignedParts, endpointSignedParts); this.AddParts(ref operationEncryptedParts, endpointEncryptedParts); MessagePartSpecification messageSignedParts; MessagePartSpecification messageEncryptedParts; bool hasProtectionLevel = false; bool isProtectionLevelUniform = true; ProtectionLevel protectionLevel = ProtectionLevel.None; // import application message protection requirements foreach (MessageDescription message in operation.Messages) { ICollection<XmlElement> messageBindingAssertions = policyContext.GetMessageBindingAssertions(message); this.ImportProtectionAssertions(messageBindingAssertions, out messageSignedParts, out messageEncryptedParts); this.AddParts(ref messageSignedParts, operationSignedParts); this.AddParts(ref messageEncryptedParts, operationEncryptedParts); // validate or set body protection level ProtectionLevel newProtectionLevel = GetProtectionLevel(messageSignedParts.IsBodyIncluded, messageEncryptedParts.IsBodyIncluded, message.Action); if (OperationFormatter.IsValidReturnValue(message.Body.ReturnValue)) { ValidateExistingOrSetNewProtectionLevel(message.Body.ReturnValue, message, operation, policyContext.Contract, newProtectionLevel); } foreach (MessagePartDescription body in message.Body.Parts) { ValidateExistingOrSetNewProtectionLevel(body, message, operation, policyContext.Contract, newProtectionLevel); } if (!OperationFormatter.IsValidReturnValue(message.Body.ReturnValue) || message.Body.Parts.Count == 0) { ValidateExistingOrSetNewProtectionLevel(null, message, operation, policyContext.Contract, newProtectionLevel); } if (hasProtectionLevel) { if (protectionLevel != newProtectionLevel) { isProtectionLevelUniform = false; } } else { protectionLevel = newProtectionLevel; hasProtectionLevel = true; } if (hasContractProtectionLevel) { if (contractProtectionLevel != newProtectionLevel) { isContractProtectionLevelUniform = false; } } else { contractProtectionLevel = newProtectionLevel; hasContractProtectionLevel = true; } // validate o set header protection level foreach (MessageHeaderDescription header in message.Headers) { bool signed = messageSignedParts.IsHeaderIncluded(header.Name, header.Namespace); bool encrypted = messageEncryptedParts.IsHeaderIncluded(header.Name, header.Namespace); newProtectionLevel = GetProtectionLevel(signed, encrypted, message.Action); ValidateExistingOrSetNewProtectionLevel(header, message, operation, policyContext.Contract, newProtectionLevel); if (hasProtectionLevel) { if (protectionLevel != newProtectionLevel) { isProtectionLevelUniform = false; } } else { protectionLevel = newProtectionLevel; hasProtectionLevel = true; } if (hasContractProtectionLevel) { if (contractProtectionLevel != newProtectionLevel) { isContractProtectionLevelUniform = false; } } else { contractProtectionLevel = newProtectionLevel; hasContractProtectionLevel = true; } } } // normalize protection level settings at the operation scope if possible to help avoid typed message generation if (hasProtectionLevel && isProtectionLevelUniform) { // ([....]) remove the foreach message here // foreach (MessageDescription message in operation.Messages) this.ResetProtectionLevelForMessages(operation); operation.ProtectionLevel = protectionLevel; } // import fault protection requirements foreach (FaultDescription fault in operation.Faults) { ICollection<XmlElement> faultBindingAssertions = policyContext.GetFaultBindingAssertions(fault); this.ImportProtectionAssertions(faultBindingAssertions, out messageSignedParts, out messageEncryptedParts); this.AddParts(ref messageSignedParts, operationSignedParts); this.AddParts(ref messageEncryptedParts, operationEncryptedParts); // validate or set fault protection level ProtectionLevel newProtectionLevel = GetProtectionLevel(messageSignedParts.IsBodyIncluded, messageEncryptedParts.IsBodyIncluded, fault.Action); if (fault.HasProtectionLevel) { if (fault.ProtectionLevel != newProtectionLevel) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentException(SR.GetString(SR.CannotImportProtectionLevelForContract, policyContext.Contract.Name, policyContext.Contract.Namespace))); } } else { fault.ProtectionLevel = newProtectionLevel; } if (hasContractProtectionLevel) { if (contractProtectionLevel != newProtectionLevel) { isContractProtectionLevelUniform = false; } } else { contractProtectionLevel = newProtectionLevel; hasContractProtectionLevel = true; } } } if (isContractAssociatedWithAtLeastOneOtherBinding) { if (hasContractProtectionLevel != otherBindingProtectionLevel.HasProtectionRequirements || isContractProtectionLevelUniform != otherBindingProtectionLevel.HasUniformProtectionLevel || contractProtectionLevel != otherBindingProtectionLevel.UniformProtectionLevel) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentException(SR.GetString(SR.CannotImportProtectionLevelForContract, policyContext.Contract.Name, policyContext.Contract.Namespace))); } } else { if (hasContractProtectionLevel && isContractProtectionLevelUniform && contractProtectionLevel == ProtectionLevel.EncryptAndSign) { // remove all explicitly set protection levels on the contract description, since they are uniform across the contract // and match our binding's default of EncryptAndSign foreach (OperationDescription operation in policyContext.Contract.Operations) { this.ResetProtectionLevelForMessages(operation); foreach (FaultDescription fault in operation.Faults) { fault.ResetProtectionLevel(); } operation.ResetProtectionLevel(); } } importer.State[contractAssociationName] = new ContractProtectionLevel(hasContractProtectionLevel, isContractProtectionLevelUniform, contractProtectionLevel); } }
internal void AttachPolicy(ServiceEndpoint endpoint, WsdlEndpointConversionContext endpointContext, PolicyConversionContext policyContext) { string str; SortedList<string, string> policyKeys = new SortedList<string, string>(); NamingHelper.DoesNameExist doesNameExist = (name, nameCollection) => policyKeys.ContainsKey(name); System.Web.Services.Description.ServiceDescription serviceDescription = endpointContext.WsdlBinding.ServiceDescription; ICollection<XmlElement> bindingAssertions = policyContext.GetBindingAssertions(); System.Web.Services.Description.Binding wsdlBinding = endpointContext.WsdlBinding; if (bindingAssertions.Count > 0) { str = NamingHelper.GetUniqueName(CreateBindingPolicyKey(wsdlBinding), doesNameExist, null); policyKeys.Add(str, str); this.AttachItemPolicy(bindingAssertions, str, serviceDescription, wsdlBinding); } foreach (OperationDescription description2 in endpoint.Contract.Operations) { if (WsdlExporter.OperationIsExportable(description2)) { bindingAssertions = policyContext.GetOperationBindingAssertions(description2); if (bindingAssertions.Count > 0) { OperationBinding operationBinding = endpointContext.GetOperationBinding(description2); str = NamingHelper.GetUniqueName(CreateOperationBindingPolicyKey(operationBinding), doesNameExist, null); policyKeys.Add(str, str); this.AttachItemPolicy(bindingAssertions, str, serviceDescription, operationBinding); } foreach (MessageDescription description3 in description2.Messages) { bindingAssertions = policyContext.GetMessageBindingAssertions(description3); if (bindingAssertions.Count > 0) { MessageBinding messageBinding = endpointContext.GetMessageBinding(description3); str = NamingHelper.GetUniqueName(CreateMessageBindingPolicyKey(messageBinding, description3.Direction), doesNameExist, null); policyKeys.Add(str, str); this.AttachItemPolicy(bindingAssertions, str, serviceDescription, messageBinding); } } foreach (FaultDescription description4 in description2.Faults) { bindingAssertions = policyContext.GetFaultBindingAssertions(description4); if (bindingAssertions.Count > 0) { FaultBinding faultBinding = endpointContext.GetFaultBinding(description4); str = NamingHelper.GetUniqueName(CreateFaultBindingPolicyKey(faultBinding), doesNameExist, null); policyKeys.Add(str, str); this.AttachItemPolicy(bindingAssertions, str, serviceDescription, faultBinding); } } } } }
