Ejemplo n.º 1
0
		public void WriteXmlNoAssertionsOrIDs ()
		{
			SamlEvidence a = new SamlEvidence ();

			StringWriter sw = new StringWriter ();
			using (XmlDictionaryWriter dw = CreateWriter (sw)) {
				a.WriteXml (dw, new SamlSerializer (), null);
			}
		}
Ejemplo n.º 2
0
 public SamlAuthorizationDecisionStatement(
     SamlSubject samlSubject, string resource,
     SamlAccessDecision accessDecision,
     IEnumerable <SamlAction> samlActions,
     SamlEvidence samlEvidence)
     : this(samlSubject, resource, accessDecision, samlActions)
 {
     evidence = samlEvidence;
 }
Ejemplo n.º 3
0
		public SamlAuthorizationDecisionStatement (
			SamlSubject samlSubject, string resource,
			SamlAccessDecision accessDecision,
			IEnumerable<SamlAction> samlActions,
			SamlEvidence samlEvidence)
			: this (samlSubject, resource, accessDecision, samlActions)
		{
			evidence = samlEvidence;
		}
Ejemplo n.º 4
0
 public SamlAuthorizationDecisionStatement(SamlSubject samlSubject, string resource, SamlAccessDecision accessDecision, IEnumerable<SamlAction> samlActions, SamlEvidence samlEvidence) : base(samlSubject)
 {
     this.actions = new ImmutableCollection<SamlAction>();
     if (samlActions == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlActions"));
     }
     foreach (SamlAction action in samlActions)
     {
         if (action == null)
         {
             throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.IdentityModel.SR.GetString("SAMLEntityCannotBeNullOrEmpty", new object[] { XD.SamlDictionary.Action.Value }));
         }
         this.actions.Add(action);
     }
     this.evidence = samlEvidence;
     this.accessDecision = accessDecision;
     this.resource = resource;
     this.CheckObjectValidity();
 }
Ejemplo n.º 5
0
 public SamlAuthorizationDecisionStatement(SamlSubject samlSubject, string resource, SamlAccessDecision accessDecision, IEnumerable <SamlAction> samlActions, SamlEvidence samlEvidence) : base(samlSubject)
 {
     this.actions = new ImmutableCollection <SamlAction>();
     if (samlActions == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlActions"));
     }
     foreach (SamlAction action in samlActions)
     {
         if (action == null)
         {
             throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.IdentityModel.SR.GetString("SAMLEntityCannotBeNullOrEmpty", new object[] { XD.SamlDictionary.Action.Value }));
         }
         this.actions.Add(action);
     }
     this.evidence       = samlEvidence;
     this.accessDecision = accessDecision;
     this.resource       = resource;
     this.CheckObjectValidity();
 }
Ejemplo n.º 6
0
 public override void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
 {
     if (reader == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
     }
     if (samlSerializer == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
     }
     SamlDictionary samlDictionary = samlSerializer.DictionaryManager.SamlDictionary;
     this.resource = reader.GetAttribute(samlDictionary.Resource, null);
     if (string.IsNullOrEmpty(this.resource))
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionStatementMissingResourceAttributeOnRead")));
     }
     string attribute = reader.GetAttribute(samlDictionary.Decision, null);
     if (string.IsNullOrEmpty(attribute))
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionStatementMissingDecisionAttributeOnRead")));
     }
     if (attribute.Equals(SamlAccessDecision.Deny.ToString(), StringComparison.OrdinalIgnoreCase))
     {
         this.accessDecision = SamlAccessDecision.Deny;
     }
     else if (attribute.Equals(SamlAccessDecision.Permit.ToString(), StringComparison.OrdinalIgnoreCase))
     {
         this.accessDecision = SamlAccessDecision.Permit;
     }
     else
     {
         this.accessDecision = SamlAccessDecision.Indeterminate;
     }
     reader.MoveToContent();
     reader.Read();
     if (!reader.IsStartElement(samlDictionary.Subject, samlDictionary.Namespace))
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionStatementMissingSubjectOnRead")));
     }
     SamlSubject subject = new SamlSubject();
     subject.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
     base.SamlSubject = subject;
     while (reader.IsStartElement())
     {
         if (reader.IsStartElement(samlDictionary.Action, samlDictionary.Namespace))
         {
             SamlAction item = new SamlAction();
             item.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
             this.actions.Add(item);
         }
         else
         {
             if (!reader.IsStartElement(samlDictionary.Evidence, samlDictionary.Namespace))
             {
                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLBadSchema", new object[] { samlDictionary.AuthorizationDecisionStatement })));
             }
             if (this.evidence != null)
             {
                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionHasMoreThanOneEvidence")));
             }
             this.evidence = new SamlEvidence();
             this.evidence.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
         }
     }
     if (this.actions.Count == 0)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionShouldHaveOneActionOnRead")));
     }
     reader.MoveToContent();
     reader.ReadEndElement();
 }
Ejemplo n.º 7
0
		public void WriteXml1 ()
		{
			SamlEvidence a = new SamlEvidence ();
			a.AssertionIdReferences.Add ("myref");

