public override void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
}
if (samlSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
}
SamlDictionary samlDictionary = samlSerializer.DictionaryManager.SamlDictionary;
if (!reader.IsStartElement(samlDictionary.DoNotCacheCondition, samlDictionary.Namespace))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLBadSchema", new object[] { samlDictionary.DoNotCacheCondition.Value })));
}
if (reader.IsEmptyElement)
{
reader.MoveToContent();
reader.Read();
}
else
{
reader.MoveToContent();
reader.Read();
reader.ReadEndElement();
}
}
public SecurityStandardsManager(System.ServiceModel.MessageSecurityVersion messageSecurityVersion, System.IdentityModel.Selectors.SecurityTokenSerializer tokenSerializer)
{
if (messageSecurityVersion == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("messageSecurityVersion"));
}
if (tokenSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenSerializer");
}
this.messageSecurityVersion = messageSecurityVersion;
this.tokenSerializer = tokenSerializer;
if (messageSecurityVersion.SecureConversationVersion == System.ServiceModel.Security.SecureConversationVersion.WSSecureConversation13)
{
this.secureConversationDriver = new WSSecureConversationDec2005.DriverDec2005();
}
else
{
this.secureConversationDriver = new WSSecureConversationFeb2005.DriverFeb2005();
}
if ((this.SecurityVersion != System.ServiceModel.Security.SecurityVersion.WSSecurity10) && (this.SecurityVersion != System.ServiceModel.Security.SecurityVersion.WSSecurity11))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("messageSecurityVersion", System.ServiceModel.SR.GetString("MessageSecurityVersionOutOfRange")));
}
this.idManager = System.ServiceModel.Security.WSSecurityJan2004.IdManager.Instance;
this.wsUtilitySpecificationVersion = System.ServiceModel.Security.WSUtilitySpecificationVersion.Default;
if (messageSecurityVersion.MessageSecurityTokenVersion.TrustVersion == System.ServiceModel.Security.TrustVersion.WSTrust13)
{
this.trustDriver = new WSTrustDec2005.DriverDec2005(this);
}
else
{
this.trustDriver = new WSTrustFeb2005.DriverFeb2005(this);
}
}
// Summary
// Request a security token from the infocard system
//
// Parameters
// endPoint - The token recipient end point.
// policy - Policy stating the requirements for the token.
// requiredRemoteTokenIssuer - The returned token should be issued by this
// specific issuer.
//
public static GenericXmlSecurityToken GetToken(XmlElement endpoint,
IEnumerable <XmlElement> policy,
XmlElement requiredRemoteTokenIssuer,
SecurityTokenSerializer tokenSerializer)
{
if (null == endpoint)
{
throw IDT.ThrowHelperArgumentNull("endpoint");
}
if (null == policy)
{
throw IDT.ThrowHelperArgumentNull("policy");
}
if (null == tokenSerializer)
{
throw IDT.ThrowHelperArgumentNull("tokenSerializer");
}
Collection <XmlElement> policyCollection = new Collection <XmlElement>();
foreach (XmlElement element in policy)
{
policyCollection.Add(element);
}
return(GetToken(new CardSpacePolicyElement[] { new CardSpacePolicyElement(endpoint, requiredRemoteTokenIssuer, policyCollection, null, 0, false) }, tokenSerializer));
}
public virtual void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
if (samlSerializer == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
#pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null.
SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary;
if (reader.IsStartElement(dictionary.Action, dictionary.Namespace))
{
// The Namespace attribute is optional.
this.ns = reader.GetAttribute(dictionary.ActionNamespaceAttribute, null);
reader.MoveToContent();
this.action = reader.ReadString();
if (string.IsNullOrEmpty(this.action))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLActionNameRequiredOnRead)));
reader.MoveToContent();
reader.ReadEndElement();
}
}
public virtual SamlStatement LoadStatement(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
if (reader.IsStartElement(this.DictionaryManager.SamlDictionary.AuthenticationStatement, this.DictionaryManager.SamlDictionary.Namespace))
{
SamlAuthenticationStatement statement = new SamlAuthenticationStatement();
statement.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return statement;
}
if (reader.IsStartElement(this.DictionaryManager.SamlDictionary.AttributeStatement, this.DictionaryManager.SamlDictionary.Namespace))
{
SamlAttributeStatement statement2 = new SamlAttributeStatement();
statement2.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return statement2;
}
if (!reader.IsStartElement(this.DictionaryManager.SamlDictionary.AuthorizationDecisionStatement, this.DictionaryManager.SamlDictionary.Namespace))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(System.IdentityModel.SR.GetString("SAMLUnableToLoadUnknownElement", new object[] { reader.LocalName })));
}
SamlAuthorizationDecisionStatement statement3 = new SamlAuthorizationDecisionStatement();
statement3.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return statement3;
}
public override void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
if (samlSerializer == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
#pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null.
SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary;
if (!reader.IsStartElement(dictionary.DoNotCacheCondition, dictionary.Namespace))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLBadSchema, dictionary.DoNotCacheCondition.Value)));
// saml:DoNotCacheCondition is a empty element. So just issue a read for
// the empty element.
if (reader.IsEmptyElement)
{
reader.MoveToContent();
reader.Read();
return;
}
reader.MoveToContent();
reader.Read();
reader.ReadEndElement();
}
public SecurityStandardsManager(MessageSecurityVersion messageSecurityVersion, SecurityTokenSerializer tokenSerializer)
{
if (messageSecurityVersion == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("messageSecurityVersion"));
if (tokenSerializer == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenSerializer");
this.messageSecurityVersion = messageSecurityVersion;
this.tokenSerializer = tokenSerializer;
if (messageSecurityVersion.SecureConversationVersion == SecureConversationVersion.WSSecureConversation13)
this.secureConversationDriver = new WSSecureConversationDec2005.DriverDec2005();
else
this.secureConversationDriver = new WSSecureConversationFeb2005.DriverFeb2005();
if (this.SecurityVersion == SecurityVersion.WSSecurity10 || this.SecurityVersion == SecurityVersion.WSSecurity11)
{
this.idManager = WSSecurityJan2004.IdManager.Instance;
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("messageSecurityVersion", SR.GetString(SR.MessageSecurityVersionOutOfRange)));
}
this.wsUtilitySpecificationVersion = WSUtilitySpecificationVersion.Default;
if (messageSecurityVersion.MessageSecurityTokenVersion.TrustVersion == TrustVersion.WSTrust13)
this.trustDriver = new WSTrustDec2005.DriverDec2005(this);
else
this.trustDriver = new WSTrustFeb2005.DriverFeb2005(this);
}
public SecurityStandardsManager(System.ServiceModel.MessageSecurityVersion messageSecurityVersion, System.IdentityModel.Selectors.SecurityTokenSerializer tokenSerializer)
{
if (messageSecurityVersion == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("messageSecurityVersion"));
}
if (tokenSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenSerializer");
}
this.messageSecurityVersion = messageSecurityVersion;
this.tokenSerializer = tokenSerializer;
if (messageSecurityVersion.SecureConversationVersion == System.ServiceModel.Security.SecureConversationVersion.WSSecureConversation13)
{
this.secureConversationDriver = new WSSecureConversationDec2005.DriverDec2005();
}
else
{
this.secureConversationDriver = new WSSecureConversationFeb2005.DriverFeb2005();
}
if ((this.SecurityVersion != System.ServiceModel.Security.SecurityVersion.WSSecurity10) && (this.SecurityVersion != System.ServiceModel.Security.SecurityVersion.WSSecurity11))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("messageSecurityVersion", System.ServiceModel.SR.GetString("MessageSecurityVersionOutOfRange")));
}
this.idManager = System.ServiceModel.Security.WSSecurityJan2004.IdManager.Instance;
this.wsUtilitySpecificationVersion = System.ServiceModel.Security.WSUtilitySpecificationVersion.Default;
if (messageSecurityVersion.MessageSecurityTokenVersion.TrustVersion == System.ServiceModel.Security.TrustVersion.WSTrust13)
{
this.trustDriver = new WSTrustDec2005.DriverDec2005(this);
}
else
{
this.trustDriver = new WSTrustFeb2005.DriverFeb2005(this);
}
}
public EncryptedTypeElement(SecurityTokenSerializer keyInfoSerializer)
{
_cipherData = new CipherDataElement();
_encryptionMethod = new EncryptionMethodElement();
_keyInfo = new KeyInfo(keyInfoSerializer);
_properties = new List<string>();
_keyInfoSerializer = keyInfoSerializer;
}
public static string GetKeyIdentifierClauseXml (SecurityTokenSerializer serializer, XmlWriterSettings settings, SecurityKeyIdentifierClause item)
{
StringWriter sw = new StringWriter ();
using (XmlWriter xw = XmlWriter.Create (sw)) {
serializer.WriteKeyIdentifierClause (xw, item);
}
return sw.ToString ();
}
public KeyInfoSerializer(
bool emitBspRequiredAttributes,
DictionaryManager dictionaryManager,
TrustDictionary trustDictionary,
SecurityTokenSerializer innerSecurityTokenSerializer ) :
this( emitBspRequiredAttributes, dictionaryManager, trustDictionary, innerSecurityTokenSerializer, null )
{
}
public virtual void WriteToken(SamlSecurityToken token, XmlWriter writer, SecurityTokenSerializer keyInfoSerializer)
{
if (token == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token");
#pragma warning suppress 56506 // token.Assertion is never null.
