| 
									
										
										
										
											2016-08-03 10:59:49 +00:00
										 |  |  | //----------------------------------------------------------------------------- | 
					
						
							|  |  |  | // Copyright (c) Microsoft Corporation.  All rights reserved. | 
					
						
							|  |  |  | //----------------------------------------------------------------------------- | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | using System.ServiceModel.Diagnostics; | 
					
						
							|  |  |  | using System.ServiceModel.Dispatcher; | 
					
						
							|  |  |  | using System.ServiceModel.Description; | 
					
						
							|  |  |  | using System.ServiceModel.Security; | 
					
						
							|  |  |  | using System.ServiceModel.Configuration; | 
					
						
							|  |  |  | using System.Collections.ObjectModel; | 
					
						
							|  |  |  | using System.Net.Security; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | namespace System.ServiceModel.Channels | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  |     using System.Xml; | 
					
						
							|  |  |  |     using System.ServiceModel.Security.Tokens; | 
					
						
							|  |  |  |     using System.ServiceModel.Security; | 
					
						
							|  |  |  |     using System.ServiceModel; | 
					
						
							|  |  |  |     using System.IO; | 
					
						
							|  |  |  |     using System.Collections.ObjectModel; | 
					
						
							|  |  |  |     using System.Collections.Generic; | 
					
						
							|  |  |  |     using System.Runtime.InteropServices; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public class SecurityBindingElementImporter : IPolicyImportExtension | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         internal const string MaxPolicyRedirectionsKey = "MaxPolicyRedirections"; | 
					
						
							|  |  |  |         internal const string SecureConversationBootstrapEncryptionRequirements = "SecureConversationBootstrapEncryptionRequirements"; | 
					
						
							|  |  |  |         internal const string SecureConversationBootstrapSignatureRequirements = "SecureConversationBootstrapSignatureRequirements"; | 
					
						
							|  |  |  |         internal const string InSecureConversationBootstrapBindingImportMode = "InSecureConversationBootstrapBindingImportMode"; | 
					
						
							|  |  |  |         internal const string ContractProtectionLevelKey = "ContractProtectionLevelKey"; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         int maxPolicyRedirections; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         public SecurityBindingElementImporter() | 
					
						
							|  |  |  |         { | 
					
						
							|  |  |  |             this.maxPolicyRedirections = 10; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         public int MaxPolicyRedirections | 
					
						
							|  |  |  |         { | 
					
						
							|  |  |  |             get | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 return this.maxPolicyRedirections; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         void ImportOperationScopeSupportingTokensPolicy(MetadataImporter importer, PolicyConversionContext policyContext, SecurityBindingElement binding) | 
					
						
							|  |  |  |         { | 
					
						
							|  |  |  |             foreach (OperationDescription operation in policyContext.Contract.Operations) | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 string requestAction = null; | 
					
						
							|  |  |  |                 foreach (MessageDescription message in operation.Messages) | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     if (message.Direction == MessageDirection.Input) | 
					
						
							|  |  |  |                     { | 
					
						
							|  |  |  |                         requestAction = message.Action; | 
					
						
							|  |  |  |                         break; | 
					
						
							|  |  |  |                     } | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 SupportingTokenParameters requirements = new SupportingTokenParameters(); | 
					
						
							|  |  |  |                 SupportingTokenParameters optionalRequirements = new SupportingTokenParameters(); | 
					
						
							|  |  |  |                 ICollection<XmlElement> operationBindingAssertions = policyContext.GetOperationBindingAssertions(operation); | 
					
						
							|  |  |  |                 this.ImportSupportingTokenAssertions(importer, policyContext, operationBindingAssertions, requirements, optionalRequirements); | 
					
						
							|  |  |  |                 if (requirements.Endorsing.Count > 0 | 
					
						
							|  |  |  |                     || requirements.Signed.Count > 0 | 
					
						
							|  |  |  |                     || requirements.SignedEncrypted.Count > 0 | 
					
						
							|  |  |  |                     || requirements.SignedEndorsing.Count > 0) | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     if (requestAction != null) | 
					
						
							|  |  |  |                     { | 
					
						
							|  |  |  |                         binding.OperationSupportingTokenParameters[requestAction] = requirements; | 
					
						
							|  |  |  |                     } | 
					
						
							|  |  |  |                     else | 
					
						
							|  |  |  |                     { | 
					
						
							|  |  |  |                         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.CannotImportSupportingTokensForOperationWithoutRequestAction))); | 
					
						
							|  |  |  |                     } | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |                 if (optionalRequirements.Endorsing.Count > 0 | 
					
