protected override SecurityKeyIdentifierClause CreateKeyIdentifierClause( System.IdentityModel.Tokens.SecurityToken token, SecurityTokenReferenceStyle referenceStyle )
{
if ( referenceStyle == SecurityTokenReferenceStyle.Internal )
return token.CreateKeyIdentifierClause<LocalIdKeyIdentifierClause>();
throw new NotSupportedException( "External references are not supported for tokens" );
}
internal protected override SecurityKeyIdentifierClause CreateKeyIdentifierClause(SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
if (token is GenericXmlSecurityToken)
return base.CreateGenericXmlTokenKeyIdentifierClause(token, referenceStyle);
else
return this.CreateKeyIdentifierClause<SecurityContextKeyIdentifierClause, LocalIdKeyIdentifierClause>(token, referenceStyle);
}
public static void Validate(SecurityTokenReferenceStyle value)
{
if (!IsDefined(value))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidEnumArgumentException("value", (int) value, typeof(SecurityTokenReferenceStyle)));
}
}
protected internal override SecurityKeyIdentifierClause CreateKeyIdentifierClause(SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
if (referenceStyle == SecurityTokenReferenceStyle.Internal)
{
return token.CreateKeyIdentifierClause<LocalIdKeyIdentifierClause>();
}
return null;
}
public static bool IsDefined(SecurityTokenReferenceStyle value)
{
if (value != SecurityTokenReferenceStyle.External)
{
return (value == SecurityTokenReferenceStyle.Internal);
}
return true;
}
internal protected override SecurityKeyIdentifierClause CreateKeyIdentifierClause(SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
SecurityKeyIdentifierClause result = null;
switch (this.x509ReferenceStyle)
{
default:
case X509KeyIdentifierClauseType.Any:
if (referenceStyle == SecurityTokenReferenceStyle.External)
{
X509SecurityToken x509Token = token as X509SecurityToken;
if (x509Token != null)
{
X509SubjectKeyIdentifierClause x509KeyIdentifierClause;
if (X509SubjectKeyIdentifierClause.TryCreateFrom(x509Token.Certificate, out x509KeyIdentifierClause))
{
result = x509KeyIdentifierClause;
}
}
else
{
X509WindowsSecurityToken windowsX509Token = token as X509WindowsSecurityToken;
if (windowsX509Token != null)
{
X509SubjectKeyIdentifierClause x509KeyIdentifierClause;
if (X509SubjectKeyIdentifierClause.TryCreateFrom(windowsX509Token.Certificate, out x509KeyIdentifierClause))
{
result = x509KeyIdentifierClause;
}
}
}
if (result == null)
result = token.CreateKeyIdentifierClause<X509IssuerSerialKeyIdentifierClause>();
if (result == null)
result = token.CreateKeyIdentifierClause<X509ThumbprintKeyIdentifierClause>();
}
else
result = token.CreateKeyIdentifierClause<LocalIdKeyIdentifierClause>();
break;
case X509KeyIdentifierClauseType.Thumbprint:
result = this.CreateKeyIdentifierClause<X509ThumbprintKeyIdentifierClause, LocalIdKeyIdentifierClause>(token, referenceStyle);
break;
case X509KeyIdentifierClauseType.SubjectKeyIdentifier:
result = this.CreateKeyIdentifierClause<X509SubjectKeyIdentifierClause, LocalIdKeyIdentifierClause>(token, referenceStyle);
break;
case X509KeyIdentifierClauseType.IssuerSerial:
result = this.CreateKeyIdentifierClause<X509IssuerSerialKeyIdentifierClause, LocalIdKeyIdentifierClause>(token, referenceStyle);
break;
case X509KeyIdentifierClauseType.RawDataKeyIdentifier:
result = this.CreateKeyIdentifierClause<X509RawDataKeyIdentifierClause, LocalIdKeyIdentifierClause>(token, referenceStyle);
break;
}
return result;
}
protected override SecurityKeyIdentifierClause CreateKeyIdentifierClause (
SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
if (token == null)
throw new ArgumentNullException ("token");
RsaSecurityToken rt = token as RsaSecurityToken;
if (rt == null)
throw new NotSupportedException (String.Format ("Cannot create a key identifier clause from this security token '{0}'", token));
return new RsaKeyIdentifierClause (rt.Rsa);
}
protected override SecurityKeyIdentifierClause CreateKeyIdentifierClause(SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
if (referenceStyle == SecurityTokenReferenceStyle.Internal)
{
return token.CreateKeyIdentifierClause<LocalIdKeyIdentifierClause>();
}
else
{
throw new NotSupportedException("External references are not supported for credit card tokens");
}
}
protected override SecurityKeyIdentifierClause CreateKeyIdentifierClause (
SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
if (token == null)
throw new ArgumentNullException ("token");
if (token is UserNameSecurityToken &&
referenceStyle == SecurityTokenReferenceStyle.Internal)
return new LocalIdKeyIdentifierClause (token.Id);
// External reference is not supported.
