/// <summary> /// Deserializes an RSTR and returns a RequestSecurityTokenRespone object. /// </summary> /// <param name="reader">Reader over the RSTR.</param> /// <param name="context">Current Serialization context.</param> /// <returns>RequestSecurityTokenResponse object if deserialization was successful.</returns> /// <exception cref="ArgumentNullException">The given reader or context parameter is null</exception> public override RequestSecurityTokenResponse ReadXml(XmlReader reader, WSTrustSerializationContext context) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } bool isFinal = false; if (reader.IsStartElement(WSTrust13Constants.ElementNames.RequestSecurityTokenResponseCollection, WSTrust13Constants.NamespaceURI)) { reader.ReadStartElement(WSTrust13Constants.ElementNames.RequestSecurityTokenResponseCollection, WSTrust13Constants.NamespaceURI); isFinal = true; } RequestSecurityTokenResponse rstr = WSTrustSerializationHelper.CreateResponse(reader, context, this, WSTrustConstantsAdapter.Trust13); rstr.IsFinal = isFinal; if (isFinal) { reader.ReadEndElement(); } return rstr; }
/// <summary> /// Override of the base class that Reads a specific child element inside the RSTR. /// </summary> /// <param name="reader">Reader pointing at an element to read inside the RSTR.</param> /// <param name="rstr">The RequestSecurityTokenResponse element that is being populated from the reader.</param> /// <param name="context">Current Serialization context.</param> /// <exception cref="ArgumentNullException">Either reader or rstr or context parameter is null.</exception> /// <exception cref="WSTrustSerializationException">Unable to deserialize the current parameter.</exception> public override void ReadXmlElement(XmlReader reader, RequestSecurityTokenResponse rstr, WSTrustSerializationContext context) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } if (rstr == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rstr"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } if (reader.IsStartElement(WSTrust13Constants.ElementNames.KeyWrapAlgorithm, WSTrust13Constants.NamespaceURI)) { rstr.KeyWrapAlgorithm = reader.ReadElementContentAsString(); return; } WSTrustSerializationHelper.ReadRSTRXml(reader, rstr, context, WSTrustConstantsAdapter.Trust13); }
/// <summary> /// Override of the base class that reads a child element inside the RST /// </summary> /// <param name="reader">Reader pointing at an element to read inside the RST.</param> /// <param name="rst">The RequestSecurityToken element that is being populated from the reader.</param> /// <param name="context">Current Serialization context.</param> /// <exception cref="ArgumentNullException">Either reader or rst or context parameter is null.</exception> /// <exception cref="WSTrustSerializationException">Unable to deserialize the current parameter.</exception> public override void ReadXmlElement(XmlReader reader, RequestSecurityToken rst, WSTrustSerializationContext context) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } if (rst == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rst"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } // special case SecondaryParameters, they cannot be embeded as per WS-Trust 1.3 if (reader.IsStartElement(WSTrust13Constants.ElementNames.SecondaryParameters, WSTrust13Constants.NamespaceURI)) { rst.SecondaryParameters = this.ReadSecondaryParameters(reader, context); return; } if (reader.IsStartElement(WSTrust13Constants.ElementNames.KeyWrapAlgorithm, WSTrust13Constants.NamespaceURI)) { rst.KeyWrapAlgorithm = reader.ReadElementContentAsString(); if (!UriUtil.CanCreateValidUri(rst.KeyWrapAlgorithm, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, WSTrust13Constants.ElementNames.KeyWrapAlgorithm, WSTrust13Constants.NamespaceURI, rst.KeyWrapAlgorithm))); } return; } if (reader.IsStartElement(WSTrust13Constants.ElementNames.ValidateTarget, WSTrust13Constants.NamespaceURI)) { if (!reader.IsEmptyElement) { rst.ValidateTarget = new SecurityTokenElement(WSTrustSerializationHelper.ReadInnerXml(reader), context.SecurityTokenHandlers); } if (rst.ValidateTarget == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3221))); } return; } WSTrustSerializationHelper.ReadRSTXml(reader, rst, context, WSTrustConstantsAdapter.Trust13); }
/// <summary> /// Deserializes the RST from the XmlReader to a RequestSecurityToken object. /// </summary> /// <param name="reader">XML reader over the RST</param> /// <param name="context">Current Serialization context.</param> /// <returns>RequestSecurityToken object if the deserialization was successful</returns> /// <exception cref="ArgumentNullException">The reader or context parameter is null</exception> /// <exception cref="WSTrustSerializationException">There was an error parsing the RST</exception> public override RequestSecurityToken ReadXml(XmlReader reader, WSTrustSerializationContext context) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } return WSTrustSerializationHelper.CreateRequest(reader, context, this, WSTrustConstantsAdapter.TrustFeb2005); }
public static RequestSecurityToken CreateRequest(XmlReader reader, WSTrustSerializationContext context, WSTrustRequestSerializer requestSerializer, WSTrustConstantsAdapter trustConstants) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } if (requestSerializer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("requestSerializer"); } if (trustConstants == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("trustConstants"); } if (!reader.IsStartElement(trustConstants.Elements.RequestSecurityToken, trustConstants.NamespaceURI)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3032, reader.LocalName, reader.NamespaceURI, trustConstants.Elements.RequestSecurityToken, trustConstants.NamespaceURI))); } bool isEmptyElement = reader.IsEmptyElement; RequestSecurityToken rst = requestSerializer.CreateRequestSecurityToken(); rst.Context = reader.GetAttribute(trustConstants.Attributes.Context); reader.Read(); if (!isEmptyElement) { while (reader.IsStartElement()) { requestSerializer.ReadXmlElement(reader, rst, context); } reader.ReadEndElement(); } requestSerializer.Validate(rst); return rst; }
/// <summary> /// Writes out the supported elements on the request object. Override this method if someone /// has sub-class the RequestSecurityToken class and added more property to it. /// </summary> /// <param name="rst">The request instance</param> /// <param name="writer">The writer to write to</param> /// <param name="context">Current Serialization context.</param> /// <exception cref="ArgumentNullException">Either rst or writer or context parameter is null.</exception> public override void WriteKnownRequestElement(RequestSecurityToken rst, XmlWriter writer, WSTrustSerializationContext context) { if (rst == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rst"); } if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } WSTrustSerializationHelper.WriteKnownRequestElement(rst, writer, context, this, WSTrustConstantsAdapter.TrustFeb2005); }
/// <summary> /// Override of the base class that reads a child element inside the RST /// </summary> /// <param name="reader">Reader pointing at an element to read inside the RST.</param> /// <param name="rst">The RequestSecurityToken element that is being populated from the reader.</param> /// <param name="context">Current Serialization context.</param> /// <exception cref="ArgumentNullException">Either reader or rst or context parameter is null.</exception> /// <exception cref="WSTrustSerializationException">Unable to deserialize the current parameter.</exception> public override void ReadXmlElement(XmlReader reader, RequestSecurityToken rst, WSTrustSerializationContext context) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } if (rst == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rst"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } WSTrustSerializationHelper.ReadRSTXml(reader, rst, context, WSTrustConstantsAdapter.TrustFeb2005); }
/// <summary> /// Constructor for the WSTrustRequestBodyWriter. /// </summary> /// <param name="requestSecurityToken">The RequestSecurityToken object to be serialized in the outgoing Message.</param> /// <param name="serializer">Serializer is responsible for writting the requestSecurityToken into a XmlDictionaryWritter.</param> /// <param name="serializationContext">Context for the serialization.</param> /// <exception cref="ArgumentNullException">The 'requestSecurityToken' is null.</exception> /// <exception cref="ArgumentNullException">The 'serializer' is null.</exception> /// <exception cref="ArgumentNullException">The 'serializationContext' is null.</exception> public WSTrustRequestBodyWriter(System.IdentityModel.Protocols.WSTrust.RequestSecurityToken requestSecurityToken, WSTrustRequestSerializer serializer, WSTrustSerializationContext serializationContext) : base(true) { if (requestSecurityToken == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("requestSecurityToken"); } if (serializer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("serializer"); } if (serializationContext == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("serializationContext"); } _requestSecurityToken = requestSecurityToken; _serializer = serializer; _serializationContext = serializationContext; }
/// <summary> /// Initializes an instance of <see cref="WSTrustResponseBodyWriter"/> /// </summary> /// <param name="requestSecurityTokenResponse">The Response object that can write the body contents.</param> /// <param name="serializer">Serializer to use for serializing the RSTR.</param> /// <param name="context">The <see cref="WSTrustSerializationContext"/> of this request.</param> /// <exception cref="ArgumentNullException">serializer parameter is null.</exception> public WSTrustResponseBodyWriter(RSTR requestSecurityTokenResponse, WSTrustResponseSerializer serializer, WSTrustSerializationContext context) : base( true ) { if ( serializer == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "serializer" ); } if ( requestSecurityTokenResponse == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("requestSecurityTokenResponse"); } if ( context == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "context" ); } _serializer = serializer; _rstr = requestSecurityTokenResponse; _context = context; }
/// <summary> /// Override of the Base class method that writes a specific RSTR parameter to the outgoing stream. /// </summary> /// <param name="writer">Writer to which the RSTR is serialized</param> /// <param name="elementName">The Local name of the element to be written.</param> /// <param name="elementValue">The value of the element.</param> /// <param name="rstr">The entire RSTR object that is being serialized.</param> /// <param name="context">Current Serialization context.</param> /// <exception cref="ArgumentNullException">Either writer or rstr or context is null.</exception> /// <exception cref="ArgumentException">elementName is null or an empty string.</exception> public override void WriteXmlElement(XmlWriter writer, string elementName, object elementValue, RequestSecurityTokenResponse rstr, WSTrustSerializationContext context) { if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (string.IsNullOrEmpty(elementName)) { throw DiagnosticUtility.ThrowHelperArgumentNullOrEmptyString("elementName"); } if (rstr == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rstr"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } if (StringComparer.Ordinal.Equals(elementName, WSTrust13Constants.ElementNames.KeyWrapAlgorithm)) { writer.WriteElementString(WSTrust13Constants.Prefix, WSTrust13Constants.ElementNames.KeyWrapAlgorithm, WSTrust13Constants.NamespaceURI, (string)elementValue); return; } WSTrustSerializationHelper.WriteRSTRXml(writer, elementName, elementValue, context, WSTrustConstantsAdapter.Trust13); }
