private void ImportProtectionAssertions(ICollection <XmlElement> assertions, out MessagePartSpecification signedParts, out MessagePartSpecification encryptedParts) { XmlElement assertion; signedParts = null; encryptedParts = null; WSSecurityPolicy securityPolicy; if (WSSecurityPolicy.TryGetSecurityPolicyDriver(assertions, out securityPolicy)) { if (!securityPolicy.TryImportWsspEncryptedPartsAssertion(assertions, out encryptedParts, out assertion) && assertion != null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(string.Format(SRServiceModel.UnsupportedSecurityPolicyAssertion, assertion.OuterXml))); } if (!securityPolicy.TryImportWsspSignedPartsAssertion(assertions, out signedParts, out assertion) && assertion != null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(string.Format(SRServiceModel.UnsupportedSecurityPolicyAssertion, assertion.OuterXml))); } } if (encryptedParts == null) { encryptedParts = MessagePartSpecification.NoParts; } if (signedParts == null) { signedParts = MessagePartSpecification.NoParts; } }
private bool TryImportTransportSecurityBindingElement(MetadataImporter importer, PolicyConversionContext policyContext, out SecurityBindingElement sbe) { TransportSecurityBindingElement binding = null; WSSecurityPolicy policy; sbe = null; if (WSSecurityPolicy.TryGetSecurityPolicyDriver(policyContext.GetBindingAssertions(), out policy)) { XmlElement element2; if (policy.TryImportWsspTransportBindingAssertion(importer, policyContext.GetBindingAssertions(), out binding, out element2)) { this.ImportEndpointScopeMessageBindingAssertions(importer, policyContext, binding); this.ImportOperationScopeSupportingTokensPolicy(importer, policyContext, binding); if (importer.State.ContainsKey("InSecureConversationBootstrapBindingImportMode")) { this.ImportMessageScopeProtectionPolicy(importer, policyContext); } if (HasSupportingTokens(binding) || binding.IncludeTimestamp) { sbe = binding; policyContext.BindingElements.Add(binding); } } else if (element2 != null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("UnsupportedSecurityPolicyAssertion", new object[] { element2.OuterXml }))); } } return(binding != null); }
private void ImportEndpointScopeMessageBindingAssertions(MetadataImporter importer, PolicyConversionContext policyContext, SecurityBindingElement binding) { XmlElement assertion = null; this.ImportSupportingTokenAssertions(importer, policyContext, policyContext.GetBindingAssertions(), binding.EndpointSupportingTokenParameters, binding.OptionalEndpointSupportingTokenParameters); WSSecurityPolicy securityPolicy; if (WSSecurityPolicy.TryGetSecurityPolicyDriver(policyContext.GetBindingAssertions(), out securityPolicy)) { if (!securityPolicy.TryImportWsspWssAssertion(importer, policyContext.GetBindingAssertions(), binding, out assertion) && assertion != null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(string.Format(SRServiceModel.UnsupportedSecurityPolicyAssertion, assertion.OuterXml))); } if (!securityPolicy.TryImportWsspTrustAssertion(importer, policyContext.GetBindingAssertions(), binding, out assertion) && assertion != null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(string.Format(SRServiceModel.UnsupportedSecurityPolicyAssertion, assertion.OuterXml))); } } // // We don't have WSTrust assertion => it is possible we are a BasicHttpBinding // Set the flag here so that later when we tried to compare binding element with basic http binding // we can have an exact match. // if (assertion == null) { binding.DoNotEmitTrust = true; } }
private void ImportProtectionAssertions(ICollection <XmlElement> assertions, out MessagePartSpecification signedParts, out MessagePartSpecification encryptedParts) { WSSecurityPolicy policy; signedParts = null; encryptedParts = null; if (WSSecurityPolicy.TryGetSecurityPolicyDriver(assertions, out policy)) { XmlElement element; if (!policy.TryImportWsspEncryptedPartsAssertion(assertions, out encryptedParts, out element) && (element != null)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("UnsupportedSecurityPolicyAssertion", new object[] { element.OuterXml }))); } if (!policy.TryImportWsspSignedPartsAssertion(assertions, out signedParts, out element) && (element != null)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("UnsupportedSecurityPolicyAssertion", new object[] { element.OuterXml }))); } } if (encryptedParts == null) { encryptedParts = MessagePartSpecification.NoParts; } if (signedParts == null) { signedParts = MessagePartSpecification.NoParts; } }
private void ImportSupportingTokenAssertions(MetadataImporter importer, PolicyConversionContext policyContext, ICollection <XmlElement> assertions, SupportingTokenParameters requirements, SupportingTokenParameters optionalRequirements) { WSSecurityPolicy policy; if (WSSecurityPolicy.TryGetSecurityPolicyDriver(assertions, out policy)) { policy.TryImportWsspSupportingTokensAssertion(importer, policyContext, assertions, requirements.Signed, requirements.SignedEncrypted, requirements.Endorsing, requirements.SignedEndorsing, optionalRequirements.Signed, optionalRequirements.SignedEncrypted, optionalRequirements.Endorsing, optionalRequirements.SignedEndorsing); } }