throw new NotSupportedException (String.Format ("This security token '{0}' with {1} reference mode is not supported.", token, referenceStyle));
}
private WrappedKeySecurityToken CreateWrappedKeyToken(SecurityToken wrappingToken, SecurityTokenParameters wrappingTokenParameters, SecurityTokenReferenceStyle wrappingTokenReferenceStyle)
{
int keyLength = Math.Max(0x80, this.Factory.OutgoingAlgorithmSuite.DefaultSymmetricKeyLength);
CryptoHelper.ValidateSymmetricKeyLength(keyLength, this.Factory.OutgoingAlgorithmSuite);
byte[] buffer = new byte[keyLength / 8];
CryptoHelper.FillRandomBytes(buffer);
string id = System.ServiceModel.Security.SecurityUtils.GenerateId();
string defaultAsymmetricKeyWrapAlgorithm = this.Factory.OutgoingAlgorithmSuite.DefaultAsymmetricKeyWrapAlgorithm;
SecurityKeyIdentifierClause clause = wrappingTokenParameters.CreateKeyIdentifierClause(wrappingToken, wrappingTokenReferenceStyle);
SecurityKeyIdentifier wrappingTokenReference = new SecurityKeyIdentifier();
wrappingTokenReference.Add(clause);
return new WrappedKeySecurityToken(id, buffer, defaultAsymmetricKeyWrapAlgorithm, wrappingToken, wrappingTokenReference);
}
public void Add(SecurityToken token, SecurityTokenReferenceStyle allowedReferenceStyle, SecurityTokenParameters tokenParameters)
{
if (token == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token");
}
if ((allowedReferenceStyle == SecurityTokenReferenceStyle.External) && (tokenParameters == null))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("ResolvingExternalTokensRequireSecurityTokenParameters"));
}
this.EnsureCapacityToAddToken();
this.tokens[this.tokenCount++] = new SecurityTokenEntry(token, tokenParameters, allowedReferenceStyle);
}
protected internal override bool MatchesKeyIdentifierClause(SecurityToken token, SecurityKeyIdentifierClause keyIdentifierClause, SecurityTokenReferenceStyle referenceStyle)
{
if (referenceStyle != SecurityTokenReferenceStyle.Internal)
{
return false;
}
LocalIdKeyIdentifierClause clause = keyIdentifierClause as LocalIdKeyIdentifierClause;
if (clause == null)
{
return false;
}
return (clause.LocalId == token.Id);
}
public static void AssertSecurityTokenParameters (
SecurityTokenInclusionMode protectionTokenInclusionMode,
SecurityTokenReferenceStyle protectionTokenReferenceStyle,
bool protectionTokenRequireDerivedKeys,
SecurityTokenParameters tp, string label)
{
Assert.IsNotNull (tp, label + " IsNotNull");
Assert.AreEqual (protectionTokenInclusionMode,
tp.InclusionMode, label + ".InclusionMode");
Assert.AreEqual (protectionTokenReferenceStyle,
tp.ReferenceStyle, label + ".ReferenceStyle");
Assert.AreEqual (protectionTokenRequireDerivedKeys,
tp.RequireDerivedKeys, label + ".RequireDerivedKeys");
}
protected internal override SecurityKeyIdentifierClause CreateKeyIdentifierClause(SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
SecurityKeyIdentifierClause clause = null;
switch (this.x509ReferenceStyle)
{
case X509KeyIdentifierClauseType.Thumbprint:
return base.CreateKeyIdentifierClause<X509ThumbprintKeyIdentifierClause, LocalIdKeyIdentifierClause>(token, referenceStyle);
case X509KeyIdentifierClauseType.IssuerSerial:
return base.CreateKeyIdentifierClause<X509IssuerSerialKeyIdentifierClause, LocalIdKeyIdentifierClause>(token, referenceStyle);
case X509KeyIdentifierClauseType.SubjectKeyIdentifier:
return base.CreateKeyIdentifierClause<X509SubjectKeyIdentifierClause, LocalIdKeyIdentifierClause>(token, referenceStyle);
case X509KeyIdentifierClauseType.RawDataKeyIdentifier:
return base.CreateKeyIdentifierClause<X509RawDataKeyIdentifierClause, LocalIdKeyIdentifierClause>(token, referenceStyle);
