public SecurityStandardsManager(MessageSecurityVersion messageSecurityVersion, SecurityTokenSerializer tokenSerializer)
{
if (messageSecurityVersion == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("messageSecurityVersion"));
if (tokenSerializer == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenSerializer");
this.messageSecurityVersion = messageSecurityVersion;
this.tokenSerializer = tokenSerializer;
if (messageSecurityVersion.SecureConversationVersion == SecureConversationVersion.WSSecureConversation13)
this.secureConversationDriver = new WSSecureConversationDec2005.DriverDec2005();
else
this.secureConversationDriver = new WSSecureConversationFeb2005.DriverFeb2005();
if (this.SecurityVersion == SecurityVersion.WSSecurity10 || this.SecurityVersion == SecurityVersion.WSSecurity11)
{
this.idManager = WSSecurityJan2004.IdManager.Instance;
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("messageSecurityVersion", SR.GetString(SR.MessageSecurityVersionOutOfRange)));
}
this.wsUtilitySpecificationVersion = WSUtilitySpecificationVersion.Default;
if (messageSecurityVersion.MessageSecurityTokenVersion.TrustVersion == TrustVersion.WSTrust13)
this.trustDriver = new WSTrustDec2005.DriverDec2005(this);
else
this.trustDriver = new WSTrustFeb2005.DriverFeb2005(this);
}
internal Collection <XmlElement> CreateRequestParameters(TrustDriver driver)
{
if (driver == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("driver");
}
Collection <XmlElement> result = new Collection <XmlElement>();
if (_tokenType != null)
{
result.Add(driver.CreateTokenTypeElement(_tokenType));
}
result.Add(driver.CreateKeyTypeElement(_keyType));
if (_keySize != 0)
{
result.Add(driver.CreateKeySizeElement(_keySize));
}
if (_claimTypeRequirements.Count > 0)
{
Collection <XmlElement> claimsElements = new Collection <XmlElement>();
XmlDocument doc = new XmlDocument();
foreach (ClaimTypeRequirement claimType in _claimTypeRequirements)
{
XmlElement element = doc.CreateElement(wsidPrefix, "ClaimType", wsidNamespace);
XmlAttribute attr = doc.CreateAttribute("Uri");
attr.Value = claimType.ClaimType;
element.Attributes.Append(attr);
if (claimType.IsOptional != ClaimTypeRequirement.DefaultIsOptional)
{
attr = doc.CreateAttribute("Optional");
attr.Value = XmlConvert.ToString(claimType.IsOptional);
element.Attributes.Append(attr);
}
claimsElements.Add(element);
}
result.Add(driver.CreateRequiredClaimsElement(claimsElements));
}
if (_additionalRequestParameters.Count > 0)
{
Collection <XmlElement> trustNormalizedParameters = NormalizeAdditionalParameters(_additionalRequestParameters,
driver,
(_claimTypeRequirements.Count > 0));
foreach (XmlElement parameter in trustNormalizedParameters)
{
result.Add(parameter);
}
}
return(result);
}
internal Collection <XmlElement> CreateRequestParameters(TrustDriver driver)
{
if (driver == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("driver");
}
Collection <XmlElement> collection1 = new Collection <XmlElement>();
if (this.tokenType != null)
{
collection1.Add(driver.CreateTokenTypeElement(this.tokenType));
}
collection1.Add(driver.CreateKeyTypeElement(this.keyType));
if (this.keySize != 0)
{
collection1.Add(driver.CreateKeySizeElement(this.keySize));
}
if (this.claimTypeRequirements.Count > 0)
{
Collection <XmlElement> collection2 = new Collection <XmlElement>();
XmlDocument xmlDocument = new XmlDocument();
foreach (ClaimTypeRequirement claimTypeRequirement in this.claimTypeRequirements)
{
XmlElement element = xmlDocument.CreateElement("wsid", "ClaimType", "http://schemas.xmlsoap.org/ws/2005/05/identity");
XmlAttribute attribute1 = xmlDocument.CreateAttribute("Uri");
attribute1.Value = claimTypeRequirement.ClaimType;
element.Attributes.Append(attribute1);
if (claimTypeRequirement.IsOptional)
{
XmlAttribute attribute2 = xmlDocument.CreateAttribute("Optional");
attribute2.Value = XmlConvert.ToString(claimTypeRequirement.IsOptional);
element.Attributes.Append(attribute2);
}
collection2.Add(element);
}
collection1.Add(driver.CreateRequiredClaimsElement((IEnumerable <XmlElement>)collection2));
}
if (this.additionalRequestParameters.Count > 0)
{
foreach (XmlElement additionalParameter in this.NormalizeAdditionalParameters(this.additionalRequestParameters, driver, this.claimTypeRequirements.Count > 0))
{
collection1.Add(additionalParameter);
}
}
return(collection1);
}
internal Collection <XmlElement> CreateRequestParameters(TrustDriver driver)
{
if (driver == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("driver");
}
Collection <XmlElement> collection = new Collection <XmlElement>();
if (this.tokenType != null)
{
collection.Add(driver.CreateTokenTypeElement(this.tokenType));
}
collection.Add(driver.CreateKeyTypeElement(this.keyType));
if (this.keySize != 0)
{
collection.Add(driver.CreateKeySizeElement(this.keySize));
}
if (this.claimTypeRequirements.Count > 0)
{
Collection <XmlElement> claimsList = new Collection <XmlElement>();
XmlDocument document = new XmlDocument();
foreach (ClaimTypeRequirement requirement in this.claimTypeRequirements)
{
XmlElement item = document.CreateElement("wsid", "ClaimType", "http://schemas.xmlsoap.org/ws/2005/05/identity");
System.Xml.XmlAttribute node = document.CreateAttribute("Uri");
node.Value = requirement.ClaimType;
item.Attributes.Append(node);
if (requirement.IsOptional)
{
node = document.CreateAttribute("Optional");
node.Value = XmlConvert.ToString(requirement.IsOptional);
item.Attributes.Append(node);
}
claimsList.Add(item);
}
collection.Add(driver.CreateRequiredClaimsElement(claimsList));
}
if (this.additionalRequestParameters.Count > 0)
{
foreach (XmlElement element2 in this.NormalizeAdditionalParameters(this.additionalRequestParameters, driver, this.claimTypeRequirements.Count > 0))
{
collection.Add(element2);
}
}
return(collection);
}
public TokenIssuerPolicyResolver(TrustDriver driver)
{
this.trustDriver = driver;
}
private Collection <XmlElement> NormalizeAdditionalParameters(Collection <XmlElement> additionalParameters,
TrustDriver driver,
bool clientSideClaimTypeRequirementsSpecified)
{
throw new NotImplementedException();
}
internal Collection<XmlElement> CreateRequestParameters(TrustDriver driver)
{
if (driver == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("driver");
Collection<XmlElement> result = new Collection<XmlElement>();
if (this.tokenType != null)
{
result.Add(driver.CreateTokenTypeElement(tokenType));
}
result.Add(driver.CreateKeyTypeElement(this.keyType));
if (this.keySize != 0)
{
result.Add(driver.CreateKeySizeElement(keySize));
}
if (this.claimTypeRequirements.Count > 0)
{
Collection<XmlElement> claimsElements = new Collection<XmlElement>();
XmlDocument doc = new XmlDocument();
foreach (ClaimTypeRequirement claimType in this.claimTypeRequirements)
{
XmlElement element = doc.CreateElement(wsidPrefix, "ClaimType", wsidNamespace);
XmlAttribute attr = doc.CreateAttribute("Uri");
attr.Value = claimType.ClaimType;
element.Attributes.Append(attr);
if (claimType.IsOptional != ClaimTypeRequirement.DefaultIsOptional)
{
attr = doc.CreateAttribute("Optional");
attr.Value = XmlConvert.ToString(claimType.IsOptional);
element.Attributes.Append(attr);
}
claimsElements.Add(element);
}
result.Add(driver.CreateRequiredClaimsElement(claimsElements));
}
if (this.additionalRequestParameters.Count > 0)
{
Collection<XmlElement> trustNormalizedParameters = NormalizeAdditionalParameters(this.additionalRequestParameters,
driver,
(this.claimTypeRequirements.Count > 0));
foreach (XmlElement parameter in trustNormalizedParameters)
{
result.Add(parameter);
}
}
return result;
}
internal void SetRequestParameters(Collection <XmlElement> requestParameters, TrustDriver trustDriver)
{
if (requestParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("requestParameters");
}
if (trustDriver == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("trustDriver");
}
Collection <XmlElement> unknownRequestParameters = new Collection <XmlElement>();
foreach (XmlElement element in requestParameters)
{
int keySize;
string tokenType;
SecurityKeyType keyType;
Collection <XmlElement> requiredClaims;
if (trustDriver.TryParseKeySizeElement(element, out keySize))
{
_keySize = keySize;
}
else if (trustDriver.TryParseKeyTypeElement(element, out keyType))
{
this.KeyType = keyType;
}
