public static FlowToken Deserialize(string serialziedFlowToken, bool includeHashValue) { if (string.IsNullOrEmpty(serialziedFlowToken)) { throw new ArgumentNullException("serialziedFlowToken"); } Dictionary <string, string> dic = StringConversionServices.ParseKeyValueCollection(serialziedFlowToken); if ((dic.ContainsKey("flowTokenType") == false) || (dic.ContainsKey("flowToken") == false) || ((includeHashValue) && (dic.ContainsKey("flowTokenHash") == false))) { throw new ArgumentException("The serialziedFlowToken is not a serialized flowToken", "serialziedFlowToken"); } string flowTokenTypeString = StringConversionServices.DeserializeValueString(dic["flowTokenType"]); string flowTokenString = StringConversionServices.DeserializeValueString(dic["flowToken"]); if (includeHashValue) { string flowTokenHash = StringConversionServices.DeserializeValueString(dic["flowTokenHash"]); HashValue hashValue = HashValue.Deserialize(flowTokenHash); if (HashSigner.ValidateSignedHash(flowTokenString, hashValue) == false) { throw new SecurityException("Serialized flow token is tampered"); } } Type flowType = TypeManager.GetType(flowTokenTypeString); MethodInfo methodInfo = flowType.GetMethod("Deserialize", BindingFlags.Public | BindingFlags.Static); if (methodInfo == null || !(typeof(FlowToken).IsAssignableFrom(methodInfo.ReturnType))) { throw new InvalidOperationException(string.Format("The flow token {0} is missing a public static Deserialize method taking a string as parameter and returning an {1}", flowType, typeof(FlowToken))); } FlowToken flowToken; try { flowToken = (FlowToken)methodInfo.Invoke(null, new object[] { flowTokenString }); } catch (Exception ex) { throw new InvalidOperationException(string.Format("The flow token {0} is missing a public static Deserialize method taking a string as parameter and returning an {1}", flowType, typeof(FlowToken)), ex); } if (flowToken == null) { throw new InvalidOperationException(string.Format("public static Deserialize method taking a string as parameter and returning an {1} on the flow token {0} did not return an object", flowType, typeof(FlowToken))); } return(flowToken); }
/// <summary> /// Deserialize strings into object with specified type from a hash signed wrapper /// </summary> /// <param name="str">Serialized string</param> /// <param name="isSigned">Is signed</param> /// <typeparam name="T">Type of returned object</typeparam> /// <returns>The object</returns> public static T Deserialize<T>(string str, bool isSigned) { var legacyStyleSerialized = str.StartsWith("{\"" + ObjectKeyString + "\":\""); string obj; var hash = 0; var type = TypeManager.TryGetType(str.GetValue(TypeKeyString)); if (type == null) { throw new SerializationException(); } if (isSigned) { if (!int.TryParse(str.GetValue(HashKeyString), out hash)) { throw new SerializationException(); } } if (legacyStyleSerialized) { obj = str.GetValue(ObjectKeyString); } else { obj = "{" + str.Substring(1, str.LastIndexOf(TypeKeyString, StringComparison.InvariantCulture) - 3) + "}"; } if (isSigned) { if (!HashSigner.ValidateSignedHash(obj, new HashValue(hash))) { throw new SecurityException($"Serialized {typeof(T).FullName} is tampered"); } } var methodInfo = type.GetMethod("Deserialize", BindingFlags.Public | BindingFlags.Static); if (methodInfo == null) { return Deserialize<T>(obj); } if (!(typeof(T).IsAssignableFrom(methodInfo.ReturnType))) { var typeName = str.GetValue(TypeKeyString); Log.LogWarning("CompositeJsonSerializer", $"The action {typeName} is missing a public static Deserialize method taking a string as parameter and returning an {typeof(T)}"); throw new InvalidOperationException($"The token {typeName} is missing a public static Deserialize method taking a string as parameter and returning an {typeof(T)}"); } return (T)methodInfo.Invoke(null, new object[] { obj }); }
/// <summary> /// Deserialize strings into object with specified type from a hash signed wrapper /// </summary> /// <param name="str">Serilaized string</param> /// <param name="isSigned">Is signed</param> /// <typeparam name="T">Type of returned object</typeparam> /// <returns>The object</returns> public static T Deserialize <T>(string str, bool isSigned) { var legacyStyleSerilized = str.StartsWith("{\"" + ObjectKeyString + "\":\""); string obj; var hash = 0; var type = TypeManager.TryGetType(str.GetValue(TypeKeyString)); if (type == null) { throw new SerializationException(); } if (isSigned) { if (!int.TryParse(str.GetValue(HashKeyString), out hash)) { throw new SerializationException(); } } if (legacyStyleSerilized) { obj = str.GetValue(ObjectKeyString); } else { obj = "{" + str.Substring(1, str.LastIndexOf(TypeKeyString, StringComparison.InvariantCulture) - 3) + "}"; } if (isSigned) { if (!HashSigner.ValidateSignedHash(obj, new HashValue(hash))) { throw new SecurityException($"Serialized {typeof(T).FullName} is tampered"); } } MethodInfo methodInfo = type.GetMethod("Deserialize", BindingFlags.Public | BindingFlags.Static); if (methodInfo == null) { return(Deserialize <T>(obj)); } return((T)methodInfo.Invoke(null, new object[] { obj })); }