internal static XmlElement CreateTransportBinding(XmlElement transportToken) { var doc = new XmlDocument(); var transportBinding = doc.CreateElement( "sp", "TransportBinding", PolicyImportHelper.SecurityPolicyNS); var token = doc.CreateElement( "sp", "TransportToken", PolicyImportHelper.SecurityPolicyNS); PolicyImportHelper.AddWrappedPolicyElement(token, transportToken); var algorithmSuite = doc.CreateElement( "sp", "AlgorithmSuite", PolicyImportHelper.SecurityPolicyNS); var basic256 = doc.CreateElement( "sp", "Basic256", PolicyImportHelper.SecurityPolicyNS); PolicyImportHelper.AddWrappedPolicyElement(algorithmSuite, basic256); var layout = doc.CreateElement( "sp", "Layout", PolicyImportHelper.SecurityPolicyNS); var strict = doc.CreateElement( "sp", "Strict", PolicyImportHelper.SecurityPolicyNS); PolicyImportHelper.AddWrappedPolicyElement(layout, strict); PolicyImportHelper.AddWrappedPolicyElements( transportBinding, token, algorithmSuite, layout); return(transportBinding); }
bool ImportHttpPolicy(MetadataImporter importer, PolicyConversionContext context, WS.SoapBinding soap) { HttpTransportBindingElement httpTransport; var assertions = context.GetBindingAssertions(); var transportPolicy = PolicyImportHelper.GetTransportBindingPolicy(assertions); if (transportPolicy != null) { if (!ImportHttpTransport(importer, context, transportPolicy, out httpTransport)) { return(false); } if (!ImportTransport(importer, httpTransport, transportPolicy)) { return(false); } } else { httpTransport = new HttpTransportBindingElement(); } if (!ImportHttpAuthScheme(importer, httpTransport, context)) { return(false); } context.BindingElements.Add(httpTransport); return(true); }
bool ImportTcpPolicy(MetadataImporter importer, PolicyConversionContext context, WS.Soap12Binding soap) { var assertions = context.GetBindingAssertions(); var tcpTransport = new TcpTransportBindingElement(); var transportPolicy = PolicyImportHelper.GetTransportBindingPolicy(assertions); if (transportPolicy != null) { if (!ImportTcpTransport(importer, context, transportPolicy)) { return(false); } if (!ImportTransport(importer, tcpTransport, transportPolicy)) { return(false); } } var streamed = PolicyImportHelper.GetStreamedMessageFramingPolicy(assertions); if (streamed != null) { tcpTransport.TransferMode = TransferMode.Streamed; } context.BindingElements.Add(tcpTransport); return(true); }
bool ImportTransport(MetadataImporter importer, TransportBindingElement bindingElement, XmlElement transportPolicy) { XmlElement algorithmSuite, layout; if (!PolicyImportHelper.FindPolicyElement( importer, transportPolicy, new QName("AlgorithmSuite", PolicyImportHelper.SecurityPolicyNS), false, true, out algorithmSuite) || !PolicyImportHelper.FindPolicyElement( importer, transportPolicy, new QName("Layout", PolicyImportHelper.SecurityPolicyNS), false, true, out layout)) { return(false); } bool foundUnknown = false; foreach (var node in transportPolicy.ChildNodes) { var e = node as XmlElement; if (e == null) { continue; } importer.AddWarning("Unknown policy assertion: {0}", e.OuterXml); foundUnknown = true; } return(!foundUnknown); }
bool GetTransportToken(MetadataImporter importer, XmlElement transportPolicy, out XmlElement transportToken) { return(PolicyImportHelper.FindPolicyElement( importer, transportPolicy, new QName("TransportToken", PolicyImportHelper.SecurityPolicyNS), false, true, out transportToken)); }
bool ImportHttpAuthScheme(MetadataImporter importer, HttpTransportBindingElement bindingElement, PolicyConversionContext context) { var assertions = context.GetBindingAssertions(); var authSchemes = AuthenticationSchemes.None; var httpsTransport = bindingElement as HttpsTransportBindingElement; bool certificate = httpsTransport != null ? httpsTransport.RequireClientCertificate : false; var authElements = PolicyImportHelper.FindAssertionByNS( assertions, PolicyImportHelper.HttpAuthNS); foreach (XmlElement authElement in authElements) { assertions.Remove(authElement); if (certificate) { importer.AddWarning( "Invalid authentication assertion while " + "using client certificate: {0}", authElement.OuterXml); return(false); } switch (authElement.LocalName) { case "BasicAuthentication": authSchemes |= AuthenticationSchemes.Basic; break; case "NtlmAuthentication": authSchemes |= AuthenticationSchemes.Ntlm; break; case "DigestAuthentication": authSchemes |= AuthenticationSchemes.Digest; break; case "NegotiateAuthentication": authSchemes |= AuthenticationSchemes.Negotiate; break; default: importer.AddWarning( "Invalid policy assertion: {0}", authElement.OuterXml); return(false); } } bindingElement.AuthenticationScheme = authSchemes; return(true); }
