public override XmlElement CreateWsspHttpsTokenAssertion(MetadataExporter exporter, HttpsTransportBindingElement httpsBinding)
{
Fx.Assert(httpsBinding != null, "httpsBinding must not be null.");
Fx.Assert(httpsBinding.AuthenticationScheme.IsSingleton(), "authenticationScheme must be a singleton value for security-mode TransportWithMessageCredential.");
XmlElement result = CreateWsspAssertion(WSSecurityPolicy.HttpsTokenName);
if (httpsBinding.RequireClientCertificate ||
httpsBinding.AuthenticationScheme == AuthenticationSchemes.Basic ||
httpsBinding.AuthenticationScheme == AuthenticationSchemes.Digest)
{
XmlElement policy = CreateWspPolicyWrapper(exporter);
if (httpsBinding.RequireClientCertificate)
{
policy.AppendChild(CreateWsspAssertion(WSSecurityPolicy.RequireClientCertificateName));
}
if (httpsBinding.AuthenticationScheme == AuthenticationSchemes.Basic)
{
policy.AppendChild(CreateWsspAssertion(WSSecurityPolicy.HttpBasicAuthenticationName));
}
else if (httpsBinding.AuthenticationScheme == AuthenticationSchemes.Digest)
{
policy.AppendChild(CreateWsspAssertion(WSSecurityPolicy.HttpDigestAuthenticationName));
}
result.AppendChild(policy);
}
return result;
}
public override XmlElement CreateWsspSecureConversationTokenAssertion(MetadataExporter exporter, SecureConversationSecurityTokenParameters parameters)
{
XmlElement tokenAssertion = this.CreateWsspAssertion("SecureConversationToken");
this.SetIncludeTokenValue(tokenAssertion, parameters.InclusionMode);
tokenAssertion.AppendChild(this.CreateWspPolicyWrapper(exporter, new XmlElement[] { this.CreateWsspRequireDerivedKeysAssertion(parameters.RequireDerivedKeys), this.CreateWsspMustNotSendCancelAssertion(parameters.RequireCancellation), this.CreateWsspBootstrapPolicyAssertion(exporter, parameters.BootstrapSecurityBindingElement), this.CreateWsspMustNotSendAmendAssertion(), (!parameters.RequireCancellation || !parameters.CanRenewSession) ? this.CreateWsspMustNotSendRenewAssertion() : null }));
return tokenAssertion;
}
private XmlElement CreateWsspSignedEncryptedSupportingTokensAssertion(MetadataExporter exporter, Collection<SecurityTokenParameters> signedEncrypted, Collection<SecurityTokenParameters> optionalSignedEncrypted)
{
if (((signedEncrypted == null) || (signedEncrypted.Count == 0)) && ((optionalSignedEncrypted == null) || (optionalSignedEncrypted.Count == 0)))
{
return null;
}
XmlElement newChild = this.CreateWspPolicyWrapper(exporter, new XmlElement[0]);
if (signedEncrypted != null)
{
foreach (SecurityTokenParameters parameters in signedEncrypted)
{
newChild.AppendChild(this.CreateTokenAssertion(exporter, parameters));
}
}
if (optionalSignedEncrypted != null)
{
foreach (SecurityTokenParameters parameters2 in optionalSignedEncrypted)
{
newChild.AppendChild(this.CreateTokenAssertion(exporter, parameters2, true));
}
}
XmlElement element = this.CreateWsspAssertion("SignedEncryptedSupportingTokens");
element.AppendChild(newChild);
return element;
}
public override XmlElement CreateMsspSslContextTokenAssertion(MetadataExporter exporter, SslSecurityTokenParameters parameters)
{
XmlElement tokenAssertion = this.CreateMsspAssertion("SslContextToken");
this.SetIncludeTokenValue(tokenAssertion, parameters.InclusionMode);
tokenAssertion.AppendChild(this.CreateWspPolicyWrapper(exporter, new XmlElement[] { this.CreateWsspRequireDerivedKeysAssertion(parameters.RequireDerivedKeys), this.CreateWsspMustNotSendCancelAssertion(false), this.CreateMsspRequireClientCertificateAssertion(parameters.RequireClientCertificate), this.CreateWsspMustNotSendAmendAssertion(), this.CreateWsspMustNotSendRenewAssertion() }));
return tokenAssertion;
}
internal void OnExportPolicy(MetadataExporter exporter, PolicyConversionContext context)
{
string str = "";
switch (this.Mode)
{
case SecurityMode.None:
str = "PeerTransportSecurityModeNone";
break;
case SecurityMode.Transport:
str = "PeerTransportSecurityModeTransport";
break;
case SecurityMode.Message:
str = "PeerTransportSecurityModeMessage";
break;
case SecurityMode.TransportWithMessageCredential:
str = "PeerTransportSecurityModeTransportWithMessageCredential";
break;
default:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
XmlElement item = new XmlDocument().CreateElement("pc", "PeerTransportSecurityMode", "http://schemas.microsoft.com/soap/peer");
item.InnerText = str;
context.GetBindingAssertions().Add(item);
this.transportSecurity.OnExportPolicy(exporter, context);
}
private static void TraceWsdlExportErrors(MetadataExporter exporter)
{
foreach (MetadataConversionError error in exporter.Errors)
{
if (DiagnosticUtility.ShouldTraceWarning)
{
Hashtable hashtable2 = new Hashtable(2);
hashtable2.Add("IsWarning", error.IsWarning);
hashtable2.Add("Message", error.Message);
Hashtable dictionary = hashtable2;
TraceUtility.TraceEvent(TraceEventType.Warning, 0x8003d, System.ServiceModel.SR.GetString("TraceCodeWsmexNonCriticalWsdlExportError"), new DictionaryTraceRecord(dictionary), null, null);
}
}
}
static void TraceWsdlExportErrors(MetadataExporter exporter)
{
foreach (MetadataConversionError error in exporter.Errors)
{
if (DiagnosticUtility.ShouldTraceWarning)
{
Hashtable h = new Hashtable(2)
{
{ "IsWarning", error.IsWarning },
{ "Message", error.Message }
};
TraceUtility.TraceEvent(TraceEventType.Warning, TraceCode.WsmexNonCriticalWsdlExportError,
SR.GetString(SR.TraceCodeWsmexNonCriticalWsdlExportError), new DictionaryTraceRecord(h), null, null);
}
}
}
internal void OnExportPolicy(MetadataExporter exporter, PolicyConversionContext context)
{
string str = "";
switch (this.CredentialType)
{
case PeerTransportCredentialType.Password:
str = "PeerTransportCredentialTypePassword";
break;
case PeerTransportCredentialType.Certificate:
str = "PeerTransportCredentialTypeCertificate";
break;
default:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
XmlElement item = new XmlDocument().CreateElement("pc", "PeerTransportCredentialType", "http://schemas.microsoft.com/soap/peer");
item.InnerText = str;
context.GetBindingAssertions().Add(item);
}
public override XmlElement CreateWsspHttpsTokenAssertion(MetadataExporter exporter, HttpsTransportBindingElement httpsBinding)
{
XmlElement element = this.CreateWsspAssertion("HttpsToken");
if ((httpsBinding.RequireClientCertificate || (httpsBinding.AuthenticationScheme == AuthenticationSchemes.Basic)) || (httpsBinding.AuthenticationScheme == AuthenticationSchemes.Digest))
{
XmlElement newChild = this.CreateWspPolicyWrapper(exporter, new XmlElement[0]);
if (httpsBinding.RequireClientCertificate)
{
newChild.AppendChild(this.CreateWsspAssertion("RequireClientCertificate"));
}
if (httpsBinding.AuthenticationScheme == AuthenticationSchemes.Basic)
{
newChild.AppendChild(this.CreateWsspAssertion("HttpBasicAuthentication"));
}
else if (httpsBinding.AuthenticationScheme == AuthenticationSchemes.Digest)
{
newChild.AppendChild(this.CreateWsspAssertion("HttpDigestAuthentication"));
}
element.AppendChild(newChild);
}
return element;
}
internal void OnExportPolicy(MetadataExporter exporter, PolicyConversionContext context)
{
string assertion = "";
switch (this.CredentialType)
{
case PeerTransportCredentialType.Password:
assertion = PeerTransportPolicyConstants.PeerTransportCredentialTypePassword;
break;
case PeerTransportCredentialType.Certificate:
assertion = PeerTransportPolicyConstants.PeerTransportCredentialTypeCertificate;
break;
default:
Fx.Assert("Unsupported value for PeerTransportSecuritySettings.CredentialType");
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
XmlDocument doc = new XmlDocument();
XmlElement element = doc.CreateElement(PeerTransportPolicyConstants.PeerTransportPrefix,
PeerTransportPolicyConstants.PeerTransportCredentialType,
TransportPolicyConstants.PeerTransportUri);
element.InnerText = assertion;
context.GetBindingAssertions().Add(element);
}
public virtual XmlElement CreateMsspSslContextTokenAssertion(MetadataExporter exporter, SslSecurityTokenParameters parameters)
{
XmlElement result = CreateMsspAssertion(SslContextTokenName);
SetIncludeTokenValue(result, parameters.InclusionMode);
result.AppendChild(
CreateWspPolicyWrapper(
exporter,
CreateWsspRequireDerivedKeysAssertion(parameters.RequireDerivedKeys),
CreateWsspMustNotSendCancelAssertion(parameters.RequireCancellation),
