Beispiel #1
0
        public byte[] CreateCookieFromSecurityContext(UniqueId contextId, string id, byte[] key, DateTime tokenEffectiveTime, DateTime tokenExpirationTime, UniqueId keyGeneration, DateTime keyEffectiveTime, DateTime keyExpirationTime, ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies)
        {
            if (contextId == null)
            {
                throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("contextId");
            }
            if (key == null)
            {
                throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("key");
            }
            MemoryStream        stream   = new MemoryStream();
            XmlDictionaryWriter writer   = XmlDictionaryWriter.CreateBinaryWriter(stream, SctClaimDictionary.Instance, null);
            SctClaimDictionary  instance = SctClaimDictionary.Instance;

            writer.WriteStartElement(instance.SecurityContextSecurityToken, instance.EmptyString);
            writer.WriteStartElement(instance.Version, instance.EmptyString);
            writer.WriteValue(1);
            writer.WriteEndElement();
            if (id != null)
            {
                writer.WriteElementString(instance.Id, instance.EmptyString, id);
            }
            XmlHelper.WriteElementStringAsUniqueId(writer, instance.ContextId, instance.EmptyString, contextId);
            writer.WriteStartElement(instance.Key, instance.EmptyString);
            writer.WriteBase64(key, 0, key.Length);
            writer.WriteEndElement();
            if (keyGeneration != null)
            {
                XmlHelper.WriteElementStringAsUniqueId(writer, instance.KeyGeneration, instance.EmptyString, keyGeneration);
            }
            XmlHelper.WriteElementContentAsInt64(writer, instance.EffectiveTime, instance.EmptyString, tokenEffectiveTime.ToUniversalTime().Ticks);
            XmlHelper.WriteElementContentAsInt64(writer, instance.ExpiryTime, instance.EmptyString, tokenExpirationTime.ToUniversalTime().Ticks);
            XmlHelper.WriteElementContentAsInt64(writer, instance.KeyEffectiveTime, instance.EmptyString, keyEffectiveTime.ToUniversalTime().Ticks);
            XmlHelper.WriteElementContentAsInt64(writer, instance.KeyExpiryTime, instance.EmptyString, keyExpirationTime.ToUniversalTime().Ticks);
            AuthorizationContext authContext = null;

            if (authorizationPolicies != null)
            {
                authContext = AuthorizationContext.CreateDefaultAuthorizationContext(authorizationPolicies);
            }
            if ((authContext != null) && (authContext.ClaimSets.Count != 0))
            {
                DataContractSerializer serializer      = DataContractSerializerDefaults.CreateSerializer(typeof(IIdentity), this.knownTypes, 0x7fffffff);
                DataContractSerializer serializer2     = DataContractSerializerDefaults.CreateSerializer(typeof(ClaimSet), this.knownTypes, 0x7fffffff);
                DataContractSerializer claimSerializer = DataContractSerializerDefaults.CreateSerializer(typeof(Claim), this.knownTypes, 0x7fffffff);
                SctClaimSerializer.SerializeIdentities(authContext, instance, writer, serializer);
                writer.WriteStartElement(instance.ClaimSets, instance.EmptyString);
                for (int i = 0; i < authContext.ClaimSets.Count; i++)
                {
                    SctClaimSerializer.SerializeClaimSet(authContext.ClaimSets[i], instance, writer, serializer2, claimSerializer);
                }
                writer.WriteEndElement();
            }
            writer.WriteEndElement();
            writer.Flush();
            byte[] data = stream.ToArray();
            return(this.securityStateEncoder.EncodeSecurityState(data));
        }
Beispiel #2
0
        private SecurityContextSecurityToken DeserializeContext(byte[] serializedContext, byte[] cookieBlob, string id, XmlDictionaryReaderQuotas quotas)
        {
            List <IAuthorizationPolicy> list3;
            SctClaimDictionary          instance = SctClaimDictionary.Instance;
            XmlDictionaryReader         reader   = XmlDictionaryReader.CreateBinaryReader(serializedContext, 0, serializedContext.Length, instance, quotas, null, null);
            int      num            = -1;
            UniqueId contextId      = null;
            DateTime minUtcDateTime = System.ServiceModel.Security.SecurityUtils.MinUtcDateTime;
            DateTime maxUtcDateTime = System.ServiceModel.Security.SecurityUtils.MaxUtcDateTime;

            byte[]            key               = null;
            string            str               = null;
            UniqueId          keyGeneration     = null;
            DateTime          keyEffectiveTime  = System.ServiceModel.Security.SecurityUtils.MinUtcDateTime;
            DateTime          keyExpirationTime = System.ServiceModel.Security.SecurityUtils.MaxUtcDateTime;
            List <ClaimSet>   claimSets         = null;
            IList <IIdentity> identities        = null;
            bool isCookieMode = true;

