public override void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
if (samlSerializer == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
#pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null.
SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary;
if (!reader.IsStartElement(dictionary.DoNotCacheCondition, dictionary.Namespace))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLBadSchema, dictionary.DoNotCacheCondition.Value)));
// saml:DoNotCacheCondition is a empty element. So just issue a read for
// the empty element.
if (reader.IsEmptyElement)
{
reader.MoveToContent();
reader.Read();
return;
}
reader.MoveToContent();
reader.Read();
reader.ReadEndElement();
}
protected override System.IdentityModel.Tokens.SecurityToken ReadTokenCore( XmlReader reader, SecurityTokenResolver tokenResolver )
{
if ( reader == null )
throw new ArgumentNullException( "reader" );
if ( reader.IsStartElement( Constants.UsernameTokenName, Constants.UsernameTokenNamespace ) )
{
//string id = reader.GetAttribute( Constants.IdAttributeName, Constants.WsUtilityNamespace );
reader.ReadStartElement();
// read the user name
string userName = reader.ReadElementString( Constants.UsernameElementName, Constants.UsernameTokenNamespace );
// read the password hash
string password = reader.ReadElementString( Constants.PasswordElementName, Constants.UsernameTokenNamespace );
// read nonce
string nonce = reader.ReadElementString( Constants.NonceElementName, Constants.UsernameTokenNamespace );
// read created
string created = reader.ReadElementString( Constants.CreatedElementName, Constants.WsUtilityNamespace );
reader.ReadEndElement();
var info = new Info( userName, password );
return new SecurityToken( info, nonce, created );
}
return DefaultInstance.ReadToken( reader, tokenResolver );
}
public override void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
}
if (samlSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
}
SamlDictionary samlDictionary = samlSerializer.DictionaryManager.SamlDictionary;
if (!reader.IsStartElement(samlDictionary.DoNotCacheCondition, samlDictionary.Namespace))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLBadSchema", new object[] { samlDictionary.DoNotCacheCondition.Value })));
}
if (reader.IsEmptyElement)
{
reader.MoveToContent();
reader.Read();
}
else
{
reader.MoveToContent();
reader.Read();
reader.ReadEndElement();
}
}
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator (
SecurityTokenRequirement requirement,
out SecurityTokenResolver outOfBandTokenResolver)
{
outOfBandTokenResolver = null;
if (requirement.TokenType == SecurityTokenTypes.UserName)
return CreateUserNameAuthenticator (requirement);
if (requirement.TokenType == SecurityTokenTypes.X509Certificate)
return CreateX509Authenticator (requirement);
if (requirement.TokenType == SecurityTokenTypes.Rsa)
return new RsaSecurityTokenAuthenticator ();
if (requirement.TokenType == ServiceModelSecurityTokenTypes.SecureConversation) {
// FIXME: get parameters from somewhere
SecurityContextSecurityTokenResolver resolver =
new SecurityContextSecurityTokenResolver (0x1000, true);
outOfBandTokenResolver = resolver;
SecurityContextSecurityTokenAuthenticator sc =
new SecurityContextSecurityTokenAuthenticator ();
return new SecureConversationSecurityTokenAuthenticator (requirement, sc, resolver);
}
if (requirement.TokenType == ServiceModelSecurityTokenTypes.AnonymousSslnego)
return CreateSslTokenAuthenticator (requirement);
if (requirement.TokenType == ServiceModelSecurityTokenTypes.MutualSslnego)
return CreateSslTokenAuthenticator (requirement);
if (requirement.TokenType == ServiceModelSecurityTokenTypes.Spnego)
return CreateSpnegoTokenAuthenticator (requirement);
else
throw new NotImplementedException ("Not implemented token type: " + requirement.TokenType);
}
public virtual void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
if (samlSerializer == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
#pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null.
SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary;
if (reader.IsStartElement(dictionary.Action, dictionary.Namespace))
{
// The Namespace attribute is optional.
this.ns = reader.GetAttribute(dictionary.ActionNamespaceAttribute, null);
reader.MoveToContent();
this.action = reader.ReadString();
if (string.IsNullOrEmpty(this.action))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLActionNameRequiredOnRead)));
reader.MoveToContent();
reader.ReadEndElement();
}
}
protected override SecurityToken ReadTokenCore(XmlReader reader, SecurityTokenResolver tokenResolver)
{
if (reader == null) throw new ArgumentNullException("reader");
if (reader.IsStartElement(Constants.CreditCardTokenName, Constants.CreditCardTokenNamespace))
{
string id = reader.GetAttribute(Constants.Id, Constants.WsUtilityNamespace);
reader.ReadStartElement();
// read the credit card number
string creditCardNumber = reader.ReadElementString(Constants.CreditCardNumberElementName, Constants.CreditCardTokenNamespace);
// read the expiration date
string expirationTimeString = reader.ReadElementString(Constants.CreditCardExpirationElementName, Constants.CreditCardTokenNamespace);
DateTime expirationTime = XmlConvert.ToDateTime(expirationTimeString, XmlDateTimeSerializationMode.Utc);
// read the issuer of the credit card
string creditCardIssuer = reader.ReadElementString(Constants.CreditCardIssuerElementName, Constants.CreditCardTokenNamespace);
reader.ReadEndElement();
CreditCardInfo cardInfo = new CreditCardInfo(creditCardNumber, creditCardIssuer, expirationTime);
return new CreditCardToken(cardInfo, id);
}
else
{
return WSSecurityTokenSerializer.DefaultInstance.ReadToken(reader, tokenResolver);
}
}
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator
(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver)
{
// Return your implementation of the SecurityTokenProvider based on the
// tokenRequirement argument.
SecurityTokenAuthenticator result;
if (tokenRequirement.TokenType == SecurityTokenTypes.UserName)
{
MessageDirection direction = tokenRequirement.GetProperty<MessageDirection>
(ServiceModelSecurityTokenRequirement.MessageDirectionProperty);
if (direction == MessageDirection.Input)
{
outOfBandTokenResolver = null;
result = new MySecurityTokenAuthenticator();
}
else
{
result = base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver);
}
}
else
{
result = base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver);
}
return result;
}
public virtual SamlStatement LoadStatement(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
if (reader.IsStartElement(this.DictionaryManager.SamlDictionary.AuthenticationStatement, this.DictionaryManager.SamlDictionary.Namespace))
{
SamlAuthenticationStatement statement = new SamlAuthenticationStatement();
statement.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return statement;
}
if (reader.IsStartElement(this.DictionaryManager.SamlDictionary.AttributeStatement, this.DictionaryManager.SamlDictionary.Namespace))
{
SamlAttributeStatement statement2 = new SamlAttributeStatement();
statement2.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return statement2;
}
if (!reader.IsStartElement(this.DictionaryManager.SamlDictionary.AuthorizationDecisionStatement, this.DictionaryManager.SamlDictionary.Namespace))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(System.IdentityModel.SR.GetString("SAMLUnableToLoadUnknownElement", new object[] { reader.LocalName })));
}
SamlAuthorizationDecisionStatement statement3 = new SamlAuthorizationDecisionStatement();
statement3.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return statement3;
}
/// <summary>
/// Creates a security token authenticator based on the <see cref="T:System.IdentityModel.Selectors.SecurityTokenRequirement"/>.
/// </summary>
/// <param name="tokenRequirement">The <see cref="T:System.IdentityModel.Selectors.SecurityTokenRequirement"/>.</param>
/// <param name="outOfBandTokenResolver">When this method returns, contains a <see cref="T:System.IdentityModel.Selectors.SecurityTokenResolver"/>. This parameter is passed uninitialized.</param>
/// <returns>
/// The <see cref="T:System.IdentityModel.Selectors.SecurityTokenAuthenticator"/>.