token.Assertion.WriteTo(writer, this, keyInfoSerializer);
}
public Saml2InitiatorSecurityTokenSerializer(SecurityTokenSerializer serializer)
{
this.serializer = serializer;
var securityTokenSerializerAdapter = (SecurityTokenSerializerAdapter) serializer;
securityTokenSerializerAdapter.SecurityTokenHandlers.Remove(
securityTokenSerializerAdapter.SecurityTokenHandlers[typeof (Saml2SecurityToken)]);
securityTokenSerializerAdapter.SecurityTokenHandlers.Add(new OIOSaml2SecurityTokenHandler());
}
public static GenericXmlSecurityToken GetToken (
XmlElement endpoint,
IEnumerable<XmlElement> policy,
XmlElement requiredRemoteTokenIssuer,
SecurityTokenSerializer serializer)
{
CardSpacePolicyElement pe = new CardSpacePolicyElement (endpoint, requiredRemoteTokenIssuer, new Collection<XmlElement> (new List<XmlElement> (policy)), null, 0, requiredRemoteTokenIssuer != null);
return GetToken (new CardSpacePolicyElement [] {pe}, serializer);
}
public virtual void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
string str2;
string str3;
if (reader == null)
{
throw System.IdentityModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
}
if (samlSerializer == null)
{
throw System.IdentityModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
}
SamlDictionary samlDictionary = samlSerializer.DictionaryManager.SamlDictionary;
string attribute = reader.GetAttribute(samlDictionary.AuthorityKind, null);
if (string.IsNullOrEmpty(attribute))
{
throw System.IdentityModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorityBindingMissingAuthorityKindOnRead")));
}
string[] strArray = attribute.Split(new char[] { ':' });
if (strArray.Length > 2)
{
throw System.IdentityModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorityBindingInvalidAuthorityKind")));
}
if (strArray.Length == 2)
{
str3 = strArray[0];
str2 = strArray[1];
}
else
{
str3 = string.Empty;
str2 = strArray[0];
}
string ns = reader.LookupNamespace(str3);
this.authorityKind = new XmlQualifiedName(str2, ns);
this.binding = reader.GetAttribute(samlDictionary.Binding, null);
if (string.IsNullOrEmpty(this.binding))
{
throw System.IdentityModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorityBindingMissingBindingOnRead")));
}
this.location = reader.GetAttribute(samlDictionary.Location, null);
if (string.IsNullOrEmpty(this.location))
{
throw System.IdentityModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorityBindingMissingLocationOnRead")));
}
if (reader.IsEmptyElement)
{
reader.MoveToContent();
reader.Read();
}
else
{
reader.MoveToContent();
reader.Read();
reader.ReadEndElement();
}
}
public static GenericXmlSecurityToken GetToken(
XmlElement endpoint,
IEnumerable <XmlElement> policy,
XmlElement requiredRemoteTokenIssuer,
SecurityTokenSerializer serializer)
{
CardSpacePolicyElement pe = new CardSpacePolicyElement(endpoint, requiredRemoteTokenIssuer, new Collection <XmlElement> (new List <XmlElement> (policy)), null, 0, requiredRemoteTokenIssuer != null);
return(GetToken(new CardSpacePolicyElement [] { pe }, serializer));
}
public virtual SamlConditions LoadConditions(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
SamlConditions conditions = new SamlConditions();
conditions.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return conditions;
}
public virtual SamlAdvice LoadAdvice(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
SamlAdvice advice = new SamlAdvice();
advice.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return advice;
}
public NativeGenericXmlToken (GenericXmlSecurityToken token, SecurityTokenSerializer serializer)
{
created = token.ValidFrom.ToFileTime ();
expired = token.ValidTo.ToFileTime ();
xml_token = token.TokenXml.OuterXml;
XmlWriterSettings settings = new XmlWriterSettings ();
settings.OmitXmlDeclaration = true;
internal_ref = GetKeyIdentifierClauseXml (serializer, settings, token.InternalTokenReference);
external_ref = GetKeyIdentifierClauseXml (serializer, settings, token.ExternalTokenReference);
}
