private Token(string tokenXml, Uri audience, TokenDecryptor decryptor) {
Requires.NotNullOrEmpty(tokenXml, "tokenXml");
Requires.True(decryptor != null || !IsEncrypted(tokenXml), null);
Contract.Ensures(this.AuthorizationContext != null);
byte[] decryptedBytes;
string decryptedString;
using (StringReader xmlReader = new StringReader(tokenXml)) {
var readerSettings = MessagingUtilities.CreateUntrustedXmlReaderSettings();
using (XmlReader tokenReader = XmlReader.Create(xmlReader, readerSettings)) {
Contract.Assume(tokenReader != null); // BCL contract should say XmlReader.Create result != null
if (IsEncrypted(tokenReader)) {
Logger.InfoCard.DebugFormat("Incoming SAML token, before decryption: {0}", tokenXml);
decryptedBytes = decryptor.DecryptToken(tokenReader);
decryptedString = Encoding.UTF8.GetString(decryptedBytes);
Contract.Assume(decryptedString != null); // BCL contracts should be enhanced here
} else {
decryptedBytes = Encoding.UTF8.GetBytes(tokenXml);
decryptedString = tokenXml;
}
}
}
var stringReader = new StringReader(decryptedString);
try {
this.Xml = new XPathDocument(stringReader).CreateNavigator();
} catch {
stringReader.Dispose();
throw;
}
Logger.InfoCard.DebugFormat("Incoming SAML token, after any decryption: {0}", this.Xml.InnerXml);
this.AuthorizationContext = TokenUtility.AuthenticateToken(this.Xml.ReadSubtree(), audience);
}
/// <summary>
/// Initializes a new instance of the <see cref="Token"/> class.
/// </summary>
/// <param name="tokenXml">Xml token, which may be encrypted.</param>
/// <param name="audience">The audience. May be <c>null</c> to avoid audience checking.</param>
/// <param name="decryptor">The decryptor to use to decrypt the token, if necessary..</param>
/// <exception cref="InformationCardException">Thrown for any problem decoding or decrypting the token.</exception>
private Token(string tokenXml, Uri audience, TokenDecryptor decryptor)
{
Contract.Requires <ArgumentException>(!String.IsNullOrEmpty(tokenXml));
Contract.Requires <ArgumentException>(decryptor != null || !IsEncrypted(tokenXml));
Contract.Ensures(this.AuthorizationContext != null);
byte[] decryptedBytes;
string decryptedString;
using (XmlReader tokenReader = XmlReader.Create(new StringReader(tokenXml))) {
Contract.Assume(tokenReader != null); // BCL contract should say XmlReader.Create result != null
if (IsEncrypted(tokenReader))
{
Logger.InfoCard.DebugFormat("Incoming SAML token, before decryption: {0}", tokenXml);
decryptedBytes = decryptor.DecryptToken(tokenReader);
decryptedString = Encoding.UTF8.GetString(decryptedBytes);
Contract.Assume(decryptedString != null); // BCL contracts should be enhanced here
}
else
{
decryptedBytes = Encoding.UTF8.GetBytes(tokenXml);
decryptedString = tokenXml;
}
}
this.Xml = new XPathDocument(new StringReader(decryptedString)).CreateNavigator();
Logger.InfoCard.DebugFormat("Incoming SAML token, after any decryption: {0}", this.Xml.InnerXml);
this.AuthorizationContext = TokenUtility.AuthenticateToken(this.Xml.ReadSubtree(), audience);
}
/// <summary>
/// Initializes a new instance of the <see cref="Token"/> class.
