public GenericXmlSecurityToken ToObject (NativeInfocardCryptoHandle proofTokenHandle, SecurityTokenSerializer serializer)
{
XmlDocument doc = new XmlDocument ();
doc.LoadXml (xml_token);
XmlElement token = doc.DocumentElement;
SecurityToken proof = new CardSpaceProofToken (DateTime.FromFileTime (proofTokenHandle.Expiration), proofTokenHandle.GetAsymmetricKey ());
DateTime effective = DateTime.FromFileTime (created);
DateTime expiration = DateTime.FromFileTime (expired);
SecurityKeyIdentifierClause intref =
serializer.ReadKeyIdentifierClause (Create (internal_ref));
SecurityKeyIdentifierClause extref =
serializer.ReadKeyIdentifierClause (Create (external_ref));
return new GenericXmlSecurityToken (token, proof, effective, expiration, intref, extref, null);
}
// Summary
// Request a security token from the infocard system
//
// Parameters
// policyChain - an array of PolicyElements that describe the federated security chain that the client
// needs a final token to unwind.
//
public static GenericXmlSecurityToken GetToken(CardSpacePolicyElement[] policyChain, SecurityTokenSerializer tokenSerializer)
{
IDT.TraceDebug("ICARDCLIENT: GetToken called with a policy chain of length {0}", policyChain.Length);
InfoCardProofToken proofToken = null;
InternalRefCountedHandle nativeCryptoHandle = null;
GenericXmlSecurityToken token = null;
RpcGenericXmlToken infocardToken = new RpcGenericXmlToken();
SafeTokenHandle nativeToken = null;
Int32 result = 0;
if (null == policyChain || 0 == policyChain.Length)
{
throw IDT.ThrowHelperArgumentNull("policyChain");
}
if (null == tokenSerializer)
{
throw IDT.ThrowHelperArgumentNull("tokenSerializer");
}
if (null == tokenSerializer)
{
throw IDT.ThrowHelperArgumentNull("tokenSerializer");
}
try
{
RuntimeHelpers.PrepareConstrainedRegions();
bool mustRelease = false;
try
{
}
finally
{
//
// The PolicyChain class will do the marshalling and native buffer management for us.
//
try
{
using (PolicyChain tmpChain = new PolicyChain(policyChain))
{
IDT.TraceDebug("ICARDCLIENT: PInvoking the native GetToken call");
result = GetShim().m_csShimGetToken(
tmpChain.Length,
tmpChain.DoMarshal(),
out nativeToken,
out nativeCryptoHandle);
}
if (0 == result)
{
IDT.TraceDebug("ICARDCLIENT: The PInvoke of GetToken succeeded");
nativeToken.DangerousAddRef(ref mustRelease);
infocardToken = (RpcGenericXmlToken)Marshal.PtrToStructure(
nativeToken.DangerousGetHandle(),
typeof(RpcGenericXmlToken));
}
}
finally
{
if (mustRelease)
{
nativeToken.DangerousRelease();
}
}
}
if (0 == result)
{
using (ProofTokenCryptoHandle crypto =
(ProofTokenCryptoHandle)CryptoHandle.Create(nativeCryptoHandle))
{
proofToken = crypto.CreateProofToken();
}
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.LoadXml(infocardToken.xmlToken);
SecurityKeyIdentifierClause internalTokenReference = null;
if (null != infocardToken.internalTokenReference)
{
internalTokenReference = tokenSerializer.ReadKeyIdentifierClause(
CreateReaderWithQuotas(infocardToken.internalTokenReference));
}
SecurityKeyIdentifierClause externalTokenReference = null;
if (null != infocardToken.externalTokenReference)
{
externalTokenReference = tokenSerializer.ReadKeyIdentifierClause(
CreateReaderWithQuotas(infocardToken.externalTokenReference));
}
IDT.TraceDebug("ICARDCLIENT: Constructing a new GenericXmlSecurityToken");
token = new GenericXmlSecurityToken(
xmlDoc.DocumentElement,
proofToken,
DateTime.FromFileTimeUtc(infocardToken.createDate),
DateTime.FromFileTimeUtc(infocardToken.expiryDate),
internalTokenReference,
externalTokenReference,
null);
}
else
{
IDT.TraceDebug("ICARDCLIENT: The PInvoke of GetToken failed with a return code of {0}", result);
//
// Convert the HRESULTS to exceptions
//
ExceptionHelper.ThrowIfCardSpaceException((int)result);
throw IDT.ThrowHelperError(new CardSpaceException(SR.GetString(SR.ClientAPIInfocardError)));
}
}
catch
{
if (null != nativeCryptoHandle)
{
nativeCryptoHandle.Dispose();
}
if (null != proofToken)
{
proofToken.Dispose();
}
throw;
}
finally
{
if (null != nativeToken)
{
nativeToken.Dispose();
}
}
return(token);
}
internal static XmlDictionaryReader CreatePlaintextReaderFromEncryptedData(
XmlDictionaryReader reader,
SecurityTokenResolver serviceTokenResolver,
SecurityTokenSerializer keyInfoSerializer,
Collection<EncryptedKeyIdentifierClause> clauses,
out EncryptingCredentials encryptingCredentials)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
reader.MoveToContent();
if (reader.IsEmptyElement)
{
#pragma warning suppress 56504 // bogus - thinks reader.LocalName, reader.NamespaceURI need validation
throw DiagnosticUtility.ThrowHelperXml(reader, SR.GetString(SR.ID3061, reader.LocalName, reader.NamespaceURI));
}
encryptingCredentials = null;
XmlUtil.ValidateXsiType(reader, Saml2Constants.Types.EncryptedElementType, Saml2Constants.Namespace);
reader.ReadStartElement();
EncryptedDataElement encryptedData = new EncryptedDataElement(keyInfoSerializer);
