public byte[] CreateCookieFromSecurityContext(UniqueId contextId, string id, byte[] key, DateTime tokenEffectiveTime, DateTime tokenExpirationTime, UniqueId keyGeneration, DateTime keyEffectiveTime, DateTime keyExpirationTime, ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies)
{
if (contextId == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("contextId");
}
if (key == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("key");
}
MemoryStream stream = new MemoryStream();
XmlDictionaryWriter writer = XmlDictionaryWriter.CreateBinaryWriter(stream, SctClaimDictionary.Instance, null);
SctClaimDictionary instance = SctClaimDictionary.Instance;
writer.WriteStartElement(instance.SecurityContextSecurityToken, instance.EmptyString);
writer.WriteStartElement(instance.Version, instance.EmptyString);
writer.WriteValue(1);
writer.WriteEndElement();
if (id != null)
{
writer.WriteElementString(instance.Id, instance.EmptyString, id);
}
XmlHelper.WriteElementStringAsUniqueId(writer, instance.ContextId, instance.EmptyString, contextId);
writer.WriteStartElement(instance.Key, instance.EmptyString);
writer.WriteBase64(key, 0, key.Length);
writer.WriteEndElement();
if (keyGeneration != null)
{
XmlHelper.WriteElementStringAsUniqueId(writer, instance.KeyGeneration, instance.EmptyString, keyGeneration);
}
XmlHelper.WriteElementContentAsInt64(writer, instance.EffectiveTime, instance.EmptyString, tokenEffectiveTime.ToUniversalTime().Ticks);
XmlHelper.WriteElementContentAsInt64(writer, instance.ExpiryTime, instance.EmptyString, tokenExpirationTime.ToUniversalTime().Ticks);
XmlHelper.WriteElementContentAsInt64(writer, instance.KeyEffectiveTime, instance.EmptyString, keyEffectiveTime.ToUniversalTime().Ticks);
XmlHelper.WriteElementContentAsInt64(writer, instance.KeyExpiryTime, instance.EmptyString, keyExpirationTime.ToUniversalTime().Ticks);
AuthorizationContext authContext = null;
if (authorizationPolicies != null)
{
authContext = AuthorizationContext.CreateDefaultAuthorizationContext(authorizationPolicies);
}
if ((authContext != null) && (authContext.ClaimSets.Count != 0))
{
DataContractSerializer serializer = DataContractSerializerDefaults.CreateSerializer(typeof(IIdentity), this.knownTypes, 0x7fffffff);
DataContractSerializer serializer2 = DataContractSerializerDefaults.CreateSerializer(typeof(ClaimSet), this.knownTypes, 0x7fffffff);
DataContractSerializer claimSerializer = DataContractSerializerDefaults.CreateSerializer(typeof(Claim), this.knownTypes, 0x7fffffff);
SctClaimSerializer.SerializeIdentities(authContext, instance, writer, serializer);
writer.WriteStartElement(instance.ClaimSets, instance.EmptyString);
for (int i = 0; i < authContext.ClaimSets.Count; i++)
{
SctClaimSerializer.SerializeClaimSet(authContext.ClaimSets[i], instance, writer, serializer2, claimSerializer);
}
writer.WriteEndElement();
}
writer.WriteEndElement();
writer.Flush();
byte[] data = stream.ToArray();
return(this.securityStateEncoder.EncodeSecurityState(data));
}
private SecurityContextSecurityToken DeserializeContext(byte[] serializedContext, byte[] cookieBlob, string id, XmlDictionaryReaderQuotas quotas)
{
List <IAuthorizationPolicy> list3;
SctClaimDictionary instance = SctClaimDictionary.Instance;
XmlDictionaryReader reader = XmlDictionaryReader.CreateBinaryReader(serializedContext, 0, serializedContext.Length, instance, quotas, null, null);
int num = -1;
UniqueId contextId = null;
DateTime minUtcDateTime = System.ServiceModel.Security.SecurityUtils.MinUtcDateTime;
DateTime maxUtcDateTime = System.ServiceModel.Security.SecurityUtils.MaxUtcDateTime;
byte[] key = null;
string str = null;
UniqueId keyGeneration = null;
DateTime keyEffectiveTime = System.ServiceModel.Security.SecurityUtils.MinUtcDateTime;
