internal static XmlElement CreateTransportBinding(XmlElement transportToken)
{
var doc = new XmlDocument();
var transportBinding = doc.CreateElement(
"sp", "TransportBinding", PolicyImportHelper.SecurityPolicyNS);
var token = doc.CreateElement(
"sp", "TransportToken", PolicyImportHelper.SecurityPolicyNS);
PolicyImportHelper.AddWrappedPolicyElement(token, transportToken);
var algorithmSuite = doc.CreateElement(
"sp", "AlgorithmSuite", PolicyImportHelper.SecurityPolicyNS);
var basic256 = doc.CreateElement(
"sp", "Basic256", PolicyImportHelper.SecurityPolicyNS);
PolicyImportHelper.AddWrappedPolicyElement(algorithmSuite, basic256);
var layout = doc.CreateElement(
"sp", "Layout", PolicyImportHelper.SecurityPolicyNS);
var strict = doc.CreateElement(
"sp", "Strict", PolicyImportHelper.SecurityPolicyNS);
PolicyImportHelper.AddWrappedPolicyElement(layout, strict);
PolicyImportHelper.AddWrappedPolicyElements(
transportBinding, token, algorithmSuite, layout);
return(transportBinding);
}
bool ImportHttpPolicy(MetadataImporter importer, PolicyConversionContext context,
WS.SoapBinding soap)
{
HttpTransportBindingElement httpTransport;
var assertions = context.GetBindingAssertions();
var transportPolicy = PolicyImportHelper.GetTransportBindingPolicy(assertions);
if (transportPolicy != null)
{
if (!ImportHttpTransport(importer, context, transportPolicy, out httpTransport))
{
return(false);
}
if (!ImportTransport(importer, httpTransport, transportPolicy))
{
return(false);
}
}
else
{
httpTransport = new HttpTransportBindingElement();
}
if (!ImportHttpAuthScheme(importer, httpTransport, context))
{
return(false);
}
context.BindingElements.Add(httpTransport);
return(true);
}
bool ImportTcpPolicy(MetadataImporter importer, PolicyConversionContext context,
WS.Soap12Binding soap)
{
var assertions = context.GetBindingAssertions();
var tcpTransport = new TcpTransportBindingElement();
var transportPolicy = PolicyImportHelper.GetTransportBindingPolicy(assertions);
if (transportPolicy != null)
{
if (!ImportTcpTransport(importer, context, transportPolicy))
{
return(false);
}
if (!ImportTransport(importer, tcpTransport, transportPolicy))
{
return(false);
}
}
var streamed = PolicyImportHelper.GetStreamedMessageFramingPolicy(assertions);
if (streamed != null)
{
tcpTransport.TransferMode = TransferMode.Streamed;
}
context.BindingElements.Add(tcpTransport);
return(true);
}
bool ImportTransport(MetadataImporter importer, TransportBindingElement bindingElement,
XmlElement transportPolicy)
{
XmlElement algorithmSuite, layout;
if (!PolicyImportHelper.FindPolicyElement(
importer, transportPolicy,
new QName("AlgorithmSuite", PolicyImportHelper.SecurityPolicyNS),
false, true, out algorithmSuite) ||
!PolicyImportHelper.FindPolicyElement(
importer, transportPolicy,
new QName("Layout", PolicyImportHelper.SecurityPolicyNS),
false, true, out layout))
{
return(false);
}
bool foundUnknown = false;
foreach (var node in transportPolicy.ChildNodes)
{
var e = node as XmlElement;
if (e == null)
{
continue;
}
importer.AddWarning("Unknown policy assertion: {0}", e.OuterXml);
foundUnknown = true;
}
return(!foundUnknown);
}
bool GetTransportToken(MetadataImporter importer, XmlElement transportPolicy,
out XmlElement transportToken)
{
return(PolicyImportHelper.FindPolicyElement(
importer, transportPolicy,
new QName("TransportToken", PolicyImportHelper.SecurityPolicyNS),
false, true, out transportToken));
}
bool ImportHttpAuthScheme(MetadataImporter importer,
HttpTransportBindingElement bindingElement,
PolicyConversionContext context)
{
var assertions = context.GetBindingAssertions();
var authSchemes = AuthenticationSchemes.None;
var httpsTransport = bindingElement as HttpsTransportBindingElement;
bool certificate = httpsTransport != null ?
