No passwords shall be visible in trace files

WebsitePanel/Sources/WebsitePanel.EnterpriseServer.Code/Common/RestrictedTraceAssertion.cs

@@ -0,0 +1,154 @@
+// Copyright (c) 2015, Outercurve Foundation.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without modification,
+// are permitted provided that the following conditions are met:
+//
+// - Redistributions of source code must  retain  the  above copyright notice, this
+//   list of conditions and the following disclaimer.
+//
+// - Redistributions in binary form  must  reproduce the  above  copyright  notice,
+//   this list of conditions  and  the  following  disclaimer in  the documentation
+//   and/or other materials provided with the distribution.
+//
+// - Neither  the  name  of  the  Outercurve Foundation  nor   the   names  of  its
+//   contributors may be used to endorse or  promote  products  derived  from  this
+//   software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,  BUT  NOT  LIMITED TO, THE IMPLIED
+// WARRANTIES  OF  MERCHANTABILITY   AND  FITNESS  FOR  A  PARTICULAR  PURPOSE  ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+// ANY DIRECT, INDIRECT, INCIDENTAL,  SPECIAL,  EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO,  PROCUREMENT  OF  SUBSTITUTE  GOODS OR SERVICES;
+// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)  HOWEVER  CAUSED AND ON
+// ANY  THEORY  OF  LIABILITY,  WHETHER  IN  CONTRACT,  STRICT  LIABILITY,  OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE)  ARISING  IN  ANY WAY OUT OF THE USE OF THIS
+// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+using System;
+using System.Data;
+using System.Configuration;
+using System.Xml;
+using System.Diagnostics;
+using System.Collections.Generic;
+using System.Text;
+using System.IO;
+
+using WSE = Microsoft.Web.Services3.Security;
+using Microsoft.Web.Services3;
+using Microsoft.Web.Services3.Design;
+using Microsoft.Web.Services3.Security;
+using Microsoft.Web.Services3.Security.Tokens;
+
+namespace WebsitePanel.EnterpriseServer
+{
+    class RestrictedTraceAssertion : PolicyAssertion
+    {
+        string inputfile = "input.xml";
+        string outputfile = "output.xml";
+        bool bEnabled = false;
+
+        public RestrictedTraceAssertion()
+            : base()
+        {
+        }
+
+        public override SoapFilter CreateClientOutputFilter(FilterCreationContext context)
+        {
+            return bEnabled ? new CustomTraceFilter(outputfile) : null;
+        }
+
+        public override SoapFilter CreateClientInputFilter(FilterCreationContext context)
+        {
+            return bEnabled ? new CustomTraceFilter(inputfile) : null;
+        }
+
+        public override SoapFilter CreateServiceInputFilter(FilterCreationContext context)
+        {
+            return bEnabled ? new CustomTraceFilter(inputfile) : null;
+        }
+
+        public override SoapFilter CreateServiceOutputFilter(FilterCreationContext context)
+        {
+            return bEnabled ? new CustomTraceFilter(outputfile) : null;
+        }
+
+        public override void ReadXml(XmlReader reader, IDictionary<string, Type> extensions)
+        {
+            bool isEmpty = reader.IsEmptyElement;
+
+            string input = reader.GetAttribute("input");
+            string output = reader.GetAttribute("output");
+            string enabled = reader.GetAttribute("enabled");
+            if ((enabled != null) && (enabled.ToLower() == "true"))
+                bEnabled = true;
+
+            if (input != null)
+                inputfile = input;
+
+            if (output != null)
+                outputfile = output;
+
+            reader.ReadStartElement("restrictedTraceAssertion");
+            if (!isEmpty)
+                reader.ReadEndElement();
+        }
+
+        public override IEnumerable<KeyValuePair<string, Type>> GetExtensions()
+        {
+            return new KeyValuePair<string, Type>[] { new KeyValuePair<string, Type>("RestrictedTraceAssertion", this.GetType()) };
+        }
+    }
+
+    class CustomTraceFilter : SoapFilter
+    {
+        string filename = null;
+
+        public CustomTraceFilter(String file)
+            : base()
+        {
+            filename = file;
+        }
+
+        public override SoapFilterResult ProcessMessage(SoapEnvelope envelope)
+        {
+            XmlDocument dom = null;
+            DateTime timeStamp = DateTime.Now;
+            XmlNode rootNode = null;
+
+            dom = new XmlDocument();
+
+            if (!File.Exists(filename))
+            {
+                XmlDeclaration xmlDecl = dom.CreateXmlDeclaration("1.0", "utf-8", null);
+
+                dom.InsertBefore(xmlDecl, dom.DocumentElement);
+
+                rootNode = dom.CreateNode(XmlNodeType.Element, "log", String.Empty);
+                dom.AppendChild(rootNode);
+                dom.Save(filename);
+            }
+            else
+            {
+                dom.Load(filename);
+                rootNode = dom.DocumentElement;
+            }
+
+            XmlNode newNode = dom.ImportNode(envelope.DocumentElement, true);
+            XmlNodeList passwords = (newNode as XmlElement).GetElementsByTagName("password");
+            for (int i = 0; i < passwords.Count; ++i)
+            {
+                XmlNode node = passwords.Item(i);
+                node.InnerXml = "*****";
+            }
+
+            rootNode.AppendChild(newNode);
+
+            dom.Save(filename);
+
+            return SoapFilterResult.Continue;
+        }
+    }
+}

WebsitePanel/Sources/WebsitePanel.EnterpriseServer.Code/WebsitePanel.EnterpriseServer.Code.csproj

@@ -89,6 +89,7 @@
     <Compile Include="Common\IPAddress.cs" />
     <Compile Include="Common\MailHelper.cs" />
     <Compile Include="Common\ObjectUtils.cs" />
+    <Compile Include="Common\RestrictedTraceAssertion.cs" />
     <Compile Include="Common\SecurityContext.cs" />
     <Compile Include="Common\ServiceProviderProxy.cs" />
     <Compile Include="Common\ServiceUsernameTokenManager.cs" />

WebsitePanel/Sources/WebsitePanel.EnterpriseServer/WsePolicyCache.Config

@@ -1,8 +1,21 @@
 <policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy">
   <extensions>
+    <extension name="restrictedTraceAssertion" type="WebsitePanel.EnterpriseServer.RestrictedTraceAssertion, WebsitePanel.EnterpriseServer.Code" />
     <extension name="usernameAssertion" type="WebsitePanel.EnterpriseServer.UsernameAssertion, WebsitePanel.EnterpriseServer.Code" />
   </extensions>
   <policy name="ServerPolicy">
+    <restrictedTraceAssertion
+      enabled="false"
+      input="C:\VSProjects\alexY\WebSitePanel\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\input.xml"
+      output="C:\VSProjects\alexY\WebSitePanel\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\output.xml"
+    />
     <usernameAssertion/>
   </policy>
+  <policy name="CommonPolicy">
+    <restrictedTraceAssertion
+      enabled="false"
+      input="C:\VSProjects\alexY\WebSitePanel\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\input.xml"
+      output="C:\VSProjects\alexY\WebSitePanel\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\output.xml"
+    />
+  </policy>
 </policies>

WebsitePanel/Sources/WebsitePanel.EnterpriseServer/esAuthentication.asmx.cs

@@ -44,6 +44,7 @@ namespace WebsitePanel.EnterpriseServer
     /// </summary>
     [WebService(Namespace = "http://smbsaas/websitepanel/enterpriseserver")]
     [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
+    [Policy("CommonPolicy")]
     [ToolboxItem(false)]
     public class esAuthentication : System.Web.Services.WebService
     {