protected void ReadSignature(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver, SamlSerializer samlSerializer)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
if (samlSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("samlSerializer");
}
if (this.signature != null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SAMLSignatureAlreadyRead)));
}
// If the reader cannot canonicalize then buffer the signature element to a canonicalizing reader.
XmlDictionaryReader effectiveReader = reader;
if (!effectiveReader.CanCanonicalize)
{
MemoryStream stream = new MemoryStream();
XmlDictionaryWriter writer = XmlDictionaryWriter.CreateBinaryWriter(stream, samlSerializer.DictionaryManager.ParentDictionary);
writer.WriteNode(effectiveReader, false);
writer.Flush();
stream.Position = 0;
effectiveReader = XmlDictionaryReader.CreateBinaryReader(stream.GetBuffer(), 0, (int)stream.Length, samlSerializer.DictionaryManager.ParentDictionary, reader.Quotas);
effectiveReader.MoveToContent();
writer.Close();
}
SignedXml signedXml = new SignedXml(new StandardSignedInfo(samlSerializer.DictionaryManager), samlSerializer.DictionaryManager, keyInfoSerializer);
signedXml.TransformFactory = ExtendedTransformFactory.Instance;
signedXml.ReadFrom(effectiveReader);
SecurityKeyIdentifier securityKeyIdentifier = signedXml.Signature.KeyIdentifier;
this.verificationKey = SamlSerializer.ResolveSecurityKey(securityKeyIdentifier, outOfBandTokenResolver);
if (this.verificationKey == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLUnableToResolveSignatureKey, this.issuer)));
}
this.signature = signedXml;
this.signingToken = SamlSerializer.ResolveSecurityToken(securityKeyIdentifier, outOfBandTokenResolver);
if (this.signingToken == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SamlSigningTokenNotFound)));
}
if (!ReferenceEquals(reader, effectiveReader))
{
effectiveReader.Close();
}
}
protected void ReadSignature(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver, SamlSerializer samlSerializer)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
if (samlSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("samlSerializer");
}
if (this.signature != null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.IdentityModel.SR.GetString("SAMLSignatureAlreadyRead")));
}
XmlDictionaryReader reader2 = reader;
if (!reader2.CanCanonicalize)
{
MemoryStream stream = new MemoryStream();
XmlDictionaryWriter writer = XmlDictionaryWriter.CreateBinaryWriter(stream, samlSerializer.DictionaryManager.ParentDictionary);
writer.WriteNode(reader2, false);
writer.Flush();
stream.Position = 0L;
reader2 = XmlDictionaryReader.CreateBinaryReader(stream.GetBuffer(), 0, (int)stream.Length, samlSerializer.DictionaryManager.ParentDictionary, reader.Quotas);
reader2.MoveToContent();
writer.Close();
}
SignedXml xml = new SignedXml(new StandardSignedInfo(samlSerializer.DictionaryManager), samlSerializer.DictionaryManager, keyInfoSerializer)
{
TransformFactory = ExtendedTransformFactory.Instance
};
xml.ReadFrom(reader2);
SecurityKeyIdentifier keyIdentifier = xml.Signature.KeyIdentifier;
this.verificationKey = SamlSerializer.ResolveSecurityKey(keyIdentifier, outOfBandTokenResolver);
if (this.verificationKey == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLUnableToResolveSignatureKey", new object[] { this.issuer })));
}
this.signature = xml;
this.signingToken = SamlSerializer.ResolveSecurityToken(keyIdentifier, outOfBandTokenResolver);
if (this.signingToken == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SamlSigningTokenNotFound")));
}
if (!object.ReferenceEquals(reader, reader2))
{
reader2.Close();
}
}
public virtual void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
}
if (samlSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("samlSerializer");
}
#pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null.
SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary;
reader.MoveToContent();
reader.Read();
if (reader.IsStartElement(dictionary.NameIdentifier, dictionary.Namespace))
{
this.nameFormat = reader.GetAttribute(dictionary.NameIdentifierFormat, null);
this.nameQualifier = reader.GetAttribute(dictionary.NameIdentifierNameQualifier, null);
reader.MoveToContent();
this.name = reader.ReadString();
if (this.name == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLNameIdentifierMissingIdentifierValueOnRead)));
}
reader.MoveToContent();
reader.ReadEndElement();
}
if (reader.IsStartElement(dictionary.SubjectConfirmation, dictionary.Namespace))
{
reader.MoveToContent();
reader.Read();
while (reader.IsStartElement(dictionary.SubjectConfirmationMethod, dictionary.Namespace))
{
string method = reader.ReadString();
if (string.IsNullOrEmpty(method))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLBadSchema, dictionary.SubjectConfirmationMethod.Value)));
}
this.confirmationMethods.Add(method);
reader.MoveToContent();
reader.ReadEndElement();
}
if (this.confirmationMethods.Count == 0)
{
// A SubjectConfirmaton clause should specify at least one
// ConfirmationMethod.