httpsTransport.RequireClientCertificate : false;
var authElements = PolicyImportHelper.FindAssertionByNS(
assertions, PolicyImportHelper.HttpAuthNS);
foreach (XmlElement authElement in authElements)
{
assertions.Remove(authElement);
if (certificate)
{
importer.AddWarning(
"Invalid authentication assertion while " +
"using client certificate: {0}", authElement.OuterXml);
return(false);
}
switch (authElement.LocalName)
{
case "BasicAuthentication":
authSchemes |= AuthenticationSchemes.Basic;
break;
case "NtlmAuthentication":
authSchemes |= AuthenticationSchemes.Ntlm;
break;
case "DigestAuthentication":
authSchemes |= AuthenticationSchemes.Digest;
break;
case "NegotiateAuthentication":
authSchemes |= AuthenticationSchemes.Negotiate;
break;
default:
importer.AddWarning(
"Invalid policy assertion: {0}", authElement.OuterXml);
return(false);
}
}
bindingElement.AuthenticationScheme = authSchemes;
return(true);
}
bool ImportHttpTransport(MetadataImporter importer, PolicyConversionContext context,
XmlElement transportPolicy,
out HttpTransportBindingElement bindingElement)
{
XmlElement transportToken;
if (!GetTransportToken(importer, transportPolicy, out transportToken))
{
bindingElement = null;
return(false);
}
if (transportToken == null)
{
bindingElement = new HttpTransportBindingElement();
return(true);
}
bool error;
var tokenElementList = PolicyImportHelper.GetPolicyElements(transportToken, out error);
if (error || (tokenElementList.Count != 1))
{
importer.AddWarning("Invalid policy assertion: {0}", transportToken.OuterXml);
bindingElement = null;
return(false);
}
var tokenElement = tokenElementList [0];
if (!PolicyImportHelper.SecurityPolicyNS.Equals(tokenElement.NamespaceURI) ||
!tokenElement.LocalName.Equals("HttpsToken"))
{
importer.AddWarning("Invalid policy assertion: {0}", tokenElement.OuterXml);
bindingElement = null;
return(false);
}
var httpsTransport = new HttpsTransportBindingElement();
bindingElement = httpsTransport;
var certAttr = tokenElement.GetAttribute("RequireClientCertificate");
if (!String.IsNullOrEmpty(certAttr))
{
httpsTransport.RequireClientCertificate = Boolean.Parse(certAttr);
}
return(true);
}
bool ImportTcpTransport(MetadataImporter importer, PolicyConversionContext context,
XmlElement transportPolicy)
{
XmlElement transportToken;
if (!GetTransportToken(importer, transportPolicy, out transportToken))
{
return(false);
}
if (transportToken == null)
{
return(true);
}
bool error;
var tokenElementList = PolicyImportHelper.GetPolicyElements(transportToken, out error);
if (error || (tokenElementList.Count != 1))
{
importer.AddWarning("Invalid policy assertion: {0}", transportToken.OuterXml);
return(false);
}
var tokenElement = tokenElementList [0];
if (!PolicyImportHelper.FramingPolicyNS.Equals(tokenElement.NamespaceURI))
{
importer.AddWarning("Invalid policy assertion: {0}", tokenElement.OuterXml);
return(false);
}
if (tokenElement.LocalName.Equals("WindowsTransportSecurity"))
{
if (!ImportWindowsTransportSecurity(importer, context, tokenElement))
{
return(false);
}
}
else if (tokenElement.LocalName.Equals("SslTransportSecurity"))
{
context.BindingElements.Add(new SslStreamSecurityBindingElement());
}
return(true);
}
bool ImportWindowsTransportSecurity(MetadataImporter importer,
PolicyConversionContext context,
XmlElement policyElement)
{
var protectionLevel = PolicyImportHelper.GetElement(
importer, policyElement, "ProtectionLevel",
PolicyImportHelper.FramingPolicyNS, true);
if (protectionLevel == null)
{
importer.AddWarning(
"Invalid policy assertion: {0}", policyElement.OuterXml);
return(false);
}
var element = new WindowsStreamSecurityBindingElement();
switch (protectionLevel.InnerText.ToLowerInvariant())
{
case "none":
element.ProtectionLevel = ProtectionLevel.None;
break;
case "sign":
element.ProtectionLevel = ProtectionLevel.Sign;
break;
case "encryptandsign":
element.ProtectionLevel = ProtectionLevel.EncryptAndSign;
break;
default:
importer.AddWarning(
"Invalid policy assertion: {0}", protectionLevel.OuterXml);
return(false);
}
context.BindingElements.Add(element);
return(true);
}
void IPolicyImportExtension.ImportPolicy(MetadataImporter importer,
PolicyConversionContext context)
{
var assertions = context.GetBindingAssertions();
var mtom = PolicyImportHelper.GetMtomMessageEncodingPolicy(assertions);
if (mtom != null)
{
// http://www.w3.org/Submission/WS-MTOMPolicy/
context.BindingElements.Add(new MtomMessageEncodingBindingElement());
return;
}
var binary = PolicyImportHelper.GetBinaryMessageEncodingPolicy(assertions);
if (binary != null)
{
context.BindingElements.Add(new BinaryMessageEncodingBindingElement());
return;
}
context.BindingElements.Add(new TextMessageEncodingBindingElement());
}