// <xenc:EncryptedData> 1
encryptedData.ReadXml(reader);
// <xenc:EncryptedKey> 0-oo
reader.MoveToContent();
while (reader.IsStartElement(XmlEncryptionConstants.Elements.EncryptedKey, XmlEncryptionConstants.Namespace))
{
SecurityKeyIdentifierClause skic;
if (keyInfoSerializer.CanReadKeyIdentifierClause(reader))
{
skic = keyInfoSerializer.ReadKeyIdentifierClause(reader);
}
else
{
EncryptedKeyElement encryptedKey = new EncryptedKeyElement(keyInfoSerializer);
encryptedKey.ReadXml(reader);
skic = encryptedKey.GetClause();
}
EncryptedKeyIdentifierClause encryptedKeyClause = skic as EncryptedKeyIdentifierClause;
if (null == encryptedKeyClause)
{
throw DiagnosticUtility.ThrowHelperXml(reader, SR.GetString(SR.ID4172));
}
clauses.Add(encryptedKeyClause);
}
reader.ReadEndElement();
// Try to resolve the decryption key from both the embedded
// KeyInfo and any external clauses
SecurityKey decryptionKey = null;
SecurityKeyIdentifierClause matchingClause = null;
foreach (SecurityKeyIdentifierClause clause in encryptedData.KeyIdentifier)
{
if (serviceTokenResolver.TryResolveSecurityKey(clause, out decryptionKey))
{
matchingClause = clause;
break;
}
}
if (null == decryptionKey)
{
foreach (SecurityKeyIdentifierClause clause in clauses)
{
if (serviceTokenResolver.TryResolveSecurityKey(clause, out decryptionKey))
{
matchingClause = clause;
break;
}
}
}
if (null == decryptionKey)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(
new EncryptedTokenDecryptionFailedException());
}
// Need a symmetric key
SymmetricSecurityKey symmetricKey = decryptionKey as SymmetricSecurityKey;
if (null == symmetricKey)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(
new SecurityTokenException(SR.GetString(SR.ID4023)));
}
// Do the actual decryption
SymmetricAlgorithm decryptor = symmetricKey.GetSymmetricAlgorithm(encryptedData.Algorithm);
byte[] plainText = encryptedData.Decrypt(decryptor);
// Save off the encrypting credentials for roundtrip
encryptingCredentials = new ReceivedEncryptingCredentials(decryptionKey, new SecurityKeyIdentifier(matchingClause), encryptedData.Algorithm);
return XmlDictionaryReader.CreateTextReader(plainText, reader.Quotas);
}
public static GenericXmlSecurityToken GetToken(CardSpacePolicyElement[] policyChain, SecurityTokenSerializer tokenSerializer)
{
InfoCardProofToken proofToken = null;
InternalRefCountedHandle pCryptoHandle = null;
RpcGenericXmlToken token3 = new RpcGenericXmlToken();
SafeTokenHandle securityToken = null;
int status = 0;
if ((policyChain == null) || (policyChain.Length == 0))
{
throw InfoCardTrace.ThrowHelperArgumentNull("policyChain");
}
if (tokenSerializer == null)
{
throw InfoCardTrace.ThrowHelperArgumentNull("tokenSerializer");
}
if (tokenSerializer == null)
{
throw InfoCardTrace.ThrowHelperArgumentNull("tokenSerializer");
}
try
{
RuntimeHelpers.PrepareConstrainedRegions();
bool success = false;
try
{
}
finally
{
try
{
using (PolicyChain chain = new PolicyChain(policyChain))
{
status = GetShim().m_csShimGetToken(chain.Length, chain.DoMarshal(), out securityToken, out pCryptoHandle);
}
if (status == 0)
{
securityToken.DangerousAddRef(ref success);
token3 = (RpcGenericXmlToken)Marshal.PtrToStructure(securityToken.DangerousGetHandle(), typeof(RpcGenericXmlToken));
}
}
finally
{
if (success)
{
securityToken.DangerousRelease();
}
}
}
if (status == 0)
{
using (ProofTokenCryptoHandle handle3 = (ProofTokenCryptoHandle)CryptoHandle.Create(pCryptoHandle))
{
proofToken = handle3.CreateProofToken();
}
XmlDocument document = new XmlDocument();
document.LoadXml(token3.xmlToken);
SecurityKeyIdentifierClause internalTokenReference = null;
if (token3.internalTokenReference != null)
{
internalTokenReference = tokenSerializer.ReadKeyIdentifierClause(CreateReaderWithQuotas(token3.internalTokenReference));
}
SecurityKeyIdentifierClause externalTokenReference = null;
if (token3.externalTokenReference != null)
{
externalTokenReference = tokenSerializer.ReadKeyIdentifierClause(CreateReaderWithQuotas(token3.externalTokenReference));
}
DateTime effectiveTime = DateTime.FromFileTimeUtc(token3.createDate);
return(new GenericXmlSecurityToken(document.DocumentElement, proofToken, effectiveTime, DateTime.FromFileTimeUtc(token3.expiryDate), internalTokenReference, externalTokenReference, null));
}
ExceptionHelper.ThrowIfCardSpaceException(status);
throw InfoCardTrace.ThrowHelperError(new CardSpaceException(Microsoft.InfoCards.SR.GetString("ClientAPIInfocardError")));
}
catch
{
if (pCryptoHandle != null)
{
pCryptoHandle.Dispose();
}
if (proofToken != null)
{
proofToken.Dispose();
}
throw;
}
finally
{
if (securityToken != null)
{
securityToken.Dispose();
}
}
return(null);
}
// Summary
// Request a security token from the infocard system
//
// Parameters
// policyChain - an array of PolicyElements that describe the federated security chain that the client
// needs a final token to unwind.
