internal static SecurityKey ResolveSecurityKey(SecurityKeyIdentifier ski, SecurityTokenResolver tokenResolver) { if (ski == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("ski"); } if (tokenResolver != null) { for (int i = 0; i < ski.Count; ++i) { SecurityKey key = null; if (tokenResolver.TryResolveSecurityKey(ski[i], out key)) { return(key); } } } if (ski.CanCreateKey) { return(ski.CreateKey()); } return(null); }
internal EncryptedKeyIdentifierClause(byte[] encryptedKey, string encryptionMethod, SecurityKeyIdentifier encryptingKeyIdentifier, string carriedKeyName, bool cloneBuffer, byte[] derivationNonce, int derivationLength) : base("http://www.w3.org/2001/04/xmlenc#EncryptedKey", encryptedKey, cloneBuffer, derivationNonce, derivationLength) { CarriedKeyName = carriedKeyName; _encryptionMethod = encryptionMethod ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(encryptionMethod)); EncryptingKeyIdentifier = encryptingKeyIdentifier; }
protected override SecurityKeyIdentifier ReadKeyIdentifierCore(XmlReader reader) { XmlDictionaryReader localReader = XmlDictionaryReader.CreateDictionaryReader(reader); localReader.ReadStartElement(XD.XmlSignatureDictionary.KeyInfo, XD.XmlSignatureDictionary.Namespace); SecurityKeyIdentifier keyIdentifier = new SecurityKeyIdentifier(); while (localReader.IsStartElement()) { SecurityKeyIdentifierClause clause = this.InnerSecurityTokenSerializer.ReadKeyIdentifierClause(localReader); if (clause == null) { localReader.Skip(); } else { keyIdentifier.Add(clause); } } if (keyIdentifier.Count == 0) { throw /*System.ServiceModel.*/ DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(string.Format(SR_IdentityModel.ErrorDeserializingKeyIdentifierClause))); } localReader.ReadEndElement(); return(keyIdentifier); }
/// <summary> /// Finds a named collection of <see cref="SecurityKey"/>(s) that match the <see cref="SecurityKeyIdentifier"/> and returns a <see cref="NamedKeySecurityToken"/> that contains the <see cref="SecurityKey"/>(s). /// </summary> /// <param name="keyIdentifier">The <see cref="SecurityKeyIdentifier"/> to resolve to a <see cref="SecurityToken"/></param> /// <param name="token">The resolved <see cref="SecurityToken"/>.</param> /// <remarks> /// <para> /// A <see cref="SecurityKeyIdentifier"/> can contain multiple <see cref="SecurityKeyIdentifierClause"/>(s). This method will return the named collection that matches the first <see cref="SecurityKeyIdentifierClause"/> /// </para> /// <para> /// If there is no match, then <see cref="IssuerTokenResolver"/> and 'base' are called in order. /// </para> /// </remarks> /// <returns> /// true is the keyIdentifier is resolved, false otherwise. /// </returns> protected override bool TryResolveTokenCore(SecurityKeyIdentifier keyIdentifier, out SecurityToken token) { if (keyIdentifier == null) { throw new ArgumentNullException("keyIdentifier"); } token = null; foreach (SecurityKeyIdentifierClause clause in keyIdentifier) { if (null == clause) { continue; } NamedKeySecurityKeyIdentifierClause namedKeyIdentifierClause = clause as NamedKeySecurityKeyIdentifierClause; if (namedKeyIdentifierClause != null) { IList <SecurityKey> resolvedKeys = null; if (this.keys.TryGetValue(namedKeyIdentifierClause.Name, out resolvedKeys)) { token = new NamedKeySecurityToken(namedKeyIdentifierClause.Name, namedKeyIdentifierClause.Id, resolvedKeys); return(true); } } } if (IssuerTokenResolver != null && IssuerTokenResolver.TryResolveToken(keyIdentifier, out token)) { return(true); } return(base.TryResolveTokenCore(keyIdentifier, out token)); }
