public virtual SamlStatement LoadStatement(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
if (reader.IsStartElement(DictionaryManager.SamlDictionary.AuthenticationStatement, DictionaryManager.SamlDictionary.Namespace))
{
SamlAuthenticationStatement authStatement = new SamlAuthenticationStatement();
authStatement.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return(authStatement);
}
else if (reader.IsStartElement(DictionaryManager.SamlDictionary.AttributeStatement, DictionaryManager.SamlDictionary.Namespace))
{
SamlAttributeStatement attrStatement = new SamlAttributeStatement();
attrStatement.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return(attrStatement);
}
else if (reader.IsStartElement(DictionaryManager.SamlDictionary.AuthorizationDecisionStatement, DictionaryManager.SamlDictionary.Namespace))
{
SamlAuthorizationDecisionStatement authDecisionStatement = new SamlAuthorizationDecisionStatement();
authDecisionStatement.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return(authDecisionStatement);
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.SAMLUnableToLoadUnknownElement, reader.LocalName)));
}
}
public virtual SamlStatement LoadStatement(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
if (reader.IsStartElement(this.DictionaryManager.SamlDictionary.AuthenticationStatement, this.DictionaryManager.SamlDictionary.Namespace))
{
SamlAuthenticationStatement statement = new SamlAuthenticationStatement();
statement.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return(statement);
}
if (reader.IsStartElement(this.DictionaryManager.SamlDictionary.AttributeStatement, this.DictionaryManager.SamlDictionary.Namespace))
{
SamlAttributeStatement statement2 = new SamlAttributeStatement();
statement2.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return(statement2);
}
if (!reader.IsStartElement(this.DictionaryManager.SamlDictionary.AuthorizationDecisionStatement, this.DictionaryManager.SamlDictionary.Namespace))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(System.IdentityModel.SR.GetString("SAMLUnableToLoadUnknownElement", new object[] { reader.LocalName })));
}
SamlAuthorizationDecisionStatement statement3 = new SamlAuthorizationDecisionStatement();
statement3.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return(statement3);
}
public void DefaultValues ()
{
SamlAuthorizationDecisionStatement a = new SamlAuthorizationDecisionStatement ();
Assert.AreEqual (default (SamlAccessDecision), a.AccessDecision, "#1");
Assert.IsNull (a.Evidence, "#2");
Assert.IsNull (a.Resource, "#3");
Assert.IsNull (a.SamlSubject, "#4");
Assert.AreEqual (0, a.SamlActions.Count, "#5");
}
/// <summary>
/// Serialize a SamlAuthorizationDecisionStatement.
/// </summary>
/// <param name="writer">XmlWriter to which the SamlAuthorizationStatement is serialized.</param>
/// <param name="statement">SamlAuthorizationDecisionStatement to serialize.</param>
/// <exception cref="ArgumentNullException">The input parameter 'writer' or 'statement' is null.</exception>
protected virtual void WriteAuthorizationDecisionStatement(XmlWriter writer, SamlAuthorizationDecisionStatement statement)
{
if (writer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer");
}
if (statement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("statement");
}
writer.WriteStartElement(SamlConstants.Prefix, SamlConstants.ElementNames.AuthorizationDecisionStatement, SamlConstants.Namespace);
writer.WriteAttributeString(SamlConstants.AttributeNames.Decision, null, statement.AccessDecision.ToString());
writer.WriteAttributeString(SamlConstants.AttributeNames.Resource, null, statement.Resource);
WriteSubject(writer, statement.SamlSubject);
foreach (SamlAction action in statement.SamlActions)
{
WriteAction(writer, action);
}
if (statement.Evidence != null)
{
WriteEvidence(writer, statement.Evidence);
}
writer.WriteEndElement();
}
SamlAuthorizationDecisionStatement ReadAuthorizationDecisionStatement(XmlReader reader)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
