internal Collection <XmlElement> CreateRequestParameters(TrustDriver driver) { if (driver == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("driver"); } Collection <XmlElement> result = new Collection <XmlElement>(); if (_tokenType != null) { result.Add(driver.CreateTokenTypeElement(_tokenType)); } result.Add(driver.CreateKeyTypeElement(_keyType)); if (_keySize != 0) { result.Add(driver.CreateKeySizeElement(_keySize)); } if (_claimTypeRequirements.Count > 0) { Collection <XmlElement> claimsElements = new Collection <XmlElement>(); XmlDocument doc = new XmlDocument(); foreach (ClaimTypeRequirement claimType in _claimTypeRequirements) { XmlElement element = doc.CreateElement(wsidPrefix, "ClaimType", wsidNamespace); XmlAttribute attr = doc.CreateAttribute("Uri"); attr.Value = claimType.ClaimType; element.Attributes.Append(attr); if (claimType.IsOptional != ClaimTypeRequirement.DefaultIsOptional) { attr = doc.CreateAttribute("Optional"); attr.Value = XmlConvert.ToString(claimType.IsOptional); element.Attributes.Append(attr); } claimsElements.Add(element); } result.Add(driver.CreateRequiredClaimsElement(claimsElements)); } if (_additionalRequestParameters.Count > 0) { Collection <XmlElement> trustNormalizedParameters = NormalizeAdditionalParameters(_additionalRequestParameters, driver, (_claimTypeRequirements.Count > 0)); foreach (XmlElement parameter in trustNormalizedParameters) { result.Add(parameter); } } return(result); }
internal Collection <XmlElement> CreateRequestParameters(TrustDriver driver) { if (driver == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("driver"); } Collection <XmlElement> collection1 = new Collection <XmlElement>(); if (this.tokenType != null) { collection1.Add(driver.CreateTokenTypeElement(this.tokenType)); } collection1.Add(driver.CreateKeyTypeElement(this.keyType)); if (this.keySize != 0) { collection1.Add(driver.CreateKeySizeElement(this.keySize)); } if (this.claimTypeRequirements.Count > 0) { Collection <XmlElement> collection2 = new Collection <XmlElement>(); XmlDocument xmlDocument = new XmlDocument(); foreach (ClaimTypeRequirement claimTypeRequirement in this.claimTypeRequirements) { XmlElement element = xmlDocument.CreateElement("wsid", "ClaimType", "http://schemas.xmlsoap.org/ws/2005/05/identity"); XmlAttribute attribute1 = xmlDocument.CreateAttribute("Uri"); attribute1.Value = claimTypeRequirement.ClaimType; element.Attributes.Append(attribute1); if (claimTypeRequirement.IsOptional) { XmlAttribute attribute2 = xmlDocument.CreateAttribute("Optional"); attribute2.Value = XmlConvert.ToString(claimTypeRequirement.IsOptional); element.Attributes.Append(attribute2); } collection2.Add(element); } collection1.Add(driver.CreateRequiredClaimsElement((IEnumerable <XmlElement>)collection2)); } if (this.additionalRequestParameters.Count > 0) { foreach (XmlElement additionalParameter in this.NormalizeAdditionalParameters(this.additionalRequestParameters, driver, this.claimTypeRequirements.Count > 0)) { collection1.Add(additionalParameter); } } return(collection1); }
internal Collection <XmlElement> CreateRequestParameters(TrustDriver driver) { if (driver == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("driver"); } Collection <XmlElement> collection = new Collection <XmlElement>(); if (this.tokenType != null) { collection.Add(driver.CreateTokenTypeElement(this.tokenType)); } collection.Add(driver.CreateKeyTypeElement(this.keyType)); if (this.keySize != 0) { collection.Add(driver.CreateKeySizeElement(this.keySize)); } if (this.claimTypeRequirements.Count > 0) { Collection <XmlElement> claimsList = new Collection <XmlElement>(); XmlDocument document = new XmlDocument(); foreach (ClaimTypeRequirement requirement in this.claimTypeRequirements) { XmlElement item = document.CreateElement("wsid", "ClaimType", "http://schemas.xmlsoap.org/ws/2005/05/identity"); System.Xml.XmlAttribute node = document.CreateAttribute("Uri"); node.Value = requirement.ClaimType; item.Attributes.Append(node); if (requirement.IsOptional) { node = document.CreateAttribute("Optional"); node.Value = XmlConvert.ToString(requirement.IsOptional); item.Attributes.Append(node); } claimsList.Add(item); } collection.Add(driver.CreateRequiredClaimsElement(claimsList)); } if (this.additionalRequestParameters.Count > 0) { foreach (XmlElement element2 in this.NormalizeAdditionalParameters(this.additionalRequestParameters, driver, this.claimTypeRequirements.Count > 0)) { collection.Add(element2); } } return(collection); }
internal void SetRequestParameters(Collection <XmlElement> requestParameters, TrustDriver trustDriver) { if (requestParameters == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("requestParameters"); } if (trustDriver == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("trustDriver"); } Collection <XmlElement> unknownRequestParameters = new Collection <XmlElement>(); foreach (XmlElement element in requestParameters) { int keySize; string tokenType; SecurityKeyType keyType; Collection <XmlElement> requiredClaims; if (trustDriver.TryParseKeySizeElement(element, out keySize)) { _keySize = keySize; } else if (trustDriver.TryParseKeyTypeElement(element, out keyType)) { this.KeyType = keyType; } else if (trustDriver.TryParseTokenTypeElement(element, out tokenType)) { this.TokenType = tokenType; } // Only copy RP policy to client policy for TrustFeb2005 else if (trustDriver.StandardsManager.TrustVersion == TrustVersion.WSTrustFeb2005) { if (trustDriver.TryParseRequiredClaimsElement(element, out requiredClaims)) { Collection <XmlElement> unrecognizedRequiredClaims = new Collection <XmlElement>(); foreach (XmlElement claimRequirement in requiredClaims) { if (claimRequirement.LocalName == "ClaimType" && claimRequirement.NamespaceURI == wsidNamespace) { string claimValue = claimRequirement.GetAttribute("Uri", string.Empty); if (!string.IsNullOrEmpty(claimValue)) { ClaimTypeRequirement claimTypeRequirement; string optional = claimRequirement.GetAttribute("Optional", string.Empty); if (String.IsNullOrEmpty(optional)) { claimTypeRequirement = new ClaimTypeRequirement(claimValue); } else { claimTypeRequirement = new ClaimTypeRequirement(claimValue, XmlConvert.ToBoolean(optional)); } _claimTypeRequirements.Add(claimTypeRequirement); } } else { unrecognizedRequiredClaims.Add(claimRequirement); } } if (unrecognizedRequiredClaims.Count > 0) { unknownRequestParameters.Add(trustDriver.CreateRequiredClaimsElement(unrecognizedRequiredClaims)); } } else { unknownRequestParameters.Add(element); } } } unknownRequestParameters = trustDriver.ProcessUnknownRequestParameters(unknownRequestParameters, requestParameters); if (unknownRequestParameters.Count > 0) { for (int i = 0; i < unknownRequestParameters.Count; ++i) { this.AdditionalRequestParameters.Add(unknownRequestParameters[i]); } } }
