/// <summary>
/// This method must not be called from within a read or writer lock as a deadlock will occur.
/// Checks the time a decides if a cleanup needs to occur.
/// </summary>
private void Purge()
{
if (this.items.Count >= this.maximumSize)
{
// If the cache is full, purge enough LRU items to shrink the
// cache down to the low watermark
int countToPurge = this.maximumSize - this.sizeAfterPurge;
for (int i = 0; i < countToPurge; i++)
{
SessionSecurityTokenCacheKey keyRemove = this.mruList.Last.Value;
this.mruList.RemoveLast();
this.items.Remove(keyRemove);
}
if (DiagnosticUtility.ShouldTrace(TraceEventType.Information))
{
TraceUtility.TraceString(
TraceEventType.Information,
SR.GetString(
SR.ID8003,
this.maximumSize,
this.sizeAfterPurge));
}
}
}
/// <summary>
/// Checks if the given object is the same as the current object.
/// </summary>
/// <param name="obj">The object to be compared.</param>
/// <returns>'true' if both are the same object else false.</returns>
public override bool Equals(object obj)
{
if (obj is SessionSecurityTokenCacheKey)
{
SessionSecurityTokenCacheKey key2 = obj as SessionSecurityTokenCacheKey;
if (key2.ContextId != this.contextId)
{
return(false);
}
if (!StringComparer.Ordinal.Equals(key2.EndpointId, this.endpointId))
{
return(false);
}
// If KeyGeneration can be ignored on either one of them then we
// don't do KeyGeneration comparison.
if (!this.ignoreKeyGeneration && !key2.IgnoreKeyGeneration)
{
return(key2.KeyGeneration == this.keyGeneration);
}
return(true);
}
return(false);
}
/// <summary>
/// Deletes matching cache entries from the MruCache.
/// </summary>
/// <param name="endpointId">Specifies the endpointId for the entries to be deleted.</param>
/// <param name="contextId">Specifies the contextId for the entries to be deleted.</param>
public override void RemoveAll(string endpointId, System.Xml.UniqueId contextId)
{
if (null == contextId || string.IsNullOrEmpty(endpointId))
{
return;
}
Dictionary <SessionSecurityTokenCacheKey, CacheEntry> entriesToDelete = new Dictionary <SessionSecurityTokenCacheKey, CacheEntry>();
SessionSecurityTokenCacheKey key = new SessionSecurityTokenCacheKey(endpointId, contextId, null);
key.IgnoreKeyGeneration = true;
lock (this.syncRoot)
{
foreach (SessionSecurityTokenCacheKey itemKey in this.items.Keys)
{
if (itemKey.Equals(key))
{
entriesToDelete.Add(itemKey, this.items[itemKey]);
}
}
foreach (SessionSecurityTokenCacheKey itemKey in entriesToDelete.Keys)
{
this.items.Remove(itemKey);
CacheEntry entry = entriesToDelete[itemKey];
this.mruList.Remove(entry.Node);
if (object.ReferenceEquals(this.mruEntry.Node, entry.Node))
{
this.mruEntry.Value = null;
this.mruEntry.Node = null;
}
}
}
}
public override void Remove(SessionSecurityTokenCacheKey key)
{
if (key == null) throw new ArgumentNullException("key");
inner.Remove(key);
tokenCacheRepository.Remove(key.ToString());
}
public override void AddOrUpdate(System.IdentityModel.Tokens.SessionSecurityTokenCacheKey key,
System.IdentityModel.Tokens.SessionSecurityToken value, DateTime expiryTime)
{
string tokenId = null;
var claimsIdentity = Thread.CurrentPrincipal.Identity as ClaimsIdentity;
if (claimsIdentity != null && claimsIdentity.BootstrapContext != null)
{
var bootstrap = claimsIdentity.BootstrapContext as BootstrapContext;
if (bootstrap != null && bootstrap.SecurityToken != null)
{
tokenId = bootstrap.SecurityToken.Id;
}
}
var data = cache.AddOrUpdate(new bUtility.TokenCache.Types.SessionSecurity.SessionCacheEntry
{
EndpointId = key.EndpointId,
ContextId = key?.ContextId?.ToString(),
KeyGeneration = GetKeyGenerationString(key),
ExpiryTime = expiryTime,
SessionSecurityTokenValue = value,
UserName = Thread.CurrentPrincipal.Identity.Name,
SessionSecurityTokenID = tokenId
});
if (data)
{
_internalCache.AddOrUpdate(key, value, expiryTime);
}
}
public void AddContext(SecurityContextSecurityToken token)
{
//
// WCF will cache the token first before calling the WrappedSessionSecurityTokenHandler.OnTokenIssued.
