public override SecurityTokenSerializer CreateSecurityTokenSerializer(SecurityTokenVersion version) { if (version == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("version"); } MessageSecurityTokenVersion wsVersion = version as MessageSecurityTokenVersion; if (wsVersion != null) { SamlSerializer samlSerializer = null; if (parent.IssuedTokenAuthentication != null) { samlSerializer = parent.IssuedTokenAuthentication.SamlSerializer; } else { samlSerializer = new SamlSerializer(); } return(new WSSecurityTokenSerializer(wsVersion.SecurityVersion, wsVersion.TrustVersion, wsVersion.SecureConversationVersion, wsVersion.EmitBspRequiredAttributes, samlSerializer, parent.SecureConversationAuthentication.SecurityStateEncoder, parent.SecureConversationAuthentication.SecurityContextClaimTypes)); } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.SecurityTokenManagerCannotCreateSerializerForVersion, version))); } }
/// <summary> /// Initializes the object with a UA identity token /// </summary> private void Initialize(IssuedIdentityToken token, SecurityTokenSerializer serializer, SecurityTokenResolver resolver) { if (token == null) { throw new ArgumentNullException("token"); } string text = new UTF8Encoding().GetString(token.DecryptedTokenData); XmlDocument document = new XmlDocument(); document.InnerXml = text.Trim(); XmlNodeReader reader = new XmlNodeReader(document.DocumentElement); try { if (document.DocumentElement.NamespaceURI == "urn:oasis:names:tc:SAML:1.0:assertion") { SecurityToken samlToken = new SamlSerializer().ReadToken(reader, serializer, resolver); Initialize(samlToken); } else { SecurityToken securityToken = serializer.ReadToken(reader, resolver); Initialize(securityToken); } } finally { reader.Close(); } }
public WSSecurityTokenSerializer( SecurityVersion securityVersion, bool emitBspRequiredAttributes, SamlSerializer samlSerializer) : this(securityVersion, emitBspRequiredAttributes, samlSerializer, null, null) { }
public WSSecurityTokenSerializer( SecurityVersion securityVersion, bool emitBspRequiredAttributes, SamlSerializer samlSerializer, SecurityStateEncoder securityStateEncoder, IEnumerable <Type> knownTypes) : this(securityVersion, emitBspRequiredAttributes, samlSerializer, securityStateEncoder, knownTypes, defaultOffset, defaultLabelLength, defaultNonceLength) { }
public void ReadXmlBadContent() { SamlSerializer ser = new SamlSerializer(); string xml = String.Format("<saml:Evidence xmlns:saml=\"{0}\"><saml:DoNotCacheCondition /></saml:Evidence>", SamlConstants.Namespace); XmlDictionaryReader reader = CreateReader(xml); reader.MoveToContent(); SamlEvidence s = new SamlEvidence(); s.ReadXml(reader, ser, null, null); }
public void ReadXmlExternalContent() { SamlSerializer ser = new SamlSerializer(); string xml = String.Format("<saml:Evidence xmlns:saml=\"{0}\"><external-element /><saml:AssertionIDReference>myref</saml:AssertionIDReference></saml:Evidence>", SamlConstants.Namespace); XmlDictionaryReader reader = CreateReader(xml); reader.MoveToContent(); SamlEvidence s = new SamlEvidence(); s.ReadXml(reader, ser, null, null); }
public SamlTokenEntry(SecurityTokenSerializer tokenSerializer, SamlSerializer samlSerializer) { _tokenSerializer = tokenSerializer; if (samlSerializer != null) { _samlSerializer = samlSerializer; } else { _samlSerializer = new SamlSerializer(); } _samlSerializer.PopulateDictionary(BinaryMessageEncoderFactory.XmlDictionary); }
internal IssuedTokenServiceCredential(IssuedTokenServiceCredential other) { this.audienceUriMode = other.audienceUriMode; this.allowedAudienceUris = new List <string>(other.allowedAudienceUris); this.samlSerializer = other.samlSerializer; this.knownCertificates = new List <X509Certificate2>(other.knownCertificates); this.certificateValidationMode = other.certificateValidationMode; this.customCertificateValidator = other.customCertificateValidator; this.trustedStoreLocation = other.trustedStoreLocation; this.revocationMode = other.revocationMode; this.allowUntrustedRsaIssuers = other.allowUntrustedRsaIssuers; this.isReadOnly = other.isReadOnly; }
