protected override void WriteGeneration(XmlDictionaryWriter writer, SecurityContextKeyIdentifierClause clause) { if (clause.Generation != null) { XmlHelper.WriteAttributeStringAsUniqueId(writer, DXD.SecureConversationDec2005Dictionary.Prefix.Value, DXD.SecureConversationDec2005Dictionary.Instance, DXD.SecureConversationDec2005Dictionary.Namespace, clause.Generation); } }
public override bool Matches(SecurityKeyIdentifierClause keyIdentifierClause) { SecurityContextKeyIdentifierClause that = keyIdentifierClause as SecurityContextKeyIdentifierClause; // PreSharp #pragma warning suppress 56506 return(ReferenceEquals(this, that) || (that != null && that.Matches(this.contextId, this.generation))); }
public override bool Matches(SecurityKeyIdentifierClause keyIdentifierClause) { SecurityContextKeyIdentifierClause that = keyIdentifierClause as SecurityContextKeyIdentifierClause; // PreSharp Bug: Parameter 'that' to this public method must be validated: A null-dereference can occur here. #pragma warning suppress 56506 return(ReferenceEquals(this, that) || (that != null && that.Matches(this.contextId, this.generation))); }
public override bool Matches( SecurityKeyIdentifierClause keyIdentifierClause) { SecurityContextKeyIdentifierClause other = keyIdentifierClause as SecurityContextKeyIdentifierClause; return(other != null && Matches(other.context, other.generation)); }
public override void WriteContent(XmlDictionaryWriter writer, SecurityKeyIdentifierClause clause) { SecurityContextKeyIdentifierClause sctClause = clause as SecurityContextKeyIdentifierClause; writer.WriteStartElement(XD.SecurityJan2004Dictionary.Prefix.Value, XD.SecurityJan2004Dictionary.Reference, XD.SecurityJan2004Dictionary.Namespace); XmlHelper.WriteAttributeStringAsUniqueId(writer, null, XD.SecurityJan2004Dictionary.URI, null, sctClause.ContextId); WriteGeneration(writer, sctClause); writer.WriteAttributeString(XD.SecurityJan2004Dictionary.ValueType, null, parent.SerializerDictionary.SecurityContextTokenReferenceValueType.Value); writer.WriteEndElement(); }
void WriteSecurityContextKeyIdentifierClause( XmlWriter w, SecurityContextKeyIdentifierClause ic) { w.WriteStartElement("o", "SecurityTokenReference", Constants.WssNamespace); w.WriteStartElement("o", "Reference", Constants.WssNamespace); w.WriteAttributeString("URI", ic.ContextId.ToString()); string vt = GetTokenTypeUri(typeof(SecurityContextSecurityToken)); w.WriteAttributeString("ValueType", vt); w.WriteEndElement(); w.WriteEndElement(); }
protected override void WriteGeneration(XmlDictionaryWriter writer, SecurityContextKeyIdentifierClause clause) { // serialize the generation if (clause.Generation != null) { XmlHelper.WriteAttributeStringAsUniqueId( writer, this.Parent.SecurityTokenSerializer.DictionaryManager.SecureConversationDec2005Dictionary.Prefix.Value, this.Parent.SecurityTokenSerializer.DictionaryManager.SecureConversationDec2005Dictionary.Instance, this.Parent.SecurityTokenSerializer.DictionaryManager.SecureConversationDec2005Dictionary.Namespace, clause.Generation); } }
protected override bool TryResolveTokenCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityToken token) { SecurityContextKeyIdentifierClause sctSkiClause = keyIdentifierClause as SecurityContextKeyIdentifierClause; if (sctSkiClause != null) { token = GetContext(sctSkiClause.ContextId, sctSkiClause.Generation) as SecurityToken; } else { token = null; } return(token != null); }
SecurityKeyIdentifierClause ReadSecurityTokenReference(XmlReader reader) { reader.ReadStartElement(); reader.MoveToContent(); if (reader.NamespaceURI == SignedXml.XmlDsigNamespaceUrl) { KeyInfoX509Data x509 = new KeyInfoX509Data(); x509.LoadXml(new XmlDocument().ReadNode(reader) as XmlElement); if (x509.IssuerSerials.Count == 0) { throw new XmlException("'X509IssuerSerial' element is expected inside 'X509Data' element"); } X509IssuerSerial s = (X509IssuerSerial)x509.IssuerSerials [0]; reader.MoveToContent(); reader.ReadEndElement(); return(new X509IssuerSerialKeyIdentifierClause(s.IssuerName, s.SerialNumber)); } if (reader.NamespaceURI != Constants.WssNamespace) { throw new XmlException(String.Format("Unexpected SecurityTokenReference content: expected local name 'Reference' and namespace URI '{0}' but found local name '{1}' and namespace '{2}'.", Constants.WssNamespace, reader.LocalName, reader.NamespaceURI)); } switch (reader.LocalName) { case "Reference": Type ownerType = null; // FIXME: there could be more token types. if (reader.MoveToAttribute("ValueType")) { switch (reader.Value) { case Constants.WSSEncryptedKeyToken: ownerType = typeof(WrappedKeySecurityToken); break; case Constants.WSSX509Token: ownerType = typeof(X509SecurityToken); break; case Constants.WsscContextToken: ownerType = typeof(SecurityContextSecurityToken); break; default: throw new XmlException(String.Format("Unexpected ValueType in 'Reference' element: '{0}'", reader.Value)); } } reader.MoveToElement(); string uri = reader.GetAttribute("URI"); if (String.IsNullOrEmpty(uri)) { uri = "#"; } SecurityKeyIdentifierClause ic = null; if (ownerType == typeof(SecurityContextSecurityToken) && uri [0] != '#') { // FIXME: Generation? ic = new SecurityContextKeyIdentifierClause(new UniqueId(uri)); } else { ic = new LocalIdKeyIdentifierClause(uri.Substring(1), ownerType); } reader.Skip(); reader.MoveToContent(); reader.ReadEndElement(); return(ic); case "KeyIdentifier": string valueType = reader.GetAttribute("ValueType"); string value = reader.ReadElementContentAsString(); reader.MoveToContent(); reader.ReadEndElement(); // consume </Reference> switch (valueType) { case Constants.WssKeyIdentifierX509Thumbptint: return(new X509ThumbprintKeyIdentifierClause(Convert.FromBase64String(value))); case Constants.WssKeyIdentifierEncryptedKey: return(new InternalEncryptedKeyIdentifierClause(Convert.FromBase64String(value))); case Constants.WssKeyIdentifierSamlAssertion: return(new SamlAssertionKeyIdentifierClause(value)); default: // It is kinda weird but it throws XmlException here ... throw new XmlException(String.Format("KeyIdentifier type '{0}' is not supported in WSSecurityTokenSerializer.", valueType)); } default: throw new XmlException(String.Format("Unexpected SecurityTokenReference content: expected local name 'Reference' and namespace URI '{0}' but found local name '{1}' and namespace '{2}'.", Constants.WssNamespace, reader.LocalName, reader.NamespaceURI)); } }
protected override void WriteGeneration(XmlDictionaryWriter writer, SecurityContextKeyIdentifierClause clause) { if (clause.Generation != null) { XmlHelper.WriteAttributeStringAsUniqueId(writer, DXD.SecureConversationDec2005Dictionary.Prefix.Value, DXD.SecureConversationDec2005Dictionary.Instance, DXD.SecureConversationDec2005Dictionary.Namespace, clause.Generation); } }
protected override void WriteGeneration( XmlDictionaryWriter writer, SecurityContextKeyIdentifierClause clause ) { // serialize the generation if ( clause.Generation != null ) { XmlHelper.WriteAttributeStringAsUniqueId( writer, this.Parent.SecurityTokenSerializer.DictionaryManager.SecureConversationDec2005Dictionary.Prefix.Value, this.Parent.SecurityTokenSerializer.DictionaryManager.SecureConversationDec2005Dictionary.Instance, this.Parent.SecurityTokenSerializer.DictionaryManager.SecureConversationDec2005Dictionary.Namespace, clause.Generation ); } }
protected abstract void WriteGeneration( XmlDictionaryWriter writer, SecurityContextKeyIdentifierClause clause );
public override bool Matches(SecurityKeyIdentifierClause keyIdentifierClause) { SecurityContextKeyIdentifierClause that = keyIdentifierClause as SecurityContextKeyIdentifierClause; return(ReferenceEquals(this, that) || (that != null && that.Matches(_contextId, _generation))); }
void WriteSecurityContextKeyIdentifierClause ( XmlWriter w, SecurityContextKeyIdentifierClause ic) { w.WriteStartElement ("o", "SecurityTokenReference", Constants.WssNamespace); w.WriteStartElement ("o", "Reference", Constants.WssNamespace); w.WriteAttributeString ("URI", ic.ContextId.ToString ()); string vt = GetTokenTypeUri (typeof (SecurityContextSecurityToken)); w.WriteAttributeString ("ValueType", vt); w.WriteEndElement (); w.WriteEndElement (); }
public override bool Matches(SecurityKeyIdentifierClause keyIdentifierClause) { SecurityContextKeyIdentifierClause objB = keyIdentifierClause as SecurityContextKeyIdentifierClause; return(object.ReferenceEquals(this, objB) || ((objB != null) && objB.Matches(this.contextId, this.generation))); }
