private SecurityKeyIdentifier ReadGenericXmlSecurityKeyIdentifier(XmlDictionaryReader localReader, Exception previousException)
{
if (!localReader.IsStartElement(XD.XmlSignatureDictionary.KeyInfo, XD.XmlSignatureDictionary.Namespace))
{
return(null);
}
localReader.ReadStartElement(XD.XmlSignatureDictionary.KeyInfo, XD.XmlSignatureDictionary.Namespace);
SecurityKeyIdentifier keyIdentifier = new SecurityKeyIdentifier();
if (localReader.IsStartElement())
{
SecurityKeyIdentifierClause clause = null;
string strId = localReader.GetAttribute(XD.UtilityDictionary.IdAttribute, XD.UtilityDictionary.Namespace);
XmlDocument doc = new XmlDocument();
XmlElement keyIdentifierReferenceXml = (doc.ReadNode(localReader) as XmlElement);
clause = new GenericXmlSecurityKeyIdentifierClause(keyIdentifierReferenceXml);
if (!string.IsNullOrEmpty(strId))
{
clause.Id = strId;
}
keyIdentifier.Add(clause);
}
if (keyIdentifier.Count == 0)
{
throw previousException;
}
localReader.ReadEndElement();
return(keyIdentifier);
}
/// <summary>
/// Makes a WSTrust call to the STS to obtain a <see cref="SecurityToken"/> first checking if the token is available in the cache.
/// </summary>
/// <returns>A <see cref="GenericXmlSecurityToken"/>.</returns>
protected override SecurityToken GetTokenCore(TimeSpan timeout)
{
WsTrustRequest request = CreateWsTrustRequest();
WsTrustResponse trustResponse = GetCachedResponse(request);
if (trustResponse is null)
{
using (var memeoryStream = new MemoryStream())
{
var writer = XmlDictionaryWriter.CreateTextWriter(memeoryStream, Encoding.UTF8);
var serializer = new WsTrustSerializer();
serializer.WriteRequest(writer, _requestSerializationContext.TrustVersion, request);
writer.Flush();
var reader = XmlDictionaryReader.CreateTextReader(memeoryStream.ToArray(), XmlDictionaryReaderQuotas.Max);
IRequestChannel channel = ChannelFactory.CreateChannel();
Message reply = channel.Request(Message.CreateMessage(MessageVersion.Soap12WSAddressing10, _requestSerializationContext.TrustActions.IssueRequest, reader));
SecurityUtils.ThrowIfNegotiationFault(reply, channel.RemoteAddress);
trustResponse = serializer.ReadResponse(reply.GetReaderAtBodyContents());
CacheSecurityTokenResponse(request, trustResponse);
}
}
// Create GenericXmlSecurityToken
// Assumes that token is first and Saml2SecurityToken.
using (var stream = new MemoryStream())
{
RequestSecurityTokenResponse response = trustResponse.RequestSecurityTokenResponseCollection[0];
// Get attached and unattached references
GenericXmlSecurityKeyIdentifierClause internalSecurityKeyIdentifierClause = null;
if (response.AttachedReference != null)
{
internalSecurityKeyIdentifierClause = GetSecurityKeyIdentifierForTokenReference(response.AttachedReference);
}
GenericXmlSecurityKeyIdentifierClause externalSecurityKeyIdentifierClause = null;
if (response.UnattachedReference != null)
{
externalSecurityKeyIdentifierClause = GetSecurityKeyIdentifierForTokenReference(response.UnattachedReference);
}
// Get proof token
IdentityModel.Tokens.SecurityToken proofToken = GetProofToken(request, response);
// Get lifetime
DateTime created = response.Lifetime?.Created ?? DateTime.UtcNow;
DateTime expires = response.Lifetime?.Expires ?? created.AddDays(1);
return(new GenericXmlSecurityToken(response.RequestedSecurityToken.TokenElement,
proofToken,
created,
expires,
internalSecurityKeyIdentifierClause,
externalSecurityKeyIdentifierClause,
null));
}
}
public static void Ctor_Deriviation_Properties()
{
XmlElement tokenReference = CreateTokenReference(Guid.NewGuid());
byte[] derivationNonce = new byte[] { 1, 2, 3, 4, 5, 6 };
int derivationLength = 128;