//
public static GenericXmlSecurityToken GetToken(CardSpacePolicyElement[] policyChain, SecurityTokenSerializer tokenSerializer)
{
IDT.TraceDebug("ICARDCLIENT: GetToken called with a policy chain of length {0}", policyChain.Length);
InfoCardProofToken proofToken = null;
InternalRefCountedHandle nativeCryptoHandle = null;
GenericXmlSecurityToken token = null;
RpcGenericXmlToken infocardToken = new RpcGenericXmlToken();
SafeTokenHandle nativeToken = null;
Int32 result = 0;
if (null == policyChain || 0 == policyChain.Length)
{
throw IDT.ThrowHelperArgumentNull("policyChain");
}
if (null == tokenSerializer)
{
throw IDT.ThrowHelperArgumentNull("tokenSerializer");
}
if (null == tokenSerializer)
{
throw IDT.ThrowHelperArgumentNull("tokenSerializer");
}
try
{
RuntimeHelpers.PrepareConstrainedRegions();
bool mustRelease = false;
try
{
}
finally
{
//
// The PolicyChain class will do the marshalling and native buffer management for us.
//
try
{
using (PolicyChain tmpChain = new PolicyChain(policyChain))
{
IDT.TraceDebug("ICARDCLIENT: PInvoking the native GetToken call");
result = GetShim().m_csShimGetToken(
tmpChain.Length,
tmpChain.DoMarshal(),
out nativeToken,
out nativeCryptoHandle);
}
if (0 == result)
{
IDT.TraceDebug("ICARDCLIENT: The PInvoke of GetToken succeeded");
nativeToken.DangerousAddRef(ref mustRelease);
infocardToken = (RpcGenericXmlToken)Marshal.PtrToStructure(
nativeToken.DangerousGetHandle(),
typeof(RpcGenericXmlToken));
}
}
finally
{
if (mustRelease)
{
nativeToken.DangerousRelease();
}
}
}
if (0 == result)
{
using (ProofTokenCryptoHandle crypto =
(ProofTokenCryptoHandle)CryptoHandle.Create(nativeCryptoHandle))
{
proofToken = crypto.CreateProofToken();
}
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.LoadXml(infocardToken.xmlToken);
SecurityKeyIdentifierClause internalTokenReference = null;
if (null != infocardToken.internalTokenReference)
{
internalTokenReference = tokenSerializer.ReadKeyIdentifierClause(
CreateReaderWithQuotas(infocardToken.internalTokenReference));
}
SecurityKeyIdentifierClause externalTokenReference = null;
if (null != infocardToken.externalTokenReference)
{
externalTokenReference = tokenSerializer.ReadKeyIdentifierClause(
CreateReaderWithQuotas(infocardToken.externalTokenReference));
}
IDT.TraceDebug("ICARDCLIENT: Constructing a new GenericXmlSecurityToken");
token = new GenericXmlSecurityToken(
xmlDoc.DocumentElement,
proofToken,
DateTime.FromFileTimeUtc(infocardToken.createDate),
DateTime.FromFileTimeUtc(infocardToken.expiryDate),
internalTokenReference,
externalTokenReference,
null);
}
else
{
IDT.TraceDebug("ICARDCLIENT: The PInvoke of GetToken failed with a return code of {0}", result);
//
// Convert the HRESULTS to exceptions
//
ExceptionHelper.ThrowIfCardSpaceException((int)result);
throw IDT.ThrowHelperError(new CardSpaceException(SR.GetString(SR.ClientAPIInfocardError)));
}
}
catch
{
if (null != nativeCryptoHandle)
{
nativeCryptoHandle.Dispose();
}
if (null != proofToken)
{
proofToken.Dispose();
}
throw;
}
finally
{
if (null != nativeToken)
{
nativeToken.Dispose();
}
}
return token;
}