else if (trustDriver.TryParseTokenTypeElement(element, out tokenType))
{
this.TokenType = tokenType;
}
// Only copy RP policy to client policy for TrustFeb2005
else if (trustDriver.StandardsManager.TrustVersion == TrustVersion.WSTrustFeb2005)
{
if (trustDriver.TryParseRequiredClaimsElement(element, out requiredClaims))
{
Collection <XmlElement> unrecognizedRequiredClaims = new Collection <XmlElement>();
foreach (XmlElement claimRequirement in requiredClaims)
{
if (claimRequirement.LocalName == "ClaimType" && claimRequirement.NamespaceURI == wsidNamespace)
{
string claimValue = claimRequirement.GetAttribute("Uri", string.Empty);
if (!string.IsNullOrEmpty(claimValue))
{
ClaimTypeRequirement claimTypeRequirement;
string optional = claimRequirement.GetAttribute("Optional", string.Empty);
if (String.IsNullOrEmpty(optional))
{
claimTypeRequirement = new ClaimTypeRequirement(claimValue);
}
else
{
claimTypeRequirement = new ClaimTypeRequirement(claimValue, XmlConvert.ToBoolean(optional));
}
_claimTypeRequirements.Add(claimTypeRequirement);
}
}
else
{
unrecognizedRequiredClaims.Add(claimRequirement);
}
}
if (unrecognizedRequiredClaims.Count > 0)
{
unknownRequestParameters.Add(trustDriver.CreateRequiredClaimsElement(unrecognizedRequiredClaims));
}
}
else
{
unknownRequestParameters.Add(element);
}
}
}
unknownRequestParameters = trustDriver.ProcessUnknownRequestParameters(unknownRequestParameters, requestParameters);
if (unknownRequestParameters.Count > 0)
{
for (int i = 0; i < unknownRequestParameters.Count; ++i)
{
this.AdditionalRequestParameters.Add(unknownRequestParameters[i]);
}
}
}
internal void SetRequestParameters(Collection<XmlElement> requestParameters, TrustDriver trustDriver)
{
if (requestParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("requestParameters");
}
if (trustDriver == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("trustDriver");
}
Collection<XmlElement> unknownRequestParameters = new Collection<XmlElement>();
foreach (XmlElement element in requestParameters)
{
int num;
if (trustDriver.TryParseKeySizeElement(element, out num))
{
this.keySize = num;
}
else
{
SecurityKeyType type;
if (trustDriver.TryParseKeyTypeElement(element, out type))
{
this.KeyType = type;
}
else
{
string str;
if (trustDriver.TryParseTokenTypeElement(element, out str))
{
this.TokenType = str;
}
else if (trustDriver.StandardsManager.TrustVersion == TrustVersion.WSTrustFeb2005)
{
Collection<XmlElement> collection2;
if (trustDriver.TryParseRequiredClaimsElement(element, out collection2))
{
Collection<XmlElement> claimsList = new Collection<XmlElement>();
foreach (XmlElement element2 in collection2)
{
if ((element2.LocalName == "ClaimType") && (element2.NamespaceURI == "http://schemas.xmlsoap.org/ws/2005/05/identity"))
{
string attribute = element2.GetAttribute("Uri", string.Empty);
if (!string.IsNullOrEmpty(attribute))
{
ClaimTypeRequirement requirement;
string str3 = element2.GetAttribute("Optional", string.Empty);
if (string.IsNullOrEmpty(str3))
{
requirement = new ClaimTypeRequirement(attribute);
}
else
{
requirement = new ClaimTypeRequirement(attribute, XmlConvert.ToBoolean(str3));
}
this.claimTypeRequirements.Add(requirement);
}
}
else
{
claimsList.Add(element2);
}
}
if (claimsList.Count > 0)
{
unknownRequestParameters.Add(trustDriver.CreateRequiredClaimsElement(claimsList));
}
}
else
{
unknownRequestParameters.Add(element);
}
}
}
}
}
unknownRequestParameters = trustDriver.ProcessUnknownRequestParameters(unknownRequestParameters, requestParameters);
if (unknownRequestParameters.Count > 0)
{
for (int i = 0; i < unknownRequestParameters.Count; i++)
{
this.AdditionalRequestParameters.Add(unknownRequestParameters[i]);
}
}
}
private Collection<XmlElement> NormalizeAdditionalParameters(Collection<XmlElement> additionalParameters, TrustDriver driver, bool clientSideClaimTypeRequirementsSpecified)
{
Collection<XmlElement> collection = new Collection<XmlElement>();
foreach (XmlElement element in additionalParameters)
{
collection.Add(element);
}
if (driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13)
{
XmlElement item = null;
XmlElement element3 = null;
XmlElement element4 = null;
XmlElement element5 = null;
for (int i = 0; i < collection.Count; i++)
{
string str;
if (driver.IsEncryptionAlgorithmElement(collection[i], out str))
{
item = collection[i];
}
else if (driver.IsCanonicalizationAlgorithmElement(collection[i], out str))
{
element3 = collection[i];
}
else if (driver.IsKeyWrapAlgorithmElement(collection[i], out str))
{
element4 = collection[i];
}
else if (((WSTrustDec2005.DriverDec2005) driver).IsSecondaryParametersElement(collection[i]))
{
element5 = collection[i];
}
}
if (element5 != null)
{
foreach (System.Xml.XmlNode node in element5.ChildNodes)
{
XmlElement element6 = node as XmlElement;
if (element6 != null)
{
string encryptionAlgorithm = null;
if (driver.IsEncryptionAlgorithmElement(element6, out encryptionAlgorithm) && (item != null))
{
collection.Remove(item);
}
else if (driver.IsCanonicalizationAlgorithmElement(element6, out encryptionAlgorithm) && (element3 != null))
{
collection.Remove(element3);
}
else if (driver.IsKeyWrapAlgorithmElement(element6, out encryptionAlgorithm) && (element4 != null))
{
collection.Remove(element4);
}
}
}
}
}
if (((driver.StandardsManager.TrustVersion == TrustVersion.WSTrustFeb2005) && !this.CollectionContainsElementsWithTrustNamespace(additionalParameters, "http://schemas.xmlsoap.org/ws/2005/02/trust")) || ((driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13) && !this.CollectionContainsElementsWithTrustNamespace(additionalParameters, "http://docs.oasis-open.org/ws-sx/ws-trust/200512")))
{
if (driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13)
{
WSTrustFeb2005.DriverFeb2005 feb = (WSTrustFeb2005.DriverFeb2005) SecurityStandardsManager.DefaultInstance.TrustDriver;
for (int j = 0; j < collection.Count; j++)
{
string signatureAlgorithm = string.Empty;
if (feb.IsSignWithElement(collection[j], out signatureAlgorithm))
{
collection[j] = driver.CreateSignWithElement(signatureAlgorithm);
}
else if (feb.IsEncryptWithElement(collection[j], out signatureAlgorithm))
{
collection[j] = driver.CreateEncryptWithElement(signatureAlgorithm);
}
else if (feb.IsEncryptionAlgorithmElement(collection[j], out signatureAlgorithm))
{
collection[j] = driver.CreateEncryptionAlgorithmElement(signatureAlgorithm);
}
else if (feb.IsCanonicalizationAlgorithmElement(collection[j], out signatureAlgorithm))
{
collection[j] = driver.CreateCanonicalizationAlgorithmElement(signatureAlgorithm);
}
}
return collection;
}
Collection<XmlElement> collection2 = null;
WSSecurityTokenSerializer tokenSerializer = new WSSecurityTokenSerializer(SecurityVersion.WSSecurity11, TrustVersion.WSTrust13, SecureConversationVersion.WSSecureConversation13, true, null, null, null);
SecurityStandardsManager manager2 = new SecurityStandardsManager(MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12, tokenSerializer);
WSTrustDec2005.DriverDec2005 trustDriver = (WSTrustDec2005.DriverDec2005) manager2.TrustDriver;
foreach (XmlElement element7 in collection)
{
if (trustDriver.IsSecondaryParametersElement(element7))
{
collection2 = new Collection<XmlElement>();
foreach (System.Xml.XmlNode node2 in element7.ChildNodes)
{
XmlElement innerElement = node2 as XmlElement;
if ((innerElement != null) && this.CanPromoteToRoot(innerElement, trustDriver, clientSideClaimTypeRequirementsSpecified))
{
collection2.Add(innerElement);
}
}
collection.Remove(element7);
break;
}
}
if ((collection2 != null) && (collection2.Count > 0))
{
XmlElement element9 = null;
string str4 = string.Empty;
XmlElement element10 = null;
string canonicalizationAlgorithm = string.Empty;
XmlElement element11 = null;
Collection<XmlElement> requiredClaims = null;
Collection<XmlElement> collection4 = new Collection<XmlElement>();
foreach (XmlElement element12 in collection2)
{
if ((element9 == null) && trustDriver.IsEncryptionAlgorithmElement(element12, out str4))
{
element9 = driver.CreateEncryptionAlgorithmElement(str4);
collection4.Add(element12);
}
else if ((element10 == null) && trustDriver.IsCanonicalizationAlgorithmElement(element12, out canonicalizationAlgorithm))
{
element10 = driver.CreateCanonicalizationAlgorithmElement(canonicalizationAlgorithm);
