protected BootstrapContext(SerializationInfo info, StreamingContext context)
{
if (info == null)
{
return;
}
switch (info.GetChar(_tokenTypeKey))
{
case _securityTokenType:
{
SecurityTokenHandler sth = context.Context as SecurityTokenHandler;
if (sth != null)
{
using (XmlDictionaryReader reader = XmlDictionaryReader.CreateTextReader(Convert.FromBase64String(info.GetString(_tokenKey)), XmlDictionaryReaderQuotas.Max))
{
reader.MoveToContent();
if (sth.CanReadToken(reader))
{
string tokenName = reader.LocalName;
string tokenNamespace = reader.NamespaceURI;
SecurityToken token = sth.ReadToken(reader);
if (token == null)
{
_tokenString = Text.Encoding.UTF8.GetString(Convert.FromBase64String(info.GetString(_tokenKey)));
}
else
{
_token = token;
}
}
}
}
else
{
_tokenString = Text.Encoding.UTF8.GetString(Convert.FromBase64String(info.GetString(_tokenKey)));
}
}
break;
case _stringTokenType:
{
_tokenString = info.GetString(_tokenKey);
}
break;
case _byteTokenType:
{
_tokenBytes = (byte[])info.GetValue(_tokenKey, typeof(byte[]));
}
break;
default:
break;
}
}
/// <summary>Initializes a new instance of the <see cref="BootstrapContext"/> class by using the specified security token and token handler.</summary>
public BootstrapContext (SecurityToken token, SecurityTokenHandler handler)
{
if (token == null)
throw new ArgumentNullException ("token");
if (handler == null)
throw new ArgumentNullException ("handler");
SecurityToken = token;
SecurityTokenHandler = handler;
}
public static IAppBuilder UseTokenHandlerAuthentication(this IAppBuilder app, SecurityTokenHandler handler)
{
var options = new OAuthBearerAuthenticationOptions
{
AccessTokenFormat = new WifTokenFormat(handler)
};
app.UseOAuthBearerAuthentication(options);
return app;
}
/// <summary>
/// Copy constructor.
/// </summary>
/// <param name="federatedAsyncState">The input FederatedAsyncState instance.</param>
/// <exception cref="ArgumentNullException">The input 'FederatedAsyncState' is null.</exception>
public FederatedAsyncState(FederatedAsyncState federatedAsyncState)
{
if (null == federatedAsyncState)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("FederatedAsyncState");
}
_request = federatedAsyncState.Request;
_claimsPrincipal = federatedAsyncState.ClaimsPrincipal;
_securityTokenHandler = federatedAsyncState.SecurityTokenHandler;
_result = federatedAsyncState.Result;
}
/// <summary>Initializes a new instance of the <see cref="BootstrapContext"/> class by using the specified security token and token handler.</summary>
public BootstrapContext(SecurityToken token, SecurityTokenHandler tokenHandler)
{
if (token == null)
{
throw new ArgumentNullException("token");
}
if (tokenHandler == null)
{
throw new ArgumentNullException("tokenHandler");
}
SecurityToken = token;
SecurityTokenHandler = tokenHandler;
}
public SecurityTokenAuthenticatorAdapter(SecurityTokenHandler securityTokenHandler, ExceptionMapper exceptionMapper)
{
if (securityTokenHandler == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityTokenHandler");
}
if (exceptionMapper == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("exceptionMapper");
}
_securityTokenHandler = securityTokenHandler;
_exceptionMapper = exceptionMapper;
}
private static void ConfigureHandler(SecurityTokenHandler handler, Uri audience, string issuerThumbprint, string issuerName = null, X509CertificateValidator validator = null)
{
var handlerConfiguration = new SecurityTokenHandlerConfiguration();
handlerConfiguration.AudienceRestriction.AllowedAudienceUris.Add(audience);
var registry = new ConfigurationBasedIssuerNameRegistry();
registry.AddTrustedIssuer(issuerThumbprint, issuerName ?? issuerThumbprint);
if (validator != null)
{
handlerConfiguration.CertificateValidator = validator;
}
else
{
handlerConfiguration.CertificateValidator = X509CertificateValidator.None;
}
handlerConfiguration.IssuerNameRegistry = registry;
handler.Configuration = handlerConfiguration;
}
/// <summary>
/// Writes a <see cref="EncryptedSecurityToken"/> using the xmlWriter.