}
if (referenceStyle == SecurityTokenReferenceStyle.External)
{
X509SecurityToken token2 = token as X509SecurityToken;
if (token2 != null)
{
X509SubjectKeyIdentifierClause clause2;
if (X509SubjectKeyIdentifierClause.TryCreateFrom(token2.Certificate, out clause2))
{
clause = clause2;
}
}
else
{
X509SubjectKeyIdentifierClause clause3;
X509WindowsSecurityToken token3 = token as X509WindowsSecurityToken;
if ((token3 != null) && X509SubjectKeyIdentifierClause.TryCreateFrom(token3.Certificate, out clause3))
{
clause = clause3;
}
}
if (clause == null)
{
clause = token.CreateKeyIdentifierClause<X509IssuerSerialKeyIdentifierClause>();
}
if (clause == null)
{
clause = token.CreateKeyIdentifierClause<X509ThumbprintKeyIdentifierClause>();
}
return clause;
}
return token.CreateKeyIdentifierClause<LocalIdKeyIdentifierClause>();
}
protected virtual bool MatchesKeyIdentifierClause (
SecurityToken token,
SecurityKeyIdentifierClause keyIdentifierClause,
SecurityTokenReferenceStyle referenceStyle)
{
throw new NotImplementedException ();
}
protected override SecurityKeyIdentifierClause CreateKeyIdentifierClause (
SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
throw new NotImplementedException ();
}
protected internal virtual new bool MatchesKeyIdentifierClause(System.IdentityModel.Tokens.SecurityToken token, System.IdentityModel.Tokens.SecurityKeyIdentifierClause keyIdentifierClause, SecurityTokenReferenceStyle referenceStyle)
{
return default(bool);
}
internal bool TryCreateKeyIdentifierClauseFromTokenXml(XmlElement element, SecurityTokenReferenceStyle tokenReferenceStyle, out SecurityKeyIdentifierClause securityKeyIdentifierClause)
{
return(this.WSSecurityTokenSerializer.TryCreateKeyIdentifierClauseFromTokenXml(element, tokenReferenceStyle, out securityKeyIdentifierClause));
}
internal protected virtual bool MatchesKeyIdentifierClause(SecurityToken token, SecurityKeyIdentifierClause keyIdentifierClause, SecurityTokenReferenceStyle referenceStyle)
{
if (token == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token");
}
if (token is GenericXmlSecurityToken)
{
return(MatchesGenericXmlTokenKeyIdentifierClause(token, keyIdentifierClause, referenceStyle));
}
bool result;
switch (referenceStyle)
{
default:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(
SR.GetString(SR.TokenDoesNotSupportKeyIdentifierClauseCreation, token.GetType().Name, referenceStyle)));
case SecurityTokenReferenceStyle.External:
if (keyIdentifierClause is LocalIdKeyIdentifierClause)
{
result = false;
}
else
{
result = token.MatchesKeyIdentifierClause(keyIdentifierClause);
}
break;
case SecurityTokenReferenceStyle.Internal:
result = token.MatchesKeyIdentifierClause(keyIdentifierClause);
break;
}
return(result);
}
protected internal override SecurityKeyIdentifierClause CreateKeyIdentifierClause(SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
if (token is GenericXmlSecurityToken)
{
return(base.CreateGenericXmlTokenKeyIdentifierClause(token, referenceStyle));
}
return(base.CreateKeyIdentifierClause <SecurityContextKeyIdentifierClause, LocalIdKeyIdentifierClause>(token, referenceStyle));
}
internal protected override SecurityKeyIdentifierClause CreateKeyIdentifierClause(SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
SecurityKeyIdentifierClause result = null;
switch (this.x509ReferenceStyle)
{
default:
case X509KeyIdentifierClauseType.Any:
if (referenceStyle == SecurityTokenReferenceStyle.External)
{
X509SecurityToken x509Token = token as X509SecurityToken;
if (x509Token != null)
{
X509SubjectKeyIdentifierClause x509KeyIdentifierClause;