internal void AttachPolicy(ServiceEndpoint endpoint, WsdlEndpointConversionContext endpointContext, PolicyConversionContext policyContext) { SortedList<string, string> policyKeys = new SortedList<string, string>(); NamingHelper.DoesNameExist policyKeyIsUnique = delegate(string name, object nameCollection) { return policyKeys.ContainsKey(name); }; string key, keyBase; ICollection<XmlElement> assertions; WsdlNS.ServiceDescription policyWsdl = endpointContext.WsdlBinding.ServiceDescription; assertions = policyContext.GetBindingAssertions(); // Add [wsdl:Binding] level Policy WsdlNS.Binding wsdlBinding = endpointContext.WsdlBinding; if (assertions.Count > 0) { keyBase = CreateBindingPolicyKey(wsdlBinding); key = NamingHelper.GetUniqueName(keyBase, policyKeyIsUnique, null); policyKeys.Add(key, key); AttachItemPolicy(assertions, key, policyWsdl, wsdlBinding); } foreach (OperationDescription operation in endpoint.Contract.Operations) { if (!WsdlExporter.OperationIsExportable(operation)) { continue; } assertions = policyContext.GetOperationBindingAssertions(operation); // Add [wsdl:Binding/wsdl:operation] policy if (assertions.Count > 0) { WsdlNS.OperationBinding wsdlOperationBinding = endpointContext.GetOperationBinding(operation); keyBase = CreateOperationBindingPolicyKey(wsdlOperationBinding); key = NamingHelper.GetUniqueName(keyBase, policyKeyIsUnique, null); policyKeys.Add(key, key); AttachItemPolicy(assertions, key, policyWsdl, wsdlOperationBinding); } // // Add [wsdl:Binding/wsdl:operation] child policy // foreach (MessageDescription message in operation.Messages) { assertions = policyContext.GetMessageBindingAssertions(message); // Add [wsdl:Binding/wsdl:operation/wsdl:(input, output, message)] policy if (assertions.Count > 0) { WsdlNS.MessageBinding wsdlMessageBinding = endpointContext.GetMessageBinding(message); keyBase = CreateMessageBindingPolicyKey(wsdlMessageBinding, message.Direction); key = NamingHelper.GetUniqueName(keyBase, policyKeyIsUnique, null); policyKeys.Add(key, key); AttachItemPolicy(assertions, key, policyWsdl, wsdlMessageBinding); } } foreach (FaultDescription fault in operation.Faults) { assertions = policyContext.GetFaultBindingAssertions(fault); // Add [wsdl:Binding/wsdl:operation/wsdl:fault] policy if (assertions.Count > 0) { WsdlNS.FaultBinding wsdlFaultBinding = endpointContext.GetFaultBinding(fault); keyBase = CreateFaultBindingPolicyKey(wsdlFaultBinding); key = NamingHelper.GetUniqueName(keyBase, policyKeyIsUnique, null); policyKeys.Add(key, key); AttachItemPolicy(assertions, key, policyWsdl, wsdlFaultBinding); } } } }
private void ImportMessageScopeProtectionPolicy(MetadataImporter importer, PolicyConversionContext policyContext) { MessagePartSpecification specification; MessagePartSpecification specification2; bool flag; ContractProtectionLevel level = null; bool hasProtectionRequirements = false; bool hasUniformProtectionLevel = true; ProtectionLevel none = ProtectionLevel.None; string key = string.Format("{0}:{1}:{2}", "ContractProtectionLevelKey", policyContext.Contract.Name, policyContext.Contract.Namespace); if (importer.State.ContainsKey(key)) { flag = true; level = (ContractProtectionLevel) importer.State[key]; } else { flag = false; } ICollection<XmlElement> bindingAssertions = policyContext.GetBindingAssertions(); this.ImportProtectionAssertions(bindingAssertions, out specification, out specification2); if (importer.State.ContainsKey("InSecureConversationBootstrapBindingImportMode")) { if (specification2 != null) { importer.State["SecureConversationBootstrapEncryptionRequirements"] = specification2; } if (specification != null) { importer.State["SecureConversationBootstrapSignatureRequirements"] = specification; } } foreach (OperationDescription description in policyContext.Contract.Operations) { MessagePartSpecification specification3; MessagePartSpecification specification4; MessagePartSpecification specification5; MessagePartSpecification specification6; ICollection<XmlElement> operationBindingAssertions = policyContext.GetOperationBindingAssertions(description); this.ImportProtectionAssertions(operationBindingAssertions, out specification3, out specification4); this.AddParts(ref specification3, specification); this.AddParts(ref specification4, specification2); bool flag4 = false; bool flag5 = true; ProtectionLevel level3 = ProtectionLevel.None; foreach (MessageDescription description2 in description.Messages) { ICollection<XmlElement> messageBindingAssertions = policyContext.GetMessageBindingAssertions(description2); this.ImportProtectionAssertions(messageBindingAssertions, out specification5, out specification6); this.AddParts(ref specification5, specification3); this.AddParts(ref specification6, specification4); ProtectionLevel newProtectionLevel = GetProtectionLevel(specification5.IsBodyIncluded, specification6.IsBodyIncluded, description2.Action); if (OperationFormatter.IsValidReturnValue(description2.Body.ReturnValue)) { this.ValidateExistingOrSetNewProtectionLevel(description2.Body.ReturnValue, description2, description, policyContext.Contract, newProtectionLevel); } foreach (MessagePartDescription description3 in description2.Body.Parts) { this.ValidateExistingOrSetNewProtectionLevel(description3, description2, description, policyContext.Contract, newProtectionLevel); } if (!OperationFormatter.IsValidReturnValue(description2.Body.ReturnValue) || (description2.Body.Parts.Count == 0)) { this.ValidateExistingOrSetNewProtectionLevel(null, description2, description, policyContext.Contract, newProtectionLevel); } if (flag4) { if (level3 != newProtectionLevel) { flag5 = false; } } else { level3 = newProtectionLevel; flag4 = true; } if (hasProtectionRequirements) { if (none != newProtectionLevel) { hasUniformProtectionLevel = false; } } else { none = newProtectionLevel; hasProtectionRequirements = true; } foreach (MessageHeaderDescription description4 in description2.Headers) { bool signed = specification5.IsHeaderIncluded(description4.Name, description4.Namespace); bool encrypted = specification6.IsHeaderIncluded(description4.Name, description4.Namespace); newProtectionLevel = GetProtectionLevel(signed, encrypted, description2.Action); this.ValidateExistingOrSetNewProtectionLevel(description4, description2, description, policyContext.Contract, newProtectionLevel); if (flag4) { if (level3 != newProtectionLevel) { flag5 = false; } } else { level3 = newProtectionLevel; flag4 = true; } if (hasProtectionRequirements) { if (none != newProtectionLevel) { hasUniformProtectionLevel = false; } } else { none = newProtectionLevel; hasProtectionRequirements = true; } } } if (flag4 && flag5) { this.ResetProtectionLevelForMessages(description); description.ProtectionLevel = level3; } foreach (FaultDescription description5 in description.Faults) { ICollection<XmlElement> faultBindingAssertions = policyContext.GetFaultBindingAssertions(description5); this.ImportProtectionAssertions(faultBindingAssertions, out specification5, out specification6); this.AddParts(ref specification5, specification3); this.AddParts(ref specification6, specification4); ProtectionLevel level5 = GetProtectionLevel(specification5.IsBodyIncluded, specification6.IsBodyIncluded, description5.Action); if (description5.HasProtectionLevel) { if (description5.ProtectionLevel != level5) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentException(System.ServiceModel.SR.GetString("CannotImportProtectionLevelForContract", new object[] { policyContext.Contract.Name, policyContext.Contract.Namespace }))); } } else { description5.ProtectionLevel = level5; } if (hasProtectionRequirements) { if (none != level5) { hasUniformProtectionLevel = false; } } else { none = level5; hasProtectionRequirements = true; } } } if (flag) { if (((hasProtectionRequirements != level.HasProtectionRequirements) || (hasUniformProtectionLevel != level.HasUniformProtectionLevel)) || (none != level.UniformProtectionLevel)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentException(System.ServiceModel.SR.GetString("CannotImportProtectionLevelForContract", new object[] { policyContext.Contract.Name, policyContext.Contract.Namespace }))); } } else { if ((hasProtectionRequirements && hasUniformProtectionLevel) && (none == ProtectionLevel.EncryptAndSign)) { foreach (OperationDescription description6 in policyContext.Contract.Operations) { this.ResetProtectionLevelForMessages(description6); foreach (FaultDescription description7 in description6.Faults) { description7.ResetProtectionLevel(); } description6.ResetProtectionLevel(); } } importer.State[key] = new ContractProtectionLevel(hasProtectionRequirements, hasUniformProtectionLevel, none); } }