public override object Process(object input, SignatureResourcePool resourcePool, DictionaryManager dictionaryManager)
{
XmlTokenStream tokenStream = input as XmlTokenStream;
if (tokenStream != null)
{
tokenStream.SetElementExclusion(XmlSignatureStrings.Signature, XmlSignatureStrings.Namespace);
return(tokenStream);
}
WrappedReader reader = input as WrappedReader;
if (reader != null)
{
// The Enveloped Signature Transform is supposed to remove the
// Signature which encloses the transform element. Previous versions
// of this code stripped out all Signature elements at any depth,
// which did not allow nested signed structures. By specifying '1'
// as the depth, we narrow our range of support so that we require
// that the enveloped signature be a direct child of the element
// being signed.
reader.XmlTokens.SetElementExclusion(XmlSignatureConstants.Elements.Signature, XmlSignatureConstants.Namespace, 1);
return(reader);
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.UnsupportedInputTypeForTransform, input.GetType())));
}
/// <summary>
/// Releases the unmanaged resources used by the System.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureReader and optionally
/// releases the managed resources.
/// </summary>
/// <param name="disposing">
/// True to release both managed and unmanaged resources; false to release only unmanaged resources.
/// </param>
protected override void Dispose(bool disposing)
{
base.Dispose(disposing);
if (_disposed)
{
return;
}
if (disposing)
{
//
// Free all of our managed resources
//
if (_wrappedReader != null)
{
_wrappedReader.Close();
_wrappedReader = null;
}
}
// Free native resources, if any.
_disposed = true;
}
public virtual SamlSecurityToken ReadToken(XmlReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
XmlDictionaryReader dictionaryReader = XmlDictionaryReader.CreateDictionaryReader(reader);
WrappedReader wrappedReader = new WrappedReader(dictionaryReader);
SamlAssertion assertion = LoadAssertion(wrappedReader, keyInfoSerializer, outOfBandTokenResolver);
if (assertion == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLUnableToLoadAssertion)));
//if (assertion.Signature == null)
// throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SamlTokenMissingSignature)));
return new SamlSecurityToken(assertion);
}
/// <summary>
/// Initializes an instance of <see cref="EnvelopedSignatureReader"/>
/// </summary>
/// <param name="reader">Reader pointing to the enveloped signed XML.</param>
/// <param name="securityTokenSerializer">Token Serializer to deserialize the KeyInfo of the Signature.</param>
/// <param name="signingTokenResolver">Token Resolver to resolve the signing token.</param>
/// <param name="requireSignature">The value indicates whether the signature is optional.</param>
/// <param name="automaticallyReadSignature">This value indicates if the Signature should be read
/// when the Signature element is encountered or allow the caller to read the Signature manually.</param>
/// <param name="resolveIntrinsicSigningKeys">A value indicating if intrinsic signing keys should be resolved.</param>
public EnvelopedSignatureReader(XmlReader reader, SecurityTokenSerializer securityTokenSerializer, SecurityTokenResolver signingTokenResolver, bool requireSignature, bool automaticallyReadSignature, bool resolveIntrinsicSigningKeys)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
if (securityTokenSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityTokenSerializer");
}
_automaticallyReadSignature = automaticallyReadSignature;
_dictionaryManager = new DictionaryManager();
_tokenSerializer = securityTokenSerializer;
_requireSignature = requireSignature;
_signingTokenResolver = signingTokenResolver ?? EmptySecurityTokenResolver.Instance;
_resolveIntrinsicSigningKeys = resolveIntrinsicSigningKeys;
XmlDictionaryReader dictionaryReader = XmlDictionaryReader.CreateDictionaryReader(reader);
_wrappedReader = new WrappedReader(dictionaryReader);
base.InitializeInnerReader(_wrappedReader);
}
/// <summary>
/// Initializes an instance of <see cref="EnvelopedSignatureReader"/>
/// </summary>
/// <param name="reader">Reader pointing to the enveloped signed XML.</param>
/// <param name="securityTokenSerializer">Token Serializer to deserialize the KeyInfo of the Signature.</param>
/// <param name="signingTokenResolver">Token Resolver to resolve the signing token.</param>
/// <param name="requireSignature">The value indicates whether the signature is optional.</param>
/// <param name="automaticallyReadSignature">This value indicates if the Signature should be read
/// when the Signature element is encountered or allow the caller to read the Signature manually.</param>
/// <param name="resolveIntrinsicSigningKeys">A value indicating if intrinsic signing keys should be resolved.</param>
public EnvelopedSignatureReader(XmlReader reader, SecurityTokenSerializer securityTokenSerializer, SecurityTokenResolver signingTokenResolver, bool requireSignature, bool automaticallyReadSignature, bool resolveIntrinsicSigningKeys)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
if (securityTokenSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityTokenSerializer");
}
_automaticallyReadSignature = automaticallyReadSignature;
_dictionaryManager = new DictionaryManager();
_tokenSerializer = securityTokenSerializer;
_requireSignature = requireSignature;
_signingTokenResolver = signingTokenResolver ?? EmptySecurityTokenResolver.Instance;
_resolveIntrinsicSigningKeys = resolveIntrinsicSigningKeys;
XmlDictionaryReader dictionaryReader = XmlDictionaryReader.CreateDictionaryReader(reader);
_wrappedReader = new WrappedReader(dictionaryReader);
base.InitializeInnerReader(_wrappedReader);
}
public virtual void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("ReadXml"));
if (samlSerializer == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
XmlDictionaryReader dictionaryReader = XmlDictionaryReader.CreateDictionaryReader(reader);
WrappedReader wrappedReader = new WrappedReader(dictionaryReader);
#pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null.
SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary;
if (!wrappedReader.IsStartElement(dictionary.Assertion, dictionary.Namespace))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLElementNotRecognized, wrappedReader.LocalName)));
string attributeValue = wrappedReader.GetAttribute(dictionary.MajorVersion, null);
if (string.IsNullOrEmpty(attributeValue))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAssertionMissingMajorVersionAttributeOnRead)));
int majorVersion = Int32.Parse(attributeValue, CultureInfo.InvariantCulture);
attributeValue = wrappedReader.GetAttribute(dictionary.MinorVersion, null);
if (string.IsNullOrEmpty(attributeValue))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAssertionMissingMinorVersionAttributeOnRead)));
int minorVersion = Int32.Parse(attributeValue, CultureInfo.InvariantCulture);
if ((majorVersion != SamlConstants.MajorVersionValue) || (minorVersion != SamlConstants.MinorVersionValue))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLTokenVersionNotSupported, majorVersion, minorVersion, SamlConstants.MajorVersionValue, SamlConstants.MinorVersionValue)));
}
attributeValue = wrappedReader.GetAttribute(dictionary.AssertionId, null);
if (string.IsNullOrEmpty(attributeValue))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAssertionIdRequired)));
if (!IsAssertionIdValid(attributeValue))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAssertionIDIsInvalid, attributeValue)));
this.assertionId = attributeValue;
attributeValue = wrappedReader.GetAttribute(dictionary.Issuer, null);
if (string.IsNullOrEmpty(attributeValue))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAssertionMissingIssuerAttributeOnRead)));
this.issuer = attributeValue;
attributeValue = wrappedReader.GetAttribute(dictionary.IssueInstant, null);
if (!string.IsNullOrEmpty(attributeValue))
this.issueInstant = DateTime.ParseExact(
attributeValue, SamlConstants.AcceptedDateTimeFormats, DateTimeFormatInfo.InvariantInfo, DateTimeStyles.None).ToUniversalTime();
wrappedReader.MoveToContent();
wrappedReader.Read();
if (wrappedReader.IsStartElement(dictionary.Conditions, dictionary.Namespace))
{
this.conditions = samlSerializer.LoadConditions(wrappedReader, keyInfoSerializer, outOfBandTokenResolver);
if (this.conditions == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLUnableToLoadCondtions)));
}
if (wrappedReader.IsStartElement(dictionary.Advice, dictionary.Namespace))
{
this.advice = samlSerializer.LoadAdvice(wrappedReader, keyInfoSerializer, outOfBandTokenResolver);
if (this.advice == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLUnableToLoadAdvice)));
}
while (wrappedReader.IsStartElement())
{
#pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null.
if (wrappedReader.IsStartElement(samlSerializer.DictionaryManager.XmlSignatureDictionary.Signature, samlSerializer.DictionaryManager.XmlSignatureDictionary.Namespace))
{
break;
}
else
{
SamlStatement statement = samlSerializer.LoadStatement(wrappedReader, keyInfoSerializer, outOfBandTokenResolver);
if (statement == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLUnableToLoadStatement)));
this.statements.Add(statement);
}
}
if (this.statements.Count == 0)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAssertionRequireOneStatementOnRead)));
if (wrappedReader.IsStartElement(samlSerializer.DictionaryManager.XmlSignatureDictionary.Signature, samlSerializer.DictionaryManager.XmlSignatureDictionary.Namespace))
this.ReadSignature(wrappedReader, keyInfoSerializer, outOfBandTokenResolver, samlSerializer);
wrappedReader.MoveToContent();
wrappedReader.ReadEndElement();
this.tokenStream = wrappedReader.XmlTokens;
if (this.signature != null)
{
VerifySignature(this.signature, this.verificationKey);
}
BuildCryptoList();
}
/// <summary>
/// Releases the unmanaged resources used by the System.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureReader and optionally
/// releases the managed resources.