if (X509SubjectKeyIdentifierClause.TryCreateFrom(x509Token.Certificate, out x509KeyIdentifierClause))
{
result = x509KeyIdentifierClause;
}
}
else
{
X509WindowsSecurityToken windowsX509Token = token as X509WindowsSecurityToken;
if (windowsX509Token != null)
{
X509SubjectKeyIdentifierClause x509KeyIdentifierClause;
if (X509SubjectKeyIdentifierClause.TryCreateFrom(windowsX509Token.Certificate, out x509KeyIdentifierClause))
{
result = x509KeyIdentifierClause;
}
}
}
if (result == null)
{
result = token.CreateKeyIdentifierClause <X509IssuerSerialKeyIdentifierClause>();
}
if (result == null)
{
result = token.CreateKeyIdentifierClause <X509ThumbprintKeyIdentifierClause>();
}
}
else
{
result = token.CreateKeyIdentifierClause <LocalIdKeyIdentifierClause>();
}
break;
case X509KeyIdentifierClauseType.Thumbprint:
result = this.CreateKeyIdentifierClause <X509ThumbprintKeyIdentifierClause, LocalIdKeyIdentifierClause>(token, referenceStyle);
break;
case X509KeyIdentifierClauseType.SubjectKeyIdentifier:
result = this.CreateKeyIdentifierClause <X509SubjectKeyIdentifierClause, LocalIdKeyIdentifierClause>(token, referenceStyle);
break;
case X509KeyIdentifierClauseType.IssuerSerial:
result = this.CreateKeyIdentifierClause <X509IssuerSerialKeyIdentifierClause, LocalIdKeyIdentifierClause>(token, referenceStyle);
break;
case X509KeyIdentifierClauseType.RawDataKeyIdentifier:
result = this.CreateKeyIdentifierClause <X509RawDataKeyIdentifierClause, LocalIdKeyIdentifierClause>(token, referenceStyle);
break;
}
return(result);
}
protected override SecurityKeyIdentifierClause CreateKeyIdentifierClause(SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
if (referenceStyle == SecurityTokenReferenceStyle.Internal)
{
return(token.CreateKeyIdentifierClause <LocalIdKeyIdentifierClause>());
}
throw new NotSupportedException("External references are not supported for connect tokens");
}
protected override SecurityKeyIdentifierClause CreateKeyIdentifierClause(
SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
throw new NotImplementedException();
}
public virtual SecurityKeyIdentifierClause CreateKeyIdentifierClauseFromTokenXml(XmlElement element, SecurityTokenReferenceStyle tokenReferenceStyle)
{
if (element == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(element));
}
for (int i = 0; i < _tokenEntries.Count; i++)
{
TokenEntry tokenEntry = _tokenEntries[i];
if (tokenEntry.CanReadTokenCore(element))
{
try
{
return(tokenEntry.CreateKeyIdentifierClauseFromTokenXmlCore(element, tokenReferenceStyle));
}
catch (Exception e)
{
if (!ShouldWrapException(e))
{
throw;
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.ErrorDeserializingKeyIdentifierClauseFromTokenXml, e));
}
}
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.Format(SR.CannotReadToken, element.LocalName, element.NamespaceURI, element.GetAttribute(SecurityJan2004Strings.ValueType, null))));
}
public abstract SecurityKeyIdentifierClause CreateKeyIdentifierClauseFromTokenXmlCore(XmlElement issuedTokenXml, SecurityTokenReferenceStyle tokenReferenceStyle);
public virtual bool TryCreateKeyIdentifierClauseFromTokenXml(XmlElement element, SecurityTokenReferenceStyle tokenReferenceStyle, out SecurityKeyIdentifierClause securityKeyIdentifierClause)
{
if (element == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(element));
}
securityKeyIdentifierClause = null;
try
{
securityKeyIdentifierClause = CreateKeyIdentifierClauseFromTokenXml(element, tokenReferenceStyle);
}
catch (XmlException)
{
return(false);
}
return(true);
}
public override SecurityKeyIdentifierClause CreateKeyIdentifierClauseFromTokenXml(XmlElement element, SecurityTokenReferenceStyle tokenReferenceStyle)