/// </returns>
/// <exception cref="T:System.ArgumentNullException">
/// <paramref name="tokenRequirement"/> is null.</exception>
/// <exception cref="T:System.NotSupportedException">A security token authenticator cannot be created for the<paramref name=" tokenRequirement"/> that was passed in.</exception>
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(
SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver)
{
if (tokenRequirement.TokenType == SecurityTokenTypes.UserName)
{
outOfBandTokenResolver = null;
// Get the current validator
UserNamePasswordValidator validator = ServiceCredentials.UserNameAuthentication.CustomUserNamePasswordValidator;
// Ensure that a validator exists
if (validator == null)
{
Trace.TraceWarning("Custom UserName Password Validator must be configued in web.config");
validator = new DefaultPersonnelValidator();
}
return new PersonnelUserNameTokenAuthenticator(validator);
}
// Return your implementation of the SecurityTokenAuthenticator, if required.
// This implementation delegates to the base class.
return base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver);
}
public SecurityToken ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
return ReadTokenCore(reader, tokenResolver);
}
public virtual void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
string str2;
string str3;
if (reader == null)
{
throw System.IdentityModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
}
if (samlSerializer == null)
{
throw System.IdentityModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
}
SamlDictionary samlDictionary = samlSerializer.DictionaryManager.SamlDictionary;
string attribute = reader.GetAttribute(samlDictionary.AuthorityKind, null);
if (string.IsNullOrEmpty(attribute))
{
throw System.IdentityModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorityBindingMissingAuthorityKindOnRead")));
}
string[] strArray = attribute.Split(new char[] { ':' });
if (strArray.Length > 2)
{
throw System.IdentityModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorityBindingInvalidAuthorityKind")));
}
if (strArray.Length == 2)
{
str3 = strArray[0];
str2 = strArray[1];
}
else
{
str3 = string.Empty;
str2 = strArray[0];
}
string ns = reader.LookupNamespace(str3);
this.authorityKind = new XmlQualifiedName(str2, ns);
this.binding = reader.GetAttribute(samlDictionary.Binding, null);
if (string.IsNullOrEmpty(this.binding))
{
throw System.IdentityModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorityBindingMissingBindingOnRead")));
}
this.location = reader.GetAttribute(samlDictionary.Location, null);
if (string.IsNullOrEmpty(this.location))
{
throw System.IdentityModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorityBindingMissingLocationOnRead")));
}
if (reader.IsEmptyElement)
{
reader.MoveToContent();
reader.Read();
}
else
{
reader.MoveToContent();
reader.Read();
reader.ReadEndElement();
}
}
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver)
{
if (tokenRequirement.TokenType == CreditCardTokenConstants.CreditCardTokenType)
{
outOfBandTokenResolver = null;
return new CreditCardTokenAuthenticator(creditCardServiceCredentials.ValidCreditCards);
}
return base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver);
}
/// <summary>
/// Creates an instance of IssuerTokenResolver using a given <see cref="SecurityTokenResolver"/>.
/// </summary>
/// <param name="wrappedTokenResolver">The <see cref="SecurityTokenResolver"/> to use.</param>
public IssuerTokenResolver( SecurityTokenResolver wrappedTokenResolver )
{
if ( wrappedTokenResolver == null )
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "wrappedTokenResolver" );
}
_wrappedTokenResolver = wrappedTokenResolver;
}
/// <summary>
/// Constructor to use when working with SecurityKeyIdentifiers
/// </summary>
/// <param name="securityKeyIdentifier">SecurityKeyIdentifier that represents a SecuriytKey</param>
/// <param name="securityTokenResolver">SecurityTokenResolver that can be resolved to a SecurityKey</param>
/// <exception cref="ArgumentNullException">Thrown if the 'securityKeyIdentifier' is null</exception>
public SecurityKeyElement(SecurityKeyIdentifier securityKeyIdentifier, SecurityTokenResolver securityTokenResolver)