public SamlSubject(string nameFormat, string nameQualifier, string name, IEnumerable <string> confirmations, string confirmationData, SecurityKeyIdentifier securityKeyIdentifier) { if (confirmations != null) { foreach (string method in confirmations) { if (string.IsNullOrEmpty(method)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.SAMLEntityCannotBeNullOrEmpty, XD.SamlDictionary.SubjectConfirmationMethod.Value)); } this.confirmationMethods.Add(method); } } if ((this.confirmationMethods.Count == 0) && (string.IsNullOrEmpty(name))) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.SAMLSubjectRequiresNameIdentifierOrConfirmationMethod)); } if ((this.confirmationMethods.Count == 0) && ((confirmationData != null) || (securityKeyIdentifier != null))) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.SAMLSubjectRequiresConfirmationMethodWhenConfirmationDataOrKeyInfoIsSpecified)); } this.name = name; this.nameFormat = nameFormat; this.nameQualifier = nameQualifier; this.confirmationData = confirmationData; this.securityKeyIdentifier = securityKeyIdentifier; }
internal static SecurityToken ResolveSecurityToken(SecurityKeyIdentifier ski, SecurityTokenResolver tokenResolver) { SecurityToken token = null; if (tokenResolver != null) { tokenResolver.TryResolveToken(ski, out token); } if (token == null) { // Check if this is a RSA key. RsaKeyIdentifierClause rsaClause; if (ski.TryFind <RsaKeyIdentifierClause>(out rsaClause)) { token = new RsaSecurityToken(rsaClause.Rsa); } } if (token == null) { // Check if this is a X509RawDataKeyIdentifier Clause. X509RawDataKeyIdentifierClause rawDataKeyIdentifierClause; if (ski.TryFind <X509RawDataKeyIdentifierClause>(out rawDataKeyIdentifierClause)) { token = new X509SecurityToken(new X509Certificate2(rawDataKeyIdentifierClause.GetX509RawData())); } } return(token); }
/// <summary> /// Constructs an EncryptingCredentials with a security key, a security key identifier and /// the encryption algorithm. /// </summary> /// <param name="key">A security key for encryption.</param> /// <param name="keyIdentifier">A security key identifier for the encryption key.</param> /// <param name="algorithm">The encryption algorithm.</param> /// <exception cref="ArgumentNullException">When key is null.</exception> /// <exception cref="ArgumentNullException">When key identifier is null.</exception> /// <exception cref="ArgumentNullException">When algorithm is null.</exception> public EncryptingCredentials(SecurityKey key, SecurityKeyIdentifier keyIdentifier, string algorithm) { if (key == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("key"); } if (keyIdentifier == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("keyIdentifier"); } if (string.IsNullOrEmpty(algorithm)) { throw DiagnosticUtility.ThrowHelperArgumentNullOrEmptyString("algorithm"); } // // It is possible that keyIdentifier is pointing to a token which // is not capable of doing the given algorithm, we have no way verify // that at this level. // _algorithm = algorithm; _key = key; _keyIdentifier = keyIdentifier; }
/// <summary> /// Constructs a proof token based on RSA key. /// </summary> /// <param name="rsaAlgorithm"></param> public AsymmetricProofDescriptor(RSA rsaAlgorithm) { if (rsaAlgorithm == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rsaAlgorithm"); } _keyIdentifier = new SecurityKeyIdentifier(new RsaKeyIdentifierClause(rsaAlgorithm)); }
public SigningCredentials(SecurityKey signingKey, string signatureAlgorithm, string digestAlgorithm, SecurityKeyIdentifier signingKeyIdentifier) : this(signingKey, signatureAlgorithm, digestAlgorithm) { if (signingKeyIdentifier == null) { throw new ArgumentNullException("signingKeyIdentifier"); } this.identifier = signingKeyIdentifier; }
/// <summary> /// Constructor to use when working with SecurityKeyIdentifiers /// </summary> /// <param name="securityKeyIdentifier">SecurityKeyIdentifier that represents a SecuriytKey</param> /// <param name="securityTokenResolver">SecurityTokenResolver that can be resolved to a SecurityKey</param> /// <exception cref="ArgumentNullException">Thrown if the 'securityKeyIdentifier' is null</exception> public SecurityKeyElement(SecurityKeyIdentifier securityKeyIdentifier, SecurityTokenResolver securityTokenResolver) { if (securityKeyIdentifier == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityKeyIdentifier"); } Initialize(securityKeyIdentifier, securityTokenResolver); }
