protected override void WriteGeneration(XmlDictionaryWriter writer, SecurityContextKeyIdentifierClause clause)
{
if (clause.Generation != null)
{
XmlHelper.WriteAttributeStringAsUniqueId(writer, DXD.SecureConversationDec2005Dictionary.Prefix.Value, DXD.SecureConversationDec2005Dictionary.Instance, DXD.SecureConversationDec2005Dictionary.Namespace, clause.Generation);
}
}
public override bool Matches(SecurityKeyIdentifierClause keyIdentifierClause)
{
SecurityContextKeyIdentifierClause that = keyIdentifierClause as SecurityContextKeyIdentifierClause;
// PreSharp
#pragma warning suppress 56506
return(ReferenceEquals(this, that) || (that != null && that.Matches(this.contextId, this.generation)));
}
public override bool Matches(SecurityKeyIdentifierClause keyIdentifierClause)
{
SecurityContextKeyIdentifierClause that = keyIdentifierClause as SecurityContextKeyIdentifierClause;
// PreSharp Bug: Parameter 'that' to this public method must be validated: A null-dereference can occur here.
#pragma warning suppress 56506
return(ReferenceEquals(this, that) || (that != null && that.Matches(this.contextId, this.generation)));
}
public override bool Matches(
SecurityKeyIdentifierClause keyIdentifierClause)
{
SecurityContextKeyIdentifierClause other =
keyIdentifierClause as SecurityContextKeyIdentifierClause;
return(other != null && Matches(other.context, other.generation));
}
public override void WriteContent(XmlDictionaryWriter writer, SecurityKeyIdentifierClause clause)
{
SecurityContextKeyIdentifierClause sctClause = clause as SecurityContextKeyIdentifierClause;
writer.WriteStartElement(XD.SecurityJan2004Dictionary.Prefix.Value, XD.SecurityJan2004Dictionary.Reference, XD.SecurityJan2004Dictionary.Namespace);
XmlHelper.WriteAttributeStringAsUniqueId(writer, null, XD.SecurityJan2004Dictionary.URI, null, sctClause.ContextId);
WriteGeneration(writer, sctClause);
writer.WriteAttributeString(XD.SecurityJan2004Dictionary.ValueType, null, parent.SerializerDictionary.SecurityContextTokenReferenceValueType.Value);
writer.WriteEndElement();
}
void WriteSecurityContextKeyIdentifierClause(
XmlWriter w, SecurityContextKeyIdentifierClause ic)
{
w.WriteStartElement("o", "SecurityTokenReference", Constants.WssNamespace);
w.WriteStartElement("o", "Reference", Constants.WssNamespace);
w.WriteAttributeString("URI", ic.ContextId.ToString());
string vt = GetTokenTypeUri(typeof(SecurityContextSecurityToken));
w.WriteAttributeString("ValueType", vt);
w.WriteEndElement();
w.WriteEndElement();
}
protected override void WriteGeneration(XmlDictionaryWriter writer, SecurityContextKeyIdentifierClause clause)
{
// serialize the generation
if (clause.Generation != null)
{
XmlHelper.WriteAttributeStringAsUniqueId(
writer,
this.Parent.SecurityTokenSerializer.DictionaryManager.SecureConversationDec2005Dictionary.Prefix.Value,
this.Parent.SecurityTokenSerializer.DictionaryManager.SecureConversationDec2005Dictionary.Instance,
this.Parent.SecurityTokenSerializer.DictionaryManager.SecureConversationDec2005Dictionary.Namespace,
clause.Generation);
}
}
protected override bool TryResolveTokenCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityToken token)
{
SecurityContextKeyIdentifierClause sctSkiClause = keyIdentifierClause as SecurityContextKeyIdentifierClause;
if (sctSkiClause != null)
{
token = GetContext(sctSkiClause.ContextId, sctSkiClause.Generation) as SecurityToken;
}
else
{
token = null;
}
return(token != null);
}
SecurityKeyIdentifierClause ReadSecurityTokenReference(XmlReader reader)
{
reader.ReadStartElement();
reader.MoveToContent();
if (reader.NamespaceURI == SignedXml.XmlDsigNamespaceUrl)
{
KeyInfoX509Data x509 = new KeyInfoX509Data();
x509.LoadXml(new XmlDocument().ReadNode(reader) as XmlElement);
if (x509.IssuerSerials.Count == 0)
{
throw new XmlException("'X509IssuerSerial' element is expected inside 'X509Data' element");
}
X509IssuerSerial s = (X509IssuerSerial)x509.IssuerSerials [0];
reader.MoveToContent();
reader.ReadEndElement();
return(new X509IssuerSerialKeyIdentifierClause(s.IssuerName, s.SerialNumber));
}
if (reader.NamespaceURI != Constants.WssNamespace)
{
throw new XmlException(String.Format("Unexpected SecurityTokenReference content: expected local name 'Reference' and namespace URI '{0}' but found local name '{1}' and namespace '{2}'.", Constants.WssNamespace, reader.LocalName, reader.NamespaceURI));
}
switch (reader.LocalName)
{
case "Reference":
Type ownerType = null;
// FIXME: there could be more token types.