/// <summary> /// Serializes the given RequestSecurityToken into the XmlWriter /// </summary> /// <param name="request">RequestSecurityToken object to be serialized</param> /// <param name="writer">XML writer to serialize into</param> /// <param name="context">Current Serialization context.</param> /// <exception cref="ArgumentNullException">The request or writer or context parameter is null.</exception> public override void WriteXml(RequestSecurityToken request, XmlWriter writer, WSTrustSerializationContext context) { if (request == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("request"); } if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } WSTrustSerializationHelper.WriteRequest(request, writer, context, this, WSTrustConstantsAdapter.Trust13); }
private string SerializeResponse(RequestSecurityTokenResponse response) { var serializer = new WSTrust13ResponseSerializer(); var context = new WSTrustSerializationContext( FederatedAuthentication.FederationConfiguration.IdentityConfiguration .SecurityTokenHandlerCollectionManager); var sb = new StringBuilder(128); using (var writer = XmlWriter.Create(new StringWriter(sb))) { serializer.WriteXml(response, writer, context); return sb.ToString(); } }
/// <summary> /// When overriden in the derived class serializes the given RequestSecurityToken into the XmlWriter /// </summary> /// <param name="request">RequestSecurityToken object to be serialized</param> /// <param name="writer">XML writer to serialize into</param> /// <param name="context">Current Serialization context.</param> public abstract void WriteXml(RequestSecurityToken request, XmlWriter writer, WSTrustSerializationContext context);
/// <summary> /// Override of the Base class method that writes a specific RST parameter to the outgoing stream. /// </summary> /// <param name="writer">Writer to which the </param> /// <param name="elementName">The Local name of the element to be written.</param> /// <param name="elementValue">The value of the element.</param> /// <param name="rst">The entire RST object that is being serialized.</param> /// <param name="context">Current Serialization context.</param> /// <exception cref="ArgumentNullException">Either writer or rst or context is null.</exception> /// <exception cref="ArgumentException">elementName is null or an empty string.</exception> public override void WriteXmlElement(XmlWriter writer, string elementName, object elementValue, RequestSecurityToken rst, WSTrustSerializationContext context) { if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (string.IsNullOrEmpty(elementName)) { throw DiagnosticUtility.ThrowHelperArgumentNullOrEmptyString("elementName"); } if (rst == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rst"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } // Write out the WSTrust13 specific elements if (StringComparer.Ordinal.Equals(elementName, WSTrust13Constants.ElementNames.SecondaryParameters)) { RequestSecurityToken secondaryParameters = elementValue as RequestSecurityToken; if (secondaryParameters == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID2064, WSTrust13Constants.ElementNames.SecondaryParameters))); } // WS-Trust 13 spec does not allow this if (secondaryParameters.SecondaryParameters != null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID2055))); } writer.WriteStartElement(WSTrust13Constants.Prefix, WSTrust13Constants.ElementNames.SecondaryParameters, WSTrust13Constants.NamespaceURI); // write out the known elements inside the rst.SecondaryParameters this.WriteKnownRequestElement(secondaryParameters, writer, context); // Write the custom elements here from the rst.SecondaryParameters.Elements bag foreach (KeyValuePair<string, object> messageParam in secondaryParameters.Properties) { this.WriteXmlElement(writer, messageParam.Key, messageParam.Value, rst, context); } // close out the SecondaryParameters element writer.WriteEndElement(); return; } if (StringComparer.Ordinal.Equals(elementName, WSTrust13Constants.ElementNames.KeyWrapAlgorithm)) { writer.WriteElementString(WSTrust13Constants.Prefix, WSTrust13Constants.ElementNames.KeyWrapAlgorithm, WSTrust13Constants.NamespaceURI, (string)elementValue); return; } if (StringComparer.Ordinal.Equals(elementName, WSTrust13Constants.ElementNames.ValidateTarget)) { SecurityTokenElement tokenElement = elementValue as SecurityTokenElement; if (tokenElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("elementValue", SR.GetString(SR.ID3222, WSTrust13Constants.ElementNames.ValidateTarget, WSTrust13Constants.NamespaceURI, typeof(SecurityTokenElement), elementValue)); } writer.WriteStartElement(WSTrust13Constants.Prefix, WSTrust13Constants.ElementNames.ValidateTarget, WSTrust13Constants.NamespaceURI); if (tokenElement.SecurityTokenXml != null) { tokenElement.SecurityTokenXml.WriteTo(writer); } else { context.SecurityTokenHandlers.WriteToken(writer, tokenElement.GetSecurityToken()); } writer.WriteEndElement(); return; } WSTrustSerializationHelper.WriteRSTXml(writer, elementName, elementValue, context, WSTrustConstantsAdapter.Trust13); }
/// <summary> /// When overriden in the derived classs writes out the supported elements on the request object. /// </summary> /// <param name="requestSecurityToken">The request instance</param> /// <param name="writer">The writer to write to</param> /// <param name="context">Current Serialization context.</param> public abstract void WriteKnownRequestElement(RequestSecurityToken requestSecurityToken, XmlWriter writer, WSTrustSerializationContext context);
public static void WriteRSTRXml(XmlWriter writer, string elementName, object elementValue, WSTrustSerializationContext context, WSTrustConstantsAdapter trustConstants) { if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } if (string.IsNullOrEmpty(elementName)) { throw DiagnosticUtility.ThrowHelperArgumentNullOrEmptyString("elementName"); } if (trustConstants == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("trustConstants"); } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.Entropy)) { Entropy entropy = elementValue as Entropy; if (entropy != null) { writer.WriteStartElement(trustConstants.Prefix, trustConstants.Elements.Entropy, trustConstants.NamespaceURI); WriteProtectedKey(writer, entropy, context, trustConstants); writer.WriteEndElement(); } return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.KeySize)) { writer.WriteElementString(trustConstants.Prefix, trustConstants.Elements.KeySize, trustConstants.NamespaceURI, Convert.ToString((int)elementValue, CultureInfo.InvariantCulture)); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.Lifetime)) { Lifetime lifeTime = (Lifetime)elementValue; WSTrustSerializationHelper.WriteLifetime(writer, lifeTime, trustConstants); return; } if (StringComparer.Ordinal.Equals(elementName, WSPolicyConstants.ElementNames.AppliesTo)) { EndpointReference appliesTo = elementValue as EndpointReference; WSTrustSerializationHelper.WriteAppliesTo(writer, appliesTo, trustConstants); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.RequestedSecurityToken)) { RequestedSecurityToken requestedToken = (RequestedSecurityToken)elementValue; writer.WriteStartElement(trustConstants.Prefix, trustConstants.Elements.RequestedSecurityToken, trustConstants.NamespaceURI); if (requestedToken.SecurityTokenXml != null) { requestedToken.SecurityTokenXml.WriteTo(writer); } else { context.SecurityTokenHandlers.WriteToken(writer, requestedToken.SecurityToken); } writer.WriteEndElement(); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.RequestedProofToken)) { RequestedProofToken proofToken = (RequestedProofToken)elementValue; if (string.IsNullOrEmpty(proofToken.ComputedKeyAlgorithm) && proofToken.ProtectedKey == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID3021))); } writer.WriteStartElement(trustConstants.Prefix, trustConstants.Elements.RequestedProofToken, trustConstants.NamespaceURI); if (!string.IsNullOrEmpty(proofToken.ComputedKeyAlgorithm)) { WriteComputedKeyAlgorithm(writer, trustConstants.Elements.ComputedKey, proofToken.ComputedKeyAlgorithm, trustConstants); } else { WriteProtectedKey(writer, proofToken.ProtectedKey, context, trustConstants); } writer.WriteEndElement(); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.RequestedAttachedReference)) { writer.WriteStartElement(trustConstants.Prefix, trustConstants.Elements.RequestedAttachedReference, trustConstants.NamespaceURI); context.SecurityTokenHandlers.WriteKeyIdentifierClause(writer, (SecurityKeyIdentifierClause)elementValue); writer.WriteEndElement(); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.RequestedUnattachedReference)) { writer.WriteStartElement(trustConstants.Prefix, trustConstants.Elements.RequestedUnattachedReference, trustConstants.NamespaceURI); context.SecurityTokenHandlers.WriteKeyIdentifierClause(writer, (SecurityKeyIdentifierClause)elementValue); writer.WriteEndElement(); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.TokenType)) { if (!UriUtil.CanCreateValidUri((string)elementValue, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.TokenType, trustConstants.NamespaceURI, (string)elementValue))); } writer.WriteElementString(trustConstants.Prefix, trustConstants.Elements.TokenType, trustConstants.NamespaceURI, (string)elementValue); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.RequestType)) { if (!UriUtil.CanCreateValidUri((string)elementValue, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.RequestType, trustConstants.NamespaceURI, (string)elementValue))); } WSTrustSerializationHelper.WriteRequestType(writer, (string)elementValue, trustConstants); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.KeyType)) { WSTrustSerializationHelper.WriteKeyType(writer, (string)elementValue, trustConstants); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.AuthenticationType)) { if (!UriUtil.CanCreateValidUri((string)elementValue, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.AuthenticationType, trustConstants.NamespaceURI, (string)elementValue))); } writer.WriteElementString(trustConstants.Prefix, trustConstants.Elements.AuthenticationType, trustConstants.NamespaceURI, (string)elementValue); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.EncryptionAlgorithm)) { if (!UriUtil.CanCreateValidUri((string)elementValue, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.EncryptionAlgorithm, trustConstants.NamespaceURI, (string)elementValue))); } writer.WriteElementString(trustConstants.Prefix, trustConstants.Elements.EncryptionAlgorithm, trustConstants.NamespaceURI, (string)elementValue); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.CanonicalizationAlgorithm)) { if (!UriUtil.CanCreateValidUri((string)elementValue, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.CanonicalizationAlgorithm, trustConstants.NamespaceURI, (string)elementValue))); } writer.WriteElementString(trustConstants.Prefix, trustConstants.Elements.CanonicalizationAlgorithm, trustConstants.NamespaceURI, (string)elementValue); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.SignatureAlgorithm)) { if (!UriUtil.CanCreateValidUri((string)elementValue, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.SignatureAlgorithm, trustConstants.NamespaceURI, (string)elementValue))); } writer.WriteElementString(trustConstants.Prefix, trustConstants.Elements.SignatureAlgorithm, trustConstants.NamespaceURI, (string)elementValue); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.SignWith)) { if (!UriUtil.CanCreateValidUri((string)elementValue, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.SignWith, trustConstants.NamespaceURI, (string)elementValue))); } writer.WriteElementString(trustConstants.Prefix, trustConstants.Elements.SignWith, trustConstants.NamespaceURI, (string)elementValue); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.EncryptWith)) { if (!UriUtil.CanCreateValidUri((string)elementValue, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.EncryptWith, trustConstants.NamespaceURI, (string)elementValue))); } writer.WriteElementString(trustConstants.Prefix, trustConstants.Elements.EncryptWith, trustConstants.NamespaceURI, (string)elementValue); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.BinaryExchange)) { WriteBinaryExchange(writer, elementValue as BinaryExchange, trustConstants); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.Status)) { WriteStatus(writer, elementValue as Status, trustConstants); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.RequestedTokenCancelled)) { writer.WriteStartElement(trustConstants.Prefix, trustConstants.Elements.RequestedTokenCancelled, trustConstants.NamespaceURI); writer.WriteEndElement(); return; } throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3013, elementName, elementValue.GetType()))); }
