public SamlAssertion (string assertionId, string issuer,
DateTime issueInstant, SamlConditions conditions,
SamlAdvice advice, IEnumerable<SamlStatement> statements)
{
if (IsInvalidAssertionId (assertionId))
throw new ArgumentException (String.Format ("The assertionId '{0}' must be a valid XML NCName.", assertionId));
if (issuer == null || issuer.Length == 0)
throw new ArgumentException ("issuer");
if (statements == null)
throw new ArgumentNullException ("statements");
major = 1;
minor = 1;
assertion_id = assertionId;
this.issuer = issuer;
issue_instant = issueInstant;
this.conditions = conditions;
this.advice = advice;
foreach (SamlStatement s in statements) {
if (s == null)
throw new ArgumentException ("statements contain null item.");
this.statements.Add (s);
}
if (this.statements.Count == 0)
throw new ArgumentException ("At least one assertion statement is required.");
}
public virtual SamlAdvice LoadAdvice(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
SamlAdvice advice = new SamlAdvice();
advice.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return advice;
}
public virtual SamlAdvice LoadAdvice(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
SamlAdvice advice = new SamlAdvice();
advice.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return(advice);
}
public SamlAssertion(
string assertionId,
string issuer,
DateTime issueInstant,
SamlConditions samlConditions,
SamlAdvice samlAdvice,
IEnumerable <SamlStatement> samlStatements
)
{
if (string.IsNullOrEmpty(assertionId))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.SAMLAssertionIdRequired));
}
if (!IsAssertionIdValid(assertionId))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.SAMLAssertionIDIsInvalid, assertionId));
}
if (string.IsNullOrEmpty(issuer))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.SAMLAssertionIssuerRequired));
}
if (samlStatements == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("samlStatements");
}
this.assertionId = assertionId;
this.issuer = issuer;
this.issueInstant = issueInstant.ToUniversalTime();
this.conditions = samlConditions;
this.advice = samlAdvice;
foreach (SamlStatement samlStatement in samlStatements)
{
if (samlStatement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.SAMLEntityCannotBeNullOrEmpty, XD.SamlDictionary.Statement.Value));
}
this.statements.Add(samlStatement);
}
if (this.statements.Count == 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.SAMLAssertionRequireOneStatement));
}
}
public SamlAssertion(
string assertionId,
string issuer,
DateTime issueInstant,
SamlConditions samlConditions,
SamlAdvice samlAdvice,
IEnumerable<SamlStatement> samlStatements
)
{
if (string.IsNullOrEmpty(assertionId))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.SAMLAssertionIdRequired));
if (!IsAssertionIdValid(assertionId))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.SAMLAssertionIDIsInvalid, assertionId));
if (string.IsNullOrEmpty(issuer))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.SAMLAssertionIssuerRequired));
if (samlStatements == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("samlStatements");
}
this.assertionId = assertionId;
this.issuer = issuer;
this.issueInstant = issueInstant.ToUniversalTime();
this.conditions = samlConditions;
this.advice = samlAdvice;
foreach (SamlStatement samlStatement in samlStatements)
{
if (samlStatement == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.SAMLEntityCannotBeNullOrEmpty, XD.SamlDictionary.Statement.Value));
this.statements.Add(samlStatement);
}
if (this.statements.Count == 0)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.SAMLAssertionRequireOneStatement));
}
public SamlAssertion(string assertionId, string issuer, DateTime issueInstant, SamlConditions samlConditions, SamlAdvice samlAdvice, IEnumerable <SamlStatement> samlStatements)
{
this.assertionId = "SamlSecurityToken-" + Guid.NewGuid().ToString();
this.issueInstant = DateTime.UtcNow.ToUniversalTime();
this.statements = new ImmutableCollection <SamlStatement>();