{
if (securityKeyIdentifier == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityKeyIdentifier");
}
Initialize(securityKeyIdentifier, securityTokenResolver);
}
protected override SecurityToken ReadTokenCore(XmlReader reader, SecurityTokenResolver tokenResolver)
{
var securityToken = serializer.ReadToken(reader, tokenResolver);
if (securityToken is Saml2SecurityToken)
{
var saml2Token = (Saml2SecurityToken)securityToken;
return new OIOSaml2SecurityToken(saml2Token.Assertion, saml2Token.SecurityKeys, saml2Token.IssuerToken);
}
return securityToken;
}
public override System.IdentityModel.Selectors.SecurityTokenAuthenticator CreateSecurityTokenAuthenticator( SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver )
{
if ( tokenRequirement.TokenType == Constants.UsernameTokenType )
{
outOfBandTokenResolver = null;
return new SecurityTokenAuthenticator( _serviceCredentials.Validator );
}
return base.CreateSecurityTokenAuthenticator( tokenRequirement, out outOfBandTokenResolver );
}
public virtual SamlAssertion LoadAssertion(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
SamlAssertion assertion = new SamlAssertion();
assertion.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return assertion;
}
public virtual SamlConditions LoadConditions(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
SamlConditions conditions = new SamlConditions();
conditions.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return conditions;
}
public virtual SamlAdvice LoadAdvice(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
SamlAdvice advice = new SamlAdvice();
advice.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return advice;
}
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver)
{
if (tokenRequirement.TokenType == SecurityTokenTypes.UserName)
{
outOfBandTokenResolver = null;
return new MyTokenAuthenticator();
}
else
{
return base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver);
}
}
public override void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
if (samlSerializer == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
#pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null.
SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary;
reader.MoveToContent();
reader.Read();
if (reader.IsStartElement(dictionary.Subject, dictionary.Namespace))
{
SamlSubject subject = new SamlSubject();
subject.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
base.SamlSubject = subject;
}
else
{
// SAML Subject is a required Attribute Statement clause.
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAttributeStatementMissingSubjectOnRead)));
}
while (reader.IsStartElement())
{
if (reader.IsStartElement(dictionary.Attribute, dictionary.Namespace))
{
// SAML Attribute is a extensibility point. So ask the SAML serializer
// to load this part.
SamlAttribute attribute = samlSerializer.LoadAttribute(reader, keyInfoSerializer, outOfBandTokenResolver);
if (attribute == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLUnableToLoadAttribute)));
this.attributes.Add(attribute);
}
else
{
break;
}
}
if (this.attributes.Count == 0)
{
// Each Attribute statement should have at least one attribute.
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAttributeStatementMissingAttributeOnRead)));
}
reader.MoveToContent();
reader.ReadEndElement();
}
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver)
{
InitiatorServiceModelSecurityTokenRequirement requirement = tokenRequirement as InitiatorServiceModelSecurityTokenRequirement;
if (isDummyServiceToken
&& requirement != null
&& requirement.TokenType == SecurityTokenTypes.X509Certificate
&& requirement.Properties.ContainsKey(SecurityTokenRequirement.KeyUsageProperty) && (requirement.KeyUsage == SecurityKeyUsage.Exchange))
{
outOfBandTokenResolver = null;
return new DummySecurityTokenAuthenticator(requirement.TargetAddress.Uri);
}
return base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver);
}
public void SetSessionTokenAuthenticator(UniqueId sessionId, SecurityTokenAuthenticator sessionTokenAuthenticator, SecurityTokenResolver sessionTokenResolver)
{
