public override object Process(object input, SignatureResourcePool resourcePool, DictionaryManager dictionaryManager) { XmlTokenStream tokenStream = input as XmlTokenStream; if (tokenStream != null) { tokenStream.SetElementExclusion(XmlSignatureStrings.Signature, XmlSignatureStrings.Namespace); return(tokenStream); } WrappedReader reader = input as WrappedReader; if (reader != null) { // The Enveloped Signature Transform is supposed to remove the // Signature which encloses the transform element. Previous versions // of this code stripped out all Signature elements at any depth, // which did not allow nested signed structures. By specifying '1' // as the depth, we narrow our range of support so that we require // that the enveloped signature be a direct child of the element // being signed. reader.XmlTokens.SetElementExclusion(XmlSignatureConstants.Elements.Signature, XmlSignatureConstants.Namespace, 1); return(reader); } throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.UnsupportedInputTypeForTransform, input.GetType()))); }
/// <summary> /// Releases the unmanaged resources used by the System.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureReader and optionally /// releases the managed resources. /// </summary> /// <param name="disposing"> /// True to release both managed and unmanaged resources; false to release only unmanaged resources. /// </param> protected override void Dispose(bool disposing) { base.Dispose(disposing); if (_disposed) { return; } if (disposing) { // // Free all of our managed resources // if (_wrappedReader != null) { _wrappedReader.Close(); _wrappedReader = null; } } // Free native resources, if any. _disposed = true; }
public virtual SamlSecurityToken ReadToken(XmlReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver) { if (reader == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); XmlDictionaryReader dictionaryReader = XmlDictionaryReader.CreateDictionaryReader(reader); WrappedReader wrappedReader = new WrappedReader(dictionaryReader); SamlAssertion assertion = LoadAssertion(wrappedReader, keyInfoSerializer, outOfBandTokenResolver); if (assertion == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLUnableToLoadAssertion))); //if (assertion.Signature == null) // throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SamlTokenMissingSignature))); return new SamlSecurityToken(assertion); }
/// <summary> /// Initializes an instance of <see cref="EnvelopedSignatureReader"/> /// </summary> /// <param name="reader">Reader pointing to the enveloped signed XML.</param> /// <param name="securityTokenSerializer">Token Serializer to deserialize the KeyInfo of the Signature.</param> /// <param name="signingTokenResolver">Token Resolver to resolve the signing token.</param> /// <param name="requireSignature">The value indicates whether the signature is optional.</param> /// <param name="automaticallyReadSignature">This value indicates if the Signature should be read /// when the Signature element is encountered or allow the caller to read the Signature manually.</param> /// <param name="resolveIntrinsicSigningKeys">A value indicating if intrinsic signing keys should be resolved.</param> public EnvelopedSignatureReader(XmlReader reader, SecurityTokenSerializer securityTokenSerializer, SecurityTokenResolver signingTokenResolver, bool requireSignature, bool automaticallyReadSignature, bool resolveIntrinsicSigningKeys) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } if (securityTokenSerializer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityTokenSerializer"); } _automaticallyReadSignature = automaticallyReadSignature; _dictionaryManager = new DictionaryManager(); _tokenSerializer = securityTokenSerializer; _requireSignature = requireSignature; _signingTokenResolver = signingTokenResolver ?? EmptySecurityTokenResolver.Instance; _resolveIntrinsicSigningKeys = resolveIntrinsicSigningKeys; XmlDictionaryReader dictionaryReader = XmlDictionaryReader.CreateDictionaryReader(reader); _wrappedReader = new WrappedReader(dictionaryReader); base.InitializeInnerReader(_wrappedReader); }
/// <summary> /// Initializes an instance of <see cref="EnvelopedSignatureReader"/> /// </summary> /// <param name="reader">Reader pointing to the enveloped signed XML.</param> /// <param name="securityTokenSerializer">Token Serializer to deserialize the KeyInfo of the Signature.</param> /// <param name="signingTokenResolver">Token Resolver to resolve the signing token.</param> /// <param name="requireSignature">The value indicates whether the signature is optional.</param> /// <param name="automaticallyReadSignature">This value indicates if the Signature should be read /// when the Signature element is encountered or allow the caller to read the Signature manually.</param> /// <param name="resolveIntrinsicSigningKeys">A value indicating if intrinsic signing keys should be resolved.