internal void SetRequestParameters(Collection<XmlElement> requestParameters, TrustDriver trustDriver) { if (requestParameters == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("requestParameters"); } if (trustDriver == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("trustDriver"); } Collection<XmlElement> unknownRequestParameters = new Collection<XmlElement>(); foreach (XmlElement element in requestParameters) { int num; if (trustDriver.TryParseKeySizeElement(element, out num)) { this.keySize = num; } else { SecurityKeyType type; if (trustDriver.TryParseKeyTypeElement(element, out type)) { this.KeyType = type; } else { string str; if (trustDriver.TryParseTokenTypeElement(element, out str)) { this.TokenType = str; } else if (trustDriver.StandardsManager.TrustVersion == TrustVersion.WSTrustFeb2005) { Collection<XmlElement> collection2; if (trustDriver.TryParseRequiredClaimsElement(element, out collection2)) { Collection<XmlElement> claimsList = new Collection<XmlElement>(); foreach (XmlElement element2 in collection2) { if ((element2.LocalName == "ClaimType") && (element2.NamespaceURI == "http://schemas.xmlsoap.org/ws/2005/05/identity")) { string attribute = element2.GetAttribute("Uri", string.Empty); if (!string.IsNullOrEmpty(attribute)) { ClaimTypeRequirement requirement; string str3 = element2.GetAttribute("Optional", string.Empty); if (string.IsNullOrEmpty(str3)) { requirement = new ClaimTypeRequirement(attribute); } else { requirement = new ClaimTypeRequirement(attribute, XmlConvert.ToBoolean(str3)); } this.claimTypeRequirements.Add(requirement); } } else { claimsList.Add(element2); } } if (claimsList.Count > 0) { unknownRequestParameters.Add(trustDriver.CreateRequiredClaimsElement(claimsList)); } } else { unknownRequestParameters.Add(element); } } } } } unknownRequestParameters = trustDriver.ProcessUnknownRequestParameters(unknownRequestParameters, requestParameters); if (unknownRequestParameters.Count > 0) { for (int i = 0; i < unknownRequestParameters.Count; i++) { this.AdditionalRequestParameters.Add(unknownRequestParameters[i]); } } }
private Collection<XmlElement> NormalizeAdditionalParameters(Collection<XmlElement> additionalParameters, TrustDriver driver, bool clientSideClaimTypeRequirementsSpecified) { Collection<XmlElement> collection = new Collection<XmlElement>(); foreach (XmlElement element in additionalParameters) { collection.Add(element); } if (driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13) { XmlElement item = null; XmlElement element3 = null; XmlElement element4 = null; XmlElement element5 = null; for (int i = 0; i < collection.Count; i++) { string str; if (driver.IsEncryptionAlgorithmElement(collection[i], out str)) { item = collection[i]; } else if (driver.IsCanonicalizationAlgorithmElement(collection[i], out str)) { element3 = collection[i]; } else if (driver.IsKeyWrapAlgorithmElement(collection[i], out str)) { element4 = collection[i]; } else if (((WSTrustDec2005.DriverDec2005) driver).IsSecondaryParametersElement(collection[i])) { element5 = collection[i]; } } if (element5 != null) { foreach (System.Xml.XmlNode node in element5.ChildNodes) { XmlElement element6 = node as XmlElement; if (element6 != null) { string encryptionAlgorithm = null; if (driver.IsEncryptionAlgorithmElement(element6, out encryptionAlgorithm) && (item != null)) { collection.Remove(item); } else if (driver.IsCanonicalizationAlgorithmElement(element6, out encryptionAlgorithm) && (element3 != null)) { collection.Remove(element3); } else if (driver.IsKeyWrapAlgorithmElement(element6, out encryptionAlgorithm) && (element4 != null)) { collection.Remove(element4); } } } } } if (((driver.StandardsManager.TrustVersion == TrustVersion.WSTrustFeb2005) && !this.CollectionContainsElementsWithTrustNamespace(additionalParameters, "http://schemas.xmlsoap.org/ws/2005/02/trust")) || ((driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13) && !this.CollectionContainsElementsWithTrustNamespace(additionalParameters, "http://docs.oasis-open.org/ws-sx/ws-trust/200512"))) { if (driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13) { WSTrustFeb2005.DriverFeb2005 feb = (WSTrustFeb2005.DriverFeb2005) SecurityStandardsManager.DefaultInstance.TrustDriver; for (int j = 0; j < collection.Count; j++) { string signatureAlgorithm = string.Empty; if (feb.IsSignWithElement(collection[j], out signatureAlgorithm)) { collection[j] = driver.CreateSignWithElement(signatureAlgorithm); } else if (feb.IsEncryptWithElement(collection[j], out signatureAlgorithm)) { collection[j] = driver.CreateEncryptWithElement(signatureAlgorithm); } else if (feb.IsEncryptionAlgorithmElement(collection[j], out signatureAlgorithm)) { collection[j] = driver.CreateEncryptionAlgorithmElement(signatureAlgorithm); } else if (feb.IsCanonicalizationAlgorithmElement(collection[j], out signatureAlgorithm)) { collection[j] = driver.CreateCanonicalizationAlgorithmElement(signatureAlgorithm); } } return collection; } Collection<XmlElement> collection2 = null; WSSecurityTokenSerializer tokenSerializer = new WSSecurityTokenSerializer(SecurityVersion.WSSecurity11, TrustVersion.WSTrust13, SecureConversationVersion.WSSecureConversation13, true, null, null, null); SecurityStandardsManager manager2 = new SecurityStandardsManager(MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12, tokenSerializer); WSTrustDec2005.DriverDec2005 trustDriver = (WSTrustDec2005.DriverDec2005) manager2.TrustDriver; foreach (XmlElement element7 in collection) { if (trustDriver.IsSecondaryParametersElement(element7)) { collection2 = new Collection<XmlElement>(); foreach (System.Xml.XmlNode node2 in element7.ChildNodes) { XmlElement innerElement = node2 as XmlElement; if ((innerElement != null) && this.CanPromoteToRoot(innerElement, trustDriver, clientSideClaimTypeRequirementsSpecified)) { collection2.Add(innerElement); } } collection.Remove(element7); break; } } if ((collection2 != null) && (collection2.Count > 0)) { XmlElement element9 = null; string str4 = string.Empty; XmlElement element10 = null; string canonicalizationAlgorithm = string.Empty; XmlElement element11 = null; Collection<XmlElement> requiredClaims = null; Collection<XmlElement> collection4 = new Collection<XmlElement>(); foreach (XmlElement element12 in collection2) { if ((element9 == null) && trustDriver.IsEncryptionAlgorithmElement(element12, out str4)) { element9 = driver.CreateEncryptionAlgorithmElement(str4); collection4.Add(element12); } else if ((element10 == null) && trustDriver.IsCanonicalizationAlgorithmElement(element12, out canonicalizationAlgorithm)) { element10 = driver.CreateCanonicalizationAlgorithmElement(canonicalizationAlgorithm); collection4.Add(element12); } else if ((element11 == null) && trustDriver.TryParseRequiredClaimsElement(element12, out requiredClaims)) { element11 = driver.CreateRequiredClaimsElement(requiredClaims); collection4.Add(element12); } } for (int k = 0; k < collection4.Count; k++) { collection2.Remove(collection4[k]); } XmlElement element13 = null; for (int m = 0; m < collection.Count; m++) { string str6; if (trustDriver.IsSignWithElement(collection[m], out str6)) { collection[m] = driver.CreateSignWithElement(str6); } else if (trustDriver.IsEncryptWithElement(collection[m], out str6)) { collection[m] = driver.CreateEncryptWithElement(str6); } else if (trustDriver.IsEncryptionAlgorithmElement(collection[m], out str6) && (element9 != null)) { collection[m] = element9; element9 = null; } else if (trustDriver.IsCanonicalizationAlgorithmElement(collection[m], out str6) && (element10 != null)) { collection[m] = element10; element10 = null; } else if (trustDriver.IsKeyWrapAlgorithmElement(collection[m], out str6) && (element13 == null)) { element13 = collection[m]; } else { Collection<XmlElement> collection5; if (trustDriver.TryParseRequiredClaimsElement(collection[m], out collection5) && (element11 != null)) { collection[m] = element11; element11 = null; } } } if (element13 != null) { collection.Remove(element13); } if (element9 != null) { collection.Add(element9); } if (element10 != null) { collection.Add(element10); } if (element11 != null) { collection.Add(element11); } if (collection2.Count <= 0) { return collection; } for (int n = 0; n < collection2.Count; n++) { collection.Add(collection2[n]); } } } return collection; }