CreateMsspRequireClientCertificateAssertion(parameters.RequireClientCertificate)
));
return result;
}
internal MetadataSet GenerateMetadata()
{
if (this.behavior.ExternalMetadataLocation == null || this.behavior.ExternalMetadataLocation.ToString() == string.Empty)
{
if (this.metadataGenerationException != null)
{
throw this.metadataGenerationException;
}
try
{
MetadataExporter exporter = this.behavior.MetadataExporter;
XmlQualifiedName serviceName = new XmlQualifiedName(this.description.Name, this.description.Namespace);
Collection <ServiceEndpoint> exportedEndpoints = new Collection <ServiceEndpoint>();
foreach (ServiceEndpoint endpoint in this.description.Endpoints)
{
ServiceMetadataContractBehavior contractBehavior = endpoint.Contract.Behaviors.Find <ServiceMetadataContractBehavior>();
// if contract behavior exists, generate metadata when the behavior allows metadata generation
// if contract behavior doesn't exist, generate metadata only for non system endpoints
if ((contractBehavior != null && !contractBehavior.MetadataGenerationDisabled) ||
(contractBehavior == null && !endpoint.IsSystemEndpoint))
{
EndpointAddress address = null;
EndpointDispatcher endpointDispatcher = GetListenerByID(this.host.ChannelDispatchers, endpoint.Id);
if (endpointDispatcher != null)
{
address = endpointDispatcher.EndpointAddress;
}
ServiceEndpoint exportedEndpoint = new ServiceEndpoint(endpoint.Contract);
exportedEndpoint.Binding = endpoint.Binding;
exportedEndpoint.Name = endpoint.Name;
exportedEndpoint.Address = address;
foreach (IEndpointBehavior behavior in endpoint.Behaviors)
{
exportedEndpoint.Behaviors.Add(behavior);
}
exportedEndpoints.Add(exportedEndpoint);
}
}
WsdlExporter wsdlExporter = exporter as WsdlExporter;
if (wsdlExporter != null)
{
// Pass the BindingParameterCollection into the ExportEndpoints method so that the binding parameters can be using to export WSDL correctly.
// The binding parameters are used in BuildChannelListener, during which they can modify the configuration of the channel in ways that might have to
// be communicated in the WSDL. For example, in the case of Multi-Auth, the AuthenticationSchemesBindingParameter is used during BuildChannelListener
// to set the AuthenticationSchemes supported by the virtual directory on the HttpTransportBindingElement. These authentication schemes also need
// to be in the WSDL, so that clients know what authentication schemes are supported by the service. (see CSDMain #180381)
Fx.Assert(this.host != null, "ServiceHostBase field on MetadataExtensionInitializer should never be null.");
wsdlExporter.ExportEndpoints(exportedEndpoints, serviceName, this.host.GetBindingParameters(exportedEndpoints));
}
else
{
foreach (ServiceEndpoint endpoint in exportedEndpoints)
{
exporter.ExportEndpoint(endpoint);
}
}
if (exporter.Errors.Count > 0 && DiagnosticUtility.ShouldTraceWarning)
{
TraceWsdlExportErrors(exporter);
}
return(exporter.GetGeneratedMetadata());
}
catch (Exception e)
{
this.metadataGenerationException = e;
throw;
}
}
return(null);
}
public abstract XmlElement CreateWsspHttpsTokenAssertion(MetadataExporter exporter, HttpsTransportBindingElement httpsBinding);
public virtual Collection<XmlElement> CreateWsspSupportingTokensAssertion(MetadataExporter exporter, Collection<SecurityTokenParameters> signed, Collection<SecurityTokenParameters> signedEncrypted, Collection<SecurityTokenParameters> endorsing, Collection<SecurityTokenParameters> signedEndorsing, Collection<SecurityTokenParameters> optionalSigned, Collection<SecurityTokenParameters> optionalSignedEncrypted, Collection<SecurityTokenParameters> optionalEndorsing, Collection<SecurityTokenParameters> optionalSignedEndorsing, AddressingVersion addressingVersion)
{
Collection<XmlElement> supportingTokenAssertions = new Collection<XmlElement>();
// Signed Supporting Tokens
XmlElement supportingTokenAssertion = CreateWsspSignedSupportingTokensAssertion(exporter, signed, signedEncrypted, optionalSigned, optionalSignedEncrypted);
if (supportingTokenAssertion != null)
supportingTokenAssertions.Add(supportingTokenAssertion);
// Endorsing Supporting Tokens.
