public override SecurityToken ReadTokenCore(XmlDictionaryReader reader, SecurityTokenResolver tokenResolver)
{
string secretType = reader.GetAttribute(XD.SecurityJan2004Dictionary.TypeAttribute, null);
string id = reader.GetAttribute(XD.UtilityDictionary.IdAttribute, XD.UtilityDictionary.Namespace);
bool isNonce = false;
if (secretType != null && secretType.Length > 0)
{
if (secretType == _parent.SerializerDictionary.NonceBinarySecret.Value || secretType == _otherDictionary.NonceBinarySecret.Value)
{
isNonce = true;
}
else if (secretType != _parent.SerializerDictionary.SymmetricKeyBinarySecret.Value && secretType != _otherDictionary.SymmetricKeyBinarySecret.Value)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(string.Format(SRServiceModel.UnexpectedBinarySecretType, _parent.SerializerDictionary.SymmetricKeyBinarySecret.Value, secretType)));
}
}
byte[] secret = reader.ReadElementContentAsBase64();
if (isNonce)
{
return(new NonceToken(id, secret));
}
else
{
return(new BinarySecretSecurityToken(id, secret));
}
}
/// <summary>
/// Overloads the base class method to load the custom policies from the config file
/// </summary>
/// <param name="nodelist">XmlNodeList containing the policy information read from the config file</param>
public override void LoadCustomConfiguration(XmlNodeList nodelist)
{
Expression <Func <ClaimsPrincipal, bool> > policyExpression;
foreach (XmlNode node in nodelist)
{
//
// Initialize the policy cache
//
XmlDictionaryReader rdr = XmlDictionaryReader.CreateDictionaryReader(new XmlTextReader(new StringReader(node.OuterXml)));
rdr.MoveToContent();
string resource = rdr.GetAttribute("resource");
string action = rdr.GetAttribute("action");
policyExpression = _policyReader.ReadPolicy(rdr);
//
// Compile the policy expression into a function
//
Func <ClaimsPrincipal, bool> policy = policyExpression.Compile();
//
// Insert the policy function into the policy cache
//
_policies[new ResourceAction(resource, action)] = policy;
}
}
static OleTxTransactionHeader ReadFrom(XmlDictionaryReader reader)
{
WsatExtendedInformation info = null;
if (reader.IsStartElement(XD.OleTxTransactionExternalDictionary.OleTxTransaction,
XD.OleTxTransactionExternalDictionary.Namespace))
{
string identifier = reader.GetAttribute(XD.CoordinationExternalDictionary.Identifier, CoordinationNamespace);
if (!string.IsNullOrEmpty(identifier))
{
// Verify identifier is really a URI
Uri uri;
if (!Uri.TryCreate(identifier, UriKind.Absolute, out uri))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.InvalidWsatExtendedInfo)));
}
}
string attr = reader.GetAttribute(XD.CoordinationExternalDictionary.Expires, CoordinationNamespace);
uint timeout = 0;
if (!string.IsNullOrEmpty(attr))
{
try
{
timeout = XmlConvert.ToUInt32(attr);
}
catch (FormatException e)
{
DiagnosticUtility.TraceHandledException(e, TraceEventType.Error);
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.InvalidWsatExtendedInfo), e));
}
catch (OverflowException e)
{
DiagnosticUtility.TraceHandledException(e, TraceEventType.Error);
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.InvalidWsatExtendedInfo), e));
}
}
if (!string.IsNullOrEmpty(identifier) || timeout != 0)
{
info = new WsatExtendedInformation(identifier, timeout);
}
}
reader.ReadFullStartElement(XD.OleTxTransactionExternalDictionary.OleTxTransaction,
XD.OleTxTransactionExternalDictionary.Namespace);
byte[] propagationToken = ReadPropagationTokenElement(reader);
// Skip extensibility elements...
