public virtual void WriteXml(XmlDictionaryWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer) { if (writer == null) { throw new ArgumentNullException("writer"); } if (samlSerializer == null) { throw new ArgumentNullException("samlSerializer"); } if (Action == null) { throw new SecurityTokenException("non-zero length string must be set for SAML Action before being written."); } writer.WriteStartElement("saml", "Action", SamlConstants.Namespace); if (Namespace != null) { writer.WriteAttributeString("Namespace", Namespace); } writer.WriteString(Action); writer.WriteEndElement(); }
public virtual void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver) { throw new NotImplementedException(); }
EncryptedData Encrypt(XmlElement target, SymmetricAlgorithm actualKey, string ekeyId, ReferenceList refList, SecurityKeyIdentifierClause encClause, EncryptedXml exml, XmlDocument doc, string elementType) { SecurityAlgorithmSuite suite = security.Element.DefaultAlgorithmSuite; SecurityTokenSerializer serializer = security.TokenSerializer; byte [] encrypted = exml.EncryptData(target, actualKey, false); EncryptedData edata = new EncryptedData(); edata.Id = GenerateId(doc); edata.Type = elementType; edata.EncryptionMethod = new EncryptionMethod(suite.DefaultEncryptionAlgorithm); // FIXME: here wsse:DigestMethod should be embedded // inside EncryptionMethod. Since it is not possible // with S.S.C.Xml.EncryptionMethod, we will have to // build our own XML encryption classes. edata.CipherData.CipherValue = encrypted; DataReference dr = new DataReference(); dr.Uri = "#" + edata.Id; refList.Add(dr); if (ShouldOutputEncryptedKey && !CounterParameters.RequireDerivedKeys) { edata.KeyInfo = null; } else { edata.KeyInfo = new KeyInfo(); edata.KeyInfo.AddClause(new SecurityTokenReferenceKeyInfo(encClause, serializer, doc)); } return(edata); }
public virtual SamlStatement LoadStatement(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } if (reader.IsStartElement(this.DictionaryManager.SamlDictionary.AuthenticationStatement, this.DictionaryManager.SamlDictionary.Namespace)) { SamlAuthenticationStatement statement = new SamlAuthenticationStatement(); statement.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver); return(statement); } if (reader.IsStartElement(this.DictionaryManager.SamlDictionary.AttributeStatement, this.DictionaryManager.SamlDictionary.Namespace)) { SamlAttributeStatement statement2 = new SamlAttributeStatement(); statement2.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver); return(statement2); } if (!reader.IsStartElement(this.DictionaryManager.SamlDictionary.AuthorizationDecisionStatement, this.DictionaryManager.SamlDictionary.Namespace)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(System.IdentityModel.SR.GetString("SAMLUnableToLoadUnknownElement", new object[] { reader.LocalName }))); } SamlAuthorizationDecisionStatement statement3 = new SamlAuthorizationDecisionStatement(); statement3.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver); return(statement3); }
public virtual void WriteXml(XmlDictionaryWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer) { if (writer == null) { throw new ArgumentNullException("writer"); } if (samlSerializer == null) { throw new ArgumentNullException("samlSerializer"); } writer.WriteStartElement("saml", "Conditions", SamlConstants.Namespace); CultureInfo invariant = CultureInfo.InvariantCulture; if (has_not_before) { writer.WriteAttributeString("NotBefore", NotBefore.ToString(SamlConstants.DateFormat, invariant)); } if (has_not_on_after) { writer.WriteAttributeString("NotOnOrAfter", NotOnOrAfter.ToString(SamlConstants.DateFormat, invariant)); } foreach (SamlCondition cond in Conditions) { cond.WriteXml(writer, samlSerializer, keyInfoSerializer); } writer.WriteEndElement(); }
public virtual void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoTokenSerializer, SecurityTokenResolver outOfBandTokenResolver) { if (reader == null) { throw new ArgumentNullException("reader"); } if (samlSerializer == null) { throw new ArgumentNullException("samlSerializer"); } reader.ReadStartElement("Subject", SamlConstants.Namespace); NameFormat = reader.GetAttribute("Format"); NameQualifier = reader.GetAttribute("NameQualifier"); Name = reader.ReadElementContentAsString("NameIdentifier", SamlConstants.Namespace); reader.ReadEndElement(); if (Name == null || Name.Length == 0) { throw new SecurityTokenException("non-zero length string must be exist for Name."); } }