collection4.Add(element12);
}
else if ((element11 == null) && trustDriver.TryParseRequiredClaimsElement(element12, out requiredClaims))
{
element11 = driver.CreateRequiredClaimsElement(requiredClaims);
collection4.Add(element12);
}
}
for (int k = 0; k < collection4.Count; k++)
{
collection2.Remove(collection4[k]);
}
XmlElement element13 = null;
for (int m = 0; m < collection.Count; m++)
{
string str6;
if (trustDriver.IsSignWithElement(collection[m], out str6))
{
collection[m] = driver.CreateSignWithElement(str6);
}
else if (trustDriver.IsEncryptWithElement(collection[m], out str6))
{
collection[m] = driver.CreateEncryptWithElement(str6);
}
else if (trustDriver.IsEncryptionAlgorithmElement(collection[m], out str6) && (element9 != null))
{
collection[m] = element9;
element9 = null;
}
else if (trustDriver.IsCanonicalizationAlgorithmElement(collection[m], out str6) && (element10 != null))
{
collection[m] = element10;
element10 = null;
}
else if (trustDriver.IsKeyWrapAlgorithmElement(collection[m], out str6) && (element13 == null))
{
element13 = collection[m];
}
else
{
Collection<XmlElement> collection5;
if (trustDriver.TryParseRequiredClaimsElement(collection[m], out collection5) && (element11 != null))
{
collection[m] = element11;
element11 = null;
}
}
}
if (element13 != null)
{
collection.Remove(element13);
}
if (element9 != null)
{
collection.Add(element9);
}
if (element10 != null)
{
collection.Add(element10);
}
if (element11 != null)
{
collection.Add(element11);
}
if (collection2.Count <= 0)
{
return collection;
}
for (int n = 0; n < collection2.Count; n++)
{
collection.Add(collection2[n]);
}
}
}
return collection;
}
internal Collection<XmlElement> CreateRequestParameters(TrustDriver driver)
{
if (driver == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("driver");
}
Collection<XmlElement> collection = new Collection<XmlElement>();
if (this.tokenType != null)
{
collection.Add(driver.CreateTokenTypeElement(this.tokenType));
}
collection.Add(driver.CreateKeyTypeElement(this.keyType));
if (this.keySize != 0)
{
collection.Add(driver.CreateKeySizeElement(this.keySize));
}
if (this.claimTypeRequirements.Count > 0)
{
Collection<XmlElement> claimsList = new Collection<XmlElement>();
XmlDocument document = new XmlDocument();
foreach (ClaimTypeRequirement requirement in this.claimTypeRequirements)
{
XmlElement item = document.CreateElement("wsid", "ClaimType", "http://schemas.xmlsoap.org/ws/2005/05/identity");
System.Xml.XmlAttribute node = document.CreateAttribute("Uri");
node.Value = requirement.ClaimType;
item.Attributes.Append(node);
if (requirement.IsOptional)
{
node = document.CreateAttribute("Optional");
node.Value = XmlConvert.ToString(requirement.IsOptional);
item.Attributes.Append(node);
}
claimsList.Add(item);
}
collection.Add(driver.CreateRequiredClaimsElement(claimsList));
}
if (this.additionalRequestParameters.Count > 0)
{
foreach (XmlElement element2 in this.NormalizeAdditionalParameters(this.additionalRequestParameters, driver, this.claimTypeRequirements.Count > 0))
{
collection.Add(element2);
}
}
return collection;
}
private Collection <XmlElement> NormalizeAdditionalParameters(Collection <XmlElement> additionalParameters,
TrustDriver driver,
bool clientSideClaimTypeRequirementsSpecified)
{
// Ensure STS trust version is one of the currently supported versions: Feb 05 / Trust 1.3
Fx.Assert(((driver.StandardsManager.TrustVersion == TrustVersion.WSTrustFeb2005) ||
(driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13)),
"Unsupported trust version specified for the STS.");
// We have a mismatch. Make a local copy of additionalParameters for making any potential modifications
// as part of normalization
Collection <XmlElement> tmpCollection = new Collection <XmlElement>();
foreach (XmlElement e in additionalParameters)
{
tmpCollection.Add(e);
}
// 1. For Trust 1.3 EncryptionAlgorithm, CanonicalizationAlgorithm and KeyWrapAlgorithm should not be
// specified as top-level element if "SecondaryParameters" element already specifies this.
if (driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13)
{
Fx.Assert(driver.GetType() == typeof(WSTrustDec2005.DriverDec2005), "Invalid Trust Driver specified for Trust 1.3.");
XmlElement encryptionAlgorithmElement = null;
XmlElement canonicalizationAlgorithmElement = null;
XmlElement keyWrapAlgorithmElement = null;
XmlElement secondaryParameter = null;
for (int i = 0; i < tmpCollection.Count; ++i)
{
if (driver.IsEncryptionAlgorithmElement(tmpCollection[i], out string algorithm))
{
encryptionAlgorithmElement = tmpCollection[i];
}
else if (driver.IsCanonicalizationAlgorithmElement(tmpCollection[i], out algorithm))
{
canonicalizationAlgorithmElement = tmpCollection[i];
}
else if (driver.IsKeyWrapAlgorithmElement(tmpCollection[i], out algorithm))
{
keyWrapAlgorithmElement = tmpCollection[i];
}
else if (((WSTrustDec2005.DriverDec2005)driver).IsSecondaryParametersElement(tmpCollection[i]))
{
secondaryParameter = tmpCollection[i];
}
}
if (secondaryParameter != null)
{
foreach (XmlNode node in secondaryParameter.ChildNodes)
{
if (node is XmlElement child)
{
if (driver.IsEncryptionAlgorithmElement(child, out string algorithm) && (encryptionAlgorithmElement != null))
{
tmpCollection.Remove(encryptionAlgorithmElement);
}
else if (driver.IsCanonicalizationAlgorithmElement(child, out algorithm) && (canonicalizationAlgorithmElement != null))
{
tmpCollection.Remove(canonicalizationAlgorithmElement);
}
else if (driver.IsKeyWrapAlgorithmElement(child, out algorithm) && (keyWrapAlgorithmElement != null))
{
tmpCollection.Remove(keyWrapAlgorithmElement);
}
}
}
}
}
// 2. Check for Mismatch.
// a. Trust Feb 2005 -> Trust 1.3. do the following,
// (i) Copy EncryptionAlgorithm and CanonicalizationAlgorithm as the top-level elements.
// Note, this is in contradiction to step 1. But we don't have a choice here as we cannot say from the
// Additional Parameters section in the config what came from the service and what came from the client.
// (ii) Convert SignWith and EncryptWith elements to Trust 1.3 namespace.
// b. For Trust 1.3 -> Trust Feb 2005, do the following,
// (i) Find EncryptionAlgorithm, CanonicalizationAlgorithm from inside the "SecondaryParameters" element.
// If found, then promote these as the top-level elements replacing the existing values.
// (ii) Convert the SignWith and EncryptWith elements to the Trust Feb 2005 namespace and drop the KeyWrapAlgorithm
// element.
// make an optimistic check to detect mismatched trust-versions between STS and RP
bool mismatch = (((driver.StandardsManager.TrustVersion == TrustVersion.WSTrustFeb2005) &&
!CollectionContainsElementsWithTrustNamespace(additionalParameters, TrustFeb2005Strings.Namespace)) ||
((driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13) &&
!CollectionContainsElementsWithTrustNamespace(additionalParameters, TrustDec2005Strings.Namespace)));
// if no mismatch, return unmodified collection
if (!mismatch)
{
return(tmpCollection);
}
// 2.a
// If we are talking to a Trust 1.3 STS, replace any Feb '05 algorithm parameters with their Trust 1.3 counterparts
if (driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13)
{
SecurityStandardsManager trustFeb2005StandardsManager = SecurityStandardsManager.DefaultInstance;
// the following cast is guaranteed to succeed
WSTrustFeb2005.DriverFeb2005 trustFeb2005Driver = (WSTrustFeb2005.DriverFeb2005)trustFeb2005StandardsManager.TrustDriver;
for (int i = 0; i < tmpCollection.Count; i++)
{
if (trustFeb2005Driver.IsSignWithElement(tmpCollection[i], out string algorithmParameter))
{
tmpCollection[i] = driver.CreateSignWithElement(algorithmParameter);
}
else if (trustFeb2005Driver.IsEncryptWithElement(tmpCollection[i], out algorithmParameter))
{
tmpCollection[i] = driver.CreateEncryptWithElement(algorithmParameter);
}
else if (trustFeb2005Driver.IsEncryptionAlgorithmElement(tmpCollection[i], out algorithmParameter))
{
tmpCollection[i] = driver.CreateEncryptionAlgorithmElement(algorithmParameter);
}
else if (trustFeb2005Driver.IsCanonicalizationAlgorithmElement(tmpCollection[i], out algorithmParameter))
{
tmpCollection[i] = driver.CreateCanonicalizationAlgorithmElement(algorithmParameter);
}
}
}
else
{
// 2.b
// We are talking to a Feb 05 STS. Filter out any SecondaryParameters element.