internal IssuedTokenServiceCredential(IssuedTokenServiceCredential other) { _audienceUriMode = other._audienceUriMode; _allowedAudienceUris = new List <string>(other._allowedAudienceUris); _samlSerializer = other._samlSerializer; _knownCertificates = new List <X509Certificate2>(other._knownCertificates); _certificateValidationMode = other._certificateValidationMode; _customCertificateValidator = other._customCertificateValidator; _trustedStoreLocation = other._trustedStoreLocation; _revocationMode = other._revocationMode; _allowUntrustedRsaIssuers = other._allowUntrustedRsaIssuers; _isReadOnly = other._isReadOnly; }
private static string SerializeToken(SamlAssertion assertion) { SamlSecurityToken token = new SamlSecurityToken(assertion); SamlSerializer serializer = new SamlSerializer(); WSSecurityTokenSerializer tokenSerializer = new WSSecurityTokenSerializer(); StringWriter stringWriter = new StringWriter(); XmlTextWriter xmltextWriter = new XmlTextWriter(stringWriter); serializer.WriteToken(token, xmltextWriter, tokenSerializer); return(stringWriter.ToString()); }
public void ReadXml1() { SamlSerializer ser = new SamlSerializer(); string xml = String.Format("<saml:Action Namespace=\"urn:myNS\" xmlns:saml=\"{0}\">urn:myAction</saml:Action>", SamlConstants.Namespace); XmlDictionaryReader reader = CreateReader(xml); reader.MoveToContent(); SamlAction s = new SamlAction(); s.ReadXml(reader, ser, null, null); Assert.AreEqual("urn:myAction", s.Action, "#1"); Assert.AreEqual("urn:myNS", s.Namespace, "#2"); }
public void ReadXml1() { SamlSerializer ser = new SamlSerializer(); string xml = String.Format("<saml:Evidence xmlns:saml=\"{0}\"><saml:AssertionIDReference>myref</saml:AssertionIDReference></saml:Evidence>", SamlConstants.Namespace); XmlDictionaryReader reader = CreateReader(xml); reader.MoveToContent(); SamlEvidence s = new SamlEvidence(); s.ReadXml(reader, ser, null, null); Assert.AreEqual(1, s.AssertionIdReferences.Count, "#1"); Assert.AreEqual("myref", s.AssertionIdReferences [0], "#2"); }
/// <summary> /// Validates a SAML WSS user token. /// </summary> private SecurityToken ParseAndVerifySamlToken(byte[] tokenData) { XmlDocument document = new XmlDocument(); XmlNodeReader reader = null; try { string text = new UTF8Encoding().GetString(tokenData); document.InnerXml = text.Trim(); if (document.DocumentElement.NamespaceURI != "urn:oasis:names:tc:SAML:1.0:assertion") { throw new ServiceResultException(StatusCodes.BadNotSupported); } reader = new XmlNodeReader(document.DocumentElement); SecurityToken samlToken = new SamlSerializer().ReadToken( reader, m_tokenSerializer, m_tokenResolver); return(samlToken); } catch (Exception e) { // construct translation object with default text. TranslationInfo info = new TranslationInfo( "InvalidSamlToken", "en-US", "'{0}' is not a valid SAML token.", document.DocumentElement.LocalName); // create an exception with a vendor defined sub-code. throw new ServiceResultException(new ServiceResult( e, StatusCodes.BadIdentityTokenRejected, "InvalidSamlToken", "http://opcfoundation.org/UA/Sample/", new LocalizedText(info))); } finally { if (reader != null) { reader.Close(); } } }
public void ReadXml1() { SamlSerializer ser = new SamlSerializer(); string xml = String.Format("<saml:Subject xmlns:saml=\"{0}\"><saml:NameIdentifier Format=\"myFormat\" NameQualifier=\"myQualifier\">myName</saml:NameIdentifier></saml:Subject>", SamlConstants.Namespace); XmlDictionaryReader reader = CreateReader(xml); reader.MoveToContent(); SamlSubject s = new SamlSubject(); s.ReadXml(reader, ser, null, null); Assert.AreEqual("myFormat", s.NameFormat, "#1"); Assert.AreEqual("myQualifier", s.NameQualifier, "#2"); Assert.AreEqual("myName", s.Name, "#3"); }