						
							|  |  |  |                     || optionalRequirements.Signed.Count > 0 | 
					
						
							|  |  |  |                     || optionalRequirements.SignedEncrypted.Count > 0 | 
					
						
							|  |  |  |                     || optionalRequirements.SignedEndorsing.Count > 0) | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     if (requestAction != null) | 
					
						
							|  |  |  |                     { | 
					
						
							|  |  |  |                         binding.OptionalOperationSupportingTokenParameters[requestAction] = optionalRequirements; | 
					
						
							|  |  |  |                     } | 
					
						
							|  |  |  |                     else | 
					
						
							|  |  |  |                     { | 
					
						
							|  |  |  |                         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.CannotImportSupportingTokensForOperationWithoutRequestAction))); | 
					
						
							|  |  |  |                     } | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         void ImportProtectionAssertions(ICollection<XmlElement> assertions, out MessagePartSpecification signedParts, out MessagePartSpecification encryptedParts) | 
					
						
							|  |  |  |         { | 
					
						
							|  |  |  |             XmlElement assertion; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             signedParts = null; | 
					
						
							|  |  |  |             encryptedParts = null; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             WSSecurityPolicy securityPolicy; | 
					
						
							|  |  |  |             if (WSSecurityPolicy.TryGetSecurityPolicyDriver(assertions, out securityPolicy)) | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 if (!securityPolicy.TryImportWsspEncryptedPartsAssertion(assertions, out encryptedParts, out assertion) | 
					
						
							|  |  |  |                     && assertion != null) | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.UnsupportedSecurityPolicyAssertion, assertion.OuterXml))); | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 if (!securityPolicy.TryImportWsspSignedPartsAssertion(assertions, out signedParts, out assertion) | 
					
						
							|  |  |  |                     && assertion != null) | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.UnsupportedSecurityPolicyAssertion, assertion.OuterXml))); | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             if (encryptedParts == null) | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 encryptedParts = MessagePartSpecification.NoParts; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |             if (signedParts == null) | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 signedParts = MessagePartSpecification.NoParts; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         void ValidateExistingOrSetNewProtectionLevel(MessagePartDescription part, MessageDescription message, OperationDescription operation, ContractDescription contract, ProtectionLevel newProtectionLevel) | 
					
						
							|  |  |  |         { | 
					
						
							|  |  |  |             ProtectionLevel existingProtectionLevel; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             if (part != null && part.HasProtectionLevel) | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 existingProtectionLevel = part.ProtectionLevel; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |             else if (message.HasProtectionLevel) | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 existingProtectionLevel = message.ProtectionLevel; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |             else if (operation.HasProtectionLevel) | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 existingProtectionLevel = operation.ProtectionLevel; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |             else | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 if (part != null) | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     part.ProtectionLevel = newProtectionLevel; | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |                 else | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     message.ProtectionLevel = newProtectionLevel; | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |                 existingProtectionLevel = newProtectionLevel; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             if (existingProtectionLevel != newProtectionLevel) | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 if (part != null && !part.HasProtectionLevel) | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     part.ProtectionLevel = newProtectionLevel; | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |                 else if (part == null && !message.HasProtectionLevel) | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     message.ProtectionLevel = newProtectionLevel; | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |                 else | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentException(SR.GetString(SR.CannotImportProtectionLevelForContract, contract.Name, contract.Namespace))); | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         void AddParts(ref MessagePartSpecification parts1, MessagePartSpecification parts2) | 
					
						
							|  |  |  |         { | 
					
						
							|  |  |  |             if (parts1 == null) | 
					
						
							|  |  |  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("parts1")); | 
					
						
							|  |  |  |             if (parts2 == null) | 
					
						
							|  |  |  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("parts2")); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             if (!parts2.IsEmpty()) | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 if (parts1.IsReadOnly) | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     MessagePartSpecification p = new MessagePartSpecification(); | 
					
						
							|  |  |  |                     p.Union(parts1); | 
					
						
							|  |  |  |                     p.Union(parts2); | 
					
						
							|  |  |  |                     parts1 = p; | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |                 else | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     parts1.Union(parts2); | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         class ContractProtectionLevel | 
					
						
							|  |  |  |         { | 
					
						
							|  |  |  |             bool hasProtectionRequirements; | 
					
						
							|  |  |  |             bool hasUniformProtectionLevel; | 
					
						
							|  |  |  |             ProtectionLevel uniformProtectionLevel; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             public ContractProtectionLevel(bool hasProtectionRequirements, bool hasUniformProtectionLevel, ProtectionLevel uniformProtectionLevel) | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 this.hasProtectionRequirements = hasProtectionRequirements; | 
					
