internal static bool FindPolicyElement (MetadataImporter importer, XmlElement root,
QName name, bool required, bool removeWhenFound,
out XmlElement element)
{
if (!FindPolicyElement (root, name, removeWhenFound, out element)) {
importer.AddWarning ("Invalid policy element: {0}", root.OuterXml);
return false;
}
if (required && (element == null)) {
importer.AddWarning ("Did not find policy element `{0}'.", name);
return false;
}
return true;
}
internal static XmlElement GetElement (MetadataImporter importer,
XmlElement root, QName name, bool required)
{
var list = root.GetElementsByTagName (name.Name, name.Namespace);
if (list.Count < 1) {
if (required)
importer.AddWarning ("Did not find required policy element `{0}'", name);
return null;
}
if (list.Count > 1) {
importer.AddWarning ("Found duplicate policy element `{0}'", name);
return null;
}
var element = list [0] as XmlElement;
if (required && (element == null))
importer.AddWarning ("Did not find required policy element `{0}'", name);
return element;
}
bool ImportTcpTransport (MetadataImporter importer, PolicyConversionContext context,
XmlElement transportPolicy)
{
XmlElement transportToken;
if (!GetTransportToken (importer, transportPolicy, out transportToken))
return false;
if (transportToken == null)
return true;
bool error;
var tokenElementList = PolicyImportHelper.GetPolicyElements (transportToken, out error);
if (error || (tokenElementList.Count != 1)) {
importer.AddWarning ("Invalid policy assertion: {0}", transportToken.OuterXml);
return false;
}
var tokenElement = tokenElementList [0];
if (!PolicyImportHelper.FramingPolicyNS.Equals (tokenElement.NamespaceURI)) {
importer.AddWarning ("Invalid policy assertion: {0}", tokenElement.OuterXml);
return false;
}
if (tokenElement.LocalName.Equals ("WindowsTransportSecurity")) {
if (!ImportWindowsTransportSecurity (importer, context, tokenElement))
return false;
} else if (tokenElement.LocalName.Equals ("SslTransportSecurity")) {
context.BindingElements.Add (new SslStreamSecurityBindingElement ());
}
return true;
}
bool ImportHttpTransport (MetadataImporter importer, PolicyConversionContext context,
XmlElement transportPolicy,
out HttpTransportBindingElement bindingElement)
{
XmlElement transportToken;
if (!GetTransportToken (importer, transportPolicy, out transportToken)) {
bindingElement = null;
return false;
}
if (transportToken == null) {
bindingElement = new HttpTransportBindingElement ();
return true;
}
bool error;
var tokenElementList = PolicyImportHelper.GetPolicyElements (transportToken, out error);
if (error || (tokenElementList.Count != 1)) {
importer.AddWarning ("Invalid policy assertion: {0}", transportToken.OuterXml);
bindingElement = null;
return false;
}
var tokenElement = tokenElementList [0];
if (!PolicyImportHelper.SecurityPolicyNS.Equals (tokenElement.NamespaceURI) ||
!tokenElement.LocalName.Equals ("HttpsToken")) {
importer.AddWarning ("Invalid policy assertion: {0}", tokenElement.OuterXml);
bindingElement = null;
return false;
}
var httpsTransport = new HttpsTransportBindingElement ();
bindingElement = httpsTransport;
var certAttr = tokenElement.GetAttribute ("RequireClientCertificate");
if (!String.IsNullOrEmpty (certAttr))
httpsTransport.RequireClientCertificate = Boolean.Parse (certAttr);
return true;
}
bool ImportTransport (MetadataImporter importer, TransportBindingElement bindingElement,
XmlElement transportPolicy)
{
XmlElement algorithmSuite, layout;
if (!PolicyImportHelper.FindPolicyElement (
importer, transportPolicy,
new QName ("AlgorithmSuite", PolicyImportHelper.SecurityPolicyNS),
false, true, out algorithmSuite) ||
!PolicyImportHelper.FindPolicyElement (
importer, transportPolicy,
new QName ("Layout", PolicyImportHelper.SecurityPolicyNS),
false, true, out layout))
return false;
bool foundUnknown = false;
foreach (var node in transportPolicy.ChildNodes) {
var e = node as XmlElement;
if (e == null)
continue;
importer.AddWarning ("Unknown policy assertion: {0}", e.OuterXml);
foundUnknown = true;
}
return !foundUnknown;
}
bool ImportWindowsTransportSecurity (MetadataImporter importer,
PolicyConversionContext context,
XmlElement policyElement)
{
var protectionLevel = PolicyImportHelper.GetElement (
importer, policyElement, "ProtectionLevel",
PolicyImportHelper.FramingPolicyNS, true);
if (protectionLevel == null) {
importer.AddWarning (
"Invalid policy assertion: {0}", policyElement.OuterXml);
return false;
}
var element = new WindowsStreamSecurityBindingElement ();
switch (protectionLevel.InnerText.ToLowerInvariant ()) {
case "none":
element.ProtectionLevel = ProtectionLevel.None;
break;
case "sign":
element.ProtectionLevel = ProtectionLevel.Sign;
break;
case "encryptandsign":
element.ProtectionLevel = ProtectionLevel.EncryptAndSign;
break;
default:
importer.AddWarning (
"Invalid policy assertion: {0}", protectionLevel.OuterXml);
return false;
}
context.BindingElements.Add (element);
return true;
}
bool ImportHttpAuthScheme (MetadataImporter importer,
HttpTransportBindingElement bindingElement,
PolicyConversionContext context)
{
var assertions = context.GetBindingAssertions ();
var authSchemes = AuthenticationSchemes.None;
var httpsTransport = bindingElement as HttpsTransportBindingElement;
bool certificate = httpsTransport != null ?
httpsTransport.RequireClientCertificate : false;
var authElements = PolicyImportHelper.FindAssertionByNS (
assertions, PolicyImportHelper.HttpAuthNS);
foreach (XmlElement authElement in authElements) {
assertions.Remove (authElement);
if (certificate) {
importer.AddWarning (
"Invalid authentication assertion while " +
"using client certificate: {0}", authElement.OuterXml);
return false;
}
switch (authElement.LocalName) {
case "BasicAuthentication":
authSchemes |= AuthenticationSchemes.Basic;
break;
case "NtlmAuthentication":
authSchemes |= AuthenticationSchemes.Ntlm;
break;
case "DigestAuthentication":
authSchemes |= AuthenticationSchemes.Digest;
break;
case "NegotiateAuthentication":
authSchemes |= AuthenticationSchemes.Negotiate;
break;
default:
importer.AddWarning (
"Invalid policy assertion: {0}", authElement.OuterXml);
return false;
}
}
bindingElement.AuthenticationScheme = authSchemes;
return true;
}