if (string.IsNullOrEmpty(assertionId))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.IdentityModel.SR.GetString("SAMLAssertionIdRequired"));
}
if (!this.IsAssertionIdValid(assertionId))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.IdentityModel.SR.GetString("SAMLAssertionIDIsInvalid", new object[] { assertionId }));
}
if (string.IsNullOrEmpty(issuer))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.IdentityModel.SR.GetString("SAMLAssertionIssuerRequired"));
}
if (samlStatements == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("samlStatements");
}
this.assertionId = assertionId;
this.issuer = issuer;
this.issueInstant = issueInstant.ToUniversalTime();
this.conditions = samlConditions;
this.advice = samlAdvice;
foreach (SamlStatement statement in samlStatements)
{
if (statement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.IdentityModel.SR.GetString("SAMLEntityCannotBeNullOrEmpty", new object[] { XD.SamlDictionary.Statement.Value }));
}
this.statements.Add(statement);
}
if (this.statements.Count == 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.IdentityModel.SR.GetString("SAMLAssertionRequireOneStatement"));
}
}
public SamlAssertion(string assertionId, string issuer,
DateTime issueInstant, SamlConditions conditions,
SamlAdvice advice, IEnumerable <SamlStatement> statements)
{
if (IsInvalidAssertionId(assertionId))
{
throw new ArgumentException(String.Format("The assertionId '{0}' must be a valid XML NCName.", assertionId));
}
if (issuer == null || issuer.Length == 0)
{
throw new ArgumentException("issuer");
}
if (statements == null)
{
throw new ArgumentNullException("statements");
}
major = 1;
minor = 1;
assertion_id = assertionId;
this.issuer = issuer;
issue_instant = issueInstant;
this.conditions = conditions;
this.advice = advice;
foreach (SamlStatement s in statements)
{
if (s == null)
{
throw new ArgumentException("statements contain null item.");
}
this.statements.Add(s);
}
if (this.statements.Count == 0)
{
throw new ArgumentException("At least one assertion statement is required.");
}
}
public SamlAssertion(string assertionId, string issuer, DateTime issueInstant, SamlConditions samlConditions, SamlAdvice samlAdvice, IEnumerable<SamlStatement> samlStatements)
{
this.assertionId = "SamlSecurityToken-" + Guid.NewGuid().ToString();
this.issueInstant = DateTime.UtcNow.ToUniversalTime();
this.statements = new ImmutableCollection<SamlStatement>();
if (string.IsNullOrEmpty(assertionId))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.IdentityModel.SR.GetString("SAMLAssertionIdRequired"));
}
if (!this.IsAssertionIdValid(assertionId))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.IdentityModel.SR.GetString("SAMLAssertionIDIsInvalid", new object[] { assertionId }));
}
if (string.IsNullOrEmpty(issuer))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.IdentityModel.SR.GetString("SAMLAssertionIssuerRequired"));
}
if (samlStatements == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("samlStatements");
}
this.assertionId = assertionId;
this.issuer = issuer;
this.issueInstant = issueInstant.ToUniversalTime();
this.conditions = samlConditions;
this.advice = samlAdvice;
foreach (SamlStatement statement in samlStatements)
{
if (statement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.IdentityModel.SR.GetString("SAMLEntityCannotBeNullOrEmpty", new object[] { XD.SamlDictionary.Statement.Value }));
}
this.statements.Add(statement);
}
if (this.statements.Count == 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.IdentityModel.SR.GetString("SAMLAssertionRequireOneStatement"));
}
}
public virtual void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("ReadXml"));
if (samlSerializer == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
XmlDictionaryReader dictionaryReader = XmlDictionaryReader.CreateDictionaryReader(reader);
WrappedReader wrappedReader = new WrappedReader(dictionaryReader);
#pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null.
SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary;
if (!wrappedReader.IsStartElement(dictionary.Assertion, dictionary.Namespace))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLElementNotRecognized, wrappedReader.LocalName)));
string attributeValue = wrappedReader.GetAttribute(dictionary.MajorVersion, null);
if (string.IsNullOrEmpty(attributeValue))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAssertionMissingMajorVersionAttributeOnRead)));
int majorVersion = Int32.Parse(attributeValue, CultureInfo.InvariantCulture);
attributeValue = wrappedReader.GetAttribute(dictionary.MinorVersion, null);
if (string.IsNullOrEmpty(attributeValue))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAssertionMissingMinorVersionAttributeOnRead)));
int minorVersion = Int32.Parse(attributeValue, CultureInfo.InvariantCulture);
if ((majorVersion != SamlConstants.MajorVersionValue) || (minorVersion != SamlConstants.MinorVersionValue))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLTokenVersionNotSupported, majorVersion, minorVersion, SamlConstants.MajorVersionValue, SamlConstants.MinorVersionValue)));
}
attributeValue = wrappedReader.GetAttribute(dictionary.AssertionId, null);
if (string.IsNullOrEmpty(attributeValue))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAssertionIdRequired)));
if (!IsAssertionIdValid(attributeValue))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAssertionIDIsInvalid, attributeValue)));
this.assertionId = attributeValue;
attributeValue = wrappedReader.GetAttribute(dictionary.Issuer, null);
if (string.IsNullOrEmpty(attributeValue))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAssertionMissingIssuerAttributeOnRead)));
this.issuer = attributeValue;
attributeValue = wrappedReader.GetAttribute(dictionary.IssueInstant, null);
if (!string.IsNullOrEmpty(attributeValue))
this.issueInstant = DateTime.ParseExact(
attributeValue, SamlConstants.AcceptedDateTimeFormats, DateTimeFormatInfo.InvariantInfo, DateTimeStyles.None).ToUniversalTime();
wrappedReader.MoveToContent();
wrappedReader.Read();
if (wrappedReader.IsStartElement(dictionary.Conditions, dictionary.Namespace))
{
this.conditions = samlSerializer.LoadConditions(wrappedReader, keyInfoSerializer, outOfBandTokenResolver);
if (this.conditions == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLUnableToLoadCondtions)));
}
if (wrappedReader.IsStartElement(dictionary.Advice, dictionary.Namespace))
{
this.advice = samlSerializer.LoadAdvice(wrappedReader, keyInfoSerializer, outOfBandTokenResolver);
if (this.advice == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLUnableToLoadAdvice)));
}
while (wrappedReader.IsStartElement())
{
#pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null.
if (wrappedReader.IsStartElement(samlSerializer.DictionaryManager.XmlSignatureDictionary.Signature, samlSerializer.DictionaryManager.XmlSignatureDictionary.Namespace))
{
break;
}
else
{
SamlStatement statement = samlSerializer.LoadStatement(wrappedReader, keyInfoSerializer, outOfBandTokenResolver);
if (statement == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLUnableToLoadStatement)));
this.statements.Add(statement);
}
}
if (this.statements.Count == 0)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAssertionRequireOneStatementOnRead)));
if (wrappedReader.IsStartElement(samlSerializer.DictionaryManager.XmlSignatureDictionary.Signature, samlSerializer.DictionaryManager.XmlSignatureDictionary.Namespace))
this.ReadSignature(wrappedReader, keyInfoSerializer, outOfBandTokenResolver, samlSerializer);
wrappedReader.MoveToContent();
wrappedReader.ReadEndElement();
this.tokenStream = wrappedReader.XmlTokens;
if (this.signature != null)
{
VerifySignature(this.signature, this.verificationKey);
}
BuildCryptoList();
}
public virtual void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("ReadXml"));
}
if (samlSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
}
WrappedReader reader3 = new WrappedReader(XmlDictionaryReader.CreateDictionaryReader(reader));
SamlDictionary samlDictionary = samlSerializer.DictionaryManager.SamlDictionary;
if (!reader3.IsStartElement(samlDictionary.Assertion, samlDictionary.Namespace))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLElementNotRecognized", new object[] { reader3.LocalName })));