</param> public EnvelopedSignatureReader(XmlReader reader, SecurityTokenSerializer securityTokenSerializer, SecurityTokenResolver signingTokenResolver, bool requireSignature, bool automaticallyReadSignature, bool resolveIntrinsicSigningKeys) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } if (securityTokenSerializer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityTokenSerializer"); } _automaticallyReadSignature = automaticallyReadSignature; _dictionaryManager = new DictionaryManager(); _tokenSerializer = securityTokenSerializer; _requireSignature = requireSignature; _signingTokenResolver = signingTokenResolver ?? EmptySecurityTokenResolver.Instance; _resolveIntrinsicSigningKeys = resolveIntrinsicSigningKeys; XmlDictionaryReader dictionaryReader = XmlDictionaryReader.CreateDictionaryReader(reader); _wrappedReader = new WrappedReader(dictionaryReader); base.InitializeInnerReader(_wrappedReader); }
public virtual void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver) { if (reader == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("ReadXml")); if (samlSerializer == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer")); XmlDictionaryReader dictionaryReader = XmlDictionaryReader.CreateDictionaryReader(reader); WrappedReader wrappedReader = new WrappedReader(dictionaryReader); #pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null. SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary; if (!wrappedReader.IsStartElement(dictionary.Assertion, dictionary.Namespace)) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLElementNotRecognized, wrappedReader.LocalName))); string attributeValue = wrappedReader.GetAttribute(dictionary.MajorVersion, null); if (string.IsNullOrEmpty(attributeValue)) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAssertionMissingMajorVersionAttributeOnRead))); int majorVersion = Int32.Parse(attributeValue, CultureInfo.InvariantCulture); attributeValue = wrappedReader.GetAttribute(dictionary.MinorVersion, null); if (string.IsNullOrEmpty(attributeValue)) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAssertionMissingMinorVersionAttributeOnRead))); int minorVersion = Int32.Parse(attributeValue, CultureInfo.InvariantCulture); if ((majorVersion != SamlConstants.MajorVersionValue) || (minorVersion != SamlConstants.MinorVersionValue)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLTokenVersionNotSupported, majorVersion, minorVersion, SamlConstants.MajorVersionValue, SamlConstants.MinorVersionValue))); } attributeValue = wrappedReader.GetAttribute(dictionary.AssertionId, null); if (string.IsNullOrEmpty(attributeValue)) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAssertionIdRequired))); if (!IsAssertionIdValid(attributeValue)) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAssertionIDIsInvalid, attributeValue))); this.assertionId = attributeValue; attributeValue = wrappedReader.GetAttribute(dictionary.Issuer, null); if (string.IsNullOrEmpty(attributeValue)) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAssertionMissingIssuerAttributeOnRead))); this.issuer = attributeValue; attributeValue = wrappedReader.GetAttribute(dictionary.IssueInstant, null); if (!string.IsNullOrEmpty(attributeValue)) this.issueInstant = DateTime.ParseExact( attributeValue, SamlConstants.AcceptedDateTimeFormats, DateTimeFormatInfo.InvariantInfo, DateTimeStyles.None).ToUniversalTime(); wrappedReader.MoveToContent(); wrappedReader.Read(); if (wrappedReader.IsStartElement(dictionary.Conditions, dictionary.Namespace)) { this.conditions = samlSerializer.LoadConditions(wrappedReader, keyInfoSerializer, outOfBandTokenResolver); if (this.conditions == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLUnableToLoadCondtions))); } if (wrappedReader.IsStartElement(dictionary.Advice, dictionary.Namespace)) { this.advice = samlSerializer.LoadAdvice(wrappedReader, keyInfoSerializer, outOfBandTokenResolver); if (this.advice == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLUnableToLoadAdvice))); } while (wrappedReader.IsStartElement()) { #pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null. if (wrappedReader.IsStartElement(samlSerializer.DictionaryManager.XmlSignatureDictionary.Signature, samlSerializer.DictionaryManager.XmlSignatureDictionary.Namespace)) { break; } else { SamlStatement statement = samlSerializer.LoadStatement(wrappedReader, keyInfoSerializer, outOfBandTokenResolver); if (statement == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLUnableToLoadStatement))); this.statements.Add(statement); } } if (this.statements.Count == 0) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAssertionRequireOneStatementOnRead))); if (wrappedReader.IsStartElement(samlSerializer.DictionaryManager.XmlSignatureDictionary.Signature, samlSerializer.DictionaryManager.XmlSignatureDictionary.Namespace)) this.ReadSignature(wrappedReader, keyInfoSerializer, outOfBandTokenResolver, samlSerializer); wrappedReader.MoveToContent(); wrappedReader.ReadEndElement(); this.tokenStream = wrappedReader.XmlTokens; if (this.signature != null) { VerifySignature(this.signature, this.verificationKey); } BuildCryptoList(); }