internal Collection<XmlElement> CreateRequestParameters(TrustDriver driver) { if (driver == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("driver"); } Collection<XmlElement> collection = new Collection<XmlElement>(); if (this.tokenType != null) { collection.Add(driver.CreateTokenTypeElement(this.tokenType)); } collection.Add(driver.CreateKeyTypeElement(this.keyType)); if (this.keySize != 0) { collection.Add(driver.CreateKeySizeElement(this.keySize)); } if (this.claimTypeRequirements.Count > 0) { Collection<XmlElement> claimsList = new Collection<XmlElement>(); XmlDocument document = new XmlDocument(); foreach (ClaimTypeRequirement requirement in this.claimTypeRequirements) { XmlElement item = document.CreateElement("wsid", "ClaimType", "http://schemas.xmlsoap.org/ws/2005/05/identity"); System.Xml.XmlAttribute node = document.CreateAttribute("Uri"); node.Value = requirement.ClaimType; item.Attributes.Append(node); if (requirement.IsOptional) { node = document.CreateAttribute("Optional"); node.Value = XmlConvert.ToString(requirement.IsOptional); item.Attributes.Append(node); } claimsList.Add(item); } collection.Add(driver.CreateRequiredClaimsElement(claimsList)); } if (this.additionalRequestParameters.Count > 0) { foreach (XmlElement element2 in this.NormalizeAdditionalParameters(this.additionalRequestParameters, driver, this.claimTypeRequirements.Count > 0)) { collection.Add(element2); } } return collection; }
private Collection <XmlElement> NormalizeAdditionalParameters(Collection <XmlElement> additionalParameters, TrustDriver driver, bool clientSideClaimTypeRequirementsSpecified) { // Ensure STS trust version is one of the currently supported versions: Feb 05 / Trust 1.3 Fx.Assert(((driver.StandardsManager.TrustVersion == TrustVersion.WSTrustFeb2005) || (driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13)), "Unsupported trust version specified for the STS."); // We have a mismatch. Make a local copy of additionalParameters for making any potential modifications // as part of normalization Collection <XmlElement> tmpCollection = new Collection <XmlElement>(); foreach (XmlElement e in additionalParameters) { tmpCollection.Add(e); } // 1. For Trust 1.3 EncryptionAlgorithm, CanonicalizationAlgorithm and KeyWrapAlgorithm should not be // specified as top-level element if "SecondaryParameters" element already specifies this. if (driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13) { Fx.Assert(driver.GetType() == typeof(WSTrustDec2005.DriverDec2005), "Invalid Trust Driver specified for Trust 1.3."); XmlElement encryptionAlgorithmElement = null; XmlElement canonicalizationAlgorithmElement = null; XmlElement keyWrapAlgorithmElement = null; XmlElement secondaryParameter = null; for (int i = 0; i < tmpCollection.Count; ++i) { if (driver.IsEncryptionAlgorithmElement(tmpCollection[i], out string algorithm)) { encryptionAlgorithmElement = tmpCollection[i]; } else if (driver.IsCanonicalizationAlgorithmElement(tmpCollection[i], out algorithm)) { canonicalizationAlgorithmElement = tmpCollection[i]; } else if (driver.IsKeyWrapAlgorithmElement(tmpCollection[i], out algorithm)) { keyWrapAlgorithmElement = tmpCollection[i]; } else if (((WSTrustDec2005.DriverDec2005)driver).IsSecondaryParametersElement(tmpCollection[i])) { secondaryParameter = tmpCollection[i]; } } if (secondaryParameter != null) { foreach (XmlNode node in secondaryParameter.ChildNodes) { if (node is XmlElement child) { if (driver.IsEncryptionAlgorithmElement(child, out string algorithm) && (encryptionAlgorithmElement != null)) { tmpCollection.Remove(encryptionAlgorithmElement); } else if (driver.IsCanonicalizationAlgorithmElement(child, out algorithm) && (canonicalizationAlgorithmElement != null)) { tmpCollection.Remove(canonicalizationAlgorithmElement); } else if (driver.IsKeyWrapAlgorithmElement(child, out algorithm) && (keyWrapAlgorithmElement != null)) { tmpCollection.Remove(keyWrapAlgorithmElement); } } } } } // 2. Check for Mismatch. // a. Trust Feb 2005 -> Trust 1.3. do the following, // (i) Copy EncryptionAlgorithm and CanonicalizationAlgorithm as the top-level elements. // Note, this is in contradiction to step 1. But we don't have a choice here as we cannot say from the // Additional Parameters section in the config what came from the service and what came from the client. // (ii) Convert SignWith and EncryptWith elements to Trust 1.3 namespace. // b. For Trust 1.3 -> Trust Feb 2005, do the following, // (i) Find EncryptionAlgorithm, CanonicalizationAlgorithm from inside the "SecondaryParameters" element. // If found, then promote these as the top-level elements replacing the existing values. // (ii) Convert the SignWith and EncryptWith elements to the Trust Feb 2005 namespace and drop the KeyWrapAlgorithm // element. // make an optimistic check to detect mismatched trust-versions between STS and RP bool mismatch = (((driver.StandardsManager.TrustVersion == TrustVersion.WSTrustFeb2005) && !CollectionContainsElementsWithTrustNamespace(additionalParameters, TrustFeb2005Strings.Namespace)) || ((driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13) && !CollectionContainsElementsWithTrustNamespace(additionalParameters, TrustDec2005Strings.Namespace))); // if no mismatch, return unmodified collection if (!mismatch) { return(tmpCollection); } // 2.a // If we are talking to a Trust 1.3 STS, replace any Feb '05 algorithm parameters with their Trust 1.3 counterparts if (driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13) { SecurityStandardsManager trustFeb2005StandardsManager = SecurityStandardsManager.DefaultInstance; // the following cast is guaranteed to succeed WSTrustFeb2005.DriverFeb2005 trustFeb2005Driver = (WSTrustFeb2005.DriverFeb2005)trustFeb2005StandardsManager.TrustDriver; for (int i = 0; i < tmpCollection.Count; i++) { if (trustFeb2005Driver.IsSignWithElement(tmpCollection[i], out string algorithmParameter)) { tmpCollection[i] = driver.CreateSignWithElement(algorithmParameter); } else if (trustFeb2005Driver.IsEncryptWithElement(tmpCollection[i], out algorithmParameter)) { tmpCollection[i] = driver.CreateEncryptWithElement(algorithmParameter); } else if (trustFeb2005Driver.IsEncryptionAlgorithmElement(tmpCollection[i], out algorithmParameter)) { tmpCollection[i] = driver.CreateEncryptionAlgorithmElement(algorithmParameter); } else if (trustFeb2005Driver.IsCanonicalizationAlgorithmElement(tmpCollection[i], out algorithmParameter)) { tmpCollection[i] = driver.CreateCanonicalizationAlgorithmElement(algorithmParameter); } } } else { // 2.b // We are talking to a Feb 05 STS. Filter out any SecondaryParameters element. Collection <XmlElement> childrenToPromote = null; WSSecurityTokenSerializer trust13Serializer = new WSSecurityTokenSerializer(SecurityVersion.WSSecurity11, TrustVersion.WSTrust13, SecureConversationVersion.WSSecureConversation13, true, null, null, null); SecurityStandardsManager trust13StandardsManager = new SecurityStandardsManager(MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12, trust13Serializer); // the following cast is guaranteed to succeed WSTrustDec2005.DriverDec2005 trust13Driver = (WSTrustDec2005.DriverDec2005)trust13StandardsManager.TrustDriver; foreach (XmlElement parameter in tmpCollection) { // check if SecondaryParameters is present if (trust13Driver.IsSecondaryParametersElement(parameter)) { childrenToPromote = new Collection <XmlElement>(); // walk SecondaryParameters and collect any 'non-standard' children foreach (XmlNode innerNode in parameter.ChildNodes) { if ((innerNode is XmlElement innerElement) && CanPromoteToRoot(innerElement, trust13Driver, clientSideClaimTypeRequirementsSpecified)) { childrenToPromote.Add(innerElement); } } // remove SecondaryParameters element tmpCollection.Remove(parameter); // we are done - break out of the loop break; } } // Probe of standard Trust elements and remember them. if ((childrenToPromote != null) && (childrenToPromote.Count > 0)) { XmlElement encryptionElement = null; XmlElement canonicalizationElement = null; XmlElement requiredClaimsElement = null; Collection <XmlElement> processedElements = new Collection <XmlElement>(); foreach (XmlElement e in childrenToPromote) { if ((encryptionElement == null) && trust13Driver.IsEncryptionAlgorithmElement(e, out string encryptionAlgorithm)) { encryptionElement = driver.CreateEncryptionAlgorithmElement(encryptionAlgorithm); processedElements.Add(e); } else if ((canonicalizationElement == null) && trust13Driver.IsCanonicalizationAlgorithmElement(e, out string canonicalizationAlgoritm)) { canonicalizationElement = driver.CreateCanonicalizationAlgorithmElement(canonicalizationAlgoritm); processedElements.Add(e); } else if ((requiredClaimsElement == null) && trust13Driver.TryParseRequiredClaimsElement(e, out Collection <XmlElement> requiredClaims)) { requiredClaimsElement = driver.CreateRequiredClaimsElement(requiredClaims); processedElements.Add(e); } } for (int i = 0; i < processedElements.Count; ++i) { childrenToPromote.Remove(processedElements[i]); } XmlElement keyWrapAlgorithmElement = null; // Replace the appropriate elements. for (int i = 0; i < tmpCollection.Count; ++i) { if (trust13Driver.IsSignWithElement(tmpCollection[i], out string algorithmParameter)) { tmpCollection[i] = driver.CreateSignWithElement(algorithmParameter); } else if (trust13Driver.IsEncryptWithElement(tmpCollection[i], out algorithmParameter)) { tmpCollection[i] = driver.CreateEncryptWithElement(algorithmParameter); } else if (trust13Driver.IsEncryptionAlgorithmElement(tmpCollection[i], out algorithmParameter) && (encryptionElement != null)) { tmpCollection[i] = encryptionElement; encryptionElement = null; } else if (trust13Driver.IsCanonicalizationAlgorithmElement(tmpCollection[i], out algorithmParameter) && (canonicalizationElement != null)) { tmpCollection[i] = canonicalizationElement; canonicalizationElement = null; } else if (trust13Driver.IsKeyWrapAlgorithmElement(tmpCollection[i], out algorithmParameter) && (keyWrapAlgorithmElement == null)) { keyWrapAlgorithmElement = tmpCollection[i]; } else if (trust13Driver.TryParseRequiredClaimsElement(tmpCollection[i], out Collection <XmlElement> reqClaims) && (requiredClaimsElement != null)) { tmpCollection[i] = requiredClaimsElement; requiredClaimsElement = null; } } if (keyWrapAlgorithmElement != null) { // Remove KeyWrapAlgorithmElement as this is not define in Trust Feb 2005. tmpCollection.Remove(keyWrapAlgorithmElement); } // Add the remaining elements to the additionaParameters list to the end. if (encryptionElement != null) { tmpCollection.Add(encryptionElement); } if (canonicalizationElement != null) { tmpCollection.Add(canonicalizationElement); } if (requiredClaimsElement != null) { tmpCollection.Add(requiredClaimsElement); } if (childrenToPromote.Count > 0) { // There are some non-standard elements. Just bump them to the top-level element. for (int i = 0; i < childrenToPromote.Count; ++i) { tmpCollection.Add(childrenToPromote[i]); } } } } return(tmpCollection); }
private Collection <XmlElement> NormalizeAdditionalParameters(Collection <XmlElement> additionalParameters, TrustDriver driver, bool clientSideClaimTypeRequirementsSpecified) { Collection <XmlElement> collection1 = new Collection <XmlElement>(); foreach (XmlElement additionalParameter in additionalParameters) { collection1.Add(additionalParameter); } if (driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13) { XmlElement xmlElement1 = (XmlElement)null; XmlElement xmlElement2 = (XmlElement)null; XmlElement xmlElement3 = (XmlElement)null; XmlElement xmlElement4 = (XmlElement)null; for (int index = 0; index < collection1.Count; ++index) { string str; if (driver.IsEncryptionAlgorithmElement(collection1[index], out str)) { xmlElement1 = collection1[index]; } else if (driver.IsCanonicalizationAlgorithmElement(collection1[index], out str)) { xmlElement2 = collection1[index]; } else if (driver.IsKeyWrapAlgorithmElement(collection1[index], out str)) { xmlElement3 = collection1[index]; } else if (((WSTrustDec2005.DriverDec2005)driver).IsSecondaryParametersElement(collection1[index])) { xmlElement4 = collection1[index]; } } if (xmlElement4 != null) { foreach (XmlNode childNode in xmlElement4.ChildNodes) { XmlElement element = childNode as XmlElement; if (element != null) { string str = (string)null; if (driver.IsEncryptionAlgorithmElement(element, out str) && xmlElement1 != null) { collection1.Remove(xmlElement1); } else if (driver.IsCanonicalizationAlgorithmElement(element, out str) && xmlElement2 != null) { collection1.Remove(xmlElement2); } else if (driver.IsKeyWrapAlgorithmElement(element, out str) && xmlElement3 != null) { collection1.Remove(xmlElement3); } } } } } if ((driver.StandardsManager.TrustVersion != TrustVersion.WSTrustFeb2005 || this.CollectionContainsElementsWithTrustNamespace(additionalParameters, "http://schemas.xmlsoap.org/ws/2005/02/trust")) && (driver.StandardsManager.TrustVersion != TrustVersion.WSTrust13 || this.CollectionContainsElementsWithTrustNamespace(additionalParameters, "http://docs.oasis-open.org/ws-sx/ws-trust/200512"))) { return(collection1); } if (driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13) { WSTrustFeb2005.DriverFeb2005 trustDriver = (WSTrustFeb2005.DriverFeb2005)SecurityStandardsManager.DefaultInstance.TrustDriver; for (int index = 0; index < collection1.Count; ++index) { string empty = string.Empty; if (trustDriver.IsSignWithElement(collection1[index], out empty)) { collection1[index] = driver.CreateSignWithElement(empty); } else if (trustDriver.IsEncryptWithElement(collection1[index], out empty)) { collection1[index] = driver.CreateEncryptWithElement(empty); } else if (trustDriver.IsEncryptionAlgorithmElement(collection1[index], out empty)) { collection1[index] = driver.CreateEncryptionAlgorithmElement(empty); } else if (trustDriver.IsCanonicalizationAlgorithmElement(collection1[index], out empty)) { collection1[index] = driver.CreateCanonicalizationAlgorithmElement(empty); } } } else { Collection <XmlElement> collection2 = (Collection <XmlElement>)null; WSTrustDec2005.DriverDec2005 trustDriver = (WSTrustDec2005.DriverDec2005) new SecurityStandardsManager(MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12, (SecurityTokenSerializer) new WSSecurityTokenSerializer(SecurityVersion.WSSecurity11, TrustVersion.WSTrust13, SecureConversationVersion.WSSecureConversation13, true, (SamlSerializer1)null, (SecurityStateEncoder)null, (IEnumerable <System.Type>)null)).TrustDriver; foreach (XmlElement element in collection1) { if (trustDriver.IsSecondaryParametersElement(element)) { collection2 = new Collection <XmlElement>(); foreach (XmlNode childNode in element.ChildNodes) { XmlElement innerElement = childNode as XmlElement; if (innerElement != null && this.CanPromoteToRoot(innerElement, trustDriver, clientSideClaimTypeRequirementsSpecified)) { collection2.Add(innerElement); } } collection1.Remove(element); break; } } if (collection2 != null && collection2.Count > 0) { XmlElement xmlElement1 = (XmlElement)null; string encryptionAlgorithm = string.Empty; XmlElement xmlElement2 = (XmlElement)null; string canonicalizationAlgorithm = string.Empty; XmlElement xmlElement3 = (XmlElement)null; Collection <XmlElement> requiredClaims1 = (Collection <XmlElement>)null; Collection <XmlElement> collection3 = new Collection <XmlElement>(); foreach (XmlElement element in collection2) { if (xmlElement1 == null && trustDriver.IsEncryptionAlgorithmElement(element, out encryptionAlgorithm)) { xmlElement1 = driver.CreateEncryptionAlgorithmElement(encryptionAlgorithm); collection3.Add(element); } else if (xmlElement2 == null && trustDriver.IsCanonicalizationAlgorithmElement(element, out canonicalizationAlgorithm)) { xmlElement2 = driver.CreateCanonicalizationAlgorithmElement(canonicalizationAlgorithm); collection3.Add(element); } else if (xmlElement3 == null && trustDriver.TryParseRequiredClaimsElement(element, out requiredClaims1)) { xmlElement3 = driver.CreateRequiredClaimsElement((IEnumerable <XmlElement>)requiredClaims1); collection3.Add(element); } } for (int index = 0; index < collection3.Count; ++index) { collection2.Remove(collection3[index]); } XmlElement xmlElement4 = (XmlElement)null; for (int index = 0; index < collection1.Count; ++index) { string str; if (trustDriver.IsSignWithElement(collection1[index], out str)) { collection1[index] = driver.CreateSignWithElement(str); } else if (trustDriver.IsEncryptWithElement(collection1[index], out str)) { collection1[index] = driver.CreateEncryptWithElement(str); } else if (trustDriver.IsEncryptionAlgorithmElement(collection1[index], out str) && xmlElement1 != null) { collection1[index] = xmlElement1; xmlElement1 = (XmlElement)null; } else if (trustDriver.IsCanonicalizationAlgorithmElement(collection1[index], out str) && xmlElement2 != null) { collection1[index] = xmlElement2; xmlElement2 = (XmlElement)null; } else if (trustDriver.IsKeyWrapAlgorithmElement(collection1[index], out str) && xmlElement4 == null) { xmlElement4 = collection1[index]; } else { Collection <XmlElement> requiredClaims2; if (trustDriver.TryParseRequiredClaimsElement(collection1[index], out requiredClaims2) && xmlElement3 != null) { collection1[index] = xmlElement3; xmlElement3 = (XmlElement)null; } } } if (xmlElement4 != null) { collection1.Remove(xmlElement4); } if (xmlElement1 != null) { collection1.Add(xmlElement1); } if (xmlElement2 != null) { collection1.Add(xmlElement2); } if (xmlElement3 != null) { collection1.Add(xmlElement3); } if (collection2.Count > 0) { for (int index = 0; index < collection2.Count; ++index) { collection1.Add(collection2[index]); } } } } return(collection1); }
internal void SetRequestParameters(Collection <XmlElement> requestParameters, TrustDriver trustDriver) { if (requestParameters == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("requestParameters"); } if (trustDriver == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("trustDriver"); } Collection <XmlElement> unknownRequestParameters = new Collection <XmlElement>(); foreach (XmlElement requestParameter in requestParameters) { int keySize; if (trustDriver.TryParseKeySizeElement(requestParameter, out keySize)) { this.keySize = keySize; } else { SecurityKeyType keyType; if (trustDriver.TryParseKeyTypeElement(requestParameter, out keyType)) { this.KeyType = keyType; } else { string tokenType; if (trustDriver.TryParseTokenTypeElement(requestParameter, out tokenType)) { this.TokenType = tokenType; } else if (trustDriver.StandardsManager.TrustVersion == TrustVersion.WSTrustFeb2005) { Collection <XmlElement> requiredClaims; if (trustDriver.TryParseRequiredClaimsElement(requestParameter, out requiredClaims)) { Collection <XmlElement> collection = new Collection <XmlElement>(); foreach (XmlElement xmlElement in requiredClaims) { if (xmlElement.LocalName == "ClaimType" && xmlElement.NamespaceURI == "http://schemas.xmlsoap.org/ws/2005/05/identity") { string attribute1 = xmlElement.GetAttribute("Uri", string.Empty); if (!string.IsNullOrEmpty(attribute1)) { string attribute2 = xmlElement.GetAttribute("Optional", string.Empty); this.claimTypeRequirements.Add(!string.IsNullOrEmpty(attribute2) ? new ClaimTypeRequirement(attribute1, XmlConvert.ToBoolean(attribute2)) : new ClaimTypeRequirement(attribute1)); } } else { collection.Add(xmlElement); } } if (collection.Count > 0) { unknownRequestParameters.Add(trustDriver.CreateRequiredClaimsElement((IEnumerable <XmlElement>)collection)); } } else { unknownRequestParameters.Add(requestParameter); } } } } } Collection <XmlElement> collection1 = trustDriver.ProcessUnknownRequestParameters(unknownRequestParameters, requestParameters); if (collection1.Count <= 0) { return; } for (int index = 0; index < collection1.Count; ++index) { this.AdditionalRequestParameters.Add(collection1[index]); } }