if (reader.MoveToAttribute("ValueType"))
{
switch (reader.Value)
{
case Constants.WSSEncryptedKeyToken:
ownerType = typeof(WrappedKeySecurityToken);
break;
case Constants.WSSX509Token:
ownerType = typeof(X509SecurityToken);
break;
case Constants.WsscContextToken:
ownerType = typeof(SecurityContextSecurityToken);
break;
default:
throw new XmlException(String.Format("Unexpected ValueType in 'Reference' element: '{0}'", reader.Value));
}
}
reader.MoveToElement();
string uri = reader.GetAttribute("URI");
if (String.IsNullOrEmpty(uri))
{
uri = "#";
}
SecurityKeyIdentifierClause ic = null;
if (ownerType == typeof(SecurityContextSecurityToken) && uri [0] != '#')
{
// FIXME: Generation?
ic = new SecurityContextKeyIdentifierClause(new UniqueId(uri));
}
else
{
ic = new LocalIdKeyIdentifierClause(uri.Substring(1), ownerType);
}
reader.Skip();
reader.MoveToContent();
reader.ReadEndElement();
return(ic);
case "KeyIdentifier":
string valueType = reader.GetAttribute("ValueType");
string value = reader.ReadElementContentAsString();
reader.MoveToContent();
reader.ReadEndElement(); // consume </Reference>
switch (valueType)
{
case Constants.WssKeyIdentifierX509Thumbptint:
return(new X509ThumbprintKeyIdentifierClause(Convert.FromBase64String(value)));
case Constants.WssKeyIdentifierEncryptedKey:
return(new InternalEncryptedKeyIdentifierClause(Convert.FromBase64String(value)));
case Constants.WssKeyIdentifierSamlAssertion:
return(new SamlAssertionKeyIdentifierClause(value));
default:
// It is kinda weird but it throws XmlException here ...
throw new XmlException(String.Format("KeyIdentifier type '{0}' is not supported in WSSecurityTokenSerializer.", valueType));
}
default:
throw new XmlException(String.Format("Unexpected SecurityTokenReference content: expected local name 'Reference' and namespace URI '{0}' but found local name '{1}' and namespace '{2}'.", Constants.WssNamespace, reader.LocalName, reader.NamespaceURI));
}
}
protected override void WriteGeneration(XmlDictionaryWriter writer, SecurityContextKeyIdentifierClause clause)
{
if (clause.Generation != null)
{
XmlHelper.WriteAttributeStringAsUniqueId(writer, DXD.SecureConversationDec2005Dictionary.Prefix.Value, DXD.SecureConversationDec2005Dictionary.Instance, DXD.SecureConversationDec2005Dictionary.Namespace, clause.Generation);
}
}
protected override void WriteGeneration( XmlDictionaryWriter writer, SecurityContextKeyIdentifierClause clause )
{
// serialize the generation
if ( clause.Generation != null )
{
XmlHelper.WriteAttributeStringAsUniqueId(
writer,
this.Parent.SecurityTokenSerializer.DictionaryManager.SecureConversationDec2005Dictionary.Prefix.Value,
this.Parent.SecurityTokenSerializer.DictionaryManager.SecureConversationDec2005Dictionary.Instance,
this.Parent.SecurityTokenSerializer.DictionaryManager.SecureConversationDec2005Dictionary.Namespace,
clause.Generation );
}
}
protected abstract void WriteGeneration( XmlDictionaryWriter writer, SecurityContextKeyIdentifierClause clause );
public override bool Matches(SecurityKeyIdentifierClause keyIdentifierClause)
{
SecurityContextKeyIdentifierClause that = keyIdentifierClause as SecurityContextKeyIdentifierClause;
return(ReferenceEquals(this, that) || (that != null && that.Matches(_contextId, _generation)));
}
void WriteSecurityContextKeyIdentifierClause (
XmlWriter w, SecurityContextKeyIdentifierClause ic)
{
w.WriteStartElement ("o", "SecurityTokenReference", Constants.WssNamespace);
w.WriteStartElement ("o", "Reference", Constants.WssNamespace);
w.WriteAttributeString ("URI", ic.ContextId.ToString ());
string vt = GetTokenTypeUri (typeof (SecurityContextSecurityToken));
w.WriteAttributeString ("ValueType", vt);
w.WriteEndElement ();
w.WriteEndElement ();
}
public override bool Matches(SecurityKeyIdentifierClause keyIdentifierClause)
{
SecurityContextKeyIdentifierClause objB = keyIdentifierClause as SecurityContextKeyIdentifierClause;
return(object.ReferenceEquals(this, objB) || ((objB != null) && objB.Matches(this.contextId, this.generation)));
}
public void WriteSecurityContextKeyIdentifierClause ()
{
StringWriter sw = new StringWriter ();
SecurityContextKeyIdentifierClause ic = new SecurityContextKeyIdentifierClause (new UniqueId ("urn:foo:1"), null);
using (XmlWriter w = XmlWriter.Create (sw, GetWriterSettings ())) {
WSSecurityTokenSerializer.DefaultInstance.WriteKeyIdentifierClause (w, ic);
}
Assert.AreEqual (@"<o:SecurityTokenReference xmlns:o=""http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd""><o:Reference URI=""urn:foo:1"" ValueType=""http://schemas.xmlsoap.org/ws/2005/02/sc/sct"" /></o:SecurityTokenReference>", sw.ToString (), "#1");
XmlReader reader = XmlReader.Create (new StringReader (sw.ToString ()));
ic = WSSecurityTokenSerializer.DefaultInstance.ReadKeyIdentifierClause (reader) as SecurityContextKeyIdentifierClause;
Assert.IsNotNull (ic, "#2");
}
protected abstract void WriteGeneration(XmlDictionaryWriter writer, SecurityContextKeyIdentifierClause clause);
/// <summary>
/// Reads the SessionSecurityToken from the given reader.