this.CommunicationObject.ThrowIfDisposedOrImmutable();
this.sessionId = sessionId;
this.sessionTokenResolver = sessionTokenResolver;
Collection<SecurityTokenResolver> tmp = new Collection<SecurityTokenResolver>();
tmp.Add(this.sessionTokenResolver);
this.sessionTokenResolverList = new ReadOnlyCollection<SecurityTokenResolver>(tmp);
this.sessionTokenAuthenticator = sessionTokenAuthenticator;
SupportingTokenAuthenticatorSpecification spec = new SupportingTokenAuthenticatorSpecification(this.sessionTokenAuthenticator, this.sessionTokenResolver, SecurityTokenAttachmentMode.Endorsing, this.Factory.SecurityTokenParameters);
this.sessionTokenAuthenticatorSpecificationList = new Collection<SupportingTokenAuthenticatorSpecification>();
this.sessionTokenAuthenticatorSpecificationList.Add(spec);
}
private SamlSecurityTokenAuthenticator CreateSamlTokenAuthenticator(RecipientServiceModelSecurityTokenRequirement recipientRequirement, out SecurityTokenResolver outOfBandTokenResolver)
{
SamlSecurityTokenAuthenticator authenticator;
if (recipientRequirement == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("recipientRequirement");
}
Collection<SecurityToken> collection = new Collection<SecurityToken>();
if (this.parent.ServiceCertificate.Certificate != null)
{
collection.Add(new X509SecurityToken(this.parent.ServiceCertificate.Certificate));
}
List<SecurityTokenAuthenticator> supportingAuthenticators = new List<SecurityTokenAuthenticator>();
if ((this.parent.IssuedTokenAuthentication.KnownCertificates != null) && (this.parent.IssuedTokenAuthentication.KnownCertificates.Count > 0))
{
for (int i = 0; i < this.parent.IssuedTokenAuthentication.KnownCertificates.Count; i++)
{
collection.Add(new X509SecurityToken(this.parent.IssuedTokenAuthentication.KnownCertificates[i]));
}
}
X509CertificateValidator certificateValidator = this.parent.IssuedTokenAuthentication.GetCertificateValidator();
supportingAuthenticators.Add(new X509SecurityTokenAuthenticator(certificateValidator));
if (this.parent.IssuedTokenAuthentication.AllowUntrustedRsaIssuers)
{
supportingAuthenticators.Add(new RsaSecurityTokenAuthenticator());
}
outOfBandTokenResolver = (collection.Count > 0) ? SecurityTokenResolver.CreateDefaultSecurityTokenResolver(new ReadOnlyCollection<SecurityToken>(collection), false) : null;
if ((recipientRequirement.SecurityBindingElement == null) || (recipientRequirement.SecurityBindingElement.LocalServiceSettings == null))
{
authenticator = new SamlSecurityTokenAuthenticator(supportingAuthenticators);
}
else
{
authenticator = new SamlSecurityTokenAuthenticator(supportingAuthenticators, recipientRequirement.SecurityBindingElement.LocalServiceSettings.MaxClockSkew);
}
authenticator.AudienceUriMode = this.parent.IssuedTokenAuthentication.AudienceUriMode;
IList<string> allowedAudienceUris = authenticator.AllowedAudienceUris;
if (this.parent.IssuedTokenAuthentication.AllowedAudienceUris != null)
{
for (int j = 0; j < this.parent.IssuedTokenAuthentication.AllowedAudienceUris.Count; j++)
{
allowedAudienceUris.Add(this.parent.IssuedTokenAuthentication.AllowedAudienceUris[j]);
}
}
if (recipientRequirement.ListenUri != null)
{
allowedAudienceUris.Add(recipientRequirement.ListenUri.AbsoluteUri);
}
return authenticator;
}
protected override SecurityToken ReadTokenCore(XmlReader reader, SecurityTokenResolver tokenResolver)
{
XmlDictionaryReader dictionaryReader = XmlDictionaryReader.CreateDictionaryReader(reader);
if (this.secureConversation.IsAtDerivedKeyToken(dictionaryReader))
{
string id;
string derivationAlgorithm;
string label;
int length;
byte[] nonce;
int offset;
int generation;
SecurityKeyIdentifierClause tokenToDeriveIdentifier;
SecurityToken tokenToDerive;
this.secureConversation.ReadDerivedKeyTokenParameters(dictionaryReader, tokenResolver, out id, out derivationAlgorithm, out label,
out length, out nonce, out offset, out generation, out tokenToDeriveIdentifier, out tokenToDerive);
DerivedKeySecurityToken cachedToken = GetCachedToken(id, generation, offset, length, label, nonce, tokenToDerive, tokenToDeriveIdentifier, derivationAlgorithm);
if (cachedToken != null)
{
return cachedToken;
}
lock (this.thisLock)
{
