private Collection <XmlElement> NormalizeAdditionalParameters(Collection <XmlElement> additionalParameters, TrustDriver driver, bool clientSideClaimTypeRequirementsSpecified) { Collection <XmlElement> collection1 = new Collection <XmlElement>(); foreach (XmlElement additionalParameter in additionalParameters) { collection1.Add(additionalParameter); } if (driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13) { XmlElement xmlElement1 = (XmlElement)null; XmlElement xmlElement2 = (XmlElement)null; XmlElement xmlElement3 = (XmlElement)null; XmlElement xmlElement4 = (XmlElement)null; for (int index = 0; index < collection1.Count; ++index) { string str; if (driver.IsEncryptionAlgorithmElement(collection1[index], out str)) { xmlElement1 = collection1[index]; } else if (driver.IsCanonicalizationAlgorithmElement(collection1[index], out str)) { xmlElement2 = collection1[index]; } else if (driver.IsKeyWrapAlgorithmElement(collection1[index], out str)) { xmlElement3 = collection1[index]; } else if (((WSTrustDec2005.DriverDec2005)driver).IsSecondaryParametersElement(collection1[index])) { xmlElement4 = collection1[index]; } } if (xmlElement4 != null) { foreach (XmlNode childNode in xmlElement4.ChildNodes) { XmlElement element = childNode as XmlElement; if (element != null) { string str = (string)null; if (driver.IsEncryptionAlgorithmElement(element, out str) && xmlElement1 != null) { collection1.Remove(xmlElement1); } else if (driver.IsCanonicalizationAlgorithmElement(element, out str) && xmlElement2 != null) { collection1.Remove(xmlElement2); } else if (driver.IsKeyWrapAlgorithmElement(element, out str) && xmlElement3 != null) { collection1.Remove(xmlElement3); } } } } } if ((driver.StandardsManager.TrustVersion != TrustVersion.WSTrustFeb2005 || this.CollectionContainsElementsWithTrustNamespace(additionalParameters, "http://schemas.xmlsoap.org/ws/2005/02/trust")) && (driver.StandardsManager.TrustVersion != TrustVersion.WSTrust13 || this.CollectionContainsElementsWithTrustNamespace(additionalParameters, "http://docs.oasis-open.org/ws-sx/ws-trust/200512"))) { return(collection1); } if (driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13) { WSTrustFeb2005.DriverFeb2005 trustDriver = (WSTrustFeb2005.DriverFeb2005)SecurityStandardsManager.DefaultInstance.TrustDriver; for (int index = 0; index < collection1.Count; ++index) { string empty = string.Empty; if (trustDriver.IsSignWithElement(collection1[index], out empty)) { collection1[index] = driver.CreateSignWithElement(empty); } else if (trustDriver.IsEncryptWithElement(collection1[index], out empty)) { collection1[index] = driver.CreateEncryptWithElement(empty); } else if (trustDriver.IsEncryptionAlgorithmElement(collection1[index], out empty)) { collection1[index] = driver.CreateEncryptionAlgorithmElement(empty); } else if (trustDriver.IsCanonicalizationAlgorithmElement(collection1[index], out empty)) { collection1[index] = driver.CreateCanonicalizationAlgorithmElement(empty); } } } else { Collection <XmlElement> collection2 = (Collection <XmlElement>)null; WSTrustDec2005.DriverDec2005 trustDriver = (WSTrustDec2005.DriverDec2005) new SecurityStandardsManager(MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12, (SecurityTokenSerializer) new WSSecurityTokenSerializer(SecurityVersion.WSSecurity11, TrustVersion.WSTrust13, SecureConversationVersion.WSSecureConversation13, true, (SamlSerializer1)null, (SecurityStateEncoder)null, (IEnumerable <System.Type>)null)).TrustDriver; foreach (XmlElement element in collection1) { if (trustDriver.IsSecondaryParametersElement(element)) { collection2 = new Collection <XmlElement>(); foreach (XmlNode childNode in element.ChildNodes) { XmlElement innerElement = childNode as XmlElement; if (innerElement != null && this.CanPromoteToRoot(innerElement, trustDriver, clientSideClaimTypeRequirementsSpecified)) { collection2.Add(innerElement); } } collection1.Remove(element); break; } } if (collection2 != null && collection2.Count > 0) { XmlElement xmlElement1 = (XmlElement)null; string encryptionAlgorithm = string.Empty; XmlElement xmlElement2 = (XmlElement)null; string canonicalizationAlgorithm = string.Empty; XmlElement xmlElement3 = (XmlElement)null; Collection <XmlElement> requiredClaims1 = (Collection <XmlElement>)null; Collection <XmlElement> collection3 = new Collection <XmlElement>(); foreach (XmlElement element in collection2) { if (xmlElement1 == null && trustDriver.IsEncryptionAlgorithmElement(element, out encryptionAlgorithm)) { xmlElement1 = driver.CreateEncryptionAlgorithmElement(encryptionAlgorithm); collection3.Add(element); } else if (xmlElement2 == null && trustDriver.IsCanonicalizationAlgorithmElement(element, out canonicalizationAlgorithm)) { xmlElement2 = driver.CreateCanonicalizationAlgorithmElement(canonicalizationAlgorithm); collection3.Add(element); } else if (xmlElement3 == null && trustDriver.TryParseRequiredClaimsElement(element, out requiredClaims1)) { xmlElement3 = driver.CreateRequiredClaimsElement((IEnumerable <XmlElement>)requiredClaims1); collection3.Add(element); } } for (int index = 0; index < collection3.Count; ++index) { collection2.Remove(collection3[index]); } XmlElement xmlElement4 = (XmlElement)null; for (int index = 0; index < collection1.Count; ++index) { string str; if (trustDriver.IsSignWithElement(collection1[index], out str)) { collection1[index] = driver.CreateSignWithElement(str); } else if (trustDriver.IsEncryptWithElement(collection1[index], out str)) { collection1[index] = driver.CreateEncryptWithElement(str); } else if (trustDriver.IsEncryptionAlgorithmElement(collection1[index], out str) && xmlElement1 != null) { collection1[index] = xmlElement1; xmlElement1 = (XmlElement)null; } else if (trustDriver.IsCanonicalizationAlgorithmElement(collection1[index], out str) && xmlElement2 != null) { collection1[index] = xmlElement2; xmlElement2 = (XmlElement)null; } else if (trustDriver.IsKeyWrapAlgorithmElement(collection1[index], out str) && xmlElement4 == null) { xmlElement4 = collection1[index]; } else { Collection <XmlElement> requiredClaims2; if (trustDriver.TryParseRequiredClaimsElement(collection1[index], out requiredClaims2) && xmlElement3 != null) { collection1[index] = xmlElement3; xmlElement3 = (XmlElement)null; } } } if (xmlElement4 != null) { collection1.Remove(xmlElement4); } if (xmlElement1 != null) { collection1.Add(xmlElement1); } if (xmlElement2 != null) { collection1.Add(xmlElement2); } if (xmlElement3 != null) { collection1.Add(xmlElement3); } if (collection2.Count > 0) { for (int index = 0; index < collection2.Count; ++index) { collection1.Add(collection2[index]); } } } } return(collection1); }
private Collection <XmlElement> NormalizeAdditionalParameters(Collection <XmlElement> additionalParameters, TrustDriver driver, bool clientSideClaimTypeRequirementsSpecified) { // Ensure STS trust version is one of the currently supported versions: Feb 05 / Trust 1.3 Fx.Assert(((driver.StandardsManager.TrustVersion == TrustVersion.WSTrustFeb2005) || (driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13)), "Unsupported trust version specified for the STS."); // We have a mismatch. Make a local copy of additionalParameters for making any potential modifications // as part of normalization Collection <XmlElement> tmpCollection = new Collection <XmlElement>(); foreach (XmlElement e in additionalParameters) { tmpCollection.Add(e); } // 1. For Trust 1.3 EncryptionAlgorithm, CanonicalizationAlgorithm and KeyWrapAlgorithm