internal static SecurityKey ResolveSecurityKey(SecurityKeyIdentifier ski, SecurityTokenResolver tokenResolver)
{
if (ski == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("ski");
}
if (tokenResolver != null)
{
for (int i = 0; i < ski.Count; ++i)
{
SecurityKey key = null;
if (tokenResolver.TryResolveSecurityKey(ski[i], out key))
{
return(key);
}
}
}
if (ski.CanCreateKey)
{
return(ski.CreateKey());
}
return(null);
}
internal EncryptedKeyIdentifierClause(byte[] encryptedKey, string encryptionMethod, SecurityKeyIdentifier encryptingKeyIdentifier, string carriedKeyName, bool cloneBuffer, byte[] derivationNonce, int derivationLength)
: base("http://www.w3.org/2001/04/xmlenc#EncryptedKey", encryptedKey, cloneBuffer, derivationNonce, derivationLength)
{
CarriedKeyName = carriedKeyName;
_encryptionMethod = encryptionMethod ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(encryptionMethod));
EncryptingKeyIdentifier = encryptingKeyIdentifier;
}
protected override SecurityKeyIdentifier ReadKeyIdentifierCore(XmlReader reader)
{
XmlDictionaryReader localReader = XmlDictionaryReader.CreateDictionaryReader(reader);
localReader.ReadStartElement(XD.XmlSignatureDictionary.KeyInfo, XD.XmlSignatureDictionary.Namespace);
SecurityKeyIdentifier keyIdentifier = new SecurityKeyIdentifier();
while (localReader.IsStartElement())
{
SecurityKeyIdentifierClause clause = this.InnerSecurityTokenSerializer.ReadKeyIdentifierClause(localReader);
if (clause == null)
{
localReader.Skip();
}
else
{
keyIdentifier.Add(clause);
}
}
if (keyIdentifier.Count == 0)
{
throw /*System.ServiceModel.*/ DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(string.Format(SR_IdentityModel.ErrorDeserializingKeyIdentifierClause)));
}
localReader.ReadEndElement();
return(keyIdentifier);
}
/// <summary>
/// Finds a named collection of <see cref="SecurityKey"/>(s) that match the <see cref="SecurityKeyIdentifier"/> and returns a <see cref="NamedKeySecurityToken"/> that contains the <see cref="SecurityKey"/>(s).
/// </summary>
/// <param name="keyIdentifier">The <see cref="SecurityKeyIdentifier"/> to resolve to a <see cref="SecurityToken"/></param>
/// <param name="token">The resolved <see cref="SecurityToken"/>.</param>
/// <remarks>
/// <para>
/// A <see cref="SecurityKeyIdentifier"/> can contain multiple <see cref="SecurityKeyIdentifierClause"/>(s). This method will return the named collection that matches the first <see cref="SecurityKeyIdentifierClause"/>
/// </para>
/// <para>
/// If there is no match, then <see cref="IssuerTokenResolver"/> and 'base' are called in order.
/// </para>
/// </remarks>
/// <returns>
/// true is the keyIdentifier is resolved, false otherwise.