supportingTokenAssertion = CreateWsspEndorsingSupportingTokensAssertion(exporter, endorsing, optionalEndorsing, addressingVersion);
if (supportingTokenAssertion != null)
supportingTokenAssertions.Add(supportingTokenAssertion);
// Signed Endorsing Supporting Tokens.
supportingTokenAssertion = CreateWsspSignedEndorsingSupportingTokensAssertion(exporter, signedEndorsing, optionalSignedEndorsing, addressingVersion);
if (supportingTokenAssertion != null)
supportingTokenAssertions.Add(supportingTokenAssertion);
return supportingTokenAssertions;
}
protected XmlElement CreateWsspSignedEndorsingSupportingTokensAssertion(MetadataExporter exporter, Collection<SecurityTokenParameters> signedEndorsing, Collection<SecurityTokenParameters> optionalSignedEndorsing, AddressingVersion addressingVersion)
{
return CreateWsspiSupportingTokensAssertion(exporter, signedEndorsing, optionalSignedEndorsing, addressingVersion, SignedEndorsingSupportingTokensName);
}
protected XmlElement CreateWsspTrustAssertion(string trustName, MetadataExporter exporter, SecurityKeyEntropyMode keyEntropyMode)
{
XmlElement result = CreateWsspAssertion(trustName);
result.AppendChild(
CreateWspPolicyWrapper(
exporter,
CreateWsspAssertion(MustSupportIssuedTokensName),
CreateWsspRequireClientEntropyAssertion(keyEntropyMode),
CreateWsspRequireServerEntropyAssertion(keyEntropyMode)
));
return result;
}
public virtual XmlElement CreateWsspWss11Assertion(MetadataExporter exporter, bool requireSignatureConfirmation)
{
XmlElement result = CreateWsspAssertion(Wss11Name);
result.AppendChild(
CreateWspPolicyWrapper(
exporter,
CreateWsspAssertionMustSupportRefKeyIdentifierName(),
CreateWsspAssertionMustSupportRefIssuerSerialName(),
CreateWsspAssertionMustSupportRefThumbprintName(),
CreateWsspAssertionMustSupportRefEncryptedKeyName(),
CreateWsspRequireSignatureConformationAssertion(requireSignatureConfirmation)
));
return result;
}
public virtual XmlElement CreateWsspWssAssertion(MetadataExporter exporter, SecurityBindingElement binding)
{
if (binding == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("binding");
}
if (binding.MessageSecurityVersion.SecurityVersion == SecurityVersion.WSSecurity10)
{
return CreateWsspWss10Assertion(exporter);
}
else if (binding.MessageSecurityVersion.SecurityVersion == SecurityVersion.WSSecurity11)
{
if (binding is SymmetricSecurityBindingElement)
{
return CreateWsspWss11Assertion(exporter, ((SymmetricSecurityBindingElement)binding).RequireSignatureConfirmation);
}
else if (binding is AsymmetricSecurityBindingElement)
{
return CreateWsspWss11Assertion(exporter, ((AsymmetricSecurityBindingElement)binding).RequireSignatureConfirmation);
}
else
{
return CreateWsspWss11Assertion(exporter, false);
}
}
else
{
return null;
}
}
public virtual XmlElement CreateWsspAsymmetricBindingAssertion(MetadataExporter exporter, PolicyConversionContext policyContext, AsymmetricSecurityBindingElement binding)
{
if (binding == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("binding");
}
XmlElement result = CreateWsspAssertion(AsymmetricBindingName);
result.AppendChild(
CreateWspPolicyWrapper(
exporter,
CreateWsspInitiatorTokenAssertion(exporter, binding.InitiatorTokenParameters),
CreateWsspRecipientTokenAssertion(exporter, binding.RecipientTokenParameters),
CreateWsspAlgorithmSuiteAssertion(exporter, binding.DefaultAlgorithmSuite),
CreateWsspLayoutAssertion(exporter, binding.SecurityHeaderLayout),
CreateWsspIncludeTimestampAssertion(binding.IncludeTimestamp),
CreateWsspEncryptBeforeSigningAssertion(binding.MessageProtectionOrder),