/// <summary> /// Get a SamlToken by username and password /// </summary> /// <param name="adfs_uri">Full url with protocol</param> /// <param name="audience"></param> /// <param name="username"></param> /// <param name="password"></param> /// <returns></returns> public async Task <SamlSecurityToken> GetSamlToken(Uri adfs_uri, string audience, string username, string password) { var usernameMixedEndpoint = $"{adfs_uri.ToString()}adfs/services/trust/13/usernamemixed"; var rst = BuildRst(usernameMixedEndpoint, username, password, audience); using (var httpClient = new HttpClient()) { var request = new HttpRequestMessage(HttpMethod.Post, usernameMixedEndpoint) { Content = new StringContent(rst, Encoding.UTF8, "application/soap+xml") }; var response = await httpClient.SendAsync(request); try { var xDoc = XDocument.Load(new StreamReader(await response.Content.ReadAsStreamAsync())); var unwrappedResponse = xDoc.Descendants((XNamespace)"http://docs.oasis-open.org/ws-sx/ws-trust/200512" + "RequestedSecurityToken") .FirstOrDefault()? .FirstNode as XElement; if (unwrappedResponse != null) { var serializer = new SamlSerializer(); var token = serializer.ReadAssertion(new XmlTextReader(new StringReader(unwrappedResponse.ToString()))); return(new SamlSecurityToken(token)); } else { throw new UnauthorizedAccessException(); } } catch (Exception ex) { ex.Data.Add("adfs_uri", adfs_uri.ToString()); ex.Data.Add("audience", audience); ex.Data.Add("username", username); var stream = await response.Content.ReadAsStreamAsync(); stream.Seek(0, SeekOrigin.Begin); ex.Data.Add("adfs response", new StreamReader(stream).ReadToEnd()); throw; } } }
public void ReadXml1() { SamlSerializer ser = new SamlSerializer(); string xml = String.Format("<saml:AuthorizationDecisionStatement Decision=\"Deny\" Resource=\"resource\" xmlns:saml=\"{0}\"><saml:Subject><saml:NameIdentifier Format=\"myFormat\" NameQualifier=\"myQualifier\">myName</saml:NameIdentifier></saml:Subject><saml:Action>myAction</saml:Action><saml:Evidence><saml:AssertionIDReference>myID</saml:AssertionIDReference></saml:Evidence></saml:AuthorizationDecisionStatement>", SamlConstants.Namespace); XmlDictionaryReader reader = CreateReader(xml); reader.MoveToContent(); SamlAuthorizationDecisionStatement s = new SamlAuthorizationDecisionStatement(); s.ReadXml(reader, ser, null, null); Assert.AreEqual(SamlAccessDecision.Deny, s.AccessDecision, "#1"); Assert.IsNotNull(s.SamlSubject, "#2"); Assert.AreEqual(1, s.SamlActions.Count, "#3"); Assert.AreEqual("myAction", s.SamlActions [0].Action, "#4"); Assert.IsNotNull(s.Evidence, "#5"); Assert.AreEqual(1, s.Evidence.AssertionIdReferences.Count, "#6"); Assert.AreEqual("myID", s.Evidence.AssertionIdReferences [0], "#7"); Assert.AreEqual("resource", s.Resource, "#8"); }
internal override SecurityTokenSerializer CreateSecurityTokenSerializer(SecurityTokenVersion version) { if (version == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(version)); } if (version is MessageSecurityTokenVersion wsVersion) { SamlSerializer samlSerializer = null; //TODO this will be implemented when we add WS-Federation support //if (parent.IssuedTokenAuthentication != null) // samlSerializer = parent.IssuedTokenAuthentication.SamlSerializer; //else // samlSerializer = new SamlSerializer(); return(new WSSecurityTokenSerializer(wsVersion.SecurityVersion, wsVersion.TrustVersion, wsVersion.SecureConversationVersion, wsVersion.EmitBspRequiredAttributes, samlSerializer, ServiceCredentials.SecureConversationAuthentication.SecurityStateEncoder, ServiceCredentials.SecureConversationAuthentication.SecurityContextClaimTypes)); } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.Format(SR.SecurityTokenManagerCannotCreateSerializerForVersion, version))); } }
public WSSecurityTokenSerializer( SecurityVersion securityVersion, bool emitBspRequiredAttributes, SamlSerializer samlSerializer, SecurityStateEncoder securityStateEncoder, IEnumerable <Type> knownTypes, int maximumKeyDerivationOffset, int maximumKeyDerivationLabelLength, int maximumKeyDerivationNonceLength) { security_version = securityVersion; emit_bsp = emitBspRequiredAttributes; saml_serializer = samlSerializer; encoder = securityStateEncoder; known_types = new List <Type> (knownTypes ?? Type.EmptyTypes); max_offset = maximumKeyDerivationOffset; max_label_length = maximumKeyDerivationLabelLength; max_nonce_length = maximumKeyDerivationNonceLength; if (encoder == null) { encoder = new DataProtectionSecurityStateEncoder(); } }
