/// <summary> /// Load custom configuration from Xml /// </summary> /// <param name="customConfigElements">XmlElement to custom configuration.</param> /// <exception cref="ArgumentNullException">The param 'customConfigElements' is null.</exception> /// <exception cref="InvalidOperationException">Custom configuration specified was invalid.</exception> public override void LoadCustomConfiguration(XmlNodeList customConfigElements) { if (customConfigElements == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("customConfigElements"); } List <XmlElement> configNodes = XmlUtil.GetXmlElements(customConfigElements); bool foundValidConfig = false; bool foundCustomX509Validator = false; X509RevocationMode revocationMode = defaultRevocationMode; X509CertificateValidationMode certificateValidationMode = defaultValidationMode; StoreLocation trustedStoreLocation = defaultStoreLocation; string customValidator = null; foreach (XmlElement customConfigElement in configNodes) { if (!StringComparer.Ordinal.Equals(customConfigElement.LocalName, ConfigurationStrings.X509SecurityTokenHandlerRequirement)) { continue; } if (foundValidConfig) { throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID7026, ConfigurationStrings.X509SecurityTokenHandlerRequirement)); } foreach (XmlAttribute attribute in customConfigElement.Attributes) { if (StringComparer.OrdinalIgnoreCase.Equals(attribute.LocalName, ConfigurationStrings.MapToWindows)) { mapToWindows = XmlConvert.ToBoolean(attribute.Value.ToLowerInvariant()); } else if (StringComparer.OrdinalIgnoreCase.Equals(attribute.LocalName, ConfigurationStrings.X509CertificateValidator)) { customValidator = attribute.Value.ToString(); } else if (StringComparer.OrdinalIgnoreCase.Equals(attribute.LocalName, ConfigurationStrings.X509CertificateRevocationMode)) { foundCustomX509Validator = true; string revocationModeString = attribute.Value.ToString(); if (StringComparer.OrdinalIgnoreCase.Equals(revocationModeString, ConfigurationStrings.X509RevocationModeNoCheck)) { revocationMode = X509RevocationMode.NoCheck; } else if (StringComparer.OrdinalIgnoreCase.Equals(revocationModeString, ConfigurationStrings.X509RevocationModeOffline)) { revocationMode = X509RevocationMode.Offline; } else if (StringComparer.OrdinalIgnoreCase.Equals(revocationModeString, ConfigurationStrings.X509RevocationModeOnline)) { revocationMode = X509RevocationMode.Online; } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID7011, attribute.LocalName, customConfigElement.LocalName))); } } else if (StringComparer.OrdinalIgnoreCase.Equals(attribute.LocalName, ConfigurationStrings.X509CertificateValidationMode)) { foundCustomX509Validator = true; string validationModeString = attribute.Value.ToString(); if (StringComparer.OrdinalIgnoreCase.Equals(validationModeString, ConfigurationStrings.X509CertificateValidationModeChainTrust)) { certificateValidationMode = X509CertificateValidationMode.ChainTrust; } else if (StringComparer.OrdinalIgnoreCase.Equals(validationModeString, ConfigurationStrings.X509CertificateValidationModePeerOrChainTrust)) { certificateValidationMode = X509CertificateValidationMode.PeerOrChainTrust; } else if (StringComparer.OrdinalIgnoreCase.Equals(validationModeString, ConfigurationStrings.X509CertificateValidationModePeerTrust)) { certificateValidationMode = X509CertificateValidationMode.PeerTrust; } else if (StringComparer.OrdinalIgnoreCase.Equals(validationModeString, ConfigurationStrings.X509CertificateValidationModeNone)) { certificateValidationMode = X509CertificateValidationMode.None; } else if (StringComparer.OrdinalIgnoreCase.Equals(validationModeString, ConfigurationStrings.X509CertificateValidationModeCustom)) { certificateValidationMode = X509CertificateValidationMode.Custom; } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID7011, attribute.LocalName, customConfigElement.LocalName))); } } else if (StringComparer.OrdinalIgnoreCase.Equals(attribute.LocalName, ConfigurationStrings.X509TrustedStoreLocation)) { foundCustomX509Validator = true; string trustedStoreLocationString = attribute.Value.ToString(); if (StringComparer.OrdinalIgnoreCase.Equals(trustedStoreLocationString, ConfigurationStrings.X509TrustedStoreLocationCurrentUser)) { trustedStoreLocation = StoreLocation.CurrentUser; } else if (StringComparer.OrdinalIgnoreCase.Equals(trustedStoreLocationString, ConfigurationStrings.X509TrustedStoreLocationLocalMachine)) { trustedStoreLocation = StoreLocation.LocalMachine; } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID7011, attribute.LocalName, customConfigElement.LocalName))); } } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID7004, attribute.LocalName, customConfigElement.LocalName))); } } foundValidConfig = true; } if (certificateValidationMode == X509CertificateValidationMode.Custom) { if (String.IsNullOrEmpty(customValidator)) { throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID7028)); } Type customValidatorType = Type.GetType(customValidator, true); if (customValidatorType == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("value", SR.GetString(SR.ID7007, customValidatorType)); } certificateValidator = CustomTypeElement.Resolve <X509CertificateValidator>(new CustomTypeElement(customValidatorType)); } else if (foundCustomX509Validator) { certificateValidator = X509Util.CreateCertificateValidator(certificateValidationMode, revocationMode, trustedStoreLocation); } }
public JwtSecurityTokenRequirement(XmlElement element) { if (element == null) { throw new ArgumentNullException("element"); } if (element.LocalName != Elements.JwtSecurityTokenRequirement) { throw new ConfigurationErrorsException(string.Format(CultureInfo.InvariantCulture, JwtErrors.Jwt10601, element.LocalName, element.OuterXml)); } X509RevocationMode revocationMode = this.defaultRevocationMode; X509CertificateValidationMode certificateValidationMode = this.defaultValidationMode; StoreLocation trustedStoreLocation = this.defaultStoreLocation; string customValidator = null; bool createCertificateValidator = false; HashSet <string> itemsProcessed = new HashSet <string>(); foreach (XmlAttribute attribute in element.Attributes) { if (string.IsNullOrWhiteSpace(attribute.Value)) { throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, JwtErrors.Jwt10600, attribute.LocalName, element.OuterXml)); } if (itemsProcessed.Contains(attribute.Value)) { throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, JwtErrors.Jwt10617, attribute.LocalName, element.OuterXml)); } if (StringComparer.OrdinalIgnoreCase.Equals(attribute.LocalName, Attributes.Validator)) { customValidator = attribute.Value; } else if (StringComparer.OrdinalIgnoreCase.Equals(attribute.LocalName, Attributes.RevocationMode)) { createCertificateValidator = true; if (StringComparer.OrdinalIgnoreCase.Equals(attribute.Value, AttributeValues.X509RevocationModeNoCheck)) { revocationMode = X509RevocationMode.NoCheck; } else if (StringComparer.OrdinalIgnoreCase.Equals(attribute.Value, AttributeValues.X509RevocationModeOffline)) { revocationMode = X509RevocationMode.Offline; } else if (StringComparer.OrdinalIgnoreCase.Equals(attribute.Value, AttributeValues.X509RevocationModeOnline)) { revocationMode = X509RevocationMode.Online; } else { throw new ConfigurationErrorsException( string.Format( CultureInfo.InvariantCulture, JwtErrors.Jwt10606, Attributes.RevocationMode, attribute.Value, string.Format( CultureInfo.InvariantCulture, "'{0}', '{1}', '{2}'", AttributeValues.X509RevocationModeNoCheck, AttributeValues.X509RevocationModeOffline, AttributeValues.X509RevocationModeOnline), element.OuterXml)); } } else if (StringComparer.OrdinalIgnoreCase.Equals(attribute.LocalName, Attributes.ValidationMode)) { createCertificateValidator = true; if (StringComparer.OrdinalIgnoreCase.Equals(attribute.Value, AttributeValues.X509CertificateValidationModeChainTrust)) { certificateValidationMode = X509CertificateValidationMode.ChainTrust; } else if (StringComparer.OrdinalIgnoreCase.Equals(attribute.Value, AttributeValues.X509CertificateValidationModePeerOrChainTrust)) { certificateValidationMode = X509CertificateValidationMode.PeerOrChainTrust; } else if (StringComparer.OrdinalIgnoreCase.Equals(attribute.Value, AttributeValues.X509CertificateValidationModePeerTrust)) { certificateValidationMode = X509CertificateValidationMode.PeerTrust; } else if (StringComparer.OrdinalIgnoreCase.Equals(attribute.Value, AttributeValues.X509CertificateValidationModeNone)) { certificateValidationMode = X509CertificateValidationMode.None; } else