/// <summary> /// Constructor for X509SigningCredentials based on an x509 token and the security key identifier to be used. /// It uses the token's public key, its default asymmetric signature algorithm and the specified security key identifier /// </summary> /// <param name="token">The x509 security token.</param> /// <param name="ski">The security key identifier to be used.</param> /// <param name="signatureAlgorithm">signature algorithm</param> /// <param name="digestAlgorithm">digest algorithm</param> internal X509SigningCredentials(X509SecurityToken token, SecurityKeyIdentifier ski, string signatureAlgorithm, string digestAlgorithm) : base(token.SecurityKeys[0], signatureAlgorithm, digestAlgorithm, ski) { this.certificate = token.Certificate; if (!this.certificate.HasPrivateKey) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("token", SR.GetString(SR.ID2057)); } }
public EncryptedKeyIdentifierClause( byte [] encryptedKey, string encryptionMethod, SecurityKeyIdentifier encryptingKeyIdentifier, string carriedKeyName, byte [] derivationNonce, int derivationLength) : base(encryptionMethod, encryptedKey, true, derivationNonce, derivationLength) { this.carried_key_name = carriedKeyName; this.identifier = encryptingKeyIdentifier; this.enc_method = encryptionMethod; }
protected void ReadSignature(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver, SamlSerializer samlSerializer) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } if (samlSerializer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("samlSerializer"); } if (this.signature != null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SAMLSignatureAlreadyRead))); } // If the reader cannot canonicalize then buffer the signature element to a canonicalizing reader. XmlDictionaryReader effectiveReader = reader; if (!effectiveReader.CanCanonicalize) { MemoryStream stream = new MemoryStream(); XmlDictionaryWriter writer = XmlDictionaryWriter.CreateBinaryWriter(stream, samlSerializer.DictionaryManager.ParentDictionary); writer.WriteNode(effectiveReader, false); writer.Flush(); stream.Position = 0; effectiveReader = XmlDictionaryReader.CreateBinaryReader(stream.GetBuffer(), 0, (int)stream.Length, samlSerializer.DictionaryManager.ParentDictionary, reader.Quotas); effectiveReader.MoveToContent(); writer.Close(); } SignedXml signedXml = new SignedXml(new StandardSignedInfo(samlSerializer.DictionaryManager), samlSerializer.DictionaryManager, keyInfoSerializer); signedXml.TransformFactory = ExtendedTransformFactory.Instance; signedXml.ReadFrom(effectiveReader); SecurityKeyIdentifier securityKeyIdentifier = signedXml.Signature.KeyIdentifier; this.verificationKey = SamlSerializer.ResolveSecurityKey(securityKeyIdentifier, outOfBandTokenResolver); if (this.verificationKey == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLUnableToResolveSignatureKey, this.issuer))); } this.signature = signedXml; this.signingToken = SamlSerializer.ResolveSecurityToken(securityKeyIdentifier, outOfBandTokenResolver); if (this.signingToken == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SamlSigningTokenNotFound))); } if (!ReferenceEquals(reader, effectiveReader)) { effectiveReader.Close(); } }
/// <summary> /// Constructs a proof token based on key identifier. /// </summary> /// <param name="keyIdentifier"></param> public AsymmetricProofDescriptor(SecurityKeyIdentifier keyIdentifier) { if (keyIdentifier == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("keyIdentifier"); } // // This is a key identifier for an asymmetric key // _keyIdentifier = keyIdentifier; }
protected override bool CanWriteKeyIdentifierCore(SecurityKeyIdentifier keyIdentifier) { for (int i = 0; i < _keyIdentifierEntries.Count; ++i) { KeyIdentifierEntry keyIdentifierEntry = _keyIdentifierEntries[i]; if (keyIdentifierEntry.SupportsCore(keyIdentifier)) { return(true); } } return(false); }