						
							|  |  |  |                 this.hasUniformProtectionLevel = hasUniformProtectionLevel; | 
					
						
							|  |  |  |                 this.uniformProtectionLevel = uniformProtectionLevel; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             public bool HasProtectionRequirements { get { return this.hasProtectionRequirements; } } | 
					
						
							|  |  |  |             public bool HasUniformProtectionLevel { get { return this.hasUniformProtectionLevel; } } | 
					
						
							|  |  |  |             public ProtectionLevel UniformProtectionLevel { get { return this.uniformProtectionLevel; } } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         void ImportMessageScopeProtectionPolicy(MetadataImporter importer, PolicyConversionContext policyContext) | 
					
						
							|  |  |  |         { | 
					
						
							|  |  |  |             MessagePartSpecification endpointSignedParts; | 
					
						
							|  |  |  |             MessagePartSpecification endpointEncryptedParts; | 
					
						
							|  |  |  |             bool isContractAssociatedWithAtLeastOneOtherBinding; | 
					
						
							|  |  |  |             ContractProtectionLevel otherBindingProtectionLevel = null; | 
					
						
							|  |  |  |             bool hasContractProtectionLevel = false; | 
					
						
							|  |  |  |             bool isContractProtectionLevelUniform = true; | 
					
						
							|  |  |  |             ProtectionLevel contractProtectionLevel = ProtectionLevel.None; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             string contractAssociationName = String.Format("{0}:{1}:{2}", ContractProtectionLevelKey, policyContext.Contract.Name, policyContext.Contract.Namespace); | 
					
						
							|  |  |  |             if (importer.State.ContainsKey(contractAssociationName)) | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 isContractAssociatedWithAtLeastOneOtherBinding = true; | 
					
						
							|  |  |  |                 otherBindingProtectionLevel = (ContractProtectionLevel)importer.State[contractAssociationName]; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |             else | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 isContractAssociatedWithAtLeastOneOtherBinding = false; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             ICollection<XmlElement> endpointBindingAssertions = policyContext.GetBindingAssertions(); | 
					
						
							|  |  |  |             this.ImportProtectionAssertions(endpointBindingAssertions, out endpointSignedParts, out endpointEncryptedParts); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             if (importer.State.ContainsKey(InSecureConversationBootstrapBindingImportMode)) | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 // when importing secure conversation boostrap binding, add the endpoint scope protection requirements | 
					
						
							|  |  |  |                 // to the importer state to be consumed in SecurityPolicy11.TryImportWsspBootrstapPolicyAssertion | 
					
						
							|  |  |  |                 if (endpointEncryptedParts != null) | 
					
						
							|  |  |  |                     importer.State[SecureConversationBootstrapEncryptionRequirements] = endpointEncryptedParts; | 
					
						
							|  |  |  |                 if (endpointSignedParts != null) | 
					
						
							|  |  |  |                     importer.State[SecureConversationBootstrapSignatureRequirements] = endpointSignedParts; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             foreach (OperationDescription operation in policyContext.Contract.Operations) | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 MessagePartSpecification operationSignedParts; | 
					
						
							|  |  |  |                 MessagePartSpecification operationEncryptedParts; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 ICollection<XmlElement> operationBindingAssertions = policyContext.GetOperationBindingAssertions(operation); | 
					
						
							|  |  |  |                 this.ImportProtectionAssertions(operationBindingAssertions, out operationSignedParts, out operationEncryptedParts); | 
					
						
							|  |  |  |                 this.AddParts(ref operationSignedParts, endpointSignedParts); | 
					
						
							|  |  |  |                 this.AddParts(ref operationEncryptedParts, endpointEncryptedParts); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 MessagePartSpecification messageSignedParts; | 
					
						
							|  |  |  |                 MessagePartSpecification messageEncryptedParts; | 
					
						
							|  |  |  |                 bool hasProtectionLevel = false; | 
					
						
							|  |  |  |                 bool isProtectionLevelUniform = true; | 
					
						
							|  |  |  |                 ProtectionLevel protectionLevel = ProtectionLevel.None; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 // import application message protection requirements | 
					
						
							|  |  |  |                 foreach (MessageDescription message in operation.Messages) | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     ICollection<XmlElement> messageBindingAssertions = policyContext.GetMessageBindingAssertions(message); | 
					
						
							|  |  |  |                     this.ImportProtectionAssertions(messageBindingAssertions, out messageSignedParts, out messageEncryptedParts); | 
					
