// xml format
//<DerivedKeyToken wsu:Id="..." wsse:Algorithm="..."> id required, alg optional (curr disallowed)
// <SecurityTokenReference>...</SecurityTokenReference> - required
// <Properties>...</Properties> - disallowed (optional in spec, but we disallow it)
// choice begin - (schema requires a choice - we allow neither on read - we always write one)
// <Generation>...</Generation> - optional
// <Offset>...</Offset> - optional
// choice end
// <Length>...</Length> - optional - default 32 on read (default specified in spec, not in schema - we always write it)
// <Label>...</Label> - optional
// <Nonce>...</Nonce> - required (optional in spec, but we require it)
//</DerivedKeyToken>
public virtual void ReadDerivedKeyTokenParameters(XmlDictionaryReader reader, SecurityTokenResolver tokenResolver, out string id, out string derivationAlgorithm, out string label, out int length, out byte[] nonce, out int offset, out int generation, out SecurityKeyIdentifierClause tokenToDeriveIdentifier, out SecurityToken tokenToDerive)
{
if (tokenResolver == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenResolver");
}
id = reader.GetAttribute(CoreWCF.XD.UtilityDictionary.IdAttribute, CoreWCF.XD.UtilityDictionary.Namespace);
derivationAlgorithm = reader.GetAttribute(CoreWCF.XD.XmlSignatureDictionary.Algorithm, null);
if (derivationAlgorithm == null)
{
derivationAlgorithm = parent.DerivationAlgorithm;
}
reader.ReadStartElement();
tokenToDeriveIdentifier = null;
tokenToDerive = null;
if (reader.IsStartElement(CoreWCF.XD.SecurityJan2004Dictionary.SecurityTokenReference, CoreWCF.XD.SecurityJan2004Dictionary.Namespace))
{
tokenToDeriveIdentifier = parent.WSSecurityTokenSerializer.ReadKeyIdentifierClause(reader);
tokenResolver.TryResolveToken(tokenToDeriveIdentifier, out tokenToDerive);
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.Format(SR.DerivedKeyTokenRequiresTokenReference)));
}
// no support for properties
generation = -1;
if (reader.IsStartElement(parent.SerializerDictionary.Generation, parent.SerializerDictionary.Namespace))
{
reader.ReadStartElement();
generation = reader.ReadContentAsInt();
reader.ReadEndElement();
if (generation < 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.Format(SR.DerivedKeyInvalidGenerationSpecified, generation)));
}
}
offset = -1;
if (reader.IsStartElement(parent.SerializerDictionary.Offset, parent.SerializerDictionary.Namespace))
{
reader.ReadStartElement();
offset = reader.ReadContentAsInt();
reader.ReadEndElement();
if (offset < 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.Format(SR.DerivedKeyInvalidOffsetSpecified, offset)));
}
}
length = DerivedKeySecurityToken.DefaultDerivedKeyLength;
if (reader.IsStartElement(parent.SerializerDictionary.Length, parent.SerializerDictionary.Namespace))
{
reader.ReadStartElement();
length = reader.ReadContentAsInt();
reader.ReadEndElement();
}
if ((offset == -1) && (generation == -1))
{
offset = 0;
}
// verify that the offset is not larger than the max allowed
DerivedKeySecurityToken.EnsureAcceptableOffset(offset, generation, length, this.maxKeyDerivationOffset);
label = null;
if (reader.IsStartElement(parent.SerializerDictionary.Label, parent.SerializerDictionary.Namespace))
{
reader.ReadStartElement();
label = reader.ReadString();
reader.ReadEndElement();
}
if (label != null && label.Length > this.maxKeyDerivationLabelLength)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.Format(SR.DerivedKeyTokenLabelTooLong, label.Length, this.maxKeyDerivationLabelLength)));
}
nonce = null;
reader.ReadStartElement(parent.SerializerDictionary.Nonce, parent.SerializerDictionary.Namespace);
nonce = reader.ReadContentAsBase64();
reader.ReadEndElement();