while (reader.IsStartElement())
{
reader.Skip();
}
reader.ReadEndElement();
return(new OleTxTransactionHeader(propagationToken, info));
}
public override bool CanReadClause(XmlDictionaryReader reader, string tokenType)
{
if (tokenType != null && tokenType != parent.SerializerDictionary.SecurityContextTokenType.Value)
{
return(false);
}
if (reader.IsStartElement(
parent.SecurityTokenSerializer.DictionaryManager.SecurityJan2004Dictionary.Reference,
parent.SecurityTokenSerializer.DictionaryManager.SecurityJan2004Dictionary.Namespace))
{
string valueType = reader.GetAttribute(parent.SecurityTokenSerializer.DictionaryManager.SecurityJan2004Dictionary.ValueType, null);
if (valueType != null && valueType != parent.SerializerDictionary.SecurityContextTokenReferenceValueType.Value)
{
return(false);
}
string uri = reader.GetAttribute(parent.SecurityTokenSerializer.DictionaryManager.SecurityJan2004Dictionary.URI, null);
if (uri != null)
{
if (uri.Length > 0 && uri[0] != '#')
{
return(true);
}
}
}
return(false);
}
public void ReadFrom(XmlDictionaryReader reader, long maxBufferSize)
{
this.ValidateReadState();
reader.MoveToStartElement(this.OpeningElementName, NamespaceUri);
this.encoding = reader.GetAttribute(EncodingAttribute, null);
this.id = reader.GetAttribute(System.ServiceModel.XD.XmlEncryptionDictionary.Id, null) ?? System.ServiceModel.Security.SecurityUniqueId.Create().Value;
this.wsuId = reader.GetAttribute(System.ServiceModel.XD.XmlEncryptionDictionary.Id, System.ServiceModel.XD.UtilityDictionary.Namespace) ?? System.ServiceModel.Security.SecurityUniqueId.Create().Value;
this.mimeType = reader.GetAttribute(MimeTypeAttribute, null);
this.type = reader.GetAttribute(TypeAttribute, null);
this.ReadAdditionalAttributes(reader);
reader.Read();
if (reader.IsStartElement(EncryptionMethodElement.ElementName, NamespaceUri))
{
this.encryptionMethod.ReadFrom(reader);
}
if (this.tokenSerializer.CanReadKeyIdentifier(reader))
{
this.KeyIdentifier = this.tokenSerializer.ReadKeyIdentifier(reader);
}
reader.ReadStartElement(CipherDataElementName, NamespaceUri);
reader.ReadStartElement(CipherValueElementName, NamespaceUri);
if (maxBufferSize == 0L)
{
this.ReadCipherData(reader);
}
else
{
this.ReadCipherData(reader, maxBufferSize);
}
reader.ReadEndElement();
reader.ReadEndElement();
this.ReadAdditionalElements(reader);
reader.ReadEndElement();
this.State = EncryptionState.Read;
}
static IIdentity DeserializePrimaryIdentity(XmlDictionaryReader reader, SctClaimDictionary dictionary, XmlObjectSerializer serializer)
{
IIdentity identity = null;
if (reader.IsStartElement(dictionary.PrimaryIdentity, dictionary.EmptyString))
{
reader.ReadStartElement();
if (reader.IsStartElement(dictionary.WindowsSidIdentity, dictionary.EmptyString))
{
SecurityIdentifier sid = ReadSidAttribute(reader, dictionary);
string authenticationType = reader.GetAttribute(dictionary.AuthenticationType, dictionary.EmptyString);
reader.ReadStartElement();
string name = reader.ReadContentAsString();
identity = new WindowsSidIdentity(sid, name, authenticationType ?? String.Empty);
reader.ReadEndElement();
}
else if (reader.IsStartElement(dictionary.GenericIdentity, dictionary.EmptyString))
{
string authenticationType = reader.GetAttribute(dictionary.AuthenticationType, dictionary.EmptyString);
reader.ReadStartElement();
string name = reader.ReadContentAsString();
identity = SecurityUtils.CreateIdentity(name, authenticationType ?? String.Empty);
reader.ReadEndElement();
}
else
{
identity = (IIdentity)serializer.ReadObject(reader);
}
reader.ReadEndElement();
}
return(identity);
}
public void ReadFrom(XmlDictionaryReader reader, long maxBufferSize)
{
this.ValidateReadState();
reader.MoveToStartElement(this.OpeningElementName, EncryptedType.NamespaceUri);
this.encoding = reader.GetAttribute(EncryptedType.EncodingAttribute, (XmlDictionaryString)null);
this.id = reader.GetAttribute(System.IdentityModel.XD.XmlEncryptionDictionary.Id, (XmlDictionaryString)null) ?? SecurityUniqueId.Create().Value;
this.wsuId = reader.GetAttribute(System.IdentityModel.XD.XmlEncryptionDictionary.Id, System.IdentityModel.XD.UtilityDictionary.Namespace) ?? SecurityUniqueId.Create().Value;
this.mimeType = reader.GetAttribute(EncryptedType.MimeTypeAttribute, (XmlDictionaryString)null);
this.type = reader.GetAttribute(EncryptedType.TypeAttribute, (XmlDictionaryString)null);
this.ReadAdditionalAttributes(reader);
reader.Read();
if (reader.IsStartElement(EncryptedType.EncryptionMethodElement.ElementName, EncryptedType.NamespaceUri))
{
this.encryptionMethod.ReadFrom(reader);
}
if (this.tokenSerializer.CanReadKeyIdentifier((XmlReader)reader))
{
XmlElement xmlElement = (XmlElement)null;
XmlDictionaryReader dictionaryReader;