            reader.ReadFullStartElement(instance.SecurityContextSecurityToken, instance.EmptyString);
            while (reader.IsStartElement())
            {
                if (reader.IsStartElement(instance.Version, instance.EmptyString))
                {
                    num = reader.ReadElementContentAsInt();
                }
                else
                {
                    if (reader.IsStartElement(instance.ContextId, instance.EmptyString))
                    {
                        contextId = reader.ReadElementContentAsUniqueId();
                        continue;
                    }
                    if (reader.IsStartElement(instance.Id, instance.EmptyString))
                    {
                        str = reader.ReadElementContentAsString();
                        continue;
                    }
                    if (reader.IsStartElement(instance.EffectiveTime, instance.EmptyString))
                    {
                        minUtcDateTime = new DateTime(XmlHelper.ReadElementContentAsInt64(reader), DateTimeKind.Utc);
                        continue;
                    }
                    if (reader.IsStartElement(instance.ExpiryTime, instance.EmptyString))
                    {
                        maxUtcDateTime = new DateTime(XmlHelper.ReadElementContentAsInt64(reader), DateTimeKind.Utc);
                        continue;
                    }
                    if (reader.IsStartElement(instance.Key, instance.EmptyString))
                    {
                        key = reader.ReadElementContentAsBase64();
                        continue;
                    }
                    if (reader.IsStartElement(instance.KeyGeneration, instance.EmptyString))
                    {
                        keyGeneration = reader.ReadElementContentAsUniqueId();
                        continue;
                    }
                    if (reader.IsStartElement(instance.KeyEffectiveTime, instance.EmptyString))
                    {
                        keyEffectiveTime = new DateTime(XmlHelper.ReadElementContentAsInt64(reader), DateTimeKind.Utc);
                        continue;
                    }
                    if (reader.IsStartElement(instance.KeyExpiryTime, instance.EmptyString))
                    {
                        keyExpirationTime = new DateTime(XmlHelper.ReadElementContentAsInt64(reader), DateTimeKind.Utc);
                        continue;
                    }
                    if (reader.IsStartElement(instance.Identities, instance.EmptyString))
                    {
                        identities = SctClaimSerializer.DeserializeIdentities(reader, instance, DataContractSerializerDefaults.CreateSerializer(typeof(IIdentity), this.knownTypes, 0x7fffffff));
                        continue;
                    }
                    if (reader.IsStartElement(instance.ClaimSets, instance.EmptyString))
                    {
                        reader.ReadStartElement();
                        DataContractSerializer serializer      = DataContractSerializerDefaults.CreateSerializer(typeof(ClaimSet), this.knownTypes, 0x7fffffff);
                        DataContractSerializer claimSerializer = DataContractSerializerDefaults.CreateSerializer(typeof(Claim), this.knownTypes, 0x7fffffff);
                        claimSets = new List <ClaimSet>(1);
                        while (reader.IsStartElement())
                        {
                            claimSets.Add(SctClaimSerializer.DeserializeClaimSet(reader, instance, serializer, claimSerializer));
                        }
                        reader.ReadEndElement();
                        continue;
                    }
                    if (reader.IsStartElement(instance.IsCookieMode, instance.EmptyString))
                    {
                        isCookieMode = reader.ReadElementString() == "1";
                    }
                    else
                    {
                        OnInvalidCookieFailure(System.ServiceModel.SR.GetString("SctCookieXmlParseError"));
                    }
                }
            }
            reader.ReadEndElement();
            if (num != 1)
            {
                throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(System.ServiceModel.SR.GetString("SerializedTokenVersionUnsupported", new object[] { num })));
            }
            if (contextId == null)
            {
                OnInvalidCookieFailure(System.ServiceModel.SR.GetString("SctCookieValueMissingOrIncorrect", new object[] { "ContextId" }));
            }
            if ((key == null) || (key.Length == 0))
            {
                OnInvalidCookieFailure(System.ServiceModel.SR.GetString("SctCookieValueMissingOrIncorrect", new object[] { "Key" }));
            }
            if (str != id)
            {
                OnInvalidCookieFailure(System.ServiceModel.SR.GetString("SctCookieValueMissingOrIncorrect", new object[] { "Id" }));
            }
            if (claimSets != null)
            {
                list3 = new List <IAuthorizationPolicy>(1)
                {
                    new SctUnconditionalPolicy(identities, claimSets, maxUtcDateTime)
                };
            }
            else
            {
                list3 = null;
            }
            return(new SecurityContextSecurityToken(contextId, str, key, minUtcDateTime, maxUtcDateTime, (list3 != null) ? list3.AsReadOnly() : null, isCookieMode, cookieBlob, keyGeneration, keyEffectiveTime, keyExpirationTime));
        }
        SecurityContextSecurityToken DeserializeContext(byte[] serializedContext, byte[] cookieBlob, string id, XmlDictionaryReaderQuotas quotas)
        {
            SctClaimDictionary  dictionary = SctClaimDictionary.Instance;
            XmlDictionaryReader reader     = XmlDictionaryReader.CreateBinaryReader(serializedContext, 0, serializedContext.Length, dictionary, quotas, null, null);
            int      cookieVersion         = -1;
            UniqueId cookieContextId       = null;
            DateTime effectiveTime         = SecurityUtils.MinUtcDateTime;
            DateTime expiryTime            = SecurityUtils.MaxUtcDateTime;

