public override object Process(object input, SignatureResourcePool resourcePool, DictionaryManager dictionaryManager) { XmlTokenStream tokenStream = input as XmlTokenStream; if (tokenStream != null) { tokenStream.SetElementExclusion(XmlSignatureStrings.Signature, XmlSignatureStrings.Namespace); return(tokenStream); } WrappedReader reader = input as WrappedReader; if (reader != null) { // The Enveloped Signature Transform is supposed to remove the // Signature which encloses the transform element. Previous versions // of this code stripped out all Signature elements at any depth, // which did not allow nested signed structures. By specifying '1' // as the depth, we narrow our range of support so that we require // that the enveloped signature be a direct child of the element // being signed. reader.XmlTokens.SetElementExclusion(XmlSignatureConstants.Elements.Signature, XmlSignatureConstants.Namespace, 1); return(reader); } throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.UnsupportedInputTypeForTransform, input.GetType()))); }
// This constructor is used by the Trim method to reduce the size of the XmlTokenEntry array to the minimum required. public XmlTokenStream(XmlTokenStream other) { this.count = other.count; this.excludedElement = other.excludedElement; this.excludedElementDepth = other.excludedElementDepth; this.excludedElementNamespace = other.excludedElementNamespace; this.entries = new XmlTokenEntry[this.count]; Array.Copy(other.entries, this.entries, this.count); }
public override object Process(object input, SignatureResourcePool resourcePool, DictionaryManager dictionaryManager) { XmlTokenStream stream = input as XmlTokenStream; if (stream == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(System.IdentityModel.SR.GetString("UnsupportedInputTypeForTransform", new object[] { input.GetType() }))); } stream.SetElementExclusion("Signature", "http://www.w3.org/2000/09/xmldsig#"); return(stream); }
public WrappedReader(XmlDictionaryReader reader) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } if (!reader.IsStartElement()) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.InnerReaderMustBeAtElement))); } this.xmlTokens = new XmlTokenStream(32); base.InitializeInnerReader(reader); Record(); }
public WrappedReader(XmlDictionaryReader reader) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } if (!reader.IsStartElement()) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.InnerReaderMustBeAtElement))); } this.xmlTokens = new XmlTokenStream(32); base.InitializeInnerReader(reader); Record(); }
public WrappedReader(XmlDictionaryReader reader) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader")); } if (!reader.IsStartElement()) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.IdentityModel.SR.GetString("InnerReaderMustBeAtElement"))); } this.xmlTokens = new XmlTokenStream(0x20); this.reader = reader; this.Record(); }
public WrappedReader(XmlDictionaryReader reader) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader")); } if (!reader.IsStartElement()) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.IdentityModel.SR.GetString("InnerReaderMustBeAtElement"))); } this.xmlTokens = new XmlTokenStream(0x20); this.reader = reader; this.Record(); }
// This constructor is used by the Trim method to reduce the size of the XmlTokenEntry array to the minimum required. public XmlTokenStream(XmlTokenStream other) { this.count = other.count; this.excludedElement = other.excludedElement; this.excludedElementDepth = other.excludedElementDepth; this.excludedElementNamespace = other.excludedElementNamespace; this.entries = new XmlTokenEntry[this.count]; Array.Copy(other.entries, this.entries, this.count); }