protected void ReadSignature(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver, SamlSerializer samlSerializer) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } if (samlSerializer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("samlSerializer"); } if (this.signature != null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.IdentityModel.SR.GetString("SAMLSignatureAlreadyRead"))); } XmlDictionaryReader reader2 = reader; if (!reader2.CanCanonicalize) { MemoryStream stream = new MemoryStream(); XmlDictionaryWriter writer = XmlDictionaryWriter.CreateBinaryWriter(stream, samlSerializer.DictionaryManager.ParentDictionary); writer.WriteNode(reader2, false); writer.Flush(); stream.Position = 0L; reader2 = XmlDictionaryReader.CreateBinaryReader(stream.GetBuffer(), 0, (int)stream.Length, samlSerializer.DictionaryManager.ParentDictionary, reader.Quotas); reader2.MoveToContent(); writer.Close(); } SignedXml xml = new SignedXml(new StandardSignedInfo(samlSerializer.DictionaryManager), samlSerializer.DictionaryManager, keyInfoSerializer) { TransformFactory = ExtendedTransformFactory.Instance }; xml.ReadFrom(reader2); SecurityKeyIdentifier keyIdentifier = xml.Signature.KeyIdentifier; this.verificationKey = SamlSerializer.ResolveSecurityKey(keyIdentifier, outOfBandTokenResolver); if (this.verificationKey == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLUnableToResolveSignatureKey", new object[] { this.issuer }))); } this.signature = xml; this.signingToken = SamlSerializer.ResolveSecurityToken(keyIdentifier, outOfBandTokenResolver); if (this.signingToken == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SamlSigningTokenNotFound"))); } if (!object.ReferenceEquals(reader, reader2)) { reader2.Close(); } }
public SamlSubject(string nameFormat, string nameQualifier, string name, IEnumerable <string> confirmations, string confirmationData, SecurityKeyIdentifier securityKeyIdentifier) { if (name == null || name.Length == 0) { throw new ArgumentException("non-zero length string must be specified for name of SAML Subject."); } name_format = nameFormat; name_qualifier = nameQualifier; this.name = name; confirmation_methods = new List <string> (confirmations); confirmation_data = confirmationData; key_identifier = securityKeyIdentifier; }
public override void WriteKeyIdentifierCore(XmlDictionaryWriter writer, SecurityKeyIdentifier keyIdentifier) { writer.WriteStartElement(XD.XmlSignatureDictionary.Prefix.Value, LocalName, NamespaceUri); bool clauseWritten = false; foreach (SecurityKeyIdentifierClause clause in keyIdentifier) { this.securityTokenSerializer.InnerSecurityTokenSerializer.WriteKeyIdentifierClause(writer, clause); clauseWritten = true; } writer.WriteEndElement(); // KeyInfo if (!clauseWritten) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityMessageSerializationException(SR.GetString(SR.NoKeyInfoClausesToWrite))); } }
public override SecurityKeyIdentifierClause ReadKeyIdentifierClauseCore(XmlDictionaryReader reader) { string encryptionMethod = null; string carriedKeyName = null; SecurityKeyIdentifier encryptingKeyIdentifier = null; byte[] encryptedKey = null; reader.ReadStartElement(XD.XmlEncryptionDictionary.EncryptedKey, NamespaceUri); if (reader.IsStartElement(XD.XmlEncryptionDictionary.EncryptionMethod, NamespaceUri)) { encryptionMethod = reader.GetAttribute(XD.XmlEncryptionDictionary.AlgorithmAttribute, null); bool isEmptyElement = reader.IsEmptyElement; reader.ReadStartElement(); if (!isEmptyElement) { while (reader.IsStartElement()) { reader.Skip(); } reader.ReadEndElement(); } } if (this.securityTokenSerializer.CanReadKeyIdentifier(reader)) { encryptingKeyIdentifier = this.securityTokenSerializer.ReadKeyIdentifier(reader); } reader.ReadStartElement(XD.XmlEncryptionDictionary.CipherData, NamespaceUri); reader.ReadStartElement(XD.XmlEncryptionDictionary.CipherValue, NamespaceUri); encryptedKey = reader.ReadContentAsBase64(); reader.ReadEndElement(); reader.ReadEndElement(); if (reader.IsStartElement(XD.XmlEncryptionDictionary.CarriedKeyName, NamespaceUri)) { reader.ReadStartElement(); carriedKeyName = reader.ReadString(); reader.ReadEndElement(); } reader.ReadEndElement(); return(new EncryptedKeyIdentifierClause(encryptedKey, encryptionMethod, encryptingKeyIdentifier, carriedKeyName)); }
/// <summary> /// Inherited from <see cref="SecurityTokenResolver"/>. /// </summary> protected override bool TryResolveTokenCore(SecurityKeyIdentifier keyIdentifier, out SecurityToken token) { if (keyIdentifier == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("keyIdentifier"); } token = null; foreach (SecurityKeyIdentifierClause clause in keyIdentifier) { if (TryResolveTokenCore(clause, out token)) { return(true); } } return(false); }