/// </returns>
protected override bool TryResolveTokenCore(SecurityKeyIdentifier keyIdentifier, out SecurityToken token)
{
if (keyIdentifier == null)
{
throw new ArgumentNullException("keyIdentifier");
}
token = null;
foreach (SecurityKeyIdentifierClause clause in keyIdentifier)
{
if (null == clause)
{
continue;
}
NamedKeySecurityKeyIdentifierClause namedKeyIdentifierClause = clause as NamedKeySecurityKeyIdentifierClause;
if (namedKeyIdentifierClause != null)
{
IList <SecurityKey> resolvedKeys = null;
if (this.keys.TryGetValue(namedKeyIdentifierClause.Name, out resolvedKeys))
{
token = new NamedKeySecurityToken(namedKeyIdentifierClause.Name, namedKeyIdentifierClause.Id, resolvedKeys);
return(true);
}
}
}
if (IssuerTokenResolver != null && IssuerTokenResolver.TryResolveToken(keyIdentifier, out token))
{
return(true);
}
return(base.TryResolveTokenCore(keyIdentifier, out token));
}
public SamlSubject(string nameFormat, string nameQualifier, string name, IEnumerable <string> confirmations, string confirmationData, SecurityKeyIdentifier securityKeyIdentifier)
{
if (confirmations != null)
{
foreach (string method in confirmations)
{
if (string.IsNullOrEmpty(method))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.SAMLEntityCannotBeNullOrEmpty, XD.SamlDictionary.SubjectConfirmationMethod.Value));
}
this.confirmationMethods.Add(method);
}
}
if ((this.confirmationMethods.Count == 0) && (string.IsNullOrEmpty(name)))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.SAMLSubjectRequiresNameIdentifierOrConfirmationMethod));
}
if ((this.confirmationMethods.Count == 0) && ((confirmationData != null) || (securityKeyIdentifier != null)))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.SAMLSubjectRequiresConfirmationMethodWhenConfirmationDataOrKeyInfoIsSpecified));
}
this.name = name;
this.nameFormat = nameFormat;
this.nameQualifier = nameQualifier;
this.confirmationData = confirmationData;
this.securityKeyIdentifier = securityKeyIdentifier;
}
internal static SecurityToken ResolveSecurityToken(SecurityKeyIdentifier ski, SecurityTokenResolver tokenResolver)
{
SecurityToken token = null;
if (tokenResolver != null)
{
tokenResolver.TryResolveToken(ski, out token);
}
if (token == null)
{
// Check if this is a RSA key.
RsaKeyIdentifierClause rsaClause;
if (ski.TryFind <RsaKeyIdentifierClause>(out rsaClause))
{
token = new RsaSecurityToken(rsaClause.Rsa);
}
}
if (token == null)
{
// Check if this is a X509RawDataKeyIdentifier Clause.
X509RawDataKeyIdentifierClause rawDataKeyIdentifierClause;
if (ski.TryFind <X509RawDataKeyIdentifierClause>(out rawDataKeyIdentifierClause))
{
token = new X509SecurityToken(new X509Certificate2(rawDataKeyIdentifierClause.GetX509RawData()));
}
}
return(token);
}
/// <summary>
/// Constructs an EncryptingCredentials with a security key, a security key identifier and
/// the encryption algorithm.
/// </summary>
/// <param name="key">A security key for encryption.</param>
/// <param name="keyIdentifier">A security key identifier for the encryption key.</param>
/// <param name="algorithm">The encryption algorithm.</param>
/// <exception cref="ArgumentNullException">When key is null.</exception>
/// <exception cref="ArgumentNullException">When key identifier is null.</exception>
/// <exception cref="ArgumentNullException">When algorithm is null.</exception>
public EncryptingCredentials(SecurityKey key, SecurityKeyIdentifier keyIdentifier, string algorithm)
{
if (key == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("key");
}
if (keyIdentifier == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("keyIdentifier");
}
if (string.IsNullOrEmpty(algorithm))
{
throw DiagnosticUtility.ThrowHelperArgumentNullOrEmptyString("algorithm");
}
//
// It is possible that keyIdentifier is pointing to a token which
// is not capable of doing the given algorithm, we have no way verify
// that at this level.
//
_algorithm = algorithm;
_key = key;
_keyIdentifier = keyIdentifier;
}
/// <summary>
/// Constructs a proof token based on RSA key.