public override SecurityTokenSerializer CreateSecurityTokenSerializer(SecurityTokenVersion version) { if (version == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("version"); } MessageSecurityTokenVersion version2 = version as MessageSecurityTokenVersion; if (version2 == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(System.ServiceModel.SR.GetString("SecurityTokenManagerCannotCreateSerializerForVersion", new object[] { version }))); } SamlSerializer samlSerializer = null; if (this.parent.IssuedTokenAuthentication != null) { samlSerializer = this.parent.IssuedTokenAuthentication.SamlSerializer; } else { samlSerializer = new SamlSerializer(); } return(new WSSecurityTokenSerializer(version2.SecurityVersion, version2.TrustVersion, version2.SecureConversationVersion, version2.EmitBspRequiredAttributes, samlSerializer, this.parent.SecureConversationAuthentication.SecurityStateEncoder, this.parent.SecureConversationAuthentication.SecurityContextClaimTypes)); }
/// <summary> /// Initializes an instance of <see cref="WsSecurityTokenSerializerAdapter"/> /// </summary> /// <param name="securityTokenHandlerCollection"> /// The <see cref="SecurityTokenHandlerCollection" /> containing the set of <see cref="SecurityTokenHandler" /> /// objects used for serializing and validating tokens found in WS-Trust messages. /// </param> /// <param name="securityVersion">The SecurityVersion of the base WSSecurityTokenSerializer.</param> /// <param name="trustVersion">The TrustVersion of the serializer uses.</param> /// <param name="secureConversationVersion">The SecureConversationVersion of the serializer.</param> /// <param name="emitBspAttributes">Flag that determines if the serailization shoudl be BSP compliant.</param> /// <param name="samlSerializer">Serializer for SAML 1.1 tokens.</param> /// <param name="stateEncoder">SecurityStateEncoder used for resolving SCT.</param> /// <param name="knownTypes">The collection of known claim types.</param> public WsSecurityTokenSerializerAdapter(SecurityTokenHandlerCollection securityTokenHandlerCollection, SecurityVersion securityVersion, TrustVersion trustVersion, SecureConversationVersion secureConversationVersion, bool emitBspAttributes, SamlSerializer samlSerializer, SecurityStateEncoder stateEncoder, IEnumerable <Type> knownTypes) : base(securityVersion, trustVersion, secureConversationVersion, emitBspAttributes, samlSerializer, stateEncoder, knownTypes) { if (securityTokenHandlerCollection == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityTokenHandlerCollection"); } _scVersion = secureConversationVersion; _securityTokenHandlers = securityTokenHandlerCollection; }
public WSSecurityTokenSerializer(SecurityVersion securityVersion, TrustVersion trustVersion, SecureConversationVersion secureConversationVersion, bool emitBspRequiredAttributes, SamlSerializer samlSerializer, SecurityStateEncoder securityStateEncoder, IEnumerable <Type> knownTypes, int maximumKeyDerivationOffset, int maximumKeyDerivationLabelLength, int maximumKeyDerivationNonceLength) { throw ExceptionHelper.PlatformNotSupported(); }
public WSSecurityTokenSerializer(SecurityVersion securityVersion, bool emitBspRequiredAttributes, SamlSerializer samlSerializer, SecurityStateEncoder securityStateEncoder, IEnumerable <Type> knownTypes, int maximumKeyDerivationOffset, int maximumKeyDerivationLabelLength, int maximumKeyDerivationNonceLength) : this(securityVersion, TrustVersion.Default, SecureConversationVersion.Default, emitBspRequiredAttributes, samlSerializer, securityStateEncoder, knownTypes, maximumKeyDerivationOffset, maximumKeyDerivationLabelLength, maximumKeyDerivationNonceLength) { }