/// <summary> /// Releases the unmanaged resources used by the System.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureReader and optionally /// releases the managed resources. /// </summary> /// <param name="disposing"> /// True to release both managed and unmanaged resources; false to release only unmanaged resources. /// </param> protected override void Dispose(bool disposing) { base.Dispose(disposing); if (_disposed) { return; } if (disposing) { // // Free all of our managed resources // if (_wrappedReader != null) { _wrappedReader.Close(); _wrappedReader = null; } } // Free native resources, if any. _disposed = true; }
public virtual SamlSecurityToken ReadToken(XmlReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } WrappedReader reader3 = new WrappedReader(XmlDictionaryReader.CreateDictionaryReader(reader)); SamlAssertion assertion = this.LoadAssertion(reader3, keyInfoSerializer, outOfBandTokenResolver); if (assertion == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLUnableToLoadAssertion"))); } return new SamlSecurityToken(assertion); }
public virtual void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("ReadXml")); } if (samlSerializer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer")); } WrappedReader reader3 = new WrappedReader(XmlDictionaryReader.CreateDictionaryReader(reader)); SamlDictionary samlDictionary = samlSerializer.DictionaryManager.SamlDictionary; if (!reader3.IsStartElement(samlDictionary.Assertion, samlDictionary.Namespace)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLElementNotRecognized", new object[] { reader3.LocalName }))); } string attribute = reader3.GetAttribute(samlDictionary.MajorVersion, null); if (string.IsNullOrEmpty(attribute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAssertionMissingMajorVersionAttributeOnRead"))); } int num = int.Parse(attribute, CultureInfo.InvariantCulture); attribute = reader3.GetAttribute(samlDictionary.MinorVersion, null); if (string.IsNullOrEmpty(attribute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAssertionMissingMinorVersionAttributeOnRead"))); } int num2 = int.Parse(attribute, CultureInfo.InvariantCulture); if ((num != SamlConstants.MajorVersionValue) || (num2 != SamlConstants.MinorVersionValue)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLTokenVersionNotSupported", new object[] { num, num2, SamlConstants.MajorVersionValue, SamlConstants.MinorVersionValue }))); } attribute = reader3.GetAttribute(samlDictionary.AssertionId, null); if (string.IsNullOrEmpty(attribute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAssertionIdRequired"))); } if (!this.IsAssertionIdValid(attribute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAssertionIDIsInvalid", new object[] { attribute }))); } this.assertionId = attribute; attribute = reader3.GetAttribute(samlDictionary.Issuer, null); if (string.IsNullOrEmpty(attribute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAssertionMissingIssuerAttributeOnRead"))); } this.issuer = attribute; attribute = reader3.GetAttribute(samlDictionary.IssueInstant, null); if (!string.IsNullOrEmpty(attribute)) { this.issueInstant = DateTime.ParseExact(attribute, SamlConstants.AcceptedDateTimeFormats, DateTimeFormatInfo.InvariantInfo, DateTimeStyles.None).ToUniversalTime(); } reader3.MoveToContent(); reader3.Read(); if (reader3.IsStartElement(samlDictionary.Conditions, samlDictionary.Namespace)) { this.conditions = samlSerializer.LoadConditions(reader3, keyInfoSerializer, outOfBandTokenResolver); if (this.conditions == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLUnableToLoadCondtions"))); } } if (reader3.IsStartElement(samlDictionary.Advice, samlDictionary.Namespace)) { this.advice = samlSerializer.LoadAdvice(reader3, keyInfoSerializer, outOfBandTokenResolver); if (this.advice == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLUnableToLoadAdvice"))); } } while (reader3.IsStartElement()) { if (reader3.IsStartElement(samlSerializer.DictionaryManager.XmlSignatureDictionary.Signature, samlSerializer.DictionaryManager.XmlSignatureDictionary.Namespace)) { break; } SamlStatement item = samlSerializer.LoadStatement(reader3, keyInfoSerializer, outOfBandTokenResolver); if (item == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLUnableToLoadStatement"))); } this.statements.Add(item); } if (this.statements.Count == 0) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAssertionRequireOneStatementOnRead"))); } if (reader3.IsStartElement(samlSerializer.DictionaryManager.XmlSignatureDictionary.Signature, samlSerializer.DictionaryManager.XmlSignatureDictionary.Namespace)) { this.ReadSignature(reader3, keyInfoSerializer, outOfBandTokenResolver, samlSerializer); } reader3.MoveToContent(); reader3.ReadEndElement(); this.tokenStream = reader3.XmlTokens; if (this.signature != null) { this.VerifySignature(this.signature, this.verificationKey); } this.BuildCryptoList(); }