CreateWsspEncryptSignatureAssertion(policyContext, binding),
CreateWsspProtectTokensAssertion(binding),
CreateWsspAssertion(OnlySignEntireHeadersAndBodyName)
));
return result;
}
public virtual XmlElement CreateWsspBootstrapPolicyAssertion(MetadataExporter exporter, SecurityBindingElement bootstrapSecurity)
{
if (bootstrapSecurity == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("bootstrapBinding");
WSSecurityPolicy sp = WSSecurityPolicy.GetSecurityPolicyDriver(bootstrapSecurity.MessageSecurityVersion);
// create complete bootstrap binding
CustomBinding bootstrapBinding = new CustomBinding(bootstrapSecurity);
if (exporter.State.ContainsKey(SecurityPolicyStrings.SecureConversationBootstrapBindingElementsBelowSecurityKey))
{
BindingElementCollection bindingElementsBelowSecurity = exporter.State[SecurityPolicyStrings.SecureConversationBootstrapBindingElementsBelowSecurityKey] as BindingElementCollection;
if (bindingElementsBelowSecurity != null)
{
foreach (BindingElement be in bindingElementsBelowSecurity)
{
bootstrapBinding.Elements.Add(be);
}
}
}
// generate policy for the "how" of security
ServiceEndpoint bootstrapEndpoint = new ServiceEndpoint(NullContract);
bootstrapEndpoint.Binding = bootstrapBinding;
PolicyConversionContext policyContext = exporter.ExportPolicy(bootstrapEndpoint);
// generate policy for the "what" of security (protection assertions)
// hard-coded requirements in V1: sign and encrypt RST and RSTR body
ChannelProtectionRequirements bootstrapProtection = new ChannelProtectionRequirements();
bootstrapProtection.IncomingEncryptionParts.AddParts(new MessagePartSpecification(true));
bootstrapProtection.OutgoingEncryptionParts.AddParts(new MessagePartSpecification(true));
bootstrapProtection.IncomingSignatureParts.AddParts(new MessagePartSpecification(true));
bootstrapProtection.OutgoingSignatureParts.AddParts(new MessagePartSpecification(true));
// add boostrap binding protection requirements (e.g. addressing headers)
ChannelProtectionRequirements cpr = bootstrapBinding.GetProperty<ChannelProtectionRequirements>(new BindingParameterCollection());
if (cpr != null)
{
bootstrapProtection.Add(cpr);
}
// extract channel-scope protection requirements and union them across request and response
MessagePartSpecification encryption = new MessagePartSpecification();
encryption.Union(bootstrapProtection.IncomingEncryptionParts.ChannelParts);
encryption.Union(bootstrapProtection.OutgoingEncryptionParts.ChannelParts);
encryption.MakeReadOnly();
MessagePartSpecification signature = new MessagePartSpecification();
signature.Union(bootstrapProtection.IncomingSignatureParts.ChannelParts);
signature.Union(bootstrapProtection.OutgoingSignatureParts.ChannelParts);
signature.MakeReadOnly();
// create final boostrap policy assertion
XmlElement nestedPolicy = CreateWspPolicyWrapper(
exporter,
sp.CreateWsspSignedPartsAssertion(signature),
sp.CreateWsspEncryptedPartsAssertion(encryption));
foreach (XmlElement e in sp.FilterWsspPolicyAssertions(policyContext.GetBindingAssertions()))
{
nestedPolicy.AppendChild(e);
}
XmlElement result = CreateWsspAssertion(BootstrapPolicyName);
result.AppendChild(nestedPolicy);
return result;
}
public virtual XmlElement CreateWsspSecureConversationTokenAssertion(MetadataExporter exporter, SecureConversationSecurityTokenParameters parameters)
{
XmlElement result = CreateWsspAssertion(SecureConversationTokenName);
SetIncludeTokenValue(result, parameters.InclusionMode);
result.AppendChild(
CreateWspPolicyWrapper(
exporter,
CreateWsspRequireDerivedKeysAssertion(parameters.RequireDerivedKeys),