						
							|  |  |  |                     this.AddParts(ref messageSignedParts, operationSignedParts); | 
					
						
							|  |  |  |                     this.AddParts(ref messageEncryptedParts, operationEncryptedParts); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                     // validate or set body protection level | 
					
						
							|  |  |  |                     ProtectionLevel newProtectionLevel = GetProtectionLevel(messageSignedParts.IsBodyIncluded, messageEncryptedParts.IsBodyIncluded, message.Action); | 
					
						
							|  |  |  |                     if (OperationFormatter.IsValidReturnValue(message.Body.ReturnValue)) | 
					
						
							|  |  |  |                     { | 
					
						
							|  |  |  |                         ValidateExistingOrSetNewProtectionLevel(message.Body.ReturnValue, message, operation, policyContext.Contract, newProtectionLevel); | 
					
						
							|  |  |  |                     } | 
					
						
							|  |  |  |                     foreach (MessagePartDescription body in message.Body.Parts) | 
					
						
							|  |  |  |                     { | 
					
						
							|  |  |  |                         ValidateExistingOrSetNewProtectionLevel(body, message, operation, policyContext.Contract, newProtectionLevel); | 
					
						
							|  |  |  |                     } | 
					
						
							|  |  |  |                     if (!OperationFormatter.IsValidReturnValue(message.Body.ReturnValue) || message.Body.Parts.Count == 0) | 
					
						
							|  |  |  |                     { | 
					
						
							|  |  |  |                         ValidateExistingOrSetNewProtectionLevel(null, message, operation, policyContext.Contract, newProtectionLevel); | 
					
						
							|  |  |  |                     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                     if (hasProtectionLevel) | 
					
						
							|  |  |  |                     { | 
					
						
							|  |  |  |                         if (protectionLevel != newProtectionLevel) | 
					
						
							|  |  |  |                         { | 
					
						
							|  |  |  |                             isProtectionLevelUniform = false; | 
					
						
							|  |  |  |                         } | 
					
						
							|  |  |  |                     } | 
					
						
							|  |  |  |                     else | 
					
						
							|  |  |  |                     { | 
					
						
							|  |  |  |                         protectionLevel = newProtectionLevel; | 
					
						
							|  |  |  |                         hasProtectionLevel = true; | 
					
						
							|  |  |  |                     } | 
					
						
							|  |  |  |                     if (hasContractProtectionLevel) | 
					
						
							|  |  |  |                     { | 
					
						
							|  |  |  |                         if (contractProtectionLevel != newProtectionLevel) | 
					
						
							|  |  |  |                         { | 
					
						
							|  |  |  |                             isContractProtectionLevelUniform = false; | 
					
						
							|  |  |  |                         } | 
					
						
							|  |  |  |                     } | 
					
						
							|  |  |  |                     else | 
					
						
							|  |  |  |                     { | 
					
						
							|  |  |  |                         contractProtectionLevel = newProtectionLevel; | 
					
						
							|  |  |  |                         hasContractProtectionLevel = true; | 
					
						
							|  |  |  |                     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                     // validate o set header protection level | 
					
						
							|  |  |  |                     foreach (MessageHeaderDescription header in message.Headers) | 
					
						
							|  |  |  |                     { | 
					
						
							|  |  |  |                         bool signed = messageSignedParts.IsHeaderIncluded(header.Name, header.Namespace); | 
					
						
							|  |  |  |                         bool encrypted = messageEncryptedParts.IsHeaderIncluded(header.Name, header.Namespace); | 
					
						
							|  |  |  |                         newProtectionLevel = GetProtectionLevel(signed, encrypted, message.Action); | 
					
						
							|  |  |  |                         ValidateExistingOrSetNewProtectionLevel(header, message, operation, policyContext.Contract, newProtectionLevel); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                         if (hasProtectionLevel) | 
					
						
							|  |  |  |                         { | 
					
						
							|  |  |  |                             if (protectionLevel != newProtectionLevel) | 
					
						
							|  |  |  |                             { | 
					
						
							|  |  |  |                                 isProtectionLevelUniform = false; | 
					
						
							|  |  |  |                             } | 
					
						
							|  |  |  |                         } | 
					
						
							|  |  |  |                         else | 
					
						
							|  |  |  |                         { | 
					
						
							|  |  |  |                             protectionLevel = newProtectionLevel; | 
					
						
							|  |  |  |                             hasProtectionLevel = true; | 
					
						
							|  |  |  |                         } | 
					
						
							|  |  |  |                         if (hasContractProtectionLevel) | 
					
						
							|  |  |  |                         { | 
					
						
							|  |  |  |                             if (contractProtectionLevel != newProtectionLevel) | 
					