if (this.ShouldReadXmlReferenceKeyInfoClause)
{
xmlElement = new XmlDocument().ReadNode((XmlReader)reader) as XmlElement;
dictionaryReader = XmlDictionaryReader.CreateDictionaryReader((XmlReader) new XmlNodeReader((XmlNode)xmlElement));
}
else
{
dictionaryReader = reader;
}
try
{
this.KeyIdentifier = this.tokenSerializer.ReadKeyIdentifier((XmlReader)dictionaryReader);
}
catch (Exception ex)
{
if (Fx.IsFatal(ex) || !this.ShouldReadXmlReferenceKeyInfoClause)
{
throw;
}
else
{
this.keyIdentifier = this.ReadGenericXmlSecurityKeyIdentifier(XmlDictionaryReader.CreateDictionaryReader((XmlReader) new XmlNodeReader((XmlNode)xmlElement)), ex);
}
}
}
reader.ReadStartElement(EncryptedType.CipherDataElementName, EncryptedType.NamespaceUri);
reader.ReadStartElement(EncryptedType.CipherValueElementName, EncryptedType.NamespaceUri);
if (maxBufferSize == 0L)
{
this.ReadCipherData(reader);
}
else
{
this.ReadCipherData(reader, maxBufferSize);
}
reader.ReadEndElement();
reader.ReadEndElement();
this.ReadAdditionalElements(reader);
reader.ReadEndElement();
this.State = EncryptedType.EncryptionState.Read;
}
public override void ReadFrom(XmlDictionaryReader reader, DictionaryManager dictionaryManager)
{
XmlDictionaryString localName = this.isCanonicalizationMethod ? dictionaryManager.XmlSignatureDictionary.CanonicalizationMethod : dictionaryManager.XmlSignatureDictionary.Transform;
reader.MoveToStartElement(localName, dictionaryManager.XmlSignatureDictionary.Namespace);
this.prefix = reader.Prefix;
bool isEmptyElement = reader.IsEmptyElement;
if (reader.GetAttribute(dictionaryManager.XmlSignatureDictionary.Algorithm, null) != this.Algorithm)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new CryptographicException(System.IdentityModel.SR.GetString("AlgorithmMismatchForTransform")));
}
reader.Read();
reader.MoveToContent();
if (!isEmptyElement)
{
if (reader.IsStartElement(dictionaryManager.ExclusiveC14NDictionary.InclusiveNamespaces, dictionaryManager.ExclusiveC14NDictionary.Namespace))
{
reader.MoveToStartElement(dictionaryManager.ExclusiveC14NDictionary.InclusiveNamespaces, dictionaryManager.ExclusiveC14NDictionary.Namespace);
this.inclusiveListElementPrefix = reader.Prefix;
bool flag2 = reader.IsEmptyElement;
this.InclusiveNamespacesPrefixList = reader.GetAttribute(dictionaryManager.ExclusiveC14NDictionary.PrefixList, null);
reader.Read();
if (!flag2)
{
reader.ReadEndElement();
}
}
reader.MoveToContent();
reader.ReadEndElement();
}
}
public virtual void ReadXml(XmlDictionaryReader reader,
SamlSerializer samlSerializer,
SecurityTokenSerializer keyInfoTokenSerializer,
SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw new ArgumentNullException("reader");
}
if (samlSerializer == null)
{
throw new ArgumentNullException("samlSerializer");
}
reader.ReadStartElement("Subject", SamlConstants.Namespace);
NameFormat = reader.GetAttribute("Format");
NameQualifier = reader.GetAttribute("NameQualifier");
Name = reader.ReadElementContentAsString("NameIdentifier", SamlConstants.Namespace);
reader.ReadEndElement();
if (Name == null || Name.Length == 0)
{
throw new SecurityTokenException("non-zero length string must be exist for Name.");
}
}
/// <summary>
/// Loads the policies from config file
/// </summary>
static void LoadPolicies(XmlNodeList nodes)
{
Expression <Func <IClaimsPrincipal, bool> > policyExpression;
foreach (XmlNode node in nodes)
{
//
// Initialize the policy cache
//
XmlDictionaryReader rdr = XmlDictionaryReader.CreateDictionaryReader(new XmlTextReader(new StringReader(node.OuterXml)));
rdr.MoveToContent();
string resource = rdr.GetAttribute("resource");
string action = rdr.GetAttribute("action");
Console.WriteLine("Loading policy for Resource:{0}, Action:{1}", resource, action);
policyExpression = _policyReader.ReadPolicy(rdr);
//
// Compile the policy expression into a function
//
Func <IClaimsPrincipal, bool> policy = policyExpression.Compile();
//
// Insert the policy function into the policy cache
//
_policies[new ResourceAction(resource, action)] = policy;
}
}
public virtual void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
string str2;
string str3;
if (reader == null)
{
throw System.IdentityModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
}
if (samlSerializer == null)
{
throw System.IdentityModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
}
SamlDictionary samlDictionary = samlSerializer.DictionaryManager.SamlDictionary;
string attribute = reader.GetAttribute(samlDictionary.AuthorityKind, null);
if (string.IsNullOrEmpty(attribute))
{
throw System.IdentityModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorityBindingMissingAuthorityKindOnRead")));
}
string[] strArray = attribute.Split(new char[] { ':' });