public virtual SamlAssertion LoadAssertion(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
SamlAssertion assertion = new SamlAssertion();
assertion.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return assertion;
}
public override void WriteXml (
XmlDictionaryWriter writer,
SamlSerializer samlSerializer,
SecurityTokenSerializer keyInfoSerializer)
{
if (writer == null)
throw new ArgumentNullException ("writer");
if (samlSerializer == null)
throw new ArgumentNullException ("samlSerializer");
writer.WriteStartElement ("saml", "DoNotCacheCondition", SamlConstants.Namespace);
writer.WriteEndElement ();
}
public override void WriteXml (XmlDictionaryWriter writer,
SamlSerializer samlSerializer,
SecurityTokenSerializer keyInfoTokenSerializer)
{
if (SamlSubject == null)
throw new SecurityTokenException ("Subject is null in the AttributeStatement");
writer.WriteStartElement ("saml", "AttributeStatement", SamlConstants.Namespace);
SamlSubject.WriteXml (writer, samlSerializer, keyInfoTokenSerializer);
foreach (SamlAttribute a in Attributes)
a.WriteXml (writer, samlSerializer, keyInfoTokenSerializer);
writer.WriteEndElement ();
}
public override void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
if (samlSerializer == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
#pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null.
SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary;
reader.MoveToContent();
reader.Read();
if (reader.IsStartElement(dictionary.Subject, dictionary.Namespace))
{
SamlSubject subject = new SamlSubject();
subject.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
base.SamlSubject = subject;
}
else
{
// SAML Subject is a required Attribute Statement clause.
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAttributeStatementMissingSubjectOnRead)));
}
while (reader.IsStartElement())
{
if (reader.IsStartElement(dictionary.Attribute, dictionary.Namespace))
{
// SAML Attribute is a extensibility point. So ask the SAML serializer
// to load this part.
SamlAttribute attribute = samlSerializer.LoadAttribute(reader, keyInfoSerializer, outOfBandTokenResolver);
if (attribute == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLUnableToLoadAttribute)));
this.attributes.Add(attribute);
}
else
{
break;
}
}
if (this.attributes.Count == 0)
{
// Each Attribute statement should have at least one attribute.
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAttributeStatementMissingAttributeOnRead)));
}
reader.MoveToContent();
reader.ReadEndElement();
}
/// <summary>
/// Initializes an instance of <see cref="EnvelopedSignatureWriter"/>. The returned writer can be directly used
/// to write the envelope. The signature will be automatically generated when
/// the envelope is completed.
/// </summary>
/// <param name="innerWriter">Writer to wrap/</param>
/// <param name="signingCredentials">SigningCredentials to be used to generate the signature.</param>
/// <param name="referenceId">The reference Id of the envelope.</param>
/// <param name="securityTokenSerializer">SecurityTokenSerializer to serialize the signature KeyInfo.</param>
/// <exception cref="ArgumentNullException">One of he input parameter is null.</exception>
/// <exception cref="ArgumentException">The string 'referenceId' is either null or empty.</exception>
public EnvelopedSignatureWriter(XmlWriter innerWriter, SigningCredentials signingCredentials, string referenceId, SecurityTokenSerializer securityTokenSerializer)
{
if (innerWriter == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("innerWriter");
}
if (signingCredentials == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("signingCredentials");
}
if (string.IsNullOrEmpty(referenceId))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentException(SR.GetString(SR.ID0006), "referenceId"));
}
if (securityTokenSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityTokenSerializer");
}
// Remember the user's writer here. We need to finally write out the signed XML
// into this writer.