// We need to map the claims here so we will be caching the correct token with Geneva Claims substitued
// in place of the WCF claims.
//
_claimsHandler.SetPrincipalBootstrapTokensAndBindIdfxAuthPolicy(token);
SessionSecurityTokenCacheKey key = new SessionSecurityTokenCacheKey(_claimsHandler.EndpointId, token.ContextId, token.KeyGeneration);
SessionSecurityToken sessionToken = SecurityContextSecurityTokenHelper.ConvertSctToSessionToken(token, SecureConversationVersion.Default);
DateTime expiryTime = DateTimeUtil.Add(sessionToken.ValidTo, _claimsHandler.SecurityTokenHandlerCollection.Configuration.MaxClockSkew);
_tokenCache.AddOrUpdate(key, sessionToken, expiryTime);
}
public override SessionSecurityToken Get(SessionSecurityTokenCacheKey key)
{
if (key == null) throw new ArgumentNullException("key");
var token = inner.Get(key);
if (token != null) return token;
var item = tokenCacheRepository.Get(key.ToString());
if (item == null) return null;
token = BytesToToken(item.Token);
// update in-mem cache from database
inner.AddOrUpdate(key, token, item.Expires);
return token;
}
public override void AddOrUpdate(
SessionSecurityTokenCacheKey key,
SessionSecurityToken value,
DateTime expiryTime)
{
if (key == null) throw new ArgumentNullException("key");
inner.AddOrUpdate(key, value, expiryTime);
var item = new TokenCacheItem
{
Key = key.ToString(),
Expires = expiryTime,
Token = TokenToBytes(value),
};
tokenCacheRepository.AddOrUpdate(item);
}
/// <summary>
/// Attempts to add an entry to the cache or update an existing one.
/// </summary>
/// <param name="key">The key for the entry to be added.</param>
/// <param name="value">The security token to be added to the cache.</param>
/// <param name="expirationTime">The expiration time for this entry.</param>
public override void AddOrUpdate(SessionSecurityTokenCacheKey key, SessionSecurityToken value, DateTime expirationTime)
{
if (key == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("key");
}
lock (this.syncRoot)
{
this.Purge();
this.Remove(key);
// Add the new entry to the cache and make it the MRU element
CacheEntry entry = new CacheEntry();
entry.Node = this.mruList.AddFirst(key);
entry.Value = value;
this.items.Add(key, entry);
this.mruEntry = entry;
}
}
/// <summary>
/// Deletes the specified cache entry from the MruCache.
/// </summary>
/// <param name="key">Specifies the key for the entry to be deleted.</param>
/// <exception cref="ArgumentNullException">The <paramref name="key"/> is null.</exception>
public override void Remove(SessionSecurityTokenCacheKey key)
{
if (key == null)
{
return;
}
lock (this.syncRoot)
{
CacheEntry entry;
if (this.items.TryGetValue(key, out entry))
{
this.items.Remove(key);
this.mruList.Remove(entry.Node);
if (object.ReferenceEquals(this.mruEntry.Node, entry.Node))
{
this.mruEntry.Value = null;
this.mruEntry.Node = null;
}
}
}
}
/// <summary>
/// Returns the Session Security Token corresponding to the specified key exists in the cache. Also if it exists, marks it as MRU.
/// </summary>
/// <param name="key">Specifies the key for the entry to be retrieved.</param>
/// <returns>Returns the Session Security Token from the cache if found, otherwise, null.</returns>
public override SessionSecurityToken Get(SessionSecurityTokenCacheKey key)
{
if (key == null)
{
return(null);
}
// If found, make the entry most recently used
SessionSecurityToken sessionToken = null;
CacheEntry entry;
bool found;
lock (this.syncRoot)
{
// first check our MRU item
if (this.mruEntry.Node != null && key != null && key.Equals(this.mruEntry.Node.Value))
{
return(this.mruEntry.Value);
}
found = this.items.TryGetValue(key, out entry);
if (found)
{
sessionToken = entry.Value;
// Move the node to the head of the MRU list if it's not already there
if (this.mruList.Count > 1 && !object.ReferenceEquals(this.mruList.First, entry.Node))
{
this.mruList.Remove(entry.Node);
this.mruList.AddFirst(entry.Node);
this.mruEntry = entry;
}
}
}
return(sessionToken);
}
/// <summary>
/// Returns all the entries that match the given key.
