protected override Saml2Conditions ReadConditions(XmlReader reader)
{
CustomTextTraceSource ts = new CustomTextTraceSource("CommercialVehicleCollisionWebservice.CustomSaml2SecurityTokenHandler.ReadConditions",
"MyTraceSource", SourceLevels.Information);
Saml2Conditions conditions2 = null;
if (reader == null)
{
throw new ArgumentNullException("reader");
}
if (!reader.IsStartElement("Conditions", "urn:oasis:names:tc:SAML:2.0:assertion"))
{
reader.ReadStartElement("Conditions", "urn:oasis:names:tc:SAML:2.0:assertion");
}
try
{
Saml2ConditionsDelegateWrapper conditions = new Saml2ConditionsDelegateWrapper();
bool isEmptyElement = reader.IsEmptyElement;
XmlUtil.ValidateXsiType(reader, "ConditionsType", "urn:oasis:names:tc:SAML:2.0:assertion", false);
string attribute = reader.GetAttribute("NotBefore");
if (!string.IsNullOrEmpty(attribute))
{
conditions.NotBefore = new DateTime?(XmlConvert.ToDateTime(attribute, DateTimeFormats.Accepted));
}
attribute = reader.GetAttribute("NotOnOrAfter");
if (!string.IsNullOrEmpty(attribute))
{
conditions.NotOnOrAfter = new DateTime?(XmlConvert.ToDateTime(attribute, DateTimeFormats.Accepted));
}
reader.ReadStartElement();
if (!isEmptyElement)
{
while (reader.IsStartElement())
{
if (reader.IsStartElement("Condition", "urn:oasis:names:tc:SAML:2.0:assertion"))
{
XmlQualifiedName xsiType = XmlUtil.GetXsiType(reader);
if ((null == xsiType) || XmlUtil.EqualsQName(xsiType, "ConditionAbstractType", "urn:oasis:names:tc:SAML:2.0:assertion"))
{
string errorMsg = string.Format("An abstract element was encountered which does not specify its concrete type. "
+ "Element name: '{0}' Element namespace: '{1}'", reader.LocalName, reader.NamespaceURI);
throw DiagnosticUtil.ThrowHelperXml(reader, errorMsg);
}
reader.ReadStartElement("Condition", "urn:oasis:names:tc:SAML:2.0:assertion");
conditions.Delegates = ReadDelegates(reader);
reader.ReadEndElement();
/////////////////////////////////
// Need to investigate why this is disabled!!!!!
// This looks like it is invalid here
//if (EqualsQName(xsiType, "AudienceRestrictionType", "urn:oasis:names:tc:SAML:2.0:assertion"))
//{
// conditions.AudienceRestrictions.Add(this.ReadAudienceRestriction(reader));
//}
//else if (EqualsQName(xsiType, "OneTimeUseType", "urn:oasis:names:tc:SAML:2.0:assertion"))
//{
// if (conditions.OneTimeUse)
// {
// throw new InvalidOperationException("ID4115: OneTimeUse");
// }
// ReadEmptyContentElement(reader);
// conditions.OneTimeUse = true;
//}
//else
//{
// if (!EqualsQName(xsiType, "ProxyRestrictionType", "urn:oasis:names:tc:SAML:2.0:assertion"))
// {
// throw new InvalidOperationException("ID4113");
// }
// if (conditions.ProxyRestriction != null)
// {
// throw new InvalidOperationException("ID4115: ProxyRestriction");
// }
// conditions.ProxyRestriction = this.ReadProxyRestriction(reader);
//}
////////////////////////////////////
}
else if (reader.IsStartElement("AudienceRestriction", "urn:oasis:names:tc:SAML:2.0:assertion"))
{
XmlQualifiedName xsiType = XmlUtil.GetXsiType(reader);
conditions.AudienceRestrictions.Add(this.ReadAudienceRestriction(reader));
}
else
{
//if (reader.IsStartElement("OneTimeUse", "urn:oasis:names:tc:SAML:2.0:assertion"))
//{
// if (conditions.OneTimeUse)
// {
// throw DiagnosticUtil.ExceptionUtil.ThrowHelperXml(reader, "A <saml:Conditions> element contained more than one OneTimeUse condition.");
// }
// ReadEmptyContentElement(reader);
// conditions.OneTimeUse = true;
// continue;
//}
if (!reader.IsStartElement("ProxyRestriction", "urn:oasis:names:tc:SAML:2.0:assertion"))
{
break;
}
if (conditions.ProxyRestriction != null)
{
throw DiagnosticUtil.ThrowHelperXml(reader, "A <saml:Conditions> element contained more than one ProxyRestriction condition.");
}
conditions.ProxyRestriction = this.ReadProxyRestriction(reader);
}
}
reader.ReadEndElement();
}
conditions2 = conditions;
}
catch (Exception exception)
{
Exception exception2 = DiagnosticUtil.TryWrapReadException(reader, exception);
if (exception2 == null)
{
throw;
}
throw exception2;
}
return conditions2;
}
protected override Saml2Conditions CreateConditions(Microsoft.IdentityModel.Protocols.WSTrust.Lifetime tokenLifetime,
string relyingPartyAddress, SecurityTokenDescriptor tokenDescriptor)
{
if (null == tokenLifetime && !string.IsNullOrEmpty(relyingPartyAddress))
{
return null;
}
Saml2ConditionsDelegateWrapper conditions = new Saml2ConditionsDelegateWrapper();
conditions.NotBefore = tokenLifetime.Created;
conditions.NotOnOrAfter = tokenLifetime.Expires;
// GFIPM S2S 8.8.2.6.a
string relyingPartyEntityID = _trustFabric.GetWspEntityIdFromEndpointAddress(relyingPartyAddress);
// Make sure that the entity id is present in the <microsoft.identityModel><service><audienceUris> collection in the
// WSP configuration file
conditions.AudienceRestrictions.Add(new Saml2AudienceRestriction(new Uri(relyingPartyEntityID, UriKind.RelativeOrAbsolute)));
// check if the actors are set in the subject and create the delegates from the actors
IClaimsIdentity currentDelegate = tokenDescriptor.Subject.Actor;
List<DelegateType> delegates = new List<DelegateType>();
while (currentDelegate != null)
{
DelegateType delegateType = CreateDelegate(currentDelegate.Claims[0].Value, currentDelegate.Claims[1].Value);
delegates.Add(delegateType);
// most recent delegate, synchronize token creation and delegationInstant
if (currentDelegate.Actor == null)
{
if (conditions.NotBefore.HasValue)
{
delegateType.DelegationInstant = conditions.NotBefore.Value;
}
}
currentDelegate = currentDelegate.Actor;
}
DelegationRestrictionType delegate1 = new DelegationRestrictionType();
delegate1.Delegate = delegates.ToArray();
conditions.Delegates = delegate1;
return conditions;
}