			StringWriter sw = new StringWriter ();
			using (XmlDictionaryWriter dw = CreateWriter (sw)) {
				a.WriteXml (dw, new SamlSerializer (), null);
			}
			Assert.AreEqual (String.Format ("<?xml version=\"1.0\" encoding=\"utf-16\"?><saml:Evidence xmlns:saml=\"{0}\"><saml:AssertionIDReference>myref</saml:AssertionIDReference></saml:Evidence>", SamlConstants.Namespace), sw.ToString ());
		}
Ejemplo n.º 8
0
		public void ReadXml1 ()
		{
			SamlSerializer ser = new SamlSerializer ();
			string xml = String.Format ("<saml:Evidence xmlns:saml=\"{0}\"><saml:AssertionIDReference>myref</saml:AssertionIDReference></saml:Evidence>", SamlConstants.Namespace);
			XmlDictionaryReader reader = CreateReader (xml);
			reader.MoveToContent ();

			SamlEvidence s = new SamlEvidence ();
			s.ReadXml (reader, ser, null, null);
			Assert.AreEqual (1, s.AssertionIdReferences.Count, "#1");
			Assert.AreEqual ("myref", s.AssertionIdReferences [0], "#2");
		}
Ejemplo n.º 9
0
		public void ReadXmlExternalContent ()
		{
			SamlSerializer ser = new SamlSerializer ();
			string xml = String.Format ("<saml:Evidence xmlns:saml=\"{0}\"><external-element /><saml:AssertionIDReference>myref</saml:AssertionIDReference></saml:Evidence>", SamlConstants.Namespace);
			XmlDictionaryReader reader = CreateReader (xml);
			reader.MoveToContent ();

			SamlEvidence s = new SamlEvidence ();
			s.ReadXml (reader, ser, null, null);
		}
Ejemplo n.º 10
0
		public override void ReadXml (XmlDictionaryReader reader,
			SamlSerializer samlSerializer, 
			SecurityTokenSerializer keyInfoSerializer, 
			SecurityTokenResolver resolver)
		{
			if (reader == null)
				throw new ArgumentNullException ("reader");
			if (samlSerializer == null)
				throw new ArgumentNullException ("samlSerializer");

			string decision = reader.GetAttribute ("Decision");
			switch (decision) {
			case "Permit":
				AccessDecision = SamlAccessDecision.Permit;
				break;
			case "Deny":
				AccessDecision = SamlAccessDecision.Deny;
				break;
			case "Indeterminate":
				AccessDecision = SamlAccessDecision.Indeterminate;
				break;
			default:
				throw new SecurityTokenException (String.Format ("AccessDecision value is wrong: {0}", decision));
			}
			Resource = reader.GetAttribute ("Resource");

			reader.ReadStartElement ("AuthorizationDecisionStatement", SamlConstants.Namespace);

			reader.MoveToContent ();
			SamlSubject = new SamlSubject ();
			SamlSubject.ReadXml (reader, samlSerializer, keyInfoSerializer, resolver);
			SamlActions.Clear ();
			for (reader.MoveToContent ();
			     reader.LocalName == "Action" &&
			     reader.NamespaceURI == SamlConstants.Namespace;
			     reader.MoveToContent ()) {
				SamlAction action = new SamlAction ();
				action.ReadXml (reader, samlSerializer, keyInfoSerializer, resolver);
				SamlActions.Add (action);
			}
			if (reader.LocalName == "Evidence" &&
			    reader.NamespaceURI == SamlConstants.Namespace) {
				Evidence = new SamlEvidence ();
				Evidence.ReadXml (reader, samlSerializer, keyInfoSerializer, resolver);
				reader.MoveToContent ();
			}
			reader.ReadEndElement ();