/// </summary>
/// <param name="reader">XmlReader over the SessionSecurityToken.</param>
/// <param name="tokenResolver">SecurityTokenResolver that can used to resolve SessionSecurityToken.</param>
/// <returns>An instance of <see cref="SessionSecurityToken"/>.</returns>
/// <exception cref="ArgumentNullException">The input argument 'reader' is null.</exception>
/// <exception cref="SecurityTokenException">The 'reader' is not positioned at a SessionSecurityToken
/// or the SessionSecurityToken cannot be read.</exception>
public override SecurityToken ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
if (tokenResolver == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenResolver");
}
byte[] encodedCookie = null;
SysUniqueId contextId = null;
SysUniqueId keyGeneration = null;
string ns = null;
string identifier = null;
string instance = null;
SecurityToken securityContextToken = null;
SessionDictionary dictionary = SessionDictionary.Instance;
XmlDictionaryReader dicReader = XmlDictionaryReader.CreateDictionaryReader(reader);
if (dicReader.IsStartElement(WSSecureConversationFeb2005Constants.ElementNames.Name, WSSecureConversationFeb2005Constants.Namespace))
{
ns = WSSecureConversationFeb2005Constants.Namespace;
identifier = WSSecureConversationFeb2005Constants.ElementNames.Identifier;
instance = WSSecureConversationFeb2005Constants.ElementNames.Instance;
}
else if (dicReader.IsStartElement(WSSecureConversation13Constants.ElementNames.Name, WSSecureConversation13Constants.Namespace))
{
ns = WSSecureConversation13Constants.Namespace;
identifier = WSSecureConversation13Constants.ElementNames.Identifier;
instance = WSSecureConversation13Constants.ElementNames.Instance;
}
else
{
//
// Something is wrong
//
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(
SR.GetString(SR.ID4230, WSSecureConversationFeb2005Constants.ElementNames.Name, dicReader.Name)));
}
string id = dicReader.GetAttribute(WSUtilityConstants.Attributes.IdAttribute, WSUtilityConstants.NamespaceURI);
dicReader.ReadFullStartElement();
if (!dicReader.IsStartElement(identifier, ns))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(
SR.GetString(SR.ID4230, WSSecureConversation13Constants.ElementNames.Identifier, dicReader.Name)));
}
contextId = dicReader.ReadElementContentAsUniqueId();
if (contextId == null || string.IsNullOrEmpty(contextId.ToString()))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.ID4242)));
}
//
// The token can be a renewed token, in which case we need to know the
// instance id, which will be the secondary key to the context id for
// cache lookups
//
if (dicReader.IsStartElement(instance, ns))
{
keyGeneration = dicReader.ReadElementContentAsUniqueId();
}
if (dicReader.IsStartElement(CookieElementName, CookieNamespace))
{
// Get the token from the Cache, which is returned as an SCT
SecurityToken cachedToken = null;
SecurityContextKeyIdentifierClause sctClause = null;
if (keyGeneration == null)
{
sctClause = new SecurityContextKeyIdentifierClause(contextId);
}
else
{
sctClause = new SecurityContextKeyIdentifierClause(contextId, keyGeneration);
}
tokenResolver.TryResolveToken(sctClause, out cachedToken);
if (cachedToken != null)
{
securityContextToken = cachedToken;
dicReader.Skip();
}
else
{
//
// CookieMode
//
encodedCookie = dicReader.ReadElementContentAsBase64();
if (encodedCookie == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.ID4237)));
}
//
// appply transforms
//
byte[] decodedCookie = ApplyTransforms(encodedCookie, false);
using (MemoryStream ms = new MemoryStream(decodedCookie))
{
BinaryFormatter formatter = new BinaryFormatter();
securityContextToken = formatter.Deserialize(ms) as SecurityToken;
}
SessionSecurityToken sessionToken = securityContextToken as SessionSecurityToken;
if (sessionToken != null && sessionToken.ContextId != contextId)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.ID4229, sessionToken.ContextId, contextId)));
}
if (sessionToken != null && sessionToken.Id != id)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.ID4227, sessionToken.Id, id)));
}
}
}
else
{
//
// SessionMode
//
// Get the token from the Cache.
