public SecurityContextSecurityToken CreateSecurityContextFromCookie(byte[] encodedCookie, UniqueId contextId, UniqueId generation, string id, XmlDictionaryReaderQuotas quotas)
{
byte[] cookie = null;
try
{
cookie = this.securityStateEncoder.DecodeSecurityState(encodedCookie);
}
catch (Exception e)
{
if (Fx.IsFatal(e))
{
throw;
}
OnInvalidCookieFailure(SR.Format(SR.SctCookieBlobDecodeFailure), e);
}
SecurityContextSecurityToken sct = DeserializeContext(cookie, encodedCookie, id, quotas);
if (sct.ContextId != contextId)
{
OnInvalidCookieFailure(SR.Format(SR.SctCookieValueMissingOrIncorrect, nameof(contextId)));
}
if (sct.KeyGeneration != generation)
{
OnInvalidCookieFailure(SR.Format(SR.SctCookieValueMissingOrIncorrect, nameof(sct.KeyGeneration)));
}
return(sct);
}
internal SecurityContextSecurityToken(SecurityContextSecurityToken sourceToken, string id, byte[] key, UniqueId keyGeneration, DateTime keyEffectiveTime, DateTime keyExpirationTime, ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies)
: base()
{
_id = id;
Initialize(sourceToken.ContextId, key, sourceToken.ValidFrom, sourceToken.ValidTo, authorizationPolicies, sourceToken.IsCookieMode, keyGeneration, keyEffectiveTime, keyExpirationTime);
CookieBlob = sourceToken.CookieBlob;
BootstrapMessageProperty = (sourceToken.BootstrapMessageProperty == null) ? null : (SecurityMessageProperty)sourceToken.BootstrapMessageProperty.CreateCopy();
}
private SecurityContextSecurityToken(SecurityContextSecurityToken from)
{
ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies = SecurityUtils.CloneAuthorizationPoliciesIfNecessary(from._authorizationPolicies);
_id = from._id;
Initialize(from.ContextId, from._key, from._tokenEffectiveTime, from._tokenExpirationTime, authorizationPolicies, from.IsCookieMode, from.KeyGeneration, from.KeyEffectiveTime, from.KeyExpirationTime);
CookieBlob = from.CookieBlob;
BootstrapMessageProperty = (from.BootstrapMessageProperty == null) ? null : (SecurityMessageProperty)from.BootstrapMessageProperty.CreateCopy();
}
protected override ValueTask <ReadOnlyCollection <IAuthorizationPolicy> > ValidateTokenCoreAsync(SecurityToken token)
{
SecurityContextSecurityToken sct = (SecurityContextSecurityToken)token;
if (!IsTimeValid(sct))
{
ThrowExpiredContextFaultException(sct.ContextId, sct);
}
return(new ValueTask <ReadOnlyCollection <IAuthorizationPolicy> >(sct.AuthorizationPolicies));
}
protected override ReadOnlyCollection <IAuthorizationPolicy> ValidateTokenCore(SecurityToken token)
{
SecurityContextSecurityToken sct = (SecurityContextSecurityToken)token;
if (!IsTimeValid(sct))
{
this.ThrowExpiredContextFaultException(sct.ContextId, sct);
}
return(sct.AuthorizationPolicies);
}
private bool IsTimeValid(SecurityContextSecurityToken sct)
{
DateTime utcNow = DateTime.UtcNow;
return(sct.ValidFrom <= utcNow && sct.ValidTo >= utcNow && sct.KeyEffectiveTime <= utcNow);
}
private void ThrowExpiredContextFaultException(UniqueId contextId, SecurityContextSecurityToken sct)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new Exception(SR.Format(SR.SecurityContextExpired, contextId, sct.KeyGeneration == null ? "none" : sct.KeyGeneration.ToString())));
}
public void UpdateContextCachingTime(SecurityContextSecurityToken context, DateTime expirationTime)
{
this.tokenCache.UpdateContextCachingTime(context, expirationTime);
}
public bool TryAddContext(SecurityContextSecurityToken token)
{
return(this.tokenCache.TryAddContext(token));
}
public void AddContext(SecurityContextSecurityToken token)
{
this.tokenCache.AddContext(token);
}
internal SecurityContextSecurityToken(SecurityContextSecurityToken sourceToken, string id)
: this(sourceToken, id, sourceToken._key, sourceToken.KeyGeneration, sourceToken.KeyEffectiveTime, sourceToken.KeyExpirationTime, sourceToken.AuthorizationPolicies)
{
}