cachedToken = GetCachedToken(id, generation, offset, length, label, nonce, tokenToDerive, tokenToDeriveIdentifier, derivationAlgorithm);
if (cachedToken != null)
{
return cachedToken;
}
SecurityToken result = this.secureConversation.CreateDerivedKeyToken( id, derivationAlgorithm, label, length, nonce, offset, generation, tokenToDeriveIdentifier, tokenToDerive );
DerivedKeySecurityToken newToken = result as DerivedKeySecurityToken;
if (newToken != null)
{
int pos = this.indexToCache;
if (this.indexToCache == int.MaxValue)
this.indexToCache = 0;
else
this.indexToCache = (++this.indexToCache) % this.cachedTokens.Length;
this.cachedTokens[pos] = new DerivedKeySecurityTokenCache(newToken);
}
return result;
}
}
else
{
return this.innerTokenSerializer.ReadToken(reader, tokenResolver);
}
}
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver)
{
if (tokenRequirement.TokenType == SecurityTokenTypes.UserName)
{
outOfBandTokenResolver = null;
// Get the current validator
UserNamePasswordValidator validator =
ServiceCredentials.UserNameAuthentication.CustomUserNamePasswordValidator;
return new CustomSecurityTokenAuthenticator(validator);
}
return base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver);
}
public virtual SamlSecurityToken ReadToken(XmlReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
XmlDictionaryReader dictionaryReader = XmlDictionaryReader.CreateDictionaryReader(reader);
WrappedReader wrappedReader = new WrappedReader(dictionaryReader);
SamlAssertion assertion = LoadAssertion(wrappedReader, keyInfoSerializer, outOfBandTokenResolver);
if (assertion == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLUnableToLoadAssertion)));
//if (assertion.Signature == null)
// throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SamlTokenMissingSignature)));
return new SamlSecurityToken(assertion);
}
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver)
{
if (tokenRequirement.TokenType == Constants.TokenType)
{
List<SecurityToken> tokens = SamlConfiguration.SamlTokenIssuerConfiguration.GetAllServiceTokens();
List<SecurityTokenAuthenticator> securityAuthenticators = new List<SecurityTokenAuthenticator>();
securityAuthenticators.Add(new X509SecurityTokenAuthenticator(X509CertificateValidator.None));
outOfBandTokenResolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver(tokens.AsReadOnly(), true);
return new SamlSecurityTokenAuthenticator(securityAuthenticators);
}
else
{
return base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver);
}
}
internal SupportingTokenAuthenticatorSpecification(SecurityTokenAuthenticator tokenAuthenticator, SecurityTokenResolver securityTokenResolver, System.ServiceModel.Security.SecurityTokenAttachmentMode attachmentMode, SecurityTokenParameters tokenParameters, bool isTokenOptional)
{
if (tokenAuthenticator == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenAuthenticator");
}
SecurityTokenAttachmentModeHelper.Validate(attachmentMode);
if (tokenParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenParameters");
}
this.tokenAuthenticator = tokenAuthenticator;
this.tokenResolver = securityTokenResolver;
this.tokenAttachmentMode = attachmentMode;
this.tokenParameters = tokenParameters;
this.isTokenOptional = isTokenOptional;
}
protected abstract SecurityToken ReadTokenCore(XmlReader reader, SecurityTokenResolver tokenResolver);
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(System.IdentityModel.Selectors.SecurityTokenRequirement tokenRequirement, out System.IdentityModel.Selectors.SecurityTokenResolver outOfBandTokenResolver)
{
if (tokenRequirement.TokenType == SecurityTokenTypes.UserName)
{
outOfBandTokenResolver = null;
// Get the current validator
UserNamePasswordValidator validator = ServiceCredentials.UserNameAuthentication.CustomUserNamePasswordValidator;
return(new CustomSecurityTokenAuthenticator(validator));
}
return(base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver));
}
public override void ReadXml (XmlDictionaryReader reader,
SamlSerializer samlSerializer,
SecurityTokenSerializer keyInfoTokenSerializer,
SecurityTokenResolver outOfBandTokenResolver)
{
throw new NotImplementedException ();
}