public static void WriteKnownResponseElement(RequestSecurityTokenResponse rstr, XmlWriter writer, WSTrustSerializationContext context, WSTrustResponseSerializer responseSerializer, WSTrustConstantsAdapter trustConstants) { if (rstr == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rstr"); } if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } if (responseSerializer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("responseSerializer"); } if (trustConstants == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("trustConstants"); } if (rstr.Entropy != null) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.Entropy, rstr.Entropy, rstr, context); } if (rstr.KeySizeInBits.HasValue) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.KeySize, rstr.KeySizeInBits, rstr, context); } if (rstr.Lifetime != null) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.Lifetime, rstr.Lifetime, rstr, context); } if (rstr.AppliesTo != null) { responseSerializer.WriteXmlElement(writer, WSPolicyConstants.ElementNames.AppliesTo, rstr.AppliesTo, rstr, context); } if (rstr.RequestedSecurityToken != null) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.RequestedSecurityToken, rstr.RequestedSecurityToken, rstr, context); } if (rstr.RequestedProofToken != null) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.RequestedProofToken, rstr.RequestedProofToken, rstr, context); } if (rstr.RequestedAttachedReference != null) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.RequestedAttachedReference, rstr.RequestedAttachedReference, rstr, context); } if (rstr.RequestedUnattachedReference != null) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.RequestedUnattachedReference, rstr.RequestedUnattachedReference, rstr, context); } if (!string.IsNullOrEmpty(rstr.SignWith)) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.SignWith, rstr.SignWith, rstr, context); } if (!string.IsNullOrEmpty(rstr.EncryptWith)) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.EncryptWith, rstr.EncryptWith, rstr, context); } if (!string.IsNullOrEmpty(rstr.TokenType)) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.TokenType, rstr.TokenType, rstr, context); } if (!string.IsNullOrEmpty(rstr.RequestType)) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.RequestType, rstr.RequestType, rstr, context); } if (!string.IsNullOrEmpty(rstr.KeyType)) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.KeyType, rstr.KeyType, rstr, context); } if (!string.IsNullOrEmpty(rstr.AuthenticationType)) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.AuthenticationType, rstr.AuthenticationType, rstr, context); } if (!string.IsNullOrEmpty(rstr.EncryptionAlgorithm)) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.EncryptionAlgorithm, rstr.EncryptionAlgorithm, rstr, context); } if (!string.IsNullOrEmpty(rstr.CanonicalizationAlgorithm)) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.CanonicalizationAlgorithm, rstr.CanonicalizationAlgorithm, rstr, context); } if (!string.IsNullOrEmpty(rstr.SignatureAlgorithm)) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.SignatureAlgorithm, rstr.SignatureAlgorithm, rstr, context); } if (rstr.BinaryExchange != null) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.BinaryExchange, rstr.BinaryExchange, rstr, context); } if (rstr.Status != null) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.Status, rstr.Status, rstr, context); } if (rstr.RequestedTokenCancelled) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.RequestedTokenCancelled, rstr.RequestedTokenCancelled, rstr, context); } }
public static void WriteResponse(RequestSecurityTokenResponse response, XmlWriter writer, WSTrustSerializationContext context, WSTrustResponseSerializer responseSerializer, WSTrustConstantsAdapter trustConstants) { if (response == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("response"); } if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } if (responseSerializer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("responseSerializer"); } if (trustConstants == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("trustConstants"); } responseSerializer.Validate(response); // Step 1: Write RSTR start element writer.WriteStartElement(trustConstants.Prefix, trustConstants.Elements.RequestSecurityTokenResponse, trustConstants.NamespaceURI); // Step 2: Write known RSTR attributes, i.e. Context if (!string.IsNullOrEmpty(response.Context)) { writer.WriteAttributeString(trustConstants.Attributes.Context, response.Context); } // Step 3: Write known RSTR elements responseSerializer.WriteKnownResponseElement(response, writer, context); // Step 4: Write custom RSTR elements foreach (KeyValuePair<string, object> messageParam in response.Properties) { responseSerializer.WriteXmlElement(writer, messageParam.Key, messageParam.Value, response, context); } // Step 5: Write RSTR end element to close it writer.WriteEndElement(); }
public static void ReadRSTRXml(XmlReader reader, RequestSecurityTokenResponse rstr, WSTrustSerializationContext context, WSTrustConstantsAdapter trustConstants) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } if (rstr == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rstr"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } if (trustConstants == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("trustConstants"); } if (reader.IsStartElement(trustConstants.Elements.Entropy, trustConstants.NamespaceURI)) { if (!reader.IsEmptyElement) { reader.ReadStartElement(trustConstants.Elements.Entropy, trustConstants.NamespaceURI); ProtectedKey protectedKey = ReadProtectedKey(reader, context, trustConstants); if (protectedKey == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3026))); } rstr.Entropy = new Entropy(protectedKey); reader.ReadEndElement(); } if (rstr.Entropy == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3026))); } return; } if (reader.IsStartElement(trustConstants.Elements.KeySize, trustConstants.NamespaceURI)) { if (!reader.IsEmptyElement) { rstr.KeySizeInBits = Convert.ToInt32(reader.ReadElementContentAsString(), CultureInfo.InvariantCulture); } if (rstr.KeySizeInBits == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3154))); } return; } if (reader.IsStartElement(trustConstants.Elements.RequestType, trustConstants.NamespaceURI)) { rstr.RequestType = WSTrustSerializationHelper.ReadRequestType(reader, trustConstants); return; } if (reader.IsStartElement(trustConstants.Elements.Lifetime, trustConstants.NamespaceURI)) { rstr.Lifetime = WSTrustSerializationHelper.ReadLifetime(reader, trustConstants); return; } if (reader.IsStartElement(trustConstants.Elements.RequestedSecurityToken, trustConstants.NamespaceURI)) { if (!reader.IsEmptyElement) { rstr.RequestedSecurityToken = new RequestedSecurityToken(WSTrustSerializationHelper.ReadInnerXml(reader)); } if (rstr.RequestedSecurityToken == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3158))); } return; } if (reader.IsStartElement(WSPolicyConstants.ElementNames.AppliesTo, WSPolicyConstants.NamespaceURI)) { rstr.AppliesTo = WSTrustSerializationHelper.ReadAppliesTo(reader, trustConstants); return; } if (reader.IsStartElement(trustConstants.Elements.RequestedProofToken, trustConstants.NamespaceURI)) { if (!reader.IsEmptyElement) { reader.ReadStartElement(); if ((reader.LocalName == trustConstants.Elements.ComputedKey) && (reader.NamespaceURI == trustConstants.NamespaceURI)) { rstr.RequestedProofToken = new RequestedProofToken(ReadComputedKeyAlgorithm(reader, trustConstants)); } else { ProtectedKey protectedKey = ReadProtectedKey(reader, context, trustConstants); if (protectedKey == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3025))); } rstr.RequestedProofToken = new RequestedProofToken(protectedKey); } reader.ReadEndElement(); } if (rstr.RequestedProofToken == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3025))); } return; } if (reader.IsStartElement(trustConstants.Elements.RequestedAttachedReference, trustConstants.NamespaceURI)) { if (!reader.IsEmptyElement) { reader.ReadStartElement(); rstr.RequestedAttachedReference = context.SecurityTokenHandlers.ReadKeyIdentifierClause(reader); reader.ReadEndElement(); } if (rstr.RequestedAttachedReference == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3159))); } return; } if (reader.IsStartElement(trustConstants.Elements.RequestedUnattachedReference, trustConstants.NamespaceURI)) { if (!reader.IsEmptyElement) { reader.ReadStartElement(); rstr.RequestedUnattachedReference = context.SecurityTokenHandlers.ReadKeyIdentifierClause(reader); reader.ReadEndElement(); } if (rstr.RequestedUnattachedReference == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3160))); } return; } if (reader.IsStartElement(trustConstants.Elements.TokenType, trustConstants.NamespaceURI)) { rstr.TokenType = reader.ReadElementContentAsString(); if (!UriUtil.CanCreateValidUri(rstr.TokenType, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.TokenType, trustConstants.NamespaceURI, rstr.TokenType))); } return; } if (reader.IsStartElement(trustConstants.Elements.KeyType, trustConstants.NamespaceURI)) { rstr.KeyType = WSTrustSerializationHelper.ReadKeyType(reader, trustConstants); return; } if (reader.IsStartElement(trustConstants.Elements.AuthenticationType, trustConstants.NamespaceURI)) { rstr.AuthenticationType = reader.ReadElementContentAsString(trustConstants.Elements.AuthenticationType, trustConstants.NamespaceURI); if (!UriUtil.CanCreateValidUri(rstr.AuthenticationType, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.AuthenticationType, trustConstants.NamespaceURI, rstr.AuthenticationType))); } return; } if (reader.IsStartElement(trustConstants.Elements.EncryptionAlgorithm, trustConstants.NamespaceURI)) { rstr.EncryptionAlgorithm = reader.ReadElementContentAsString(trustConstants.Elements.EncryptionAlgorithm, trustConstants.NamespaceURI); if (!UriUtil.CanCreateValidUri(rstr.EncryptionAlgorithm, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.EncryptionAlgorithm, trustConstants.NamespaceURI, rstr.EncryptionAlgorithm))); } return; } if (reader.IsStartElement(trustConstants.Elements.CanonicalizationAlgorithm, trustConstants.NamespaceURI)) { rstr.CanonicalizationAlgorithm = reader.ReadElementContentAsString(trustConstants.Elements.CanonicalizationAlgorithm, trustConstants.NamespaceURI); if (!UriUtil.CanCreateValidUri(rstr.CanonicalizationAlgorithm, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.CanonicalizationAlgorithm, trustConstants.NamespaceURI, rstr.CanonicalizationAlgorithm))); } return; } if (reader.IsStartElement(trustConstants.Elements.SignatureAlgorithm, trustConstants.NamespaceURI)) { rstr.SignatureAlgorithm = reader.ReadElementContentAsString(trustConstants.Elements.SignatureAlgorithm, trustConstants.NamespaceURI); if (!UriUtil.CanCreateValidUri(rstr.SignatureAlgorithm, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.SignatureAlgorithm, trustConstants.NamespaceURI, rstr.SignatureAlgorithm))); } return; } if (reader.IsStartElement(trustConstants.Elements.SignWith, trustConstants.NamespaceURI)) { rstr.SignWith = reader.ReadElementContentAsString(); if (!UriUtil.CanCreateValidUri(rstr.SignWith, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.SignWith, trustConstants.NamespaceURI, rstr.SignWith))); } return; } if (reader.IsStartElement(trustConstants.Elements.EncryptWith, trustConstants.NamespaceURI)) { rstr.EncryptWith = reader.ReadElementContentAsString(); if (!UriUtil.CanCreateValidUri(rstr.EncryptWith, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.EncryptWith, trustConstants.NamespaceURI, rstr.EncryptWith))); } return; } if (reader.IsStartElement(trustConstants.Elements.BinaryExchange, trustConstants.NamespaceURI)) { rstr.BinaryExchange = WSTrustSerializationHelper.ReadBinaryExchange(reader, trustConstants); return; } if (reader.IsStartElement(trustConstants.Elements.Status, trustConstants.NamespaceURI)) { rstr.Status = WSTrustSerializationHelper.ReadStatus(reader, trustConstants); return; } if (reader.IsStartElement(trustConstants.Elements.RequestedTokenCancelled, trustConstants.NamespaceURI)) { rstr.RequestedTokenCancelled = true; reader.ReadStartElement(); return; } throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3007, reader.LocalName, reader.NamespaceURI))); }