should not be // specified as top-level element if "SecondaryParameters" element already specifies this. if (driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13) { Fx.Assert(driver.GetType() == typeof(WSTrustDec2005.DriverDec2005), "Invalid Trust Driver specified for Trust 1.3."); XmlElement encryptionAlgorithmElement = null; XmlElement canonicalizationAlgorithmElement = null; XmlElement keyWrapAlgorithmElement = null; XmlElement secondaryParameter = null; for (int i = 0; i < tmpCollection.Count; ++i) { if (driver.IsEncryptionAlgorithmElement(tmpCollection[i], out string algorithm)) { encryptionAlgorithmElement = tmpCollection[i]; } else if (driver.IsCanonicalizationAlgorithmElement(tmpCollection[i], out algorithm)) { canonicalizationAlgorithmElement = tmpCollection[i]; } else if (driver.IsKeyWrapAlgorithmElement(tmpCollection[i], out algorithm)) { keyWrapAlgorithmElement = tmpCollection[i]; } else if (((WSTrustDec2005.DriverDec2005)driver).IsSecondaryParametersElement(tmpCollection[i])) { secondaryParameter = tmpCollection[i]; } } if (secondaryParameter != null) { foreach (XmlNode node in secondaryParameter.ChildNodes) { if (node is XmlElement child) { if (driver.IsEncryptionAlgorithmElement(child, out string algorithm) && (encryptionAlgorithmElement != null)) { tmpCollection.Remove(encryptionAlgorithmElement); } else if (driver.IsCanonicalizationAlgorithmElement(child, out algorithm) && (canonicalizationAlgorithmElement != null)) { tmpCollection.Remove(canonicalizationAlgorithmElement); } else if (driver.IsKeyWrapAlgorithmElement(child, out algorithm) && (keyWrapAlgorithmElement != null)) { tmpCollection.Remove(keyWrapAlgorithmElement); } } } } } // 2. Check for Mismatch. // a. Trust Feb 2005 -> Trust 1.3. do the following, // (i) Copy EncryptionAlgorithm and CanonicalizationAlgorithm as the top-level elements. // Note, this is in contradiction to step 1. But we don't have a choice here as we cannot say from the // Additional Parameters section in the config what came from the service and what came from the client. // (ii) Convert SignWith and EncryptWith elements to Trust 1.3 namespace. // b. For Trust 1.3 -> Trust Feb 2005, do the following, // (i) Find EncryptionAlgorithm, CanonicalizationAlgorithm from inside the "SecondaryParameters" element. // If found, then promote these as the top-level elements replacing the existing values. // (ii) Convert the SignWith and EncryptWith elements to the Trust Feb 2005 namespace and drop the KeyWrapAlgorithm // element. // make an optimistic check to detect mismatched trust-versions between STS and RP bool mismatch = (((driver.StandardsManager.TrustVersion == TrustVersion.WSTrustFeb2005) && !CollectionContainsElementsWithTrustNamespace(additionalParameters, TrustFeb2005Strings.Namespace)) || ((driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13) && !CollectionContainsElementsWithTrustNamespace(additionalParameters, TrustDec2005Strings.Namespace))); // if no mismatch, return unmodified collection if (!mismatch) { return(tmpCollection); } // 2.a // If we are talking to a Trust 1.3 STS, replace any Feb '05 algorithm parameters with their Trust 1.3 counterparts if (driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13) { SecurityStandardsManager trustFeb2005StandardsManager = SecurityStandardsManager.DefaultInstance; // the following cast is guaranteed to succeed WSTrustFeb2005.DriverFeb2005 trustFeb2005Driver = (WSTrustFeb2005.DriverFeb2005)trustFeb2005StandardsManager.TrustDriver; for (int i = 0; i < tmpCollection.Count; i++) { if (trustFeb2005Driver.IsSignWithElement(tmpCollection[i], out string algorithmParameter)) { tmpCollection[i] = driver.CreateSignWithElement(algorithmParameter); } else if (trustFeb2005Driver.IsEncryptWithElement(tmpCollection[i], out algorithmParameter)) { tmpCollection[i] = driver.CreateEncryptWithElement(algorithmParameter); } else if (trustFeb2005Driver.IsEncryptionAlgorithmElement(tmpCollection[i], out algorithmParameter)) { tmpCollection[i] = driver.CreateEncryptionAlgorithmElement(algorithmParameter); } else if (trustFeb2005Driver.IsCanonicalizationAlgorithmElement(tmpCollection[i], out algorithmParameter)) { tmpCollection[i] = driver.CreateCanonicalizationAlgorithmElement(algorithmParameter); } } } else { // 2.b // We are talking to a Feb 05 STS. Filter out any SecondaryParameters element. Collection <XmlElement> childrenToPromote = null; WSSecurityTokenSerializer trust13Serializer = new WSSecurityTokenSerializer(SecurityVersion.WSSecurity11, TrustVersion.WSTrust13, SecureConversationVersion.WSSecureConversation13, true, null, null, null); SecurityStandardsManager trust13StandardsManager = new SecurityStandardsManager(MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12, trust13Serializer); // the following cast is guaranteed to succeed WSTrustDec2005.DriverDec2005 trust13Driver = (WSTrustDec2005.DriverDec2005)trust13StandardsManager.TrustDriver; foreach (XmlElement parameter in tmpCollection) { // check if SecondaryParameters is present if (trust13Driver.IsSecondaryParametersElement(parameter)) { childrenToPromote = new Collection <XmlElement>(); // walk SecondaryParameters and collect any 'non-standard' children foreach (XmlNode innerNode in parameter.ChildNodes) { if ((innerNode is XmlElement innerElement) && CanPromoteToRoot(innerElement, trust13Driver, clientSideClaimTypeRequirementsSpecified)) { childrenToPromote.Add(innerElement); } } // remove SecondaryParameters element tmpCollection.Remove(parameter); // we are done - break out of the loop break; } } // Probe of standard Trust elements and remember them. if ((childrenToPromote != null) && (childrenToPromote.Count > 0)) { XmlElement encryptionElement = null; XmlElement canonicalizationElement = null; XmlElement requiredClaimsElement = null; Collection <XmlElement> processedElements = new Collection <XmlElement>(); foreach (XmlElement e in childrenToPromote) { if ((encryptionElement == null) && trust13Driver.IsEncryptionAlgorithmElement(e, out string encryptionAlgorithm)) { encryptionElement = driver.CreateEncryptionAlgorithmElement(encryptionAlgorithm); processedElements.Add(e); } else if ((canonicalizationElement == null) && trust13Driver.IsCanonicalizationAlgorithmElement(e, out string canonicalizationAlgoritm)) { canonicalizationElement = driver.CreateCanonicalizationAlgorithmElement(canonicalizationAlgoritm); processedElements.Add(e); } else if ((requiredClaimsElement == null) && trust13Driver.TryParseRequiredClaimsElement(e, out Collection <XmlElement> requiredClaims)) { requiredClaimsElement = driver.CreateRequiredClaimsElement(requiredClaims); processedElements.Add(e); } } for (int i = 0; i < processedElements.Count; ++i) { childrenToPromote.Remove(processedElements[i]); } XmlElement keyWrapAlgorithmElement = null; // Replace the appropriate elements. for (int i = 0; i < tmpCollection.Count; ++i) { if (trust13Driver.IsSignWithElement(tmpCollection[i], out string algorithmParameter)) { tmpCollection[i] = driver.CreateSignWithElement(algorithmParameter); } else if (trust13Driver.IsEncryptWithElement(tmpCollection[i], out algorithmParameter)) { tmpCollection[i] = driver.CreateEncryptWithElement(algorithmParameter); } else if (trust13Driver.IsEncryptionAlgorithmElement(tmpCollection[i], out algorithmParameter) && (encryptionElement != null)) { tmpCollection[i] = encryptionElement; encryptionElement = null; } else if (trust13Driver.IsCanonicalizationAlgorithmElement(tmpCollection[i], out