public virtual SamlStatement LoadStatement(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } if (reader.IsStartElement(DictionaryManager.SamlDictionary.AuthenticationStatement, DictionaryManager.SamlDictionary.Namespace)) { SamlAuthenticationStatement authStatement = new SamlAuthenticationStatement(); authStatement.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver); return(authStatement); } else if (reader.IsStartElement(DictionaryManager.SamlDictionary.AttributeStatement, DictionaryManager.SamlDictionary.Namespace)) { SamlAttributeStatement attrStatement = new SamlAttributeStatement(); attrStatement.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver); return(attrStatement); } else if (reader.IsStartElement(DictionaryManager.SamlDictionary.AuthorizationDecisionStatement, DictionaryManager.SamlDictionary.Namespace)) { SamlAuthorizationDecisionStatement authDecisionStatement = new SamlAuthorizationDecisionStatement(); authDecisionStatement.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver); return(authDecisionStatement); } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.SAMLUnableToLoadUnknownElement, reader.LocalName))); } }
public virtual void WriteXml(XmlDictionaryWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoTokenSerializer) { if (writer == null) { throw new ArgumentNullException("writer"); } if (samlSerializer == null) { throw new ArgumentNullException("samlSerializer"); } if (Name == null || Name.Length == 0) { throw new SecurityTokenException("non-zero length string must be set to Name of SAML Subject before being written."); } writer.WriteStartElement("saml", "Subject", SamlConstants.Namespace); writer.WriteStartElement("saml", "NameIdentifier", SamlConstants.Namespace); writer.WriteAttributeString("Format", NameFormat); writer.WriteAttributeString("NameQualifier", NameQualifier); writer.WriteString(Name); writer.WriteEndElement(); writer.WriteEndElement(); }
public virtual void WriteXml(XmlDictionaryWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer) { if (writer == null) { throw new ArgumentNullException("writer"); } if (samlSerializer == null) { throw new ArgumentNullException("samlSerializer"); } if (references.Count == 0 && assertions.Count == 0) { throw new SecurityTokenException("At least either one of AssertionIDReference or Assertion must exist in SAML Evidence."); } writer.WriteStartElement("saml", "Evidence", SamlConstants.Namespace); foreach (string s in references) { writer.WriteElementString("saml", "AssertionIDReference", SamlConstants.Namespace, s); } foreach (SamlAssertion a in assertions) { a.WriteXml(writer, samlSerializer, keyInfoSerializer); } writer.WriteEndElement(); }
public virtual SamlAttribute LoadAttribute(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver) { SamlAttribute attribute = new SamlAttribute(); attribute.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver); return(attribute); }
/// <summary> /// Initializes the object with a UA identity token /// </summary> private void Initialize(IssuedIdentityToken token, SecurityTokenSerializer serializer, SecurityTokenResolver resolver) { if (token == null) { throw new ArgumentNullException("token"); } string text = new UTF8Encoding().GetString(token.DecryptedTokenData); XmlDocument document = new XmlDocument(); document.InnerXml = text.Trim(); XmlNodeReader reader = new XmlNodeReader(document.DocumentElement); try { if (document.DocumentElement.NamespaceURI == "urn:oasis:names:tc:SAML:1.0:assertion") { SecurityToken samlToken = new SamlSerializer().ReadToken(reader, serializer, resolver); Initialize(samlToken); } else { SecurityToken securityToken = serializer.ReadToken(reader, resolver); Initialize(securityToken); } } finally { reader.Close(); } }
