public void Deserialize(T message, string value, IProtocolMessage containingMessage, string messagePartName) { Requires.NotNull(message, "message"); Requires.NotNullOrEmpty(value, "value"); string symmetricSecretHandle = null; if (this.encrypted && this.cryptoKeyStore != null) { string valueWithoutHandle; MessagingUtilities.ExtractKeyHandleAndPayload(messagePartName, value, out symmetricSecretHandle, out valueWithoutHandle); value = valueWithoutHandle; } message.ContainingMessage = containingMessage; byte[] data = MessagingUtilities.FromBase64WebSafeString(value); byte[] signature = null; if (this.signed) { using (var dataStream = new MemoryStream(data)) { var dataReader = new BinaryReader(dataStream); signature = dataReader.ReadBuffer(1024); data = dataReader.ReadBuffer(8 * 1024); } // Verify that the verification code was issued by message authorization server. ErrorUtilities.VerifyProtocol(this.IsSignatureValid(data, signature, symmetricSecretHandle), MessagingStrings.SignatureInvalid); } if (this.encrypted) { data = this.Decrypt(data, symmetricSecretHandle); } if (this.compressed) { data = MessagingUtilities.Decompress(data); } this.DeserializeCore(message, data); message.Signature = signature; // TODO: we don't really need this any more, do we? if (this.maximumAge.HasValue) { // Has message verification code expired? DateTime expirationDate = message.UtcCreationDate + this.maximumAge.Value; if (expirationDate < DateTime.UtcNow) { throw new ExpiredMessageException(expirationDate, containingMessage); } } // Has message verification code already been used to obtain an access/refresh token? if (this.decodeOnceOnly != null) { ErrorUtilities.VerifyInternal(this.maximumAge.HasValue, "Oops! How can we validate a nonce without a maximum message age?"); string context = "{" + GetType().FullName + "}"; if (!this.decodeOnceOnly.StoreNonce(context, Convert.ToBase64String(message.Nonce), message.UtcCreationDate)) { Logger.OpenId.ErrorFormat("Replayed nonce detected ({0} {1}). Rejecting message.", message.Nonce, message.UtcCreationDate); throw new ReplayedMessageException(containingMessage); } } ((IMessage)message).EnsureValidMessage(); }
/// <summary> /// Encodes the specified value. /// </summary> /// <param name="value">The value. Guaranteed to never be null.</param> /// <returns>The <paramref name="value"/> in string form, ready for message transport.</returns> public string Encode(object value) { return(MessagingUtilities.ConvertToBase64WebSafeString((byte[])value)); }
/// <summary> /// Decodes the specified value. /// </summary> /// <param name="value">The string value carried by the transport. Guaranteed to never be null, although it may be empty.</param> /// <returns>The deserialized form of the given string.</returns> /// <exception cref="FormatException">Thrown when the string value given cannot be decoded into the required object type.</exception> public object Decode(string value) { return(MessagingUtilities.FromBase64WebSafeString(value)); }
/// <summary> /// Initializes a new instance of the <see cref="HttpRequestInfo"/> class. /// </summary> /// <param name="message">The message being passed in through a mock transport. May be null.</param> /// <param name="httpMethod">The HTTP method that the incoming request came in on, whether or not <paramref name="message"/> is null.</param> internal HttpRequestInfo(IDirectedProtocolMessage message, HttpDeliveryMethods httpMethod) { this.message = message; this.HttpMethod = MessagingUtilities.GetHttpVerb(httpMethod); }