public WSSecurityTokenSerializer(SecurityVersion securityVersion, TrustVersion trustVersion, SecureConversationVersion secureConversationVersion, bool emitBspRequiredAttributes, SamlSerializer samlSerializer, SecurityStateEncoder securityStateEncoder, IEnumerable <Type> knownTypes, int maximumKeyDerivationOffset, int maximumKeyDerivationLabelLength, int maximumKeyDerivationNonceLength) { if (maximumKeyDerivationOffset < 0) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException(nameof(maximumKeyDerivationOffset), SR.ValueMustBeNonNegative)); } if (maximumKeyDerivationLabelLength < 0) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException(nameof(maximumKeyDerivationLabelLength), SR.ValueMustBeNonNegative)); } if (maximumKeyDerivationNonceLength <= 0) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException(nameof(maximumKeyDerivationNonceLength), SR.ValueMustBeGreaterThanZero)); } SecurityVersion = securityVersion ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException(nameof(securityVersion))); EmitBspRequiredAttributes = emitBspRequiredAttributes; MaximumKeyDerivationOffset = maximumKeyDerivationOffset; MaximumKeyDerivationNonceLength = maximumKeyDerivationNonceLength; MaximumKeyDerivationLabelLength = maximumKeyDerivationLabelLength; _serializerEntries = new List <SerializerEntries>(); if (secureConversationVersion == SecureConversationVersion.WSSecureConversationFeb2005) { _secureConversation = new WSSecureConversationFeb2005(this, securityStateEncoder, knownTypes, maximumKeyDerivationOffset, maximumKeyDerivationLabelLength, maximumKeyDerivationNonceLength); } else if (secureConversationVersion == SecureConversationVersion.WSSecureConversation13) { _secureConversation = new WSSecureConversationDec2005(this, securityStateEncoder, knownTypes, maximumKeyDerivationOffset, maximumKeyDerivationLabelLength, maximumKeyDerivationNonceLength); } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException()); } if (securityVersion == SecurityVersion.WSSecurity10) { _serializerEntries.Add(new WSSecurityJan2004(this, samlSerializer)); } else if (securityVersion == SecurityVersion.WSSecurity11) { _serializerEntries.Add(new WSSecurityXXX2005(this, samlSerializer)); } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException(nameof(securityVersion), SR.MessageSecurityVersionOutOfRange)); } _serializerEntries.Add(_secureConversation); //TODO later TrustDictionary trustDictionary; if (trustVersion == TrustVersion.WSTrustFeb2005) { _serializerEntries.Add(new WSTrustFeb2005(this)); trustDictionary = DXD.TrustDec2005Dictionary; } else if (trustVersion == TrustVersion.WSTrust13) { _serializerEntries.Add(new WSTrustDec2005(this)); trustDictionary = DXD.TrustDec2005Dictionary; } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException()); } _tokenEntries = new List <TokenEntry>(); for (int i = 0; i < _serializerEntries.Count; ++i) { SerializerEntries serializerEntry = _serializerEntries[i]; serializerEntry.PopulateTokenEntries(_tokenEntries); } DictionaryManager dictionaryManager = new DictionaryManager(ServiceModelDictionary.CurrentVersion) { SecureConversationDec2005Dictionary = DXD.SecureConversationDec2005Dictionary, SecurityAlgorithmDec2005Dictionary = DXD.SecurityAlgorithmDec2005Dictionary }; _keyInfoSerializer = new WSKeyInfoSerializer(EmitBspRequiredAttributes, dictionaryManager, trustDictionary, this, securityVersion, secureConversationVersion); }
public WSSecurityXXX2005(WSSecurityTokenSerializer tokenSerializer, SamlSerializer samlSerializer) : base(tokenSerializer, samlSerializer) { }
public SamlTokenEntry(WSSecurityTokenSerializer tokenSerializer, SamlSerializer samlSerializer) : base(tokenSerializer, samlSerializer) { }