						
							|  |  |  |                             { | 
					
						
							|  |  |  |                                 isContractProtectionLevelUniform = false; | 
					
						
							|  |  |  |                             } | 
					
						
							|  |  |  |                         } | 
					
						
							|  |  |  |                         else | 
					
						
							|  |  |  |                         { | 
					
						
							|  |  |  |                             contractProtectionLevel = newProtectionLevel; | 
					
						
							|  |  |  |                             hasContractProtectionLevel = true; | 
					
						
							|  |  |  |                         } | 
					
						
							|  |  |  |                     } | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 // normalize protection level settings at the operation scope if possible to help avoid typed message generation | 
					
						
							|  |  |  |                 if (hasProtectionLevel && isProtectionLevelUniform) | 
					
						
							|  |  |  |                 { | 
					
						
							| 
									
										
										
										
											2017-08-21 15:34:15 +00:00
										 |  |  |                     // (Microsoft) remove the foreach message here | 
					
						
							| 
									
										
										
										
											2016-08-03 10:59:49 +00:00
										 |  |  |                     //  foreach (MessageDescription message in operation.Messages) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                     this.ResetProtectionLevelForMessages(operation); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                     operation.ProtectionLevel = protectionLevel; | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 // import fault protection requirements | 
					
						
							|  |  |  |                 foreach (FaultDescription fault in operation.Faults) | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     ICollection<XmlElement> faultBindingAssertions = policyContext.GetFaultBindingAssertions(fault); | 
					
						
							|  |  |  |                     this.ImportProtectionAssertions(faultBindingAssertions, out messageSignedParts, out messageEncryptedParts); | 
					
						
							|  |  |  |                     this.AddParts(ref messageSignedParts, operationSignedParts); | 
					
						
							|  |  |  |                     this.AddParts(ref messageEncryptedParts, operationEncryptedParts); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                     // validate or set fault protection level | 
					
						
							|  |  |  |                     ProtectionLevel newProtectionLevel = GetProtectionLevel(messageSignedParts.IsBodyIncluded, messageEncryptedParts.IsBodyIncluded, fault.Action); | 
					
						
							|  |  |  |                     if (fault.HasProtectionLevel) | 
					
						
							|  |  |  |                     { | 
					
						
							|  |  |  |                         if (fault.ProtectionLevel != newProtectionLevel) | 
					
						
							|  |  |  |                         { | 
					
						
							|  |  |  |                             throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentException(SR.GetString(SR.CannotImportProtectionLevelForContract, policyContext.Contract.Name, policyContext.Contract.Namespace))); | 
					
						
							|  |  |  |                         } | 
					
						
							|  |  |  |                     } | 
					
						
							|  |  |  |                     else | 
					
						
							|  |  |  |                     { | 
					
						
							|  |  |  |                         fault.ProtectionLevel = newProtectionLevel; | 
					
						
							|  |  |  |                     } | 
					
						
							|  |  |  |                     if (hasContractProtectionLevel) | 
					
						
							|  |  |  |                     { | 
					
						
							|  |  |  |                         if (contractProtectionLevel != newProtectionLevel) | 
					
						
							|  |  |  |                         { | 
					
						
							|  |  |  |                             isContractProtectionLevelUniform = false; | 
					
						
							|  |  |  |                         } | 
					
						
							|  |  |  |                     } | 
					
						
							|  |  |  |                     else | 
					
						
							|  |  |  |                     { | 
					
						
							|  |  |  |                         contractProtectionLevel = newProtectionLevel; | 
					
						
							|  |  |  |                         hasContractProtectionLevel = true; | 
					
						
							|  |  |  |                     } | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             if (isContractAssociatedWithAtLeastOneOtherBinding) | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 if (hasContractProtectionLevel != otherBindingProtectionLevel.HasProtectionRequirements | 
					
						
							|  |  |  |                     || isContractProtectionLevelUniform != otherBindingProtectionLevel.HasUniformProtectionLevel | 
					
						
							|  |  |  |                     || contractProtectionLevel != otherBindingProtectionLevel.UniformProtectionLevel) | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentException(SR.GetString(SR.CannotImportProtectionLevelForContract, policyContext.Contract.Name, policyContext.Contract.Namespace))); | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |             else | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 if (hasContractProtectionLevel && isContractProtectionLevelUniform && contractProtectionLevel == ProtectionLevel.EncryptAndSign) | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     // remove all explicitly set protection levels on the contract description, since they are uniform across the contract | 
					
