DerivedKeySecurityToken ReadDerivedKeyTokenCore (
XmlReader reader, SecurityTokenResolver tokenResolver)
{
if (tokenResolver == null)
throw new ArgumentNullException ("tokenResolver");
string id = reader.GetAttribute ("Id", Constants.WsuNamespace);
string algorithm = reader.MoveToAttribute ("Algorithm") ? reader.Value : null;
reader.MoveToElement ();
reader.ReadStartElement ();
reader.MoveToContent ();
SecurityKeyIdentifierClause kic = ReadKeyIdentifierClause (reader);
int? generation = null, offset = null, length = null;
byte [] nonce = null;
string name = null, label = null;
for (reader.MoveToContent ();
reader.NodeType != XmlNodeType.EndElement;
reader.MoveToContent ())
switch (reader.LocalName) {
case "Properties":
reader.ReadStartElement ("Properties", Constants.WsscNamespace);
for (reader.MoveToContent ();
reader.NodeType != XmlNodeType.EndElement;
reader.MoveToContent ())
switch (reader.LocalName) {
case "Name":
name = reader.ReadElementContentAsString ("Name", Constants.WsscNamespace);
break;
case "Label":
label = reader.ReadElementContentAsString ("Label", Constants.WsscNamespace);
break;
case "Nonce":
nonce = Convert.FromBase64String (reader.ReadElementContentAsString ("Nonce", Constants.WsscNamespace));
break;
}
reader.ReadEndElement ();
break;
case "Offset":
offset = reader.ReadElementContentAsInt ("Offset", Constants.WsscNamespace);
break;
case "Length":
length = reader.ReadElementContentAsInt ("Length", Constants.WsscNamespace);
break;
case "Nonce":
nonce = Convert.FromBase64String (reader.ReadElementContentAsString ("Nonce", Constants.WsscNamespace));
break;
case "Label":
label = reader.ReadElementContentAsString ("Label", Constants.WsscNamespace);
break;
}
reader.ReadEndElement ();
// resolve key reference
SymmetricSecurityKey key = tokenResolver.ResolveSecurityKey (kic) as SymmetricSecurityKey;
if (key == null)
throw new XmlException ("Cannot resolve the security key referenced by the DerivedKeyToken as a symmetric key");
return new DerivedKeySecurityToken (id, algorithm, kic, key, name, generation, offset, length, label, nonce);
}
protected static string SerializeToken(SimpleWebToken swt, SecurityTokenResolver tokenResolver)
{
StringBuilder builder = new StringBuilder(64);
builder.Append("Id=");
builder.Append(swt.Id);
builder.Append('&');
builder.Append(IssuerLabel);
builder.Append('=');
builder.Append(swt.Issuer);
if (swt.Parameters.Count > 0)
{
builder.Append('&');
foreach (string key in swt.Parameters.AllKeys)
{
builder.Append(key);
builder.Append('=');
builder.Append(swt.Parameters[key]);
builder.Append('&');
}
}
else
{
builder.Append('&');
}
builder.Append(ExpiresOnLabel);
builder.Append('=');
builder.Append(GetExpiresOn(swt.TokenValidity));
if (!string.IsNullOrEmpty(swt.Audience))
{
builder.Append('&');
builder.Append(AudienceLabel);
builder.Append('=');
builder.Append(swt.Audience);
}
builder.Append('&');
builder.Append(SignatureAlgorithmLabel);
builder.Append('=');
builder.Append(SignatureAlgorithm);
var keyIdentifierClause = new DictionaryBasedKeyIdentifierClause(ToDictionary(swt));
InMemorySymmetricSecurityKey securityKey;
try
{
securityKey = (InMemorySymmetricSecurityKey)tokenResolver.ResolveSecurityKey(keyIdentifierClause);
}
catch (InvalidOperationException)
{
throw new SecurityTokenValidationException(string.Format(CultureInfo.InvariantCulture, "Simmetryc key was not found for the key identifier clause: Keys='{0}', Values='{1}'", string.Join(",", keyIdentifierClause.Dictionary.Keys.ToArray()), string.Join(",", keyIdentifierClause.Dictionary.Values.ToArray())));
}
string signature = GenerateSignature(builder.ToString(), securityKey.GetSymmetricKey());
builder.Append("&" + SignatureLabel + "=");
builder.Append(signature);
return builder.ToString();
}
