public IToken Parse(string[] tokens)
{
var paramValues = new Dictionary <ParamValue.Param, ParamValue>();
for (int i = 0; i < tokens.Length; i++)
{
var chunkParser = new ChunkParser(tokens[i], i == 0 ? AUTH_SCHEME : null);
do
{
var currentParamValue = chunkParser.Current;
if (currentParamValue == null)
{
continue;
}
if (paramValues.ContainsKey(currentParamValue.Key))
{
paramValues[currentParamValue.Key] = paramValues[currentParamValue.Key].Concat(currentParamValue);
}
else
{
paramValues[currentParamValue.Key] = currentParamValue;
}
} while (chunkParser.MoveNext());
}
CheckMissingParams(paramValues);
var samlToken = Encoding.UTF8.GetString(
Decompress(
Convert.FromBase64String(
paramValues[ParamValue.Param.token].Value)));
var nonce = Nonce.FromString(paramValues[ParamValue.Param.nonce].Value);
var signAlgorithm = SigningAlgorithmConverter.StringToEnum(paramValues[ParamValue.Param.signature_alg].Value);
byte[] bodyHash = null;
if (paramValues.ContainsKey(ParamValue.Param.bodyhash))
{
bodyHash = Convert.FromBase64String(paramValues[ParamValue.Param.bodyhash].Value);
}
var signature = Convert.FromBase64String(paramValues[ParamValue.Param.signature].Value);
return(new Token(samlToken, nonce, signAlgorithm, bodyHash, signature));
}
public void VerifyAgeAndRepeatOnNewRequest(Nonce nonce)
{
Nonce notPreviousThan =
Nonce.FromDate(DateTime.Now.Subtract(new TimeSpan(0, 0, 0, _maxRequestAgeSec + _clockToleranceSec)));
if (nonce.CompareTo(notPreviousThan) < 0)
{
throw new AuthException(Resources.Request_Is_Quite_Old);
}
lock (_lastIds) {
PurgeOlder(notPreviousThan);
if (_lastIds.Contains(nonce))
{
throw new AuthException(Resources.Repeat_Attack_Alert);
}
_lastIds.Add(nonce);
}
}
private void PurgeOlder(Nonce notPreviousThan)
{
_lastIds.RemoveWhere(current => current.CompareTo(notPreviousThan) < 0);
}