{
return(null);
}
internal bool MatchesGenericXmlTokenKeyIdentifierClause(SecurityToken token, SecurityKeyIdentifierClause keyIdentifierClause, SecurityTokenReferenceStyle referenceStyle)
{
if (token == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token");
}
bool result;
GenericXmlSecurityToken xmlToken = token as GenericXmlSecurityToken;
if (xmlToken == null)
{
result = false;
}
else if (referenceStyle == SecurityTokenReferenceStyle.External && xmlToken.ExternalTokenReference != null)
{
result = xmlToken.ExternalTokenReference.Matches(keyIdentifierClause);
}
else if (referenceStyle == SecurityTokenReferenceStyle.Internal)
{
result = xmlToken.MatchesKeyIdentifierClause(keyIdentifierClause);
}
else
{
result = false;
}
return(result);
}
internal protected override SecurityKeyIdentifierClause CreateKeyIdentifierClause(SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
if (token is GenericXmlSecurityToken)
{
return(base.CreateGenericXmlTokenKeyIdentifierClause(token, referenceStyle));
}
else
{
return(this.CreateKeyIdentifierClause <SamlAssertionKeyIdentifierClause, SamlAssertionKeyIdentifierClause>(token, referenceStyle));
}
}
private WrappedKeySecurityToken CreateWrappedKeyToken(SecurityToken wrappingToken, SecurityTokenParameters wrappingTokenParameters, SecurityTokenReferenceStyle wrappingTokenReferenceStyle)
{
int keyLength = Math.Max(0x80, this.Factory.OutgoingAlgorithmSuite.DefaultSymmetricKeyLength);
CryptoHelper.ValidateSymmetricKeyLength(keyLength, this.Factory.OutgoingAlgorithmSuite);
byte[] buffer = new byte[keyLength / 8];
CryptoHelper.FillRandomBytes(buffer);
string id = System.ServiceModel.Security.SecurityUtils.GenerateId();
string defaultAsymmetricKeyWrapAlgorithm = this.Factory.OutgoingAlgorithmSuite.DefaultAsymmetricKeyWrapAlgorithm;
SecurityKeyIdentifierClause clause = wrappingTokenParameters.CreateKeyIdentifierClause(wrappingToken, wrappingTokenReferenceStyle);
SecurityKeyIdentifier wrappingTokenReference = new SecurityKeyIdentifier();
wrappingTokenReference.Add(clause);
return(new WrappedKeySecurityToken(id, buffer, defaultAsymmetricKeyWrapAlgorithm, wrappingToken, wrappingTokenReference));
}
protected internal override System.IdentityModel.Tokens.SecurityKeyIdentifierClause CreateKeyIdentifierClause(System.IdentityModel.Tokens.SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
return(default(System.IdentityModel.Tokens.SecurityKeyIdentifierClause));
}
public override SecurityKeyIdentifierClause CreateKeyIdentifierClauseFromTokenXmlCore(XmlElement issuedTokenXml, SecurityTokenReferenceStyle tokenReferenceStyle)
{
TokenReferenceStyleHelper.Validate(tokenReferenceStyle);
if (tokenReferenceStyle == SecurityTokenReferenceStyle.Internal)
{
return(WSSecurityTokenSerializer.TokenEntry.CreateDirectReference(issuedTokenXml, "Id", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", typeof(SecurityContextSecurityToken)));
}
if (tokenReferenceStyle != SecurityTokenReferenceStyle.External)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError((Exception) new ArgumentOutOfRangeException("tokenReferenceStyle"));
}
UniqueId contextId = (UniqueId)null;
UniqueId generation = (UniqueId)null;
foreach (XmlNode childNode in issuedTokenXml.ChildNodes)
{
XmlElement element = childNode as XmlElement;
if (element != null)
{
if (element.LocalName == this.parent.SerializerDictionary.Identifier.Value && element.NamespaceURI == this.parent.SerializerDictionary.Namespace.Value)
{
contextId = XmlHelper.ReadTextElementAsUniqueId(element);
}
else if (this.CanReadGeneration(element))