algorithmParameter) && (canonicalizationElement != null)) { tmpCollection[i] = canonicalizationElement; canonicalizationElement = null; } else if (trust13Driver.IsKeyWrapAlgorithmElement(tmpCollection[i], out algorithmParameter) && (keyWrapAlgorithmElement == null)) { keyWrapAlgorithmElement = tmpCollection[i]; } else if (trust13Driver.TryParseRequiredClaimsElement(tmpCollection[i], out Collection <XmlElement> reqClaims) && (requiredClaimsElement != null)) { tmpCollection[i] = requiredClaimsElement; requiredClaimsElement = null; } } if (keyWrapAlgorithmElement != null) { // Remove KeyWrapAlgorithmElement as this is not define in Trust Feb 2005. tmpCollection.Remove(keyWrapAlgorithmElement); } // Add the remaining elements to the additionaParameters list to the end. if (encryptionElement != null) { tmpCollection.Add(encryptionElement); } if (canonicalizationElement != null) { tmpCollection.Add(canonicalizationElement); } if (requiredClaimsElement != null) { tmpCollection.Add(requiredClaimsElement); } if (childrenToPromote.Count > 0) { // There are some non-standard elements. Just bump them to the top-level element. for (int i = 0; i < childrenToPromote.Count; ++i) { tmpCollection.Add(childrenToPromote[i]); } } } } return(tmpCollection); }
private Collection <XmlElement> NormalizeAdditionalParameters(Collection <XmlElement> additionalParameters, TrustDriver driver, bool clientSideClaimTypeRequirementsSpecified) { Collection <XmlElement> collection = new Collection <XmlElement>(); foreach (XmlElement element in additionalParameters) { collection.Add(element); } if (driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13) { XmlElement item = null; XmlElement element3 = null; XmlElement element4 = null; XmlElement element5 = null; for (int i = 0; i < collection.Count; i++) { string str; if (driver.IsEncryptionAlgorithmElement(collection[i], out str)) { item = collection[i]; } else if (driver.IsCanonicalizationAlgorithmElement(collection[i], out str)) { element3 = collection[i]; } else if (driver.IsKeyWrapAlgorithmElement(collection[i], out str)) { element4 = collection[i]; } else if (((WSTrustDec2005.DriverDec2005)driver).IsSecondaryParametersElement(collection[i])) { element5 = collection[i]; } } if (element5 != null) { foreach (System.Xml.XmlNode node in element5.ChildNodes) { XmlElement element6 = node as XmlElement; if (element6 != null) { string encryptionAlgorithm = null; if (driver.IsEncryptionAlgorithmElement(element6, out encryptionAlgorithm) && (item != null)) { collection.Remove(item); } else if (driver.IsCanonicalizationAlgorithmElement(element6, out encryptionAlgorithm) && (element3 != null)) { collection.Remove(element3); } else if (driver.IsKeyWrapAlgorithmElement(element6, out encryptionAlgorithm) && (element4 != null)) { collection.Remove(element4); } } } } } if (((driver.StandardsManager.TrustVersion == TrustVersion.WSTrustFeb2005) && !this.CollectionContainsElementsWithTrustNamespace(additionalParameters, "http://schemas.xmlsoap.org/ws/2005/02/trust")) || ((driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13) && !this.CollectionContainsElementsWithTrustNamespace(additionalParameters, "http://docs.oasis-open.org/ws-sx/ws-trust/200512"))) { if (driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13) { WSTrustFeb2005.DriverFeb2005 feb = (WSTrustFeb2005.DriverFeb2005)SecurityStandardsManager.DefaultInstance.TrustDriver; for (int j = 0; j < collection.Count; j++) { string signatureAlgorithm = string.Empty; if (feb.IsSignWithElement(collection[j], out signatureAlgorithm)) { collection[j] = driver.CreateSignWithElement(signatureAlgorithm); } else if (feb.IsEncryptWithElement(collection[j], out signatureAlgorithm)) { collection[j] = driver.CreateEncryptWithElement(signatureAlgorithm); } else