public virtual void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver) { if (reader == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("ReadXml")); if (samlSerializer == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer")); XmlDictionaryReader dictionaryReader = XmlDictionaryReader.CreateDictionaryReader(reader); WrappedReader wrappedReader = new WrappedReader(dictionaryReader); #pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null. SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary; if (!wrappedReader.IsStartElement(dictionary.Assertion, dictionary.Namespace)) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLElementNotRecognized, wrappedReader.LocalName))); string attributeValue = wrappedReader.GetAttribute(dictionary.MajorVersion, null); if (string.IsNullOrEmpty(attributeValue)) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAssertionMissingMajorVersionAttributeOnRead))); int majorVersion = Int32.Parse(attributeValue, CultureInfo.InvariantCulture); attributeValue = wrappedReader.GetAttribute(dictionary.MinorVersion, null); if (string.IsNullOrEmpty(attributeValue)) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAssertionMissingMinorVersionAttributeOnRead))); int minorVersion = Int32.Parse(attributeValue, CultureInfo.InvariantCulture); if ((majorVersion != SamlConstants.MajorVersionValue) || (minorVersion != SamlConstants.MinorVersionValue)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLTokenVersionNotSupported, majorVersion, minorVersion, SamlConstants.MajorVersionValue, SamlConstants.MinorVersionValue))); } attributeValue = wrappedReader.GetAttribute(dictionary.AssertionId, null); if (string.IsNullOrEmpty(attributeValue)) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAssertionIdRequired))); if (!IsAssertionIdValid(attributeValue)) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAssertionIDIsInvalid, attributeValue))); this.assertionId = attributeValue; attributeValue = wrappedReader.GetAttribute(dictionary.Issuer, null); if (string.IsNullOrEmpty(attributeValue)) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAssertionMissingIssuerAttributeOnRead))); this.issuer = attributeValue; attributeValue = wrappedReader.GetAttribute(dictionary.IssueInstant, null); if (!string.IsNullOrEmpty(attributeValue)) this.issueInstant = DateTime.ParseExact( attributeValue, SamlConstants.AcceptedDateTimeFormats, DateTimeFormatInfo.InvariantInfo, DateTimeStyles.None).ToUniversalTime(); wrappedReader.MoveToContent(); wrappedReader.Read(); if (wrappedReader.IsStartElement(dictionary.Conditions, dictionary.Namespace)) { this.conditions = samlSerializer.LoadConditions(wrappedReader, keyInfoSerializer, outOfBandTokenResolver); if (this.conditions == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLUnableToLoadCondtions))); } if (wrappedReader.IsStartElement(dictionary.Advice, dictionary.Namespace)) { this.advice = samlSerializer.LoadAdvice(wrappedReader, keyInfoSerializer, outOfBandTokenResolver); if (this.advice == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLUnableToLoadAdvice))); } while (wrappedReader.IsStartElement()) { #pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null. if (wrappedReader.IsStartElement(samlSerializer.DictionaryManager.XmlSignatureDictionary.Signature, samlSerializer.DictionaryManager.XmlSignatureDictionary.Namespace)) { break; } else { SamlStatement statement = samlSerializer.LoadStatement(wrappedReader, keyInfoSerializer, outOfBandTokenResolver); if (statement == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLUnableToLoadStatement))); this.statements.Add(statement); } } if (this.statements.Count == 0) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAssertionRequireOneStatementOnRead))); if (wrappedReader.IsStartElement(samlSerializer.DictionaryManager.XmlSignatureDictionary.Signature, samlSerializer.DictionaryManager.XmlSignatureDictionary.Namespace)) this.ReadSignature(wrappedReader, keyInfoSerializer, outOfBandTokenResolver, samlSerializer); wrappedReader.MoveToContent(); wrappedReader.ReadEndElement(); this.tokenStream = wrappedReader.XmlTokens; if (this.signature != null) { VerifySignature(this.signature, this.verificationKey); } BuildCryptoList(); }
/// <summary> /// Captures the XML source data from an EnvelopedSignatureReader. /// </summary> /// <remarks> /// The EnvelopedSignatureReader that was used to read the data for this /// assertion should be passed to this method after the </Assertion> /// element has been read. This method will preserve the raw XML data /// that was read, including the signature, so that it may be re-emitted /// without changes and without the need to re-sign the data. See /// CanWriteSourceData and WriteSourceData. /// </remarks> /// <param name="reader"></param> internal virtual void CaptureSourceData(EnvelopedSignatureReader reader) { if (null == reader) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } this.sourceData = reader.XmlTokens; }