						
							|  |  |  |                     // and match our binding's default of EncryptAndSign | 
					
						
							|  |  |  |                     foreach (OperationDescription operation in policyContext.Contract.Operations) | 
					
						
							|  |  |  |                     { | 
					
						
							|  |  |  |                         this.ResetProtectionLevelForMessages(operation); | 
					
						
							|  |  |  |                         foreach (FaultDescription fault in operation.Faults) | 
					
						
							|  |  |  |                         { | 
					
						
							|  |  |  |                             fault.ResetProtectionLevel(); | 
					
						
							|  |  |  |                         } | 
					
						
							|  |  |  |                         operation.ResetProtectionLevel(); | 
					
						
							|  |  |  |                     } | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |                 importer.State[contractAssociationName] = new ContractProtectionLevel(hasContractProtectionLevel, isContractProtectionLevelUniform, contractProtectionLevel); | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         void ResetProtectionLevelForMessages(OperationDescription operation) | 
					
						
							|  |  |  |         { | 
					
						
							|  |  |  |             foreach (MessageDescription message in operation.Messages) | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 if (OperationFormatter.IsValidReturnValue(message.Body.ReturnValue)) | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     message.Body.ReturnValue.ResetProtectionLevel(); | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |                 foreach (MessagePartDescription body in message.Body.Parts) | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     body.ResetProtectionLevel(); | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |                 foreach (MessageHeaderDescription header in message.Headers) | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     header.ResetProtectionLevel(); | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |                 message.ResetProtectionLevel(); | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         static ProtectionLevel GetProtectionLevel(bool signed, bool encrypted, string action) | 
					
						
							|  |  |  |         { | 
					
						
							|  |  |  |             ProtectionLevel result; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             if (encrypted) | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 if (signed) | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     result = ProtectionLevel.EncryptAndSign; | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |                 else | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidChannelBindingException(SR.GetString(SR.PolicyRequiresConfidentialityWithoutIntegrity, action))); | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |             else if (signed) | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 result = ProtectionLevel.Sign; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |             else | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 result = ProtectionLevel.None; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             return result; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         void ImportSupportingTokenAssertions(MetadataImporter importer, PolicyConversionContext policyContext, ICollection<XmlElement> assertions, SupportingTokenParameters requirements, SupportingTokenParameters optionalRequirements) | 
					
						
							|  |  |  |         { | 
					
						
							|  |  |  |             WSSecurityPolicy securityPolicy; | 
					
						
							|  |  |  |             if (WSSecurityPolicy.TryGetSecurityPolicyDriver(assertions, out securityPolicy)) | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 securityPolicy.TryImportWsspSupportingTokensAssertion( | 
					
						
							|  |  |  |                 importer, | 
					
						
							|  |  |  |                 policyContext, | 
					
						
							|  |  |  |                 assertions, | 
					
						
							|  |  |  |                 requirements.Signed, | 
					
						
							|  |  |  |                 requirements.SignedEncrypted, | 
					
						
							|  |  |  |                 requirements.Endorsing, | 
					
						
							|  |  |  |                 requirements.SignedEndorsing, | 
					
						
							|  |  |  |                 optionalRequirements.Signed, | 
					
						
							|  |  |  |                 optionalRequirements.SignedEncrypted, | 
					
						
							|  |  |  |                 optionalRequirements.Endorsing, | 
					
						
							|  |  |  |                 optionalRequirements.SignedEndorsing); | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         void ImportEndpointScopeMessageBindingAssertions(MetadataImporter importer, PolicyConversionContext policyContext, SecurityBindingElement binding) | 
					
						
							|  |  |  |         { | 
					
						
							|  |  |  |             XmlElement assertion = null; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             this.ImportSupportingTokenAssertions(importer, policyContext, policyContext.GetBindingAssertions(), binding.EndpointSupportingTokenParameters, binding.OptionalEndpointSupportingTokenParameters); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             WSSecurityPolicy securityPolicy; | 
					
						
							|  |  |  |             if (WSSecurityPolicy.TryGetSecurityPolicyDriver(policyContext.GetBindingAssertions(), out securityPolicy)) | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 if (!securityPolicy.TryImportWsspWssAssertion(importer, policyContext.GetBindingAssertions(), binding, out assertion) | 
					
						
							|  |  |  |                     && assertion != null) | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.UnsupportedSecurityPolicyAssertion, assertion.OuterXml))); | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 if (!securityPolicy.TryImportWsspTrustAssertion(importer, policyContext.GetBindingAssertions(), binding, out assertion) | 
					