CreateWsspMustNotSendCancelAssertion(parameters.RequireCancellation),
CreateWsspBootstrapPolicyAssertion(exporter, parameters.BootstrapSecurityBindingElement)
));
return result;
}
public virtual XmlElement CreateTokenAssertion(MetadataExporter exporter, SecurityTokenParameters parameters, bool isOptional)
{
if (parameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("parameters");
}
XmlElement result;
if (parameters is KerberosSecurityTokenParameters)
{
result = CreateWsspKerberosTokenAssertion(exporter, (KerberosSecurityTokenParameters)parameters);
}
else if (parameters is X509SecurityTokenParameters)
{
result = CreateWsspX509TokenAssertion(exporter, (X509SecurityTokenParameters)parameters);
}
else if (parameters is UserNameSecurityTokenParameters)
{
result = CreateWsspUsernameTokenAssertion(exporter, (UserNameSecurityTokenParameters)parameters);
}
else if (parameters is IssuedSecurityTokenParameters)
{
result = CreateWsspIssuedTokenAssertion(exporter, (IssuedSecurityTokenParameters)parameters);
}
else if (parameters is SspiSecurityTokenParameters)
{
result = CreateWsspSpnegoContextTokenAssertion(exporter, (SspiSecurityTokenParameters)parameters);
}
else if (parameters is SslSecurityTokenParameters)
{
result = CreateMsspSslContextTokenAssertion(exporter, (SslSecurityTokenParameters)parameters);
}
else if (parameters is SecureConversationSecurityTokenParameters)
{
result = CreateWsspSecureConversationTokenAssertion(exporter, (SecureConversationSecurityTokenParameters)parameters);
}
else if (parameters is RsaSecurityTokenParameters)
{
result = CreateWsspRsaTokenAssertion((RsaSecurityTokenParameters)parameters);
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("parameters"));
}
if (result != null && isOptional)
{
result.SetAttribute(OptionalName, exporter.PolicyVersion.Namespace, TrueName);
}
return result;
}
public virtual XmlElement CreateWsspTransportBindingAssertion(MetadataExporter exporter, TransportSecurityBindingElement binding, XmlElement transportTokenAssertion)
{
XmlElement result = CreateWsspAssertion(TransportBindingName);
result.AppendChild(
CreateWspPolicyWrapper(
exporter,
CreateWsspTransportTokenAssertion(exporter, transportTokenAssertion),
CreateWsspAlgorithmSuiteAssertion(exporter, binding.DefaultAlgorithmSuite),
CreateWsspLayoutAssertion(exporter, binding.SecurityHeaderLayout),
CreateWsspIncludeTimestampAssertion(binding.IncludeTimestamp)
));
return result;
}
public virtual XmlElement CreateWsspKerberosTokenAssertion(MetadataExporter exporter, KerberosSecurityTokenParameters parameters)
{
XmlElement result = CreateWsspAssertion(KerberosTokenName);
SetIncludeTokenValue(result, parameters.InclusionMode);
result.AppendChild(
CreateWspPolicyWrapper(
exporter,
CreateWsspRequireDerivedKeysAssertion(parameters.RequireDerivedKeys),
CreateWsspAssertion(WssGssKerberosV5ApReqToken11Name)
));
return result;
}
public virtual XmlElement CreateWsspWss10Assertion(MetadataExporter exporter)
{
XmlElement result = CreateWsspAssertion(Wss10Name);
result.AppendChild(
CreateWspPolicyWrapper(
exporter,
CreateWsspAssertionMustSupportRefKeyIdentifierName(),
CreateWsspAssertionMustSupportRefIssuerSerialName()
));
return result;
}
public virtual XmlElement CreateWsspX509TokenAssertion(MetadataExporter exporter, X509SecurityTokenParameters parameters)
{
XmlElement result = CreateWsspAssertion(X509TokenName);
SetIncludeTokenValue(result, parameters.InclusionMode);
result.AppendChild(
CreateWspPolicyWrapper(
exporter,
CreateWsspRequireDerivedKeysAssertion(parameters.RequireDerivedKeys),