if (strArray.Length > 2)
{
throw System.IdentityModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorityBindingInvalidAuthorityKind")));
}
if (strArray.Length == 2)
{
str3 = strArray[0];
str2 = strArray[1];
}
else
{
str3 = string.Empty;
str2 = strArray[0];
}
string ns = reader.LookupNamespace(str3);
this.authorityKind = new XmlQualifiedName(str2, ns);
this.binding = reader.GetAttribute(samlDictionary.Binding, null);
if (string.IsNullOrEmpty(this.binding))
{
throw System.IdentityModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorityBindingMissingBindingOnRead")));
}
this.location = reader.GetAttribute(samlDictionary.Location, null);
if (string.IsNullOrEmpty(this.location))
{
throw System.IdentityModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorityBindingMissingLocationOnRead")));
}
if (reader.IsEmptyElement)
{
reader.MoveToContent();
reader.Read();
}
else
{
reader.MoveToContent();
reader.Read();
reader.ReadEndElement();
}
}
void VerifySoapAttributeMatchForHeader(MessageHeaderInfo info, MessagePartSpecification signatureParts, XmlDictionaryReader reader)
{
if (!signatureParts.IsHeaderIncluded(info.Name, info.Namespace))
{
return;
}
EnvelopeVersion currentVersion = this.Version.Envelope;
EnvelopeVersion otherVersion = currentVersion == EnvelopeVersion.Soap11 ? EnvelopeVersion.Soap12 : EnvelopeVersion.Soap11;
bool presentInCurrentVersion;
bool presentInOtherVersion;
presentInCurrentVersion = null != reader.GetAttribute(XD.MessageDictionary.MustUnderstand, currentVersion.DictionaryNamespace);
presentInOtherVersion = null != reader.GetAttribute(XD.MessageDictionary.MustUnderstand, otherVersion.DictionaryNamespace);
if (presentInOtherVersion && !presentInCurrentVersion)
{
throw TraceUtility.ThrowHelperError(
new MessageSecurityException(SR.GetString(
SR.InvalidAttributeInSignedHeader, info.Name, info.Namespace,
XD.MessageDictionary.MustUnderstand, otherVersion.DictionaryNamespace,
XD.MessageDictionary.MustUnderstand, currentVersion.DictionaryNamespace)), this.SecurityVerifiedMessage);
}
presentInCurrentVersion = null != reader.GetAttribute(currentVersion.DictionaryActor, currentVersion.DictionaryNamespace);
presentInOtherVersion = null != reader.GetAttribute(otherVersion.DictionaryActor, otherVersion.DictionaryNamespace);
if (presentInOtherVersion && !presentInCurrentVersion)
{
throw TraceUtility.ThrowHelperError(
new MessageSecurityException(SR.GetString(
SR.InvalidAttributeInSignedHeader, info.Name, info.Namespace,
otherVersion.DictionaryActor, otherVersion.DictionaryNamespace,
currentVersion.DictionaryActor, currentVersion.DictionaryNamespace)), this.SecurityVerifiedMessage);
}
}
/// <summary>
/// Read the claim node
/// </summary>
/// <param name="rdr">XmlDictionaryReader of the policy Xml</param>
/// <returns>A LINQ expression created from the claim node</returns>
private Expression <Func <ClaimsPrincipal, bool> > ReadClaim(XmlDictionaryReader rdr)
{
string claimType = rdr.GetAttribute("claimType");
string claimValue = rdr.GetAttribute("claimValue");
Expression <Func <ClaimsPrincipal, bool> > hasClaim = (icp) => HasClaim(icp, claimType, claimValue);
rdr.Read();
return(hasClaim);
}
public virtual void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
if (samlSerializer == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
#pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null.
SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary;
string authKind = reader.GetAttribute(dictionary.AuthorityKind, null);
if (string.IsNullOrEmpty(authKind))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorityBindingMissingAuthorityKindOnRead)));
string[] authKindParts = authKind.Split(':');
if (authKindParts.Length > 2)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorityBindingInvalidAuthorityKind)));
string localName;
string prefix;
string nameSpace;
if (authKindParts.Length == 2)
{
prefix = authKindParts[0];
localName = authKindParts[1];
}
else
{
prefix = String.Empty;
localName = authKindParts[0];
}
nameSpace = reader.LookupNamespace(prefix);
this.authorityKind = new XmlQualifiedName(localName, nameSpace);
this.binding = reader.GetAttribute(dictionary.Binding, null);
if (string.IsNullOrEmpty(this.binding))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorityBindingMissingBindingOnRead)));
this.location = reader.GetAttribute(dictionary.Location, null);
if (string.IsNullOrEmpty(this.location))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorityBindingMissingLocationOnRead)));
if (reader.IsEmptyElement)
{
reader.MoveToContent();
reader.Read();
}
else
{
reader.MoveToContent();
reader.Read();
reader.ReadEndElement();
}
}
/// <summary>
/// Reads the X.509 Security token referenced by the XmlReader.