						
							|  |  |  |                     && assertion != null) | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.UnsupportedSecurityPolicyAssertion, assertion.OuterXml))); | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             // | 
					
						
							|  |  |  |             // We don't have WSTrust assertion => it is possible we are a BasicHttpBinding | 
					
						
							|  |  |  |             // Set the flag here so that later when we tried to compare binding element with basic http binding | 
					
						
							|  |  |  |             // we can have an exact match. | 
					
						
							|  |  |  |             // | 
					
						
							|  |  |  |             if (assertion == null) | 
					
						
							|  |  |  |                 binding.DoNotEmitTrust = true; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         bool TryImportSymmetricSecurityBindingElement(MetadataImporter importer, PolicyConversionContext policyContext, out SecurityBindingElement sbe) | 
					
						
							|  |  |  |         { | 
					
						
							|  |  |  |             SymmetricSecurityBindingElement binding = null; | 
					
						
							|  |  |  |             XmlElement assertion; | 
					
						
							|  |  |  |             WSSecurityPolicy securityPolicy; | 
					
						
							|  |  |  |             if (WSSecurityPolicy.TryGetSecurityPolicyDriver(policyContext.GetBindingAssertions(), out securityPolicy)) | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 if (securityPolicy.TryImportWsspSymmetricBindingAssertion(importer, policyContext, policyContext.GetBindingAssertions(), out binding, out assertion)) | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     this.ImportEndpointScopeMessageBindingAssertions(importer, policyContext, binding); | 
					
						
							|  |  |  |                     this.ImportOperationScopeSupportingTokensPolicy(importer, policyContext, binding); | 
					
						
							|  |  |  |                     this.ImportMessageScopeProtectionPolicy(importer, policyContext); | 
					
						
							|  |  |  |                     policyContext.BindingElements.Add(binding); | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |                 else if (assertion != null) | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.UnsupportedSecurityPolicyAssertion, assertion.OuterXml))); | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             sbe = binding; | 
					
						
							|  |  |  |             return binding != null; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         bool TryImportAsymmetricSecurityBindingElement(MetadataImporter importer, PolicyConversionContext policyContext, out SecurityBindingElement sbe) | 
					
						
							|  |  |  |         { | 
					
						
							|  |  |  |             AsymmetricSecurityBindingElement binding = null; | 
					
						
							|  |  |  |             XmlElement assertion; | 
					
						
							|  |  |  |             WSSecurityPolicy securityPolicy; | 
					
						
							|  |  |  |             if (WSSecurityPolicy.TryGetSecurityPolicyDriver(policyContext.GetBindingAssertions(), out securityPolicy)) | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 if (securityPolicy.TryImportWsspAsymmetricBindingAssertion(importer, policyContext, policyContext.GetBindingAssertions(), out binding, out assertion)) | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     this.ImportEndpointScopeMessageBindingAssertions(importer, policyContext, binding); | 
					
						
							|  |  |  |                     this.ImportOperationScopeSupportingTokensPolicy(importer, policyContext, binding); | 
					
						
							|  |  |  |                     this.ImportMessageScopeProtectionPolicy(importer, policyContext); | 
					
						
							|  |  |  |                     policyContext.BindingElements.Add(binding); | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |                 else if (assertion != null) | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.UnsupportedSecurityPolicyAssertion, assertion.OuterXml))); | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             sbe = binding; | 
					
						
							|  |  |  |             return binding != null; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // isDualSecurityModeOnly is true if the binding has both message security and https security enabled. | 
					
						
							|  |  |  |         bool TryImportTransportSecurityBindingElement(MetadataImporter importer, PolicyConversionContext policyContext, out SecurityBindingElement sbe, bool isDualSecurityModeOnly) | 
					
						
							|  |  |  |         { | 
					
						
							|  |  |  |             TransportSecurityBindingElement binding = null; | 
					
						
							|  |  |  |             XmlElement assertion; | 
					
						
							|  |  |  |             sbe = null; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             WSSecurityPolicy securityPolicy; | 
					
						
							|  |  |  |             if (WSSecurityPolicy.TryGetSecurityPolicyDriver(policyContext.GetBindingAssertions(), out securityPolicy)) | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 if (securityPolicy.TryImportWsspTransportBindingAssertion(importer, policyContext.GetBindingAssertions(), out binding, out assertion)) | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     this.ImportEndpointScopeMessageBindingAssertions(importer, policyContext, binding); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                     // If it is not DualSecurityMode then it is Mixed mode. So we need to look for supporting tokens in the binding. | 
					