Collection <XmlElement> childrenToPromote = null;
WSSecurityTokenSerializer trust13Serializer = new WSSecurityTokenSerializer(SecurityVersion.WSSecurity11,
TrustVersion.WSTrust13,
SecureConversationVersion.WSSecureConversation13,
true, null, null, null);
SecurityStandardsManager trust13StandardsManager = new SecurityStandardsManager(MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12, trust13Serializer);
// the following cast is guaranteed to succeed
WSTrustDec2005.DriverDec2005 trust13Driver = (WSTrustDec2005.DriverDec2005)trust13StandardsManager.TrustDriver;
foreach (XmlElement parameter in tmpCollection)
{
// check if SecondaryParameters is present
if (trust13Driver.IsSecondaryParametersElement(parameter))
{
childrenToPromote = new Collection <XmlElement>();
// walk SecondaryParameters and collect any 'non-standard' children
foreach (XmlNode innerNode in parameter.ChildNodes)
{
if ((innerNode is XmlElement innerElement) && CanPromoteToRoot(innerElement, trust13Driver, clientSideClaimTypeRequirementsSpecified))
{
childrenToPromote.Add(innerElement);
}
}
// remove SecondaryParameters element
tmpCollection.Remove(parameter);
// we are done - break out of the loop
break;
}
}
// Probe of standard Trust elements and remember them.
if ((childrenToPromote != null) && (childrenToPromote.Count > 0))
{
XmlElement encryptionElement = null;
XmlElement canonicalizationElement = null;
XmlElement requiredClaimsElement = null;
Collection <XmlElement> processedElements = new Collection <XmlElement>();
foreach (XmlElement e in childrenToPromote)
{
if ((encryptionElement == null) && trust13Driver.IsEncryptionAlgorithmElement(e, out string encryptionAlgorithm))
{
encryptionElement = driver.CreateEncryptionAlgorithmElement(encryptionAlgorithm);
processedElements.Add(e);
}
else if ((canonicalizationElement == null) && trust13Driver.IsCanonicalizationAlgorithmElement(e, out string canonicalizationAlgoritm))
{
canonicalizationElement = driver.CreateCanonicalizationAlgorithmElement(canonicalizationAlgoritm);
processedElements.Add(e);
}
else if ((requiredClaimsElement == null) && trust13Driver.TryParseRequiredClaimsElement(e, out Collection <XmlElement> requiredClaims))
{
requiredClaimsElement = driver.CreateRequiredClaimsElement(requiredClaims);
processedElements.Add(e);
}
}
for (int i = 0; i < processedElements.Count; ++i)
{
childrenToPromote.Remove(processedElements[i]);
}
XmlElement keyWrapAlgorithmElement = null;
// Replace the appropriate elements.
for (int i = 0; i < tmpCollection.Count; ++i)
{
if (trust13Driver.IsSignWithElement(tmpCollection[i], out string algorithmParameter))
{
tmpCollection[i] = driver.CreateSignWithElement(algorithmParameter);
}
else if (trust13Driver.IsEncryptWithElement(tmpCollection[i], out algorithmParameter))
{
tmpCollection[i] = driver.CreateEncryptWithElement(algorithmParameter);
}
else if (trust13Driver.IsEncryptionAlgorithmElement(tmpCollection[i], out algorithmParameter) && (encryptionElement != null))
{
tmpCollection[i] = encryptionElement;
encryptionElement = null;
}
else if (trust13Driver.IsCanonicalizationAlgorithmElement(tmpCollection[i], out algorithmParameter) && (canonicalizationElement != null))
{
tmpCollection[i] = canonicalizationElement;
canonicalizationElement = null;
}
else if (trust13Driver.IsKeyWrapAlgorithmElement(tmpCollection[i], out algorithmParameter) && (keyWrapAlgorithmElement == null))
{
keyWrapAlgorithmElement = tmpCollection[i];
}
else if (trust13Driver.TryParseRequiredClaimsElement(tmpCollection[i], out Collection <XmlElement> reqClaims) && (requiredClaimsElement != null))
{
tmpCollection[i] = requiredClaimsElement;
requiredClaimsElement = null;
}
}
if (keyWrapAlgorithmElement != null)
{
// Remove KeyWrapAlgorithmElement as this is not define in Trust Feb 2005.
tmpCollection.Remove(keyWrapAlgorithmElement);
}
// Add the remaining elements to the additionaParameters list to the end.
if (encryptionElement != null)
{
tmpCollection.Add(encryptionElement);
}
if (canonicalizationElement != null)
{
tmpCollection.Add(canonicalizationElement);
}
if (requiredClaimsElement != null)
{
tmpCollection.Add(requiredClaimsElement);
}
if (childrenToPromote.Count > 0)
{
// There are some non-standard elements. Just bump them to the top-level element.
for (int i = 0; i < childrenToPromote.Count; ++i)
{
tmpCollection.Add(childrenToPromote[i]);
}
}
}
}
return(tmpCollection);
}
internal void SetRequestParameters(Collection<XmlElement> requestParameters, TrustDriver trustDriver)
{
if (requestParameters == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("requestParameters");
if (trustDriver == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("trustDriver");
Collection<XmlElement> unknownRequestParameters = new Collection<XmlElement>();
foreach (XmlElement element in requestParameters)
{
int keySize;
string tokenType;
SecurityKeyType keyType;
Collection<XmlElement> requiredClaims;
if (trustDriver.TryParseKeySizeElement(element, out keySize))
this.keySize = keySize;
else if (trustDriver.TryParseKeyTypeElement(element, out keyType))
this.KeyType = keyType;
else if (trustDriver.TryParseTokenTypeElement(element, out tokenType))
this.TokenType = tokenType;
// Only copy RP policy to client policy for TrustFeb2005
else if (trustDriver.StandardsManager.TrustVersion == TrustVersion.WSTrustFeb2005)
{
if (trustDriver.TryParseRequiredClaimsElement(element, out requiredClaims))
{
Collection<XmlElement> unrecognizedRequiredClaims = new Collection<XmlElement>();
foreach (XmlElement claimRequirement in requiredClaims)
{
if (claimRequirement.LocalName == "ClaimType" && claimRequirement.NamespaceURI == wsidNamespace)
{
string claimValue = claimRequirement.GetAttribute("Uri", string.Empty);
if (!string.IsNullOrEmpty(claimValue))
{
ClaimTypeRequirement claimTypeRequirement;
string optional = claimRequirement.GetAttribute("Optional", string.Empty);
if (String.IsNullOrEmpty(optional))
{
claimTypeRequirement = new ClaimTypeRequirement(claimValue);
}
else
{
claimTypeRequirement = new ClaimTypeRequirement(claimValue, XmlConvert.ToBoolean(optional));
}
this.claimTypeRequirements.Add(claimTypeRequirement);
}
}
else
{
unrecognizedRequiredClaims.Add(claimRequirement);
}
}
if (unrecognizedRequiredClaims.Count > 0)
unknownRequestParameters.Add(trustDriver.CreateRequiredClaimsElement(unrecognizedRequiredClaims));
}
else
{
unknownRequestParameters.Add(element);
}
}
}
unknownRequestParameters = trustDriver.ProcessUnknownRequestParameters(unknownRequestParameters, requestParameters);
if (unknownRequestParameters.Count > 0)
{
for (int i = 0; i < unknownRequestParameters.Count; ++i)
this.AdditionalRequestParameters.Add(unknownRequestParameters[i]);
}
}
void AddCompatibleFederationEndpoints(ServiceEndpointCollection serviceEndpoints, IssuedSecurityTokenParameters parameters)
{
// check if an explicit issuer address has been specified. If so,add the endpoint corresponding to that address only. If not add all acceptable endpoints.