}
string attribute = reader3.GetAttribute(samlDictionary.MajorVersion, null);
if (string.IsNullOrEmpty(attribute))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAssertionMissingMajorVersionAttributeOnRead")));
}
int num = int.Parse(attribute, CultureInfo.InvariantCulture);
attribute = reader3.GetAttribute(samlDictionary.MinorVersion, null);
if (string.IsNullOrEmpty(attribute))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAssertionMissingMinorVersionAttributeOnRead")));
}
int num2 = int.Parse(attribute, CultureInfo.InvariantCulture);
if ((num != SamlConstants.MajorVersionValue) || (num2 != SamlConstants.MinorVersionValue))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLTokenVersionNotSupported", new object[] { num, num2, SamlConstants.MajorVersionValue, SamlConstants.MinorVersionValue })));
}
attribute = reader3.GetAttribute(samlDictionary.AssertionId, null);
if (string.IsNullOrEmpty(attribute))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAssertionIdRequired")));
}
if (!this.IsAssertionIdValid(attribute))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAssertionIDIsInvalid", new object[] { attribute })));
}
this.assertionId = attribute;
attribute = reader3.GetAttribute(samlDictionary.Issuer, null);
if (string.IsNullOrEmpty(attribute))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAssertionMissingIssuerAttributeOnRead")));
}
this.issuer = attribute;
attribute = reader3.GetAttribute(samlDictionary.IssueInstant, null);
if (!string.IsNullOrEmpty(attribute))
{
this.issueInstant = DateTime.ParseExact(attribute, SamlConstants.AcceptedDateTimeFormats, DateTimeFormatInfo.InvariantInfo, DateTimeStyles.None).ToUniversalTime();
}
reader3.MoveToContent();
reader3.Read();
if (reader3.IsStartElement(samlDictionary.Conditions, samlDictionary.Namespace))
{
this.conditions = samlSerializer.LoadConditions(reader3, keyInfoSerializer, outOfBandTokenResolver);
if (this.conditions == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLUnableToLoadCondtions")));
}
}
if (reader3.IsStartElement(samlDictionary.Advice, samlDictionary.Namespace))
{
this.advice = samlSerializer.LoadAdvice(reader3, keyInfoSerializer, outOfBandTokenResolver);
if (this.advice == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLUnableToLoadAdvice")));
}
}
while (reader3.IsStartElement())
{
if (reader3.IsStartElement(samlSerializer.DictionaryManager.XmlSignatureDictionary.Signature, samlSerializer.DictionaryManager.XmlSignatureDictionary.Namespace))
{
break;
}
SamlStatement item = samlSerializer.LoadStatement(reader3, keyInfoSerializer, outOfBandTokenResolver);
if (item == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLUnableToLoadStatement")));
}
this.statements.Add(item);
}
if (this.statements.Count == 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAssertionRequireOneStatementOnRead")));
}
if (reader3.IsStartElement(samlSerializer.DictionaryManager.XmlSignatureDictionary.Signature, samlSerializer.DictionaryManager.XmlSignatureDictionary.Namespace))
{
this.ReadSignature(reader3, keyInfoSerializer, outOfBandTokenResolver, samlSerializer);
}
reader3.MoveToContent();
reader3.ReadEndElement();
this.tokenStream = reader3.XmlTokens;
if (this.signature != null)
{
this.VerifySignature(this.signature, this.verificationKey);
}
this.BuildCryptoList();
}
public virtual void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("ReadXml"));
}
if (samlSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
}
XmlDictionaryReader dictionaryReader = XmlDictionaryReader.CreateDictionaryReader(reader);
WrappedReader wrappedReader = new WrappedReader(dictionaryReader);
#pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null.
SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary;
if (!wrappedReader.IsStartElement(dictionary.Assertion, dictionary.Namespace))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLElementNotRecognized, wrappedReader.LocalName)));
}
string attributeValue = wrappedReader.GetAttribute(dictionary.MajorVersion, null);
if (string.IsNullOrEmpty(attributeValue))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAssertionMissingMajorVersionAttributeOnRead)));