/// <summary> /// Initializes an instance of <see cref="WsSecurityTokenSerializerAdapter"/> /// </summary> /// <param name="securityTokenHandlerCollection"> /// The <see cref="SecurityTokenHandlerCollection" /> containing the set of <see cref="SecurityTokenHandler" /> /// objects used for serializing and validating tokens found in WS-Trust messages. /// </param> /// <param name="securityVersion">The SecurityVersion of the base WSSecurityTokenSerializer.</param> /// <param name="emitBspAttributes">Flag that determines if the serailization shoudl be BSP compliant.</param> /// <param name="samlSerializer">Serializer for SAML 1.1 tokens.</param> /// <param name="stateEncoder">SecurityStateEncoder used for resolving SCT.</param> /// <param name="knownTypes">The collection of known claim types.</param> public WsSecurityTokenSerializerAdapter(SecurityTokenHandlerCollection securityTokenHandlerCollection, SecurityVersion securityVersion, bool emitBspAttributes, SamlSerializer samlSerializer, SecurityStateEncoder stateEncoder, IEnumerable <Type> knownTypes) : this(securityTokenHandlerCollection, securityVersion, TrustVersion.WSTrust13, SecureConversationVersion.WSSecureConversation13, emitBspAttributes, samlSerializer, stateEncoder, knownTypes) { }
//<snippet2> // This method configures the IssuedTokenAuthentication property of a ServiceHost. public static void ConfigureIssuedTokenServiceCredentials( ServiceHost sh, bool allowCardspaceTokens, IList <X509Certificate2> knownissuers, X509CertificateValidationMode certMode, X509RevocationMode revocationMode, SamlSerializer ser) { // Allow CardSpace tokens. sh.Credentials.IssuedTokenAuthentication.AllowUntrustedRsaIssuers = allowCardspaceTokens; // Set up known issuer certificates. foreach (X509Certificate2 cert in knownissuers) { sh.Credentials.IssuedTokenAuthentication.KnownCertificates.Add(cert); } // Set issuer certificate validation and revocation checking modes. sh.Credentials.IssuedTokenAuthentication.CertificateValidationMode = X509CertificateValidationMode.PeerOrChainTrust; sh.Credentials.IssuedTokenAuthentication.RevocationMode = X509RevocationMode.Online; sh.Credentials.IssuedTokenAuthentication.TrustedStoreLocation = StoreLocation.LocalMachine; // Set the SamlSerializer, if one is specified. if (ser != null) { sh.Credentials.IssuedTokenAuthentication.SamlSerializer = ser; } }
/// <summary cref="IUserIdentity.GetIdentityToken" /> public UserIdentityToken GetIdentityToken() { // check for anonymous. if (m_token == null) { AnonymousIdentityToken token = new AnonymousIdentityToken(); token.PolicyId = m_policyId; return(token); } // return a user name token. UserNameSecurityToken usernameToken = m_token as UserNameSecurityToken; if (usernameToken != null) { UserNameIdentityToken token = new UserNameIdentityToken(); token.PolicyId = m_policyId; token.UserName = usernameToken.UserName; token.DecryptedPassword = usernameToken.Password; return(token); } // return an X509 token. X509SecurityToken x509Token = m_token as X509SecurityToken; if (x509Token != null) { X509IdentityToken token = new X509IdentityToken(); token.PolicyId = m_policyId; token.CertificateData = x509Token.Certificate.GetRawCertData(); token.Certificate = x509Token.Certificate; return(token); } // handle SAML token. SamlSecurityToken samlToken = m_token as SamlSecurityToken; if (samlToken != null) { MemoryStream ostrm = new MemoryStream(); XmlTextWriter writer = new XmlTextWriter(ostrm, new UTF8Encoding()); try { SamlSerializer serializer = new SamlSerializer(); serializer.WriteToken(samlToken, writer, WSSecurityTokenSerializer.DefaultInstance); } finally { writer.Close(); } IssuedIdentityToken wssToken = new IssuedIdentityToken(); wssToken.PolicyId = m_policyId; wssToken.DecryptedTokenData = ostrm.ToArray(); return(wssToken); } // return a WSS token by default. if (m_token != null) { MemoryStream ostrm = new MemoryStream(); XmlWriter writer = new XmlTextWriter(ostrm, new UTF8Encoding()); try { WSSecurityTokenSerializer serializer = new WSSecurityTokenSerializer(); serializer.WriteToken(writer, m_token); } finally { writer.Close(); } IssuedIdentityToken wssToken = new IssuedIdentityToken(); wssToken.PolicyId = m_policyId; wssToken.DecryptedTokenData = ostrm.ToArray(); return(wssToken); } return(null); }