bool isIssuerSpecified = (parameters.IssuerAddress != null && !parameters.IssuerAddress.IsAnonymous);
foreach (ServiceEndpoint endpoint in serviceEndpoints)
{
TrustDriver trustDriver;
if (!TryGetTrustDriver(endpoint, out trustDriver))
{
// if endpoint does not have trustDriver, assume
// parent trustDriver.
trustDriver = this.trustDriver;
}
bool isFederationContract = false;
ContractDescription contract = endpoint.Contract;
for (int j = 0; j < contract.Operations.Count; ++j)
{
OperationDescription operation = contract.Operations[j];
bool hasIncomingRst = false;
bool hasOutgoingRstr = false;
for (int k = 0; k < operation.Messages.Count; ++k)
{
MessageDescription message = operation.Messages[k];
if (message.Action == trustDriver.RequestSecurityTokenAction.Value && message.Direction == MessageDirection.Input)
{
hasIncomingRst = true;
}
else if ((((trustDriver.StandardsManager.TrustVersion == TrustVersion.WSTrustFeb2005) && (message.Action == trustDriver.RequestSecurityTokenResponseAction.Value)) ||
((trustDriver.StandardsManager.TrustVersion == TrustVersion.WSTrust13) && (message.Action == trustDriver.RequestSecurityTokenResponseFinalAction.Value))) &&
message.Direction == MessageDirection.Output)
{
hasOutgoingRstr = true;
}
}
if (hasIncomingRst && hasOutgoingRstr)
{
isFederationContract = true;
break;
}
}
if (isFederationContract)
{
// skip if it is not an acceptable endpoint
if (isIssuerSpecified && !parameters.IssuerAddress.Uri.Equals(endpoint.Address.Uri))
{
continue;
}
if (parameters.IssuerBinding == null)
{
parameters.IssuerAddress = endpoint.Address;
parameters.IssuerBinding = endpoint.Binding;
}
else
{
IssuedSecurityTokenParameters.AlternativeIssuerEndpoint endpointInfo = new IssuedSecurityTokenParameters.AlternativeIssuerEndpoint();
endpointInfo.IssuerAddress = endpoint.Address;
endpointInfo.IssuerBinding = endpoint.Binding;
parameters.AlternativeIssuerEndpoints.Add(endpointInfo);
}
}
}
}
internal void SetRequestParameters(Collection <XmlElement> requestParameters, TrustDriver trustDriver)
{
if (requestParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("requestParameters");
}
if (trustDriver == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("trustDriver");
}
Collection <XmlElement> unknownRequestParameters = new Collection <XmlElement>();
foreach (XmlElement requestParameter in requestParameters)
{
int keySize;
if (trustDriver.TryParseKeySizeElement(requestParameter, out keySize))
{
this.keySize = keySize;
}
else
{
SecurityKeyType keyType;
if (trustDriver.TryParseKeyTypeElement(requestParameter, out keyType))
{
this.KeyType = keyType;
}
else
{
string tokenType;
if (trustDriver.TryParseTokenTypeElement(requestParameter, out tokenType))
{
this.TokenType = tokenType;
}
else if (trustDriver.StandardsManager.TrustVersion == TrustVersion.WSTrustFeb2005)
{
Collection <XmlElement> requiredClaims;
if (trustDriver.TryParseRequiredClaimsElement(requestParameter, out requiredClaims))
{
Collection <XmlElement> collection = new Collection <XmlElement>();
foreach (XmlElement xmlElement in requiredClaims)
{
if (xmlElement.LocalName == "ClaimType" && xmlElement.NamespaceURI == "http://schemas.xmlsoap.org/ws/2005/05/identity")
{
string attribute1 = xmlElement.GetAttribute("Uri", string.Empty);
if (!string.IsNullOrEmpty(attribute1))
{
string attribute2 = xmlElement.GetAttribute("Optional", string.Empty);
this.claimTypeRequirements.Add(!string.IsNullOrEmpty(attribute2) ? new ClaimTypeRequirement(attribute1, XmlConvert.ToBoolean(attribute2)) : new ClaimTypeRequirement(attribute1));
}
}
else
{
collection.Add(xmlElement);
}
}
if (collection.Count > 0)
{
unknownRequestParameters.Add(trustDriver.CreateRequiredClaimsElement((IEnumerable <XmlElement>)collection));
}
}
else
{
unknownRequestParameters.Add(requestParameter);
}
}
}
}
}
Collection <XmlElement> collection1 = trustDriver.ProcessUnknownRequestParameters(unknownRequestParameters, requestParameters);
if (collection1.Count <= 0)
{
return;
}
for (int index = 0; index < collection1.Count; ++index)
{
this.AdditionalRequestParameters.Add(collection1[index]);
}
}
private void AddCompatibleFederationEndpoints(ServiceEndpointCollection serviceEndpoints, IssuedSecurityTokenParameters parameters)
{
bool flag = (parameters.IssuerAddress != null) && !parameters.IssuerAddress.IsAnonymous;
foreach (ServiceEndpoint endpoint in serviceEndpoints)
{
TrustDriver trustDriver;
if (!this.TryGetTrustDriver(endpoint, out trustDriver))
{
trustDriver = this.trustDriver;
}
bool flag2 = false;
ContractDescription contract = endpoint.Contract;
for (int i = 0; i < contract.Operations.Count; i++)
{
OperationDescription description2 = contract.Operations[i];
bool flag3 = false;
bool flag4 = false;
for (int j = 0; j < description2.Messages.Count; j++)
{
MessageDescription description3 = description2.Messages[j];
if ((description3.Action == trustDriver.RequestSecurityTokenAction.Value) && (description3.Direction == MessageDirection.Input))
{
flag3 = true;
}
else if ((((trustDriver.StandardsManager.TrustVersion == TrustVersion.WSTrustFeb2005) && (description3.Action == trustDriver.RequestSecurityTokenResponseAction.Value)) || ((trustDriver.StandardsManager.TrustVersion == TrustVersion.WSTrust13) && (description3.Action == trustDriver.RequestSecurityTokenResponseFinalAction.Value))) && (description3.Direction == MessageDirection.Output))
{
flag4 = true;
}
}
if (flag3 && flag4)
{
flag2 = true;
break;
}
}
if (flag2 && (!flag || parameters.IssuerAddress.Uri.Equals(endpoint.Address.Uri)))
{
if (parameters.IssuerBinding == null)
{
parameters.IssuerAddress = endpoint.Address;
parameters.IssuerBinding = endpoint.Binding;
}
else
{
IssuedSecurityTokenParameters.AlternativeIssuerEndpoint item = new IssuedSecurityTokenParameters.AlternativeIssuerEndpoint {
IssuerAddress = endpoint.Address,
IssuerBinding = endpoint.Binding
};
parameters.AlternativeIssuerEndpoints.Add(item);
}
}
}
}
internal void SetRequestParameters(Collection <XmlElement> requestParameters, TrustDriver trustDriver)
{
if (requestParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("requestParameters");
}
if (trustDriver == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("trustDriver");
}
Collection <XmlElement> unknownRequestParameters = new Collection <XmlElement>();
foreach (XmlElement element in requestParameters)
{
int num;
if (trustDriver.TryParseKeySizeElement(element, out num))
{
this.keySize = num;
}
else
{
SecurityKeyType type;
if (trustDriver.TryParseKeyTypeElement(element, out type))
{
this.KeyType = type;
}
else
{
string str;
if (trustDriver.TryParseTokenTypeElement(element, out str))
{
this.TokenType = str;
}
else if (trustDriver.StandardsManager.TrustVersion == TrustVersion.WSTrustFeb2005)
{
Collection <XmlElement> collection2;
if (trustDriver.TryParseRequiredClaimsElement(element, out collection2))
{
Collection <XmlElement> claimsList = new Collection <XmlElement>();
foreach (XmlElement element2 in collection2)
{
if ((element2.LocalName == "ClaimType") && (element2.NamespaceURI == "http://schemas.xmlsoap.org/ws/2005/05/identity"))
{
string attribute = element2.GetAttribute("Uri", string.Empty);
if (!string.IsNullOrEmpty(attribute))
{
ClaimTypeRequirement requirement;
string str3 = element2.GetAttribute("Optional", string.Empty);
if (string.IsNullOrEmpty(str3))
{
requirement = new ClaimTypeRequirement(attribute);
}
else
{
requirement = new ClaimTypeRequirement(attribute, XmlConvert.ToBoolean(str3));
}
this.claimTypeRequirements.Add(requirement);
}
}
else
{
claimsList.Add(element2);
}
}
if (claimsList.Count > 0)
{
unknownRequestParameters.Add(trustDriver.CreateRequiredClaimsElement(claimsList));
}
}
else
{
unknownRequestParameters.Add(element);
}
}
}
}
}
unknownRequestParameters = trustDriver.ProcessUnknownRequestParameters(unknownRequestParameters, requestParameters);
if (unknownRequestParameters.Count > 0)
{
for (int i = 0; i < unknownRequestParameters.Count; i++)
{
this.AdditionalRequestParameters.Add(unknownRequestParameters[i]);
}
}
}
private Collection <XmlElement> NormalizeAdditionalParameters(Collection <XmlElement> additionalParameters, TrustDriver driver, bool clientSideClaimTypeRequirementsSpecified)
{
Collection <XmlElement> collection = new Collection <XmlElement>();
foreach (XmlElement element in additionalParameters)
{
collection.Add(element);
}
if (driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13)
{
XmlElement item = null;
