public void Deserialize(T message, string value, IProtocolMessage containingMessage, string messagePartName)
{
Requires.NotNull(message, "message");
Requires.NotNullOrEmpty(value, "value");
string symmetricSecretHandle = null;
if (this.encrypted && this.cryptoKeyStore != null)
{
string valueWithoutHandle;
MessagingUtilities.ExtractKeyHandleAndPayload(messagePartName, value, out symmetricSecretHandle, out valueWithoutHandle);
value = valueWithoutHandle;
}
message.ContainingMessage = containingMessage;
byte[] data = MessagingUtilities.FromBase64WebSafeString(value);
byte[] signature = null;
if (this.signed)
{
using (var dataStream = new MemoryStream(data)) {
var dataReader = new BinaryReader(dataStream);
signature = dataReader.ReadBuffer(1024);
data = dataReader.ReadBuffer(8 * 1024);
}
// Verify that the verification code was issued by message authorization server.
ErrorUtilities.VerifyProtocol(this.IsSignatureValid(data, signature, symmetricSecretHandle), MessagingStrings.SignatureInvalid);
}
if (this.encrypted)
{
data = this.Decrypt(data, symmetricSecretHandle);
}
if (this.compressed)
{
data = MessagingUtilities.Decompress(data);
}
this.DeserializeCore(message, data);
message.Signature = signature; // TODO: we don't really need this any more, do we?
if (this.maximumAge.HasValue)
{
// Has message verification code expired?
DateTime expirationDate = message.UtcCreationDate + this.maximumAge.Value;
if (expirationDate < DateTime.UtcNow)
{
throw new ExpiredMessageException(expirationDate, containingMessage);
}
}
// Has message verification code already been used to obtain an access/refresh token?
if (this.decodeOnceOnly != null)
{
ErrorUtilities.VerifyInternal(this.maximumAge.HasValue, "Oops! How can we validate a nonce without a maximum message age?");
string context = "{" + GetType().FullName + "}";
if (!this.decodeOnceOnly.StoreNonce(context, Convert.ToBase64String(message.Nonce), message.UtcCreationDate))
{
Logger.OpenId.ErrorFormat("Replayed nonce detected ({0} {1}). Rejecting message.", message.Nonce, message.UtcCreationDate);
throw new ReplayedMessageException(containingMessage);
}
}
((IMessage)message).EnsureValidMessage();
}
/// <summary>
/// Encodes the specified value.
/// </summary>
/// <param name="value">The value. Guaranteed to never be null.</param>
/// <returns>The <paramref name="value"/> in string form, ready for message transport.</returns>
public string Encode(object value)
{
return(MessagingUtilities.ConvertToBase64WebSafeString((byte[])value));
}
/// <summary>
/// Decodes the specified value.
/// </summary>
/// <param name="value">The string value carried by the transport. Guaranteed to never be null, although it may be empty.</param>
/// <returns>The deserialized form of the given string.</returns>
/// <exception cref="FormatException">Thrown when the string value given cannot be decoded into the required object type.</exception>
public object Decode(string value)
{
return(MessagingUtilities.FromBase64WebSafeString(value));
}
/// <summary>
/// Initializes a new instance of the <see cref="HttpRequestInfo"/> class.
/// </summary>
/// <param name="message">The message being passed in through a mock transport. May be null.</param>
/// <param name="httpMethod">The HTTP method that the incoming request came in on, whether or not <paramref name="message"/> is null.</param>
internal HttpRequestInfo(IDirectedProtocolMessage message, HttpDeliveryMethods httpMethod)
{
this.message = message;
this.HttpMethod = MessagingUtilities.GetHttpVerb(httpMethod);
}