internal void SetRequestParameters(Collection <XmlElement> requestParameters, TrustDriver trustDriver) { if (requestParameters == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("requestParameters"); } if (trustDriver == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("trustDriver"); } Collection <XmlElement> unknownRequestParameters = new Collection <XmlElement>(); foreach (XmlElement element in requestParameters) { int num; if (trustDriver.TryParseKeySizeElement(element, out num)) { this.keySize = num; } else { SecurityKeyType type; if (trustDriver.TryParseKeyTypeElement(element, out type)) { this.KeyType = type; } else { string str; if (trustDriver.TryParseTokenTypeElement(element, out str)) { this.TokenType = str; } else if (trustDriver.StandardsManager.TrustVersion == TrustVersion.WSTrustFeb2005) { Collection <XmlElement> collection2; if (trustDriver.TryParseRequiredClaimsElement(element, out collection2)) { Collection <XmlElement> claimsList = new Collection <XmlElement>(); foreach (XmlElement element2 in collection2) { if ((element2.LocalName == "ClaimType") && (element2.NamespaceURI == "http://schemas.xmlsoap.org/ws/2005/05/identity")) { string attribute = element2.GetAttribute("Uri", string.Empty); if (!string.IsNullOrEmpty(attribute)) { ClaimTypeRequirement requirement; string str3 = element2.GetAttribute("Optional", string.Empty); if (string.IsNullOrEmpty(str3)) { requirement = new ClaimTypeRequirement(attribute); } else { requirement = new ClaimTypeRequirement(attribute, XmlConvert.ToBoolean(str3)); } this.claimTypeRequirements.Add(requirement); } } else { claimsList.Add(element2); } } if (claimsList.Count > 0) { unknownRequestParameters.Add(trustDriver.CreateRequiredClaimsElement(claimsList)); } } else { unknownRequestParameters.Add(element); } } } } } unknownRequestParameters = trustDriver.ProcessUnknownRequestParameters(unknownRequestParameters, requestParameters); if (unknownRequestParameters.Count > 0) { for (int i = 0; i < unknownRequestParameters.Count; i++) { this.AdditionalRequestParameters.Add(unknownRequestParameters[i]); } } }
private Collection <XmlElement> NormalizeAdditionalParameters(Collection <XmlElement> additionalParameters, TrustDriver driver, bool clientSideClaimTypeRequirementsSpecified) { Collection <XmlElement> collection = new Collection <XmlElement>(); foreach (XmlElement element in additionalParameters) { collection.Add(element); } if (driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13) { XmlElement item = null; XmlElement element3 = null; XmlElement element4 = null; XmlElement element5 = null; for (int i = 0; i < collection.Count; i++) { string str; if (driver.IsEncryptionAlgorithmElement(collection[i], out str)) { item = collection[i]; } else if (driver.IsCanonicalizationAlgorithmElement(collection[i], out str)) { element3 = collection[i]; } else if (driver.IsKeyWrapAlgorithmElement(collection[i], out str)) { element4 = collection[i]; } else if (((WSTrustDec2005.DriverDec2005)driver).IsSecondaryParametersElement(collection[i])) { element5 = collection[i]; } } if (element5 != null) { foreach (System.Xml.XmlNode node in element5.ChildNodes) { XmlElement element6 = node as XmlElement; if (element6 != null) { string encryptionAlgorithm = null; if (driver.IsEncryptionAlgorithmElement(element6, out encryptionAlgorithm) && (item != null)) { collection.Remove(item); } else if (driver.IsCanonicalizationAlgorithmElement(element6, out encryptionAlgorithm) && (element3 != null)) { collection.Remove(element3); } else if (driver.IsKeyWrapAlgorithmElement(element6, out encryptionAlgorithm) && (element4 != null)) { collection.Remove(element4); } } } } } if (((driver.StandardsManager.TrustVersion == TrustVersion.WSTrustFeb2005) && !this.CollectionContainsElementsWithTrustNamespace(additionalParameters, "http://schemas.xmlsoap.org/ws/2005/02/trust")) || ((driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13) && !this.CollectionContainsElementsWithTrustNamespace(additionalParameters, "http://docs.oasis-open.org/ws-sx/ws-trust/200512"))) { if (driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13) { WSTrustFeb2005.DriverFeb2005 feb = (WSTrustFeb2005.DriverFeb2005)SecurityStandardsManager.DefaultInstance.TrustDriver; for (int j = 0; j < collection.Count; j++) { string signatureAlgorithm = string.Empty; if (feb.IsSignWithElement(collection[j], out signatureAlgorithm)) { collection[j] = driver.CreateSignWithElement(signatureAlgorithm); } else if (feb.IsEncryptWithElement(collection[j], out signatureAlgorithm)) { collection[j] = driver.CreateEncryptWithElement(signatureAlgorithm); } else if (feb.IsEncryptionAlgorithmElement(collection[j], out signatureAlgorithm)) { collection[j] = driver.CreateEncryptionAlgorithmElement(signatureAlgorithm); } else if (feb.IsCanonicalizationAlgorithmElement(collection[j], out signatureAlgorithm)) { collection[j] = driver.CreateCanonicalizationAlgorithmElement(signatureAlgorithm); } } return(collection); } Collection <XmlElement> collection2 = null; WSSecurityTokenSerializer tokenSerializer = new WSSecurityTokenSerializer(SecurityVersion.WSSecurity11, TrustVersion.WSTrust13, SecureConversationVersion.WSSecureConversation13, true, null, null, null); SecurityStandardsManager manager2 = new SecurityStandardsManager(MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12, tokenSerializer); WSTrustDec2005.DriverDec2005 trustDriver = (WSTrustDec2005.DriverDec2005)manager2.TrustDriver; foreach (XmlElement element7 in collection) { if (trustDriver.IsSecondaryParametersElement(element7)) { collection2 = new Collection <XmlElement>(); foreach (System.Xml.XmlNode node2 in element7.ChildNodes) { XmlElement innerElement = node2 as XmlElement; if ((innerElement != null) && this.CanPromoteToRoot(innerElement, trustDriver, clientSideClaimTypeRequirementsSpecified)) { collection2.Add(innerElement); } } collection.Remove(element7); break; } } if ((collection2 != null) && (collection2.Count > 0)) { XmlElement element9 = null; string str4 = string.Empty; XmlElement element10 = null; string canonicalizationAlgorithm = string.Empty; XmlElement element11 = null; Collection <XmlElement> requiredClaims = null; Collection <XmlElement> collection4 = new Collection <XmlElement>(); foreach (XmlElement element12 in collection2) { if ((element9 == null) && trustDriver.IsEncryptionAlgorithmElement(element12, out str4)) { element9 = driver.CreateEncryptionAlgorithmElement(str4); collection4.Add(element12); } else if ((element10 == null) && trustDriver.IsCanonicalizationAlgorithmElement(element12, out canonicalizationAlgorithm)) { element10 = driver.CreateCanonicalizationAlgorithmElement(canonicalizationAlgorithm); collection4.Add(element12); } else if ((element11 == null) && trustDriver.TryParseRequiredClaimsElement(element12, out requiredClaims)) { element11 = driver.CreateRequiredClaimsElement(requiredClaims); collection4.Add(element12); } } for (int k = 0; k < collection4.Count; k++) { collection2.Remove(collection4[k]); } XmlElement element13 = null; for (int m = 0; m < collection.Count; m++) { string str6; if (trustDriver.IsSignWithElement(collection[m], out str6)) { collection[m] = driver.CreateSignWithElement(str6); } else if (trustDriver.IsEncryptWithElement(collection[m], out str6)) { collection[m] = driver.CreateEncryptWithElement(str6); } else if (trustDriver.IsEncryptionAlgorithmElement(collection[m], out str6) && (element9 != null)) { collection[m] = element9; element9 = null; } else if (trustDriver.IsCanonicalizationAlgorithmElement(collection[m], out str6) && (element10 != null)) { collection[m] = element10; element10 = null; } else if (trustDriver.IsKeyWrapAlgorithmElement(collection[m], out str6) && (element13 == null)) { element13 = collection[m]; } else { Collection <XmlElement> collection5; if (trustDriver.TryParseRequiredClaimsElement(collection[m], out collection5) && (element11 != null)) { collection[m] = element11; element11 = null; } } } if (element13 != null) { collection.Remove(element13); } if (element9 != null) { collection.Add(element9); } if (element10 != null) { collection.Add(element10); } if (element11 != null) { collection.Add(element11); } if (collection2.Count <= 0) { return(collection); } for (int n = 0; n < collection2.Count; n++) { collection.Add(collection2[n]); } } } return(collection); }