/// </summary>
/// <param name="reader">XmlReader pointing to a X.509 Security token.</param>
/// <returns>An instance of <see cref="X509SecurityToken"/>.</returns>
/// <exception cref="ArgumentNullException">The parameter 'reader' is null.</exception>
/// <exception cref="XmlException">XmlReader is not pointing to an valid X509SecurityToken as
/// defined in WS-Security X.509 Token Profile. Or the encodingType specified is other than Base64
/// or HexBinary.</exception>
public override SecurityToken ReadToken(XmlReader reader)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
XmlDictionaryReader dicReader = XmlDictionaryReader.CreateDictionaryReader(reader);
if (!dicReader.IsStartElement(WSSecurity10Constants.Elements.BinarySecurityToken, WSSecurity10Constants.Namespace))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(
new XmlException(
SR.GetString(
SR.ID4065,
WSSecurity10Constants.Elements.BinarySecurityToken,
WSSecurity10Constants.Namespace,
dicReader.LocalName,
dicReader.NamespaceURI)));
}
string valueTypeUri = dicReader.GetAttribute(WSSecurity10Constants.Attributes.ValueType, null);
if (!StringComparer.Ordinal.Equals(valueTypeUri, WSSecurity10Constants.X509TokenType))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(
new XmlException(
SR.GetString(
SR.ID4066,
WSSecurity10Constants.Elements.BinarySecurityToken,
WSSecurity10Constants.Namespace,
WSSecurity10Constants.Attributes.ValueType,
WSSecurity10Constants.X509TokenType,
valueTypeUri)));
}
string wsuId = dicReader.GetAttribute(WSSecurityUtilityConstants.Attributes.Id, WSSecurityUtilityConstants.Namespace);
string encoding = dicReader.GetAttribute(WSSecurity10Constants.Attributes.EncodingType, null);
byte[] binaryData;
if (encoding == null || StringComparer.Ordinal.Equals(encoding, WSSecurity10Constants.Base64EncodingType))
{
binaryData = dicReader.ReadElementContentAsBase64();
}
else if (StringComparer.Ordinal.Equals(encoding, WSSecurity10Constants.HexBinaryEncodingType))
{
binaryData = SoapHexBinary.Parse(dicReader.ReadElementContentAsString()).Value;
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.ID4068)));
}
return(String.IsNullOrEmpty(wsuId) ?
new X509SecurityToken(new X509Certificate2(binaryData)) :
new X509SecurityToken(new X509Certificate2(binaryData), wsuId));
}
public virtual void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
}
if (samlSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
}
#pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null.
SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary;
string time = reader.GetAttribute(dictionary.NotBefore, null);
if (!string.IsNullOrEmpty(time))
{
this.notBefore = DateTime.ParseExact(
time, SamlConstants.AcceptedDateTimeFormats, DateTimeFormatInfo.InvariantInfo, DateTimeStyles.None).ToUniversalTime();
}
time = reader.GetAttribute(dictionary.NotOnOrAfter, null);
if (!string.IsNullOrEmpty(time))
{
this.notOnOrAfter = DateTime.ParseExact(
time, SamlConstants.AcceptedDateTimeFormats, DateTimeFormatInfo.InvariantInfo, DateTimeStyles.None).ToUniversalTime();
}
// Saml Conditions element is an optional element and all its child element
// are optional as well. So we can have a empty <saml:Conditions /> element
// in a valid Saml token.
if (reader.IsEmptyElement)
{
// Just issue a read to read the Empty element.
reader.MoveToContent();
reader.Read();
return;
}
reader.MoveToContent();
reader.Read();
while (reader.IsStartElement())
{
SamlCondition condition = samlSerializer.LoadCondition(reader, keyInfoSerializer, outOfBandTokenResolver);
if (condition == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLUnableToLoadCondtion)));
}
this.conditions.Add(condition);
}
reader.MoveToContent();
reader.ReadEndElement();
}
public override void ReadFrom(XmlDictionaryReader reader, DictionaryManager dictionaryManager, bool preserveComments)
{
XmlDictionaryString elementName = this.isCanonicalizationMethod ?
dictionaryManager.XmlSignatureDictionary.CanonicalizationMethod : dictionaryManager.XmlSignatureDictionary.Transform;
reader.MoveToStartElement(elementName, dictionaryManager.XmlSignatureDictionary.Namespace);
this.prefix = reader.Prefix;
bool isEmptyElement = reader.IsEmptyElement;
algorithm = reader.GetAttribute(dictionaryManager.XmlSignatureDictionary.Algorithm, null);
if (string.IsNullOrEmpty(algorithm))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new CryptographicException(SR.GetString(SR.ID0001, dictionaryManager.XmlSignatureDictionary.Algorithm, reader.LocalName)));
}
if (algorithm == dictionaryManager.SecurityAlgorithmDictionary.ExclusiveC14nWithComments.Value)
{
// to include comments in canonicalization, two conditions need to be met
// 1. the Reference must be an xpointer.