SecurityToken cachedToken = null;
SecurityContextKeyIdentifierClause sctClause = null;
if (keyGeneration == null)
{
sctClause = new SecurityContextKeyIdentifierClause(contextId);
}
else
{
sctClause = new SecurityContextKeyIdentifierClause(contextId, keyGeneration);
}
tokenResolver.TryResolveToken(sctClause, out cachedToken);
if (cachedToken != null)
{
securityContextToken = cachedToken;
}
}
dicReader.ReadEndElement();
if (securityContextToken == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.ID4243)));
}
return securityContextToken;
}
SecurityKeyIdentifierClause ReadSecurityTokenReference (XmlReader reader)
{
reader.ReadStartElement ();
reader.MoveToContent ();
if (reader.NamespaceURI == SignedXml.XmlDsigNamespaceUrl) {
KeyInfoX509Data x509 = new KeyInfoX509Data ();
x509.LoadXml (new XmlDocument ().ReadNode (reader) as XmlElement);
if (x509.IssuerSerials.Count == 0)
throw new XmlException ("'X509IssuerSerial' element is expected inside 'X509Data' element");
X509IssuerSerial s = (X509IssuerSerial) x509.IssuerSerials [0];
reader.MoveToContent ();
reader.ReadEndElement ();
return new X509IssuerSerialKeyIdentifierClause (s.IssuerName, s.SerialNumber);
}
if (reader.NamespaceURI != Constants.WssNamespace)
throw new XmlException (String.Format ("Unexpected SecurityTokenReference content: expected local name 'Reference' and namespace URI '{0}' but found local name '{1}' and namespace '{2}'.", Constants.WssNamespace, reader.LocalName, reader.NamespaceURI));
switch (reader.LocalName) {
case "Reference":
Type ownerType = null;
// FIXME: there could be more token types.
if (reader.MoveToAttribute ("ValueType")) {
switch (reader.Value) {
case Constants.WSSEncryptedKeyToken:
ownerType = typeof (WrappedKeySecurityToken);
break;
case Constants.WSSX509Token:
ownerType = typeof (X509SecurityToken);
break;
case Constants.WsscContextToken:
ownerType = typeof (SecurityContextSecurityToken);
break;
default:
throw new XmlException (String.Format ("Unexpected ValueType in 'Reference' element: '{0}'", reader.Value));
}
}
reader.MoveToElement ();
string uri = reader.GetAttribute ("URI");
if (String.IsNullOrEmpty (uri))
uri = "#";
SecurityKeyIdentifierClause ic = null;
if (ownerType == typeof (SecurityContextSecurityToken) && uri [0] != '#')
// FIXME: Generation?
ic = new SecurityContextKeyIdentifierClause (new UniqueId (uri));
else
ic = new LocalIdKeyIdentifierClause (uri.Substring (1), ownerType);
reader.Skip ();
reader.MoveToContent ();
reader.ReadEndElement ();
return ic;
case "KeyIdentifier":
string valueType = reader.GetAttribute ("ValueType");
string value = reader.ReadElementContentAsString ();
reader.MoveToContent ();
reader.ReadEndElement (); // consume </Reference>
switch (valueType) {
case Constants.WssKeyIdentifierX509Thumbptint:
return new X509ThumbprintKeyIdentifierClause (Convert.FromBase64String (value));
case Constants.WssKeyIdentifierEncryptedKey:
return new InternalEncryptedKeyIdentifierClause (Convert.FromBase64String (value));
case Constants.WssKeyIdentifierSamlAssertion:
return new SamlAssertionKeyIdentifierClause (value);
default:
// It is kinda weird but it throws XmlException here ...
throw new XmlException (String.Format ("KeyIdentifier type '{0}' is not supported in WSSecurityTokenSerializer.", valueType));
}
default:
throw new XmlException (String.Format ("Unexpected SecurityTokenReference content: expected local name 'Reference' and namespace URI '{0}' but found local name '{1}' and namespace '{2}'.", Constants.WssNamespace, reader.LocalName, reader.NamespaceURI));
}
}