}
int majorVersion = Int32.Parse(attributeValue, CultureInfo.InvariantCulture);
attributeValue = wrappedReader.GetAttribute(dictionary.MinorVersion, null);
if (string.IsNullOrEmpty(attributeValue))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAssertionMissingMinorVersionAttributeOnRead)));
}
int minorVersion = Int32.Parse(attributeValue, CultureInfo.InvariantCulture);
if ((majorVersion != SamlConstants.MajorVersionValue) || (minorVersion != SamlConstants.MinorVersionValue))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLTokenVersionNotSupported, majorVersion, minorVersion, SamlConstants.MajorVersionValue, SamlConstants.MinorVersionValue)));
}
attributeValue = wrappedReader.GetAttribute(dictionary.AssertionId, null);
if (string.IsNullOrEmpty(attributeValue))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAssertionIdRequired)));
}
if (!IsAssertionIdValid(attributeValue))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAssertionIDIsInvalid, attributeValue)));
}
this.assertionId = attributeValue;
attributeValue = wrappedReader.GetAttribute(dictionary.Issuer, null);
if (string.IsNullOrEmpty(attributeValue))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAssertionMissingIssuerAttributeOnRead)));
}
this.issuer = attributeValue;
attributeValue = wrappedReader.GetAttribute(dictionary.IssueInstant, null);
if (!string.IsNullOrEmpty(attributeValue))
{
this.issueInstant = DateTime.ParseExact(
attributeValue, SamlConstants.AcceptedDateTimeFormats, DateTimeFormatInfo.InvariantInfo, DateTimeStyles.None).ToUniversalTime();
}
wrappedReader.MoveToContent();
wrappedReader.Read();
if (wrappedReader.IsStartElement(dictionary.Conditions, dictionary.Namespace))
{
this.conditions = samlSerializer.LoadConditions(wrappedReader, keyInfoSerializer, outOfBandTokenResolver);
if (this.conditions == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLUnableToLoadCondtions)));
}
}
if (wrappedReader.IsStartElement(dictionary.Advice, dictionary.Namespace))
{
this.advice = samlSerializer.LoadAdvice(wrappedReader, keyInfoSerializer, outOfBandTokenResolver);
if (this.advice == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLUnableToLoadAdvice)));
}
}
while (wrappedReader.IsStartElement())
{
#pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null.
if (wrappedReader.IsStartElement(samlSerializer.DictionaryManager.XmlSignatureDictionary.Signature, samlSerializer.DictionaryManager.XmlSignatureDictionary.Namespace))
{
break;
}
else
{
SamlStatement statement = samlSerializer.LoadStatement(wrappedReader, keyInfoSerializer, outOfBandTokenResolver);
if (statement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLUnableToLoadStatement)));
}
this.statements.Add(statement);
}
}
if (this.statements.Count == 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAssertionRequireOneStatementOnRead)));
}
if (wrappedReader.IsStartElement(samlSerializer.DictionaryManager.XmlSignatureDictionary.Signature, samlSerializer.DictionaryManager.XmlSignatureDictionary.Namespace))
{
this.ReadSignature(wrappedReader, keyInfoSerializer, outOfBandTokenResolver, samlSerializer);
}
wrappedReader.MoveToContent();
wrappedReader.ReadEndElement();
this.tokenStream = wrappedReader.XmlTokens;
if (this.signature != null)
{
VerifySignature(this.signature, this.verificationKey);
}
BuildCryptoList();
}
/// <summary>
/// Override this method to customize the parameters to create a SamlAssertion.
/// </summary>
/// <param name="issuer">The Issuer of the Assertion.</param>
/// <param name="conditions">The SamlConditions to add.</param>
/// <param name="advice">The SamlAdvice to add.</param>
/// <param name="statements">The SamlStatements to add.</param>
/// <returns>A SamlAssertion.</returns>
/// <remarks>A unique random id is created for the assertion
/// IssueInstance is set to DateTime.UtcNow.</remarks>
protected virtual SamlAssertion CreateAssertion(string issuer, SamlConditions conditions, SamlAdvice advice, IEnumerable<SamlStatement> statements)
{
return new SamlAssertion(System.IdentityModel.UniqueId.CreateRandomId(), issuer, DateTime.UtcNow, conditions, advice, statements);
}
/// <summary>
/// Serialize the given SamlAdvice to the given XmlWriter.