if (nonce != null && nonce.Length > this.maxKeyDerivationNonceLength)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.Format(SR.DerivedKeyTokenNonceTooLong, nonce.Length, this.maxKeyDerivationNonceLength)));
}
reader.ReadEndElement();
}
public virtual void ReadDerivedKeyTokenParameters(XmlDictionaryReader reader, SecurityTokenResolver tokenResolver, out string id, out string derivationAlgorithm, out string label, out int length, out byte[] nonce, out int offset, out int generation, out SecurityKeyIdentifierClause tokenToDeriveIdentifier, out SecurityToken tokenToDerive)
{
if (tokenResolver == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenResolver");
}
id = reader.GetAttribute(XD.UtilityDictionary.IdAttribute, XD.UtilityDictionary.Namespace);
derivationAlgorithm = reader.GetAttribute(XD.XmlSignatureDictionary.Algorithm, (XmlDictionaryString)null);
if (derivationAlgorithm == null)
{
derivationAlgorithm = this.parent.DerivationAlgorithm;
}
reader.ReadStartElement();
tokenToDeriveIdentifier = (SecurityKeyIdentifierClause)null;
tokenToDerive = (SecurityToken)null;
if (!reader.IsStartElement(XD.SecurityJan2004Dictionary.SecurityTokenReference, XD.SecurityJan2004Dictionary.Namespace))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError((Exception) new XmlException(SR.GetString("DerivedKeyTokenRequiresTokenReference")));
}
tokenToDeriveIdentifier = this.parent.WSSecurityTokenSerializer.ReadKeyIdentifierClause((XmlReader)reader);
tokenResolver.TryResolveToken(tokenToDeriveIdentifier, out tokenToDerive);
generation = -1;
if (reader.IsStartElement(this.parent.SerializerDictionary.Generation, this.parent.SerializerDictionary.Namespace))
{
reader.ReadStartElement();
generation = reader.ReadContentAsInt();
reader.ReadEndElement();
if (generation < 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError((Exception) new XmlException(SR.GetString("DerivedKeyInvalidGenerationSpecified", new object[1] {
(object)generation
})));
}
}
offset = -1;
if (reader.IsStartElement(this.parent.SerializerDictionary.Offset, this.parent.SerializerDictionary.Namespace))
{
reader.ReadStartElement();
offset = reader.ReadContentAsInt();
reader.ReadEndElement();
if (offset < 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError((Exception) new XmlException(SR.GetString("DerivedKeyInvalidOffsetSpecified", new object[1] {
(object)offset
})));
}
}
length = 32;
if (reader.IsStartElement(this.parent.SerializerDictionary.Length, this.parent.SerializerDictionary.Namespace))
{
reader.ReadStartElement();
length = reader.ReadContentAsInt();
reader.ReadEndElement();
}
if (offset == -1 && generation == -1)
{
offset = 0;
}
DerivedKeySecurityToken.EnsureAcceptableOffset(offset, generation, length, this.maxKeyDerivationOffset);
label = (string)null;
if (reader.IsStartElement(this.parent.SerializerDictionary.Label, this.parent.SerializerDictionary.Namespace))
{
reader.ReadStartElement();
label = reader.ReadString();
reader.ReadEndElement();
}
if (label != null && label.Length > this.maxKeyDerivationLabelLength)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning((Exception) new MessageSecurityException(SR.GetString("DerivedKeyTokenLabelTooLong", (object)label.Length, (object)this.maxKeyDerivationLabelLength)));
}
nonce = (byte[])null;
reader.ReadStartElement(this.parent.SerializerDictionary.Nonce, this.parent.SerializerDictionary.Namespace);
nonce = reader.ReadContentAsBase64();
reader.ReadEndElement();
if (nonce != null && nonce.Length > this.maxKeyDerivationNonceLength)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning((Exception) new MessageSecurityException(SR.GetString("DerivedKeyTokenNonceTooLong", (object)nonce.Length, (object)this.maxKeyDerivationNonceLength)));
}
reader.ReadEndElement();
}