XmlElement element3 = null;
XmlElement element4 = null;
XmlElement element5 = null;
for (int i = 0; i < collection.Count; i++)
{
string str;
if (driver.IsEncryptionAlgorithmElement(collection[i], out str))
{
item = collection[i];
}
else if (driver.IsCanonicalizationAlgorithmElement(collection[i], out str))
{
element3 = collection[i];
}
else if (driver.IsKeyWrapAlgorithmElement(collection[i], out str))
{
element4 = collection[i];
}
else if (((WSTrustDec2005.DriverDec2005)driver).IsSecondaryParametersElement(collection[i]))
{
element5 = collection[i];
}
}
if (element5 != null)
{
foreach (System.Xml.XmlNode node in element5.ChildNodes)
{
XmlElement element6 = node as XmlElement;
if (element6 != null)
{
string encryptionAlgorithm = null;
if (driver.IsEncryptionAlgorithmElement(element6, out encryptionAlgorithm) && (item != null))
{
collection.Remove(item);
}
else if (driver.IsCanonicalizationAlgorithmElement(element6, out encryptionAlgorithm) && (element3 != null))
{
collection.Remove(element3);
}
else if (driver.IsKeyWrapAlgorithmElement(element6, out encryptionAlgorithm) && (element4 != null))
{
collection.Remove(element4);
}
}
}
}
}
if (((driver.StandardsManager.TrustVersion == TrustVersion.WSTrustFeb2005) && !this.CollectionContainsElementsWithTrustNamespace(additionalParameters, "http://schemas.xmlsoap.org/ws/2005/02/trust")) || ((driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13) && !this.CollectionContainsElementsWithTrustNamespace(additionalParameters, "http://docs.oasis-open.org/ws-sx/ws-trust/200512")))
{
if (driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13)
{
WSTrustFeb2005.DriverFeb2005 feb = (WSTrustFeb2005.DriverFeb2005)SecurityStandardsManager.DefaultInstance.TrustDriver;
for (int j = 0; j < collection.Count; j++)
{
string signatureAlgorithm = string.Empty;
if (feb.IsSignWithElement(collection[j], out signatureAlgorithm))
{
collection[j] = driver.CreateSignWithElement(signatureAlgorithm);
}
else if (feb.IsEncryptWithElement(collection[j], out signatureAlgorithm))
{
collection[j] = driver.CreateEncryptWithElement(signatureAlgorithm);
}
else if (feb.IsEncryptionAlgorithmElement(collection[j], out signatureAlgorithm))
{
collection[j] = driver.CreateEncryptionAlgorithmElement(signatureAlgorithm);
}
else if (feb.IsCanonicalizationAlgorithmElement(collection[j], out signatureAlgorithm))
{
collection[j] = driver.CreateCanonicalizationAlgorithmElement(signatureAlgorithm);
}
}
return(collection);
}
Collection <XmlElement> collection2 = null;
WSSecurityTokenSerializer tokenSerializer = new WSSecurityTokenSerializer(SecurityVersion.WSSecurity11, TrustVersion.WSTrust13, SecureConversationVersion.WSSecureConversation13, true, null, null, null);
SecurityStandardsManager manager2 = new SecurityStandardsManager(MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12, tokenSerializer);
WSTrustDec2005.DriverDec2005 trustDriver = (WSTrustDec2005.DriverDec2005)manager2.TrustDriver;
foreach (XmlElement element7 in collection)
{
if (trustDriver.IsSecondaryParametersElement(element7))
{
collection2 = new Collection <XmlElement>();
foreach (System.Xml.XmlNode node2 in element7.ChildNodes)
{
XmlElement innerElement = node2 as XmlElement;
if ((innerElement != null) && this.CanPromoteToRoot(innerElement, trustDriver, clientSideClaimTypeRequirementsSpecified))
{
collection2.Add(innerElement);
}
}
collection.Remove(element7);
break;
}
}
if ((collection2 != null) && (collection2.Count > 0))
{
XmlElement element9 = null;
string str4 = string.Empty;
XmlElement element10 = null;
string canonicalizationAlgorithm = string.Empty;
XmlElement element11 = null;
Collection <XmlElement> requiredClaims = null;
Collection <XmlElement> collection4 = new Collection <XmlElement>();
foreach (XmlElement element12 in collection2)
{
if ((element9 == null) && trustDriver.IsEncryptionAlgorithmElement(element12, out str4))
{
element9 = driver.CreateEncryptionAlgorithmElement(str4);
collection4.Add(element12);
}
else if ((element10 == null) && trustDriver.IsCanonicalizationAlgorithmElement(element12, out canonicalizationAlgorithm))
{
element10 = driver.CreateCanonicalizationAlgorithmElement(canonicalizationAlgorithm);
collection4.Add(element12);
}
else if ((element11 == null) && trustDriver.TryParseRequiredClaimsElement(element12, out requiredClaims))
{
element11 = driver.CreateRequiredClaimsElement(requiredClaims);
collection4.Add(element12);
}
}
for (int k = 0; k < collection4.Count; k++)
{
collection2.Remove(collection4[k]);
}
XmlElement element13 = null;
for (int m = 0; m < collection.Count; m++)
{
string str6;
if (trustDriver.IsSignWithElement(collection[m], out str6))
{
collection[m] = driver.CreateSignWithElement(str6);
}
else if (trustDriver.IsEncryptWithElement(collection[m], out str6))
{
collection[m] = driver.CreateEncryptWithElement(str6);
}
else if (trustDriver.IsEncryptionAlgorithmElement(collection[m], out str6) && (element9 != null))
{
collection[m] = element9;
element9 = null;
}
else if (trustDriver.IsCanonicalizationAlgorithmElement(collection[m], out str6) && (element10 != null))
{
collection[m] = element10;
element10 = null;
}
else if (trustDriver.IsKeyWrapAlgorithmElement(collection[m], out str6) && (element13 == null))
{
element13 = collection[m];
}
else
{
Collection <XmlElement> collection5;
if (trustDriver.TryParseRequiredClaimsElement(collection[m], out collection5) && (element11 != null))
{
collection[m] = element11;
element11 = null;
}
}
}
if (element13 != null)
{
collection.Remove(element13);
}
if (element9 != null)
{
collection.Add(element9);
}
if (element10 != null)
{
collection.Add(element10);
}
if (element11 != null)
{
collection.Add(element11);
}
if (collection2.Count <= 0)
{
return(collection);
}
for (int n = 0; n < collection2.Count; n++)
{
collection.Add(collection2[n]);
}
}
}
return(collection);
}
private Collection<XmlElement> NormalizeAdditionalParameters(Collection<XmlElement> additionalParameters,
TrustDriver driver,
bool clientSideClaimTypeRequirementsSpecified)
{
// Ensure STS trust version is one of the currently supported versions: Feb 05 / Trust 1.3
Fx.Assert(((driver.StandardsManager.TrustVersion == TrustVersion.WSTrustFeb2005) ||
(driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13)),
"Unsupported trust version specified for the STS.");
// We have a mismatch. Make a local copy of additionalParameters for making any potential modifications
// as part of normalization
Collection<XmlElement> tmpCollection = new Collection<XmlElement>();
foreach (XmlElement e in additionalParameters)
{
tmpCollection.Add(e);
}
// 1. For Trust 1.3 EncryptionAlgorithm, CanonicalizationAlgorithm and KeyWrapAlgorithm should not be
// specified as top-level element if "SecondaryParameters" element already specifies this.
if (driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13)
{
Fx.Assert(driver.GetType() == typeof(WSTrustDec2005.DriverDec2005), "Invalid Trust Driver specified for Trust 1.3.");
XmlElement encryptionAlgorithmElement = null;
XmlElement canonicalizationAlgorithmElement = null;
XmlElement keyWrapAlgorithmElement = null;
XmlElement secondaryParameter = null;
for (int i = 0; i < tmpCollection.Count; ++i)
{
string algorithm;
if (driver.IsEncryptionAlgorithmElement(tmpCollection[i], out algorithm))
{
encryptionAlgorithmElement = tmpCollection[i];
}
else if (driver.IsCanonicalizationAlgorithmElement(tmpCollection[i], out algorithm))
{
canonicalizationAlgorithmElement = tmpCollection[i];
}
else if (driver.IsKeyWrapAlgorithmElement(tmpCollection[i], out algorithm))
{
keyWrapAlgorithmElement = tmpCollection[i];
}
else if (((WSTrustDec2005.DriverDec2005)driver).IsSecondaryParametersElement(tmpCollection[i]))
{
secondaryParameter = tmpCollection[i];
}
}
if (secondaryParameter != null)
{
foreach (XmlNode node in secondaryParameter.ChildNodes)
{
XmlElement child = node as XmlElement;
if (child != null)
{
string algorithm = null;
if (driver.IsEncryptionAlgorithmElement(child, out algorithm) && (encryptionAlgorithmElement != null))
{
tmpCollection.Remove(encryptionAlgorithmElement);
}
else if (driver.IsCanonicalizationAlgorithmElement(child, out algorithm) && (canonicalizationAlgorithmElement != null))
{
tmpCollection.Remove(canonicalizationAlgorithmElement);
}
else if (driver.IsKeyWrapAlgorithmElement(child, out algorithm) && (keyWrapAlgorithmElement != null))
{
tmpCollection.Remove(keyWrapAlgorithmElement);
}
}
}
}
}
// 2. Check for Mismatch.