_dictionaryManager = new DictionaryManager();
_innerWriter = innerWriter;
_signingCreds = signingCredentials;
_referenceId = referenceId;
_tokenSerializer = securityTokenSerializer;
_signatureFragment = new MemoryStream();
_endFragment = new MemoryStream();
_writerStream = new MemoryStream();
XmlDictionaryWriter effectiveWriter = XmlDictionaryWriter.CreateTextWriter(_writerStream, Encoding.UTF8, false);
// Initialize the base writer to the newly created writer. The user should write the XML
// to this.
base.InitializeInnerWriter(effectiveWriter);
_hashAlgorithm = CryptoHelper.CreateHashAlgorithm(_signingCreds.DigestAlgorithm);
_hashStream = new HashStream(_hashAlgorithm);
base.InnerWriter.StartCanonicalization(_hashStream, false, null);
//
// Add tracing for the un-canonicalized bytes
//
if (DiagnosticUtility.ShouldTraceVerbose)
{
_preCanonicalTracingStream = new MemoryStream();
base.InitializeTracingWriter(new XmlTextWriter(_preCanonicalTracingStream, Encoding.UTF8));
}
}
public KeyInfoSerializer(
bool emitBspRequiredAttributes,
DictionaryManager dictionaryManager,
TrustDictionary trustDictionary,
SecurityTokenSerializer innerSecurityTokenSerializer,
Func<KeyInfoSerializer, IEnumerable<SerializerEntries>> additionalEntries)
{
this.dictionaryManager = dictionaryManager;
this.emitBspRequiredAttributes = emitBspRequiredAttributes;
this.innerSecurityTokenSerializer = innerSecurityTokenSerializer;
this.serializerEntries = new List<SecurityTokenSerializer.SerializerEntries>();
this.serializerEntries.Add(new XmlDsigSep2000(this));
this.serializerEntries.Add(new XmlEncApr2001(this));
this.serializerEntries.Add(new System.IdentityModel.Security.WSTrust(this, trustDictionary));
if ( additionalEntries != null )
{
foreach ( SerializerEntries entries in additionalEntries( this ) )
{
this.serializerEntries.Add(entries);
}
}
bool wsSecuritySerializerFound = false;
foreach ( SerializerEntries entry in this.serializerEntries )
{
if ( ( entry is WSSecurityXXX2005 ) || ( entry is WSSecurityJan2004 ) )
{
wsSecuritySerializerFound = true;
break;
}
}
if ( !wsSecuritySerializerFound )
{
this.serializerEntries.Add( new WSSecurityXXX2005( this ) );
}
this.tokenEntries = new List<TokenEntry>();
this.keyIdentifierEntries = new List<SecurityTokenSerializer.KeyIdentifierEntry>();
this.keyIdentifierClauseEntries = new List<SecurityTokenSerializer.KeyIdentifierClauseEntry>();
for (int i = 0; i < this.serializerEntries.Count; ++i)
{
SecurityTokenSerializer.SerializerEntries serializerEntry = this.serializerEntries[i];
serializerEntry.PopulateTokenEntries(this.tokenEntries);
serializerEntry.PopulateKeyIdentifierEntries(this.keyIdentifierEntries);
serializerEntry.PopulateKeyIdentifierClauseEntries(this.keyIdentifierClauseEntries);
}
}
public override void WriteXml(XmlDictionaryWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer)
{
if (writer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("writer"));
}
if (samlSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
}
SamlDictionary samlDictionary = samlSerializer.DictionaryManager.SamlDictionary;
writer.WriteStartElement(samlDictionary.PreferredPrefix.Value, samlDictionary.DoNotCacheCondition, samlDictionary.Namespace);
writer.WriteEndElement();
}
public override void WriteXml(XmlDictionaryWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer)
{
if (writer == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("writer"));
if (samlSerializer == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
#pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null.
SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary;
writer.WriteStartElement(dictionary.PreferredPrefix.Value, dictionary.DoNotCacheCondition, dictionary.Namespace);
writer.WriteEndElement();
}
public GenericXmlSecurityToken ToObject (NativeInfocardCryptoHandle proofTokenHandle, SecurityTokenSerializer serializer)
{
XmlDocument doc = new XmlDocument ();
doc.LoadXml (xml_token);
XmlElement token = doc.DocumentElement;
SecurityToken proof = new CardSpaceProofToken (DateTime.FromFileTime (proofTokenHandle.Expiration), proofTokenHandle.GetAsymmetricKey ());
DateTime effective = DateTime.FromFileTime (created);
DateTime expiration = DateTime.FromFileTime (expired);
SecurityKeyIdentifierClause intref =
serializer.ReadKeyIdentifierClause (Create (internal_ref));
SecurityKeyIdentifierClause extref =
serializer.ReadKeyIdentifierClause (Create (external_ref));
return new GenericXmlSecurityToken (token, proof, effective, expiration, intref, extref, null);
}
public override void WriteXml (
XmlDictionaryWriter writer,
SamlSerializer samlSerializer,
SecurityTokenSerializer keyInfoSerializer)
{
if (writer == null)
throw new ArgumentNullException ("writer");
if (samlSerializer == null)
throw new ArgumentNullException ("samlSerializer");
if (Audiences.Count == 0)
throw new SecurityTokenException ("SAML AudienceRestrictionCondition must contain at least one Audience.");
writer.WriteStartElement ("saml", "AudienceRestrictionCondition", SamlConstants.Namespace);
foreach (Uri a in Audiences)
writer.WriteElementString ("saml", "Audience", SamlConstants.Namespace, a.AbsoluteUri);
writer.WriteEndElement ();
}
public virtual SamlSecurityToken ReadToken(XmlReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
XmlDictionaryReader dictionaryReader = XmlDictionaryReader.CreateDictionaryReader(reader);
WrappedReader wrappedReader = new WrappedReader(dictionaryReader);
SamlAssertion assertion = LoadAssertion(wrappedReader, keyInfoSerializer, outOfBandTokenResolver);
if (assertion == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLUnableToLoadAssertion)));
//if (assertion.Signature == null)
// throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SamlTokenMissingSignature)));
return new SamlSecurityToken(assertion);
}
public virtual void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
}
if (samlSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
}
SamlDictionary samlDictionary = samlSerializer.DictionaryManager.SamlDictionary;
if (reader.IsEmptyElement)
{
reader.MoveToContent();
reader.Read();
}
else
{
reader.MoveToContent();
reader.Read();
while (reader.IsStartElement())
{
if (!reader.IsStartElement(samlDictionary.AssertionIdReference, samlDictionary.Namespace))
{
if (!reader.IsStartElement(samlDictionary.Assertion, samlDictionary.Namespace))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLBadSchema", new object[] { samlDictionary.Advice.Value })));
}
SamlAssertion item = new SamlAssertion();
item.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
this.assertions.Add(item);
}
else
{
reader.MoveToContent();
this.assertionIdReferences.Add(reader.ReadString());
reader.MoveToContent();
reader.ReadEndElement();
continue;
}
}
reader.MoveToContent();
reader.ReadEndElement();
}
}
internal SignedXml(SignedInfo signedInfo, DictionaryManager dictionaryManager, System.IdentityModel.Selectors.SecurityTokenSerializer tokenSerializer)
{
if (signedInfo == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("signedInfo"));
}
if (dictionaryManager == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("dictionaryManager");
}
if (tokenSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenSerializer");
}
this.transformFactory = StandardTransformFactory.Instance;
this.tokenSerializer = tokenSerializer;
this.signature = new System.IdentityModel.Signature(this, signedInfo);
this.dictionaryManager = dictionaryManager;
}
internal SignedXml(SignedInfo signedInfo, DictionaryManager dictionaryManager, SecurityTokenSerializer tokenSerializer)
{
if (signedInfo == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("signedInfo"));
}
if (dictionaryManager == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("dictionaryManager");
}
if (tokenSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenSerializer");
}
this.transformFactory = StandardTransformFactory.Instance;
this.tokenSerializer = tokenSerializer;
this.signature = new Signature(this, signedInfo);
this.dictionaryManager = dictionaryManager;
}
protected EncryptedType()
{
this.encryptionMethod.Init();
this.state = EncryptionState.New;
this.tokenSerializer = SecurityStandardsManager.DefaultInstance.SecurityTokenSerializer;
}
// Summary
// Request a security token from the infocard system
//
// Parameters
// policyChain - an array of PolicyElements that describe the federated security chain that the client
// needs a final token to unwind.
//
public static GenericXmlSecurityToken GetToken(CardSpacePolicyElement[] policyChain, SecurityTokenSerializer tokenSerializer)
{
IDT.TraceDebug("ICARDCLIENT: GetToken called with a policy chain of length {0}", policyChain.Length);
InfoCardProofToken proofToken = null;
InternalRefCountedHandle nativeCryptoHandle = null;
GenericXmlSecurityToken token = null;
RpcGenericXmlToken infocardToken = new RpcGenericXmlToken();
SafeTokenHandle nativeToken = null;
Int32 result = 0;
if (null == policyChain || 0 == policyChain.Length)
{
throw IDT.ThrowHelperArgumentNull("policyChain");
}
if (null == tokenSerializer)
{
throw IDT.ThrowHelperArgumentNull("tokenSerializer");
}
if (null == tokenSerializer)
{
throw IDT.ThrowHelperArgumentNull("tokenSerializer");
}
try
{
RuntimeHelpers.PrepareConstrainedRegions();
bool mustRelease = false;
try
{
}
finally
{
//
// The PolicyChain class will do the marshalling and native buffer management for us.