// 2. the transform must be #withComments
includeComments = preserveComments && true;
}
else if (algorithm == dictionaryManager.SecurityAlgorithmDictionary.ExclusiveC14n.Value)
{
includeComments = false;
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new CryptographicException(SR.GetString(SR.ID6005, algorithm)));
}
reader.Read();
reader.MoveToContent();
if (!isEmptyElement)
{
if (reader.IsStartElement(dictionaryManager.ExclusiveC14NDictionary.InclusiveNamespaces, dictionaryManager.ExclusiveC14NDictionary.Namespace))
{
reader.MoveToStartElement(dictionaryManager.ExclusiveC14NDictionary.InclusiveNamespaces, dictionaryManager.ExclusiveC14NDictionary.Namespace);
this.inclusiveListElementPrefix = reader.Prefix;
bool emptyElement = reader.IsEmptyElement;
// We treat PrefixList as optional Attribute.
this.InclusiveNamespacesPrefixList = reader.GetAttribute(dictionaryManager.ExclusiveC14NDictionary.PrefixList, null);
reader.Read();
if (!emptyElement)
{
reader.ReadEndElement();
}
}
reader.MoveToContent();
reader.ReadEndElement(); // Transform
}
}
public static void Deserialize(XmlDictionaryReader reader, out IList <DirectoryControl> controls, bool mustBePresent, bool fullChecks)
{
string str = null;
string str1 = null;
bool flag;
byte[] numArray = null;
controls = new List <DirectoryControl>();
if (mustBePresent || reader.IsStartElement("controls", "http://schemas.microsoft.com/2008/1/ActiveDirectory"))
{
reader.ReadFullStartElement("controls", "http://schemas.microsoft.com/2008/1/ActiveDirectory");
while (reader.IsStartElement("control", "http://schemas.microsoft.com/2008/1/ActiveDirectory"))
{
string attribute = reader.GetAttribute("type");
string attribute1 = reader.GetAttribute("criticality");
reader.Read();
if (!reader.IsStartElement("controlValue", "http://schemas.microsoft.com/2008/1/ActiveDirectory"))
{
numArray = null;
}
else
{
string attribute2 = reader.GetAttribute("type", "http://www.w3.org/2001/XMLSchema-instance");
if (attribute2 != null)
{
XmlUtility.SplitPrefix(attribute2, out str, out str1);
numArray = reader.ReadElementContentAsBase64();
}
else
{
throw new ArgumentException();
}
}
if (!string.Equals("true", attribute1))
{
flag = false;
}
else
{
flag = true;
}
DirectoryControl directoryControl = new DirectoryControl(attribute, numArray, flag, true);
controls.Add(directoryControl);
reader.Read();
}
return;
}
else
{
return;
}
}
public override void LoadCustomConfiguration(System.Xml.XmlNodeList nodelist)
{
foreach (XmlNode node in nodelist)
{
XmlDictionaryReader rdr = XmlDictionaryReader.CreateDictionaryReader(new XmlTextReader(new StringReader(node.OuterXml)));
rdr.MoveToContent();
string symmetricKey = rdr.GetAttribute("symmetricKey");
string audience = rdr.GetAttribute("audience");
this.AddAudienceKeyPair(audience, symmetricKey);
}
}
public override SecurityKeyIdentifierClause ReadKeyIdentifierClauseCore(XmlDictionaryReader reader)
{
byte[] nonce = null;
int length = 0;
if (reader.IsStartElement(XD.SecurityJan2004Dictionary.SecurityTokenReference, NamespaceUri))
{
string nonceString = reader.GetAttribute(XD.SecureConversationFeb2005Dictionary.Nonce, XD.SecureConversationFeb2005Dictionary.Namespace);
if (nonceString != null)
{
nonce = Convert.FromBase64String(nonceString);
}
string lengthString = reader.GetAttribute(XD.SecureConversationFeb2005Dictionary.Length, XD.SecureConversationFeb2005Dictionary.Namespace);
if (lengthString != null)
{
length = Convert.ToInt32(lengthString, CultureInfo.InvariantCulture);
}
else
{
length = DefaultDerivedKeyLength;
}
}
string tokenType = ReadTokenType(reader);
string strId = reader.GetAttribute(XD.UtilityDictionary.IdAttribute, XD.UtilityDictionary.Namespace);
reader.ReadStartElement(XD.SecurityJan2004Dictionary.SecurityTokenReference, NamespaceUri);
SecurityKeyIdentifierClause clause = null;
for (int i = 0; i < this.strEntries.Count; ++i)
{
if (this.strEntries[i].CanReadClause(reader, tokenType))
{
clause = this.strEntries[i].ReadClause(reader, nonce, length, tokenType);
break;
}
}
if (clause == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.CannotReadKeyIdentifierClause, reader.LocalName, reader.NamespaceURI)));
}
if (!string.IsNullOrEmpty(strId))
{
clause.Id = strId;
}
reader.ReadEndElement();
return(clause);
}
/// <summary>
/// Reads an "EncryptedType" xmlfragment
/// </summary>
/// <remarks>Assumes that the reader is positioned on an "EncryptedData" or "EncryptedKey" element.
