c
/
mono
mirror of https://github.com/mono/mono.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180
							//------------------------------------------------------------
// Copyright (c) Microsoft Corporation.  All rights reserved.
//------------------------------------------------------------
namespace System.ServiceModel.Dispatcher
{
    using System.ServiceModel.Channels;
    using System.ServiceModel;
    using System.ServiceModel.Description;
    using System.Collections.ObjectModel;
    using System.Collections.Generic;
    using System.Xml;
    using System.Security;
    using System.Security.Permissions;
    using System.ServiceModel.MsmqIntegration;
    using System.Runtime;

    class PartialTrustValidationBehavior : IServiceBehavior, IEndpointBehavior
    {
        static PartialTrustValidationBehavior instance = null;

        internal static PartialTrustValidationBehavior Instance
        {
            get
            {
                // no need to synchronize -- it's ok if two are created
                if (instance == null)
                {
                    instance = new PartialTrustValidationBehavior();
                }
                return instance;
            }
        }

        void ValidateEndpoint(ServiceEndpoint endpoint)
        {
            Binding binding = endpoint.Binding;
            if (binding != null)
            {
                new BindingValidator(endpoint.Binding).Validate();
            }
        }

        #region IEndpointBehavior Members

        void IEndpointBehavior.Validate(ServiceEndpoint endpoint)
        {
            if (endpoint == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("endpoint");

            ValidateEndpoint(endpoint);
        }

        void IEndpointBehavior.AddBindingParameters(ServiceEndpoint endpoint, BindingParameterCollection bindingParameters) { }
        void IEndpointBehavior.ApplyDispatchBehavior(ServiceEndpoint endpoint, EndpointDispatcher endpointDispatcher) { }
        void IEndpointBehavior.ApplyClientBehavior(ServiceEndpoint endpoint, ClientRuntime clientRuntime) { }

        #endregion

        #region IServiceBehavior Members

        public void Validate(ServiceDescription description, ServiceHostBase serviceHostBase)
        {
            if (description == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("description");
            for (int i = 0; i < description.Endpoints.Count; i++)
            {
                ServiceEndpoint endpoint = description.Endpoints[i];
                if (endpoint != null)
                {
                    ValidateEndpoint(endpoint);
                }
            }
        }

        public void AddBindingParameters(ServiceDescription serviceDescription, ServiceHostBase serviceHostBase, Collection<ServiceEndpoint> endpoints, BindingParameterCollection bindingParameters) { }
        public void ApplyDispatchBehavior(ServiceDescription serviceDescription, ServiceHostBase serviceHostBase) { }

        #endregion

        struct BindingValidator
        {
            static Type[] unsupportedBindings = new Type[]
            {
                typeof(NetNamedPipeBinding),
                typeof(WSDualHttpBinding),
                typeof(WS2007FederationHttpBinding),
                typeof(WSFederationHttpBinding),
                typeof(NetMsmqBinding),
#pragma warning disable 0618
                typeof(NetPeerTcpBinding),
#pragma warning restore 0618
                typeof(MsmqIntegrationBinding),
            };

            static Type[] unsupportedBindingElements = new Type[]
            {
                typeof(AsymmetricSecurityBindingElement),
                typeof(CompositeDuplexBindingElement),
                typeof(MsmqTransportBindingElement),
                typeof(NamedPipeTransportBindingElement),
                typeof(OneWayBindingElement),
#pragma warning disable 0618                
                typeof(PeerCustomResolverBindingElement),
                typeof(PeerTransportBindingElement),
                typeof(PnrpPeerResolverBindingElement),
#pragma warning restore 0618                
                typeof(ReliableSessionBindingElement),
                typeof(SymmetricSecurityBindingElement),
                typeof(TransportSecurityBindingElement),
                typeof(MtomMessageEncodingBindingElement),
            }; 
            
            Binding binding;
            internal BindingValidator(Binding binding)
            {
                this.binding = binding;
            }

            internal void Validate()
            {
                Fx.Assert(binding != null, "BindingValidator was not constructed with a valid Binding instance");

                Type bindingType = binding.GetType();
                if (IsUnsupportedBindingType(bindingType))
                {
                    UnsupportedSecurityCheck(SR.FullTrustOnlyBindingSecurityCheck1, bindingType);
                }

                // special-case error message for WSHttpBindings
                bool isWSHttpBinding = typeof(WSHttpBinding).IsAssignableFrom(bindingType);
                string sr = isWSHttpBinding ? SR.FullTrustOnlyBindingElementSecurityCheckWSHttpBinding1 : SR.FullTrustOnlyBindingElementSecurityCheck1;

                BindingElementCollection elements = binding.CreateBindingElements();
                foreach (BindingElement element in elements)
                {
                    Type bindingElementType = element.GetType();
                    if (element != null && IsUnsupportedBindingElementType(bindingElementType))
                    {
                        UnsupportedSecurityCheck(sr, bindingElementType);
                    }
                }
            }

            bool IsUnsupportedBindingType(Type bindingType)
            {
                for (int i = 0; i < unsupportedBindings.Length; i++)
                {
                    if (unsupportedBindings[i] == bindingType)
                        return true;
                }
                return false;
            }

            bool IsUnsupportedBindingElementType(Type bindingElementType)
            {
                for (int i = 0; i < unsupportedBindingElements.Length; i++)
                {
                    if (unsupportedBindingElements[i] == bindingElementType)
                        return true;
                }
                return false;
            }
            
            static readonly PermissionSet fullTrust = new PermissionSet(PermissionState.Unrestricted);
            void UnsupportedSecurityCheck(string resource, Type type)
            {
                try
                {
                    fullTrust.Demand();
                }
                catch (SecurityException)
                {
                    throw new InvalidOperationException(SR.GetString(resource, binding.Name, type));
                }
            }

        }
    }

}