/// </summary>
/// <param name="rsaAlgorithm"></param>
public AsymmetricProofDescriptor(RSA rsaAlgorithm)
{
if (rsaAlgorithm == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rsaAlgorithm");
}
_keyIdentifier = new SecurityKeyIdentifier(new RsaKeyIdentifierClause(rsaAlgorithm));
}
public SigningCredentials(SecurityKey signingKey, string signatureAlgorithm, string digestAlgorithm, SecurityKeyIdentifier signingKeyIdentifier)
: this(signingKey, signatureAlgorithm, digestAlgorithm)
{
if (signingKeyIdentifier == null)
{
throw new ArgumentNullException("signingKeyIdentifier");
}
this.identifier = signingKeyIdentifier;
}
/// <summary>
/// Constructor to use when working with SecurityKeyIdentifiers
/// </summary>
/// <param name="securityKeyIdentifier">SecurityKeyIdentifier that represents a SecuriytKey</param>
/// <param name="securityTokenResolver">SecurityTokenResolver that can be resolved to a SecurityKey</param>
/// <exception cref="ArgumentNullException">Thrown if the 'securityKeyIdentifier' is null</exception>
public SecurityKeyElement(SecurityKeyIdentifier securityKeyIdentifier, SecurityTokenResolver securityTokenResolver)
{
if (securityKeyIdentifier == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityKeyIdentifier");
}
Initialize(securityKeyIdentifier, securityTokenResolver);
}
/// <summary>
/// Constructor for X509SigningCredentials based on an x509 token and the security key identifier to be used.
/// It uses the token's public key, its default asymmetric signature algorithm and the specified security key identifier
/// </summary>
/// <param name="token">The x509 security token.</param>
/// <param name="ski">The security key identifier to be used.</param>
/// <param name="signatureAlgorithm">signature algorithm</param>
/// <param name="digestAlgorithm">digest algorithm</param>
internal X509SigningCredentials(X509SecurityToken token, SecurityKeyIdentifier ski, string signatureAlgorithm, string digestAlgorithm)
: base(token.SecurityKeys[0], signatureAlgorithm, digestAlgorithm, ski)
{
this.certificate = token.Certificate;
if (!this.certificate.HasPrivateKey)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("token", SR.GetString(SR.ID2057));
}
}
public EncryptedKeyIdentifierClause(
byte [] encryptedKey, string encryptionMethod,
SecurityKeyIdentifier encryptingKeyIdentifier, string carriedKeyName,
byte [] derivationNonce, int derivationLength)
: base(encryptionMethod, encryptedKey, true, derivationNonce, derivationLength)
{
this.carried_key_name = carriedKeyName;
this.identifier = encryptingKeyIdentifier;
this.enc_method = encryptionMethod;
}
protected void ReadSignature(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver, SamlSerializer samlSerializer)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
if (samlSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("samlSerializer");
}
if (this.signature != null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SAMLSignatureAlreadyRead)));
}
// If the reader cannot canonicalize then buffer the signature element to a canonicalizing reader.
XmlDictionaryReader effectiveReader = reader;
if (!effectiveReader.CanCanonicalize)
{
MemoryStream stream = new MemoryStream();
XmlDictionaryWriter writer = XmlDictionaryWriter.CreateBinaryWriter(stream, samlSerializer.DictionaryManager.ParentDictionary);
writer.WriteNode(effectiveReader, false);
writer.Flush();
stream.Position = 0;
effectiveReader = XmlDictionaryReader.CreateBinaryReader(stream.GetBuffer(), 0, (int)stream.Length, samlSerializer.DictionaryManager.ParentDictionary, reader.Quotas);
effectiveReader.MoveToContent();
writer.Close();
}
SignedXml signedXml = new SignedXml(new StandardSignedInfo(samlSerializer.DictionaryManager), samlSerializer.DictionaryManager, keyInfoSerializer);
signedXml.TransformFactory = ExtendedTransformFactory.Instance;
signedXml.ReadFrom(effectiveReader);
SecurityKeyIdentifier securityKeyIdentifier = signedXml.Signature.KeyIdentifier;
this.verificationKey = SamlSerializer.ResolveSecurityKey(securityKeyIdentifier, outOfBandTokenResolver);
if (this.verificationKey == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLUnableToResolveSignatureKey, this.issuer)));
}
this.signature = signedXml;
this.signingToken = SamlSerializer.ResolveSecurityToken(securityKeyIdentifier, outOfBandTokenResolver);
if (this.signingToken == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SamlSigningTokenNotFound)));
}
if (!ReferenceEquals(reader, effectiveReader))
{
effectiveReader.Close();
}
}
/// <summary>
/// Constructs a proof token based on key identifier.