if (StringComparer.OrdinalIgnoreCase.Equals(attribute.Value, AttributeValues.X509CertificateValidationModeCustom)) { certificateValidationMode = X509CertificateValidationMode.Custom; } else { throw new ConfigurationErrorsException( string.Format( CultureInfo.InvariantCulture, JwtErrors.Jwt10606, Attributes.ValidationMode, attribute.Value, string.Format( CultureInfo.InvariantCulture, "'{0}', '{1}', '{2}', '{3}', '{4}'", AttributeValues.X509CertificateValidationModeChainTrust, AttributeValues.X509CertificateValidationModePeerOrChainTrust, AttributeValues.X509CertificateValidationModePeerTrust, AttributeValues.X509CertificateValidationModeNone, AttributeValues.X509CertificateValidationModeCustom), element.OuterXml)); } } else if (StringComparer.OrdinalIgnoreCase.Equals(attribute.LocalName, Attributes.TrustedStoreLocation)) { createCertificateValidator = true; if (StringComparer.OrdinalIgnoreCase.Equals(attribute.Value, AttributeValues.X509TrustedStoreLocationCurrentUser)) { trustedStoreLocation = StoreLocation.CurrentUser; } else if (StringComparer.OrdinalIgnoreCase.Equals(attribute.Value, AttributeValues.X509TrustedStoreLocationLocalMachine)) { trustedStoreLocation = StoreLocation.LocalMachine; } else { throw new ConfigurationErrorsException( string.Format( CultureInfo.InvariantCulture, JwtErrors.Jwt10606, Attributes.TrustedStoreLocation, attribute.Value, "'" + AttributeValues.X509TrustedStoreLocationCurrentUser + "', '" + AttributeValues.X509TrustedStoreLocationLocalMachine + "'", element.OuterXml)); } } else { throw new ConfigurationErrorsException(string.Format(CultureInfo.InvariantCulture, JwtErrors.Jwt10608, Elements.JwtSecurityTokenRequirement, attribute.LocalName, element.OuterXml)); } } List <XmlElement> configElements = XmlUtil.GetXmlElements(element.ChildNodes); HashSet <string> elementsProcessed = new HashSet <string>(); foreach (XmlElement childElement in configElements) { if (childElement.Attributes.Count > 1) { throw new ConfigurationErrorsException(string.Format(CultureInfo.InvariantCulture, JwtErrors.Jwt10609, childElement.LocalName, Attributes.Value, element.OuterXml)); } if (childElement.Attributes.Count == 0) { throw new ConfigurationErrorsException(string.Format(CultureInfo.InvariantCulture, JwtErrors.Jwt10607, childElement.LocalName, Attributes.Value, element.OuterXml)); } if (string.IsNullOrWhiteSpace(childElement.Attributes[0].LocalName)) { throw new ConfigurationErrorsException(string.Format(CultureInfo.InvariantCulture, JwtErrors.Jwt10600, Attributes.Value, element.OuterXml)); } if (!StringComparer.Ordinal.Equals(childElement.Attributes[0].LocalName, Attributes.Value)) { throw new ConfigurationErrorsException(string.Format(CultureInfo.InvariantCulture, JwtErrors.Jwt10610, childElement.LocalName, Attributes.Value, childElement.Attributes[0].LocalName, element.OuterXml)); } if (elementsProcessed.Contains(childElement.LocalName)) { throw new ConfigurationErrorsException(string.Format(CultureInfo.InvariantCulture, JwtErrors.Jwt10616, childElement.LocalName, element.OuterXml)); } elementsProcessed.Add(childElement.LocalName); if (StringComparer.Ordinal.Equals(childElement.LocalName, Elements.NameClaimType)) { this.NameClaimType = childElement.Attributes[0].Value; } else if (StringComparer.Ordinal.Equals(childElement.LocalName, Elements.RoleClaimType)) { this.RoleClaimType = childElement.Attributes[0].Value; } else { try { if (StringComparer.Ordinal.Equals(childElement.LocalName, Elements.MaxTokenSizeInBytes)) { this.MaximumTokenSizeInBytes = Convert.ToInt32(childElement.Attributes[0].Value, CultureInfo.InvariantCulture); } else if (StringComparer.Ordinal.Equals(childElement.LocalName, Elements.DefaultTokenLifetimeInMinutes)) { this.DefaultTokenLifetimeInMinutes = Convert.ToInt32(childElement.Attributes[0].Value, CultureInfo.InvariantCulture); } else if (StringComparer.Ordinal.Equals(childElement.LocalName, Elements.MaxClockSkewInMinutes)) { this.ClockSkewInSeconds = Convert.ToInt32(childElement.Attributes[0].Value, CultureInfo.InvariantCulture); } else { throw new