if (!reader.IsStartElement(SamlConstants.ElementNames.AuthorizationDecisionStatement, SamlConstants.Namespace))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.ID4082, SamlConstants.ElementNames.AuthorizationDecisionStatement, SamlConstants.Namespace, reader.LocalName, reader.NamespaceURI)));
}
SamlAuthorizationDecisionStatement authzStatement = new SamlAuthorizationDecisionStatement();
authzStatement.Resource = reader.GetAttribute(SamlConstants.AttributeNames.Resource, null);
if (string.IsNullOrEmpty(authzStatement.Resource))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.ID4205)));
}
string decisionString = reader.GetAttribute(SamlConstants.AttributeNames.Decision, null);
if (string.IsNullOrEmpty(decisionString))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.ID4204)));
}
if (decisionString.Equals(SamlAccessDecision.Deny.ToString(), StringComparison.OrdinalIgnoreCase))
{
authzStatement.AccessDecision = SamlAccessDecision.Deny;
}
else if (decisionString.Equals(SamlAccessDecision.Permit.ToString(), StringComparison.OrdinalIgnoreCase))
{
authzStatement.AccessDecision = SamlAccessDecision.Permit;
}
else
{
authzStatement.AccessDecision = SamlAccessDecision.Indeterminate;
}
reader.MoveToContent();
reader.Read();
if (reader.IsStartElement(SamlConstants.ElementNames.Subject, SamlConstants.Namespace))
{
authzStatement.SamlSubject = ReadSubject(reader);
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.ID4206)));
}
while (reader.IsStartElement())
{
if (reader.IsStartElement(SamlConstants.ElementNames.Action, SamlConstants.Namespace))
{
authzStatement.SamlActions.Add(ReadAction(reader));
}
else if (reader.IsStartElement(SamlConstants.ElementNames.Evidence, SamlConstants.Namespace))
{
if (authzStatement.Evidence != null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.ID4207)));
}
authzStatement.Evidence = ReadEvidence(reader);
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.ID4208, reader.LocalName, reader.NamespaceURI)));
}
}
if (authzStatement.SamlActions.Count == 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.ID4209)));
}
reader.MoveToContent();
reader.ReadEndElement();
return authzStatement;
}
/// <summary>
/// Override this virtual to provide custom processing of SamlAuthorizationDecisionStatement.
/// By default no processing is performed, you will need to access the token for SamlAuthorizationDecisionStatement information.
/// </summary>
/// <param name="samlStatement">The SamlAuthorizationDecisionStatement to process.</param>
/// <param name="subject">The identity that should be modified to reflect the statement.</param>
/// <param name="issuer">The subject that identifies the issuer.</param>
protected virtual void ProcessAuthorizationDecisionStatement(SamlAuthorizationDecisionStatement samlStatement, ClaimsIdentity subject, string issuer)
{
}
public virtual SamlStatement LoadStatement(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
if (reader.IsStartElement(DictionaryManager.SamlDictionary.AuthenticationStatement, DictionaryManager.SamlDictionary.Namespace))
{
SamlAuthenticationStatement authStatement = new SamlAuthenticationStatement();
authStatement.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return authStatement;
}
else if (reader.IsStartElement(DictionaryManager.SamlDictionary.AttributeStatement, DictionaryManager.SamlDictionary.Namespace))
{
SamlAttributeStatement attrStatement = new SamlAttributeStatement();
attrStatement.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return attrStatement;
}
else if (reader.IsStartElement(DictionaryManager.SamlDictionary.AuthorizationDecisionStatement, DictionaryManager.SamlDictionary.Namespace))
{
SamlAuthorizationDecisionStatement authDecisionStatement = new SamlAuthorizationDecisionStatement();
authDecisionStatement.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return authDecisionStatement;
}
else
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.SAMLUnableToLoadUnknownElement, reader.LocalName)));
}
public virtual SamlStatement LoadStatement(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