internal override void OnImportPolicy(MetadataImporter importer, PolicyConversionContext policyContext) { base.OnImportPolicy(importer, policyContext); WSSecurityPolicy securityPolicy = null; if (WSSecurityPolicy.TryGetSecurityPolicyDriver(policyContext.GetBindingAssertions(), out securityPolicy)) { securityPolicy.TryImportWsspHttpsTokenAssertion(importer, policyContext.GetBindingAssertions(), this); } }
void IPolicyImportExtension.ImportPolicy(MetadataImporter importer, PolicyConversionContext policyContext) { if (importer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("importer"); } if (policyContext == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("policyContext"); } WSSecurityPolicy securityPolicy; if (WSSecurityPolicy.TryGetSecurityPolicyDriver(policyContext.GetBindingAssertions(), out securityPolicy)) { if ((importer.State != null) && (!importer.State.ContainsKey(MaxPolicyRedirectionsKey))) { importer.State.Add(MaxPolicyRedirectionsKey, this.MaxPolicyRedirections); } SecurityBindingElement sbe = null; bool success = this.TryImportSymmetricSecurityBindingElement(importer, policyContext, out sbe); if (!success) { success = this.TryImportAsymmetricSecurityBindingElement(importer, policyContext, out sbe); } if (!success) { success = this.TryImportTransportSecurityBindingElement(importer, policyContext, out sbe, false); } else { // We already have found and imported the message security binding element above. Hence this could be the dual mode security. // Now let us see if there is HttpsTransportBinding assertion also below it .This is to avoid the // warning messages while importing wsdl representing the message security over Https transport security scenario. See Bug:136416. SecurityBindingElement tbe = null; this.TryImportTransportSecurityBindingElement(importer, policyContext, out tbe, true); } if (sbe != null) { SecurityElement config = new SecurityElement(); config.InitializeFrom(sbe, false); if (config.HasImportFailed) { #pragma warning suppress 56506 importer.Errors.Add(new MetadataConversionError(SR.GetString(SR.SecurityBindingElementCannotBeExpressedInConfig), true)); } } } }
private static HttpTransportBindingElement GetHttpTransportBindingElement(PolicyConversionContext policyContext) { if (policyContext != null) { WSSecurityPolicy sp = null; PolicyAssertionCollection policyCollection = policyContext.GetBindingAssertions(); if (WSSecurityPolicy.TryGetSecurityPolicyDriver(policyCollection, out sp) && sp.ContainsWsspHttpsTokenAssertion(policyCollection)) { HttpsTransportBindingElement httpsBinding = new HttpsTransportBindingElement(); httpsBinding.MessageSecurityVersion = sp.GetSupportedMessageSecurityVersion(SecurityVersion.WSSecurity11); return(httpsBinding); } } return(new HttpTransportBindingElement()); }
private static TransportBindingElement CreateTransportBindingElements(string transportUri, PolicyConversionContext policyContext) { TransportBindingElement element = null; string str = transportUri; if (str != null) { if (!(str == "http://schemas.xmlsoap.org/soap/http")) { if (str == "http://schemas.microsoft.com/soap/tcp") { return(new TcpTransportBindingElement()); } if (str == "http://schemas.microsoft.com/soap/named-pipe") { return(new NamedPipeTransportBindingElement()); } if (str == "http://schemas.microsoft.com/soap/msmq") { return(new MsmqTransportBindingElement()); } if (str != "http://schemas.microsoft.com/soap/peer") { return(element); } return(new PeerTransportBindingElement()); } if (policyContext != null) { WSSecurityPolicy securityPolicy = null; ICollection <XmlElement> bindingAssertions = policyContext.GetBindingAssertions(); if (WSSecurityPolicy.TryGetSecurityPolicyDriver(bindingAssertions, out securityPolicy) && securityPolicy.ContainsWsspHttpsTokenAssertion(bindingAssertions)) { HttpsTransportBindingElement element2 = new HttpsTransportBindingElement { MessageSecurityVersion = securityPolicy.GetSupportedMessageSecurityVersion(SecurityVersion.WSSecurity11) }; element = element2; } } if (element == null) { element = new HttpTransportBindingElement(); } } return(element); }
// isDualSecurityModeOnly is true if the binding has both message security and https security enabled. private bool TryImportTransportSecurityBindingElement(MetadataImporter importer, PolicyConversionContext policyContext, out SecurityBindingElement sbe, bool isDualSecurityModeOnly) { TransportSecurityBindingElement binding = null; XmlElement assertion; sbe = null; WSSecurityPolicy securityPolicy; if (WSSecurityPolicy.TryGetSecurityPolicyDriver(policyContext.GetBindingAssertions(), out securityPolicy)) { if (securityPolicy.TryImportWsspTransportBindingAssertion(importer, policyContext.GetBindingAssertions(), out binding, out assertion)) { this.ImportEndpointScopeMessageBindingAssertions(importer, policyContext, binding); // If it is not DualSecurityMode then it is Mixed mode. So we need to look for supporting tokens in the binding. if (!isDualSecurityModeOnly) { this.ImportOperationScopeSupportingTokensPolicy(importer, policyContext, binding); if (importer.State.ContainsKey(InSecureConversationBootstrapBindingImportMode)) { this.ImportMessageScopeProtectionPolicy(importer, policyContext); } if (HasSupportingTokens(binding) || binding.IncludeTimestamp) { sbe = binding; policyContext.BindingElements.Add(binding); } } } else if (assertion != null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(string.Format(SRServiceModel.UnsupportedSecurityPolicyAssertion, assertion.OuterXml))); } } return(binding != null); }
