Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / infocard / Service / managed / Microsoft / InfoCards / PolicyValidator.cs / 2 / PolicyValidator.cs
//------------------------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //----------------------------------------------------------------------------- // // Presharp uses the c# pragma mechanism to supress its warnings. // These are not recognised by the base compiler so we need to explictly // disable the following warnings. See http://winweb/cse/Tools/PREsharp/userguide/default.asp // for details. // #pragma warning disable 1634, 1691 // unknown message, unknown pragma namespace Microsoft.InfoCards { using System; using System.Text; using System.Collections.Generic; using System.ServiceModel.Security; using IDT = Microsoft.InfoCards.Diagnostics.InfoCardTrace; // // Summary: // Validates an InfoCardPolicy. // internal class PolicyValidator { InfoCardPolicy m_policy; public PolicyValidator( InfoCardPolicy policy ) { IDT.Assert( null != policy, "PolicyValidator: policy cannot be null." ); m_policy = policy; } public virtual void Validate() { ValidateClaims(); /* SSS_WARNINGS_OFF */ ValidateNonWhiteListElements(); ValidateRequestType(); /* SSS_WARNINGS_ON */ ValidateTokenType(); ValidateKeySize(); ValidatePrivacyVersion(); ValidateKeyTypeSpecified(); ValidateKeyType(); ValidateKeyWrapAlgorithm(); ValidateAppliesTo(); ValidateRecipients(); } protected void ValidateClaims() { string[] requiredClaims = m_policy.RequiredClaims; if( null == requiredClaims || 0 == requiredClaims.Length ) { throw IDT.ThrowHelperError( new PolicyValidationException( SR.GetString( SR.NoClaimsFoundInPolicy ) ) ); } // // Check to ensure the claims are valid self issued URIs. // foreach( string clm in m_policy.RequiredClaims ) { if( !PolicyUtility.IsSelfIssuedClaim( clm ) ) { string error = SR.GetString( SR.ServiceDoesNotSupportThisClaim ); ThrowIfSelfIssued( new UnsupportedPolicyOptionsException( error ) ); } } } /* SSS_WARNINGS_OFF */ protected void ValidateNonWhiteListElements() { if( m_policy.NonWhiteListElementsFound ) { StringBuilder sb = new StringBuilder(); foreach( string s in m_policy.NonWhiteListElements ) { sb.Append( " " ); sb.Append( s ); } string error = SR.GetString( SR.ServiceUnsupportedPolicyElementFound, sb.ToString() ); ThrowIfSelfIssued( new UnsupportedPolicyOptionsException( error ) ); } } /* SSS_WARNINGS_ON */ protected void ValidateRequestType() { // // Check request type. Cardspace v1 only supports '\Issue' as the request type // if( !String.IsNullOrEmpty( m_policy.RequestType ) && m_policy.MergedPolicy.ProtocolVersionProfile.WSTrust.IssueRequestType != m_policy.RequestType ) { throw IDT.ThrowHelperError( new UnsupportedPolicyOptionsException( SR.GetString( SR.OnlyIssueRequestTypeSupported, m_policy.RequestType, m_policy.MergedPolicy.ProtocolVersionProfile.WSTrust.IssueRequestType ) ) ); } } protected void ValidateTokenType() { // // Check token type. Only saml tokens are supported for v1. // if( !String.IsNullOrEmpty( m_policy.OptionalRstParams.TokenType ) && !PolicyUtility.IsSelfIssuedTokenType( m_policy.OptionalRstParams.TokenType ) ) { string error = SR.GetString( SR.ServiceDoesNotSupportThisTokenType ); ThrowIfSelfIssued( new UnsupportedPolicyOptionsException( error ) ); } } protected void ValidateKeySize() { // // Check approved keysize // For asymmetric only the size 2048 is supported - true for both self issued and managed cases // // // if( SecurityKeyTypeInternal.AsymmetricKey == m_policy.KeyType && m_policy.KeySizeSpecified && InfoCard.KeySize != m_policy.KeySize ) { throw IDT.ThrowHelperError( new UnsupportedPolicyOptionsException( SR.GetString( SR.ServiceInvalidAsymmetricKeySize ) ) ); } } protected void ValidatePrivacyVersion() { // // Check privacy version. Privacy version has to be greater than 0. // if( ( 0 == m_policy.PrivacyPolicyVersion && !String.IsNullOrEmpty( m_policy.PrivacyPolicyLink ) ) || ( 0 != m_policy.PrivacyPolicyVersion && String.IsNullOrEmpty( m_policy.PrivacyPolicyLink ) ) ) { throw IDT.ThrowHelperError( new PolicyValidationException( SR.GetString( SR.ServiceInvalidPrivacyNoticeVersion ) ) ); } } protected void ValidateKeyTypeSpecified() { // // No proof key only supported in browser scenario. // FYI e.g. in CustomTokenProvider (self issued for managed) // we do proof-of-possession with a symmetric/asymmetric key, // so the below path holds for that as well. // if( SecurityKeyTypeInternal.NoKey == m_policy.MergedPolicy.KeyType ) { throw IDT.ThrowHelperError( new PolicyValidationException( SR.GetString( SR.NoProofKeyOnlyAllowedInBrowser, XmlNames.WSIdentity.NoProofKeyTypeValue ) ) ); } } protected void ValidateKeyType() { // // Check is the keytype is correct // if( !( m_policy.ImmediateTokenRecipient is X509RecipientIdentity ) && m_policy.KeyTypeSpecified && SecurityKeyTypeInternal.SymmetricKey == m_policy.KeyType ) { string error = SR.GetString( SR.InvalidKeyOption ); ThrowIfSelfIssued( new UnsupportedPolicyOptionsException( error ) ); } } protected void ValidateKeyWrapAlgorithm() { // // If the KeyWrapAlgorithm differs from the default algorithm, then we throw in the case of a self issued card. // if( ( !String.IsNullOrEmpty( m_policy.OptionalRstParams.KeyWrapAlgorithm ) ) && ( m_policy.OptionalRstParams.KeyWrapAlgorithm != SecurityAlgorithmSuite.Default.DefaultAsymmetricKeyWrapAlgorithm ) ) { string error = SR.GetString( SR.ServiceInvalidArguments ); ThrowIfSelfIssued( new UnsupportedPolicyOptionsException( error ) ); } } protected void ValidateRecipients() { m_policy.Recipient.Validate(); m_policy.ImmediateTokenRecipient.Validate(); IDT.DebugAssert( !String.IsNullOrEmpty( m_policy.Recipient.GetIdentifier() ), "Recipid should have been populated here" ); IDT.DebugAssert( !String.IsNullOrEmpty( m_policy.Recipient.GetOrganizationIdentifier() ), "Recipid should have been populated here" ); IDT.DebugAssert(!String.IsNullOrEmpty(m_policy.Recipient.GetOrganizationPPIDIdentifier() ), "Recipid should have been populated here"); } protected void ValidateAppliesTo() { if( null == m_policy.MergedPolicy.PolicyAppliesTo ) { // // Nothing to validate. // return; } // // First we compare scheme, host and port. // if( 0 != Uri.Compare( m_policy.MergedPolicy.PolicyAppliesTo.Uri, m_policy.ImmediateTokenRecipient.Address.Uri, UriComponents.SchemeAndServer, UriFormat.UriEscaped, StringComparison.OrdinalIgnoreCase ) ) { throw IDT.ThrowHelperError( new PolicyValidationException( SR.GetString( SR.InvalidAppliesToInPolicy, SR.GetString( SR.RecipientNotFromSameSecurityDomain ) ) ) ); } string appliesToPath = m_policy.MergedPolicy.PolicyAppliesTo.Uri.GetComponents( UriComponents.Path, UriFormat.UriEscaped ); string recipPath = m_policy.ImmediateTokenRecipient.Address.Uri.GetComponents( UriComponents.Path, UriFormat.UriEscaped ); if( !String.IsNullOrEmpty( appliesToPath ) ) { // // If the recipient has no path, there is no way for it to be scoped to the applies To if it does. // if( String.IsNullOrEmpty( recipPath ) ) { throw IDT.ThrowHelperError( new PolicyValidationException( SR.GetString( SR.InvalidAppliesToInPolicy, SR.GetString( SR.RecipientNotFromSameSecurityDomain ) ) ) ); } appliesToPath = appliesToPath.ToLowerInvariant(); recipPath = recipPath.ToLowerInvariant(); if( !recipPath.StartsWith( appliesToPath, StringComparison.OrdinalIgnoreCase ) ) { throw IDT.ThrowHelperError( new PolicyValidationException( SR.GetString( SR.InvalidAppliesToInPolicy, SR.GetString( SR.RecipientNotFromSameSecurityDomain ) ) ) ); } } } private void ThrowIfSelfIssued( Exception e ) { if( InfoCardPolicy.IsSelfIssuedUriPresent( m_policy.Issuer ) ) { throw IDT.ThrowHelperError( e ); } } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- ComAdminWrapper.cs
- InkCanvasSelectionAdorner.cs
- GlyphElement.cs
- SchemaTableColumn.cs
- KeyedHashAlgorithm.cs
- TypeBrowser.xaml.cs
- COM2FontConverter.cs
- SecurityPolicySection.cs
- ClientTargetSection.cs
- WorkflowLayouts.cs
- SimplePropertyEntry.cs
- TableRowGroup.cs
- CardSpaceSelector.cs
- OdbcUtils.cs
- NavigateEvent.cs
- PathGradientBrush.cs
- QueryContinueDragEventArgs.cs
- XsltConvert.cs
- SqlFormatter.cs
- CodeAttributeDeclaration.cs
- NextPreviousPagerField.cs
- datacache.cs
- XmlReader.cs
- Object.cs
- TableItemPattern.cs
- XmlBindingWorker.cs
- OdbcRowUpdatingEvent.cs
- MetadataSource.cs
- GenerateHelper.cs
- HtmlWindow.cs
- OutOfProcStateClientManager.cs
- ReadOnlyActivityGlyph.cs
- CharEntityEncoderFallback.cs
- XPathExpr.cs
- HijriCalendar.cs
- SortQuery.cs
- DPAPIProtectedConfigurationProvider.cs
- GenericUriParser.cs
- SqlDataSourceCache.cs
- HashLookup.cs
- SliderAutomationPeer.cs
- XamlToRtfWriter.cs
- SqlLiftIndependentRowExpressions.cs
- ImageListImageEditor.cs
- ViewStateException.cs
- WebBrowserContainer.cs
- XmlElement.cs
- BinaryCommonClasses.cs
- EastAsianLunisolarCalendar.cs
- SmiMetaDataProperty.cs
- SecUtil.cs
- WebControlAdapter.cs
- GlyphElement.cs
- LineGeometry.cs
- JoinTreeNode.cs
- HttpListenerPrefixCollection.cs
- MetadataException.cs
- WebPartCatalogCloseVerb.cs
- FormatterServices.cs
- PeerResolver.cs
- Executor.cs
- ImageSourceConverter.cs
- OverflowException.cs
- XamlWriter.cs
- OrderingQueryOperator.cs
- CaseInsensitiveComparer.cs
- TabItemAutomationPeer.cs
- HtmlWindow.cs
- BinaryConverter.cs
- FormViewModeEventArgs.cs
- TemplateParser.cs
- AddInToken.cs
- SafeProcessHandle.cs
- CodeTypeDelegate.cs
- IDispatchConstantAttribute.cs
- MembershipValidatePasswordEventArgs.cs
- EnumerationRangeValidationUtil.cs
- SelectedGridItemChangedEvent.cs
- DataGridViewImageCell.cs
- VoiceObjectToken.cs
- Marshal.cs
- BindingFormattingDialog.cs
- COMException.cs
- MenuCommand.cs
- StyleHelper.cs
- UnsafeNativeMethods.cs
- WaitHandle.cs
- OracleColumn.cs
- XPathExpr.cs
- AncillaryOps.cs
- ItemContainerProviderWrapper.cs
- SystemIcmpV4Statistics.cs
- CachedPathData.cs
- PerformanceCounterLib.cs
- OptimizedTemplateContent.cs
- SqlUserDefinedAggregateAttribute.cs
- QilPatternFactory.cs
- TextServicesDisplayAttribute.cs
- WizardSideBarListControlItemEventArgs.cs
- CodeMemberField.cs