/// Both of these elements extend EncryptedType</remarks>
public virtual void ReadXml(XmlDictionaryReader reader)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
reader.MoveToContent();
_id = reader.GetAttribute(XmlEncryptionConstants.Attributes.Id, null);
_type = reader.GetAttribute(XmlEncryptionConstants.Attributes.Type, null);
_mimeType = reader.GetAttribute(XmlEncryptionConstants.Attributes.MimeType, null);
_encoding = reader.GetAttribute(XmlEncryptionConstants.Attributes.Encoding, null);
reader.ReadStartElement();
reader.MoveToContent();
// <EncryptedMethod>? 0 - 1
if (reader.IsStartElement(XmlEncryptionConstants.Elements.EncryptionMethod, XmlEncryptionConstants.Namespace))
{
_encryptionMethod.ReadXml(reader);
}
// <KeyInfo>? 0 - 1
reader.MoveToContent();
if (reader.IsStartElement(XD.XmlSignatureDictionary.KeyInfo.Value, XD.XmlSignatureDictionary.Namespace.Value))
{
_keyInfo = new KeyInfo(_keyInfoSerializer);
// if there is a keyInfo, we need to reset the default which is
// contains a single EmptyKeyInfoClause
if (_keyInfoSerializer.CanReadKeyIdentifier(reader))
{
_keyInfo.KeyIdentifier = _keyInfoSerializer.ReadKeyIdentifier(reader);
}
else
{
_keyInfo.ReadXml(reader);
}
}
// <CipherData> 1
reader.MoveToContent();
_cipherData.ReadXml(reader);
ReadExtensions(reader);
// should be on EndElement for the extended type.
reader.MoveToContent();
reader.ReadEndElement();
}
public virtual void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
}
if (samlSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
}
#pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null.
SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary;
this.name = reader.GetAttribute(dictionary.AttributeName, null);
if (string.IsNullOrEmpty(this.name))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAttributeMissingNameAttributeOnRead)));
}
this.nameSpace = reader.GetAttribute(dictionary.AttributeNamespace, null);
if (string.IsNullOrEmpty(this.nameSpace))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAttributeMissingNamespaceAttributeOnRead)));
}
this.claimType = string.IsNullOrEmpty(this.nameSpace) ? this.name : this.nameSpace + "/" + this.name;
reader.MoveToContent();
reader.Read();
while (reader.IsStartElement(dictionary.AttributeValue, dictionary.Namespace))
{
// We will load all Attributes as a string value by default.
string attrValue = reader.ReadString();
this.attributeValues.Add(attrValue);
reader.MoveToContent();
reader.ReadEndElement();
}
if (this.attributeValues.Count == 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAttributeShouldHaveOneValue)));
}
reader.MoveToContent();
reader.ReadEndElement();
}
/// <summary>
/// Reads a serialized token and converts it into a <see cref="SecurityToken"/>.
/// </summary>
/// <param name="reader">An XML reader positioned at the token's start element.</param>
/// <returns>The parsed form of the token.</returns>
public override SecurityToken ReadToken(XmlReader reader)
{
if (reader == null)
{
throw new ArgumentNullException("reader");
}
XmlDictionaryReader dictionaryReader = XmlDictionaryReader.CreateDictionaryReader(reader);
byte[] binaryData;
string encoding = dictionaryReader.GetAttribute(EncodingType);
if (encoding == null || encoding == Base64EncodingType)
{
dictionaryReader.Read();
binaryData = dictionaryReader.ReadContentAsBase64();
}
else
{
throw new SecurityTokenException(
"Cannot read SecurityToken as its encoding is" + encoding + ". Expected a BinarySecurityToken with base64 encoding.");
}
string serializedToken = Encoding.UTF8.GetString(binaryData);
return(ReadSecurityTokenFromString(serializedToken));
}
void AssertNode(int depth, string localName, XmlNodeType nodeType, string value, string type, XmlDictionaryReader reader, string label)
{
Assert.AreEqual(localName, reader.LocalName, label + ".LocalName");
Assert.AreEqual(nodeType, reader.NodeType, label + ".NodeType");
Assert.AreEqual(value, reader.Value, label + ".Value");
Assert.AreEqual(type, reader.GetAttribute("type"), label + ".GetAttribute('type')");
}
static FaultReason ReadFaultReason12(XmlDictionaryReader r, string ns)
{
List <FaultReasonText> l = new List <FaultReasonText> ();
if (r.IsEmptyElement)
{
throw new ArgumentException("One or more Text element is mandatory in SOAP fault reason text.");
}
r.ReadStartElement("Reason", ns);
for (r.MoveToContent();
r.NodeType != XmlNodeType.EndElement;
r.MoveToContent())
{
string lang = r.GetAttribute("lang", "http://www.w3.org/XML/1998/namespace");
if (lang == null)
{