DateTime keyExpirationTime = System.ServiceModel.Security.SecurityUtils.MaxUtcDateTime;
List <ClaimSet> claimSets = null;
IList <IIdentity> identities = null;
bool isCookieMode = true;
reader.ReadFullStartElement(instance.SecurityContextSecurityToken, instance.EmptyString);
while (reader.IsStartElement())
{
if (reader.IsStartElement(instance.Version, instance.EmptyString))
{
num = reader.ReadElementContentAsInt();
}
else
{
if (reader.IsStartElement(instance.ContextId, instance.EmptyString))
{
contextId = reader.ReadElementContentAsUniqueId();
continue;
}
if (reader.IsStartElement(instance.Id, instance.EmptyString))
{
str = reader.ReadElementContentAsString();
continue;
}
if (reader.IsStartElement(instance.EffectiveTime, instance.EmptyString))
{
minUtcDateTime = new DateTime(XmlHelper.ReadElementContentAsInt64(reader), DateTimeKind.Utc);
continue;
}
if (reader.IsStartElement(instance.ExpiryTime, instance.EmptyString))
{
maxUtcDateTime = new DateTime(XmlHelper.ReadElementContentAsInt64(reader), DateTimeKind.Utc);
continue;
}
if (reader.IsStartElement(instance.Key, instance.EmptyString))
{
key = reader.ReadElementContentAsBase64();
continue;
}
if (reader.IsStartElement(instance.KeyGeneration, instance.EmptyString))
{
keyGeneration = reader.ReadElementContentAsUniqueId();
continue;
}
if (reader.IsStartElement(instance.KeyEffectiveTime, instance.EmptyString))
{
keyEffectiveTime = new DateTime(XmlHelper.ReadElementContentAsInt64(reader), DateTimeKind.Utc);
continue;
}
if (reader.IsStartElement(instance.KeyExpiryTime, instance.EmptyString))
{
keyExpirationTime = new DateTime(XmlHelper.ReadElementContentAsInt64(reader), DateTimeKind.Utc);
continue;
}
if (reader.IsStartElement(instance.Identities, instance.EmptyString))
{
identities = SctClaimSerializer.DeserializeIdentities(reader, instance, DataContractSerializerDefaults.CreateSerializer(typeof(IIdentity), this.knownTypes, 0x7fffffff));
continue;
}
if (reader.IsStartElement(instance.ClaimSets, instance.EmptyString))
{
reader.ReadStartElement();
DataContractSerializer serializer = DataContractSerializerDefaults.CreateSerializer(typeof(ClaimSet), this.knownTypes, 0x7fffffff);
DataContractSerializer claimSerializer = DataContractSerializerDefaults.CreateSerializer(typeof(Claim), this.knownTypes, 0x7fffffff);
claimSets = new List <ClaimSet>(1);
while (reader.IsStartElement())
{
claimSets.Add(SctClaimSerializer.DeserializeClaimSet(reader, instance, serializer, claimSerializer));
}
reader.ReadEndElement();
continue;
}
if (reader.IsStartElement(instance.IsCookieMode, instance.EmptyString))
{
isCookieMode = reader.ReadElementString() == "1";
}
else
{
OnInvalidCookieFailure(System.ServiceModel.SR.GetString("SctCookieXmlParseError"));
}
}
}
reader.ReadEndElement();
if (num != 1)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(System.ServiceModel.SR.GetString("SerializedTokenVersionUnsupported", new object[] { num })));
}
if (contextId == null)
{
OnInvalidCookieFailure(System.ServiceModel.SR.GetString("SctCookieValueMissingOrIncorrect", new object[] { "ContextId" }));
}
if ((key == null) || (key.Length == 0))
{
OnInvalidCookieFailure(System.ServiceModel.SR.GetString("SctCookieValueMissingOrIncorrect", new object[] { "Key" }));
}
if (str != id)
{
OnInvalidCookieFailure(System.ServiceModel.SR.GetString("SctCookieValueMissingOrIncorrect", new object[] { "Id" }));
}
if (claimSets != null)
{
list3 = new List <IAuthorizationPolicy>(1)
{
new SctUnconditionalPolicy(identities, claimSets, maxUtcDateTime)
};
}
else
{
list3 = null;
}
return(new SecurityContextSecurityToken(contextId, str, key, minUtcDateTime, maxUtcDateTime, (list3 != null) ? list3.AsReadOnly() : null, isCookieMode, cookieBlob, keyGeneration, keyEffectiveTime, keyExpirationTime));
}