/// <summary> /// When overriden in the derived classs reads a custom element. /// </summary> /// <param name="reader">The reader on the current element.</param> /// <param name="context">Current Serialization context.</param> protected virtual void ReadCustomElement(XmlReader reader, WSTrustSerializationContext context) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.ID2072, reader.LocalName))); }
/// <summary> /// Writes out the supported elements on the response object. /// </summary> /// <param name="rstr">The response instance</param> /// <param name="writer">The writer to write to</param> /// <param name="context">Current Serialization context.</param> /// <exception cref="ArgumentNullException">Either rstr or writer or context parameter is null.</exception> public override void WriteKnownResponseElement(RequestSecurityTokenResponse rstr, XmlWriter writer, WSTrustSerializationContext context) { if (rstr == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rstr"); } if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } // Write out the exisiting ones WSTrustSerializationHelper.WriteKnownResponseElement(rstr, writer, context, this, WSTrustConstantsAdapter.Trust13); // Specific to WS-Trust 13 if (!string.IsNullOrEmpty(rstr.KeyWrapAlgorithm)) { this.WriteXmlElement(writer, WSTrust13Constants.ElementNames.KeyWrapAlgorithm, rstr.KeyWrapAlgorithm, rstr, context); } }
// This method reads the binary secret or encrypted key public static ProtectedKey ReadProtectedKey(XmlReader reader, WSTrustSerializationContext context, WSTrustConstantsAdapter trustConstants) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } if (trustConstants == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("trustConstants"); } ProtectedKey protectedKey = null; if (!reader.IsEmptyElement) { if (reader.IsStartElement(trustConstants.Elements.BinarySecret, trustConstants.NamespaceURI)) { // BinarySecret case BinarySecretSecurityToken token = ReadBinarySecretSecurityToken(reader, trustConstants); byte[] secret = token.GetKeyBytes(); protectedKey = new ProtectedKey(secret); } else if (context.SecurityTokenHandlers.CanReadKeyIdentifierClause(reader)) { // EncryptedKey case EncryptedKeyIdentifierClause encryptedKeyClause = context.SecurityTokenHandlers.ReadKeyIdentifierClause(reader) as EncryptedKeyIdentifierClause; if (encryptedKeyClause != null) { SecurityKey wrappingKey = null; byte[] secret; foreach (SecurityKeyIdentifierClause wrappingKeyClause in encryptedKeyClause.EncryptingKeyIdentifier) { if (context.TokenResolver.TryResolveSecurityKey(wrappingKeyClause, out wrappingKey)) { break; } } if (wrappingKey == null) { // We can't resolve the ski, throw throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3027, "the SecurityHeaderTokenResolver or OutOfBandTokenResolver"))); } secret = wrappingKey.DecryptKey(encryptedKeyClause.EncryptionMethod, encryptedKeyClause.GetEncryptedKey()); EncryptingCredentials wrappingCredentials = new EncryptingCredentials(wrappingKey, encryptedKeyClause.EncryptingKeyIdentifier, encryptedKeyClause.EncryptionMethod); protectedKey = new ProtectedKey(secret, wrappingCredentials); } } } return protectedKey; }
/// <summary> /// Override of the Base class method that writes a specific RST parameter to the outgoing stream. /// </summary> /// <param name="writer">Writer to which the RST is serialized. </param> /// <param name="elementName">The Local name of the element to be written.</param> /// <param name="elementValue">The value of the element.</param> /// <param name="rst">The entire RST object that is being serialized.</param> /// <param name="context">Current Serialization context.</param> /// <exception cref="ArgumentNullException">Either writer or rst or context is null.</exception> /// <exception cref="ArgumentException">elementName is null or an empty string.</exception> public override void WriteXmlElement(XmlWriter writer, string elementName, object elementValue, RequestSecurityToken rst, WSTrustSerializationContext context) { if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (string.IsNullOrEmpty(elementName)) { throw DiagnosticUtility.ThrowHelperArgumentNullOrEmptyString("elementName"); } if (rst == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rst"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } WSTrustSerializationHelper.WriteRSTXml(writer, elementName, elementValue, context, WSTrustConstantsAdapter.TrustFeb2005); }
public static void WriteProtectedKey(XmlWriter writer, ProtectedKey protectedKey, WSTrustSerializationContext context, WSTrustConstantsAdapter trustConstants) { if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (protectedKey == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("protectedKey"); } if (trustConstants == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("trustConstants"); } if (protectedKey.WrappingCredentials != null) { byte[] encryptedKey = protectedKey.WrappingCredentials.SecurityKey.EncryptKey(protectedKey.WrappingCredentials.Algorithm, protectedKey.GetKeyBytes()); EncryptedKeyIdentifierClause clause = new EncryptedKeyIdentifierClause(encryptedKey, protectedKey.WrappingCredentials.Algorithm, protectedKey.WrappingCredentials.SecurityKeyIdentifier); context.SecurityTokenHandlers.WriteKeyIdentifierClause(writer, clause); } else { BinarySecretSecurityToken entropyToken = new BinarySecretSecurityToken(protectedKey.GetKeyBytes()); WriteBinarySecretSecurityToken(writer, entropyToken, trustConstants); } }
/// <summary> /// Special case for reading SecondaryParameters inside a WS-Trust 1.3 RST. The specification states that a SecondaryParameters element /// cannot be inside a SecondaryParameters element. Override this method to provide custom processing. /// </summary> /// <param name="reader">Reader pointing at the SecondaryParameters element inside the RST.</param> /// <param name="context">Current Serialization context.</param> /// <exception cref="ArgumentNullException">Either reader or context parameter is null.</exception> /// <exception cref="WSTrustSerializationException">An inner 'SecondaryParameter' element was found while processing the outer 'SecondaryParameter'.</exception> /// <returns>RequestSecurityToken that contains the SecondaryParameters found in the RST</returns> protected virtual RequestSecurityToken ReadSecondaryParameters( XmlReader reader, WSTrustSerializationContext context) { RequestSecurityToken secondaryParameters = CreateRequestSecurityToken(); if (reader.IsEmptyElement) { reader.Read(); reader.MoveToContent(); return secondaryParameters; } reader.ReadStartElement(); while (reader.IsStartElement()) { if (reader.IsStartElement( WSTrust13Constants.ElementNames.KeyWrapAlgorithm, WSTrust13Constants.NamespaceURI)) { secondaryParameters.KeyWrapAlgorithm = reader.ReadElementContentAsString(); if (!UriUtil.CanCreateValidUri(secondaryParameters.KeyWrapAlgorithm, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new WSTrustSerializationException( SR.GetString( SR.ID3135, WSTrust13Constants.ElementNames.KeyWrapAlgorithm, WSTrust13Constants.NamespaceURI, secondaryParameters.KeyWrapAlgorithm))); } } else if (reader.IsStartElement( WSTrust13Constants.ElementNames.SecondaryParameters, WSTrust13Constants.NamespaceURI)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new WSTrustSerializationException(SR.GetString(SR.ID3130))); } else { WSTrustSerializationHelper.ReadRSTXml( reader, secondaryParameters, context, WSTrustConstantsAdapter.GetConstantsAdapter(reader.NamespaceURI) ?? WSTrustConstantsAdapter.TrustFeb2005); } } reader.ReadEndElement(); return secondaryParameters; }
/// <summary> /// This method is currently called when serializing ActAs and OBO elements. Factored shared code. /// </summary> /// <param name="tokenElement">The <see cref="SecurityTokenElement"/> to write.</param> /// <param name="usage">A string defining the SecurityTokenCollection to use.</param> /// <param name="context">The <see cref="WSTrustSerializationContext"/> of the request.</param> /// <param name="writer">The <see cref="XmlWriter"/> to use.</param> private static void WriteTokenElement(SecurityTokenElement tokenElement, string usage, WSTrustSerializationContext context, XmlWriter writer) { if (tokenElement.SecurityTokenXml != null) { tokenElement.SecurityTokenXml.WriteTo(writer); } else { SecurityTokenHandlerCollection tokenHandlerCollection = null; if (context.SecurityTokenHandlerCollectionManager.ContainsKey(usage)) { tokenHandlerCollection = context.SecurityTokenHandlerCollectionManager[usage]; } else { // by default this is the default handler collection, review the WSTrustSerializationContext tokenHandlerCollection = context.SecurityTokenHandlers; } SecurityToken token = tokenElement.GetSecurityToken(); bool tokenWritten = false; if (tokenHandlerCollection != null && tokenHandlerCollection.CanWriteToken(token)) { tokenHandlerCollection.WriteToken(writer, token); tokenWritten = true; } if (!tokenWritten) { // by default this is the default handler collection, review the WSTrustSerializationContext context.SecurityTokenHandlers.WriteToken(writer, token); } } }
private string SerializeRequest(RequestSecurityToken request) { var serializer = new WSTrust13RequestSerializer(); var context = new WSTrustSerializationContext(); var sb = new StringBuilder(128); using (var writer = XmlWriter.Create(new StringWriter(sb))) { serializer.WriteXml(request, writer, context); return sb.ToString(); } }
public static void WriteRequest(RequestSecurityToken rst, XmlWriter writer, WSTrustSerializationContext context, WSTrustRequestSerializer requestSerializer, WSTrustConstantsAdapter trustConstants) { if (rst == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rst"); } if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } if (requestSerializer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("requestSerializer"); } if (trustConstants == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("trustConstants"); } requestSerializer.Validate(rst); writer.WriteStartElement(trustConstants.Prefix, trustConstants.Elements.RequestSecurityToken, trustConstants.NamespaceURI); // Step 2: Write the first class attribute, i.e. Context // IDFX beta work item: use the handler to write out the context as well if (rst.Context != null) { writer.WriteAttributeString(trustConstants.Attributes.Context, (string)rst.Context); } // Step 3: Write the custom attributes here from the Attributes bag. // IDFX beta work item bug 878 // Step 4: Write the first class Element here requestSerializer.WriteKnownRequestElement(rst, writer, context); // Step 5: Write the custom elements here from the Elements bag foreach (KeyValuePair<string, object> messageParam in rst.Properties) { requestSerializer.WriteXmlElement(writer, messageParam.Key, messageParam.Value, rst, context); } // Step 6: close the RST element writer.WriteEndElement(); }
/// <summary> /// Writes out the supported elements on the request object. Override this method if someone /// has sub-class the RequestSecurityToken class and added more property to it. /// </summary> /// <param name="rst">The request instance</param> /// <param name="writer">The writer to write to</param> /// <param name="context">Current Serialization context.</param> /// <exception cref="ArgumentNullException">Either rst or writer or context parameter is null.</exception> public override void WriteKnownRequestElement(RequestSecurityToken rst, XmlWriter writer, WSTrustSerializationContext context) { if (rst == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rst"); } if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } // Write out the exisiting ones WSTrustSerializationHelper.WriteKnownRequestElement(rst, writer, context, this, WSTrustConstantsAdapter.Trust13); // Specific to WS-Trust 13 if (!string.IsNullOrEmpty(rst.KeyWrapAlgorithm)) { if (!UriUtil.CanCreateValidUri(rst.KeyWrapAlgorithm, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, WSTrust13Constants.ElementNames.KeyWrapAlgorithm, WSTrust13Constants.NamespaceURI, rst.KeyWrapAlgorithm))); } this.WriteXmlElement(writer, WSTrust13Constants.ElementNames.KeyWrapAlgorithm, rst.KeyWrapAlgorithm, rst, context); } if (rst.SecondaryParameters != null) { this.WriteXmlElement(writer, WSTrust13Constants.ElementNames.SecondaryParameters, rst.SecondaryParameters, rst, context); } if (rst.ValidateTarget != null) { this.WriteXmlElement(writer, WSTrust13Constants.ElementNames.ValidateTarget, rst.ValidateTarget, rst, context); } }