/// </summary>
/// <param name="tokenXml">Xml token, which may be encrypted.</param>
/// <param name="audience">The audience. May be <c>null</c> to avoid audience checking.</param>
/// <param name="decryptor">The decryptor to use to decrypt the token, if necessary..</param>
/// <exception cref="InformationCardException">Thrown for any problem decoding or decrypting the token.</exception>
private Token(string tokenXml, Uri audience, TokenDecryptor decryptor) {
Contract.Requires<ArgumentException>(!String.IsNullOrEmpty(tokenXml));
Contract.Requires<ArgumentException>(decryptor != null || !IsEncrypted(tokenXml));
Contract.Ensures(this.AuthorizationContext != null);
byte[] decryptedBytes;
string decryptedString;
using (XmlReader tokenReader = XmlReader.Create(new StringReader(tokenXml))) {
Contract.Assume(tokenReader != null); // BCL contract should say XmlReader.Create result != null
if (IsEncrypted(tokenReader)) {
Logger.InfoCard.DebugFormat("Incoming SAML token, before decryption: {0}", tokenXml);
decryptedBytes = decryptor.DecryptToken(tokenReader);
decryptedString = Encoding.UTF8.GetString(decryptedBytes);
Contract.Assume(decryptedString != null); // BCL contracts should be enhanced here
} else {
decryptedBytes = Encoding.UTF8.GetBytes(tokenXml);
decryptedString = tokenXml;
}
}
this.Xml = new XPathDocument(new StringReader(decryptedString)).CreateNavigator();
Logger.InfoCard.DebugFormat("Incoming SAML token, after any decryption: {0}", this.Xml.InnerXml);
this.AuthorizationContext = TokenUtility.AuthenticateToken(this.Xml.ReadSubtree(), audience);
}
/// <summary>
/// Initializes a new instance of the <see cref="ReceivingTokenEventArgs"/> class.
/// </summary>
/// <param name="tokenXml">The raw token XML, prior to any decryption.</param>
/// <param name="decryptor">The decryptor to use if the token is encrypted.</param>
internal ReceivingTokenEventArgs(string tokenXml, TokenDecryptor decryptor)
{
Contract.Requires(tokenXml != null);
this.TokenXml = tokenXml;
this.IsEncrypted = Token.IsEncrypted(this.TokenXml);
this.Decryptor = decryptor;
}
/// <summary>
/// Deserializes an XML document into a token.
/// </summary>
/// <param name="tokenXml">The token XML.</param>
/// <param name="audience">The URI that this token must have been crafted to be sent to. Use <c>null</c> to accept any intended audience.</param>
/// <param name="decryptionTokens">Any X.509 certificates that may be used to decrypt the token, if necessary.</param>
/// <returns>The deserialized token.</returns>
public static Token Read(string tokenXml, Uri audience, IEnumerable <SecurityToken> decryptionTokens)
{
Requires.NotNullOrEmpty(tokenXml, "tokenXml");
Requires.NotNull(decryptionTokens, "decryptionTokens");
TokenDecryptor decryptor = null;
if (IsEncrypted(tokenXml))
{
decryptor = new TokenDecryptor();
decryptor.Tokens.AddRange(decryptionTokens);
}
return(new Token(tokenXml, audience, decryptor));
}
/// <summary>
/// Deserializes an XML document into a token.
/// </summary>
/// <param name="tokenXml">The token XML.</param>
/// <param name="audience">The URI that this token must have been crafted to be sent to. Use <c>null</c> to accept any intended audience.</param>
/// <param name="decryptionTokens">Any X.509 certificates that may be used to decrypt the token, if necessary.</param>
/// <returns>The deserialized token.</returns>
public static Token Read(string tokenXml, Uri audience, IEnumerable <SecurityToken> decryptionTokens)
{
Contract.Requires <ArgumentException>(!String.IsNullOrEmpty(tokenXml));
Contract.Requires <ArgumentNullException>(decryptionTokens != null);
Contract.Ensures(Contract.Result <Token>() != null);
TokenDecryptor decryptor = null;
if (IsEncrypted(tokenXml))
{
decryptor = new TokenDecryptor();
decryptor.Tokens.AddRange(decryptionTokens);
}
return(new Token(tokenXml, audience, decryptor));
}