/// </summary>
/// <param name="writer">XmlWriter to serialize the SamlAdvice.</param>
/// <param name="advice">SamlAdvice to be serialized.</param>
/// <exception cref="ArgumentNullException">The input parameter 'writer' or 'advice' is null.</exception>
protected virtual void WriteAdvice(XmlWriter writer, SamlAdvice advice)
{
if (writer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer");
}
if (advice == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("advice");
}
writer.WriteStartElement(SamlConstants.Prefix, SamlConstants.ElementNames.Advice, SamlConstants.Namespace);
if (advice.AssertionIdReferences.Count > 0)
{
foreach (string assertionIdReference in advice.AssertionIdReferences)
{
if (string.IsNullOrEmpty(assertionIdReference))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.ID4079)));
}
writer.WriteElementString(SamlConstants.Prefix, SamlConstants.ElementNames.AssertionIdReference, SamlConstants.Namespace, assertionIdReference);
}
}
if (advice.Assertions.Count > 0)
{
foreach (SamlAssertion assertion in advice.Assertions)
{
WriteAssertion(writer, assertion);
}
}
writer.WriteEndElement();
}
public virtual void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("ReadXml"));
}
if (samlSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
}
WrappedReader reader3 = new WrappedReader(XmlDictionaryReader.CreateDictionaryReader(reader));
SamlDictionary samlDictionary = samlSerializer.DictionaryManager.SamlDictionary;
if (!reader3.IsStartElement(samlDictionary.Assertion, samlDictionary.Namespace))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLElementNotRecognized", new object[] { reader3.LocalName })));
}
string attribute = reader3.GetAttribute(samlDictionary.MajorVersion, null);
if (string.IsNullOrEmpty(attribute))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAssertionMissingMajorVersionAttributeOnRead")));
}
int num = int.Parse(attribute, CultureInfo.InvariantCulture);
attribute = reader3.GetAttribute(samlDictionary.MinorVersion, null);
if (string.IsNullOrEmpty(attribute))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAssertionMissingMinorVersionAttributeOnRead")));
}
int num2 = int.Parse(attribute, CultureInfo.InvariantCulture);
if ((num != SamlConstants.MajorVersionValue) || (num2 != SamlConstants.MinorVersionValue))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLTokenVersionNotSupported", new object[] { num, num2, SamlConstants.MajorVersionValue, SamlConstants.MinorVersionValue })));
}
attribute = reader3.GetAttribute(samlDictionary.AssertionId, null);
if (string.IsNullOrEmpty(attribute))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAssertionIdRequired")));
}
if (!this.IsAssertionIdValid(attribute))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAssertionIDIsInvalid", new object[] { attribute })));
}
this.assertionId = attribute;
attribute = reader3.GetAttribute(samlDictionary.Issuer, null);
if (string.IsNullOrEmpty(attribute))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAssertionMissingIssuerAttributeOnRead")));
}
this.issuer = attribute;
attribute = reader3.GetAttribute(samlDictionary.IssueInstant, null);
if (!string.IsNullOrEmpty(attribute))
{
this.issueInstant = DateTime.ParseExact(attribute, SamlConstants.AcceptedDateTimeFormats, DateTimeFormatInfo.InvariantInfo, DateTimeStyles.None).ToUniversalTime();
}
reader3.MoveToContent();
reader3.Read();
if (reader3.IsStartElement(samlDictionary.Conditions, samlDictionary.Namespace))
{
this.conditions = samlSerializer.LoadConditions(reader3, keyInfoSerializer, outOfBandTokenResolver);
if (this.conditions == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLUnableToLoadCondtions")));
}
}
if (reader3.IsStartElement(samlDictionary.Advice, samlDictionary.Namespace))
{
this.advice = samlSerializer.LoadAdvice(reader3, keyInfoSerializer, outOfBandTokenResolver);
if (this.advice == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLUnableToLoadAdvice")));
}
}
while (reader3.IsStartElement())
{
if (reader3.IsStartElement(samlSerializer.DictionaryManager.XmlSignatureDictionary.Signature, samlSerializer.DictionaryManager.XmlSignatureDictionary.Namespace))
{
break;
}
SamlStatement item = samlSerializer.LoadStatement(reader3, keyInfoSerializer, outOfBandTokenResolver);
if (item == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLUnableToLoadStatement")));
}
this.statements.Add(item);
}
if (this.statements.Count == 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAssertionRequireOneStatementOnRead")));
}
if (reader3.IsStartElement(samlSerializer.DictionaryManager.XmlSignatureDictionary.Signature, samlSerializer.DictionaryManager.XmlSignatureDictionary.Namespace))
{
this.ReadSignature(reader3, keyInfoSerializer, outOfBandTokenResolver, samlSerializer);
}
reader3.MoveToContent();
reader3.ReadEndElement();
this.tokenStream = reader3.XmlTokens;
if (this.signature != null)
{
this.VerifySignature(this.signature, this.verificationKey);
}
this.BuildCryptoList();
}