/// </summary>
/// <param name="keyIdentifier"></param>
public AsymmetricProofDescriptor(SecurityKeyIdentifier keyIdentifier)
{
if (keyIdentifier == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("keyIdentifier");
}
//
// This is a key identifier for an asymmetric key
//
_keyIdentifier = keyIdentifier;
}
protected override bool CanWriteKeyIdentifierCore(SecurityKeyIdentifier keyIdentifier)
{
for (int i = 0; i < _keyIdentifierEntries.Count; ++i)
{
KeyIdentifierEntry keyIdentifierEntry = _keyIdentifierEntries[i];
if (keyIdentifierEntry.SupportsCore(keyIdentifier))
{
return(true);
}
}
return(false);
}
protected void ReadSignature(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver, SamlSerializer samlSerializer)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
if (samlSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("samlSerializer");
}
if (this.signature != null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.IdentityModel.SR.GetString("SAMLSignatureAlreadyRead")));
}
XmlDictionaryReader reader2 = reader;
if (!reader2.CanCanonicalize)
{
MemoryStream stream = new MemoryStream();
XmlDictionaryWriter writer = XmlDictionaryWriter.CreateBinaryWriter(stream, samlSerializer.DictionaryManager.ParentDictionary);
writer.WriteNode(reader2, false);
writer.Flush();
stream.Position = 0L;
reader2 = XmlDictionaryReader.CreateBinaryReader(stream.GetBuffer(), 0, (int)stream.Length, samlSerializer.DictionaryManager.ParentDictionary, reader.Quotas);
reader2.MoveToContent();
writer.Close();
}
SignedXml xml = new SignedXml(new StandardSignedInfo(samlSerializer.DictionaryManager), samlSerializer.DictionaryManager, keyInfoSerializer)
{
TransformFactory = ExtendedTransformFactory.Instance
};
xml.ReadFrom(reader2);
SecurityKeyIdentifier keyIdentifier = xml.Signature.KeyIdentifier;
this.verificationKey = SamlSerializer.ResolveSecurityKey(keyIdentifier, outOfBandTokenResolver);
if (this.verificationKey == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLUnableToResolveSignatureKey", new object[] { this.issuer })));
}
this.signature = xml;
this.signingToken = SamlSerializer.ResolveSecurityToken(keyIdentifier, outOfBandTokenResolver);
if (this.signingToken == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SamlSigningTokenNotFound")));
}
if (!object.ReferenceEquals(reader, reader2))
{
reader2.Close();
}
}
public SamlSubject(string nameFormat, string nameQualifier, string name, IEnumerable <string> confirmations, string confirmationData, SecurityKeyIdentifier securityKeyIdentifier)
{
if (name == null || name.Length == 0)
{
throw new ArgumentException("non-zero length string must be specified for name of SAML Subject.");
}
name_format = nameFormat;
name_qualifier = nameQualifier;
this.name = name;
confirmation_methods = new List <string> (confirmations);
confirmation_data = confirmationData;
key_identifier = securityKeyIdentifier;
}
public override void WriteKeyIdentifierCore(XmlDictionaryWriter writer, SecurityKeyIdentifier keyIdentifier)
{
writer.WriteStartElement(XD.XmlSignatureDictionary.Prefix.Value, LocalName, NamespaceUri);
bool clauseWritten = false;
foreach (SecurityKeyIdentifierClause clause in keyIdentifier)
{
this.securityTokenSerializer.InnerSecurityTokenSerializer.WriteKeyIdentifierClause(writer, clause);
clauseWritten = true;
}
writer.WriteEndElement(); // KeyInfo