var genericXmlSecurityKeyIdentifierClause = new GenericXmlSecurityKeyIdentifierClause(tokenReference, (byte[])derivationNonce.Clone(), derivationLength);
Assert.Equal(derivationNonce, genericXmlSecurityKeyIdentifierClause.GetDerivationNonce());
Assert.Equal(derivationLength, genericXmlSecurityKeyIdentifierClause.DerivationLength);
}
public static void Matches()
{
Guid guid = Guid.NewGuid();
XmlElement tokenReference = CreateTokenReference(guid);
var genericXmlSecurityKeyIdentifierClause = new GenericXmlSecurityKeyIdentifierClause(tokenReference);
tokenReference = CreateTokenReference(guid); // Create equivalant but different instance
var genericXmlSecurityKeyIdentifierClause2 = new GenericXmlSecurityKeyIdentifierClause(tokenReference);
Assert.True(genericXmlSecurityKeyIdentifierClause.Matches(genericXmlSecurityKeyIdentifierClause2));
tokenReference = CreateTokenReference(Guid.NewGuid());
genericXmlSecurityKeyIdentifierClause2 = new GenericXmlSecurityKeyIdentifierClause(tokenReference);
Assert.False(genericXmlSecurityKeyIdentifierClause.Matches(genericXmlSecurityKeyIdentifierClause2));
}
public static void Ctor_Default_Properties()
{
var exception = Assert.Throws <ArgumentNullException>(() => new GenericXmlSecurityKeyIdentifierClause(null));
Assert.Equal("referenceXml", exception.ParamName);
XmlElement tokenReference = CreateTokenReference(Guid.NewGuid());
var genericXmlSecurityKeyIdentifierClause = new GenericXmlSecurityKeyIdentifierClause(tokenReference);
Assert.Null(genericXmlSecurityKeyIdentifierClause.Id);
Assert.False(genericXmlSecurityKeyIdentifierClause.CanCreateKey);
Assert.Null(genericXmlSecurityKeyIdentifierClause.ClauseType);
Assert.Throws <NotSupportedException>(() => genericXmlSecurityKeyIdentifierClause.CreateKey());
Assert.Null(genericXmlSecurityKeyIdentifierClause.GetDerivationNonce());
Assert.Equal(0, genericXmlSecurityKeyIdentifierClause.DerivationLength);
Assert.Equal(tokenReference, genericXmlSecurityKeyIdentifierClause.ReferenceXml);
}
internal static WCFSecurityToken CreateGenericXmlSecurityToken(WsTrustRequest request, WsTrustResponse trustResponse, WsSerializationContext serializationContext, SecurityAlgorithmSuite algorithmSuite)
{
// Create GenericXmlSecurityToken
// Assumes that token is first and Saml2SecurityToken.
RequestSecurityTokenResponse response = trustResponse.RequestSecurityTokenResponseCollection[0];
// Get attached and unattached references
GenericXmlSecurityKeyIdentifierClause internalSecurityKeyIdentifierClause = null;
if (response.AttachedReference != null)
{
internalSecurityKeyIdentifierClause = GetSecurityKeyIdentifierForTokenReference(response.AttachedReference);
}
GenericXmlSecurityKeyIdentifierClause externalSecurityKeyIdentifierClause = null;
if (response.UnattachedReference != null)
{
externalSecurityKeyIdentifierClause = GetSecurityKeyIdentifierForTokenReference(response.UnattachedReference);
}
// Get proof token
WCFSecurityToken proofToken = GetProofToken(request, response, serializationContext, algorithmSuite);
// Get lifetime
DateTime created = response.Lifetime?.Created ?? DateTime.UtcNow;
DateTime expires = response.Lifetime?.Expires ?? created.AddDays(1);
return(new GenericXmlSecurityToken(response.RequestedSecurityToken.TokenElement,
proofToken,
created,
expires,
internalSecurityKeyIdentifierClause,
externalSecurityKeyIdentifierClause,
null));
}
public override void WriteKeyIdentifierClauseCore(XmlDictionaryWriter writer, SecurityKeyIdentifierClause keyIdentifierClause)
{
GenericXmlSecurityKeyIdentifierClause genericXmlSecurityKeyIdentifierClause = keyIdentifierClause as GenericXmlSecurityKeyIdentifierClause;
genericXmlSecurityKeyIdentifierClause.ReferenceXml.WriteTo(writer);
}