/// </summary>
/// <param name="writer">The XmlWriter to which the encrypted token is written.</param>
/// <param name="token">The <see cref="SecurityToken"/> which must be an instance of <see cref="EncryptedSecurityToken"/>.</param>
/// <exception cref="ArgumentNullException">The input prameter 'writer' is null.</exception>
/// <exception cref="ArgumentNullException">The input prameter 'token' is null.</exception>
/// <exception cref="ArgumentException">The <see cref="SecurityToken"/> is not an instance of <see cref="EncryptedSecurityToken"/>.</exception>
/// <exception cref="InvalidOperationException">The property 'Configuration' is null. This property is required for obtaining keys for encryption.</exception>
/// <exception cref="InvalidOperationException">The ContaingCollection was unable to find a <see cref="SecurityTokenHandler"/> that is able to write
/// the <see cref="SecurityToken"/> returned by 'EncryptedSecurityToken.Token'.</exception>
/// <exception cref="SecurityTokenException">The property 'EncryptinCredentials.SecurityKey is not a <see cref="SymmetricSecurityKey"/></exception>
public override void WriteToken(XmlWriter writer, SecurityToken token)
{
if (null == writer)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer");
}
if (null == token)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token");
}
EncryptedSecurityToken encryptedToken = token as EncryptedSecurityToken;
if (null == encryptedToken)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("token", SR.GetString(SR.ID4024));
}
if (this.ContainingCollection == null)
{
throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID4279));
}
//
// This implementation simply wraps the token in xenc:EncryptedData
//
EncryptedDataElement encryptedData = new EncryptedDataElement(KeyInfoSerializer);
using (MemoryStream plaintextStream = new MemoryStream())
{
//
// Buffer the plaintext
//
using (XmlDictionaryWriter plaintextWriter = XmlDictionaryWriter.CreateTextWriter(plaintextStream, Encoding.UTF8, false))
{
SecurityTokenHandler securityTokenHandler = this.ContainingCollection[encryptedToken.Token.GetType()];
if (securityTokenHandler != null)
{
securityTokenHandler.WriteToken(plaintextWriter, encryptedToken.Token);
}
else
{
throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID4224, encryptedToken.Token.GetType()));
}
}
//
// Set up the EncryptedData element
//
EncryptingCredentials encryptingCredentials = encryptedToken.EncryptingCredentials;
encryptedData.Type = XmlEncryptionConstants.EncryptedDataTypes.Element;
encryptedData.KeyIdentifier = encryptingCredentials.SecurityKeyIdentifier;
encryptedData.Algorithm = encryptingCredentials.Algorithm;
//
// Get the encryption key, which must be symmetric
//
SymmetricSecurityKey encryptingKey = encryptingCredentials.SecurityKey as SymmetricSecurityKey;
if (encryptingKey == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.ID3064)));
}
//
// Do the actual encryption
//
using (SymmetricAlgorithm symmetricAlgorithm = encryptingKey.GetSymmetricAlgorithm(encryptingCredentials.Algorithm))
{
byte[] plainTextBytes = plaintextStream.GetBuffer();
DebugEncryptedTokenClearText(plainTextBytes, Encoding.UTF8);
encryptedData.Encrypt(symmetricAlgorithm, plainTextBytes, 0, (int)plaintextStream.Length);
}
}
//
// Write the EncryptedData element
//
encryptedData.WriteXml(writer, KeyInfoSerializer);
}
public static void AddClientCertificate(this AuthenticationConfiguration configuration, SecurityTokenHandler handler)
{
configuration.AddMapping(new AuthenticationOptionMapping
{
TokenHandler = new SecurityTokenHandlerCollection { handler },
Options = AuthenticationOptions.ForClientCertificate()
});
}
public void AddClientCertificate(SecurityTokenHandler handler)
{
AddMapping(new AuthenticationOptionMapping
{
TokenHandler = new SecurityTokenHandlerCollection { handler },
Options = AuthenticationOptions.ForClientCertificate()
});
}
public static string CreateToken(SecurityTokenDescriptor securityTokenDescriptor, SecurityTokenHandler tokenHandler)
{
SecurityToken securityToken = tokenHandler.CreateToken(securityTokenDescriptor);
StringBuilder sb = new StringBuilder();
XmlWriter writer = XmlWriter.Create(sb);
tokenHandler.WriteToken(writer, securityToken);
writer.Flush();
writer.Close();
return sb.ToString();
}
public static SecurityToken CreateSecurityToken(SecurityTokenDescriptor securityTokenDescriptor, SecurityTokenHandler tokenHandler)
{
return tokenHandler.CreateToken(securityTokenDescriptor);
}
public static string CreateSamlToken(SecurityTokenDescriptor securityTokenDescriptor, SecurityTokenHandler tokenHandler)
{
return CreateToken(securityTokenDescriptor, tokenHandler);
}
public static SamlSecurityToken CreateSamlSecurityToken(SecurityTokenDescriptor securityTokenDescriptor, SecurityTokenHandler tokenHandler)
{
return CreateSecurityToken(securityTokenDescriptor, tokenHandler) as SamlSecurityToken;
}
public static string CreateJwtToken(SecurityTokenDescriptor securityTokenDescriptor, SecurityTokenHandler tokenHandler)
{
return tokenHandler.WriteToken(tokenHandler.CreateToken(securityTokenDescriptor));
}
private void RunWriteXmlWriterVariation(XmlWriter writer, SecurityToken token, SecurityTokenHandler tokenHandler, ExpectedException ee)
{
try
{
tokenHandler.WriteToken(writer, token);
ee.ProcessNoException();
}
catch(Exception ex)
{
ee.ProcessException(ex);
}
}
public void AddBasicAuthenticationHandler(SecurityTokenHandler handler)
{
var collection = new SecurityTokenHandlerCollection { handler };
Add("Basic", collection);
}
/// <summary>
/// A SecurityToken and a SecurityTokenHandler that can serialize the token.
/// </summary>
/// <param name="token"><see cref="SecurityToken"/> that can be serialized. Cannot be null.</param>
/// <param name="tokenHandler"><see cref="SecurityTokenHandler"/> that is responsible for serializing the token. Cannon be null.</param>
/// <exception cref="ArgumentNullException"> thrown if 'token' or 'tokenHandler' is null.</exception>
/// <remarks>The <see cref="SecurityTokenHandler"/> is used not used to deserialize the token as it cannot be assumed to exist</remarks>
public BootstrapContext(SecurityToken token, SecurityTokenHandler tokenHandler)
{
if (token == null)
{
throw new ArgumentNullException("token");
}
if (tokenHandler == null)
{
throw new ArgumentNullException("tokenHandler");
}
_token = token;
_tokenHandler = tokenHandler;
}