//
try
{
using (PolicyChain tmpChain = new PolicyChain(policyChain))
{
IDT.TraceDebug("ICARDCLIENT: PInvoking the native GetToken call");
result = GetShim().m_csShimGetToken(
tmpChain.Length,
tmpChain.DoMarshal(),
out nativeToken,
out nativeCryptoHandle);
}
if (0 == result)
{
IDT.TraceDebug("ICARDCLIENT: The PInvoke of GetToken succeeded");
nativeToken.DangerousAddRef(ref mustRelease);
infocardToken = (RpcGenericXmlToken)Marshal.PtrToStructure(
nativeToken.DangerousGetHandle(),
typeof(RpcGenericXmlToken));
}
}
finally
{
if (mustRelease)
{
nativeToken.DangerousRelease();
}
}
}
if (0 == result)
{
using (ProofTokenCryptoHandle crypto =
(ProofTokenCryptoHandle)CryptoHandle.Create(nativeCryptoHandle))
{
proofToken = crypto.CreateProofToken();
}
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.LoadXml(infocardToken.xmlToken);
SecurityKeyIdentifierClause internalTokenReference = null;
if (null != infocardToken.internalTokenReference)
{
internalTokenReference = tokenSerializer.ReadKeyIdentifierClause(
CreateReaderWithQuotas(infocardToken.internalTokenReference));
}
SecurityKeyIdentifierClause externalTokenReference = null;
if (null != infocardToken.externalTokenReference)
{
externalTokenReference = tokenSerializer.ReadKeyIdentifierClause(
CreateReaderWithQuotas(infocardToken.externalTokenReference));
}
IDT.TraceDebug("ICARDCLIENT: Constructing a new GenericXmlSecurityToken");
token = new GenericXmlSecurityToken(
xmlDoc.DocumentElement,
proofToken,
DateTime.FromFileTimeUtc(infocardToken.createDate),
DateTime.FromFileTimeUtc(infocardToken.expiryDate),
internalTokenReference,
externalTokenReference,
null);
}
else
{
IDT.TraceDebug("ICARDCLIENT: The PInvoke of GetToken failed with a return code of {0}", result);
//
// Convert the HRESULTS to exceptions
//
ExceptionHelper.ThrowIfCardSpaceException((int)result);
throw IDT.ThrowHelperError(new CardSpaceException(SR.GetString(SR.ClientAPIInfocardError)));
}
}
catch
{
if (null != nativeCryptoHandle)
{
nativeCryptoHandle.Dispose();
}
if (null != proofToken)
{
proofToken.Dispose();
}
throw;
}
finally
{
if (null != nativeToken)
{
nativeToken.Dispose();
}
}
return(token);
}
public static GenericXmlSecurityToken GetToken(CardSpacePolicyElement[] policyChain, SecurityTokenSerializer tokenSerializer)
{
InfoCardProofToken proofToken = null;
InternalRefCountedHandle pCryptoHandle = null;
RpcGenericXmlToken token3 = new RpcGenericXmlToken();
SafeTokenHandle securityToken = null;
int status = 0;
if ((policyChain == null) || (policyChain.Length == 0))
{
throw InfoCardTrace.ThrowHelperArgumentNull("policyChain");
}
if (tokenSerializer == null)
{
throw InfoCardTrace.ThrowHelperArgumentNull("tokenSerializer");
}
if (tokenSerializer == null)
{
throw InfoCardTrace.ThrowHelperArgumentNull("tokenSerializer");
}
try
{
RuntimeHelpers.PrepareConstrainedRegions();
bool success = false;
try
{
}
finally
{
try
{
using (PolicyChain chain = new PolicyChain(policyChain))
{
status = GetShim().m_csShimGetToken(chain.Length, chain.DoMarshal(), out securityToken, out pCryptoHandle);
}
if (status == 0)
{
securityToken.DangerousAddRef(ref success);
token3 = (RpcGenericXmlToken)Marshal.PtrToStructure(securityToken.DangerousGetHandle(), typeof(RpcGenericXmlToken));
}
}
finally
{
if (success)
{
securityToken.DangerousRelease();
}
}
}
if (status == 0)
{
using (ProofTokenCryptoHandle handle3 = (ProofTokenCryptoHandle)CryptoHandle.Create(pCryptoHandle))
{
proofToken = handle3.CreateProofToken();
}
XmlDocument document = new XmlDocument();
document.LoadXml(token3.xmlToken);
SecurityKeyIdentifierClause internalTokenReference = null;
if (token3.internalTokenReference != null)
{