SecurityContextSecurityToken DeserializeContext(byte[] serializedContext, byte[] cookieBlob, string id, XmlDictionaryReaderQuotas quotas)
{
SctClaimDictionary dictionary = SctClaimDictionary.Instance;
XmlDictionaryReader reader = XmlDictionaryReader.CreateBinaryReader(serializedContext, 0, serializedContext.Length, dictionary, quotas, null, null);
int cookieVersion = -1;
UniqueId cookieContextId = null;
DateTime effectiveTime = SecurityUtils.MinUtcDateTime;
DateTime expiryTime = SecurityUtils.MaxUtcDateTime;
byte[] key = null;
string localId = null;
UniqueId keyGeneration = null;
DateTime keyEffectiveTime = SecurityUtils.MinUtcDateTime;
DateTime keyExpirationTime = SecurityUtils.MaxUtcDateTime;
List <ClaimSet> claimSets = null;
IList <IIdentity> identities = null;
bool isCookie = true;
reader.ReadFullStartElement(dictionary.SecurityContextSecurityToken, dictionary.EmptyString);
while (reader.IsStartElement())
{
if (reader.IsStartElement(dictionary.Version, dictionary.EmptyString))
{
cookieVersion = reader.ReadElementContentAsInt();
}
else if (reader.IsStartElement(dictionary.ContextId, dictionary.EmptyString))
{
cookieContextId = reader.ReadElementContentAsUniqueId();
}
else if (reader.IsStartElement(dictionary.Id, dictionary.EmptyString))
{
localId = reader.ReadElementContentAsString();
}
else if (reader.IsStartElement(dictionary.EffectiveTime, dictionary.EmptyString))
{
effectiveTime = new DateTime(XmlHelper.ReadElementContentAsInt64(reader), DateTimeKind.Utc);
}
else if (reader.IsStartElement(dictionary.ExpiryTime, dictionary.EmptyString))
{
expiryTime = new DateTime(XmlHelper.ReadElementContentAsInt64(reader), DateTimeKind.Utc);
}
else if (reader.IsStartElement(dictionary.Key, dictionary.EmptyString))
{
key = reader.ReadElementContentAsBase64();
}
else if (reader.IsStartElement(dictionary.KeyGeneration, dictionary.EmptyString))
{
keyGeneration = reader.ReadElementContentAsUniqueId();
}
else if (reader.IsStartElement(dictionary.KeyEffectiveTime, dictionary.EmptyString))
{
keyEffectiveTime = new DateTime(XmlHelper.ReadElementContentAsInt64(reader), DateTimeKind.Utc);
}
else if (reader.IsStartElement(dictionary.KeyExpiryTime, dictionary.EmptyString))
{
keyExpirationTime = new DateTime(XmlHelper.ReadElementContentAsInt64(reader), DateTimeKind.Utc);
}
else if (reader.IsStartElement(dictionary.Identities, dictionary.EmptyString))
{
identities = SctClaimSerializer.DeserializeIdentities(reader, dictionary, DataContractSerializerDefaults.CreateSerializer(typeof(IIdentity), this.knownTypes, int.MaxValue));
}
else if (reader.IsStartElement(dictionary.ClaimSets, dictionary.EmptyString))
{
reader.ReadStartElement();
DataContractSerializer claimSetSerializer = DataContractSerializerDefaults.CreateSerializer(typeof(ClaimSet), this.knownTypes, int.MaxValue);
DataContractSerializer claimSerializer = DataContractSerializerDefaults.CreateSerializer(typeof(Claim), this.knownTypes, int.MaxValue);
claimSets = new List <ClaimSet>(1);
while (reader.IsStartElement())
{
claimSets.Add(SctClaimSerializer.DeserializeClaimSet(reader, dictionary, claimSetSerializer, claimSerializer));
}
reader.ReadEndElement();
}
else if (reader.IsStartElement(dictionary.IsCookieMode, dictionary.EmptyString))
{
isCookie = reader.ReadElementString() == "1" ? true : false;
}
else
{
OnInvalidCookieFailure(SR.GetString(SR.SctCookieXmlParseError));
}
}
reader.ReadEndElement();
if (cookieVersion != SupportedPersistanceVersion)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.SerializedTokenVersionUnsupported, cookieVersion)));
}
if (cookieContextId == null)
{
OnInvalidCookieFailure(SR.GetString(SR.SctCookieValueMissingOrIncorrect, "ContextId"));
}
if (key == null || key.Length == 0)
{
OnInvalidCookieFailure(SR.GetString(SR.SctCookieValueMissingOrIncorrect, "Key"));