            byte[]            key               = null;
            string            localId           = null;
            UniqueId          keyGeneration     = null;
            DateTime          keyEffectiveTime  = SecurityUtils.MinUtcDateTime;
            DateTime          keyExpirationTime = SecurityUtils.MaxUtcDateTime;
            List <ClaimSet>   claimSets         = null;
            IList <IIdentity> identities        = null;
            bool isCookie = true;

            reader.ReadFullStartElement(dictionary.SecurityContextSecurityToken, dictionary.EmptyString);

            while (reader.IsStartElement())
            {
                if (reader.IsStartElement(dictionary.Version, dictionary.EmptyString))
                {
                    cookieVersion = reader.ReadElementContentAsInt();
                }
                else if (reader.IsStartElement(dictionary.ContextId, dictionary.EmptyString))
                {
                    cookieContextId = reader.ReadElementContentAsUniqueId();
                }
                else if (reader.IsStartElement(dictionary.Id, dictionary.EmptyString))
                {
                    localId = reader.ReadElementContentAsString();
                }
                else if (reader.IsStartElement(dictionary.EffectiveTime, dictionary.EmptyString))
                {
                    effectiveTime = new DateTime(XmlHelper.ReadElementContentAsInt64(reader), DateTimeKind.Utc);
                }
                else if (reader.IsStartElement(dictionary.ExpiryTime, dictionary.EmptyString))
                {
                    expiryTime = new DateTime(XmlHelper.ReadElementContentAsInt64(reader), DateTimeKind.Utc);
                }
                else if (reader.IsStartElement(dictionary.Key, dictionary.EmptyString))
                {
                    key = reader.ReadElementContentAsBase64();
                }
                else if (reader.IsStartElement(dictionary.KeyGeneration, dictionary.EmptyString))
                {
                    keyGeneration = reader.ReadElementContentAsUniqueId();
                }
                else if (reader.IsStartElement(dictionary.KeyEffectiveTime, dictionary.EmptyString))
                {
                    keyEffectiveTime = new DateTime(XmlHelper.ReadElementContentAsInt64(reader), DateTimeKind.Utc);
                }
                else if (reader.IsStartElement(dictionary.KeyExpiryTime, dictionary.EmptyString))
                {
                    keyExpirationTime = new DateTime(XmlHelper.ReadElementContentAsInt64(reader), DateTimeKind.Utc);
                }
                else if (reader.IsStartElement(dictionary.Identities, dictionary.EmptyString))
                {
                    identities = SctClaimSerializer.DeserializeIdentities(reader, dictionary, DataContractSerializerDefaults.CreateSerializer(typeof(IIdentity), this.knownTypes, int.MaxValue));
                }
                else if (reader.IsStartElement(dictionary.ClaimSets, dictionary.EmptyString))
                {
                    reader.ReadStartElement();

                    DataContractSerializer claimSetSerializer = DataContractSerializerDefaults.CreateSerializer(typeof(ClaimSet), this.knownTypes, int.MaxValue);
                    DataContractSerializer claimSerializer    = DataContractSerializerDefaults.CreateSerializer(typeof(Claim), this.knownTypes, int.MaxValue);
                    claimSets = new List <ClaimSet>(1);
                    while (reader.IsStartElement())
                    {
                        claimSets.Add(SctClaimSerializer.DeserializeClaimSet(reader, dictionary, claimSetSerializer, claimSerializer));
                    }

                    reader.ReadEndElement();
                }
                else if (reader.IsStartElement(dictionary.IsCookieMode, dictionary.EmptyString))
                {
                    isCookie = reader.ReadElementString() == "1" ? true : false;
                }
                else
                {
                    OnInvalidCookieFailure(SR.GetString(SR.SctCookieXmlParseError));
                }
            }
            reader.ReadEndElement();
            if (cookieVersion != SupportedPersistanceVersion)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.SerializedTokenVersionUnsupported, cookieVersion)));
            }
            if (cookieContextId == null)
            {
                OnInvalidCookieFailure(SR.GetString(SR.SctCookieValueMissingOrIncorrect, "ContextId"));
            }
            if (key == null || key.Length == 0)
            {
                OnInvalidCookieFailure(SR.GetString(SR.SctCookieValueMissingOrIncorrect, "Key"));
            }
            if (localId != id)
            {
                OnInvalidCookieFailure(SR.GetString(SR.SctCookieValueMissingOrIncorrect, "Id"));
            }
            List <IAuthorizationPolicy> authorizationPolicies;