public virtual void WriteXml( XmlDictionaryWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer) { if (writer == null) { throw new ArgumentNullException("writer"); } if (samlSerializer == null) { throw new ArgumentNullException("samlSerializer"); } if (AuthorityKind == null) { throw new SecurityTokenException("AuthorityKind must be set to SAML AuthorityBinding before being written."); } if (Binding == null) { throw new SecurityTokenException("non-zero length Binding must be set to SAML AuthorityBinding before being written."); } if (Location == null) { throw new SecurityTokenException("non-zero length Location must be set to SAML AuthorityBinding before being written."); } writer.WriteStartElement("saml", "AuthorityBinding", SamlConstants.Namespace); writer.WriteXmlnsAttribute(String.Empty, AuthorityKind.Namespace); writer.WriteAttributeString("AuthorityKind", AuthorityKind.Name); writer.WriteAttributeString("Location", Location); writer.WriteAttributeString("Binding", Binding); writer.WriteEndElement(); }
internal void WriteTo(XmlWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer) { if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if ((this.signingCredentials == null) && (this.signature == null)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.IdentityModel.SR.GetString("SamlAssertionMissingSigningCredentials"))); } XmlDictionaryWriter innerWriter = XmlDictionaryWriter.CreateDictionaryWriter(writer); if (this.signingCredentials != null) { using (HashAlgorithm algorithm = CryptoHelper.CreateHashAlgorithm(this.signingCredentials.DigestAlgorithm)) { this.hashStream = new HashStream(algorithm); this.keyInfoSerializer = keyInfoSerializer; this.dictionaryManager = samlSerializer.DictionaryManager; SamlDelegatingWriter writer3 = new SamlDelegatingWriter(innerWriter, this.hashStream, this, samlSerializer.DictionaryManager.ParentDictionary); this.WriteXml(writer3, samlSerializer, keyInfoSerializer); return; } } this.tokenStream.SetElementExclusion(null, null); this.tokenStream.WriteTo(innerWriter, samlSerializer.DictionaryManager); }
public override void WriteXml( XmlDictionaryWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer) { if (writer == null) { throw new ArgumentNullException("writer"); } if (samlSerializer == null) { throw new ArgumentNullException("samlSerializer"); } if (Audiences.Count == 0) { throw new SecurityTokenException("SAML AudienceRestrictionCondition must contain at least one Audience."); } writer.WriteStartElement("saml", "AudienceRestrictionCondition", SamlConstants.Namespace); foreach (Uri a in Audiences) { writer.WriteElementString("saml", "Audience", SamlConstants.Namespace, a.AbsoluteUri); } writer.WriteEndElement(); }
protected void ReadSignature(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoTokenSerializer, SecurityTokenResolver outOfBandTokenResolver, SamlSerializer samlSerializer) { throw new NotImplementedException(); }
internal void ConfigureProtocolFactory(SecurityProtocolFactory factory, SecurityCredentialsManager credentialsManager, bool isForService, BindingContext issuerBindingContext, Binding binding) { if (factory == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException(nameof(factory))); } if (credentialsManager == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException(nameof(credentialsManager))); } factory.AddTimestamp = IncludeTimestamp; factory.IncomingAlgorithmSuite = DefaultAlgorithmSuite; factory.OutgoingAlgorithmSuite = DefaultAlgorithmSuite; factory.SecurityHeaderLayout = SecurityHeaderLayout; factory.TimestampValidityDuration = LocalServiceSettings.TimestampValidityDuration; factory.DetectReplays = LocalServiceSettings.DetectReplays; factory.MaxCachedNonces = LocalServiceSettings.ReplayCacheSize; factory.MaxClockSkew = LocalServiceSettings.MaxClockSkew; factory.ReplayWindow = LocalServiceSettings.ReplayWindow; if (LocalServiceSettings.DetectReplays) { factory.NonceCache = LocalServiceSettings.NonceCache; } factory.SecurityBindingElement = (SecurityBindingElement)Clone(); factory.SecurityBindingElement.SetIssuerBindingContextIfRequired(issuerBindingContext); factory.SecurityTokenManager = credentialsManager.CreateSecurityTokenManager(); SecurityTokenSerializer tokenSerializer = factory.SecurityTokenManager.CreateSecurityTokenSerializer(_messageSecurityVersion.SecurityTokenVersion); factory.StandardsManager = new SecurityStandardsManager(_messageSecurityVersion, tokenSerializer); }
public SecurityStandardsManager(MessageSecurityVersion messageSecurityVersion, SecurityTokenSerializer tokenSerializer) { MessageSecurityVersion = messageSecurityVersion ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException(nameof(messageSecurityVersion))); _tokenSerializer = tokenSerializer ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(tokenSerializer)); if (messageSecurityVersion.SecureConversationVersion == SecureConversationVersion.WSSecureConversation13) { throw ExceptionHelper.PlatformNotSupported(); } else { SecureConversationDriver = new WSSecureConversationFeb2005.DriverFeb2005(); } if (SecurityVersion == SecurityVersion.WSSecurity10 || SecurityVersion == SecurityVersion.WSSecurity11) { IdManager = WSSecurityJan2004.IdManager.Instance; } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException(nameof(messageSecurityVersion), SR.MessageSecurityVersionOutOfRange)); } WSUtilitySpecificationVersion = WSUtilitySpecificationVersion.Default; TrustDriver = null; if (messageSecurityVersion.MessageSecurityTokenVersion.TrustVersion == TrustVersion.WSTrust13) { throw ExceptionHelper.PlatformNotSupported(); } else { TrustDriver = new WSTrustFeb2005.DriverFeb2005(this); } }
public RequestSecurityTokenResponse(MessageSecurityVersion messageSecurityVersion, SecurityTokenSerializer securityTokenSerializer, XmlElement requestSecurityTokenResponseXml, string context, string tokenType, int keySize, SecurityKeyIdentifierClause requestedAttachedReference, SecurityKeyIdentifierClause requestedUnattachedReference, bool computeKey, DateTime validFrom, DateTime validTo, bool isRequestedTokenClosed) : this(SecurityUtils.CreateSecurityStandardsManager(messageSecurityVersion, securityTokenSerializer), requestSecurityTokenResponseXml, context, tokenType, keySize, requestedAttachedReference, requestedUnattachedReference, computeKey, validFrom, validTo, isRequestedTokenClosed, null) { }
public KeyInfoSerializer( bool emitBspRequiredAttributes, DictionaryManager dictionaryManager, TrustDictionary trustDictionary, SecurityTokenSerializer innerSecurityTokenSerializer) : this(emitBspRequiredAttributes, dictionaryManager, trustDictionary, innerSecurityTokenSerializer, null) { }
public SimpleWebSecurityTokenSerializer(SecurityTokenSerializer innerSerializer) { if (innerSerializer == null) { throw new ArgumentNullException("innerSerializer"); } this.innerSerializer = innerSerializer; }
public EncryptedTypeElement(SecurityTokenSerializer keyInfoSerializer) { _cipherData = new CipherDataElement(); _encryptionMethod = new EncryptionMethodElement(); _keyInfo = new KeyInfo(keyInfoSerializer); _properties = new List <string>(); _keyInfoSerializer = keyInfoSerializer; }
public virtual void WriteToken(SamlSecurityToken token, XmlWriter writer, SecurityTokenSerializer keyInfoSerializer) { if (token == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token"); } token.Assertion.WriteTo(writer, this, keyInfoSerializer); }
protected override void OnWriteHeaderContents(XmlDictionaryWriter writer, MessageVersion messageVersion) { SecurityTokenSerializer defaultInstance = SimpleWebSecurityTokenSerializer.DefaultInstance; if (this.token != null && defaultInstance.CanWriteToken(this.token)) { defaultInstance.WriteToken(writer, this.token); } }
public override void PopulateKeyIdentifierClauseEntries(IList <KeyIdentifierClauseEntry> clauseEntries) { List <StrEntry> strEntries = new List <StrEntry>(); SecurityTokenSerializer.PopulateStrEntries(strEntries); SecurityTokenReferenceXXX2005ClauseEntry strClause = new SecurityTokenReferenceXXX2005ClauseEntry(SecurityTokenSerializer.EmitBspRequiredAttributes, strEntries); clauseEntries.Add(strClause); }
public WSSecurityMessageHeaderReader(WSSecurityMessageHeader header, SecurityTokenSerializer serializer, SecurityTokenResolver resolver, XmlDocument doc, XmlNamespaceManager nsmgr, List <SecurityToken> tokens) { this.header = header; this.serializer = serializer; this.resolver = resolver; this.doc = doc; this.nsmgr = nsmgr; this.tokens = tokens; }
public Saml2InitiatorSecurityTokenSerializer(SecurityTokenSerializer serializer) { this.serializer = serializer; var securityTokenSerializerAdapter = (SecurityTokenSerializerAdapter)serializer; securityTokenSerializerAdapter.SecurityTokenHandlers.Remove( securityTokenSerializerAdapter.SecurityTokenHandlers[typeof(Saml2SecurityToken)]); securityTokenSerializerAdapter.SecurityTokenHandlers.Add(new OIOSaml2SecurityTokenHandler()); }