public WSSecurityTokenSerializer(SecurityVersion securityVersion, TrustVersion trustVersion, SecureConversationVersion secureConversationVersion, bool emitBspRequiredAttributes, SamlSerializer samlSerializer, SecurityStateEncoder securityStateEncoder, IEnumerable <Type> knownTypes, int maximumKeyDerivationOffset, int maximumKeyDerivationLabelLength, int maximumKeyDerivationNonceLength) { if (securityVersion == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("securityVersion")); } if (maximumKeyDerivationOffset < 0) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("maximumKeyDerivationOffset", SR.GetString(SR.ValueMustBeNonNegative))); } if (maximumKeyDerivationLabelLength < 0) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("maximumKeyDerivationLabelLength", SR.GetString(SR.ValueMustBeNonNegative))); } if (maximumKeyDerivationNonceLength <= 0) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("maximumKeyDerivationNonceLength", SR.GetString(SR.ValueMustBeGreaterThanZero))); } this.securityVersion = securityVersion; this.emitBspRequiredAttributes = emitBspRequiredAttributes; this.maximumKeyDerivationOffset = maximumKeyDerivationOffset; this.maximumKeyDerivationNonceLength = maximumKeyDerivationNonceLength; this.maximumKeyDerivationLabelLength = maximumKeyDerivationLabelLength; this.serializerEntries = new List <SerializerEntries>(); if (secureConversationVersion == SecureConversationVersion.WSSecureConversationFeb2005) { this.secureConversation = new WSSecureConversationFeb2005(this, securityStateEncoder, knownTypes, maximumKeyDerivationOffset, maximumKeyDerivationLabelLength, maximumKeyDerivationNonceLength); } else if (secureConversationVersion == SecureConversationVersion.WSSecureConversation13) { this.secureConversation = new WSSecureConversationDec2005(this, securityStateEncoder, knownTypes, maximumKeyDerivationOffset, maximumKeyDerivationLabelLength, maximumKeyDerivationNonceLength); } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException()); } if (securityVersion == SecurityVersion.WSSecurity10) { this.serializerEntries.Add(new WSSecurityJan2004(this, samlSerializer)); } else if (securityVersion == SecurityVersion.WSSecurity11) { this.serializerEntries.Add(new WSSecurityXXX2005(this, samlSerializer)); } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("securityVersion", SR.GetString(SR.MessageSecurityVersionOutOfRange))); } this.serializerEntries.Add(this.secureConversation); IdentityModel.TrustDictionary trustDictionary; if (trustVersion == TrustVersion.WSTrustFeb2005) { this.serializerEntries.Add(new WSTrustFeb2005(this)); trustDictionary = new IdentityModel.TrustFeb2005Dictionary(new CollectionDictionary(DXD.TrustDec2005Dictionary.Feb2005DictionaryStrings)); } else if (trustVersion == TrustVersion.WSTrust13) { this.serializerEntries.Add(new WSTrustDec2005(this)); trustDictionary = new IdentityModel.TrustDec2005Dictionary(new CollectionDictionary(DXD.TrustDec2005Dictionary.Dec2005DictionaryString)); } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException()); } this.tokenEntries = new List <TokenEntry>(); for (int i = 0; i < this.serializerEntries.Count; ++i) { SerializerEntries serializerEntry = this.serializerEntries[i]; serializerEntry.PopulateTokenEntries(this.tokenEntries); } IdentityModel.DictionaryManager dictionaryManager = new IdentityModel.DictionaryManager(ServiceModelDictionary.CurrentVersion); dictionaryManager.SecureConversationDec2005Dictionary = new IdentityModel.SecureConversationDec2005Dictionary(new CollectionDictionary(DXD.SecureConversationDec2005Dictionary.SecureConversationDictionaryStrings)); dictionaryManager.SecurityAlgorithmDec2005Dictionary = new IdentityModel.SecurityAlgorithmDec2005Dictionary(new CollectionDictionary(DXD.SecurityAlgorithmDec2005Dictionary.SecurityAlgorithmDictionaryStrings)); this.keyInfoSerializer = new WSKeyInfoSerializer(this.emitBspRequiredAttributes, dictionaryManager, trustDictionary, this, securityVersion, secureConversationVersion); }
public WSSecurityJan2004(WSSecurityTokenSerializer tokenSerializer, SamlSerializer samlSerializer) { WSSecurityTokenSerializer = tokenSerializer; SamlSerializer = samlSerializer; }