			// verify contents
			if (SamlActions.Count == 0)
				throw new SecurityTokenException ("SAML AuthorizationDecisionStatement must contain at least one Action.");

			if (SamlSubject == null)
				throw new SecurityTokenException ("SAML Subject must be set to SAML AuthorizationDecisionStatement before being written.");
			if (Resource == null || Resource.Length == 0)
				throw new SecurityTokenException ("non-zero string must be set to Resource on SAML AuthorizationDecisionStatement.");
		}
Ejemplo n.º 11
0
        public override void ReadXml(XmlDictionaryReader reader,
                                     SamlSerializer samlSerializer,
                                     SecurityTokenSerializer keyInfoSerializer,
                                     SecurityTokenResolver outOfBandTokenResolver)
        {
            if (reader == null)
            {
                throw new ArgumentNullException("reader");
            }
            if (samlSerializer == null)
            {
                throw new ArgumentNullException("samlSerializer");
            }

            string decision = reader.GetAttribute("Decision");

            switch (decision)
            {
            case "Permit":
                AccessDecision = SamlAccessDecision.Permit;
                break;

            case "Deny":
                AccessDecision = SamlAccessDecision.Deny;
                break;

            case "Indeterminate":
                AccessDecision = SamlAccessDecision.Indeterminate;
                break;

            default:
                throw new SecurityTokenException(String.Format("AccessDecision value is wrong: {0}", decision));
            }
            Resource = reader.GetAttribute("Resource");

            reader.ReadStartElement("AuthorizationDecisionStatement", SamlConstants.Namespace);

            reader.MoveToContent();
            SamlSubject = new SamlSubject();
            SamlSubject.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
            SamlActions.Clear();
            for (reader.MoveToContent();
                 reader.LocalName == "Action" &&
                 reader.NamespaceURI == SamlConstants.Namespace;
                 reader.MoveToContent())
            {
                SamlAction action = new SamlAction();
                action.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
                SamlActions.Add(action);
            }
            if (reader.LocalName == "Evidence" &&
                reader.NamespaceURI == SamlConstants.Namespace)
            {
                Evidence = new SamlEvidence();
                Evidence.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
                reader.MoveToContent();
            }
            reader.ReadEndElement();

            // verify contents
            if (SamlActions.Count == 0)
            {
                throw new SecurityTokenException("SAML AuthorizationDecisionStatement must contain at least one Action.");
            }

            if (SamlSubject == null)
            {
                throw new SecurityTokenException("SAML Subject must be set to SAML AuthorizationDecisionStatement before being written.");
            }
            if (Resource == null || Resource.Length == 0)
            {
                throw new SecurityTokenException("non-zero string must be set to Resource on SAML AuthorizationDecisionStatement.");
            }
        }
Ejemplo n.º 12
0
        /// <summary>
        /// Serializes a given SamlEvidence.
        /// </summary>
        /// <param name="writer">XmlWriter to serialize the SamlEvidence.</param>
        /// <param name="evidence">SamlEvidence to be serialized.</param>
        /// <exception cref="ArgumentNullException">The input parameter 'evidence' is null.</exception>
        protected virtual void WriteEvidence(XmlWriter writer, SamlEvidence evidence)
        {
            if (writer == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer");
            }

            if (evidence == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("evidence");
            }

            writer.WriteStartElement(SamlConstants.Prefix, SamlConstants.ElementNames.Evidence, SamlConstants.Namespace);

            for (int i = 0; i < evidence.AssertionIdReferences.Count; i++)
            {
                writer.WriteElementString(SamlConstants.Prefix, SamlConstants.ElementNames.AssertionIdReference, SamlConstants.Namespace, evidence.AssertionIdReferences[i]);
            }

            for (int i = 0; i < evidence.Assertions.Count; i++)
            {
                WriteAssertion(writer, evidence.Assertions[i]);
            }