if (reader.IsStartElement(this.DictionaryManager.SamlDictionary.AuthenticationStatement, this.DictionaryManager.SamlDictionary.Namespace))
{
SamlAuthenticationStatement statement = new SamlAuthenticationStatement();
statement.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return statement;
}
if (reader.IsStartElement(this.DictionaryManager.SamlDictionary.AttributeStatement, this.DictionaryManager.SamlDictionary.Namespace))
{
SamlAttributeStatement statement2 = new SamlAttributeStatement();
statement2.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return statement2;
}
if (!reader.IsStartElement(this.DictionaryManager.SamlDictionary.AuthorizationDecisionStatement, this.DictionaryManager.SamlDictionary.Namespace))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(System.IdentityModel.SR.GetString("SAMLUnableToLoadUnknownElement", new object[] { reader.LocalName })));
}
SamlAuthorizationDecisionStatement statement3 = new SamlAuthorizationDecisionStatement();
statement3.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return statement3;
}
public void SetResourceEmpty ()
{
SamlAuthorizationDecisionStatement a = new SamlAuthorizationDecisionStatement ();
a.Resource = String.Empty;
}
public void ReadXml1 ()
{
SamlSerializer ser = new SamlSerializer ();
string xml = String.Format ("<saml:AuthorizationDecisionStatement Decision=\"Deny\" Resource=\"resource\" xmlns:saml=\"{0}\"><saml:Subject><saml:NameIdentifier Format=\"myFormat\" NameQualifier=\"myQualifier\">myName</saml:NameIdentifier></saml:Subject><saml:Action>myAction</saml:Action><saml:Evidence><saml:AssertionIDReference>myID</saml:AssertionIDReference></saml:Evidence></saml:AuthorizationDecisionStatement>", SamlConstants.Namespace);
XmlDictionaryReader reader = CreateReader (xml);
reader.MoveToContent ();
SamlAuthorizationDecisionStatement s =
new SamlAuthorizationDecisionStatement ();
s.ReadXml (reader, ser, null, null);
Assert.AreEqual (SamlAccessDecision.Deny, s.AccessDecision, "#1");
Assert.IsNotNull (s.SamlSubject, "#2");
Assert.AreEqual (1, s.SamlActions.Count, "#3");
Assert.AreEqual ("myAction", s.SamlActions [0].Action, "#4");
Assert.IsNotNull (s.Evidence, "#5");
Assert.AreEqual (1, s.Evidence.AssertionIdReferences.Count, "#6");
Assert.AreEqual ("myID", s.Evidence.AssertionIdReferences [0], "#7");
Assert.AreEqual ("resource", s.Resource, "#8");
}
public void WriteXml1 ()
{
SamlAuthorizationDecisionStatement a = new SamlAuthorizationDecisionStatement ();
a.SamlSubject = new SamlSubject ("myFormat", "myQualifier", "myName");
a.Resource = "resource";
a.SamlActions.Add (new SamlAction ("myAction"));
a.Evidence = new SamlEvidence (new string [] {"myID"});
StringWriter sw = new StringWriter ();
using (XmlDictionaryWriter dw = CreateWriter (sw)) {
a.WriteXml (dw, new SamlSerializer (), null);
}
Assert.AreEqual (String.Format ("<?xml version=\"1.0\" encoding=\"utf-16\"?><saml:AuthorizationDecisionStatement Decision=\"Permit\" Resource=\"resource\" xmlns:saml=\"{0}\"><saml:Subject><saml:NameIdentifier Format=\"myFormat\" NameQualifier=\"myQualifier\">myName</saml:NameIdentifier></saml:Subject><saml:Action>myAction</saml:Action><saml:Evidence><saml:AssertionIDReference>myID</saml:AssertionIDReference></saml:Evidence></saml:AuthorizationDecisionStatement>", SamlConstants.Namespace), sw.ToString ());
}
public void WriteXmlNoAction ()
{
SamlAuthorizationDecisionStatement a = new SamlAuthorizationDecisionStatement ();
a.SamlSubject = new SamlSubject ("myFormat", "myQualifier", "myName");
a.Resource = "resource";
StringWriter sw = new StringWriter ();
using (XmlDictionaryWriter dw = CreateWriter (sw)) {
a.WriteXml (dw, new SamlSerializer (), null);
}
}
public void WriteXmlNoSubject ()
{
SamlAuthorizationDecisionStatement a = new SamlAuthorizationDecisionStatement ();
StringWriter sw = new StringWriter ();
using (XmlDictionaryWriter dw = CreateWriter (sw)) {
a.WriteXml (dw, new SamlSerializer (), null);
}
}
public void SetEvidenceNull ()
{
SamlAuthorizationDecisionStatement a = new SamlAuthorizationDecisionStatement ();
a.Evidence = null;
}