/// </summary>
/// <param name="endpointId">The endpoint id for the entries to be retrieved.</param>
/// <param name="contextId">The context id for the entries to be retrieved.</param>
/// <returns>A collection of all the matching entries, an empty collection of no match found.</returns>
public override IEnumerable <SessionSecurityToken> GetAll(string endpointId, System.Xml.UniqueId contextId)
{
Collection <SessionSecurityToken> tokens = new Collection <SessionSecurityToken>();
if (null == contextId || string.IsNullOrEmpty(endpointId))
{
return(tokens);
}
CacheEntry entry;
SessionSecurityTokenCacheKey key = new SessionSecurityTokenCacheKey(endpointId, contextId, null);
key.IgnoreKeyGeneration = true;
lock (this.syncRoot)
{
foreach (SessionSecurityTokenCacheKey itemKey in this.items.Keys)
{
if (itemKey.Equals(key))
{
entry = this.items[itemKey];
// Move the node to the head of the MRU list if it's not already there
if (this.mruList.Count > 1 && !object.ReferenceEquals(this.mruList.First, entry.Node))
{
this.mruList.Remove(entry.Node);
this.mruList.AddFirst(entry.Node);
this.mruEntry = entry;
}
tokens.Add(entry.Value);
}
}
}
return(tokens);
}
/// <summary>
/// Deletes the specified cache entry from the MruCache.
/// </summary>
/// <param name="key">Specifies the key for the entry to be deleted.</param>
/// <exception cref="ArgumentNullException">The <paramref name="key"/> is null.</exception>
public override void Remove(SessionSecurityTokenCacheKey key)
{
if (key == null)
{
return;
}
lock (this.syncRoot)
{
CacheEntry entry;
if (this.items.TryGetValue(key, out entry))
{
this.items.Remove(key);
this.mruList.Remove(entry.Node);
if (object.ReferenceEquals(this.mruEntry.Node, entry.Node))
{
this.mruEntry.Value = null;
this.mruEntry.Node = null;
}
}
}
}
public abstract void Remove(SessionSecurityTokenCacheKey key);
public abstract SessionSecurityToken Get(SessionSecurityTokenCacheKey key);
public abstract void AddOrUpdate(SessionSecurityTokenCacheKey key, SessionSecurityToken value, DateTime expiryTime);
public void RemoveContext(System.Xml.UniqueId contextId, System.Xml.UniqueId generation)
{
SessionSecurityTokenCacheKey key = new SessionSecurityTokenCacheKey(_claimsHandler.EndpointId, contextId, generation);
_tokenCache.Remove(key);
}
public abstract void Remove (SessionSecurityTokenCacheKey key);
public void UpdateContextCachingTime(SecurityContextSecurityToken token, DateTime expirationTime)
{
if (token.ValidTo <= expirationTime.ToUniversalTime())
{
return;
}
SessionSecurityTokenCacheKey key = new SessionSecurityTokenCacheKey(_claimsHandler.EndpointId, token.ContextId, token.KeyGeneration);
SessionSecurityToken sessionToken = SecurityContextSecurityTokenHelper.ConvertSctToSessionToken(token, SecureConversationVersion.Default);
DateTime expiryTime = DateTimeUtil.Add(sessionToken.ValidTo, _claimsHandler.SecurityTokenHandlerCollection.Configuration.MaxClockSkew);
if (_tokenCache.Get(key) == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID4285, sessionToken.ContextId.ToString()));
}
_tokenCache.AddOrUpdate(key, sessionToken, expiryTime);
}
/// <summary>
/// Deletes matching cache entries from the MruCache.
/// </summary>
/// <param name="endpointId">Specifies the endpointId for the entries to be deleted.</param>
/// <param name="contextId">Specifies the contextId for the entries to be deleted.</param>
public override void RemoveAll(string endpointId, System.Xml.UniqueId contextId)
{
if (null == contextId || string.IsNullOrEmpty(endpointId))
{
return;
}
Dictionary<SessionSecurityTokenCacheKey, CacheEntry> entriesToDelete = new Dictionary<SessionSecurityTokenCacheKey, CacheEntry>();
SessionSecurityTokenCacheKey key = new SessionSecurityTokenCacheKey(endpointId, contextId, null);
key.IgnoreKeyGeneration = true;
lock (this.syncRoot)
{
foreach (SessionSecurityTokenCacheKey itemKey in this.items.Keys)
{
if (itemKey.Equals(key))
{
entriesToDelete.Add(itemKey, this.items[itemKey]);
}
}
foreach (SessionSecurityTokenCacheKey itemKey in entriesToDelete.Keys)
{
this.items.Remove(itemKey);
CacheEntry entry = entriesToDelete[itemKey];
this.mruList.Remove(entry.Node);
if (object.ReferenceEquals(this.mruEntry.Node, entry.Node))
{
this.mruEntry.Value = null;
this.mruEntry.Node = null;
}
}
}
}
/// <summary>
/// Attempts to add an entry to the cache or update an existing one.