public static void ReadRSTXml(XmlReader reader, RequestSecurityToken rst, WSTrustSerializationContext context, WSTrustConstantsAdapter trustConstants) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } if (rst == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rst"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } if (trustConstants == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("trustConstants"); } bool isEmptyElement = false; if (reader.IsStartElement(trustConstants.Elements.TokenType, trustConstants.NamespaceURI)) { rst.TokenType = reader.ReadElementContentAsString(); if (!UriUtil.CanCreateValidUri(rst.TokenType, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.TokenType, trustConstants.NamespaceURI, rst.TokenType))); } return; } if (reader.IsStartElement(trustConstants.Elements.RequestType, trustConstants.NamespaceURI)) { rst.RequestType = WSTrustSerializationHelper.ReadRequestType(reader, trustConstants); return; } if (reader.IsStartElement(WSPolicyConstants.ElementNames.AppliesTo, WSPolicyConstants.NamespaceURI)) { rst.AppliesTo = WSTrustSerializationHelper.ReadAppliesTo(reader, trustConstants); return; } if (reader.IsStartElement(trustConstants.Elements.Issuer, trustConstants.NamespaceURI)) { rst.Issuer = WSTrustSerializationHelper.ReadOnBehalfOfIssuer(reader, trustConstants); return; } if (reader.IsStartElement(trustConstants.Elements.ProofEncryption, trustConstants.NamespaceURI)) { if (!reader.IsEmptyElement) { rst.ProofEncryption = new SecurityTokenElement(WSTrustSerializationHelper.ReadInnerXml(reader), context.SecurityTokenHandlers); } if (rst.ProofEncryption == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3218))); } return; } if (reader.IsStartElement(trustConstants.Elements.Encryption, trustConstants.NamespaceURI)) { if (!reader.IsEmptyElement) { rst.Encryption = new SecurityTokenElement(WSTrustSerializationHelper.ReadInnerXml(reader), context.SecurityTokenHandlers); } if (rst.Encryption == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3268))); } return; } if (reader.IsStartElement(trustConstants.Elements.DelegateTo, trustConstants.NamespaceURI)) { if (!reader.IsEmptyElement) { rst.DelegateTo = new SecurityTokenElement(WSTrustSerializationHelper.ReadInnerXml(reader), context.SecurityTokenHandlers); } if (rst.DelegateTo == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3219))); } return; } if (reader.IsStartElement(trustConstants.Elements.Claims, trustConstants.NamespaceURI)) { // According to trust specification, Trust13 requires Claims\@Dialect attribute but not TrustFeb2005. // Even for Trust13, the Dialect Uri is open. After research, "http://schemas.xmlsoap.org/ws/2005/05/identity" // seems to be the most common and IDFx will use that if none defined. // Our implementation is, for reading/writing, we will be looking specifically for // "http://docs.oasis-open.org/wsfed/authorization/200706/authclaims" (as defined in ws-federation) // and fallback to "http://schemas.xmlsoap.org/ws/2005/05/identity" for others. // This would also tolerate WCF Orcas which send us "http://schemas.xmlsoap.org/ws/2005/05/IdentityClaims" // as dialect. rst.Claims.Dialect = reader.GetAttribute(trustConstants.Attributes.Dialect); if ((rst.Claims.Dialect != null) && !UriUtil.CanCreateValidUri(rst.Claims.Dialect, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3136, trustConstants.Attributes.Dialect, reader.LocalName, reader.NamespaceURI, rst.Claims.Dialect))); } string ns = WSTrustSerializationHelper.GetRequestClaimNamespace(rst.Claims.Dialect); isEmptyElement = reader.IsEmptyElement; reader.ReadStartElement(trustConstants.Elements.Claims, trustConstants.NamespaceURI); if (!isEmptyElement) { while (reader.IsStartElement(WSIdentityConstants.Elements.ClaimType, ns)) { isEmptyElement = reader.IsEmptyElement; string claimType = reader.GetAttribute(WSIdentityConstants.Attributes.Uri); if (string.IsNullOrEmpty(claimType)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3009))); } bool isOptional = false; string optionalAttributeVal = reader.GetAttribute(WSIdentityConstants.Attributes.Optional); if (!string.IsNullOrEmpty(optionalAttributeVal)) { isOptional = XmlConvert.ToBoolean(optionalAttributeVal); } reader.Read(); reader.MoveToContent(); string value = null; if (!isEmptyElement) { if (reader.IsStartElement(WSAuthorizationConstants.Elements.Value, ns)) { if (!StringComparer.Ordinal.Equals(rst.Claims.Dialect, WSAuthorizationConstants.Dialect)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3258, rst.Claims.Dialect, WSAuthorizationConstants.Dialect))); } else { // Value only supported for ws-federation authclaims value = reader.ReadElementContentAsString(WSAuthorizationConstants.Elements.Value, ns); } } reader.ReadEndElement(); } rst.Claims.Add(new RequestClaim(claimType, isOptional, value)); } reader.ReadEndElement(); } return; } if (reader.IsStartElement(trustConstants.Elements.Entropy, trustConstants.NamespaceURI)) { isEmptyElement = reader.IsEmptyElement; reader.ReadStartElement(trustConstants.Elements.Entropy, trustConstants.NamespaceURI); if (!isEmptyElement) { ProtectedKey protectedKey = ReadProtectedKey(reader, context, trustConstants); if (protectedKey == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3026))); } rst.Entropy = new Entropy(protectedKey); reader.ReadEndElement(); } if (rst.Entropy == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3026))); } return; } if (reader.IsStartElement(trustConstants.Elements.BinaryExchange, trustConstants.NamespaceURI)) { rst.BinaryExchange = ReadBinaryExchange(reader, trustConstants); return; } if (reader.IsStartElement(trustConstants.Elements.Lifetime, trustConstants.NamespaceURI)) { rst.Lifetime = WSTrustSerializationHelper.ReadLifetime(reader, trustConstants); return; } if (reader.IsStartElement(trustConstants.Elements.RenewTarget, trustConstants.NamespaceURI)) { isEmptyElement = reader.IsEmptyElement; if (!isEmptyElement) { rst.RenewTarget = new SecurityTokenElement(WSTrustSerializationHelper.ReadInnerXml(reader), context.SecurityTokenHandlers); } if (rst.RenewTarget == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3151))); } return; } if (reader.IsStartElement(trustConstants.Elements.OnBehalfOf, trustConstants.NamespaceURI)) { if (!reader.IsEmptyElement) { // Check that we have the SecurityTokenHandlerCollection that we need for OnBehalfOf. If not, then fail now. if (context.SecurityTokenHandlerCollectionManager.ContainsKey(SecurityTokenHandlerCollectionManager.Usage.OnBehalfOf)) { rst.OnBehalfOf = new SecurityTokenElement(WSTrustSerializationHelper.ReadInnerXml(reader), context.SecurityTokenHandlerCollectionManager[SecurityTokenHandlerCollectionManager.Usage.OnBehalfOf]); } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3264))); } } if (rst.OnBehalfOf == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3152))); } return; } if (reader.IsStartElement(WSTrust14Constants.ElementNames.ActAs, WSTrust14Constants.NamespaceURI)) { if (!reader.IsEmptyElement) { // Check that we have the SecurityTokenHandlerCollection that we need for ActAs. If not, then fail now. if (context.SecurityTokenHandlerCollectionManager.ContainsKey(SecurityTokenHandlerCollectionManager.Usage.ActAs)) { rst.ActAs = new SecurityTokenElement(WSTrustSerializationHelper.ReadInnerXml(reader), context.SecurityTokenHandlerCollectionManager[SecurityTokenHandlerCollectionManager.Usage.ActAs]); } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3265))); } } if (rst.ActAs == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3153))); } return; } if (reader.IsStartElement(trustConstants.Elements.KeyType, trustConstants.NamespaceURI)) { rst.KeyType = WSTrustSerializationHelper.ReadKeyType(reader, trustConstants); return; } if (reader.IsStartElement(trustConstants.Elements.KeySize, trustConstants.NamespaceURI)) { if (!reader.IsEmptyElement) { rst.KeySizeInBits = int.Parse(reader.ReadElementContentAsString(), CultureInfo.InvariantCulture); } if (rst.KeySizeInBits == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3154))); } return; } if (reader.IsStartElement(trustConstants.Elements.UseKey, trustConstants.NamespaceURI)) { isEmptyElement = reader.IsEmptyElement; reader.ReadStartElement(); if (!isEmptyElement) { if (!context.SecurityTokenHandlers.CanReadToken(reader)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3165))); } SecurityToken originalUseKeyToken = context.SecurityTokenHandlers.ReadToken(reader); SecurityKeyIdentifier useKeySki = new SecurityKeyIdentifier(); if (originalUseKeyToken.CanCreateKeyIdentifierClause<RsaKeyIdentifierClause>()) { useKeySki.Add(originalUseKeyToken.CreateKeyIdentifierClause<RsaKeyIdentifierClause>()); } else if (originalUseKeyToken.CanCreateKeyIdentifierClause<X509RawDataKeyIdentifierClause>()) { useKeySki.Add(originalUseKeyToken.CreateKeyIdentifierClause<X509RawDataKeyIdentifierClause>()); } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3166))); } // Ensure that the provided UseKey SKI can be resolved by the UseKeyTokenResolver. // This provides proof of possession because the keys in that resolver are ones that the client has used for signature. SecurityToken resolvedUseKeyToken; if (!context.UseKeyTokenResolver.TryResolveToken(useKeySki, out resolvedUseKeyToken)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidRequestException(SR.GetString(SR.ID3092, useKeySki))); } rst.UseKey = new UseKey(useKeySki, resolvedUseKeyToken); reader.ReadEndElement(); } if (rst.UseKey == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3155))); } return; } if (reader.IsStartElement(trustConstants.Elements.SignWith, trustConstants.NamespaceURI)) { rst.SignWith = reader.ReadElementContentAsString(); if (!UriUtil.CanCreateValidUri(rst.SignWith, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.SignWith, trustConstants.NamespaceURI, rst.SignWith))); } return; } if (reader.IsStartElement(trustConstants.Elements.EncryptWith, trustConstants.NamespaceURI)) { rst.EncryptWith = reader.ReadElementContentAsString(); if (!UriUtil.CanCreateValidUri(rst.EncryptWith, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.EncryptWith, trustConstants.NamespaceURI, rst.EncryptWith))); } return; } if (reader.IsStartElement(trustConstants.Elements.ComputedKeyAlgorithm, trustConstants.NamespaceURI)) { rst.ComputedKeyAlgorithm = ReadComputedKeyAlgorithm(reader, trustConstants); return; } if (reader.IsStartElement(trustConstants.Elements.AuthenticationType, trustConstants.NamespaceURI)) { rst.AuthenticationType = reader.ReadElementContentAsString(trustConstants.Elements.AuthenticationType, trustConstants.NamespaceURI); if (!UriUtil.CanCreateValidUri(rst.AuthenticationType, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.AuthenticationType, trustConstants.NamespaceURI, rst.AuthenticationType))); } return; } if (reader.IsStartElement(trustConstants.Elements.EncryptionAlgorithm, trustConstants.NamespaceURI)) { rst.EncryptionAlgorithm = reader.ReadElementContentAsString(trustConstants.Elements.EncryptionAlgorithm, trustConstants.NamespaceURI); if (!UriUtil.CanCreateValidUri(rst.EncryptionAlgorithm, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.EncryptionAlgorithm, trustConstants.NamespaceURI, rst.EncryptionAlgorithm))); } return; } if (reader.IsStartElement(trustConstants.Elements.CanonicalizationAlgorithm, trustConstants.NamespaceURI)) { rst.CanonicalizationAlgorithm = reader.ReadElementContentAsString(trustConstants.Elements.CanonicalizationAlgorithm, trustConstants.NamespaceURI); if (!UriUtil.CanCreateValidUri(rst.CanonicalizationAlgorithm, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.CanonicalizationAlgorithm, trustConstants.NamespaceURI, rst.CanonicalizationAlgorithm))); } return; } if (reader.IsStartElement(trustConstants.Elements.SignatureAlgorithm, trustConstants.NamespaceURI)) { rst.SignatureAlgorithm = reader.ReadElementContentAsString(trustConstants.Elements.SignatureAlgorithm, trustConstants.NamespaceURI); if (!UriUtil.CanCreateValidUri(rst.SignatureAlgorithm, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.SignatureAlgorithm, trustConstants.NamespaceURI, rst.SignatureAlgorithm))); } return; } if (reader.IsStartElement(trustConstants.Elements.Forwardable, trustConstants.NamespaceURI)) { rst.Forwardable = reader.ReadElementContentAsBoolean(); return; } if (reader.IsStartElement(trustConstants.Elements.Delegatable, trustConstants.NamespaceURI)) { rst.Delegatable = reader.ReadElementContentAsBoolean(); return; } if (reader.IsStartElement(trustConstants.Elements.AllowPostdating, trustConstants.NamespaceURI)) { rst.AllowPostdating = true; isEmptyElement = reader.IsEmptyElement; reader.Read(); reader.MoveToContent(); if (!isEmptyElement) { reader.ReadEndElement(); } return; } if (reader.IsStartElement(trustConstants.Elements.Renewing, trustConstants.NamespaceURI)) { isEmptyElement = reader.IsEmptyElement; string attrValue = reader.GetAttribute(trustConstants.Attributes.Allow); bool allowRenewal = true; bool renewalAfterExpiration = false; if (!string.IsNullOrEmpty(attrValue)) { allowRenewal = XmlConvert.ToBoolean(attrValue); } attrValue = reader.GetAttribute(trustConstants.Attributes.OK); if (!string.IsNullOrEmpty(attrValue)) { renewalAfterExpiration = XmlConvert.ToBoolean(attrValue); } rst.Renewing = new Renewing(allowRenewal, renewalAfterExpiration); reader.Read(); reader.MoveToContent(); if (!isEmptyElement) { reader.ReadEndElement(); } return; } if (reader.IsStartElement(trustConstants.Elements.CancelTarget, trustConstants.NamespaceURI)) { if (!reader.IsEmptyElement) { rst.CancelTarget = new SecurityTokenElement(WSTrustSerializationHelper.ReadInnerXml(reader), context.SecurityTokenHandlers); } if (rst.CancelTarget == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3220))); } return; } if (reader.IsStartElement(trustConstants.Elements.Participants, trustConstants.NamespaceURI)) { EndpointReference primary = null; List<EndpointReference> participants = new List<EndpointReference>(); isEmptyElement = reader.IsEmptyElement; reader.Read(); reader.MoveToContent(); if (!isEmptyElement) { if (reader.IsStartElement(trustConstants.Elements.Primary, trustConstants.NamespaceURI)) { reader.ReadStartElement(trustConstants.Elements.Primary, trustConstants.NamespaceURI); primary = EndpointReference.ReadFrom(XmlDictionaryReader.CreateDictionaryReader(reader)); reader.ReadEndElement(); } while (reader.IsStartElement(trustConstants.Elements.Participant, trustConstants.NamespaceURI)) { reader.ReadStartElement(trustConstants.Elements.Participant, trustConstants.NamespaceURI); participants.Add(EndpointReference.ReadFrom(XmlDictionaryReader.CreateDictionaryReader(reader))); reader.ReadEndElement(); } if (reader.IsStartElement()) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3223, trustConstants.Elements.Participants, trustConstants.NamespaceURI, reader.LocalName, reader.NamespaceURI))); } rst.Participants = new Participants(); rst.Participants.Primary = primary; rst.Participants.Participant.AddRange(participants); reader.ReadEndElement(); } return; } if (reader.IsStartElement(WSAuthorizationConstants.Elements.AdditionalContext, WSAuthorizationConstants.Namespace)) { rst.AdditionalContext = new AdditionalContext(); isEmptyElement = reader.IsEmptyElement; reader.Read(); reader.MoveToContent(); if (!isEmptyElement) { while (reader.IsStartElement(WSAuthorizationConstants.Elements.ContextItem, WSAuthorizationConstants.Namespace)) { Uri name = null; Uri scope = null; string value = null; string attrValue = reader.GetAttribute(WSAuthorizationConstants.Attributes.Name); if (string.IsNullOrEmpty(attrValue) || !UriUtil.TryCreateValidUri(attrValue, UriKind.Absolute, out name)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException( SR.GetString(SR.ID3136, WSAuthorizationConstants.Attributes.Name, reader.LocalName, reader.NamespaceURI, attrValue))); } attrValue = reader.GetAttribute(WSAuthorizationConstants.Attributes.Scope); if (!string.IsNullOrEmpty(attrValue) && !UriUtil.TryCreateValidUri(attrValue, UriKind.Absolute, out scope)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException( SR.GetString(SR.ID3136, WSAuthorizationConstants.Attributes.Scope, reader.LocalName, reader.NamespaceURI, attrValue))); } if (reader.IsEmptyElement) { reader.Read(); } else { reader.Read(); if (reader.IsStartElement(WSAuthorizationConstants.Elements.Value, WSAuthorizationConstants.Namespace)) { value = reader.ReadElementContentAsString(WSAuthorizationConstants.Elements.Value, WSAuthorizationConstants.Namespace); } reader.ReadEndElement(); } rst.AdditionalContext.Items.Add(new ContextItem(name, value, scope)); } if (reader.IsStartElement()) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3223, WSAuthorizationConstants.Elements.AdditionalContext, WSAuthorizationConstants.Namespace, reader.LocalName, reader.NamespaceURI))); } reader.ReadEndElement(); } return; } throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3007, reader.LocalName, reader.NamespaceURI))); }
/// <summary> /// Override of the Base class method that writes a specific RST parameter to the outgoing stream. /// </summary> /// <param name="writer">Writer to which the </param> /// <param name="elementName">The Local name of the element to be written.</param> /// <param name="elementValue">The value of the element.</param> /// <param name="rst">The entire RST object that is being serialized.</param> /// <param name="context">Current Serialization context.</param> /// <exception cref="ArgumentNullException">Either writer or rst or context is null.</exception> /// <exception cref="ArgumentException">elementName is null or an empty string.</exception> public override void WriteXmlElement(XmlWriter writer, string elementName, object elementValue, RequestSecurityToken rst, WSTrustSerializationContext context) { if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (string.IsNullOrEmpty(elementName)) { throw DiagnosticUtility.ThrowHelperArgumentNullOrEmptyString("elementName"); } if (rst == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rst"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } // Write out the WSTrust13 specific elements if (StringComparer.Ordinal.Equals(elementName, WSTrust13Constants.ElementNames.SecondaryParameters)) { RequestSecurityToken secondaryParameters = elementValue as RequestSecurityToken; if (secondaryParameters == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID2064, WSTrust13Constants.ElementNames.SecondaryParameters))); } // WS-Trust 13 spec does not allow this if (secondaryParameters.SecondaryParameters != null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID2055))); } writer.WriteStartElement(WSTrust13Constants.Prefix, WSTrust13Constants.ElementNames.SecondaryParameters, WSTrust13Constants.NamespaceURI); // write out the known elements inside the rst.SecondaryParameters this.WriteKnownRequestElement(secondaryParameters, writer, context); // Write the custom elements here from the rst.SecondaryParameters.Elements bag foreach (KeyValuePair <string, object> messageParam in secondaryParameters.Properties) { this.WriteXmlElement(writer, messageParam.Key, messageParam.Value, rst, context); } // close out the SecondaryParameters element writer.WriteEndElement(); return; } if (StringComparer.Ordinal.Equals(elementName, WSTrust13Constants.ElementNames.KeyWrapAlgorithm)) { writer.WriteElementString(WSTrust13Constants.Prefix, WSTrust13Constants.ElementNames.KeyWrapAlgorithm, WSTrust13Constants.NamespaceURI, (string)elementValue); return; } if (StringComparer.Ordinal.Equals(elementName, WSTrust13Constants.ElementNames.ValidateTarget)) { SecurityTokenElement tokenElement = elementValue as SecurityTokenElement; if (tokenElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("elementValue", SR.GetString(SR.ID3222, WSTrust13Constants.ElementNames.ValidateTarget, WSTrust13Constants.NamespaceURI, typeof(SecurityTokenElement), elementValue)); } writer.WriteStartElement(WSTrust13Constants.Prefix, WSTrust13Constants.ElementNames.ValidateTarget, WSTrust13Constants.NamespaceURI); if (tokenElement.SecurityTokenXml != null) { tokenElement.SecurityTokenXml.WriteTo(writer); } else { context.SecurityTokenHandlers.WriteToken(writer, tokenElement.GetSecurityToken()); } writer.WriteEndElement(); return; } WSTrustSerializationHelper.WriteRSTXml(writer, elementName, elementValue, context, WSTrustConstantsAdapter.Trust13); }
/// <summary> /// When overridden in the derived class writes a child element inside the RST. /// </summary> /// <param name="writer">Writer to which the RST is serialized. </param> /// <param name="elementName">The Local name of the element to be written.</param> /// <param name="elementValue">The value of the element.</param> /// <param name="requestSecurityToken">The entire RST object that is being serialized.</param> /// <param name="context">Current Serialization context.</param> public abstract void WriteXmlElement(XmlWriter writer, string elementName, object elementValue, RequestSecurityToken requestSecurityToken, WSTrustSerializationContext context);
/// <summary> /// Serializes a RequestSecurityTokenResponse object to the given XmlWriter /// stream. /// </summary> /// <param name="response">RequestSecurityTokenResponse object that needs to be serialized to the writer.</param> /// <param name="writer">XmlWriter into which the object will be serialized</param> /// <param name="context">Current Serialization context.</param> /// <exception cref="ArgumentNullException">The given response or writer or context parameter is null</exception> public override void WriteXml(RequestSecurityTokenResponse response, XmlWriter writer, WSTrustSerializationContext context) { if (response == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("response"); } if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } if (response.IsFinal) { writer.WriteStartElement(WSTrust13Constants.Prefix, WSTrust13Constants.ElementNames.RequestSecurityTokenResponseCollection, WSTrust13Constants.NamespaceURI); } WSTrustSerializationHelper.WriteResponse(response, writer, context, this, WSTrustConstantsAdapter.Trust13); if (response.IsFinal) { writer.WriteEndElement(); } }
/// <summary> /// When overridden in the derived class reads a child element inside RST. /// </summary> /// <param name="reader">Reader pointing at an element to read inside the RST.</param> /// <param name="requestSecurityToken">The RequestSecurityToken element that is being populated from the reader.</param> /// <param name="context">Current Serialization context.</param> public abstract void ReadXmlElement(XmlReader reader, RequestSecurityToken requestSecurityToken, WSTrustSerializationContext context);
public ProcessCoreAsyncResult(WSTrustServiceContract contract, DispatchContext dispatchContext, MessageVersion messageVersion, WSTrustResponseSerializer responseSerializer, WSTrustSerializationContext serializationContext, AsyncCallback asyncCallback, object asyncState) : base(asyncCallback, asyncState) { if (contract == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("contract"); } if (dispatchContext == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("dispatchContext"); } if (responseSerializer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("responseSerializer"); } if (serializationContext == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("serializationContext"); } _trustServiceContract = contract; _dispatchContext = dispatchContext; _messageVersion = messageVersion; _responseSerializer = responseSerializer; _serializationContext = serializationContext; contract.BeginDispatchRequest(dispatchContext, OnDispatchRequestCompleted, null); }