{
generation = this.ReadGeneration(element);
}
}
}
return((SecurityKeyIdentifierClause) new SecurityContextKeyIdentifierClause(contextId, generation));
}
public SecurityKeyIdentifierClause CallCreateKeyIdentifierClause(
SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
return(CreateKeyIdentifierClause(token, referenceStyle));
}
internal SecurityKeyIdentifierClause CreateKeyIdentifierClause <TExternalClause, TInternalClause>(SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
where TExternalClause : SecurityKeyIdentifierClause
where TInternalClause : SecurityKeyIdentifierClause
{
if (token == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token");
}
SecurityKeyIdentifierClause result;
switch (referenceStyle)
{
default:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(
SR.GetString(SR.TokenDoesNotSupportKeyIdentifierClauseCreation, token.GetType().Name, referenceStyle)));
case SecurityTokenReferenceStyle.External:
result = token.CreateKeyIdentifierClause <TExternalClause>();
break;
case SecurityTokenReferenceStyle.Internal:
result = token.CreateKeyIdentifierClause <TInternalClause>();
break;
}
return(result);
}
internal protected abstract SecurityKeyIdentifierClause CreateKeyIdentifierClause(SecurityToken token, SecurityTokenReferenceStyle referenceStyle);
public SecurityTokenEntry(SecurityToken token, SecurityTokenParameters tokenParameters, SecurityTokenReferenceStyle allowedReferenceStyle)
{
this.token = token;
this.tokenParameters = tokenParameters;
this.allowedReferenceStyle = allowedReferenceStyle;
}
internal protected override SecurityKeyIdentifierClause CreateKeyIdentifierClause(SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
return(base.CreateKeyIdentifierClause <KerberosTicketHashKeyIdentifierClause, LocalIdKeyIdentifierClause>(token, referenceStyle));
}
internal SecurityKeyIdentifierClause CreateGenericXmlTokenKeyIdentifierClause(SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
GenericXmlSecurityToken xmlToken = token as GenericXmlSecurityToken;
if (xmlToken != null)
{
if (referenceStyle == SecurityTokenReferenceStyle.Internal && xmlToken.InternalTokenReference != null)
{
return(xmlToken.InternalTokenReference);
}
if (referenceStyle == SecurityTokenReferenceStyle.External && xmlToken.ExternalTokenReference != null)
{
return(xmlToken.ExternalTokenReference);
}
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.UnableToCreateTokenReference)));
}
public override SecurityKeyIdentifierClause CreateKeyIdentifierClauseFromTokenXmlCore(XmlElement issuedTokenXml,
SecurityTokenReferenceStyle tokenReferenceStyle)
{
TokenReferenceStyleHelper.Validate(tokenReferenceStyle);
switch (tokenReferenceStyle)
{
case SecurityTokenReferenceStyle.Internal:
return(CreateDirectReference(issuedTokenXml, UtilityStrings.IdAttribute, UtilityStrings.Namespace, TokenType));
case SecurityTokenReferenceStyle.External:
string encoding = issuedTokenXml.GetAttribute(EncodingTypeAttributeString, null);
string encodedData = issuedTokenXml.InnerText;
byte[] binaryData;
if (encoding == null || encoding == EncodingTypeValueBase64Binary)
{
binaryData = Convert.FromBase64String(encodedData);
}
else if (encoding == EncodingTypeValueHexBinary)
{
binaryData = HexBinary.Parse(encodedData).Value;
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.UnknownEncodingInBinarySecurityToken));
}
return(CreateKeyIdentifierClauseFromBinaryCore(binaryData));
default:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException(nameof(tokenReferenceStyle)));
}
}
public override SecurityKeyIdentifierClause CreateKeyIdentifierClauseFromTokenXmlCore(XmlElement issuedTokenXml,
