internal static XmlElement GetElement(MetadataImporter importer,
XmlElement root, QName name, bool required)
{
var list = root.GetElementsByTagName(name.Name, name.Namespace);
if (list.Count < 1)
{
if (required)
{
importer.AddWarning("Did not find required policy element `{0}'", name);
}
return(null);
}
if (list.Count > 1)
{
importer.AddWarning("Found duplicate policy element `{0}'", name);
return(null);
}
var element = list [0] as XmlElement;
if (required && (element == null))
{
importer.AddWarning("Did not find required policy element `{0}'", name);
}
return(element);
}
bool ImportHttpAuthScheme(MetadataImporter importer,
HttpTransportBindingElement bindingElement,
PolicyConversionContext context)
{
var assertions = context.GetBindingAssertions();
var authSchemes = AuthenticationSchemes.None;
var httpsTransport = bindingElement as HttpsTransportBindingElement;
bool certificate = httpsTransport != null ?
httpsTransport.RequireClientCertificate : false;
var authElements = PolicyImportHelper.FindAssertionByNS(
assertions, PolicyImportHelper.HttpAuthNS);
foreach (XmlElement authElement in authElements)
{
assertions.Remove(authElement);
if (certificate)
{
importer.AddWarning(
"Invalid authentication assertion while " +
"using client certificate: {0}", authElement.OuterXml);
return(false);
}
switch (authElement.LocalName)
{
case "BasicAuthentication":
authSchemes |= AuthenticationSchemes.Basic;
break;
case "NtlmAuthentication":
authSchemes |= AuthenticationSchemes.Ntlm;
break;
case "DigestAuthentication":
authSchemes |= AuthenticationSchemes.Digest;
break;
case "NegotiateAuthentication":
authSchemes |= AuthenticationSchemes.Negotiate;
break;
default:
importer.AddWarning(
"Invalid policy assertion: {0}", authElement.OuterXml);
return(false);
}
}
bindingElement.AuthenticationScheme = authSchemes;
return(true);
}
bool ImportHttpTransport(MetadataImporter importer, PolicyConversionContext context,
XmlElement transportPolicy,
out HttpTransportBindingElement bindingElement)
{
XmlElement transportToken;
if (!GetTransportToken(importer, transportPolicy, out transportToken))
{
bindingElement = null;
return(false);
}
if (transportToken == null)
{
bindingElement = new HttpTransportBindingElement();
return(true);
}
bool error;
var tokenElementList = PolicyImportHelper.GetPolicyElements(transportToken, out error);
if (error || (tokenElementList.Count != 1))
{
importer.AddWarning("Invalid policy assertion: {0}", transportToken.OuterXml);
bindingElement = null;
return(false);
}
var tokenElement = tokenElementList [0];
if (!PolicyImportHelper.SecurityPolicyNS.Equals(tokenElement.NamespaceURI) ||
!tokenElement.LocalName.Equals("HttpsToken"))
{
importer.AddWarning("Invalid policy assertion: {0}", tokenElement.OuterXml);
bindingElement = null;
return(false);
}
var httpsTransport = new HttpsTransportBindingElement();
bindingElement = httpsTransport;
var certAttr = tokenElement.GetAttribute("RequireClientCertificate");
if (!String.IsNullOrEmpty(certAttr))
{
httpsTransport.RequireClientCertificate = Boolean.Parse(certAttr);
}
return(true);
}
internal static bool FindPolicyElement(MetadataImporter importer, XmlElement root,
QName name, bool required, bool removeWhenFound,
out XmlElement element)
{
if (!FindPolicyElement(root, name, removeWhenFound, out element))
{
importer.AddWarning("Invalid policy element: {0}", root.OuterXml);
return(false);
}
if (required && (element == null))
{
importer.AddWarning("Did not find policy element `{0}'.", name);
return(false);
}
return(true);
}
bool ImportTransport(MetadataImporter importer, TransportBindingElement bindingElement,
XmlElement transportPolicy)
{
XmlElement algorithmSuite, layout;
if (!PolicyImportHelper.FindPolicyElement(
importer, transportPolicy,
new QName("AlgorithmSuite", PolicyImportHelper.SecurityPolicyNS),
false, true, out algorithmSuite) ||
!PolicyImportHelper.FindPolicyElement(
importer, transportPolicy,
new QName("Layout", PolicyImportHelper.SecurityPolicyNS),
false, true, out layout))
{
return(false);
}
bool foundUnknown = false;
foreach (var node in transportPolicy.ChildNodes)
{
var e = node as XmlElement;
if (e == null)
{
continue;
}
importer.AddWarning("Unknown policy assertion: {0}", e.OuterXml);
foundUnknown = true;
}
return(!foundUnknown);
}
bool ImportTcpTransport(MetadataImporter importer, PolicyConversionContext context,
XmlElement transportPolicy)
{
XmlElement transportToken;
if (!GetTransportToken(importer, transportPolicy, out transportToken))
{
return(false);
}
if (transportToken == null)
{
return(true);
}
bool error;
var tokenElementList = PolicyImportHelper.GetPolicyElements(transportToken, out error);
if (error || (tokenElementList.Count != 1))
{
importer.AddWarning("Invalid policy assertion: {0}", transportToken.OuterXml);
return(false);
}
var tokenElement = tokenElementList [0];
if (!PolicyImportHelper.FramingPolicyNS.Equals(tokenElement.NamespaceURI))
{
importer.AddWarning("Invalid policy assertion: {0}", tokenElement.OuterXml);
return(false);
}
if (tokenElement.LocalName.Equals("WindowsTransportSecurity"))
{
if (!ImportWindowsTransportSecurity(importer, context, tokenElement))
{
return(false);
}
}
else if (tokenElement.LocalName.Equals("SslTransportSecurity"))
{
context.BindingElements.Add(new SslStreamSecurityBindingElement());
}
return(true);
}
bool ImportWindowsTransportSecurity(MetadataImporter importer,
PolicyConversionContext context,
XmlElement policyElement)
{
var protectionLevel = PolicyImportHelper.GetElement(
importer, policyElement, "ProtectionLevel",
PolicyImportHelper.FramingPolicyNS, true);
if (protectionLevel == null)
{
importer.AddWarning(
"Invalid policy assertion: {0}", policyElement.OuterXml);
return(false);
}
var element = new WindowsStreamSecurityBindingElement();
switch (protectionLevel.InnerText.ToLowerInvariant())
{
case "none":
element.ProtectionLevel = ProtectionLevel.None;
break;
case "sign":
element.ProtectionLevel = ProtectionLevel.Sign;
break;
case "encryptandsign":
element.ProtectionLevel = ProtectionLevel.EncryptAndSign;
break;
default:
importer.AddWarning(
"Invalid policy assertion: {0}", protectionLevel.OuterXml);
return(false);
}
context.BindingElements.Add(element);
return(true);
}