						
							|  |  |  |                     if (!isDualSecurityModeOnly) | 
					
						
							|  |  |  |                     { | 
					
						
							|  |  |  |                         this.ImportOperationScopeSupportingTokensPolicy(importer, policyContext, binding); | 
					
						
							|  |  |  |                         if (importer.State.ContainsKey(InSecureConversationBootstrapBindingImportMode)) | 
					
						
							|  |  |  |                         { | 
					
						
							|  |  |  |                             this.ImportMessageScopeProtectionPolicy(importer, policyContext); | 
					
						
							|  |  |  |                         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                         if (HasSupportingTokens(binding) || binding.IncludeTimestamp) | 
					
						
							|  |  |  |                         { | 
					
						
							|  |  |  |                             sbe = binding; | 
					
						
							|  |  |  |                             policyContext.BindingElements.Add(binding); | 
					
						
							|  |  |  |                         } | 
					
						
							|  |  |  |                     } | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |                 else if (assertion != null) | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.UnsupportedSecurityPolicyAssertion, assertion.OuterXml))); | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             return binding != null; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         static bool HasSupportingTokens(SecurityBindingElement binding) | 
					
						
							|  |  |  |         { | 
					
						
							|  |  |  |             if (binding.EndpointSupportingTokenParameters.Endorsing.Count > 0 | 
					
						
							|  |  |  |                     || binding.EndpointSupportingTokenParameters.SignedEndorsing.Count > 0 | 
					
						
							|  |  |  |                     || binding.EndpointSupportingTokenParameters.SignedEncrypted.Count > 0 | 
					
						
							|  |  |  |                     || binding.EndpointSupportingTokenParameters.Signed.Count > 0) | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 return true; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             foreach (SupportingTokenParameters r in binding.OperationSupportingTokenParameters.Values) | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 if (r.Endorsing.Count > 0 | 
					
						
							|  |  |  |                         || r.SignedEndorsing.Count > 0 | 
					
						
							|  |  |  |                         || r.SignedEncrypted.Count > 0 | 
					
						
							|  |  |  |                         || r.Signed.Count > 0) | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     return true; | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             return false; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         void IPolicyImportExtension.ImportPolicy(MetadataImporter importer, PolicyConversionContext policyContext) | 
					
						
							|  |  |  |         { | 
					
						
							|  |  |  |             if (importer == null) | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("importer"); | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |             if (policyContext == null) | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("policyContext"); | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |             WSSecurityPolicy securityPolicy; | 
					
						
							|  |  |  |             if (WSSecurityPolicy.TryGetSecurityPolicyDriver(policyContext.GetBindingAssertions(), out securityPolicy)) | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 if ((importer.State != null) && (!importer.State.ContainsKey(MaxPolicyRedirectionsKey))) | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     importer.State.Add(MaxPolicyRedirectionsKey, this.MaxPolicyRedirections); | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 SecurityBindingElement sbe = null; | 
					
						
							|  |  |  |                 bool success = this.TryImportSymmetricSecurityBindingElement(importer, policyContext, out sbe); | 
					
						
							|  |  |  |                 if (!success) | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     success = this.TryImportAsymmetricSecurityBindingElement(importer, policyContext, out sbe); | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |                 if (!success) | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     success = this.TryImportTransportSecurityBindingElement(importer, policyContext, out sbe, false); | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |                 else | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     // We already have found and imported the message security binding element above. Hence this could be the dual mode security. | 
					
						
							|  |  |  |                     // Now let us see if there is HttpsTransportBinding assertion also below it .This is to avoid the  | 
					
						
							|  |  |  |                     // warning messages while importing wsdl representing the message security over Https transport security scenario. See Bug:136416. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                     SecurityBindingElement tbe = null; | 
					
						
							|  |  |  |                     this.TryImportTransportSecurityBindingElement(importer, policyContext, out tbe, true); | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 if (sbe != null) | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                     SecurityElement config = new SecurityElement(); | 
					
						
							|  |  |  |                     config.InitializeFrom(sbe, false); | 
					
						
							|  |  |  |                     if (config.HasImportFailed) | 
					
						
							|  |  |  |                     { | 
					
						
							|  |  |  | #pragma warning suppress 56506 | 
					
						
							|  |  |  |                         importer.Errors.Add(new MetadataConversionError(SR.GetString(SR.SecurityBindingElementCannotBeExpressedInConfig), true)); | 
					
						
							|  |  |  |                     } | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | } |