public override SecurityTokenSerializer CreateSecurityTokenSerializer(SecurityTokenVersion version)
{
if (version == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("version");
}
MessageSecurityTokenVersion wsVersion = version as MessageSecurityTokenVersion;
if (wsVersion != null)
{
SamlSerializer samlSerializer = null;
if (parent.IssuedTokenAuthentication != null)
{
samlSerializer = parent.IssuedTokenAuthentication.SamlSerializer;
}
else
{
samlSerializer = new SamlSerializer();
}
return(new WSSecurityTokenSerializer(wsVersion.SecurityVersion, wsVersion.TrustVersion, wsVersion.SecureConversationVersion, wsVersion.EmitBspRequiredAttributes, samlSerializer, parent.SecureConversationAuthentication.SecurityStateEncoder, parent.SecureConversationAuthentication.SecurityContextClaimTypes));
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.SecurityTokenManagerCannotCreateSerializerForVersion, version)));
}
}
/// <summary>
/// Initializes the object with a UA identity token
/// </summary>
private void Initialize(IssuedIdentityToken token, SecurityTokenSerializer serializer, SecurityTokenResolver resolver)
{
if (token == null)
{
throw new ArgumentNullException("token");
}
string text = new UTF8Encoding().GetString(token.DecryptedTokenData);
XmlDocument document = new XmlDocument();
document.InnerXml = text.Trim();
XmlNodeReader reader = new XmlNodeReader(document.DocumentElement);
try
{
if (document.DocumentElement.NamespaceURI == "urn:oasis:names:tc:SAML:1.0:assertion")
{
SecurityToken samlToken = new SamlSerializer().ReadToken(reader, serializer, resolver);
Initialize(samlToken);
}
else
{
SecurityToken securityToken = serializer.ReadToken(reader, resolver);
Initialize(securityToken);
}
}
finally
{
reader.Close();
}
}
public WSSecurityTokenSerializer(
SecurityVersion securityVersion,
bool emitBspRequiredAttributes,
SamlSerializer samlSerializer)
: this(securityVersion, emitBspRequiredAttributes,
samlSerializer, null, null)
{
}
public WSSecurityTokenSerializer(
SecurityVersion securityVersion,
bool emitBspRequiredAttributes,
SamlSerializer samlSerializer,
SecurityStateEncoder securityStateEncoder,
IEnumerable <Type> knownTypes)
: this(securityVersion, emitBspRequiredAttributes,
samlSerializer, securityStateEncoder,
knownTypes, defaultOffset, defaultLabelLength,
defaultNonceLength)
{
}
public void ReadXmlBadContent()
{
SamlSerializer ser = new SamlSerializer();
string xml = String.Format("<saml:Evidence xmlns:saml=\"{0}\"><saml:DoNotCacheCondition /></saml:Evidence>", SamlConstants.Namespace);
XmlDictionaryReader reader = CreateReader(xml);
reader.MoveToContent();
SamlEvidence s = new SamlEvidence();
s.ReadXml(reader, ser, null, null);
}
public void ReadXmlExternalContent()
{
SamlSerializer ser = new SamlSerializer();
string xml = String.Format("<saml:Evidence xmlns:saml=\"{0}\"><external-element /><saml:AssertionIDReference>myref</saml:AssertionIDReference></saml:Evidence>", SamlConstants.Namespace);
XmlDictionaryReader reader = CreateReader(xml);
reader.MoveToContent();
SamlEvidence s = new SamlEvidence();
s.ReadXml(reader, ser, null, null);
}
public SamlTokenEntry(SecurityTokenSerializer tokenSerializer, SamlSerializer samlSerializer)
{
_tokenSerializer = tokenSerializer;
if (samlSerializer != null)
{
_samlSerializer = samlSerializer;
}
else
{
_samlSerializer = new SamlSerializer();
}
_samlSerializer.PopulateDictionary(BinaryMessageEncoderFactory.XmlDictionary);
}
internal IssuedTokenServiceCredential(IssuedTokenServiceCredential other)
{
this.audienceUriMode = other.audienceUriMode;
this.allowedAudienceUris = new List <string>(other.allowedAudienceUris);
this.samlSerializer = other.samlSerializer;
this.knownCertificates = new List <X509Certificate2>(other.knownCertificates);
this.certificateValidationMode = other.certificateValidationMode;
this.customCertificateValidator = other.customCertificateValidator;
this.trustedStoreLocation = other.trustedStoreLocation;
this.revocationMode = other.revocationMode;
this.allowUntrustedRsaIssuers = other.allowUntrustedRsaIssuers;
this.isReadOnly = other.isReadOnly;
}
internal IssuedTokenServiceCredential(IssuedTokenServiceCredential other)
{
_audienceUriMode = other._audienceUriMode;
_allowedAudienceUris = new List <string>(other._allowedAudienceUris);
_samlSerializer = other._samlSerializer;
_knownCertificates = new List <X509Certificate2>(other._knownCertificates);
_certificateValidationMode = other._certificateValidationMode;
_customCertificateValidator = other._customCertificateValidator;
_trustedStoreLocation = other._trustedStoreLocation;
_revocationMode = other._revocationMode;
_allowUntrustedRsaIssuers = other._allowUntrustedRsaIssuers;
_isReadOnly = other._isReadOnly;
}
private static string SerializeToken(SamlAssertion assertion)
{
SamlSecurityToken token = new SamlSecurityToken(assertion);
SamlSerializer serializer = new SamlSerializer();
WSSecurityTokenSerializer tokenSerializer = new WSSecurityTokenSerializer();
StringWriter stringWriter = new StringWriter();
XmlTextWriter xmltextWriter = new XmlTextWriter(stringWriter);
serializer.WriteToken(token, xmltextWriter, tokenSerializer);
return(stringWriter.ToString());
}
public void ReadXml1()
{
SamlSerializer ser = new SamlSerializer();
string xml = String.Format("<saml:Action Namespace=\"urn:myNS\" xmlns:saml=\"{0}\">urn:myAction</saml:Action>", SamlConstants.Namespace);
XmlDictionaryReader reader = CreateReader(xml);
reader.MoveToContent();
SamlAction s = new SamlAction();
s.ReadXml(reader, ser, null, null);
Assert.AreEqual("urn:myAction", s.Action, "#1");
Assert.AreEqual("urn:myNS", s.Namespace, "#2");
}
public void ReadXml1()
{
SamlSerializer ser = new SamlSerializer();
string xml = String.Format("<saml:Evidence xmlns:saml=\"{0}\"><saml:AssertionIDReference>myref</saml:AssertionIDReference></saml:Evidence>", SamlConstants.Namespace);
XmlDictionaryReader reader = CreateReader(xml);
reader.MoveToContent();
SamlEvidence s = new SamlEvidence();
s.ReadXml(reader, ser, null, null);
Assert.AreEqual(1, s.AssertionIdReferences.Count, "#1");
Assert.AreEqual("myref", s.AssertionIdReferences [0], "#2");
}
/// <summary>
/// Validates a SAML WSS user token.
/// </summary>
private SecurityToken ParseAndVerifySamlToken(byte[] tokenData)
{
XmlDocument document = new XmlDocument();
XmlNodeReader reader = null;
try
{
string text = new UTF8Encoding().GetString(tokenData);
document.InnerXml = text.Trim();
if (document.DocumentElement.NamespaceURI != "urn:oasis:names:tc:SAML:1.0:assertion")
{
throw new ServiceResultException(StatusCodes.BadNotSupported);
}
reader = new XmlNodeReader(document.DocumentElement);
SecurityToken samlToken = new SamlSerializer().ReadToken(
reader,
m_tokenSerializer,
m_tokenResolver);
return(samlToken);
}
catch (Exception e)
{
// construct translation object with default text.
TranslationInfo info = new TranslationInfo(
"InvalidSamlToken",
"en-US",
"'{0}' is not a valid SAML token.",
document.DocumentElement.LocalName);
// create an exception with a vendor defined sub-code.
throw new ServiceResultException(new ServiceResult(
e,
StatusCodes.BadIdentityTokenRejected,
"InvalidSamlToken",
"http://opcfoundation.org/UA/Sample/",
new LocalizedText(info)));
}
finally
{
if (reader != null)
{
reader.Close();
}
}
}
public void ReadXml1()
{
SamlSerializer ser = new SamlSerializer();
string xml = String.Format("<saml:Subject xmlns:saml=\"{0}\"><saml:NameIdentifier Format=\"myFormat\" NameQualifier=\"myQualifier\">myName</saml:NameIdentifier></saml:Subject>", SamlConstants.Namespace);
XmlDictionaryReader reader = CreateReader(xml);
reader.MoveToContent();
SamlSubject s = new SamlSubject();
s.ReadXml(reader, ser, null, null);
Assert.AreEqual("myFormat", s.NameFormat, "#1");
Assert.AreEqual("myQualifier", s.NameQualifier, "#2");
Assert.AreEqual("myName", s.Name, "#3");
}
/// <summary>
/// Get a SamlToken by username and password
/// </summary>
/// <param name="adfs_uri">Full url with protocol</param>
/// <param name="audience"></param>
/// <param name="username"></param>
/// <param name="password"></param>
/// <returns></returns>
public async Task <SamlSecurityToken> GetSamlToken(Uri adfs_uri, string audience, string username, string password)
{
var usernameMixedEndpoint = $"{adfs_uri.ToString()}adfs/services/trust/13/usernamemixed";
var rst = BuildRst(usernameMixedEndpoint, username, password, audience);
using (var httpClient = new HttpClient())
{
var request = new HttpRequestMessage(HttpMethod.Post, usernameMixedEndpoint)
{
Content = new StringContent(rst, Encoding.UTF8, "application/soap+xml")
};
var response = await httpClient.SendAsync(request);
try
{
var xDoc = XDocument.Load(new StreamReader(await response.Content.ReadAsStreamAsync()));
var unwrappedResponse = xDoc.Descendants((XNamespace)"http://docs.oasis-open.org/ws-sx/ws-trust/200512" + "RequestedSecurityToken")
.FirstOrDefault()?
.FirstNode as XElement;
if (unwrappedResponse != null)
{
var serializer = new SamlSerializer();
var token = serializer.ReadAssertion(new XmlTextReader(new StringReader(unwrappedResponse.ToString())));
return(new SamlSecurityToken(token));
}
else
{
throw new UnauthorizedAccessException();
}
}
catch (Exception ex)
{
ex.Data.Add("adfs_uri", adfs_uri.ToString());
ex.Data.Add("audience", audience);
ex.Data.Add("username", username);
var stream = await response.Content.ReadAsStreamAsync();
stream.Seek(0, SeekOrigin.Begin);
ex.Data.Add("adfs response", new StreamReader(stream).ReadToEnd());
throw;
}
}
}
public void ReadXml1()
{
SamlSerializer ser = new SamlSerializer();
string xml = String.Format("<saml:AuthorizationDecisionStatement Decision=\"Deny\" Resource=\"resource\" xmlns:saml=\"{0}\"><saml:Subject><saml:NameIdentifier Format=\"myFormat\" NameQualifier=\"myQualifier\">myName</saml:NameIdentifier></saml:Subject><saml:Action>myAction</saml:Action><saml:Evidence><saml:AssertionIDReference>myID</saml:AssertionIDReference></saml:Evidence></saml:AuthorizationDecisionStatement>", SamlConstants.Namespace);
XmlDictionaryReader reader = CreateReader(xml);
reader.MoveToContent();
SamlAuthorizationDecisionStatement s =
new SamlAuthorizationDecisionStatement();
s.ReadXml(reader, ser, null, null);
Assert.AreEqual(SamlAccessDecision.Deny, s.AccessDecision, "#1");
Assert.IsNotNull(s.SamlSubject, "#2");
Assert.AreEqual(1, s.SamlActions.Count, "#3");
Assert.AreEqual("myAction", s.SamlActions [0].Action, "#4");
Assert.IsNotNull(s.Evidence, "#5");
Assert.AreEqual(1, s.Evidence.AssertionIdReferences.Count, "#6");
Assert.AreEqual("myID", s.Evidence.AssertionIdReferences [0], "#7");
Assert.AreEqual("resource", s.Resource, "#8");
}
internal override SecurityTokenSerializer CreateSecurityTokenSerializer(SecurityTokenVersion version)
{
if (version == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(version));
}
if (version is MessageSecurityTokenVersion wsVersion)
{
SamlSerializer samlSerializer = null;
//TODO this will be implemented when we add WS-Federation support
//if (parent.IssuedTokenAuthentication != null)
// samlSerializer = parent.IssuedTokenAuthentication.SamlSerializer;
//else
// samlSerializer = new SamlSerializer();
return(new WSSecurityTokenSerializer(wsVersion.SecurityVersion, wsVersion.TrustVersion, wsVersion.SecureConversationVersion, wsVersion.EmitBspRequiredAttributes, samlSerializer, ServiceCredentials.SecureConversationAuthentication.SecurityStateEncoder, ServiceCredentials.SecureConversationAuthentication.SecurityContextClaimTypes));
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.Format(SR.SecurityTokenManagerCannotCreateSerializerForVersion, version)));
}
}
public WSSecurityTokenSerializer(
SecurityVersion securityVersion,
bool emitBspRequiredAttributes,
SamlSerializer samlSerializer,
SecurityStateEncoder securityStateEncoder,
IEnumerable <Type> knownTypes,
int maximumKeyDerivationOffset,
int maximumKeyDerivationLabelLength,
int maximumKeyDerivationNonceLength)
{
security_version = securityVersion;
emit_bsp = emitBspRequiredAttributes;
saml_serializer = samlSerializer;
encoder = securityStateEncoder;
known_types = new List <Type> (knownTypes ?? Type.EmptyTypes);
max_offset = maximumKeyDerivationOffset;
max_label_length = maximumKeyDerivationLabelLength;
max_nonce_length = maximumKeyDerivationNonceLength;
if (encoder == null)
{
encoder = new DataProtectionSecurityStateEncoder();
}
}
public override SecurityTokenSerializer CreateSecurityTokenSerializer(SecurityTokenVersion version)
{
if (version == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("version");
}
MessageSecurityTokenVersion version2 = version as MessageSecurityTokenVersion;
if (version2 == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(System.ServiceModel.SR.GetString("SecurityTokenManagerCannotCreateSerializerForVersion", new object[] { version })));
}
SamlSerializer samlSerializer = null;
if (this.parent.IssuedTokenAuthentication != null)
{
samlSerializer = this.parent.IssuedTokenAuthentication.SamlSerializer;
}
else
{
samlSerializer = new SamlSerializer();
}
return(new WSSecurityTokenSerializer(version2.SecurityVersion, version2.TrustVersion, version2.SecureConversationVersion, version2.EmitBspRequiredAttributes, samlSerializer, this.parent.SecureConversationAuthentication.SecurityStateEncoder, this.parent.SecureConversationAuthentication.SecurityContextClaimTypes));
}
/// <summary>
/// Initializes an instance of <see cref="WsSecurityTokenSerializerAdapter"/>
/// </summary>
/// <param name="securityTokenHandlerCollection">
/// The <see cref="SecurityTokenHandlerCollection" /> containing the set of <see cref="SecurityTokenHandler" />
/// objects used for serializing and validating tokens found in WS-Trust messages.
/// </param>
/// <param name="securityVersion">The SecurityVersion of the base WSSecurityTokenSerializer.</param>
/// <param name="trustVersion">The TrustVersion of the serializer uses.</param>
/// <param name="secureConversationVersion">The SecureConversationVersion of the serializer.</param>
/// <param name="emitBspAttributes">Flag that determines if the serailization shoudl be BSP compliant.</param>
/// <param name="samlSerializer">Serializer for SAML 1.1 tokens.</param>
/// <param name="stateEncoder">SecurityStateEncoder used for resolving SCT.</param>
/// <param name="knownTypes">The collection of known claim types.</param>
public WsSecurityTokenSerializerAdapter(SecurityTokenHandlerCollection securityTokenHandlerCollection, SecurityVersion securityVersion, TrustVersion trustVersion, SecureConversationVersion secureConversationVersion, bool emitBspAttributes, SamlSerializer samlSerializer, SecurityStateEncoder stateEncoder, IEnumerable <Type> knownTypes)
: base(securityVersion, trustVersion, secureConversationVersion, emitBspAttributes, samlSerializer, stateEncoder, knownTypes)
{
if (securityTokenHandlerCollection == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityTokenHandlerCollection");
}
_scVersion = secureConversationVersion;
_securityTokenHandlers = securityTokenHandlerCollection;
}
public WSSecurityTokenSerializer(SecurityVersion securityVersion, TrustVersion trustVersion, SecureConversationVersion secureConversationVersion, bool emitBspRequiredAttributes, SamlSerializer samlSerializer, SecurityStateEncoder securityStateEncoder, IEnumerable <Type> knownTypes,
int maximumKeyDerivationOffset, int maximumKeyDerivationLabelLength, int maximumKeyDerivationNonceLength)
{
throw ExceptionHelper.PlatformNotSupported();
}
public WSSecurityTokenSerializer(SecurityVersion securityVersion, bool emitBspRequiredAttributes, SamlSerializer samlSerializer, SecurityStateEncoder securityStateEncoder, IEnumerable <Type> knownTypes,
int maximumKeyDerivationOffset, int maximumKeyDerivationLabelLength, int maximumKeyDerivationNonceLength)
: this(securityVersion, TrustVersion.Default, SecureConversationVersion.Default, emitBspRequiredAttributes, samlSerializer, securityStateEncoder, knownTypes, maximumKeyDerivationOffset, maximumKeyDerivationLabelLength, maximumKeyDerivationNonceLength)
{
}
public WSSecurityTokenSerializer(SecurityVersion securityVersion, TrustVersion trustVersion, SecureConversationVersion secureConversationVersion, bool emitBspRequiredAttributes, SamlSerializer samlSerializer, SecurityStateEncoder securityStateEncoder, IEnumerable <Type> knownTypes,
int maximumKeyDerivationOffset, int maximumKeyDerivationLabelLength, int maximumKeyDerivationNonceLength)
{
if (maximumKeyDerivationOffset < 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException(nameof(maximumKeyDerivationOffset), SR.ValueMustBeNonNegative));
}
if (maximumKeyDerivationLabelLength < 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException(nameof(maximumKeyDerivationLabelLength), SR.ValueMustBeNonNegative));
}
if (maximumKeyDerivationNonceLength <= 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException(nameof(maximumKeyDerivationNonceLength), SR.ValueMustBeGreaterThanZero));
}
SecurityVersion = securityVersion ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException(nameof(securityVersion)));
EmitBspRequiredAttributes = emitBspRequiredAttributes;
MaximumKeyDerivationOffset = maximumKeyDerivationOffset;
MaximumKeyDerivationNonceLength = maximumKeyDerivationNonceLength;
MaximumKeyDerivationLabelLength = maximumKeyDerivationLabelLength;
_serializerEntries = new List <SerializerEntries>();
if (secureConversationVersion == SecureConversationVersion.WSSecureConversationFeb2005)
{
_secureConversation = new WSSecureConversationFeb2005(this, securityStateEncoder, knownTypes, maximumKeyDerivationOffset, maximumKeyDerivationLabelLength, maximumKeyDerivationNonceLength);
}
else if (secureConversationVersion == SecureConversationVersion.WSSecureConversation13)
{
_secureConversation = new WSSecureConversationDec2005(this, securityStateEncoder, knownTypes, maximumKeyDerivationOffset, maximumKeyDerivationLabelLength, maximumKeyDerivationNonceLength);
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
if (securityVersion == SecurityVersion.WSSecurity10)
{
_serializerEntries.Add(new WSSecurityJan2004(this, samlSerializer));
}
else if (securityVersion == SecurityVersion.WSSecurity11)
{
_serializerEntries.Add(new WSSecurityXXX2005(this, samlSerializer));
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException(nameof(securityVersion), SR.MessageSecurityVersionOutOfRange));
}
_serializerEntries.Add(_secureConversation);
//TODO later
TrustDictionary trustDictionary;
if (trustVersion == TrustVersion.WSTrustFeb2005)
{
_serializerEntries.Add(new WSTrustFeb2005(this));
trustDictionary = DXD.TrustDec2005Dictionary;
}
else if (trustVersion == TrustVersion.WSTrust13)
{
_serializerEntries.Add(new WSTrustDec2005(this));
trustDictionary = DXD.TrustDec2005Dictionary;
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
_tokenEntries = new List <TokenEntry>();
for (int i = 0; i < _serializerEntries.Count; ++i)
{
SerializerEntries serializerEntry = _serializerEntries[i];
serializerEntry.PopulateTokenEntries(_tokenEntries);
}
DictionaryManager dictionaryManager = new DictionaryManager(ServiceModelDictionary.CurrentVersion)
{
SecureConversationDec2005Dictionary = DXD.SecureConversationDec2005Dictionary,
SecurityAlgorithmDec2005Dictionary = DXD.SecurityAlgorithmDec2005Dictionary
};
_keyInfoSerializer = new WSKeyInfoSerializer(EmitBspRequiredAttributes, dictionaryManager, trustDictionary, this, securityVersion, secureConversationVersion);
}
public WSSecurityXXX2005(WSSecurityTokenSerializer tokenSerializer, SamlSerializer samlSerializer)
: base(tokenSerializer, samlSerializer)
{
}
public SamlTokenEntry(WSSecurityTokenSerializer tokenSerializer, SamlSerializer samlSerializer)
: base(tokenSerializer, samlSerializer)
{
}
/// <summary>
/// Initializes an instance of <see cref="WsSecurityTokenSerializerAdapter"/>
/// </summary>
/// <param name="securityTokenHandlerCollection">
/// The <see cref="SecurityTokenHandlerCollection" /> containing the set of <see cref="SecurityTokenHandler" />
/// objects used for serializing and validating tokens found in WS-Trust messages.
/// </param>
/// <param name="securityVersion">The SecurityVersion of the base WSSecurityTokenSerializer.</param>
/// <param name="emitBspAttributes">Flag that determines if the serailization shoudl be BSP compliant.</param>
/// <param name="samlSerializer">Serializer for SAML 1.1 tokens.</param>
/// <param name="stateEncoder">SecurityStateEncoder used for resolving SCT.</param>
/// <param name="knownTypes">The collection of known claim types.</param>
public WsSecurityTokenSerializerAdapter(SecurityTokenHandlerCollection securityTokenHandlerCollection, SecurityVersion securityVersion, bool emitBspAttributes, SamlSerializer samlSerializer, SecurityStateEncoder stateEncoder, IEnumerable <Type> knownTypes)
: this(securityTokenHandlerCollection, securityVersion, TrustVersion.WSTrust13, SecureConversationVersion.WSSecureConversation13, emitBspAttributes, samlSerializer, stateEncoder, knownTypes)
{
}
//<snippet2>
// This method configures the IssuedTokenAuthentication property of a ServiceHost.
public static void ConfigureIssuedTokenServiceCredentials(
ServiceHost sh, bool allowCardspaceTokens, IList <X509Certificate2> knownissuers,
X509CertificateValidationMode certMode, X509RevocationMode revocationMode, SamlSerializer ser)
{
// Allow CardSpace tokens.
sh.Credentials.IssuedTokenAuthentication.AllowUntrustedRsaIssuers = allowCardspaceTokens;
// Set up known issuer certificates.
foreach (X509Certificate2 cert in knownissuers)
{
sh.Credentials.IssuedTokenAuthentication.KnownCertificates.Add(cert);
}
// Set issuer certificate validation and revocation checking modes.
sh.Credentials.IssuedTokenAuthentication.CertificateValidationMode =
X509CertificateValidationMode.PeerOrChainTrust;
sh.Credentials.IssuedTokenAuthentication.RevocationMode = X509RevocationMode.Online;
sh.Credentials.IssuedTokenAuthentication.TrustedStoreLocation = StoreLocation.LocalMachine;
// Set the SamlSerializer, if one is specified.
if (ser != null)
{
sh.Credentials.IssuedTokenAuthentication.SamlSerializer = ser;
}
}
/// <summary cref="IUserIdentity.GetIdentityToken" />
public UserIdentityToken GetIdentityToken()
{
// check for anonymous.
if (m_token == null)
{
AnonymousIdentityToken token = new AnonymousIdentityToken();
token.PolicyId = m_policyId;
return(token);
}
// return a user name token.
UserNameSecurityToken usernameToken = m_token as UserNameSecurityToken;
if (usernameToken != null)
{
UserNameIdentityToken token = new UserNameIdentityToken();
token.PolicyId = m_policyId;
token.UserName = usernameToken.UserName;
token.DecryptedPassword = usernameToken.Password;
return(token);
}
// return an X509 token.
X509SecurityToken x509Token = m_token as X509SecurityToken;
if (x509Token != null)
{
X509IdentityToken token = new X509IdentityToken();
token.PolicyId = m_policyId;
token.CertificateData = x509Token.Certificate.GetRawCertData();
token.Certificate = x509Token.Certificate;
return(token);
}
// handle SAML token.
SamlSecurityToken samlToken = m_token as SamlSecurityToken;
if (samlToken != null)
{
MemoryStream ostrm = new MemoryStream();
XmlTextWriter writer = new XmlTextWriter(ostrm, new UTF8Encoding());
try
{
SamlSerializer serializer = new SamlSerializer();
serializer.WriteToken(samlToken, writer, WSSecurityTokenSerializer.DefaultInstance);
}
finally
{
writer.Close();
}
IssuedIdentityToken wssToken = new IssuedIdentityToken();
wssToken.PolicyId = m_policyId;
wssToken.DecryptedTokenData = ostrm.ToArray();
return(wssToken);
}
// return a WSS token by default.
