/// <summary>
/// Validates a SAML WSS user token.
/// </summary>
private SecurityToken ParseAndVerifySamlToken(byte[] tokenData)
{
XmlDocument document = new XmlDocument();
XmlNodeReader reader = null;
try
{
string text = new UTF8Encoding().GetString(tokenData);
document.InnerXml = text.Trim();
if (document.DocumentElement.NamespaceURI != "urn:oasis:names:tc:SAML:1.0:assertion")
{
throw new ServiceResultException(StatusCodes.BadNotSupported);
}
reader = new XmlNodeReader(document.DocumentElement);
SecurityToken samlToken = new SamlSerializer().ReadToken(
reader,
m_tokenSerializer,
m_tokenResolver);
return samlToken;
}
catch (Exception e)
{
// construct translation object with default text.
TranslationInfo info = new TranslationInfo(
"InvalidSamlToken",
"en-US",
"'{0}' is not a valid SAML token.",
document.DocumentElement.LocalName);
// create an exception with a vendor defined sub-code.
throw new ServiceResultException(new ServiceResult(
e,
StatusCodes.BadIdentityTokenRejected,
"InvalidSamlToken",
"http://opcfoundation.org/UA/Sample/",
new LocalizedText(info)));
}
finally
{
if (reader != null)
{
reader.Close();
}
}
}
/// <summary>
/// Initializes the object with a UA identity token
/// </summary>
private void Initialize(IssuedIdentityToken token, SecurityTokenSerializer serializer, SecurityTokenResolver resolver)
{
if (token == null) throw new ArgumentNullException("token");
string text = new UTF8Encoding().GetString(token.DecryptedTokenData);
XmlDocument document = new XmlDocument();
document.InnerXml = text.Trim();
XmlNodeReader reader = new XmlNodeReader(document.DocumentElement);
try
{
if (document.DocumentElement.NamespaceURI == "urn:oasis:names:tc:SAML:1.0:assertion")
{
SecurityToken samlToken = new SamlSerializer().ReadToken(reader, serializer, resolver);
Initialize(samlToken);
}
else
{
SecurityToken securityToken = serializer.ReadToken(reader, resolver);
Initialize(securityToken);
}
}
finally
{
reader.Close();
}
}