bool ImportHttpTransport(MetadataImporter importer, PolicyConversionContext context, XmlElement transportPolicy, out HttpTransportBindingElement bindingElement) { XmlElement transportToken; if (!GetTransportToken(importer, transportPolicy, out transportToken)) { bindingElement = null; return(false); } if (transportToken == null) { bindingElement = new HttpTransportBindingElement(); return(true); } bool error; var tokenElementList = PolicyImportHelper.GetPolicyElements(transportToken, out error); if (error || (tokenElementList.Count != 1)) { importer.AddWarning("Invalid policy assertion: {0}", transportToken.OuterXml); bindingElement = null; return(false); } var tokenElement = tokenElementList [0]; if (!PolicyImportHelper.SecurityPolicyNS.Equals(tokenElement.NamespaceURI) || !tokenElement.LocalName.Equals("HttpsToken")) { importer.AddWarning("Invalid policy assertion: {0}", tokenElement.OuterXml); bindingElement = null; return(false); } var httpsTransport = new HttpsTransportBindingElement(); bindingElement = httpsTransport; var certAttr = tokenElement.GetAttribute("RequireClientCertificate"); if (!String.IsNullOrEmpty(certAttr)) { httpsTransport.RequireClientCertificate = Boolean.Parse(certAttr); } return(true); }
bool ImportTcpTransport(MetadataImporter importer, PolicyConversionContext context, XmlElement transportPolicy) { XmlElement transportToken; if (!GetTransportToken(importer, transportPolicy, out transportToken)) { return(false); } if (transportToken == null) { return(true); } bool error; var tokenElementList = PolicyImportHelper.GetPolicyElements(transportToken, out error); if (error || (tokenElementList.Count != 1)) { importer.AddWarning("Invalid policy assertion: {0}", transportToken.OuterXml); return(false); } var tokenElement = tokenElementList [0]; if (!PolicyImportHelper.FramingPolicyNS.Equals(tokenElement.NamespaceURI)) { importer.AddWarning("Invalid policy assertion: {0}", tokenElement.OuterXml); return(false); } if (tokenElement.LocalName.Equals("WindowsTransportSecurity")) { if (!ImportWindowsTransportSecurity(importer, context, tokenElement)) { return(false); } } else if (tokenElement.LocalName.Equals("SslTransportSecurity")) { context.BindingElements.Add(new SslStreamSecurityBindingElement()); } return(true); }
bool ImportWindowsTransportSecurity(MetadataImporter importer, PolicyConversionContext context, XmlElement policyElement) { var protectionLevel = PolicyImportHelper.GetElement( importer, policyElement, "ProtectionLevel", PolicyImportHelper.FramingPolicyNS, true); if (protectionLevel == null) { importer.AddWarning( "Invalid policy assertion: {0}", policyElement.OuterXml); return(false); } var element = new WindowsStreamSecurityBindingElement(); switch (protectionLevel.InnerText.ToLowerInvariant()) { case "none": element.ProtectionLevel = ProtectionLevel.None; break; case "sign": element.ProtectionLevel = ProtectionLevel.Sign; break; case "encryptandsign": element.ProtectionLevel = ProtectionLevel.EncryptAndSign; break; default: importer.AddWarning( "Invalid policy assertion: {0}", protectionLevel.OuterXml); return(false); } context.BindingElements.Add(element); return(true); }
void IPolicyImportExtension.ImportPolicy(MetadataImporter importer, PolicyConversionContext context) { var assertions = context.GetBindingAssertions(); var mtom = PolicyImportHelper.GetMtomMessageEncodingPolicy(assertions); if (mtom != null) { // http://www.w3.org/Submission/WS-MTOMPolicy/ context.BindingElements.Add(new MtomMessageEncodingBindingElement()); return; } var binary = PolicyImportHelper.GetBinaryMessageEncodingPolicy(assertions); if (binary != null) { context.BindingElements.Add(new BinaryMessageEncodingBindingElement()); return; } context.BindingElements.Add(new TextMessageEncodingBindingElement()); }