            if (claimSets != null)
            {
                authorizationPolicies = new List <IAuthorizationPolicy>(1);
                authorizationPolicies.Add(new SctUnconditionalPolicy(identities, claimSets, expiryTime));
            }
            else
            {
                authorizationPolicies = null;
            }
            return(new SecurityContextSecurityToken(cookieContextId, localId, key, effectiveTime, expiryTime,
                                                    authorizationPolicies != null ? authorizationPolicies.AsReadOnly() : null, isCookie, cookieBlob, keyGeneration, keyEffectiveTime, keyExpirationTime));
        }
Beispiel #4
0
        public byte[] CreateCookieFromSecurityContext(UniqueId contextId, string id, byte[] key, DateTime tokenEffectiveTime,
                                                      DateTime tokenExpirationTime, UniqueId keyGeneration, DateTime keyEffectiveTime, DateTime keyExpirationTime,
                                                      ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies)
        {
            if (contextId == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(contextId));
            }

            if (key == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(key));
            }

            MemoryStream        stream = new MemoryStream();
            XmlDictionaryWriter writer = XmlDictionaryWriter.CreateBinaryWriter(stream, SctClaimDictionary.Instance, null);

            SctClaimDictionary dictionary = SctClaimDictionary.Instance;

            writer.WriteStartElement(dictionary.SecurityContextSecurityToken, dictionary.EmptyString);
            writer.WriteStartElement(dictionary.Version, dictionary.EmptyString);
            writer.WriteValue(SupportedPersistanceVersion);
            writer.WriteEndElement();
            if (id != null)
            {
                writer.WriteElementString(dictionary.Id, dictionary.EmptyString, id);
            }

            XmlHelper.WriteElementStringAsUniqueId(writer, dictionary.ContextId, dictionary.EmptyString, contextId);

            writer.WriteStartElement(dictionary.Key, dictionary.EmptyString);
            writer.WriteBase64(key, 0, key.Length);
            writer.WriteEndElement();

            if (keyGeneration != null)
            {
                XmlHelper.WriteElementStringAsUniqueId(writer, dictionary.KeyGeneration, dictionary.EmptyString, keyGeneration);
            }

            XmlHelper.WriteElementContentAsInt64(writer, dictionary.EffectiveTime, dictionary.EmptyString, tokenEffectiveTime.ToUniversalTime().Ticks);
            XmlHelper.WriteElementContentAsInt64(writer, dictionary.ExpiryTime, dictionary.EmptyString, tokenExpirationTime.ToUniversalTime().Ticks);
            XmlHelper.WriteElementContentAsInt64(writer, dictionary.KeyEffectiveTime, dictionary.EmptyString, keyEffectiveTime.ToUniversalTime().Ticks);
            XmlHelper.WriteElementContentAsInt64(writer, dictionary.KeyExpiryTime, dictionary.EmptyString, keyExpirationTime.ToUniversalTime().Ticks);

            AuthorizationContext authContext = null;

            if (authorizationPolicies != null)
            {
                authContext = AuthorizationContext.CreateDefaultAuthorizationContext(authorizationPolicies);
            }

            if (authContext != null && authContext.ClaimSets.Count != 0)
            {
                DataContractSerializer identitySerializer = DataContractSerializerDefaults.CreateSerializer(typeof(IIdentity), _knownTypes, int.MaxValue);
                DataContractSerializer claimSetSerializer = DataContractSerializerDefaults.CreateSerializer(typeof(ClaimSet), _knownTypes, int.MaxValue);
                DataContractSerializer claimSerializer    = DataContractSerializerDefaults.CreateSerializer(typeof(Claim), _knownTypes, int.MaxValue);
                SctClaimSerializer.SerializeIdentities(authContext, dictionary, writer, identitySerializer);

                writer.WriteStartElement(dictionary.ClaimSets, dictionary.EmptyString);
                for (int i = 0; i < authContext.ClaimSets.Count; i++)
                {
                    SctClaimSerializer.SerializeClaimSet(authContext.ClaimSets[i], dictionary, writer, claimSetSerializer, claimSerializer);
                }
                writer.WriteEndElement();
            }

            writer.WriteEndElement();
            writer.Flush();

            byte[] serializedContext = stream.ToArray();
            return(_securityStateEncoder.EncodeSecurityState(serializedContext));
        }