/// </summary>
/// <param name="disposing">
/// True to release both managed and unmanaged resources; false to release only unmanaged resources.
/// </param>
protected override void Dispose(bool disposing)
{
base.Dispose(disposing);
if (_disposed)
{
return;
}
if (disposing)
{
//
// Free all of our managed resources
//
if (_wrappedReader != null)
{
_wrappedReader.Close();
_wrappedReader = null;
}
}
// Free native resources, if any.
_disposed = true;
}
public virtual SamlSecurityToken ReadToken(XmlReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
WrappedReader reader3 = new WrappedReader(XmlDictionaryReader.CreateDictionaryReader(reader));
SamlAssertion assertion = this.LoadAssertion(reader3, keyInfoSerializer, outOfBandTokenResolver);
if (assertion == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLUnableToLoadAssertion")));
}
return new SamlSecurityToken(assertion);
}
public virtual void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("ReadXml"));
}
if (samlSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
}
WrappedReader reader3 = new WrappedReader(XmlDictionaryReader.CreateDictionaryReader(reader));
SamlDictionary samlDictionary = samlSerializer.DictionaryManager.SamlDictionary;
if (!reader3.IsStartElement(samlDictionary.Assertion, samlDictionary.Namespace))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLElementNotRecognized", new object[] { reader3.LocalName })));
}
string attribute = reader3.GetAttribute(samlDictionary.MajorVersion, null);
if (string.IsNullOrEmpty(attribute))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAssertionMissingMajorVersionAttributeOnRead")));
}
int num = int.Parse(attribute, CultureInfo.InvariantCulture);
attribute = reader3.GetAttribute(samlDictionary.MinorVersion, null);
if (string.IsNullOrEmpty(attribute))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAssertionMissingMinorVersionAttributeOnRead")));
}
int num2 = int.Parse(attribute, CultureInfo.InvariantCulture);
if ((num != SamlConstants.MajorVersionValue) || (num2 != SamlConstants.MinorVersionValue))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLTokenVersionNotSupported", new object[] { num, num2, SamlConstants.MajorVersionValue, SamlConstants.MinorVersionValue })));
}
attribute = reader3.GetAttribute(samlDictionary.AssertionId, null);
if (string.IsNullOrEmpty(attribute))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAssertionIdRequired")));
}
if (!this.IsAssertionIdValid(attribute))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAssertionIDIsInvalid", new object[] { attribute })));
}
this.assertionId = attribute;
attribute = reader3.GetAttribute(samlDictionary.Issuer, null);
if (string.IsNullOrEmpty(attribute))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAssertionMissingIssuerAttributeOnRead")));
}
this.issuer = attribute;
attribute = reader3.GetAttribute(samlDictionary.IssueInstant, null);
if (!string.IsNullOrEmpty(attribute))
{
this.issueInstant = DateTime.ParseExact(attribute, SamlConstants.AcceptedDateTimeFormats, DateTimeFormatInfo.InvariantInfo, DateTimeStyles.None).ToUniversalTime();
}
reader3.MoveToContent();
reader3.Read();
if (reader3.IsStartElement(samlDictionary.Conditions, samlDictionary.Namespace))
{
this.conditions = samlSerializer.LoadConditions(reader3, keyInfoSerializer, outOfBandTokenResolver);
if (this.conditions == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLUnableToLoadCondtions")));
}
}
if (reader3.IsStartElement(samlDictionary.Advice, samlDictionary.Namespace))
{
this.advice = samlSerializer.LoadAdvice(reader3, keyInfoSerializer, outOfBandTokenResolver);
if (this.advice == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLUnableToLoadAdvice")));
}
}
while (reader3.IsStartElement())
{
if (reader3.IsStartElement(samlSerializer.DictionaryManager.XmlSignatureDictionary.Signature, samlSerializer.DictionaryManager.XmlSignatureDictionary.Namespace))
{
break;
}
SamlStatement item = samlSerializer.LoadStatement(reader3, keyInfoSerializer, outOfBandTokenResolver);
if (item == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLUnableToLoadStatement")));
}
this.statements.Add(item);
}
if (this.statements.Count == 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAssertionRequireOneStatementOnRead")));
}
if (reader3.IsStartElement(samlSerializer.DictionaryManager.XmlSignatureDictionary.Signature, samlSerializer.DictionaryManager.XmlSignatureDictionary.Namespace))
{
this.ReadSignature(reader3, keyInfoSerializer, outOfBandTokenResolver, samlSerializer);
}
reader3.MoveToContent();
reader3.ReadEndElement();
this.tokenStream = reader3.XmlTokens;
if (this.signature != null)
{
this.VerifySignature(this.signature, this.verificationKey);
}
this.BuildCryptoList();
}
