protected override void WriteAudienceRestriction(XmlWriter writer, Saml2AudienceRestriction data)
{
if (writer == null)
{
throw new ArgumentNullException("writer");
}
if (data == null)
{
throw new ArgumentNullException("data");
}
if (data.Audiences == null)
{
throw new ArgumentNullException("audience");
}
// GFIPM S2S 8.8.6.a Need to limit to just one Audience
if ( !(data.Audiences.Count == 1) )
{
throw new InvalidOperationException("A Saml2AudienceRestriction must specify only one Audience.");
}
writer.WriteStartElement("AudienceRestriction", "urn:oasis:names:tc:SAML:2.0:assertion");
Uri uri = data.Audiences[0];
writer.WriteElementString("Audience", "urn:oasis:names:tc:SAML:2.0:assertion", uri.OriginalString);
writer.WriteEndElement();
}
/// <summary>
/// Writes the <saml:AudienceRestriction> element.
/// </summary>
/// <param name="writer">A <see cref="XmlWriter"/> to serialize the <see cref="Saml2AudienceRestriction"/>.</param>
/// <param name="data">The <see cref="Saml2AudienceRestriction"/> to serialize.</param>
protected virtual void WriteAudienceRestriction(XmlWriter writer, Saml2AudienceRestriction data)
{
if (null == writer)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer");
}
if (null == data)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("data");
}
// Schema requires at least one audience.
if (data.Audiences == null || 0 == data.Audiences.Count)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID4159)));
}
// <AudienceRestriction>
writer.WriteStartElement(Saml2Constants.Elements.AudienceRestriction, Saml2Constants.Namespace);
// <Audience> - 1-OO
foreach (Uri audience in data.Audiences)
{
// When writing out the audience uri we use the OriginalString property to preserve the value that was initially passed down during token creation as-is.
writer.WriteElementString(Saml2Constants.Elements.Audience, Saml2Constants.Namespace, audience.OriginalString);
}
// </AudienceRestriction>
writer.WriteEndElement();
}
/// <summary>
/// Reads the <saml:AudienceRestriction> element or a
/// <saml:Condition> element that specifies an xsi:type
/// of saml:AudienceRestrictionType.
/// </summary>
/// <param name="reader">A <see cref="XmlReader"/> positioned at a <see cref="Saml2AudienceRestriction"/> element.</param>
/// <returns>A <see cref="Saml2AudienceRestriction"/> instance.</returns>
protected virtual Saml2AudienceRestriction ReadAudienceRestriction(XmlReader reader)
{
if (null == reader)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
// throw if wrong element
bool isConditionElement = false;
if (reader.IsStartElement(Saml2Constants.Elements.Condition, Saml2Constants.Namespace))
{
isConditionElement = true;
}
else if (!reader.IsStartElement(Saml2Constants.Elements.AudienceRestriction, Saml2Constants.Namespace))
{
reader.ReadStartElement(Saml2Constants.Elements.AudienceRestriction, Saml2Constants.Namespace);
}
try
{
Saml2AudienceRestriction audienceRestriction;
bool isEmpty = reader.IsEmptyElement;
// @attributes
// @xsi:type -- if we're a <Condition> element, this declaration must be present
XmlUtil.ValidateXsiType(reader, Saml2Constants.Types.AudienceRestrictionType, Saml2Constants.Namespace, isConditionElement);
// disallow empty
if (isEmpty)
{
throw DiagnosticUtility.ThrowHelperXml(reader, SR.GetString(SR.ID3061, reader.LocalName, reader.NamespaceURI));
}
// content
reader.Read();
// <Audience> - 1-OO
if (!reader.IsStartElement(Saml2Constants.Elements.Audience, Saml2Constants.Namespace))
{
reader.ReadStartElement(Saml2Constants.Elements.Audience, Saml2Constants.Namespace);
}
// We are now laxing the uri check for audience restriction to support interop partners
// This is a specific request from server : Bug 11850
// ReadSimpleUriElement now has a flag that turns lax reading ON/OFF.
audienceRestriction = new Saml2AudienceRestriction(ReadSimpleUriElement(reader, UriKind.RelativeOrAbsolute, true));
while (reader.IsStartElement(Saml2Constants.Elements.Audience, Saml2Constants.Namespace))
{
audienceRestriction.Audiences.Add(ReadSimpleUriElement(reader, UriKind.RelativeOrAbsolute, true));
}
reader.ReadEndElement();
return audienceRestriction;
}
catch (Exception e)
{
if (System.Runtime.Fx.IsFatal(e))
throw;
Exception wrapped = TryWrapReadException(reader, e);
if (null == wrapped)
{
throw;
}
else
{
throw wrapped;
}
}
}