internal static bool FindPolicyElement (MetadataImporter importer, XmlElement root, QName name, bool required, bool removeWhenFound, out XmlElement element) { if (!FindPolicyElement (root, name, removeWhenFound, out element)) { importer.AddWarning ("Invalid policy element: {0}", root.OuterXml); return false; } if (required && (element == null)) { importer.AddWarning ("Did not find policy element `{0}'.", name); return false; } return true; }
internal static XmlElement GetElement (MetadataImporter importer, XmlElement root, QName name, bool required) { var list = root.GetElementsByTagName (name.Name, name.Namespace); if (list.Count < 1) { if (required) importer.AddWarning ("Did not find required policy element `{0}'", name); return null; } if (list.Count > 1) { importer.AddWarning ("Found duplicate policy element `{0}'", name); return null; } var element = list [0] as XmlElement; if (required && (element == null)) importer.AddWarning ("Did not find required policy element `{0}'", name); return element; }
bool ImportTcpTransport (MetadataImporter importer, PolicyConversionContext context, XmlElement transportPolicy) { XmlElement transportToken; if (!GetTransportToken (importer, transportPolicy, out transportToken)) return false; if (transportToken == null) return true; bool error; var tokenElementList = PolicyImportHelper.GetPolicyElements (transportToken, out error); if (error || (tokenElementList.Count != 1)) { importer.AddWarning ("Invalid policy assertion: {0}", transportToken.OuterXml); return false; } var tokenElement = tokenElementList [0]; if (!PolicyImportHelper.FramingPolicyNS.Equals (tokenElement.NamespaceURI)) { importer.AddWarning ("Invalid policy assertion: {0}", tokenElement.OuterXml); return false; } if (tokenElement.LocalName.Equals ("WindowsTransportSecurity")) { if (!ImportWindowsTransportSecurity (importer, context, tokenElement)) return false; } else if (tokenElement.LocalName.Equals ("SslTransportSecurity")) { context.BindingElements.Add (new SslStreamSecurityBindingElement ()); } return true; }
bool ImportHttpTransport (MetadataImporter importer, PolicyConversionContext context, XmlElement transportPolicy, out HttpTransportBindingElement bindingElement) { XmlElement transportToken; if (!GetTransportToken (importer, transportPolicy, out transportToken)) { bindingElement = null; return false; } if (transportToken == null) { bindingElement = new HttpTransportBindingElement (); return true; } bool error; var tokenElementList = PolicyImportHelper.GetPolicyElements (transportToken, out error); if (error || (tokenElementList.Count != 1)) { importer.AddWarning ("Invalid policy assertion: {0}", transportToken.OuterXml); bindingElement = null; return false; } var tokenElement = tokenElementList [0]; if (!PolicyImportHelper.SecurityPolicyNS.Equals (tokenElement.NamespaceURI) || !tokenElement.LocalName.Equals ("HttpsToken")) { importer.AddWarning ("Invalid policy assertion: {0}", tokenElement.OuterXml); bindingElement = null; return false; } var httpsTransport = new HttpsTransportBindingElement (); bindingElement = httpsTransport; var certAttr = tokenElement.GetAttribute ("RequireClientCertificate"); if (!String.IsNullOrEmpty (certAttr)) httpsTransport.RequireClientCertificate = Boolean.Parse (certAttr); return true; }
bool ImportTransport (MetadataImporter importer, TransportBindingElement bindingElement, XmlElement transportPolicy) { XmlElement algorithmSuite, layout; if (!PolicyImportHelper.FindPolicyElement ( importer, transportPolicy, new QName ("AlgorithmSuite", PolicyImportHelper.SecurityPolicyNS), false, true, out algorithmSuite) || !PolicyImportHelper.FindPolicyElement ( importer, transportPolicy, new QName ("Layout", PolicyImportHelper.SecurityPolicyNS), false, true, out layout)) return false; bool foundUnknown = false; foreach (var node in transportPolicy.ChildNodes) { var e = node as XmlElement; if (e == null) continue; importer.AddWarning ("Unknown policy assertion: {0}", e.OuterXml); foundUnknown = true; } return !foundUnknown; }
bool ImportWindowsTransportSecurity (MetadataImporter importer, PolicyConversionContext context, XmlElement policyElement) { var protectionLevel = PolicyImportHelper.GetElement ( importer, policyElement, "ProtectionLevel", PolicyImportHelper.FramingPolicyNS, true); if (protectionLevel == null) { importer.AddWarning ( "Invalid policy assertion: {0}", policyElement.OuterXml); return false; } var element = new WindowsStreamSecurityBindingElement (); switch (protectionLevel.InnerText.ToLowerInvariant ()) { case "none": element.ProtectionLevel = ProtectionLevel.None; break; case "sign": element.ProtectionLevel = ProtectionLevel.Sign; break; case "encryptandsign": element.ProtectionLevel = ProtectionLevel.EncryptAndSign; break; default: importer.AddWarning ( "Invalid policy assertion: {0}", protectionLevel.OuterXml); return false; } context.BindingElements.Add (element); return true; }
bool ImportHttpAuthScheme (MetadataImporter importer, HttpTransportBindingElement bindingElement, PolicyConversionContext context) { var assertions = context.GetBindingAssertions (); var authSchemes = AuthenticationSchemes.None; var httpsTransport = bindingElement as HttpsTransportBindingElement; bool certificate = httpsTransport != null ? httpsTransport.RequireClientCertificate : false; var authElements = PolicyImportHelper.FindAssertionByNS ( assertions, PolicyImportHelper.HttpAuthNS); foreach (XmlElement authElement in authElements) { assertions.Remove (authElement); if (certificate) { importer.AddWarning ( "Invalid authentication assertion while " + "using client certificate: {0}", authElement.OuterXml); return false; } switch (authElement.LocalName) { case "BasicAuthentication": authSchemes |= AuthenticationSchemes.Basic; break; case "NtlmAuthentication": authSchemes |= AuthenticationSchemes.Ntlm; break; case "DigestAuthentication": authSchemes |= AuthenticationSchemes.Digest; break; case "NegotiateAuthentication": authSchemes |= AuthenticationSchemes.Negotiate; break; default: importer.AddWarning ( "Invalid policy assertion: {0}", authElement.OuterXml); return false; } } bindingElement.AuthenticationScheme = authSchemes; return true; }