Beispiel #1
0
        /// <summary>
        /// Converts the token to its string representation, including packing, compressing, encrypting,
        /// and digitally signing the token's contents and encoding to a web-safe Base64 variant.
        /// </summary>
        public override string ToString()
        {
            SecurityTokenFlags Flags = SecurityTokenFlags.None;

            // Pack the key/value pairs in the dictionary into a single byte array, each
            // value being encoded in UTF-8 (full Unicode support, with efficient storage
            // for US-ASCII data).  Note that each string is limited to 65535 chars, to
            // save the extra 4 bytes per pair for encoding the extra zeros for a 32-bit
            // value, considering that any value that large is excessive for the intended
            // application.
            List <byte> InnerPayload = new List <byte>();

            foreach (string S in Data.Keys.OrderBy(K => K).SelectMany(K => new string[] { K, Data[K] }))
            {
                byte[] StrBytes = Encoding.UTF8.GetBytes(S);
                if (StrBytes.Length > UInt16.MaxValue)
                {
                    throw new SecurityTokenException("Each key/value in a " + typeof(SecurityToken).Name + " cannot "
                                                     + "exceed " + UInt16.MaxValue.ToString() + " bytes in UTF-8 representation.");
                }
                InnerPayload.AddRange(BitConverter.GetBytes((UInt16)StrBytes.Length).EndianFlip());
                InnerPayload.AddRange(StrBytes);
            }

            // If an expiration date is set and the value is valid, set the expiration flag and
            // encode an expiration date at the end of the payload.  Expiration date is encoded
            // as a 32-bit unsigned Unix date with second precision, for simplicity.
            if ((Expires < DateTime.MaxValue) && (Expires >= Epoch))
            {
                Flags |= SecurityTokenFlags.ExpireDate;
                InnerPayload.AddRange(BitConverter.GetBytes((UInt32)(Expires - Epoch).TotalSeconds).EndianFlip());
            }

            // Automatically attempt to compress the payload.  If the payload successfully compresses to a
            // smaller size than the original, set the compression flag and use the compressed payload.
            // This may make the encoded token at least look a little smaller, though compression ratios
            // will be unimpressive on data this small.  Note that compression is done before adding the
            // validation HMAC, as (1) HMAC data doesn't compress well, and (2) we want to be able to validate
            // the compressed payload before attempting to engage the decompressor on the other side, as piping
            // untrusted data into a decompressor may be a security or DoS risk.
            List <byte> PackedPayload = InnerPayload.DeflateCompress(Ionic.Zlib.CompressionLevel.BestCompression).ToList();

            if (PackedPayload.Count < InnerPayload.Count)
            {
                InnerPayload = PackedPayload;
                Flags       |= SecurityTokenFlags.Deflated;
            }

            // Encrypt the inner payload with the same key as used for signing.  Try to use CTS, if the data
            // is long enough, as it doesn't add any overhead, but fall back on CBC w/ PKCS7 padding for very
            // short messages.
            SymmetricAlgorithm Alg = CreateCipher(Key);

            if (InnerPayload.Count >= (Alg.BlockSize / 8))
            {
                InnerPayload = Alg.CTSEncrypt(InnerPayload.ToArray()).ToList();
                Flags       |= SecurityTokenFlags.EncryptedCTS;
            }
            else
            {
                InnerPayload = Alg.CBCEncrypt(InnerPayload.ToArray()).ToList();
                Flags       |= SecurityTokenFlags.EncryptedCBC;
            }

            // Reverse the encrypted content and re-encrypt it, to cause any plaintext change to propagate
            // to every bit of output.  This should theoretically provide at least a little hardening against
            // a chosen-plaintext attack.  We can always use CTS mode here, as the content at this point is
            // guaranteed to be long enough for CTS mode (a previous CBC encryption would have expanded it).
            InnerPayload.Reverse();
            InnerPayload = Alg.CTSEncrypt(InnerPayload.ToArray()).ToList();

            // Concatenate the message flags, content, and validation HMAC and return the result encoded
            // in a format appropriate for use in a URL QueryString.
            List <byte> Final = new List <byte>();

            Final.Add((byte)Flags);
            Final.AddRange(InnerPayload);
            Final.AddRange(Final.ToArray().GetHMACSHA1Bytes(Key));
            return(Final.ToArray().Base64WebSafeEncode());
        }