public static string GetKeyIdentifierClauseXml(SecurityTokenSerializer serializer, XmlWriterSettings settings, SecurityKeyIdentifierClause item) { StringWriter sw = new StringWriter(); using (XmlWriter xw = XmlWriter.Create(sw)) { serializer.WriteKeyIdentifierClause(xw, item); } return(sw.ToString()); }
public virtual void WriteXml(XmlDictionaryWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoTokenSerializer) { if (writer == null) { throw new ArgumentNullException("writer"); } if (Issuer == null || Issuer.Length == 0) { throw new SecurityTokenException("Issuer must not be null or empty."); } if (Statements.Count == 0) { throw new SecurityTokenException("At least one assertion statement is required."); } if (samlSerializer == null) { throw new ArgumentNullException("samlSerializer"); } CultureInfo invariant = CultureInfo.InvariantCulture; writer.WriteStartElement("saml", "Assertion", SamlConstants.Namespace); writer.WriteAttributeString("MajorVersion", MajorVersion.ToString(invariant)); writer.WriteAttributeString("MinorVersion", MinorVersion.ToString(invariant)); writer.WriteAttributeString("AssertionID", AssertionId); writer.WriteAttributeString("Issuer", Issuer); writer.WriteAttributeString("IssueInstant", IssueInstant.ToString(SamlConstants.DateFormat, invariant)); try { if (Conditions != null) { Conditions.WriteXml(writer, samlSerializer, keyInfoTokenSerializer); } if (Advice != null) { Advice.WriteXml(writer, samlSerializer, keyInfoTokenSerializer); } foreach (SamlStatement statement in Statements) { statement.WriteXml(writer, samlSerializer, keyInfoTokenSerializer); } } catch (NotImplementedException) { throw; } catch (Exception ex) // bad catch, eh? { throw new InvalidOperationException("There is an error on writing assertion statements.", ex); } writer.WriteEndElement(); }
private void ParseToken(string xmlToken, X509Certificate2 cert) { int skew = 300; // default to 5 minutes string tokenskew = System.Configuration.ConfigurationManager.AppSettings["MaximumClockSkew"]; if (!string.IsNullOrEmpty(tokenskew)) { skew = Int32.Parse(tokenskew); } XmlReader tokenReader = new XmlTextReader(new StringReader(xmlToken)); EncryptedData enc = new EncryptedData(); enc.TokenSerializer = WSSecurityTokenSerializer.DefaultInstance; enc.ReadFrom(tokenReader); List <SecurityToken> tokens = new List <SecurityToken>(); SecurityToken encryptingToken = new X509SecurityToken(cert); tokens.Add(encryptingToken); SecurityTokenResolver tokenResolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver(tokens.AsReadOnly(), false); SymmetricSecurityKey encryptingCrypto; // an error here usually means that you have selected the wrong key. encryptingCrypto = (SymmetricSecurityKey)tokenResolver.ResolveSecurityKey(enc.KeyIdentifier[0]); SymmetricAlgorithm algorithm = encryptingCrypto.GetSymmetricAlgorithm(enc.EncryptionMethod); byte[] decryptedData = enc.GetDecryptedBuffer(algorithm); SecurityTokenSerializer tokenSerializer = WSSecurityTokenSerializer.DefaultInstance; XmlReader reader = new XmlTextReader(new StreamReader(new MemoryStream(decryptedData), Encoding.UTF8)); m_token = (SamlSecurityToken)tokenSerializer.ReadToken(reader, tokenResolver); SamlSecurityTokenAuthenticator authenticator = new SamlSecurityTokenAuthenticator(new List <SecurityTokenAuthenticator>( new SecurityTokenAuthenticator[] { new RsaSecurityTokenAuthenticator(), new X509SecurityTokenAuthenticator() }), new TimeSpan(0, 0, skew)); if (authenticator.CanValidateToken(m_token)) { ReadOnlyCollection <IAuthorizationPolicy> policies = authenticator.ValidateToken(m_token); m_authorizationContext = AuthorizationContext.CreateDefaultAuthorizationContext(policies); m_identityClaims = FindIdentityClaims(m_authorizationContext); } else { throw new Exception("Unable to validate the token."); } }
protected EncryptedType() { #if FEATURE_CORECLR throw new NotImplementedException("KeyInfoSerializer not supported in .NET Core"); #else this.encryptionMethod.Init(); this.state = EncryptedType.EncryptionState.New; this.tokenSerializer = (SecurityTokenSerializer) new KeyInfoSerializer(false); #endif }