throw new XmlException("xml:lang is mandatory on fault reason Text");
}
l.Add(new FaultReasonText(r.ReadElementContentAsString("Text", ns), lang));
}
r.ReadEndElement();
return(new FaultReason(l));
}
private SecurityKeyIdentifier ReadGenericXmlSecurityKeyIdentifier(XmlDictionaryReader localReader, Exception previousException)
{
if (!localReader.IsStartElement(System.IdentityModel.XD.XmlSignatureDictionary.KeyInfo, System.IdentityModel.XD.XmlSignatureDictionary.Namespace))
{
return((SecurityKeyIdentifier)null);
}
localReader.ReadStartElement(System.IdentityModel.XD.XmlSignatureDictionary.KeyInfo, System.IdentityModel.XD.XmlSignatureDictionary.Namespace);
SecurityKeyIdentifier securityKeyIdentifier = new SecurityKeyIdentifier();
if (localReader.IsStartElement())
{
#if FEATURE_CORECLR
throw new NotImplementedException("GenericXmlSecurityKeyIdentifierClause not supported");
#else
string attribute = localReader.GetAttribute(System.IdentityModel.XD.UtilityDictionary.IdAttribute, System.IdentityModel.XD.UtilityDictionary.Namespace);
SecurityKeyIdentifierClause clause = (SecurityKeyIdentifierClause) new GenericXmlSecurityKeyIdentifierClause(new XmlDocument().ReadNode((XmlReader)localReader) as XmlElement);
if (!string.IsNullOrEmpty(attribute))
{
clause.Id = attribute;
}
securityKeyIdentifier.Add(clause);
#endif
}
if (securityKeyIdentifier.Count == 0)
{
throw previousException;
}
localReader.ReadEndElement();
return(securityKeyIdentifier);
}
void CacheAllHeaderIds()
{
int crtHeaderPosition = 0;
XmlDictionaryReader reader = this.Message.Headers.GetReaderAtHeader(0);
while (crtHeaderPosition < this.Message.Headers.Count)
{
if (reader.NodeType != XmlNodeType.Element)
{
reader.MoveToContent();
}
reader.MoveToStartElement();
if (crtHeaderPosition != this.headerIndex)
{
// Look if the header has an d:Id attribute.
// The headers's children are not of interest, because
// only top-level SOAP header blocks (/s:Envelope/s:Header/*) can be referenced.
string idValue = reader.GetAttribute(ProtocolStrings.IdAttributeName, this.DiscoveryInfo.DiscoveryNamespace);
if (!String.IsNullOrEmpty(idValue))
{
this.blockIds.AddHeader(idValue, crtHeaderPosition);
}
}
reader.Skip();
crtHeaderPosition++;
}
reader.Close();
}
private SecurityKeyIdentifier ReadGenericXmlSecurityKeyIdentifier(XmlDictionaryReader localReader, Exception previousException)
{
if (!localReader.IsStartElement(XD.XmlSignatureDictionary.KeyInfo, XD.XmlSignatureDictionary.Namespace))
{
return(null);
}
localReader.ReadStartElement(XD.XmlSignatureDictionary.KeyInfo, XD.XmlSignatureDictionary.Namespace);
SecurityKeyIdentifier keyIdentifier = new SecurityKeyIdentifier();
if (localReader.IsStartElement())
{
SecurityKeyIdentifierClause clause = null;
string strId = localReader.GetAttribute(XD.UtilityDictionary.IdAttribute, XD.UtilityDictionary.Namespace);
XmlDocument doc = new XmlDocument();
XmlElement keyIdentifierReferenceXml = (doc.ReadNode(localReader) as XmlElement);
clause = new GenericXmlSecurityKeyIdentifierClause(keyIdentifierReferenceXml);
if (!string.IsNullOrEmpty(strId))
{
clause.Id = strId;
}
keyIdentifier.Add(clause);
}
if (keyIdentifier.Count == 0)
{
throw previousException;
}
localReader.ReadEndElement();
return(keyIdentifier);
}
public override SecurityKeyIdentifierClause ReadClause(XmlDictionaryReader reader, byte[] derivationNonce, int derivationLength, string tokenType)
{
string encodingType = reader.GetAttribute(XD.SecurityJan2004Dictionary.EncodingType, null);
if (encodingType == null)
{
encodingType = DefaultEncodingType;
}
reader.ReadStartElement();
byte[] bytes;
if (encodingType == EncodingTypeValueBase64Binary)
{
bytes = reader.ReadContentAsBase64();
}
else if (encodingType == EncodingTypeValueHexBinary)
{
bytes = HexBinary.Parse(reader.ReadContentAsString()).Value;
}
else if (encodingType == EncodingTypeValueText)
{
bytes = new UTF8Encoding().GetBytes(reader.ReadContentAsString());
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityMessageSerializationException(SR.GetString(SR.UnknownEncodingInKeyIdentifier)));
}
reader.ReadEndElement();
return(CreateClause(bytes, derivationNonce, derivationLength));
}
public override string ExtractId(XmlDictionaryReader reader)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
if (reader.IsStartElement(ElementName, XD.XmlEncryptionDictionary.Namespace))
{
return(reader.GetAttribute(XD.XmlEncryptionDictionary.Id, null));
}
else
{
return(reader.GetAttribute(XD.UtilityDictionary.IdAttribute, XD.UtilityDictionary.Namespace));
}
}