if (feb.IsEncryptionAlgorithmElement(collection[j], out signatureAlgorithm)) { collection[j] = driver.CreateEncryptionAlgorithmElement(signatureAlgorithm); } else if (feb.IsCanonicalizationAlgorithmElement(collection[j], out signatureAlgorithm)) { collection[j] = driver.CreateCanonicalizationAlgorithmElement(signatureAlgorithm); } } return(collection); } Collection <XmlElement> collection2 = null; WSSecurityTokenSerializer tokenSerializer = new WSSecurityTokenSerializer(SecurityVersion.WSSecurity11, TrustVersion.WSTrust13, SecureConversationVersion.WSSecureConversation13, true, null, null, null); SecurityStandardsManager manager2 = new SecurityStandardsManager(MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12, tokenSerializer); WSTrustDec2005.DriverDec2005 trustDriver = (WSTrustDec2005.DriverDec2005)manager2.TrustDriver; foreach (XmlElement element7 in collection) { if (trustDriver.IsSecondaryParametersElement(element7)) { collection2 = new Collection <XmlElement>(); foreach (System.Xml.XmlNode node2 in element7.ChildNodes) { XmlElement innerElement = node2 as XmlElement; if ((innerElement != null) && this.CanPromoteToRoot(innerElement, trustDriver, clientSideClaimTypeRequirementsSpecified)) { collection2.Add(innerElement); } } collection.Remove(element7); break; } } if ((collection2 != null) && (collection2.Count > 0)) { XmlElement element9 = null; string str4 = string.Empty; XmlElement element10 = null; string canonicalizationAlgorithm = string.Empty; XmlElement element11 = null; Collection <XmlElement> requiredClaims = null; Collection <XmlElement> collection4 = new Collection <XmlElement>(); foreach (XmlElement element12 in collection2) { if ((element9 == null) && trustDriver.IsEncryptionAlgorithmElement(element12, out str4)) { element9 = driver.CreateEncryptionAlgorithmElement(str4); collection4.Add(element12); } else if ((element10 == null) && trustDriver.IsCanonicalizationAlgorithmElement(element12, out canonicalizationAlgorithm)) { element10 = driver.CreateCanonicalizationAlgorithmElement(canonicalizationAlgorithm); collection4.Add(element12); } else if ((element11 == null) && trustDriver.TryParseRequiredClaimsElement(element12, out requiredClaims)) { element11 = driver.CreateRequiredClaimsElement(requiredClaims); collection4.Add(element12); } } for (int k = 0; k < collection4.Count; k++) { collection2.Remove(collection4[k]); } XmlElement element13 = null; for (int m = 0; m < collection.Count; m++) { string str6; if (trustDriver.IsSignWithElement(collection[m], out str6)) { collection[m] = driver.CreateSignWithElement(str6); } else if (trustDriver.IsEncryptWithElement(collection[m], out str6)) { collection[m] = driver.CreateEncryptWithElement(str6); } else if (trustDriver.IsEncryptionAlgorithmElement(collection[m], out str6) && (element9 != null)) { collection[m] = element9; element9 = null; } else if (trustDriver.IsCanonicalizationAlgorithmElement(collection[m], out str6) && (element10 != null)) { collection[m] = element10; element10 = null; } else if (trustDriver.IsKeyWrapAlgorithmElement(collection[m], out str6) && (element13 == null)) { element13 = collection[m]; } else { Collection <XmlElement> collection5; if (trustDriver.TryParseRequiredClaimsElement(collection[m], out collection5) && (element11 != null)) { collection[m] = element11; element11 = null; } } } if (element13 != null) { collection.Remove(element13); } if (element9 != null) { collection.Add(element9); } if (element10 != null) { collection.Add(element10); } if (element11 != null) { collection.Add(element11); } if (collection2.Count <= 0) { return(collection); } for (int n = 0; n < collection2.Count; n++) { collection.Add(collection2[n]); } } } return(collection); }