private void ImportEndpointScopeMessageBindingAssertions(MetadataImporter importer, PolicyConversionContext policyContext, SecurityBindingElement binding) { XmlElement assertion = null; WSSecurityPolicy policy; this.ImportSupportingTokenAssertions(importer, policyContext, policyContext.GetBindingAssertions(), binding.EndpointSupportingTokenParameters, binding.OptionalEndpointSupportingTokenParameters); if (WSSecurityPolicy.TryGetSecurityPolicyDriver(policyContext.GetBindingAssertions(), out policy)) { if (!policy.TryImportWsspWssAssertion(importer, policyContext.GetBindingAssertions(), binding, out assertion) && (assertion != null)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("UnsupportedSecurityPolicyAssertion", new object[] { assertion.OuterXml }))); } if (!policy.TryImportWsspTrustAssertion(importer, policyContext.GetBindingAssertions(), binding, out assertion) && (assertion != null)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("UnsupportedSecurityPolicyAssertion", new object[] { assertion.OuterXml }))); } } if (assertion == null) { binding.DoNotEmitTrust = true; } }
void IPolicyImportExtension.ImportPolicy(MetadataImporter importer, PolicyConversionContext policyContext) { WSSecurityPolicy policy; if (importer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("importer"); } if (policyContext == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("policyContext"); } if (WSSecurityPolicy.TryGetSecurityPolicyDriver(policyContext.GetBindingAssertions(), out policy)) { if ((importer.State != null) && !importer.State.ContainsKey("MaxPolicyRedirections")) { importer.State.Add("MaxPolicyRedirections", this.MaxPolicyRedirections); } SecurityBindingElement sbe = null; bool flag = this.TryImportSymmetricSecurityBindingElement(importer, policyContext, out sbe); if (!flag) { flag = this.TryImportTransportSecurityBindingElement(importer, policyContext, out sbe); } if (!flag) { this.TryImportAsymmetricSecurityBindingElement(importer, policyContext, out sbe); } if (sbe != null) { SecurityElement element2 = new SecurityElement(); element2.InitializeFrom(sbe, false); if (element2.HasImportFailed) { importer.Errors.Add(new MetadataConversionError(System.ServiceModel.SR.GetString("SecurityBindingElementCannotBeExpressedInConfig"), true)); } } } }
private bool TryImportSymmetricSecurityBindingElement(MetadataImporter importer, PolicyConversionContext policyContext, out SecurityBindingElement sbe) { SymmetricSecurityBindingElement binding = null; WSSecurityPolicy policy; if (WSSecurityPolicy.TryGetSecurityPolicyDriver(policyContext.GetBindingAssertions(), out policy)) { XmlElement element2; if (policy.TryImportWsspSymmetricBindingAssertion(importer, policyContext, policyContext.GetBindingAssertions(), out binding, out element2)) { this.ImportEndpointScopeMessageBindingAssertions(importer, policyContext, binding); this.ImportOperationScopeSupportingTokensPolicy(importer, policyContext, binding); this.ImportMessageScopeProtectionPolicy(importer, policyContext); policyContext.BindingElements.Add(binding); } else if (element2 != null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("UnsupportedSecurityPolicyAssertion", new object[] { element2.OuterXml }))); } } sbe = binding; return(binding != null); }
private bool TryImportAsymmetricSecurityBindingElement(MetadataImporter importer, PolicyConversionContext policyContext, out SecurityBindingElement sbe) { AsymmetricSecurityBindingElement binding = null; XmlElement assertion; WSSecurityPolicy securityPolicy; if (WSSecurityPolicy.TryGetSecurityPolicyDriver(policyContext.GetBindingAssertions(), out securityPolicy)) { if (securityPolicy.TryImportWsspAsymmetricBindingAssertion(importer, policyContext, policyContext.GetBindingAssertions(), out binding, out assertion)) { this.ImportEndpointScopeMessageBindingAssertions(importer, policyContext, binding); this.ImportOperationScopeSupportingTokensPolicy(importer, policyContext, binding); this.ImportMessageScopeProtectionPolicy(importer, policyContext); policyContext.BindingElements.Add(binding); } else if (assertion != null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(string.Format(SRServiceModel.UnsupportedSecurityPolicyAssertion, assertion.OuterXml))); } } sbe = binding; return(binding != null); }