SecurityTokenReferenceStyle tokenReferenceStyle)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
public override SecurityKeyIdentifierClause CreateKeyIdentifierClauseFromTokenXmlCore(XmlElement issuedTokenXml,
SecurityTokenReferenceStyle tokenReferenceStyle)
{
TokenReferenceStyleHelper.Validate(tokenReferenceStyle);
switch (tokenReferenceStyle)
{
case SecurityTokenReferenceStyle.Internal:
return CreateDirectReference(issuedTokenXml, XmlEncryptionStrings.Id, null, null);
case SecurityTokenReferenceStyle.External:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.CantInferReferenceForToken, EncryptedKey.ElementName.Value)));
default:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("tokenReferenceStyle"));
}
}
public SecurityTokenEntry(SecurityToken token, SecurityTokenParameters tokenParameters, SecurityTokenReferenceStyle allowedReferenceStyle)
{
this.token = token;
this.tokenParameters = tokenParameters;
this.allowedReferenceStyle = allowedReferenceStyle;
}
internal protected override SecurityKeyIdentifierClause CreateKeyIdentifierClause(SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
return base.CreateKeyIdentifierClause<EncryptedKeyHashIdentifierClause, LocalIdKeyIdentifierClause>(token, referenceStyle);
}
protected override SecurityKeyIdentifierClause CreateKeyIdentifierClause (
SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
RsaSecurityToken r = token as RsaSecurityToken;
return r.CreateKeyIdentifierClause <RsaKeyIdentifierClause> ();
}
protected internal abstract System.IdentityModel.Tokens.SecurityKeyIdentifierClause CreateKeyIdentifierClause(System.IdentityModel.Tokens.SecurityToken token, SecurityTokenReferenceStyle referenceStyle);
protected internal override SecurityKeyIdentifierClause CreateKeyIdentifierClause(SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
return base.CreateKeyIdentifierClause<KerberosTicketHashKeyIdentifierClause, LocalIdKeyIdentifierClause>(token, referenceStyle);
}
protected abstract SecurityKeyIdentifierClause CreateKeyIdentifierClause ( SecurityToken token, SecurityTokenReferenceStyle referenceStyle);
public override SecurityKeyIdentifierClause CreateKeyIdentifierClauseFromTokenXmlCore(XmlElement issuedTokenXml, SecurityTokenReferenceStyle tokenReferenceStyle)
{
TokenReferenceStyleHelper.Validate(tokenReferenceStyle);
if (tokenReferenceStyle == SecurityTokenReferenceStyle.Internal)
{
return(WSSecurityTokenSerializer.TokenEntry.CreateDirectReference(issuedTokenXml, "Id", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", typeof(DerivedKeySecurityToken)));
}
if (tokenReferenceStyle == SecurityTokenReferenceStyle.External)
{
return((SecurityKeyIdentifierClause)null);
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError((Exception) new ArgumentOutOfRangeException("tokenReferenceStyle"));
}
internal SecurityKeyIdentifierClause CreateKeyIdentifierClauseFromTokenXml(XmlElement element, SecurityTokenReferenceStyle tokenReferenceStyle)
{
return(this.WSSecurityTokenSerializer.CreateKeyIdentifierClauseFromTokenXml(element, tokenReferenceStyle));
}
public static bool IsDefined(SecurityTokenReferenceStyle value)
{
return(value == SecurityTokenReferenceStyle.External || value == SecurityTokenReferenceStyle.Internal);
}
protected override SecurityKeyIdentifierClause CreateKeyIdentifierClause (
SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
if (token == null)
throw new ArgumentNullException ("token");
if (referenceStyle == SecurityTokenReferenceStyle.Internal)
return new LocalIdKeyIdentifierClause (token.Id, token.GetType ());
