/// <summary>
/// Initializes a new instance of the <see cref="Token"/> class.
/// </summary>
/// <param name="tokenXml">Xml token, which may be encrypted.</param>
/// <param name="audience">The audience. May be <c>null</c> to avoid audience checking.</param>
/// <param name="decryptor">The decryptor to use to decrypt the token, if necessary..</param>
/// <exception cref="InformationCardException">Thrown for any problem decoding or decrypting the token.</exception>
private Token(string tokenXml, Uri audience, TokenDecryptor decryptor)
{
Contract.Requires <ArgumentException>(!String.IsNullOrEmpty(tokenXml));
Contract.Requires <ArgumentException>(decryptor != null || !IsEncrypted(tokenXml));
Contract.Ensures(this.AuthorizationContext != null);
byte[] decryptedBytes;
string decryptedString;
using (XmlReader tokenReader = XmlReader.Create(new StringReader(tokenXml))) {
Contract.Assume(tokenReader != null); // BCL contract should say XmlReader.Create result != null
if (IsEncrypted(tokenReader))
{
Logger.InfoCard.DebugFormat("Incoming SAML token, before decryption: {0}", tokenXml);
decryptedBytes = decryptor.DecryptToken(tokenReader);
decryptedString = Encoding.UTF8.GetString(decryptedBytes);
Contract.Assume(decryptedString != null); // BCL contracts should be enhanced here
}
else
{
decryptedBytes = Encoding.UTF8.GetBytes(tokenXml);
decryptedString = tokenXml;
}
}
this.Xml = new XPathDocument(new StringReader(decryptedString)).CreateNavigator();
Logger.InfoCard.DebugFormat("Incoming SAML token, after any decryption: {0}", this.Xml.InnerXml);
this.AuthorizationContext = TokenUtility.AuthenticateToken(this.Xml.ReadSubtree(), audience);
}
private IDictionary <string, string> GetFlattenedClaims()
{
var flattenedClaims = new Dictionary <string, string>();
foreach (ClaimSet set in this.AuthorizationContext.ClaimSets)
{
foreach (Claim claim in set)
{
if (claim.Right == Rights.PossessProperty)
{
flattenedClaims.Add(claim.ClaimType, TokenUtility.GetResourceValue(claim));
}
}
}
return(flattenedClaims);
}
private Token(string tokenXml, Uri audience, TokenDecryptor decryptor)
{
Requires.NotNullOrEmpty(tokenXml, "tokenXml");
Requires.True(decryptor != null || !IsEncrypted(tokenXml), null);
Contract.Ensures(this.AuthorizationContext != null);
byte[] decryptedBytes;
string decryptedString;
using (StringReader xmlReader = new StringReader(tokenXml)) {
var readerSettings = MessagingUtilities.CreateUntrustedXmlReaderSettings();
using (XmlReader tokenReader = XmlReader.Create(xmlReader, readerSettings)) {
Contract.Assume(tokenReader != null); // BCL contract should say XmlReader.Create result != null
if (IsEncrypted(tokenReader))
{
Logger.InfoCard.DebugFormat("Incoming SAML token, before decryption: {0}", tokenXml);
decryptedBytes = decryptor.DecryptToken(tokenReader);
decryptedString = Encoding.UTF8.GetString(decryptedBytes);
Contract.Assume(decryptedString != null); // BCL contracts should be enhanced here
}
else
{
decryptedBytes = Encoding.UTF8.GetBytes(tokenXml);
decryptedString = tokenXml;
}
}
}
var stringReader = new StringReader(decryptedString);
try {
this.Xml = new XPathDocument(stringReader).CreateNavigator();
} catch {
stringReader.Dispose();
throw;
}
Logger.InfoCard.DebugFormat("Incoming SAML token, after any decryption: {0}", this.Xml.InnerXml);
this.AuthorizationContext = TokenUtility.AuthenticateToken(this.Xml.ReadSubtree(), audience);
}