public XmlTokenStreamWriter(XmlTokenStream.XmlTokenEntry[] entries, int count, string excludedElement, int? excludedElementDepth, string excludedElementNamespace) { if (entries == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("entries"); } this.entries = entries; this.count = count; this.excludedElement = excludedElement; this.excludedElementDepth = excludedElementDepth; this.excludedElementNamespace = excludedElementNamespace; }
public virtual void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("ReadXml")); } if (samlSerializer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer")); } WrappedReader reader3 = new WrappedReader(XmlDictionaryReader.CreateDictionaryReader(reader)); SamlDictionary samlDictionary = samlSerializer.DictionaryManager.SamlDictionary; if (!reader3.IsStartElement(samlDictionary.Assertion, samlDictionary.Namespace)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLElementNotRecognized", new object[] { reader3.LocalName }))); } string attribute = reader3.GetAttribute(samlDictionary.MajorVersion, null); if (string.IsNullOrEmpty(attribute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAssertionMissingMajorVersionAttributeOnRead"))); } int num = int.Parse(attribute, CultureInfo.InvariantCulture); attribute = reader3.GetAttribute(samlDictionary.MinorVersion, null); if (string.IsNullOrEmpty(attribute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAssertionMissingMinorVersionAttributeOnRead"))); } int num2 = int.Parse(attribute, CultureInfo.InvariantCulture); if ((num != SamlConstants.MajorVersionValue) || (num2 != SamlConstants.MinorVersionValue)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLTokenVersionNotSupported", new object[] { num, num2, SamlConstants.MajorVersionValue, SamlConstants.MinorVersionValue }))); } attribute = reader3.GetAttribute(samlDictionary.AssertionId, null); if (string.IsNullOrEmpty(attribute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAssertionIdRequired"))); } if (!this.IsAssertionIdValid(attribute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAssertionIDIsInvalid", new object[] { attribute }))); } this.assertionId = attribute; attribute = reader3.GetAttribute(samlDictionary.Issuer, null); if (string.IsNullOrEmpty(attribute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAssertionMissingIssuerAttributeOnRead"))); } this.issuer = attribute; attribute = reader3.GetAttribute(samlDictionary.IssueInstant, null); if (!string.IsNullOrEmpty(attribute)) { this.issueInstant = DateTime.ParseExact(attribute, SamlConstants.AcceptedDateTimeFormats, DateTimeFormatInfo.InvariantInfo, DateTimeStyles.None).ToUniversalTime(); } reader3.MoveToContent(); reader3.Read(); if (reader3.IsStartElement(samlDictionary.Conditions, samlDictionary.Namespace)) { this.conditions = samlSerializer.LoadConditions(reader3, keyInfoSerializer, outOfBandTokenResolver); if (this.conditions == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLUnableToLoadCondtions"))); } } if (reader3.IsStartElement(samlDictionary.Advice, samlDictionary.Namespace)) { this.advice = samlSerializer.LoadAdvice(reader3, keyInfoSerializer, outOfBandTokenResolver); if (this.advice == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLUnableToLoadAdvice"))); } } while (reader3.IsStartElement()) { if (reader3.IsStartElement(samlSerializer.DictionaryManager.XmlSignatureDictionary.Signature, samlSerializer.DictionaryManager.XmlSignatureDictionary.Namespace)) { break; } SamlStatement item = samlSerializer.LoadStatement(reader3, keyInfoSerializer, outOfBandTokenResolver); if (item == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLUnableToLoadStatement"))); } this.statements.Add(item); } if (this.statements.Count == 0) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAssertionRequireOneStatementOnRead"))); } if (reader3.IsStartElement(samlSerializer.DictionaryManager.XmlSignatureDictionary.Signature, samlSerializer.DictionaryManager.XmlSignatureDictionary.Namespace)) { this.ReadSignature(reader3, keyInfoSerializer, outOfBandTokenResolver, samlSerializer); } reader3.MoveToContent(); reader3.ReadEndElement(); this.tokenStream = reader3.XmlTokens; if (this.signature != null) { this.VerifySignature(this.signature, this.verificationKey); } this.BuildCryptoList(); }