if (!clauseWritten)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityMessageSerializationException(SR.GetString(SR.NoKeyInfoClausesToWrite)));
}
}
public override SecurityKeyIdentifierClause ReadKeyIdentifierClauseCore(XmlDictionaryReader reader)
{
string encryptionMethod = null;
string carriedKeyName = null;
SecurityKeyIdentifier encryptingKeyIdentifier = null;
byte[] encryptedKey = null;
reader.ReadStartElement(XD.XmlEncryptionDictionary.EncryptedKey, NamespaceUri);
if (reader.IsStartElement(XD.XmlEncryptionDictionary.EncryptionMethod, NamespaceUri))
{
encryptionMethod = reader.GetAttribute(XD.XmlEncryptionDictionary.AlgorithmAttribute, null);
bool isEmptyElement = reader.IsEmptyElement;
reader.ReadStartElement();
if (!isEmptyElement)
{
while (reader.IsStartElement())
{
reader.Skip();
}
reader.ReadEndElement();
}
}
if (this.securityTokenSerializer.CanReadKeyIdentifier(reader))
{
encryptingKeyIdentifier = this.securityTokenSerializer.ReadKeyIdentifier(reader);
}
reader.ReadStartElement(XD.XmlEncryptionDictionary.CipherData, NamespaceUri);
reader.ReadStartElement(XD.XmlEncryptionDictionary.CipherValue, NamespaceUri);
encryptedKey = reader.ReadContentAsBase64();
reader.ReadEndElement();
reader.ReadEndElement();
if (reader.IsStartElement(XD.XmlEncryptionDictionary.CarriedKeyName, NamespaceUri))
{
reader.ReadStartElement();
carriedKeyName = reader.ReadString();
reader.ReadEndElement();
}
reader.ReadEndElement();
return(new EncryptedKeyIdentifierClause(encryptedKey, encryptionMethod, encryptingKeyIdentifier, carriedKeyName));
}
/// <summary>
/// Inherited from <see cref="SecurityTokenResolver"/>.
/// </summary>
protected override bool TryResolveTokenCore(SecurityKeyIdentifier keyIdentifier, out SecurityToken token)
{
if (keyIdentifier == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("keyIdentifier");
}
token = null;
foreach (SecurityKeyIdentifierClause clause in keyIdentifier)
{
if (TryResolveTokenCore(clause, out token))
{
return(true);
}
}
return(false);
}
/// <summary>
/// Override of the base class. Resolves the given SecurityKeyIdentifier to a
/// SecurityToken.
/// </summary>
/// <param name="keyIdentifier">The KeyIdentifier to be resolved.</param>
/// <param name="token">The resolved SecurityToken</param>
/// <returns>True if successfully resolved.</returns>
/// <exception cref="ArgumentNullException">Input argument 'keyIdentifier' is null.</exception>
protected override bool TryResolveTokenCore(SecurityKeyIdentifier keyIdentifier, out SecurityToken token)
{
if (keyIdentifier == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(keyIdentifier));
}
token = null;
foreach (SecurityTokenResolver tokenResolver in _tokenResolvers)
{
if (tokenResolver.TryResolveToken(keyIdentifier, out token))
{
return(true);
}
}
return(false);
}
internal static void WriteSecurityKeyIdentifier(XmlWriter writer, SecurityKeyIdentifier ski, SecurityTokenSerializer tokenSerializer)
{
if (tokenSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenSerializer", System.IdentityModel.SR.GetString("SamlSerializerRequiresExternalSerializers"));
}
bool flag = false;
if (tokenSerializer.CanWriteKeyIdentifier(ski))
{
tokenSerializer.WriteKeyIdentifier(writer, ski);
flag = true;
}
if (!flag)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.IdentityModel.SR.GetString("SamlSerializerUnableToWriteSecurityKeyIdentifier", new object[] { ski.ToString() })));
}
}
/// <summary>
/// Resolves the given SecurityKeyIdentifierClause to a SecurityKey.