            writer.WriteEndElement();
        }
Ejemplo n.º 13
0
        /// <summary>
        /// Read the saml:Evidence element.
        /// </summary>
        /// <param name="reader">XmlReader positioned at saml:Evidence element.</param>
        /// <returns>SamlEvidence</returns>
        /// <exception cref="ArgumentNullException">The input parameter 'reader' is null.</exception>
        /// <exception cref="XmlException">The XmlReader is not positioned at a saml:Evidence element or 
        /// the element contains unrecognized or invalid child elements.</exception>
        protected virtual SamlEvidence ReadEvidence(XmlReader reader)
        {
            if (reader == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
            }

            if (!reader.IsStartElement(SamlConstants.ElementNames.Evidence, SamlConstants.Namespace))
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.ID4082, SamlConstants.ElementNames.Evidence, SamlConstants.Namespace, reader.LocalName, reader.NamespaceURI)));
            }

            SamlEvidence evidence = new SamlEvidence();
            reader.ReadStartElement();

            while (reader.IsStartElement())
            {
                if (reader.IsStartElement(SamlConstants.ElementNames.AssertionIdReference, SamlConstants.Namespace))
                {
                    evidence.AssertionIdReferences.Add(reader.ReadElementString());
                }
                else if (reader.IsStartElement(SamlConstants.ElementNames.Assertion, SamlConstants.Namespace))
                {
                    evidence.Assertions.Add(ReadAssertion(reader));
                }
                else
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.ID4210, reader.LocalName, reader.NamespaceURI)));
                }
            }

            if ((evidence.AssertionIdReferences.Count == 0) && (evidence.Assertions.Count == 0))
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.ID4211)));
            }

            reader.MoveToContent();
            reader.ReadEndElement();

            return evidence;
        }
Ejemplo n.º 14
0
        public override void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
        {
            if (reader == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
            }

            if (samlSerializer == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
            }

#pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null.
            SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary;

            this.resource = reader.GetAttribute(dictionary.Resource, null);
            if (string.IsNullOrEmpty(this.resource))
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionStatementMissingResourceAttributeOnRead)));
            }

            string decisionString = reader.GetAttribute(dictionary.Decision, null);
            if (string.IsNullOrEmpty(decisionString))
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionStatementMissingDecisionAttributeOnRead)));
            }

            if (decisionString.Equals(SamlAccessDecision.Deny.ToString(), StringComparison.OrdinalIgnoreCase))
            {
                this.accessDecision = SamlAccessDecision.Deny;
            }
            else if (decisionString.Equals(SamlAccessDecision.Permit.ToString(), StringComparison.OrdinalIgnoreCase))
            {
                this.accessDecision = SamlAccessDecision.Permit;
            }
            else
            {
                accessDecision = SamlAccessDecision.Indeterminate;
            }

            reader.MoveToContent();
            reader.Read();

            if (reader.IsStartElement(dictionary.Subject, dictionary.Namespace))
            {
                SamlSubject subject = new SamlSubject();
                subject.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
                base.SamlSubject = subject;
            }
            else
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionStatementMissingSubjectOnRead)));
            }

            while (reader.IsStartElement())
            {
                if (reader.IsStartElement(dictionary.Action, dictionary.Namespace))
                {
                    SamlAction action = new SamlAction();
                    action.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
                    this.actions.Add(action);
                }
                else if (reader.IsStartElement(dictionary.Evidence, dictionary.Namespace))
                {
                    if (this.evidence != null)
                    {
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionHasMoreThanOneEvidence)));
                    }

                    this.evidence = new SamlEvidence();
                    this.evidence.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
                }
                else
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLBadSchema, dictionary.AuthorizationDecisionStatement)));
                }
            }

            if (this.actions.Count == 0)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionShouldHaveOneActionOnRead)));
            }

            reader.MoveToContent();
            reader.ReadEndElement();
        }
Ejemplo n.º 15
0
		public void ReadXmlBadContent ()
		{
			SamlSerializer ser = new SamlSerializer ();
			string xml = String.Format ("<saml:Evidence xmlns:saml=\"{0}\"><saml:DoNotCacheCondition /></saml:Evidence>", SamlConstants.Namespace);
			XmlDictionaryReader reader = CreateReader (xml);
			reader.MoveToContent ();