public void WriteSecurityContextKeyIdentifierClause () { StringWriter sw = new StringWriter (); SecurityContextKeyIdentifierClause ic = new SecurityContextKeyIdentifierClause (new UniqueId ("urn:foo:1"), null); using (XmlWriter w = XmlWriter.Create (sw, GetWriterSettings ())) { WSSecurityTokenSerializer.DefaultInstance.WriteKeyIdentifierClause (w, ic); } Assert.AreEqual (@"<o:SecurityTokenReference xmlns:o=""http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd""><o:Reference URI=""urn:foo:1"" ValueType=""http://schemas.xmlsoap.org/ws/2005/02/sc/sct"" /></o:SecurityTokenReference>", sw.ToString (), "#1"); XmlReader reader = XmlReader.Create (new StringReader (sw.ToString ())); ic = WSSecurityTokenSerializer.DefaultInstance.ReadKeyIdentifierClause (reader) as SecurityContextKeyIdentifierClause; Assert.IsNotNull (ic, "#2"); }
protected abstract void WriteGeneration(XmlDictionaryWriter writer, SecurityContextKeyIdentifierClause clause);
/// <summary> /// Reads the SessionSecurityToken from the given reader. /// </summary> /// <param name="reader">XmlReader over the SessionSecurityToken.</param> /// <param name="tokenResolver">SecurityTokenResolver that can used to resolve SessionSecurityToken.</param> /// <returns>An instance of <see cref="SessionSecurityToken"/>.</returns> /// <exception cref="ArgumentNullException">The input argument 'reader' is null.</exception> /// <exception cref="SecurityTokenException">The 'reader' is not positioned at a SessionSecurityToken /// or the SessionSecurityToken cannot be read.</exception> public override SecurityToken ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } if (tokenResolver == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenResolver"); } byte[] encodedCookie = null; SysUniqueId contextId = null; SysUniqueId keyGeneration = null; string ns = null; string identifier = null; string instance = null; SecurityToken securityContextToken = null; SessionDictionary dictionary = SessionDictionary.Instance; XmlDictionaryReader dicReader = XmlDictionaryReader.CreateDictionaryReader(reader); if (dicReader.IsStartElement(WSSecureConversationFeb2005Constants.ElementNames.Name, WSSecureConversationFeb2005Constants.Namespace)) { ns = WSSecureConversationFeb2005Constants.Namespace; identifier = WSSecureConversationFeb2005Constants.ElementNames.Identifier; instance = WSSecureConversationFeb2005Constants.ElementNames.Instance; } else if (dicReader.IsStartElement(WSSecureConversation13Constants.ElementNames.Name, WSSecureConversation13Constants.Namespace)) { ns = WSSecureConversation13Constants.Namespace; identifier = WSSecureConversation13Constants.ElementNames.Identifier; instance = WSSecureConversation13Constants.ElementNames.Instance; } else { // // Something is wrong // throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException( SR.GetString(SR.ID4230, WSSecureConversationFeb2005Constants.ElementNames.Name, dicReader.Name))); } string id = dicReader.GetAttribute(WSUtilityConstants.Attributes.IdAttribute, WSUtilityConstants.NamespaceURI); dicReader.ReadFullStartElement(); if (!dicReader.IsStartElement(identifier, ns)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException( SR.GetString(SR.ID4230, WSSecureConversation13Constants.ElementNames.Identifier, dicReader.Name))); } contextId = dicReader.ReadElementContentAsUniqueId(); if (contextId == null || string.IsNullOrEmpty(contextId.ToString())) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.ID4242))); } // // The token can be a renewed token, in which case we need to know the // instance id, which will be the secondary key to the context id for // cache lookups // if (dicReader.IsStartElement(instance, ns)) { keyGeneration = dicReader.ReadElementContentAsUniqueId(); } if (dicReader.IsStartElement(CookieElementName, CookieNamespace)) { // Get the token from the Cache, which is returned as an SCT SecurityToken cachedToken = null; SecurityContextKeyIdentifierClause sctClause = null; if (keyGeneration == null) { sctClause = new SecurityContextKeyIdentifierClause(contextId); } else { sctClause = new SecurityContextKeyIdentifierClause(contextId, keyGeneration); } tokenResolver.TryResolveToken(sctClause, out cachedToken); if (cachedToken != null) { securityContextToken = cachedToken; dicReader.Skip(); } else { // // CookieMode // encodedCookie = dicReader.ReadElementContentAsBase64(); if (encodedCookie == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.ID4237))); } // // appply transforms // byte[] decodedCookie = ApplyTransforms(encodedCookie, false); using (MemoryStream ms = new MemoryStream(decodedCookie)) { BinaryFormatter formatter = new BinaryFormatter(); securityContextToken = formatter.Deserialize(ms) as SecurityToken; } SessionSecurityToken sessionToken = securityContextToken as SessionSecurityToken; if (sessionToken != null && sessionToken.ContextId != contextId) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.ID4229, sessionToken.ContextId, contextId))); } if (sessionToken != null && sessionToken.Id != id) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.ID4227, sessionToken.Id, id))); } } } else { // // SessionMode // // Get the token from the Cache. SecurityToken cachedToken = null; SecurityContextKeyIdentifierClause sctClause = null; if (keyGeneration == null) { sctClause = new SecurityContextKeyIdentifierClause(contextId); } else { sctClause = new SecurityContextKeyIdentifierClause(contextId, keyGeneration); } tokenResolver.TryResolveToken(sctClause, out cachedToken); if (cachedToken != null) { securityContextToken = cachedToken; } } dicReader.ReadEndElement(); if (securityContextToken == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.ID4243))); } return securityContextToken; }
SecurityKeyIdentifierClause ReadSecurityTokenReference (XmlReader reader) { reader.ReadStartElement (); reader.MoveToContent (); if (reader.NamespaceURI == SignedXml.XmlDsigNamespaceUrl) { KeyInfoX509Data x509 = new KeyInfoX509Data (); x509.LoadXml (new XmlDocument ().ReadNode (reader) as XmlElement); if (x509.IssuerSerials.Count == 0) throw new XmlException ("'X509IssuerSerial' element is expected inside 'X509Data' element"); X509IssuerSerial s = (X509IssuerSerial) x509.IssuerSerials [0]; reader.MoveToContent (); reader.ReadEndElement (); return new X509IssuerSerialKeyIdentifierClause (s.IssuerName, s.SerialNumber); } if (reader.NamespaceURI != Constants.WssNamespace) throw new XmlException (String.Format ("Unexpected SecurityTokenReference content: expected local name 'Reference' and namespace URI '{0}' but found local name '{1}' and namespace '{2}'.", Constants.WssNamespace, reader.LocalName, reader.NamespaceURI)); switch (reader.LocalName) { case "Reference": Type ownerType = null; // FIXME: there could be more token types. if (reader.MoveToAttribute ("ValueType")) { switch (reader.Value) { case Constants.WSSEncryptedKeyToken: ownerType = typeof (WrappedKeySecurityToken); break; case Constants.WSSX509Token: ownerType = typeof (X509SecurityToken); break; case Constants.WsscContextToken: ownerType = typeof (SecurityContextSecurityToken); break; default: throw new XmlException (String.Format ("Unexpected ValueType in 'Reference' element: '{0}'", reader.Value)); } } reader.MoveToElement (); string uri = reader.GetAttribute ("URI"); if (String.IsNullOrEmpty (uri)) uri = "#"; SecurityKeyIdentifierClause ic = null; if (ownerType == typeof (SecurityContextSecurityToken) && uri [0] != '#') // FIXME: Generation? ic = new SecurityContextKeyIdentifierClause (new UniqueId (uri)); else ic = new LocalIdKeyIdentifierClause (uri.Substring (1), ownerType); reader.Skip (); reader.MoveToContent (); reader.ReadEndElement (); return ic; case "KeyIdentifier": string valueType = reader.GetAttribute ("ValueType"); string value = reader.ReadElementContentAsString (); reader.MoveToContent (); reader.ReadEndElement (); // consume </Reference> switch (valueType) { case Constants.WssKeyIdentifierX509Thumbptint: return new X509ThumbprintKeyIdentifierClause (Convert.FromBase64String (value)); case Constants.WssKeyIdentifierEncryptedKey: return new InternalEncryptedKeyIdentifierClause (Convert.FromBase64String (value)); case Constants.WssKeyIdentifierSamlAssertion: return new SamlAssertionKeyIdentifierClause (value); default: // It is kinda weird but it throws XmlException here ... throw new XmlException (String.Format ("KeyIdentifier type '{0}' is not supported in WSSecurityTokenSerializer.", valueType)); } default: throw new XmlException (String.Format ("Unexpected SecurityTokenReference content: expected local name 'Reference' and namespace URI '{0}' but found local name '{1}' and namespace '{2}'.", Constants.WssNamespace, reader.LocalName, reader.NamespaceURI)); } }