}
if (localId != id)
{
OnInvalidCookieFailure(SR.GetString(SR.SctCookieValueMissingOrIncorrect, "Id"));
}
List <IAuthorizationPolicy> authorizationPolicies;
if (claimSets != null)
{
authorizationPolicies = new List <IAuthorizationPolicy>(1);
authorizationPolicies.Add(new SctUnconditionalPolicy(identities, claimSets, expiryTime));
}
else
{
authorizationPolicies = null;
}
return(new SecurityContextSecurityToken(cookieContextId, localId, key, effectiveTime, expiryTime,
authorizationPolicies != null ? authorizationPolicies.AsReadOnly() : null, isCookie, cookieBlob, keyGeneration, keyEffectiveTime, keyExpirationTime));
}
public byte[] CreateCookieFromSecurityContext(UniqueId contextId, string id, byte[] key, DateTime tokenEffectiveTime,
DateTime tokenExpirationTime, UniqueId keyGeneration, DateTime keyEffectiveTime, DateTime keyExpirationTime,
ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies)
{
if (contextId == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(contextId));
}
if (key == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(key));
}
MemoryStream stream = new MemoryStream();
XmlDictionaryWriter writer = XmlDictionaryWriter.CreateBinaryWriter(stream, SctClaimDictionary.Instance, null);
SctClaimDictionary dictionary = SctClaimDictionary.Instance;
writer.WriteStartElement(dictionary.SecurityContextSecurityToken, dictionary.EmptyString);
writer.WriteStartElement(dictionary.Version, dictionary.EmptyString);
writer.WriteValue(SupportedPersistanceVersion);
writer.WriteEndElement();
if (id != null)
{
writer.WriteElementString(dictionary.Id, dictionary.EmptyString, id);
}
XmlHelper.WriteElementStringAsUniqueId(writer, dictionary.ContextId, dictionary.EmptyString, contextId);
writer.WriteStartElement(dictionary.Key, dictionary.EmptyString);
writer.WriteBase64(key, 0, key.Length);
writer.WriteEndElement();
if (keyGeneration != null)
{
XmlHelper.WriteElementStringAsUniqueId(writer, dictionary.KeyGeneration, dictionary.EmptyString, keyGeneration);
}
XmlHelper.WriteElementContentAsInt64(writer, dictionary.EffectiveTime, dictionary.EmptyString, tokenEffectiveTime.ToUniversalTime().Ticks);
XmlHelper.WriteElementContentAsInt64(writer, dictionary.ExpiryTime, dictionary.EmptyString, tokenExpirationTime.ToUniversalTime().Ticks);
XmlHelper.WriteElementContentAsInt64(writer, dictionary.KeyEffectiveTime, dictionary.EmptyString, keyEffectiveTime.ToUniversalTime().Ticks);
XmlHelper.WriteElementContentAsInt64(writer, dictionary.KeyExpiryTime, dictionary.EmptyString, keyExpirationTime.ToUniversalTime().Ticks);
AuthorizationContext authContext = null;
if (authorizationPolicies != null)
{
authContext = AuthorizationContext.CreateDefaultAuthorizationContext(authorizationPolicies);
}
if (authContext != null && authContext.ClaimSets.Count != 0)
{
DataContractSerializer identitySerializer = DataContractSerializerDefaults.CreateSerializer(typeof(IIdentity), _knownTypes, int.MaxValue);
DataContractSerializer claimSetSerializer = DataContractSerializerDefaults.CreateSerializer(typeof(ClaimSet), _knownTypes, int.MaxValue);
DataContractSerializer claimSerializer = DataContractSerializerDefaults.CreateSerializer(typeof(Claim), _knownTypes, int.MaxValue);
SctClaimSerializer.SerializeIdentities(authContext, dictionary, writer, identitySerializer);
writer.WriteStartElement(dictionary.ClaimSets, dictionary.EmptyString);
for (int i = 0; i < authContext.ClaimSets.Count; i++)
{
SctClaimSerializer.SerializeClaimSet(authContext.ClaimSets[i], dictionary, writer, claimSetSerializer, claimSerializer);
}
writer.WriteEndElement();
}
writer.WriteEndElement();
writer.Flush();
byte[] serializedContext = stream.ToArray();
return(_securityStateEncoder.EncodeSecurityState(serializedContext));
}