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLSubjectConfirmationClauseMissingConfirmationMethodOnRead)));
}
if (reader.IsStartElement(dictionary.SubjectConfirmationData, dictionary.Namespace))
{
reader.MoveToContent();
// An Authentication protocol specified in the confirmation method might need this
// data. Just store this content value as string.
this.confirmationData = reader.ReadString();
reader.MoveToContent();
reader.ReadEndElement();
}
#pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null.
if (reader.IsStartElement(samlSerializer.DictionaryManager.XmlSignatureDictionary.KeyInfo, samlSerializer.DictionaryManager.XmlSignatureDictionary.Namespace))
{
XmlDictionaryReader dictionaryReader = XmlDictionaryReader.CreateDictionaryReader(reader);
this.securityKeyIdentifier = SamlSerializer.ReadSecurityKeyIdentifier(dictionaryReader, keyInfoSerializer);
this.crypto = SamlSerializer.ResolveSecurityKey(this.securityKeyIdentifier, outOfBandTokenResolver);
if (this.crypto == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SamlUnableToExtractSubjectKey)));
}
this.subjectToken = SamlSerializer.ResolveSecurityToken(this.securityKeyIdentifier, outOfBandTokenResolver);
}
if ((this.confirmationMethods.Count == 0) && (string.IsNullOrEmpty(name)))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLSubjectRequiresNameIdentifierOrConfirmationMethodOnRead)));
}
reader.MoveToContent();
reader.ReadEndElement();
}
reader.MoveToContent();
reader.ReadEndElement();
}
public virtual void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
}
if (samlSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("samlSerializer");
}
SamlDictionary samlDictionary = samlSerializer.DictionaryManager.SamlDictionary;
reader.MoveToContent();
reader.Read();
if (reader.IsStartElement(samlDictionary.NameIdentifier, samlDictionary.Namespace))
{
this.nameFormat = reader.GetAttribute(samlDictionary.NameIdentifierFormat, null);
this.nameQualifier = reader.GetAttribute(samlDictionary.NameIdentifierNameQualifier, null);
reader.MoveToContent();
this.name = reader.ReadString();
if (this.name == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLNameIdentifierMissingIdentifierValueOnRead")));
}
reader.MoveToContent();
reader.ReadEndElement();
}
if (reader.IsStartElement(samlDictionary.SubjectConfirmation, samlDictionary.Namespace))
{
reader.MoveToContent();
reader.Read();
while (reader.IsStartElement(samlDictionary.SubjectConfirmationMethod, samlDictionary.Namespace))
{
string str = reader.ReadString();
if (string.IsNullOrEmpty(str))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLBadSchema", new object[] { samlDictionary.SubjectConfirmationMethod.Value })));
}
this.confirmationMethods.Add(str);
reader.MoveToContent();
reader.ReadEndElement();
}
if (this.confirmationMethods.Count == 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLSubjectConfirmationClauseMissingConfirmationMethodOnRead")));
}
if (reader.IsStartElement(samlDictionary.SubjectConfirmationData, samlDictionary.Namespace))
{
reader.MoveToContent();
this.confirmationData = reader.ReadString();
reader.MoveToContent();
reader.ReadEndElement();
}
if (reader.IsStartElement(samlSerializer.DictionaryManager.XmlSignatureDictionary.KeyInfo, samlSerializer.DictionaryManager.XmlSignatureDictionary.Namespace))
{
XmlDictionaryReader reader2 = XmlDictionaryReader.CreateDictionaryReader(reader);
this.securityKeyIdentifier = SamlSerializer.ReadSecurityKeyIdentifier(reader2, keyInfoSerializer);
this.crypto = SamlSerializer.ResolveSecurityKey(this.securityKeyIdentifier, outOfBandTokenResolver);
if (this.crypto == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SamlUnableToExtractSubjectKey")));
}
this.subjectToken = SamlSerializer.ResolveSecurityToken(this.securityKeyIdentifier, outOfBandTokenResolver);
}
if ((this.confirmationMethods.Count == 0) && string.IsNullOrEmpty(this.name))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLSubjectRequiresNameIdentifierOrConfirmationMethodOnRead")));
}
reader.MoveToContent();
reader.ReadEndElement();
}
reader.MoveToContent();
reader.ReadEndElement();
}