public string Serialize(RequestSecurityTokenResponse securityTokenResponse) { XmlWriterSettings xmlWriterSettings = new XmlWriterSettings(); xmlWriterSettings.OmitXmlDeclaration = true; using (MemoryStream memoryStream = new MemoryStream()) using (XmlWriter xmlWriter = XmlWriter.Create(memoryStream, xmlWriterSettings)) { WSTrust13ResponseSerializer serializer = new WSTrust13ResponseSerializer(); WSTrustSerializationContext context = new WSTrustSerializationContext(); serializer.WriteXml(securityTokenResponse, xmlWriter, context); xmlWriter.Flush(); var encoding = new System.Text.UTF8Encoding(false); return encoding.GetString(memoryStream.ToArray()); } }
/// <summary> /// Creates a <see cref="DispatchContext"/> object for use by the <see cref="DispatchRequest"/> method. /// </summary> /// <param name="requestMessage">The incoming request message.</param> /// <param name="requestAction">The SOAP action of the request.</param> /// <param name="responseAction">The default SOAP action of the response.</param> /// <param name="trustNamespace">Namespace URI of the trust version of the incoming request.</param> /// <param name="requestSerializer">The <see cref="WSTrustRequestSerializer"/> used to deserialize /// incoming RST messages.</param> /// <param name="responseSerializer">The <see cref="WSTrustResponseSerializer"/> used to deserialize /// incoming RSTR messages.</param> /// <param name="serializationContext">The <see cref="WSTrustSerializationContext"/> to use /// when deserializing incoming messages.</param> /// <returns>A <see cref="DispatchContext"/> object.</returns> protected virtual DispatchContext CreateDispatchContext(Message requestMessage, string requestAction, string responseAction, string trustNamespace, WSTrustRequestSerializer requestSerializer, WSTrustResponseSerializer responseSerializer, WSTrustSerializationContext serializationContext) { DispatchContext dispatchContext = new DispatchContext() { Principal = OperationContext.Current.ClaimsPrincipal as ClaimsPrincipal, RequestAction = requestAction, ResponseAction = responseAction, TrustNamespace = trustNamespace }; XmlReader requestBodyReader = requestMessage.GetReaderAtBodyContents(); // // Take a peek at the request with the serializers to figure out if this is a standard incoming // RST or if this is an instance of a challenge-response style message pattern where an RSTR comes in. // if (requestSerializer.CanRead(requestBodyReader)) { dispatchContext.RequestMessage = requestSerializer.ReadXml(requestBodyReader, serializationContext); } else if (responseSerializer.CanRead(requestBodyReader)) { dispatchContext.RequestMessage = responseSerializer.ReadXml(requestBodyReader, serializationContext); } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new InvalidRequestException(SR.GetString(SR.ID3114))); } // // CAUTION: Don't create the STS until after the RST or RSTR is deserialized or the test team // has major infrastructure problems. // dispatchContext.SecurityTokenService = CreateSTS(); return dispatchContext; }
public static void WriteKnownRequestElement(RequestSecurityToken rst, XmlWriter writer, WSTrustSerializationContext context, WSTrustRequestSerializer requestSerializer, WSTrustConstantsAdapter trustConstants) { if (rst == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rst"); } if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } if (requestSerializer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("requestSerializer"); } if (trustConstants == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("trustConstants"); } if (rst.AppliesTo != null) { requestSerializer.WriteXmlElement(writer, WSPolicyConstants.ElementNames.AppliesTo, rst.AppliesTo, rst, context); } if (rst.Claims.Count > 0) { requestSerializer.WriteXmlElement(writer, trustConstants.Elements.Claims, rst.Claims, rst, context); } if (!string.IsNullOrEmpty(rst.ComputedKeyAlgorithm)) { requestSerializer.WriteXmlElement(writer, trustConstants.Elements.ComputedKeyAlgorithm, rst.ComputedKeyAlgorithm, rst, context); } if (!string.IsNullOrEmpty(rst.SignWith)) { requestSerializer.WriteXmlElement(writer, trustConstants.Elements.SignWith, rst.SignWith, rst, context); } if (!string.IsNullOrEmpty(rst.EncryptWith)) { requestSerializer.WriteXmlElement(writer, trustConstants.Elements.EncryptWith, rst.EncryptWith, rst, context); } if (rst.Entropy != null) { requestSerializer.WriteXmlElement(writer, trustConstants.Elements.Entropy, rst.Entropy, rst, context); } if (rst.KeySizeInBits.HasValue) { requestSerializer.WriteXmlElement(writer, trustConstants.Elements.KeySize, rst.KeySizeInBits, rst, context); } if (!string.IsNullOrEmpty(rst.KeyType)) { requestSerializer.WriteXmlElement(writer, trustConstants.Elements.KeyType, rst.KeyType, rst, context); } if (rst.Lifetime != null) { requestSerializer.WriteXmlElement(writer, trustConstants.Elements.Lifetime, rst.Lifetime, rst, context); } if (rst.RenewTarget != null) { requestSerializer.WriteXmlElement(writer, trustConstants.Elements.RenewTarget, rst.RenewTarget, rst, context); } if (rst.OnBehalfOf != null) { requestSerializer.WriteXmlElement(writer, trustConstants.Elements.OnBehalfOf, rst.OnBehalfOf, rst, context); } if (rst.ActAs != null) { requestSerializer.WriteXmlElement(writer, WSTrust14Constants.ElementNames.ActAs, rst.ActAs, rst, context); } if (!string.IsNullOrEmpty(rst.RequestType)) { requestSerializer.WriteXmlElement(writer, trustConstants.Elements.RequestType, rst.RequestType, rst, context); } if (!string.IsNullOrEmpty(rst.TokenType)) { requestSerializer.WriteXmlElement(writer, trustConstants.Elements.TokenType, rst.TokenType, rst, context); } if (rst.UseKey != null) { requestSerializer.WriteXmlElement(writer, trustConstants.Elements.UseKey, rst.UseKey, rst, context); } if (!string.IsNullOrEmpty(rst.AuthenticationType)) { requestSerializer.WriteXmlElement(writer, trustConstants.Elements.AuthenticationType, rst.AuthenticationType, rst, context); } if (!string.IsNullOrEmpty(rst.EncryptionAlgorithm)) { requestSerializer.WriteXmlElement(writer, trustConstants.Elements.EncryptionAlgorithm, rst.EncryptionAlgorithm, rst, context); } if (!string.IsNullOrEmpty(rst.CanonicalizationAlgorithm)) { requestSerializer.WriteXmlElement(writer, trustConstants.Elements.CanonicalizationAlgorithm, rst.CanonicalizationAlgorithm, rst, context); } if (!string.IsNullOrEmpty(rst.SignatureAlgorithm)) { requestSerializer.WriteXmlElement(writer, trustConstants.Elements.SignatureAlgorithm, rst.SignatureAlgorithm, rst, context); } if (rst.BinaryExchange != null) { requestSerializer.WriteXmlElement(writer, trustConstants.Elements.BinaryExchange, rst.BinaryExchange, rst, context); } if (rst.Issuer != null) { requestSerializer.WriteXmlElement(writer, trustConstants.Elements.Issuer, rst.Issuer, rst, context); } if (rst.ProofEncryption != null) { requestSerializer.WriteXmlElement(writer, trustConstants.Elements.ProofEncryption, rst.ProofEncryption, rst, context); } if (rst.Encryption != null) { requestSerializer.WriteXmlElement(writer, trustConstants.Elements.Encryption, rst.Encryption, rst, context); } if (rst.DelegateTo != null) { requestSerializer.WriteXmlElement(writer, trustConstants.Elements.DelegateTo, rst.DelegateTo, rst, context); } if (rst.Forwardable != null) { requestSerializer.WriteXmlElement(writer, trustConstants.Elements.Forwardable, rst.Forwardable.Value, rst, context); } if (rst.Delegatable != null) { requestSerializer.WriteXmlElement(writer, trustConstants.Elements.Delegatable, rst.Delegatable.Value, rst, context); } if (rst.AllowPostdating) { requestSerializer.WriteXmlElement(writer, trustConstants.Elements.AllowPostdating, rst.AllowPostdating, rst, context); } if (rst.Renewing != null) { requestSerializer.WriteXmlElement(writer, trustConstants.Elements.Renewing, rst.Renewing, rst, context); } if (rst.CancelTarget != null) { requestSerializer.WriteXmlElement(writer, trustConstants.Elements.CancelTarget, rst.CancelTarget, rst, context); } if ((rst.Participants != null) && ((rst.Participants.Primary != null) || (rst.Participants.Participant.Count > 0))) { requestSerializer.WriteXmlElement(writer, trustConstants.Elements.Participants, rst.Participants, rst, context); } if (rst.AdditionalContext != null) { requestSerializer.WriteXmlElement(writer, WSAuthorizationConstants.Elements.AdditionalContext, rst.AdditionalContext, rst, context); } }
/// <summary> /// Writes out the supported elements on the response object. /// </summary> /// <param name="rstr">The response instance</param> /// <param name="writer">The writer to write to</param> /// <param name="context">Current Serialization context.</param> /// <exception cref="ArgumentNullException">Either rstr or writer or context parameter is null.</exception> public override void WriteKnownResponseElement(RequestSecurityTokenResponse rstr, XmlWriter writer, WSTrustSerializationContext context) { if (rstr == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rstr"); } if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } WSTrustSerializationHelper.WriteKnownResponseElement(rstr, writer, context, this, WSTrustConstantsAdapter.TrustFeb2005); }
public static void WriteRSTXml(XmlWriter writer, string elementName, object elementValue, WSTrustSerializationContext context, WSTrustConstantsAdapter trustConstants) { if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (string.IsNullOrEmpty(elementName)) { throw DiagnosticUtility.ThrowHelperArgumentNullOrEmptyString("elementName"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } if (trustConstants == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("trustConstants"); } if (StringComparer.Ordinal.Equals(elementName, WSPolicyConstants.ElementNames.AppliesTo)) { EndpointReference appliesTo = elementValue as EndpointReference; WSTrustSerializationHelper.WriteAppliesTo(writer, appliesTo, trustConstants); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.Claims)) { writer.WriteStartElement(trustConstants.Prefix, trustConstants.Elements.Claims, trustConstants.NamespaceURI); RequestClaimCollection claims = (RequestClaimCollection)elementValue; if ((claims.Dialect != null) && !UriUtil.CanCreateValidUri(claims.Dialect, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3136, trustConstants.Attributes.Dialect, trustConstants.Elements.Claims, trustConstants.NamespaceURI, claims.Dialect))); } string ns = WSTrustSerializationHelper.GetRequestClaimNamespace(claims.Dialect); string prefix = writer.LookupPrefix(ns); if (string.IsNullOrEmpty(prefix)) { prefix = WSTrustSerializationHelper.GetRequestClaimPrefix(claims.Dialect); writer.WriteAttributeString("xmlns", prefix, null, ns); } writer.WriteAttributeString(trustConstants.Attributes.Dialect, !string.IsNullOrEmpty(claims.Dialect) ? claims.Dialect : WSIdentityConstants.Dialect); foreach (RequestClaim claim in claims) { writer.WriteStartElement(prefix, WSIdentityConstants.Elements.ClaimType, ns); writer.WriteAttributeString(WSIdentityConstants.Attributes.Uri, claim.ClaimType); writer.WriteAttributeString(WSIdentityConstants.Attributes.Optional, claim.IsOptional ? "true" : "false"); if (claim.Value != null) { if (StringComparer.Ordinal.Equals(claims.Dialect, WSAuthorizationConstants.Dialect)) { writer.WriteElementString(prefix, WSAuthorizationConstants.Elements.Value, ns, claim.Value); } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3257, claims.Dialect, WSAuthorizationConstants.Dialect))); } } writer.WriteEndElement(); } writer.WriteEndElement(); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.ComputedKeyAlgorithm)) { WriteComputedKeyAlgorithm(writer, trustConstants.Elements.ComputedKeyAlgorithm, (string)elementValue, trustConstants); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.BinaryExchange)) { WriteBinaryExchange(writer, elementValue as BinaryExchange, trustConstants); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.Issuer)) { WriteOnBehalfOfIssuer(writer, elementValue as EndpointReference, trustConstants); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.SignWith)) { if (!UriUtil.CanCreateValidUri((string)elementValue, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.SignWith, trustConstants.NamespaceURI, (string)elementValue))); } writer.WriteElementString(trustConstants.Prefix, trustConstants.Elements.SignWith, trustConstants.NamespaceURI, (string)elementValue); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.EncryptWith)) { if (!UriUtil.CanCreateValidUri((string)elementValue, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.EncryptWith, trustConstants.NamespaceURI, (string)elementValue))); } writer.WriteElementString(trustConstants.Prefix, trustConstants.Elements.EncryptWith, trustConstants.NamespaceURI, (string)elementValue); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.Entropy)) { Entropy entropy = elementValue as Entropy; if (entropy != null) { writer.WriteStartElement(trustConstants.Elements.Entropy, trustConstants.NamespaceURI); WriteProtectedKey(writer, entropy, context, trustConstants); writer.WriteEndElement(); } return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.KeySize)) { writer.WriteElementString(trustConstants.Prefix, trustConstants.Elements.KeySize, trustConstants.NamespaceURI, Convert.ToString(((int)elementValue), CultureInfo.InvariantCulture)); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.KeyType)) { WSTrustSerializationHelper.WriteKeyType(writer, ((string)elementValue), trustConstants); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.Lifetime)) { Lifetime lifeTime = (Lifetime)elementValue; WSTrustSerializationHelper.WriteLifetime(writer, lifeTime, trustConstants); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.RenewTarget)) { SecurityTokenElement tokenElement = elementValue as SecurityTokenElement; if (tokenElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("elementValue", SR.GetString(SR.ID3222, trustConstants.Elements.RenewTarget, trustConstants.NamespaceURI, typeof(SecurityTokenElement), elementValue)); } writer.WriteStartElement(trustConstants.Prefix, trustConstants.Elements.RenewTarget, trustConstants.NamespaceURI); if (tokenElement.SecurityTokenXml != null) { tokenElement.SecurityTokenXml.WriteTo(writer); } else { context.SecurityTokenHandlers.WriteToken(writer, tokenElement.GetSecurityToken()); } writer.WriteEndElement(); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.OnBehalfOf)) { writer.WriteStartElement(trustConstants.Prefix, trustConstants.Elements.OnBehalfOf, trustConstants.NamespaceURI); WriteTokenElement((SecurityTokenElement)elementValue, SecurityTokenHandlerCollectionManager.Usage.OnBehalfOf, context, writer); writer.WriteEndElement(); return; } if (StringComparer.Ordinal.Equals(elementName, WSTrust14Constants.ElementNames.ActAs)) { writer.WriteStartElement(WSTrust14Constants.Prefix, WSTrust14Constants.ElementNames.ActAs, WSTrust14Constants.NamespaceURI); WriteTokenElement((SecurityTokenElement)elementValue, SecurityTokenHandlerCollectionManager.Usage.ActAs, context, writer); writer.WriteEndElement(); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.RequestType)) { if (!UriUtil.CanCreateValidUri((string)elementValue, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.RequestType, trustConstants.NamespaceURI, (string)elementValue))); } WSTrustSerializationHelper.WriteRequestType(writer, (string)elementValue, trustConstants); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.TokenType)) { if (!UriUtil.CanCreateValidUri((string)elementValue, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.TokenType, trustConstants.NamespaceURI, ((string)elementValue)))); } writer.WriteElementString(trustConstants.Prefix, trustConstants.Elements.TokenType, trustConstants.NamespaceURI, ((string)elementValue)); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.UseKey)) { UseKey useKey = (UseKey)elementValue; if (useKey.Token == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3012))); } if (!context.SecurityTokenHandlers.CanWriteToken(useKey.Token)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3017))); } writer.WriteStartElement(trustConstants.Prefix, trustConstants.Elements.UseKey, trustConstants.NamespaceURI); context.SecurityTokenHandlers.WriteToken(writer, useKey.Token); writer.WriteEndElement(); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.AuthenticationType)) { if (!UriUtil.CanCreateValidUri((string)elementValue, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.AuthenticationType, trustConstants.NamespaceURI, ((string)elementValue)))); } writer.WriteElementString(trustConstants.Prefix, trustConstants.Elements.AuthenticationType, trustConstants.NamespaceURI, (string)elementValue); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.EncryptionAlgorithm)) { if (!UriUtil.CanCreateValidUri((string)elementValue, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.EncryptionAlgorithm, trustConstants.NamespaceURI, ((string)elementValue)))); } writer.WriteElementString(trustConstants.Prefix, trustConstants.Elements.EncryptionAlgorithm, trustConstants.NamespaceURI, (string)elementValue); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.CanonicalizationAlgorithm)) { if (!UriUtil.CanCreateValidUri((string)elementValue, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.CanonicalizationAlgorithm, trustConstants.NamespaceURI, ((string)elementValue)))); } writer.WriteElementString(trustConstants.Prefix, trustConstants.Elements.CanonicalizationAlgorithm, trustConstants.NamespaceURI, (string)elementValue); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.SignatureAlgorithm)) { if (!UriUtil.CanCreateValidUri((string)elementValue, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.SignatureAlgorithm, trustConstants.NamespaceURI, ((string)elementValue)))); } writer.WriteElementString(trustConstants.Prefix, trustConstants.Elements.SignatureAlgorithm, trustConstants.NamespaceURI, (string)elementValue); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.Encryption)) { SecurityTokenElement token = (SecurityTokenElement)elementValue; writer.WriteStartElement(trustConstants.Prefix, trustConstants.Elements.Encryption, trustConstants.NamespaceURI); if (token.SecurityTokenXml != null) { token.SecurityTokenXml.WriteTo(writer); } else { context.SecurityTokenHandlers.WriteToken(writer, token.GetSecurityToken()); } writer.WriteEndElement(); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.ProofEncryption)) { SecurityTokenElement token = (SecurityTokenElement)elementValue; writer.WriteStartElement(trustConstants.Prefix, trustConstants.Elements.ProofEncryption, trustConstants.NamespaceURI); if (token.SecurityTokenXml != null) { token.SecurityTokenXml.WriteTo(writer); } else { context.SecurityTokenHandlers.WriteToken(writer, token.GetSecurityToken()); } writer.WriteEndElement(); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.DelegateTo)) { SecurityTokenElement token = (SecurityTokenElement)elementValue; writer.WriteStartElement(trustConstants.Prefix, trustConstants.Elements.DelegateTo, trustConstants.NamespaceURI); if (token.SecurityTokenXml != null) { token.SecurityTokenXml.WriteTo(writer); } else { context.SecurityTokenHandlers.WriteToken(writer, token.GetSecurityToken()); } writer.WriteEndElement(); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.Forwardable)) { if (!(elementValue is bool)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("elementValue", SR.GetString(SR.ID3222, trustConstants.Elements.Forwardable, trustConstants.NamespaceURI, typeof(bool), elementValue)); } writer.WriteStartElement(trustConstants.Elements.Forwardable, trustConstants.NamespaceURI); writer.WriteString(XmlConvert.ToString((bool)elementValue)); writer.WriteEndElement(); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.Delegatable)) { if (!(elementValue is bool)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("elementValue", SR.GetString(SR.ID3222, trustConstants.Elements.Delegatable, trustConstants.NamespaceURI, typeof(bool), elementValue)); } writer.WriteStartElement(trustConstants.Elements.Delegatable, trustConstants.NamespaceURI); writer.WriteString(XmlConvert.ToString((bool)elementValue)); writer.WriteEndElement(); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.AllowPostdating)) { writer.WriteStartElement(trustConstants.Prefix, trustConstants.Elements.AllowPostdating, trustConstants.NamespaceURI); writer.WriteEndElement(); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.Renewing)) { Renewing renewing = elementValue as Renewing; if (renewing == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("elementValue", SR.GetString(SR.ID3222, trustConstants.Elements.Renewing, trustConstants.NamespaceURI, typeof(Renewing), elementValue)); } writer.WriteStartElement(trustConstants.Prefix, trustConstants.Elements.Renewing, trustConstants.NamespaceURI); writer.WriteAttributeString(trustConstants.Attributes.Allow, XmlConvert.ToString(renewing.AllowRenewal)); writer.WriteAttributeString(trustConstants.Attributes.OK, XmlConvert.ToString(renewing.OkForRenewalAfterExpiration)); writer.WriteEndElement(); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.CancelTarget)) { SecurityTokenElement tokenElement = elementValue as SecurityTokenElement; if (tokenElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("elementValue", SR.GetString(SR.ID3222, trustConstants.Elements.CancelTarget, trustConstants.NamespaceURI, typeof(SecurityTokenElement), elementValue)); } writer.WriteStartElement(trustConstants.Prefix, trustConstants.Elements.CancelTarget, trustConstants.NamespaceURI); if (tokenElement.SecurityTokenXml != null) { tokenElement.SecurityTokenXml.WriteTo(writer); } else { context.SecurityTokenHandlers.WriteToken(writer, tokenElement.GetSecurityToken()); } writer.WriteEndElement(); return; } if (StringComparer.Ordinal.Equals(elementName, trustConstants.Elements.Participants)) { Participants participants = elementValue as Participants; if (participants == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("elementValue", SR.GetString(SR.ID3222, trustConstants.Elements.Participant, trustConstants.NamespaceURI, typeof(Participants), elementValue)); } writer.WriteStartElement(trustConstants.Prefix, trustConstants.Elements.Participants, trustConstants.NamespaceURI); if (participants.Primary != null) { writer.WriteStartElement(trustConstants.Prefix, trustConstants.Elements.Primary, trustConstants.NamespaceURI); participants.Primary.WriteTo(writer); writer.WriteEndElement(); } foreach (EndpointReference participant in participants.Participant) { writer.WriteStartElement(trustConstants.Prefix, trustConstants.Elements.Participant, trustConstants.NamespaceURI); participant.WriteTo(writer); writer.WriteEndElement(); } writer.WriteEndElement(); return; } if (StringComparer.Ordinal.Equals(elementName, WSAuthorizationConstants.Elements.AdditionalContext)) { AdditionalContext additionalContext = elementValue as AdditionalContext; if (additionalContext == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("elementValue", SR.GetString(SR.ID3222, WSAuthorizationConstants.Elements.AdditionalContext, WSAuthorizationConstants.Namespace, typeof(AdditionalContext), elementValue)); } writer.WriteStartElement(WSAuthorizationConstants.Prefix, WSAuthorizationConstants.Elements.AdditionalContext, WSAuthorizationConstants.Namespace); foreach (ContextItem item in additionalContext.Items) { writer.WriteStartElement(WSAuthorizationConstants.Prefix, WSAuthorizationConstants.Elements.ContextItem, WSAuthorizationConstants.Namespace); writer.WriteAttributeString(WSAuthorizationConstants.Attributes.Name, item.Name.AbsoluteUri); if (item.Scope != null) { writer.WriteAttributeString(WSAuthorizationConstants.Attributes.Scope, item.Scope.AbsoluteUri); } if (item.Value != null) { writer.WriteElementString(WSAuthorizationConstants.Elements.Value, WSAuthorizationConstants.Namespace, item.Value); } writer.WriteEndElement(); } writer.WriteEndElement(); return; } throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3013, elementName, elementValue.GetType()))); }
/// <summary> /// When overriden in the derived class deserializes the RST from the XmlReader to a RequestSecurityToken object. /// </summary> /// <param name="reader">XML reader over the RST</param> /// <param name="context">Current Serialization context.</param> /// <returns>RequestSecurityToken object if the deserialization was successful</returns> public abstract RequestSecurityToken ReadXml(XmlReader reader, WSTrustSerializationContext context);