/// </summary>
/// <param name="keyIdentifierClause">SecurityKeyIdentifierClause to resolve</param>
/// <param name="key">The resolved SecurityKey.</param>
/// <returns>True if successfully resolved.</returns>
/// <exception cref="ArgumentNullException">The input argument 'keyIdentifierClause' is null.</exception>
protected override bool TryResolveSecurityKeyCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityKey key)
{
if (keyIdentifierClause == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("keyIdentifierClause");
}
key = null;
EncryptedKeyIdentifierClause encryptedKeyIdentifierClause = keyIdentifierClause as EncryptedKeyIdentifierClause;
if (encryptedKeyIdentifierClause != null)
{
SecurityKeyIdentifier keyIdentifier = encryptedKeyIdentifierClause.EncryptingKeyIdentifier;
if (keyIdentifier != null && keyIdentifier.Count > 0)
{
for (int i = 0; i < keyIdentifier.Count; i++)
{
SecurityKey unwrappingSecurityKey = null;
if (TryResolveSecurityKey(keyIdentifier[i], out unwrappingSecurityKey))
{
byte[] wrappedKey = encryptedKeyIdentifierClause.GetEncryptedKey();
string wrappingAlgorithm = encryptedKeyIdentifierClause.EncryptionMethod;
byte[] unwrappedKey = unwrappingSecurityKey.DecryptKey(wrappingAlgorithm, wrappedKey);
key = new InMemorySymmetricSecurityKey(unwrappedKey, false);
return(true);
}
}
}
}
else
{
SecurityToken token = null;
if (TryResolveToken(keyIdentifierClause, out token))
{
if (token.SecurityKeys.Count > 0)
{
key = token.SecurityKeys[0];
return(true);
}
}
}
return(false);
}
public SigningCredentials(SecurityKey signingKey, string signatureAlgorithm, string digestAlgorithm, SecurityKeyIdentifier signingKeyIdentifier)
{
if (signingKey == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("signingKey"));
}
if (signatureAlgorithm == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("signatureAlgorithm"));
}
if (digestAlgorithm == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("digestAlgorithm"));
}
this.signingKey = signingKey;
this.signatureAlgorithm = signatureAlgorithm;
this.digestAlgorithm = digestAlgorithm;
this.signingKeyIdentifier = signingKeyIdentifier;
}
protected override void WriteKeyIdentifierCore(XmlWriter writer, SecurityKeyIdentifier keyIdentifier)
{
bool wroteKeyIdentifier = false;
XmlDictionaryWriter localWriter = XmlDictionaryWriter.CreateDictionaryWriter(writer);
for (int i = 0; i < _keyIdentifierEntries.Count; ++i)
{
KeyIdentifierEntry keyIdentifierEntry = _keyIdentifierEntries[i];
if (keyIdentifierEntry.SupportsCore(keyIdentifier))
{
try
{
keyIdentifierEntry.WriteKeyIdentifierCore(localWriter, keyIdentifier);
}
#pragma warning disable 56500 // covered by FxCOP
catch (Exception e)
{
if (Fx.IsFatal(e))
{
throw;
}
if (!ShouldWrapException(e))
{
throw;
}
throw /*System.ServiceModel.*/ DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(string.Format(SR_IdentityModel.ErrorSerializingKeyIdentifier), e));
}
wroteKeyIdentifier = true;
break;
}
}
if (!wroteKeyIdentifier)
{
//TODO: throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.StandardsManagerCannotWriteObject, keyIdentifier.GetType())));
throw new XmlException(SRServiceModel.StandardsManagerCannotWriteObject);
}
localWriter.Flush();
}