CreateX509ReferenceStyleAssertion(parameters.X509ReferenceStyle),
CreateWsspAssertion(WssX509V3Token10Name)
));
return result;
}
public abstract XmlElement CreateWsspTrustAssertion(MetadataExporter exporter, SecurityKeyEntropyMode keyEntropyMode);
public virtual XmlElement CreateWsspUsernameTokenAssertion(MetadataExporter exporter, UserNameSecurityTokenParameters parameters)
{
XmlElement result = CreateWsspAssertion(UsernameTokenName);
SetIncludeTokenValue(result, parameters.InclusionMode);
result.AppendChild(
CreateWspPolicyWrapper(
exporter,
CreateWsspAssertion(WssUsernameToken10Name)
));
return result;
}
public virtual Collection<XmlElement> CreateWsspSupportingTokensAssertion(MetadataExporter exporter, Collection<SecurityTokenParameters> signed, Collection<SecurityTokenParameters> signedEncrypted, Collection<SecurityTokenParameters> endorsing, Collection<SecurityTokenParameters> signedEndorsing, Collection<SecurityTokenParameters> optionalSigned, Collection<SecurityTokenParameters> optionalSignedEncrypted, Collection<SecurityTokenParameters> optionalEndorsing, Collection<SecurityTokenParameters> optionalSignedEndorsing)
{
return CreateWsspSupportingTokensAssertion(exporter, signed, signedEncrypted, endorsing, signedEndorsing, optionalSigned, optionalSignedEncrypted, optionalEndorsing, optionalSignedEndorsing, null);
}
public virtual XmlElement CreateWsspIssuedTokenAssertion(MetadataExporter exporter, IssuedSecurityTokenParameters parameters)
{
XmlElement result = CreateWsspAssertion(IssuedTokenName);
SetIncludeTokenValue(result, parameters.InclusionMode);
XmlElement issuerAssertion = CreateWsspIssuerElement(parameters.IssuerAddress, parameters.IssuerMetadataAddress);
if (issuerAssertion != null)
{
result.AppendChild(issuerAssertion);
}
XmlElement tokenTemplate = CreateWsspAssertion(RequestSecurityTokenTemplateName);
TrustDriver driver = this.TrustDriver;
foreach (XmlElement p in parameters.CreateRequestParameters(driver))
{
tokenTemplate.AppendChild(doc.ImportNode(p, true));
}
result.AppendChild(tokenTemplate);
result.AppendChild(
CreateWspPolicyWrapper(
exporter,
CreateWsspRequireDerivedKeysAssertion(parameters.RequireDerivedKeys),
CreateReferenceStyleAssertion(parameters.ReferenceStyle)
));
return result;
}
protected XmlElement CreateWsspSignedSupportingTokensAssertion(MetadataExporter exporter, Collection<SecurityTokenParameters> signed, Collection<SecurityTokenParameters> signedEncrypted, Collection<SecurityTokenParameters> optionalSigned, Collection<SecurityTokenParameters> optionalSignedEncrypted)
{
XmlElement result;
if ((signed == null || signed.Count == 0)
&& (signedEncrypted == null || signedEncrypted.Count == 0)
&& (optionalSigned == null || optionalSigned.Count == 0)
&& (optionalSignedEncrypted == null || optionalSignedEncrypted.Count == 0))
{
result = null;
}
else
{
XmlElement policy = CreateWspPolicyWrapper(exporter);
if (signed != null)
{
foreach (SecurityTokenParameters p in signed)
{
policy.AppendChild(CreateTokenAssertion(exporter, p));
}
}
if (signedEncrypted != null)
{
foreach (SecurityTokenParameters p in signedEncrypted)
{
policy.AppendChild(CreateTokenAssertion(exporter, p));
}
}
if (optionalSigned != null)
{
foreach (SecurityTokenParameters p in optionalSigned)
{
policy.AppendChild(CreateTokenAssertion(exporter, p, true));
}
}
if (optionalSignedEncrypted != null)
{
foreach (SecurityTokenParameters p in optionalSignedEncrypted)
{
policy.AppendChild(CreateTokenAssertion(exporter, p, true));
}
}
result = CreateWsspAssertion(SignedSupportingTokensName);