/// </summary>
/// <param name="key">The key for the entry to be added.</param>
/// <param name="value">The security token to be added to the cache.</param>
/// <param name="expirationTime">The expiration time for this entry.</param>
public override void AddOrUpdate(SessionSecurityTokenCacheKey key, SessionSecurityToken value, DateTime expirationTime)
{
if (key == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("key");
}
lock (this.syncRoot)
{
this.Purge();
this.Remove(key);
// Add the new entry to the cache and make it the MRU element
CacheEntry entry = new CacheEntry();
entry.Node = this.mruList.AddFirst(key);
entry.Value = value;
this.items.Add(key, entry);
this.mruEntry = entry;
}
}
public SecurityContextSecurityToken GetContext(System.Xml.UniqueId contextId, System.Xml.UniqueId generation)
{
SessionSecurityToken token = null;
SessionSecurityTokenCacheKey key = new SessionSecurityTokenCacheKey(_claimsHandler.EndpointId, contextId, generation);
token = _tokenCache.Get(key);
SecurityContextSecurityToken sctToken = null;
if (token != null && token.IsSecurityContextSecurityTokenWrapper)
{
sctToken = SecurityContextSecurityTokenHelper.ConvertSessionTokenToSecurityContextSecurityToken(token);
}
return sctToken;
}
/// <summary>
/// Returns the Session Security Token corresponding to the specified key exists in the cache. Also if it exists, marks it as MRU.
/// </summary>
/// <param name="key">Specifies the key for the entry to be retrieved.</param>
/// <returns>Returns the Session Security Token from the cache if found, otherwise, null.</returns>
public override SessionSecurityToken Get(SessionSecurityTokenCacheKey key)
{
if (key == null)
{
return null;
}
// If found, make the entry most recently used
SessionSecurityToken sessionToken = null;
CacheEntry entry;
bool found;
lock (this.syncRoot)
{
// first check our MRU item
if (this.mruEntry.Node != null && key != null && key.Equals(this.mruEntry.Node.Value))
{
return this.mruEntry.Value;
}
found = this.items.TryGetValue(key, out entry);
if (found)
{
sessionToken = entry.Value;
// Move the node to the head of the MRU list if it's not already there
if (this.mruList.Count > 1 && !object.ReferenceEquals(this.mruList.First, entry.Node))
{
this.mruList.Remove(entry.Node);
this.mruList.AddFirst(entry.Node);
this.mruEntry = entry;
}
}
}
return sessionToken;
}
public abstract void AddOrUpdate (SessionSecurityTokenCacheKey key, SessionSecurityToken value, DateTime expiryTime);
/// <summary>
/// Returns all the entries that match the given key.
/// </summary>
/// <param name="endpointId">The endpoint id for the entries to be retrieved.</param>
/// <param name="contextId">The context id for the entries to be retrieved.</param>
/// <returns>A collection of all the matching entries, an empty collection of no match found.</returns>
public override IEnumerable<SessionSecurityToken> GetAll(string endpointId, System.Xml.UniqueId contextId)
{
Collection<SessionSecurityToken> tokens = new Collection<SessionSecurityToken>();
if (null == contextId || string.IsNullOrEmpty(endpointId))
{
return tokens;
}
CacheEntry entry;
SessionSecurityTokenCacheKey key = new SessionSecurityTokenCacheKey(endpointId, contextId, null);
key.IgnoreKeyGeneration = true;
lock (this.syncRoot)
{
foreach (SessionSecurityTokenCacheKey itemKey in this.items.Keys)
{
if (itemKey.Equals(key))
{
entry = this.items[itemKey];
// Move the node to the head of the MRU list if it's not already there
if (this.mruList.Count > 1 && !object.ReferenceEquals(this.mruList.First, entry.Node))
{
this.mruList.Remove(entry.Node);
this.mruList.AddFirst(entry.Node);
this.mruEntry = entry;
}
tokens.Add(entry.Value);
}
}
}
return tokens;
}
public abstract SessionSecurityToken Get (SessionSecurityTokenCacheKey key);