// a. Trust Feb 2005 -> Trust 1.3. do the following,
// (i) Copy EncryptionAlgorithm and CanonicalizationAlgorithm as the top-level elements.
// Note, this is in contradiction to step 1. But we don't have a choice here as we cannot say from the
// Additional Parameters section in the config what came from the service and what came from the client.
// (ii) Convert SignWith and EncryptWith elements to Trust 1.3 namespace.
// b. For Trust 1.3 -> Trust Feb 2005, do the following,
// (i) Find EncryptionAlgorithm, CanonicalizationAlgorithm from inside the "SecondaryParameters" element.
// If found, then promote these as the top-level elements replacing the existing values.
// (ii) Convert the SignWith and EncryptWith elements to the Trust Feb 2005 namespace and drop the KeyWrapAlgorithm
// element.
// make an optimistic check to detect mismatched trust-versions between STS and RP
bool mismatch = (((driver.StandardsManager.TrustVersion == TrustVersion.WSTrustFeb2005) &&
!CollectionContainsElementsWithTrustNamespace(additionalParameters, TrustFeb2005Strings.Namespace)) ||
((driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13) &&
!CollectionContainsElementsWithTrustNamespace(additionalParameters, TrustDec2005Strings.Namespace)));
// if no mismatch, return unmodified collection
if (!mismatch)
{
return tmpCollection;
}
// 2.a
// If we are talking to a Trust 1.3 STS, replace any Feb '05 algorithm parameters with their Trust 1.3 counterparts
if (driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13)
{
SecurityStandardsManager trustFeb2005StandardsManager = SecurityStandardsManager.DefaultInstance;
// the following cast is guaranteed to succeed
WSTrustFeb2005.DriverFeb2005 trustFeb2005Driver = (WSTrustFeb2005.DriverFeb2005)trustFeb2005StandardsManager.TrustDriver;
for (int i = 0; i < tmpCollection.Count; i++)
{
string algorithmParameter = string.Empty;
if (trustFeb2005Driver.IsSignWithElement(tmpCollection[i], out algorithmParameter))
{
tmpCollection[i] = driver.CreateSignWithElement(algorithmParameter);
}
else if (trustFeb2005Driver.IsEncryptWithElement(tmpCollection[i], out algorithmParameter))
{
tmpCollection[i] = driver.CreateEncryptWithElement(algorithmParameter);
}
else if (trustFeb2005Driver.IsEncryptionAlgorithmElement(tmpCollection[i], out algorithmParameter))
{
tmpCollection[i] = driver.CreateEncryptionAlgorithmElement(algorithmParameter);
}
else if (trustFeb2005Driver.IsCanonicalizationAlgorithmElement(tmpCollection[i], out algorithmParameter))
{
tmpCollection[i] = driver.CreateCanonicalizationAlgorithmElement(algorithmParameter);
}
}
}
else
{
// 2.b
// We are talking to a Feb 05 STS. Filter out any SecondaryParameters element.
Collection<XmlElement> childrenToPromote = null;
WSSecurityTokenSerializer trust13Serializer = new WSSecurityTokenSerializer(SecurityVersion.WSSecurity11,
TrustVersion.WSTrust13,
SecureConversationVersion.WSSecureConversation13,
true, null, null, null);
SecurityStandardsManager trust13StandardsManager = new SecurityStandardsManager(MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12, trust13Serializer);
// the following cast is guaranteed to succeed
WSTrustDec2005.DriverDec2005 trust13Driver = (WSTrustDec2005.DriverDec2005)trust13StandardsManager.TrustDriver;
foreach (XmlElement parameter in tmpCollection)
{
// check if SecondaryParameters is present
if (trust13Driver.IsSecondaryParametersElement(parameter))
{
childrenToPromote = new Collection<XmlElement>();
// walk SecondaryParameters and collect any 'non-standard' children
foreach (XmlNode innerNode in parameter.ChildNodes)
{
XmlElement innerElement = innerNode as XmlElement;
if ((innerElement != null) && CanPromoteToRoot(innerElement, trust13Driver, clientSideClaimTypeRequirementsSpecified))
{
childrenToPromote.Add(innerElement);
}
}
// remove SecondaryParameters element
tmpCollection.Remove(parameter);
// we are done - break out of the loop
break;
}
}
// Probe of standard Trust elements and remember them.
if ((childrenToPromote != null) && (childrenToPromote.Count > 0))
{
XmlElement encryptionElement = null;
string encryptionAlgorithm = String.Empty;
XmlElement canonicalizationElement = null;
string canonicalizationAlgoritm = String.Empty;
XmlElement requiredClaimsElement = null;
Collection<XmlElement> requiredClaims = null;
Collection<XmlElement> processedElements = new Collection<XmlElement>();
foreach (XmlElement e in childrenToPromote)
{
if ((encryptionElement == null) && trust13Driver.IsEncryptionAlgorithmElement(e, out encryptionAlgorithm))
{
encryptionElement = driver.CreateEncryptionAlgorithmElement(encryptionAlgorithm);
processedElements.Add(e);
}
else if ((canonicalizationElement == null) && trust13Driver.IsCanonicalizationAlgorithmElement(e, out canonicalizationAlgoritm))
{
canonicalizationElement = driver.CreateCanonicalizationAlgorithmElement(canonicalizationAlgoritm);
processedElements.Add(e);
}
else if ((requiredClaimsElement == null) && trust13Driver.TryParseRequiredClaimsElement(e, out requiredClaims))
{
requiredClaimsElement = driver.CreateRequiredClaimsElement(requiredClaims);
processedElements.Add(e);
}
}
for (int i = 0; i < processedElements.Count; ++i)
{
childrenToPromote.Remove(processedElements[i]);
}
XmlElement keyWrapAlgorithmElement = null;
// Replace the appropriate elements.
for (int i = 0; i < tmpCollection.Count; ++i)
{
string algorithmParameter;
Collection<XmlElement> reqClaims;
if (trust13Driver.IsSignWithElement(tmpCollection[i], out algorithmParameter))
{
tmpCollection[i] = driver.CreateSignWithElement(algorithmParameter);
}
else if (trust13Driver.IsEncryptWithElement(tmpCollection[i], out algorithmParameter))
{
tmpCollection[i] = driver.CreateEncryptWithElement(algorithmParameter);
}
else if (trust13Driver.IsEncryptionAlgorithmElement(tmpCollection[i], out algorithmParameter) && (encryptionElement != null))
{
tmpCollection[i] = encryptionElement;
encryptionElement = null;
}
else if (trust13Driver.IsCanonicalizationAlgorithmElement(tmpCollection[i], out algorithmParameter) && (canonicalizationElement != null))
{
tmpCollection[i] = canonicalizationElement;
canonicalizationElement = null;
}
else if (trust13Driver.IsKeyWrapAlgorithmElement(tmpCollection[i], out algorithmParameter) && (keyWrapAlgorithmElement == null))
{
keyWrapAlgorithmElement = tmpCollection[i];
}
else if (trust13Driver.TryParseRequiredClaimsElement(tmpCollection[i], out reqClaims) && (requiredClaimsElement != null))
{
tmpCollection[i] = requiredClaimsElement;
requiredClaimsElement = null;
}
}
if (keyWrapAlgorithmElement != null)
{
// Remove KeyWrapAlgorithmElement as this is not define in Trust Feb 2005.
tmpCollection.Remove(keyWrapAlgorithmElement);
}
// Add the remaining elements to the additionaParameters list to the end.
if (encryptionElement != null) tmpCollection.Add(encryptionElement);
if (canonicalizationElement != null) tmpCollection.Add(canonicalizationElement);
if (requiredClaimsElement != null) tmpCollection.Add(requiredClaimsElement);
if (childrenToPromote.Count > 0)
{
// There are some non-standard elements. Just bump them to the top-level element.