private Collection<XmlElement> NormalizeAdditionalParameters(Collection<XmlElement> additionalParameters, TrustDriver driver, bool clientSideClaimTypeRequirementsSpecified) { // Ensure STS trust version is one of the currently supported versions: Feb 05 / Trust 1.3 Fx.Assert(((driver.StandardsManager.TrustVersion == TrustVersion.WSTrustFeb2005) || (driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13)), "Unsupported trust version specified for the STS."); // We have a mismatch. Make a local copy of additionalParameters for making any potential modifications // as part of normalization Collection<XmlElement> tmpCollection = new Collection<XmlElement>(); foreach (XmlElement e in additionalParameters) { tmpCollection.Add(e); } // 1. For Trust 1.3 EncryptionAlgorithm, CanonicalizationAlgorithm and KeyWrapAlgorithm should not be // specified as top-level element if "SecondaryParameters" element already specifies this. if (driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13) { Fx.Assert(driver.GetType() == typeof(WSTrustDec2005.DriverDec2005), "Invalid Trust Driver specified for Trust 1.3."); XmlElement encryptionAlgorithmElement = null; XmlElement canonicalizationAlgorithmElement = null; XmlElement keyWrapAlgorithmElement = null; XmlElement secondaryParameter = null; for (int i = 0; i < tmpCollection.Count; ++i) { string algorithm; if (driver.IsEncryptionAlgorithmElement(tmpCollection[i], out algorithm)) { encryptionAlgorithmElement = tmpCollection[i]; } else if (driver.IsCanonicalizationAlgorithmElement(tmpCollection[i], out algorithm)) { canonicalizationAlgorithmElement = tmpCollection[i]; } else if (driver.IsKeyWrapAlgorithmElement(tmpCollection[i], out algorithm)) { keyWrapAlgorithmElement = tmpCollection[i]; } else if (((WSTrustDec2005.DriverDec2005)driver).IsSecondaryParametersElement(tmpCollection[i])) { secondaryParameter = tmpCollection[i]; } } if (secondaryParameter != null) { foreach (XmlNode node in secondaryParameter.ChildNodes) { XmlElement child = node as XmlElement; if (child != null) { string algorithm = null; if (driver.IsEncryptionAlgorithmElement(child, out algorithm) && (encryptionAlgorithmElement != null)) { tmpCollection.Remove(encryptionAlgorithmElement); } else if (driver.IsCanonicalizationAlgorithmElement(child, out algorithm) && (canonicalizationAlgorithmElement != null)) { tmpCollection.Remove(canonicalizationAlgorithmElement); } else if (driver.IsKeyWrapAlgorithmElement(child, out algorithm) && (keyWrapAlgorithmElement != null)) { tmpCollection.Remove(keyWrapAlgorithmElement); } } } } } // 2. Check for Mismatch. // a. Trust Feb 2005 -> Trust 1.3. do the following, // (i) Copy EncryptionAlgorithm and CanonicalizationAlgorithm as the top-level elements. // Note, this is in contradiction to step 1. But we don't have a choice here as we cannot say from the // Additional Parameters section in the config what came from the service and what came from the client. // (ii) Convert SignWith and EncryptWith elements to Trust 1.3 namespace. // b. For Trust 1.3 -> Trust Feb 2005, do the following, // (i) Find EncryptionAlgorithm, CanonicalizationAlgorithm from inside the "SecondaryParameters" element. // If found, then promote these as the top-level elements replacing the existing values. // (ii) Convert the SignWith and EncryptWith elements to the Trust Feb 2005 namespace and drop the KeyWrapAlgorithm // element. // make an optimistic check to detect mismatched trust-versions between STS and RP bool mismatch = (((driver.StandardsManager.TrustVersion == TrustVersion.WSTrustFeb2005) && !CollectionContainsElementsWithTrustNamespace(additionalParameters, TrustFeb2005Strings.Namespace)) || ((driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13) && !CollectionContainsElementsWithTrustNamespace(additionalParameters, TrustDec2005Strings.Namespace))); // if no mismatch, return unmodified collection if (!mismatch) { return tmpCollection; } // 2.a // If we are talking to a Trust 1.3 STS, replace any Feb '05 algorithm parameters with their Trust 1.3 counterparts if (driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13) { SecurityStandardsManager trustFeb2005StandardsManager = SecurityStandardsManager.DefaultInstance; // the following cast is guaranteed to succeed WSTrustFeb2005.DriverFeb2005 trustFeb2005Driver = (WSTrustFeb2005.DriverFeb2005)trustFeb2005StandardsManager.TrustDriver; for (int i = 0; i < tmpCollection.Count; i++) { string algorithmParameter = string.Empty; if (trustFeb2005Driver.IsSignWithElement(tmpCollection[i], out algorithmParameter)) { tmpCollection[i] = driver.CreateSignWithElement(algorithmParameter); } else if (trustFeb2005Driver.IsEncryptWithElement(tmpCollection[i], out algorithmParameter)) { tmpCollection[i] = driver.CreateEncryptWithElement(algorithmParameter); } else if (trustFeb2005Driver.IsEncryptionAlgorithmElement(tmpCollection[i], out algorithmParameter)) { tmpCollection[i] = driver.CreateEncryptionAlgorithmElement(algorithmParameter); } else if (trustFeb2005Driver.IsCanonicalizationAlgorithmElement(tmpCollection[i], out algorithmParameter)) { tmpCollection[i] = driver.CreateCanonicalizationAlgorithmElement(algorithmParameter); } } } else { // 2.b // We are talking to a Feb 05 STS. Filter out any SecondaryParameters element. Collection<XmlElement> childrenToPromote = null; WSSecurityTokenSerializer trust13Serializer = new WSSecurityTokenSerializer(SecurityVersion.WSSecurity11, TrustVersion.WSTrust13, SecureConversationVersion.WSSecureConversation13, true, null, null, null); SecurityStandardsManager trust13StandardsManager = new SecurityStandardsManager(MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12, trust13Serializer); // the following cast is guaranteed to succeed WSTrustDec2005.DriverDec2005 trust13Driver = (WSTrustDec2005.DriverDec2005)trust13StandardsManager.TrustDriver; foreach (XmlElement parameter in tmpCollection) { // check if SecondaryParameters is present if (trust13Driver.IsSecondaryParametersElement(parameter)) { childrenToPromote = new Collection<XmlElement>(); // walk SecondaryParameters and collect any 'non-standard' children foreach (XmlNode innerNode in parameter.ChildNodes) { XmlElement innerElement = innerNode as XmlElement; if ((innerElement != null) && CanPromoteToRoot(innerElement, trust13Driver, clientSideClaimTypeRequirementsSpecified)) { childrenToPromote.Add(innerElement); } } // remove SecondaryParameters element tmpCollection.Remove(parameter); // we