ConfigurationErrorsException( string.Format( CultureInfo.InvariantCulture, JwtErrors.Jwt10611, Elements.JwtSecurityTokenRequirement, childElement.LocalName, string.Format( CultureInfo.InvariantCulture, "{0}', '{1}', '{2}', '{3}', '{4}", Elements.NameClaimType, Elements.RoleClaimType, Elements.MaxTokenSizeInBytes, Elements.MaxClockSkewInMinutes, Elements.DefaultTokenLifetimeInMinutes), element.OuterXml)); } } catch (OverflowException oex) { throw new ConfigurationErrorsException(string.Format(CultureInfo.InvariantCulture, JwtErrors.Jwt10603, childElement.LocalName, childElement.OuterXml, oex), oex); } catch (FormatException fex) { throw new ConfigurationErrorsException(string.Format(CultureInfo.InvariantCulture, JwtErrors.Jwt10603, childElement.LocalName, childElement.OuterXml, fex), fex); } catch (ArgumentOutOfRangeException aex) { throw new ConfigurationErrorsException(string.Format(CultureInfo.InvariantCulture, JwtErrors.Jwt10603, childElement.LocalName, childElement.OuterXml, aex), aex); } } } if (certificateValidationMode == X509CertificateValidationMode.Custom) { Type customValidatorType = null; if (customValidator == null) { throw new ConfigurationErrorsException(string.Format(CultureInfo.InvariantCulture, JwtErrors.Jwt10612, Attributes.ValidationMode, Attributes.Validator, element.OuterXml)); } try { customValidatorType = Type.GetType(customValidator, true); CustomTypeElement typeElement = new CustomTypeElement(); typeElement.Type = customValidatorType; this.certificateValidator = CustomTypeElement.Resolve <X509CertificateValidator>(typeElement); } catch (Exception ex) { if (DiagnosticUtility.IsFatal(ex)) { throw; } throw new ConfigurationErrorsException(string.Format(CultureInfo.InvariantCulture, JwtErrors.Jwt10613, customValidator, Attributes.Validator, ex, element.OuterXml), ex); } } else if (customValidator != null) { throw new ConfigurationErrorsException(string.Format(CultureInfo.InvariantCulture, JwtErrors.Jwt10619, Attributes.Validator, Attributes.ValidationMode, AttributeValues.X509CertificateValidationModeCustom, certificateValidationMode, typeof(X509CertificateValidator).ToString(), customValidator, element.OuterXml)); } else if (createCertificateValidator) { this.certificateValidator = new X509CertificateValidatorEx(certificateValidationMode, revocationMode, trustedStoreLocation); } }
/// <summary> /// Creates an instance of <see cref="SamlSecurityTokenRequirement"/> /// <param name="element">The XmlElement from which the instance is to be loaded.</param> /// </summary> public SamlSecurityTokenRequirement(XmlElement element) { if (element == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("element"); } if (element.LocalName != ConfigurationStrings.SamlSecurityTokenRequirement) { throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID7000, ConfigurationStrings.SamlSecurityTokenRequirement, element.LocalName)); } bool foundCustomX509Validator = false; X509RevocationMode revocationMode = DefaultRevocationMode; X509CertificateValidationMode certificateValidationMode = DefaultValidationMode; StoreLocation trustedStoreLocation = DefaultStoreLocation; string customValidator = null; foreach (XmlAttribute attribute in element.Attributes) { if (StringComparer.OrdinalIgnoreCase.Equals(attribute.LocalName, ConfigurationStrings.MapToWindows)) { bool outMapToWindows = false; if (!bool.TryParse(attribute.Value, out outMapToWindows)) { throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID7022, attribute.Value)); } this.MapToWindows = outMapToWindows; } else if (StringComparer.OrdinalIgnoreCase.Equals(attribute.LocalName, ConfigurationStrings.IssuerCertificateValidator)) { customValidator = attribute.Value.ToString(); } else if (StringComparer.OrdinalIgnoreCase.Equals(attribute.LocalName, ConfigurationStrings.IssuerCertificateRevocationMode)) { foundCustomX509Validator = true; string revocationModeString = attribute.Value.ToString(); if (StringComparer.OrdinalIgnoreCase.Equals(revocationModeString, ConfigurationStrings.X509RevocationModeNoCheck)) { revocationMode = X509RevocationMode.NoCheck; } else if (StringComparer.OrdinalIgnoreCase.Equals(revocationModeString, ConfigurationStrings.X509RevocationModeOffline)) { revocationMode = X509RevocationMode.Offline; } else if (StringComparer.OrdinalIgnoreCase.Equals(revocationModeString, ConfigurationStrings.X509RevocationModeOnline)) { revocationMode = X509RevocationMode.Online; } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID7011, attribute.LocalName, element.LocalName))); } } else if (StringComparer.OrdinalIgnoreCase.Equals(attribute.LocalName, ConfigurationStrings.IssuerCertificateValidationMode)) { foundCustomX509Validator = true; string validationModeString = attribute.Value.ToString(); if (StringComparer.OrdinalIgnoreCase.Equals(validationModeString, ConfigurationStrings.X509CertificateValidationModeChainTrust)) { certificateValidationMode = X509CertificateValidationMode.ChainTrust; } else if (StringComparer.OrdinalIgnoreCase.Equals(validationModeString, ConfigurationStrings.X509CertificateValidationModePeerOrChainTrust)) { certificateValidationMode = X509CertificateValidationMode.PeerOrChainTrust; } else if (StringComparer.OrdinalIgnoreCase.Equals(validationModeString, ConfigurationStrings.X509CertificateValidationModePeerTrust)) { certificateValidationMode = X509CertificateValidationMode.PeerTrust; } else if (StringComparer.OrdinalIgnoreCase.Equals(validationModeString, ConfigurationStrings.X509CertificateValidationModeNone)) { certificateValidationMode = X509CertificateValidationMode.None; } else if (StringComparer.OrdinalIgnoreCase.Equals(validationModeString, ConfigurationStrings.X509CertificateValidationModeCustom)) { certificateValidationMode = X509CertificateValidationMode.Custom; } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID7011, attribute.LocalName, element.LocalName))); } } else if (StringComparer.OrdinalIgnoreCase.Equals(attribute.LocalName, ConfigurationStrings.IssuerCertificateTrustedStoreLocation)) { foundCustomX509Validator = true; string trustedStoreLocationString = attribute.Value.ToString(); if (StringComparer.OrdinalIgnoreCase.Equals(trustedStoreLocationString, ConfigurationStrings.X509TrustedStoreLocationCurrentUser)) { trustedStoreLocation = StoreLocation.CurrentUser; } else if (StringComparer.OrdinalIgnoreCase.Equals(trustedStoreLocationString, ConfigurationStrings.X509TrustedStoreLocationLocalMachine)) { trustedStoreLocation = StoreLocation.LocalMachine; } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID7011, attribute.LocalName, element.LocalName))); } } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID7004, attribute.LocalName, element.LocalName))); } } List <XmlElement> configElements = XmlUtil.GetXmlElements(element.ChildNodes); foreach (XmlElement childElement in configElements) { if (StringComparer.Ordinal.Equals(childElement.LocalName, ConfigurationStrings.NameClaimType)) { if (childElement.Attributes.Count != 1 || !StringComparer.Ordinal.Equals(childElement.Attributes[0].LocalName, ConfigurationStrings.Value)) { throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID7001, String.Format(System.Globalization.CultureInfo.InvariantCulture, "{0}/{1}", element.LocalName, childElement.LocalName), ConfigurationStrings.Value)); } this.NameClaimType = childElement.Attributes[0].Value; } else if (StringComparer.Ordinal.Equals(childElement.LocalName, ConfigurationStrings.RoleClaimType)) { if (childElement.Attributes.Count != 1 || !StringComparer.Ordinal.Equals(childElement.Attributes[0].LocalName, ConfigurationStrings.Value)) { throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID7001, String.Format(System.Globalization.CultureInfo.InvariantCulture, "{0}/{1}", element.LocalName, childElement.LocalName), ConfigurationStrings.Value)); } this.RoleClaimType = childElement.Attributes[0].Value; } else { throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID7002, childElement.LocalName, ConfigurationStrings.SamlSecurityTokenRequirement)); } } if (certificateValidationMode == X509CertificateValidationMode.Custom) { if (string.IsNullOrEmpty(customValidator)) { throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID7028)); } Type customValidatorType = Type.GetType(customValidator, true); if (customValidatorType == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("value", SR.GetString(SR.ID7007, customValidatorType)); } _certificateValidator = CustomTypeElement.Resolve <X509CertificateValidator>(new CustomTypeElement(customValidatorType)); } else if (foundCustomX509Validator) { _certificateValidator = X509Util.CreateCertificateValidator(certificateValidationMode, revocationMode, trustedStoreLocation); } }