for (int i = 0; i < childrenToPromote.Count; ++i)
{
tmpCollection.Add(childrenToPromote[i]);
}
}
}
}
return tmpCollection;
}
bool TryGetTrustDriver(ServiceEndpoint endpoint, out TrustDriver trustDriver)
{
SecurityBindingElement sbe = endpoint.Binding.CreateBindingElements().Find<SecurityBindingElement>();
trustDriver = null;
if (sbe != null)
{
MessageSecurityVersion messageSecurityVersion = sbe.MessageSecurityVersion;
if (messageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005)
{
trustDriver = new WSTrustFeb2005.DriverFeb2005(new SecurityStandardsManager(messageSecurityVersion, WSSecurityTokenSerializer.DefaultInstance));
}
else if (messageSecurityVersion.TrustVersion == TrustVersion.WSTrust13)
{
trustDriver = new WSTrustDec2005.DriverDec2005(new SecurityStandardsManager(messageSecurityVersion, WSSecurityTokenSerializer.DefaultInstance));
}
}
return trustDriver != null;
}
private Collection <XmlElement> NormalizeAdditionalParameters(Collection <XmlElement> additionalParameters, TrustDriver driver, bool clientSideClaimTypeRequirementsSpecified)
{
Collection <XmlElement> collection1 = new Collection <XmlElement>();
foreach (XmlElement additionalParameter in additionalParameters)
{
collection1.Add(additionalParameter);
}
if (driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13)
{
XmlElement xmlElement1 = (XmlElement)null;
XmlElement xmlElement2 = (XmlElement)null;
XmlElement xmlElement3 = (XmlElement)null;
XmlElement xmlElement4 = (XmlElement)null;
for (int index = 0; index < collection1.Count; ++index)
{
string str;
if (driver.IsEncryptionAlgorithmElement(collection1[index], out str))
{
xmlElement1 = collection1[index];
}
else if (driver.IsCanonicalizationAlgorithmElement(collection1[index], out str))
{
xmlElement2 = collection1[index];
}
else if (driver.IsKeyWrapAlgorithmElement(collection1[index], out str))
{
xmlElement3 = collection1[index];
}
else if (((WSTrustDec2005.DriverDec2005)driver).IsSecondaryParametersElement(collection1[index]))
{
xmlElement4 = collection1[index];
}
}
if (xmlElement4 != null)
{
foreach (XmlNode childNode in xmlElement4.ChildNodes)
{
XmlElement element = childNode as XmlElement;
if (element != null)
{
string str = (string)null;
if (driver.IsEncryptionAlgorithmElement(element, out str) && xmlElement1 != null)
{
collection1.Remove(xmlElement1);
}
else if (driver.IsCanonicalizationAlgorithmElement(element, out str) && xmlElement2 != null)
{
collection1.Remove(xmlElement2);
}
else if (driver.IsKeyWrapAlgorithmElement(element, out str) && xmlElement3 != null)
{
collection1.Remove(xmlElement3);
}
}
}
}
}
if ((driver.StandardsManager.TrustVersion != TrustVersion.WSTrustFeb2005 || this.CollectionContainsElementsWithTrustNamespace(additionalParameters, "http://schemas.xmlsoap.org/ws/2005/02/trust")) && (driver.StandardsManager.TrustVersion != TrustVersion.WSTrust13 || this.CollectionContainsElementsWithTrustNamespace(additionalParameters, "http://docs.oasis-open.org/ws-sx/ws-trust/200512")))
{
return(collection1);
}
if (driver.StandardsManager.TrustVersion == TrustVersion.WSTrust13)
{
WSTrustFeb2005.DriverFeb2005 trustDriver = (WSTrustFeb2005.DriverFeb2005)SecurityStandardsManager.DefaultInstance.TrustDriver;
for (int index = 0; index < collection1.Count; ++index)
{
string empty = string.Empty;
if (trustDriver.IsSignWithElement(collection1[index], out empty))
{
collection1[index] = driver.CreateSignWithElement(empty);
}
else if (trustDriver.IsEncryptWithElement(collection1[index], out empty))
{
collection1[index] = driver.CreateEncryptWithElement(empty);
}
else if (trustDriver.IsEncryptionAlgorithmElement(collection1[index], out empty))
{
collection1[index] = driver.CreateEncryptionAlgorithmElement(empty);
}
else if (trustDriver.IsCanonicalizationAlgorithmElement(collection1[index], out empty))
{
collection1[index] = driver.CreateCanonicalizationAlgorithmElement(empty);
}
}
}
else
{
Collection <XmlElement> collection2 = (Collection <XmlElement>)null;
WSTrustDec2005.DriverDec2005 trustDriver = (WSTrustDec2005.DriverDec2005) new SecurityStandardsManager(MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12, (SecurityTokenSerializer) new WSSecurityTokenSerializer(SecurityVersion.WSSecurity11, TrustVersion.WSTrust13, SecureConversationVersion.WSSecureConversation13, true, (SamlSerializer1)null, (SecurityStateEncoder)null, (IEnumerable <System.Type>)null)).TrustDriver;
foreach (XmlElement element in collection1)
{
if (trustDriver.IsSecondaryParametersElement(element))
{
collection2 = new Collection <XmlElement>();
foreach (XmlNode childNode in element.ChildNodes)
{
XmlElement innerElement = childNode as XmlElement;
if (innerElement != null && this.CanPromoteToRoot(innerElement, trustDriver, clientSideClaimTypeRequirementsSpecified))
{
collection2.Add(innerElement);
}
}
collection1.Remove(element);
break;
}
}
if (collection2 != null && collection2.Count > 0)
{
XmlElement xmlElement1 = (XmlElement)null;
string encryptionAlgorithm = string.Empty;
XmlElement xmlElement2 = (XmlElement)null;
string canonicalizationAlgorithm = string.Empty;
XmlElement xmlElement3 = (XmlElement)null;
Collection <XmlElement> requiredClaims1 = (Collection <XmlElement>)null;
Collection <XmlElement> collection3 = new Collection <XmlElement>();
foreach (XmlElement element in collection2)
{
if (xmlElement1 == null && trustDriver.IsEncryptionAlgorithmElement(element, out encryptionAlgorithm))
{
xmlElement1 = driver.CreateEncryptionAlgorithmElement(encryptionAlgorithm);
collection3.Add(element);
}
else if (xmlElement2 == null && trustDriver.IsCanonicalizationAlgorithmElement(element, out canonicalizationAlgorithm))
{
xmlElement2 = driver.CreateCanonicalizationAlgorithmElement(canonicalizationAlgorithm);
collection3.Add(element);
}
else if (xmlElement3 == null && trustDriver.TryParseRequiredClaimsElement(element, out requiredClaims1))
{
xmlElement3 = driver.CreateRequiredClaimsElement((IEnumerable <XmlElement>)requiredClaims1);
collection3.Add(element);
}
}
for (int index = 0; index < collection3.Count; ++index)
{
collection2.Remove(collection3[index]);
}
XmlElement xmlElement4 = (XmlElement)null;
for (int index = 0; index < collection1.Count; ++index)
{
string str;
if (trustDriver.IsSignWithElement(collection1[index], out str))
{
collection1[index] = driver.CreateSignWithElement(str);
}
else if (trustDriver.IsEncryptWithElement(collection1[index], out str))
{
collection1[index] = driver.CreateEncryptWithElement(str);
}
else if (trustDriver.IsEncryptionAlgorithmElement(collection1[index], out str) && xmlElement1 != null)
{
collection1[index] = xmlElement1;
xmlElement1 = (XmlElement)null;
}
else if (trustDriver.IsCanonicalizationAlgorithmElement(collection1[index], out str) && xmlElement2 != null)
{
collection1[index] = xmlElement2;
xmlElement2 = (XmlElement)null;
}
else if (trustDriver.IsKeyWrapAlgorithmElement(collection1[index], out str) && xmlElement4 == null)
{
xmlElement4 = collection1[index];
}
else
{
Collection <XmlElement> requiredClaims2;
if (trustDriver.TryParseRequiredClaimsElement(collection1[index], out requiredClaims2) && xmlElement3 != null)
{
collection1[index] = xmlElement3;
xmlElement3 = (XmlElement)null;
}
}
}
if (xmlElement4 != null)
{
collection1.Remove(xmlElement4);
}
if (xmlElement1 != null)
{
collection1.Add(xmlElement1);
}
if (xmlElement2 != null)
{
collection1.Add(xmlElement2);
}
if (xmlElement3 != null)
{
collection1.Add(xmlElement3);
}
if (collection2.Count > 0)
{
for (int index = 0; index < collection2.Count; ++index)
{
collection1.Add(collection2[index]);
}
}
}
}
return(collection1);
}