internal static SecurityToken ResolveSecurityToken(SecurityKeyIdentifier ski, SecurityTokenResolver tokenResolver)
{
SecurityToken token = null;
RsaKeyIdentifierClause clause;
X509RawDataKeyIdentifierClause clause2;
if (tokenResolver != null)
{
tokenResolver.TryResolveToken(ski, out token);
}
if ((token == null) && ski.TryFind <RsaKeyIdentifierClause>(out clause))
{
token = new RsaSecurityToken(clause.Rsa);
}
if ((token == null) && ski.TryFind <X509RawDataKeyIdentifierClause>(out clause2))
{
token = new X509SecurityToken(new X509Certificate2(clause2.GetX509RawData()));
}
return(token);
}
internal static void WriteSecurityKeyIdentifier(XmlWriter writer, SecurityKeyIdentifier ski, SecurityTokenSerializer tokenSerializer)
{
if (tokenSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenSerializer", SR.GetString(SR.SamlSerializerRequiresExternalSerializers));
}
bool keyWritten = false;
if (tokenSerializer.CanWriteKeyIdentifier(ski))
{
tokenSerializer.WriteKeyIdentifier(writer, ski);
keyWritten = true;
}
if (!keyWritten)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SamlSerializerUnableToWriteSecurityKeyIdentifier, ski.ToString())));
}
}
protected override void WriteKeyIdentifierCore(XmlWriter writer, SecurityKeyIdentifier keyIdentifier)
{
bool wroteKeyIdentifier = false;
XmlDictionaryWriter localWriter = XmlDictionaryWriter.CreateDictionaryWriter(writer);
for (int i = 0; i < _keyIdentifierEntries.Count; ++i)
{
KeyIdentifierEntry keyIdentifierEntry = _keyIdentifierEntries[i];
if (keyIdentifierEntry.SupportsCore(keyIdentifier))
{
try
{
keyIdentifierEntry.WriteKeyIdentifierCore(localWriter, keyIdentifier);
}
catch (Exception e)
{
if (Fx.IsFatal(e))
{
throw;
}
if (!ShouldWrapException(e))
{
throw;
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.Format(SR.ErrorSerializingKeyIdentifier), e));
}
wroteKeyIdentifier = true;
break;
}
}
if (!wroteKeyIdentifier)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.StandardsManagerCannotWriteObject, keyIdentifier.GetType())));
}
localWriter.Flush();
}
private static SecurityKey ResolveSecurityKey(SecurityKeyIdentifier ski, SecurityTokenResolver tokenResolver, out SecurityKeyIdentifierClause clause)
{
if (ski == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("ski");
}
clause = null;
if (tokenResolver != null)
{
for (int i = 0; i < ski.Count; ++i)
{
SecurityKey key = null;
if (tokenResolver.TryResolveSecurityKey(ski[i], out key))
{
clause = ski[i];
return(key);
}
}
}
if (ski.CanCreateKey)
{
foreach (var skiClause in ski)
{
if (skiClause.CanCreateKey)
{
clause = skiClause;
return(clause.CreateKey());
}
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.KeyIdentifierCannotCreateKey)));
}
return(null);
}
public override SecurityKeyIdentifier ReadKeyIdentifierCore(XmlDictionaryReader reader)
{
reader.ReadStartElement(LocalName, NamespaceUri);
SecurityKeyIdentifier keyIdentifier = new SecurityKeyIdentifier();
while (reader.IsStartElement())
{
SecurityKeyIdentifierClause clause = this.securityTokenSerializer.ReadKeyIdentifierClause(reader);
if (clause == null)
{
reader.Skip();
}
else
{
keyIdentifier.Add(clause);
}
}
if (keyIdentifier.Count == 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.ErrorDeserializingKeyIdentifierClause)));
}
reader.ReadEndElement();
return(keyIdentifier);
}