			SamlEvidence s = new SamlEvidence ();
			s.ReadXml (reader, ser, null, null);
		}
Ejemplo n.º 16
0
        public override void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
        {
            if (reader == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
            }
            if (samlSerializer == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
            }
            SamlDictionary samlDictionary = samlSerializer.DictionaryManager.SamlDictionary;

            this.resource = reader.GetAttribute(samlDictionary.Resource, null);
            if (string.IsNullOrEmpty(this.resource))
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionStatementMissingResourceAttributeOnRead")));
            }
            string attribute = reader.GetAttribute(samlDictionary.Decision, null);

            if (string.IsNullOrEmpty(attribute))
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionStatementMissingDecisionAttributeOnRead")));
            }
            if (attribute.Equals(SamlAccessDecision.Deny.ToString(), StringComparison.OrdinalIgnoreCase))
            {
                this.accessDecision = SamlAccessDecision.Deny;
            }
            else if (attribute.Equals(SamlAccessDecision.Permit.ToString(), StringComparison.OrdinalIgnoreCase))
            {
                this.accessDecision = SamlAccessDecision.Permit;
            }
            else
            {
                this.accessDecision = SamlAccessDecision.Indeterminate;
            }
            reader.MoveToContent();
            reader.Read();
            if (!reader.IsStartElement(samlDictionary.Subject, samlDictionary.Namespace))
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionStatementMissingSubjectOnRead")));
            }
            SamlSubject subject = new SamlSubject();

            subject.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
            base.SamlSubject = subject;
            while (reader.IsStartElement())
            {
                if (reader.IsStartElement(samlDictionary.Action, samlDictionary.Namespace))
                {
                    SamlAction item = new SamlAction();
                    item.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
                    this.actions.Add(item);
                }
                else
                {
                    if (!reader.IsStartElement(samlDictionary.Evidence, samlDictionary.Namespace))
                    {
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLBadSchema", new object[] { samlDictionary.AuthorizationDecisionStatement })));
                    }
                    if (this.evidence != null)
                    {
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionHasMoreThanOneEvidence")));
                    }
                    this.evidence = new SamlEvidence();
                    this.evidence.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
                }
            }
            if (this.actions.Count == 0)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionShouldHaveOneActionOnRead")));
            }
            reader.MoveToContent();
            reader.ReadEndElement();
        }
Ejemplo n.º 17
0
        public override void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
        {
            if (reader == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));

            if (samlSerializer == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));

#pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null.
            SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary;

            this.resource = reader.GetAttribute(dictionary.Resource, null);
            if (string.IsNullOrEmpty(this.resource))
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionStatementMissingResourceAttributeOnRead)));

            string decisionString = reader.GetAttribute(dictionary.Decision, null);
            if (string.IsNullOrEmpty(decisionString))
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionStatementMissingDecisionAttributeOnRead)));

            if (decisionString.Equals(SamlAccessDecision.Deny.ToString(), StringComparison.OrdinalIgnoreCase))
                this.accessDecision = SamlAccessDecision.Deny;
            else if (decisionString.Equals(SamlAccessDecision.Permit.ToString(), StringComparison.OrdinalIgnoreCase))
                this.accessDecision = SamlAccessDecision.Permit;
            else
                accessDecision = SamlAccessDecision.Indeterminate;

            reader.MoveToContent();
            reader.Read();

            if (reader.IsStartElement(dictionary.Subject, dictionary.Namespace))
            {
                SamlSubject subject = new SamlSubject();
                subject.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
                base.SamlSubject = subject;
            }
            else
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionStatementMissingSubjectOnRead)));

            while (reader.IsStartElement())
            {
                if (reader.IsStartElement(dictionary.Action, dictionary.Namespace))
                {
                    SamlAction action = new SamlAction();
                    action.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
                    this.actions.Add(action);
                }
                else if (reader.IsStartElement(dictionary.Evidence, dictionary.Namespace))
                {
                    if (this.evidence != null)
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionHasMoreThanOneEvidence)));

                    this.evidence = new SamlEvidence();
                    this.evidence.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
                }
                else
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLBadSchema, dictionary.AuthorizationDecisionStatement)));
            }

            if (this.actions.Count == 0)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionShouldHaveOneActionOnRead)));

            reader.MoveToContent();
            reader.ReadEndElement();
        }