switch (reference_style) {
default:
return token.CreateKeyIdentifierClause<X509IssuerSerialKeyIdentifierClause> ();
case X509KeyIdentifierClauseType.Thumbprint:
return token.CreateKeyIdentifierClause<X509ThumbprintKeyIdentifierClause> ();
case X509KeyIdentifierClauseType.SubjectKeyIdentifier:
return token.CreateKeyIdentifierClause<X509SubjectKeyIdentifierClause> ();
case X509KeyIdentifierClauseType.RawDataKeyIdentifier:
return token.CreateKeyIdentifierClause<X509RawDataKeyIdentifierClause> ();
case X509KeyIdentifierClauseType.Any:
if (token.CanCreateKeyIdentifierClause<X509SubjectKeyIdentifierClause> ())
goto case X509KeyIdentifierClauseType.SubjectKeyIdentifier;
goto default;
}
}
public virtual XmlElement CreateReferenceStyleAssertion(SecurityTokenReferenceStyle referenceStyle)
{
switch (referenceStyle)
{
default:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("referenceStyle"));
case SecurityTokenReferenceStyle.External:
return CreateWsspAssertion(RequireExternalReferenceName);
case SecurityTokenReferenceStyle.Internal:
return CreateWsspAssertion(RequireInternalReferenceName);
}
}
internal protected override SecurityKeyIdentifierClause CreateKeyIdentifierClause(SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
return this.CreateKeyIdentifierClause<SecurityKeyIdentifierClause, LocalIdKeyIdentifierClause>(token, referenceStyle);
}
internal protected override SecurityKeyIdentifierClause CreateKeyIdentifierClause(SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
if (token is GenericXmlSecurityToken)
{
return(base.CreateGenericXmlTokenKeyIdentifierClause(token, referenceStyle));
}
else
{
throw new NotImplementedException();
}
//TODO
// return this.CreateKeyIdentifierClause<SamlAssertionKeyIdentifierClause, SamlAssertionKeyIdentifierClause>(token, referenceStyle);
}
protected internal override SecurityKeyIdentifierClause CreateKeyIdentifierClause(SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
if (token is GenericXmlSecurityToken)
{
return base.CreateGenericXmlTokenKeyIdentifierClause(token, referenceStyle);
}
return base.CreateKeyIdentifierClause<SamlAssertionKeyIdentifierClause, SamlAssertionKeyIdentifierClause>(token, referenceStyle);
}
internal protected override SecurityKeyIdentifierClause CreateKeyIdentifierClause(SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
return(this.CreateKeyIdentifierClause <SecurityKeyIdentifierClause, LocalIdKeyIdentifierClause>(token, referenceStyle));
}
protected internal override System.IdentityModel.Tokens.SecurityKeyIdentifierClause CreateKeyIdentifierClause(System.IdentityModel.Tokens.SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
return default(System.IdentityModel.Tokens.SecurityKeyIdentifierClause);
}
protected internal override SecurityKeyIdentifierClause CreateKeyIdentifierClause(SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
if (referenceStyle == SecurityTokenReferenceStyle.Internal)
{
return(token.CreateKeyIdentifierClause <LocalIdKeyIdentifierClause>());
}
return(null);
}
public SecurityKeyIdentifierClause CallCreateKeyIdentifierClause (
SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
return CreateKeyIdentifierClause (token, referenceStyle);
}
protected internal override bool MatchesKeyIdentifierClause(SecurityToken token, SecurityKeyIdentifierClause keyIdentifierClause, SecurityTokenReferenceStyle referenceStyle)
{
if (referenceStyle != SecurityTokenReferenceStyle.Internal)
{
return(false);
}
LocalIdKeyIdentifierClause clause = keyIdentifierClause as LocalIdKeyIdentifierClause;
if (clause == null)
{
return(false);
}
return(clause.LocalId == token.Id);
}