if (m_token != null)
{
MemoryStream ostrm = new MemoryStream();
XmlWriter writer = new XmlTextWriter(ostrm, new UTF8Encoding());
try
{
WSSecurityTokenSerializer serializer = new WSSecurityTokenSerializer();
serializer.WriteToken(writer, m_token);
}
finally
{
writer.Close();
}
IssuedIdentityToken wssToken = new IssuedIdentityToken();
wssToken.PolicyId = m_policyId;
wssToken.DecryptedTokenData = ostrm.ToArray();
return(wssToken);
}
return(null);
}
public WSSecurityTokenSerializer(SecurityVersion securityVersion, TrustVersion trustVersion, SecureConversationVersion secureConversationVersion, bool emitBspRequiredAttributes, SamlSerializer samlSerializer, SecurityStateEncoder securityStateEncoder, IEnumerable <Type> knownTypes,
int maximumKeyDerivationOffset, int maximumKeyDerivationLabelLength, int maximumKeyDerivationNonceLength)
{
if (securityVersion == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("securityVersion"));
}
if (maximumKeyDerivationOffset < 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("maximumKeyDerivationOffset", SR.GetString(SR.ValueMustBeNonNegative)));
}
if (maximumKeyDerivationLabelLength < 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("maximumKeyDerivationLabelLength", SR.GetString(SR.ValueMustBeNonNegative)));
}
if (maximumKeyDerivationNonceLength <= 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("maximumKeyDerivationNonceLength", SR.GetString(SR.ValueMustBeGreaterThanZero)));
}
this.securityVersion = securityVersion;
this.emitBspRequiredAttributes = emitBspRequiredAttributes;
this.maximumKeyDerivationOffset = maximumKeyDerivationOffset;
this.maximumKeyDerivationNonceLength = maximumKeyDerivationNonceLength;
this.maximumKeyDerivationLabelLength = maximumKeyDerivationLabelLength;
this.serializerEntries = new List <SerializerEntries>();
if (secureConversationVersion == SecureConversationVersion.WSSecureConversationFeb2005)
{
this.secureConversation = new WSSecureConversationFeb2005(this, securityStateEncoder, knownTypes, maximumKeyDerivationOffset, maximumKeyDerivationLabelLength, maximumKeyDerivationNonceLength);
}
else if (secureConversationVersion == SecureConversationVersion.WSSecureConversation13)
{
this.secureConversation = new WSSecureConversationDec2005(this, securityStateEncoder, knownTypes, maximumKeyDerivationOffset, maximumKeyDerivationLabelLength, maximumKeyDerivationNonceLength);
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
if (securityVersion == SecurityVersion.WSSecurity10)
{
this.serializerEntries.Add(new WSSecurityJan2004(this, samlSerializer));
}
else if (securityVersion == SecurityVersion.WSSecurity11)
{
this.serializerEntries.Add(new WSSecurityXXX2005(this, samlSerializer));
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("securityVersion", SR.GetString(SR.MessageSecurityVersionOutOfRange)));
}
this.serializerEntries.Add(this.secureConversation);
IdentityModel.TrustDictionary trustDictionary;
if (trustVersion == TrustVersion.WSTrustFeb2005)
{
this.serializerEntries.Add(new WSTrustFeb2005(this));
trustDictionary = new IdentityModel.TrustFeb2005Dictionary(new CollectionDictionary(DXD.TrustDec2005Dictionary.Feb2005DictionaryStrings));
}
else if (trustVersion == TrustVersion.WSTrust13)
{
this.serializerEntries.Add(new WSTrustDec2005(this));
trustDictionary = new IdentityModel.TrustDec2005Dictionary(new CollectionDictionary(DXD.TrustDec2005Dictionary.Dec2005DictionaryString));
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
this.tokenEntries = new List <TokenEntry>();
for (int i = 0; i < this.serializerEntries.Count; ++i)
{
SerializerEntries serializerEntry = this.serializerEntries[i];
serializerEntry.PopulateTokenEntries(this.tokenEntries);
}
IdentityModel.DictionaryManager dictionaryManager = new IdentityModel.DictionaryManager(ServiceModelDictionary.CurrentVersion);
dictionaryManager.SecureConversationDec2005Dictionary = new IdentityModel.SecureConversationDec2005Dictionary(new CollectionDictionary(DXD.SecureConversationDec2005Dictionary.SecureConversationDictionaryStrings));
dictionaryManager.SecurityAlgorithmDec2005Dictionary = new IdentityModel.SecurityAlgorithmDec2005Dictionary(new CollectionDictionary(DXD.SecurityAlgorithmDec2005Dictionary.SecurityAlgorithmDictionaryStrings));
this.keyInfoSerializer = new WSKeyInfoSerializer(this.emitBspRequiredAttributes, dictionaryManager, trustDictionary, this, securityVersion, secureConversationVersion);
}
public WSSecurityJan2004(WSSecurityTokenSerializer tokenSerializer, SamlSerializer samlSerializer)
{
WSSecurityTokenSerializer = tokenSerializer;
SamlSerializer = samlSerializer;
}