are done - break out of the loop break; } } // Probe of standard Trust elements and remember them. if ((childrenToPromote != null) && (childrenToPromote.Count > 0)) { XmlElement encryptionElement = null; string encryptionAlgorithm = String.Empty; XmlElement canonicalizationElement = null; string canonicalizationAlgoritm = String.Empty; XmlElement requiredClaimsElement = null; Collection<XmlElement> requiredClaims = null; Collection<XmlElement> processedElements = new Collection<XmlElement>(); foreach (XmlElement e in childrenToPromote) { if ((encryptionElement == null) && trust13Driver.IsEncryptionAlgorithmElement(e, out encryptionAlgorithm)) { encryptionElement = driver.CreateEncryptionAlgorithmElement(encryptionAlgorithm); processedElements.Add(e); } else if ((canonicalizationElement == null) && trust13Driver.IsCanonicalizationAlgorithmElement(e, out canonicalizationAlgoritm)) { canonicalizationElement = driver.CreateCanonicalizationAlgorithmElement(canonicalizationAlgoritm); processedElements.Add(e); } else if ((requiredClaimsElement == null) && trust13Driver.TryParseRequiredClaimsElement(e, out requiredClaims)) { requiredClaimsElement = driver.CreateRequiredClaimsElement(requiredClaims); processedElements.Add(e); } } for (int i = 0; i < processedElements.Count; ++i) { childrenToPromote.Remove(processedElements[i]); } XmlElement keyWrapAlgorithmElement = null; // Replace the appropriate elements. for (int i = 0; i < tmpCollection.Count; ++i) { string algorithmParameter; Collection<XmlElement> reqClaims; if (trust13Driver.IsSignWithElement(tmpCollection[i], out algorithmParameter)) { tmpCollection[i] = driver.CreateSignWithElement(algorithmParameter); } else if (trust13Driver.IsEncryptWithElement(tmpCollection[i], out algorithmParameter)) { tmpCollection[i] = driver.CreateEncryptWithElement(algorithmParameter); } else if (trust13Driver.IsEncryptionAlgorithmElement(tmpCollection[i], out algorithmParameter) && (encryptionElement != null)) { tmpCollection[i] = encryptionElement; encryptionElement = null; } else if (trust13Driver.IsCanonicalizationAlgorithmElement(tmpCollection[i], out algorithmParameter) && (canonicalizationElement != null)) { tmpCollection[i] = canonicalizationElement; canonicalizationElement = null; } else if (trust13Driver.IsKeyWrapAlgorithmElement(tmpCollection[i], out algorithmParameter) && (keyWrapAlgorithmElement == null)) { keyWrapAlgorithmElement = tmpCollection[i]; } else if (trust13Driver.TryParseRequiredClaimsElement(tmpCollection[i], out reqClaims) && (requiredClaimsElement != null)) { tmpCollection[i] = requiredClaimsElement; requiredClaimsElement = null; } } if (keyWrapAlgorithmElement != null) { // Remove KeyWrapAlgorithmElement as this is not define in Trust Feb 2005. tmpCollection.Remove(keyWrapAlgorithmElement); } // Add the remaining elements to the additionaParameters list to the end. if (encryptionElement != null) tmpCollection.Add(encryptionElement); if (canonicalizationElement != null) tmpCollection.Add(canonicalizationElement); if (requiredClaimsElement != null) tmpCollection.Add(requiredClaimsElement); if (childrenToPromote.Count > 0) { // There are some non-standard elements. Just bump them to the top-level element. for (int i = 0; i < childrenToPromote.Count; ++i) { tmpCollection.Add(childrenToPromote[i]); } } } } return tmpCollection; }
internal Collection<XmlElement> CreateRequestParameters(TrustDriver driver) { if (driver == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("driver"); Collection<XmlElement> result = new Collection<XmlElement>(); if (this.tokenType != null) { result.Add(driver.CreateTokenTypeElement(tokenType)); } result.Add(driver.CreateKeyTypeElement(this.keyType)); if (this.keySize != 0) { result.Add(driver.CreateKeySizeElement(keySize)); } if (this.claimTypeRequirements.Count > 0) { Collection<XmlElement> claimsElements = new Collection<XmlElement>(); XmlDocument doc = new XmlDocument(); foreach (ClaimTypeRequirement claimType in this.claimTypeRequirements) { XmlElement element = doc.CreateElement(wsidPrefix, "ClaimType", wsidNamespace); XmlAttribute attr = doc.CreateAttribute("Uri"); attr.Value = claimType.ClaimType; element.Attributes.Append(attr); if (claimType.IsOptional != ClaimTypeRequirement.DefaultIsOptional) { attr = doc.CreateAttribute("Optional"); attr.Value = XmlConvert.ToString(claimType.IsOptional); element.Attributes.Append(attr); } claimsElements.Add(element); } result.Add(driver.CreateRequiredClaimsElement(claimsElements)); } if (this.additionalRequestParameters.Count > 0) { Collection<XmlElement> trustNormalizedParameters = NormalizeAdditionalParameters(this.additionalRequestParameters, driver, (this.claimTypeRequirements.Count > 0)); foreach (XmlElement parameter in trustNormalizedParameters) { result.Add(parameter); } } return result; }
internal void SetRequestParameters(Collection<XmlElement> requestParameters, TrustDriver trustDriver) { if (requestParameters == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("requestParameters"); if (trustDriver == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("trustDriver"); Collection<XmlElement> unknownRequestParameters = new Collection<XmlElement>(); foreach (XmlElement element in requestParameters) { int keySize; string tokenType; SecurityKeyType keyType; Collection<XmlElement> requiredClaims; if (trustDriver.TryParseKeySizeElement(element, out keySize)) this.keySize = keySize; else if (trustDriver.TryParseKeyTypeElement(element, out keyType)) this.KeyType = keyType; else if (trustDriver.TryParseTokenTypeElement(element, out tokenType)) this.TokenType = tokenType; // Only copy RP policy to client policy for TrustFeb2005 else if (trustDriver.StandardsManager.TrustVersion == TrustVersion.WSTrustFeb2005) { if (trustDriver.TryParseRequiredClaimsElement(element, out requiredClaims)) { Collection<XmlElement> unrecognizedRequiredClaims = new Collection<XmlElement>(); foreach (XmlElement claimRequirement in requiredClaims) { if (claimRequirement.LocalName == "ClaimType" && claimRequirement.NamespaceURI == wsidNamespace) { string claimValue = claimRequirement.GetAttribute("Uri", string.Empty); if (!string.IsNullOrEmpty(claimValue)) { ClaimTypeRequirement claimTypeRequirement; string optional = claimRequirement.GetAttribute("Optional", string.Empty); if (String.IsNullOrEmpty(optional)) { claimTypeRequirement = new ClaimTypeRequirement(claimValue); } else { claimTypeRequirement = new ClaimTypeRequirement(claimValue, XmlConvert.ToBoolean(optional)); } this.claimTypeRequirements.Add(claimTypeRequirement); } } else { unrecognizedRequiredClaims.Add(claimRequirement); } } if (unrecognizedRequiredClaims.Count > 0) unknownRequestParameters.Add(trustDriver.CreateRequiredClaimsElement(unrecognizedRequiredClaims)); } else { unknownRequestParameters.Add(element); } } } unknownRequestParameters = trustDriver.ProcessUnknownRequestParameters(unknownRequestParameters, requestParameters); if (unknownRequestParameters.Count > 0) { for (int i = 0; i < unknownRequestParameters.Count; ++i) this.AdditionalRequestParameters.Add(unknownRequestParameters[i]); } }