internalTokenReference = tokenSerializer.ReadKeyIdentifierClause(CreateReaderWithQuotas(token3.internalTokenReference));
}
SecurityKeyIdentifierClause externalTokenReference = null;
if (token3.externalTokenReference != null)
{
externalTokenReference = tokenSerializer.ReadKeyIdentifierClause(CreateReaderWithQuotas(token3.externalTokenReference));
}
DateTime effectiveTime = DateTime.FromFileTimeUtc(token3.createDate);
return(new GenericXmlSecurityToken(document.DocumentElement, proofToken, effectiveTime, DateTime.FromFileTimeUtc(token3.expiryDate), internalTokenReference, externalTokenReference, null));
}
ExceptionHelper.ThrowIfCardSpaceException(status);
throw InfoCardTrace.ThrowHelperError(new CardSpaceException(Microsoft.InfoCards.SR.GetString("ClientAPIInfocardError")));
}
catch
{
if (pCryptoHandle != null)
{
pCryptoHandle.Dispose();
}
if (proofToken != null)
{
proofToken.Dispose();
}
throw;
}
finally
{
if (securityToken != null)
{
securityToken.Dispose();
}
}
return(null);
}
public static GenericXmlSecurityToken GetToken(XmlElement endpoint, IEnumerable <XmlElement> policy, XmlElement requiredRemoteTokenIssuer, SecurityTokenSerializer tokenSerializer)
{
if (endpoint == null)
{
throw InfoCardTrace.ThrowHelperArgumentNull("endpoint");
}
if (policy == null)
{
throw InfoCardTrace.ThrowHelperArgumentNull("policy");
}
if (tokenSerializer == null)
{
throw InfoCardTrace.ThrowHelperArgumentNull("tokenSerializer");
}
Collection <XmlElement> parameters = new Collection <XmlElement>();
foreach (XmlElement element in policy)
{
parameters.Add(element);
}
return(GetToken(new CardSpacePolicyElement[] { new CardSpacePolicyElement(endpoint, requiredRemoteTokenIssuer, parameters, null, 0, false) }, tokenSerializer));
}
public SecurityStandardsManager(System.IdentityModel.Selectors.SecurityTokenSerializer tokenSerializer) : this(System.ServiceModel.MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11, tokenSerializer)
{
}
//-----------------------------------------
//-----------------------------------------
// Constructors
//-----------------------------------------
protected override SecurityToken GetInfoCardSecurityToken(bool requiresInfoCard, System.IdentityModel.Selectors.CardSpacePolicyElement[] chain, System.IdentityModel.Selectors.SecurityTokenSerializer tokenSerializer)
{
CardspacePolicyInfo policyInfo = new CardspacePolicyInfo(chain);
TimeZone localTimeZone = TimeZone.CurrentTimeZone;
if ( //Does the cache contain a token with the specified policy info?
_cachedInformationCardTokens.ContainsKey(policyInfo) &&
//Is the token is still valid?
localTimeZone.ToLocalTime(_cachedInformationCardTokens[policyInfo].ValidFrom) < DateTime.Now &&
localTimeZone.ToLocalTime(_cachedInformationCardTokens[policyInfo].ValidTo) > DateTime.Now
)
{
return(CachedInformationCardTokens[policyInfo]);
}
else
{
lock (CachedInformationCardTokens)
{
SecurityToken newInformationCardToken = base.GetInfoCardSecurityToken(requiresInfoCard, chain, tokenSerializer);
CachedInformationCardTokens.Add(policyInfo, newInformationCardToken);
return(newInformationCardToken);
}
}
}
public static GenericXmlSecurityToken GetToken(
CardSpacePolicyElement [] policyChain,
SecurityTokenSerializer serializer)
{
return((GenericXmlSecurityToken)get_token.Invoke(impl, new object [] { policyChain, serializer }));
}
public SignedXml(DictionaryManager dictionaryManager, System.IdentityModel.Selectors.SecurityTokenSerializer tokenSerializer) : this(new StandardSignedInfo(dictionaryManager), dictionaryManager, tokenSerializer)
{
}
public override void ReadXml (XmlDictionaryReader reader,
SamlSerializer samlSerializer,
SecurityTokenSerializer keyInfoTokenSerializer,
SecurityTokenResolver outOfBandTokenResolver)
{
throw new NotImplementedException ();
}