private Token(string tokenXml, Uri audience, TokenDecryptor decryptor)
{
Requires.NotNullOrEmpty(tokenXml, "tokenXml");
Requires.True(decryptor != null || !IsEncrypted(tokenXml), null);
Contract.Ensures(this.AuthorizationContext != null);
byte[] decryptedBytes;
string decryptedString;
using (StringReader xmlReader = new StringReader(tokenXml)) {
var readerSettings = MessagingUtilities.CreateUntrustedXmlReaderSettings();
using (XmlReader tokenReader = XmlReader.Create(xmlReader, readerSettings)) {
Contract.Assume(tokenReader != null); // BCL contract should say XmlReader.Create result != null
if (IsEncrypted(tokenReader))
{
Logger.InfoCard.DebugFormat("Incoming SAML token, before decryption: {0}", tokenXml);
decryptedBytes = decryptor.DecryptToken(tokenReader);
decryptedString = Encoding.UTF8.GetString(decryptedBytes);
Contract.Assume(decryptedString != null); // BCL contracts should be enhanced here
}
else
{
decryptedBytes = Encoding.UTF8.GetBytes(tokenXml);
decryptedString = tokenXml;
}
}
}
var stringReader = new StringReader(decryptedString);
try {
this.Xml = new XPathDocument(stringReader).CreateNavigator();
} catch {
stringReader.Dispose();
throw;
}
Logger.InfoCard.DebugFormat("Incoming SAML token, after any decryption: {0}", this.Xml.InnerXml);
this.AuthorizationContext = TokenUtility.AuthenticateToken(this.Xml.ReadSubtree(), audience);
}
/// <summary>
/// Deserializes an XML document into a token.
/// </summary>
/// <param name="tokenXml">The token XML.</param>
/// <param name="audience">The URI that this token must have been crafted to be sent to. Use <c>null</c> to accept any intended audience.</param>
/// <param name="decryptionTokens">Any X.509 certificates that may be used to decrypt the token, if necessary.</param>
/// <returns>The deserialized token.</returns>
public static Token Read(string tokenXml, Uri audience, IEnumerable<SecurityToken> decryptionTokens) {
Requires.NotNullOrEmpty(tokenXml, "tokenXml");
Requires.NotNull(decryptionTokens, "decryptionTokens");
Contract.Ensures(Contract.Result<Token>() != null);
TokenDecryptor decryptor = null;
if (IsEncrypted(tokenXml)) {
decryptor = new TokenDecryptor();
decryptor.Tokens.AddRange(decryptionTokens);
}
return new Token(tokenXml, audience, decryptor);
}
/// <summary>
/// Deserializes an XML document into a token.
/// </summary>
/// <param name="tokenXml">The token XML.</param>
/// <param name="audience">The URI that this token must have been crafted to be sent to. Use <c>null</c> to accept any intended audience.</param>
/// <param name="decryptionTokens">Any X.509 certificates that may be used to decrypt the token, if necessary.</param>
/// <returns>The deserialized token.</returns>
public static Token Read(string tokenXml, Uri audience, IEnumerable<SecurityToken> decryptionTokens) {
Contract.Requires<ArgumentException>(!String.IsNullOrEmpty(tokenXml));
Contract.Requires<ArgumentNullException>(decryptionTokens != null);
Contract.Ensures(Contract.Result<Token>() != null);
TokenDecryptor decryptor = null;
if (IsEncrypted(tokenXml)) {
decryptor = new TokenDecryptor();
decryptor.Tokens.AddRange(decryptionTokens);
}
return new Token(tokenXml, audience, decryptor);
}
/// <summary>
/// Fires the <see cref="ReceivingToken"/> event.
/// </summary>
/// <param name="tokenXml">The token XML, prior to any processing.</param>
/// <param name="decryptor">The decryptor to use, if the token is encrypted.</param>
/// <returns>The event arguments sent to the event handlers.</returns>
protected virtual ReceivingTokenEventArgs OnReceivingToken(string tokenXml, TokenDecryptor decryptor)
{
Contract.Requires(tokenXml != null);
ErrorUtilities.VerifyArgumentNotNull(tokenXml, "tokenXml");
var args = new ReceivingTokenEventArgs(tokenXml, decryptor);
var receivingToken = this.ReceivingToken;
if (receivingToken != null) {
receivingToken(this, args);
}
return args;
}