result.AppendChild(policy);
}
return result;
}
public virtual XmlElement CreateWspPolicyWrapper(MetadataExporter exporter, params XmlElement[] nestedAssertions)
{
XmlElement result = doc.CreateElement(WspPrefix, PolicyName, exporter.PolicyVersion.Namespace);
if (nestedAssertions != null)
{
foreach (XmlElement e in nestedAssertions)
{
if (e != null)
{
result.AppendChild(e);
}
}
}
return result;
}
protected XmlElement CreateWsspiSupportingTokensAssertion(MetadataExporter exporter, Collection<SecurityTokenParameters> endorsing, Collection<SecurityTokenParameters> optionalEndorsing, AddressingVersion addressingVersion, string assertionName)
{
XmlElement result;
bool hasAssymetricKey = false;
if ((endorsing == null || endorsing.Count == 0)
&& (optionalEndorsing == null || optionalEndorsing.Count == 0))
{
result = null;
}
else
{
XmlElement policy = CreateWspPolicyWrapper(exporter);
if (endorsing != null)
{
foreach (SecurityTokenParameters p in endorsing)
{
if (p.HasAsymmetricKey)
hasAssymetricKey = true;
policy.AppendChild(CreateTokenAssertion(exporter, p));
}
}
if (optionalEndorsing != null)
{
foreach (SecurityTokenParameters p in optionalEndorsing)
{
if (p.HasAsymmetricKey)
hasAssymetricKey = true;
policy.AppendChild(CreateTokenAssertion(exporter, p, true));
}
}
if (addressingVersion != null && AddressingVersion.None != addressingVersion)
{
// only add assertion to sign the 'To' only if an assymetric key is found
if (hasAssymetricKey)
{
policy.AppendChild(
CreateWsspSignedPartsAssertion(
new MessagePartSpecification(new XmlQualifiedName(AddressingStrings.To, addressingVersion.Namespace))));
}
}
result = CreateWsspAssertion(assertionName);
result.AppendChild(policy);
}
return result;
}
internal MetadataSet GenerateMetadata()
{
if ((this.behavior.ExternalMetadataLocation == null) || (this.behavior.ExternalMetadataLocation.ToString() == string.Empty))
{
if (this.metadataGenerationException != null)
{
throw this.metadataGenerationException;
}
try
{
MetadataExporter metadataExporter = this.behavior.MetadataExporter;
XmlQualifiedName wsdlServiceQName = new XmlQualifiedName(this.description.Name, this.description.Namespace);
Collection <ServiceEndpoint> endpoints = new Collection <ServiceEndpoint>();
foreach (ServiceEndpoint endpoint in this.description.Endpoints)
{
ServiceMetadataContractBehavior behavior = endpoint.Contract.Behaviors.Find <ServiceMetadataContractBehavior>();
if (((behavior != null) && !behavior.MetadataGenerationDisabled) || ((behavior == null) && !endpoint.IsSystemEndpoint))
{
EndpointAddress endpointAddress = null;
EndpointDispatcher listenerByID = ServiceMetadataBehavior.GetListenerByID(this.host.ChannelDispatchers, endpoint.Id);
if (listenerByID != null)
{
endpointAddress = listenerByID.EndpointAddress;
}
ServiceEndpoint item = new ServiceEndpoint(endpoint.Contract)
{
Binding = endpoint.Binding,
Name = endpoint.Name,
Address = endpointAddress
};
foreach (IEndpointBehavior behavior2 in endpoint.Behaviors)
{
item.Behaviors.Add(behavior2);
}
endpoints.Add(item);
}
}
WsdlExporter exporter2 = metadataExporter as WsdlExporter;
if (exporter2 != null)
{
exporter2.ExportEndpoints(endpoints, wsdlServiceQName);
}
else
{
foreach (ServiceEndpoint endpoint3 in endpoints)
{
metadataExporter.ExportEndpoint(endpoint3);
}
}
if ((metadataExporter.Errors.Count > 0) && DiagnosticUtility.ShouldTraceWarning)
{
TraceWsdlExportErrors(metadataExporter);
}
return(metadataExporter.GetGeneratedMetadata());
}
catch (Exception exception)
{
this.metadataGenerationException = exception;
throw;
}
}
return(null);
}