/// <summary> /// Override of the base class. Resolves the given SecurityKeyIdentifier to a /// SecurityToken. /// </summary> /// <param name="keyIdentifier">The KeyIdentifier to be resolved.</param> /// <param name="token">The resolved SecurityToken</param> /// <returns>True if successfully resolved.</returns> /// <exception cref="ArgumentNullException">Input argument 'keyIdentifier' is null.</exception> protected override bool TryResolveTokenCore(SecurityKeyIdentifier keyIdentifier, out SecurityToken token) { if (keyIdentifier == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(keyIdentifier)); } token = null; foreach (SecurityTokenResolver tokenResolver in _tokenResolvers) { if (tokenResolver.TryResolveToken(keyIdentifier, out token)) { return(true); } } return(false); }
internal static void WriteSecurityKeyIdentifier(XmlWriter writer, SecurityKeyIdentifier ski, SecurityTokenSerializer tokenSerializer) { if (tokenSerializer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenSerializer", System.IdentityModel.SR.GetString("SamlSerializerRequiresExternalSerializers")); } bool flag = false; if (tokenSerializer.CanWriteKeyIdentifier(ski)) { tokenSerializer.WriteKeyIdentifier(writer, ski); flag = true; } if (!flag) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.IdentityModel.SR.GetString("SamlSerializerUnableToWriteSecurityKeyIdentifier", new object[] { ski.ToString() }))); } }
/// <summary> /// Resolves the given SecurityKeyIdentifierClause to a SecurityKey. /// </summary> /// <param name="keyIdentifierClause">SecurityKeyIdentifierClause to resolve</param> /// <param name="key">The resolved SecurityKey.</param> /// <returns>True if successfully resolved.</returns> /// <exception cref="ArgumentNullException">The input argument 'keyIdentifierClause' is null.</exception> protected override bool TryResolveSecurityKeyCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityKey key) { if (keyIdentifierClause == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("keyIdentifierClause"); } key = null; EncryptedKeyIdentifierClause encryptedKeyIdentifierClause = keyIdentifierClause as EncryptedKeyIdentifierClause; if (encryptedKeyIdentifierClause != null) { SecurityKeyIdentifier keyIdentifier = encryptedKeyIdentifierClause.EncryptingKeyIdentifier; if (keyIdentifier != null && keyIdentifier.Count > 0) { for (int i = 0; i < keyIdentifier.Count; i++) { SecurityKey unwrappingSecurityKey = null; if (TryResolveSecurityKey(keyIdentifier[i], out unwrappingSecurityKey)) { byte[] wrappedKey = encryptedKeyIdentifierClause.GetEncryptedKey(); string wrappingAlgorithm = encryptedKeyIdentifierClause.EncryptionMethod; byte[] unwrappedKey = unwrappingSecurityKey.DecryptKey(wrappingAlgorithm, wrappedKey); key = new InMemorySymmetricSecurityKey(unwrappedKey, false); return(true); } } } } else { SecurityToken token = null; if (TryResolveToken(keyIdentifierClause, out token)) { if (token.SecurityKeys.Count > 0) { key = token.SecurityKeys[0]; return(true); } } } return(false); }
public SigningCredentials(SecurityKey signingKey, string signatureAlgorithm, string digestAlgorithm, SecurityKeyIdentifier signingKeyIdentifier) { if (signingKey == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("signingKey")); } if (signatureAlgorithm == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("signatureAlgorithm")); } if (digestAlgorithm == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("digestAlgorithm")); } this.signingKey = signingKey; this.signatureAlgorithm = signatureAlgorithm; this.digestAlgorithm = digestAlgorithm; this.signingKeyIdentifier = signingKeyIdentifier; }
protected override void WriteKeyIdentifierCore(XmlWriter writer, SecurityKeyIdentifier keyIdentifier) { bool wroteKeyIdentifier = false; XmlDictionaryWriter localWriter = XmlDictionaryWriter.CreateDictionaryWriter(writer); for (int i = 0; i < _keyIdentifierEntries.Count; ++i) { KeyIdentifierEntry keyIdentifierEntry = _keyIdentifierEntries[i]; if (keyIdentifierEntry.SupportsCore(keyIdentifier)) { try { keyIdentifierEntry.WriteKeyIdentifierCore(localWriter, keyIdentifier); } #pragma warning disable 56500 // covered by FxCOP catch (Exception e) { if (Fx.IsFatal(e)) { throw; } if (!ShouldWrapException(e)) { throw; } throw /*System.ServiceModel.*/ DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(string.Format(SR_IdentityModel.ErrorSerializingKeyIdentifier), e)); } wroteKeyIdentifier = true; break; } } if (!wroteKeyIdentifier) { //TODO: throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.StandardsManagerCannotWriteObject, keyIdentifier.GetType()))); throw new XmlException(SRServiceModel.StandardsManagerCannotWriteObject); } localWriter.Flush(); }
internal static SecurityToken ResolveSecurityToken(SecurityKeyIdentifier ski, SecurityTokenResolver tokenResolver) { SecurityToken token = null; RsaKeyIdentifierClause clause; X509RawDataKeyIdentifierClause clause2; if (tokenResolver != null) { tokenResolver.TryResolveToken(ski, out token); } if ((token == null) && ski.TryFind <RsaKeyIdentifierClause>(out clause)) { token = new RsaSecurityToken(clause.Rsa); } if ((token == null) && ski.TryFind <X509RawDataKeyIdentifierClause>(out clause2)) { token = new X509SecurityToken(new X509Certificate2(clause2.GetX509RawData())); } return(token); }
internal static void WriteSecurityKeyIdentifier(XmlWriter writer, SecurityKeyIdentifier ski, SecurityTokenSerializer tokenSerializer) { if (tokenSerializer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenSerializer", SR.GetString(SR.SamlSerializerRequiresExternalSerializers)); } bool keyWritten = false; if (tokenSerializer.CanWriteKeyIdentifier(ski)) { tokenSerializer.WriteKeyIdentifier(writer, ski); keyWritten = true; } if (!keyWritten) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SamlSerializerUnableToWriteSecurityKeyIdentifier, ski.ToString()))); } }
protected override void WriteKeyIdentifierCore(XmlWriter writer, SecurityKeyIdentifier keyIdentifier) { bool wroteKeyIdentifier = false; XmlDictionaryWriter localWriter = XmlDictionaryWriter.CreateDictionaryWriter(writer); for (int i = 0; i < _keyIdentifierEntries.Count; ++i) { KeyIdentifierEntry keyIdentifierEntry = _keyIdentifierEntries[i]; if (keyIdentifierEntry.SupportsCore(keyIdentifier)) { try { keyIdentifierEntry.WriteKeyIdentifierCore(localWriter, keyIdentifier); } catch (Exception e) { if (Fx.IsFatal(e)) { throw; } if (!ShouldWrapException(e)) { throw; } throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.Format(SR.ErrorSerializingKeyIdentifier), e)); } wroteKeyIdentifier = true; break; } } if (!wroteKeyIdentifier) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.StandardsManagerCannotWriteObject, keyIdentifier.GetType()))); } localWriter.Flush(); }
private static SecurityKey ResolveSecurityKey(SecurityKeyIdentifier ski, SecurityTokenResolver tokenResolver, out SecurityKeyIdentifierClause clause) { if (ski == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("ski"); } clause = null; if (tokenResolver != null) { for (int i = 0; i < ski.Count; ++i) { SecurityKey key = null; if (tokenResolver.TryResolveSecurityKey(ski[i], out key)) { clause = ski[i]; return(key); } } } if (ski.CanCreateKey) { foreach (var skiClause in ski) { if (skiClause.CanCreateKey) { clause = skiClause; return(clause.CreateKey()); } } throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.KeyIdentifierCannotCreateKey))); } return(null); }
public override SecurityKeyIdentifier ReadKeyIdentifierCore(XmlDictionaryReader reader) { reader.ReadStartElement(LocalName, NamespaceUri); SecurityKeyIdentifier keyIdentifier = new SecurityKeyIdentifier(); while (reader.IsStartElement()) { SecurityKeyIdentifierClause clause = this.securityTokenSerializer.ReadKeyIdentifierClause(reader); if (clause == null) { reader.Skip(); } else { keyIdentifier.Add(clause); } } if (keyIdentifier.Count == 0) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.ErrorDeserializingKeyIdentifierClause))); } reader.ReadEndElement(); return(keyIdentifier); }