internal RsaEndpointIdentity(XmlDictionaryReader reader)
{
reader.ReadStartElement(XD.XmlSignatureDictionary.RsaKeyValue, XD.XmlSignatureDictionary.Namespace);
byte[] modulus = Convert.FromBase64String(reader.ReadElementString(XD.XmlSignatureDictionary.Modulus.Value, XD.XmlSignatureDictionary.Namespace.Value));
byte[] exponent = Convert.FromBase64String(reader.ReadElementString(XD.XmlSignatureDictionary.Exponent.Value, XD.XmlSignatureDictionary.Namespace.Value));
reader.ReadEndElement();
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
RSAParameters parameters = new RSAParameters();
parameters.Exponent = exponent;
parameters.Modulus = modulus;
rsa.ImportParameters(parameters);
base.Initialize(Claim.CreateRsaClaim(rsa));
}
internal X509CertificateEndpointIdentity(XmlDictionaryReader reader)
{
if (reader == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
reader.MoveToContent();
if (reader.IsEmptyElement)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.UnexpectedEmptyElementExpectingClaim, XD.AddressingDictionary.X509v3Certificate.Value, XD.AddressingDictionary.IdentityExtensionNamespace.Value)));
reader.ReadStartElement(XD.XmlSignatureDictionary.X509Data, XD.XmlSignatureDictionary.Namespace);
while (reader.IsStartElement(XD.XmlSignatureDictionary.X509Certificate, XD.XmlSignatureDictionary.Namespace))
{
X509Certificate2 certificate = new X509Certificate2(Convert.FromBase64String(reader.ReadElementString()));
if (this.certificateCollection.Count == 0)
{
// This is the first certificate. We assume this as the primary
// certificate and initialize the base class.
base.Initialize(new Claim(ClaimTypes.Thumbprint, certificate.GetCertHash(), Rights.PossessProperty));
}
this.certificateCollection.Add(certificate);
}
reader.ReadEndElement();
if (this.certificateCollection.Count == 0)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.UnexpectedEmptyElementExpectingClaim, XD.AddressingDictionary.X509v3Certificate.Value, XD.AddressingDictionary.IdentityExtensionNamespace.Value)));
}
public static AuthorizationHeader ReadHeader(XmlDictionaryReader reader)
{
AuthorizationHeader header = null;
// Read the header content (key) using the XmlDictionaryReader
if (reader.ReadToDescendant(Config.AuthorizationTokenName, Config.HeaderNamespace))
header = new AuthorizationHeader(reader.ReadElementString());
return header;
}
public static string DeserializeEunmerationContext(XmlDictionaryReader reader)
{
if (!reader.IsStartElement("EnumerationContext", "http://schemas.xmlsoap.org/ws/2004/09/enumeration"))
{
return null;
}
else
{
return reader.ReadElementString("EnumerationContext", "http://schemas.xmlsoap.org/ws/2004/09/enumeration");
}
}
protected override void OnReadBodyContents(XmlDictionaryReader reader)
{
base.OnReadBodyContents(reader);
reader.ReadStartElement("ResourceCreated", "http://schemas.xmlsoap.org/ws/2004/09/transfer");
reader.Skip();
reader.ReadStartElement("ReferenceParameters", "http://www.w3.org/2005/08/addressing");
XmlUtility.DeserializeObjectReference(reader, out this._objectReference);
this._instance = reader.ReadElementString("instance", "http://schemas.microsoft.com/2008/1/ActiveDirectory");
reader.ReadEndElement();
reader.ReadEndElement();
DirectoryControlSerializer.Deserialize(reader, out this._controls, false, false);
reader.ReadEndElement();
}
public static void DeserializeExpiresIfNeeded(XmlDictionaryReader reader, ref DateTime? dateTimeFormat, ref TimeSpan? timeSpanFormat)
{
if (reader.IsStartElement("Expires", "http://schemas.xmlsoap.org/ws/2004/09/enumeration"))
{
string str = reader.ReadElementString();
try
{
if (!str.StartsWith("P", StringComparison.OrdinalIgnoreCase))
{
dateTimeFormat = new DateTime?(XmlConvert.ToDateTime(str, XmlDateTimeSerializationMode.Utc));
}
else
{
timeSpanFormat = new TimeSpan?(XmlConvert.ToTimeSpan(str));
}
}
catch (RemotingException remotingException)
{
throw;
}
}
}
static string ParsePassword(XmlDictionaryReader reader)
{
string type = reader.GetAttribute(XD.SecurityJan2004Dictionary.TypeAttribute, null);
if (type != null && type.Length > 0 && type != SecurityJan2004Strings.UPTokenPasswordTextValue)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.UnsupportedPasswordType, type)));
}
return reader.ReadElementString();
}
static void ParseToken(XmlDictionaryReader reader, out string id, out string userName, out string password)
{
id = null;
userName = null;
password = null;
reader.MoveToContent();
id = reader.GetAttribute(XD.UtilityDictionary.IdAttribute, XD.UtilityDictionary.Namespace);
reader.ReadStartElement(XD.SecurityJan2004Dictionary.UserNameTokenElement, XD.SecurityJan2004Dictionary.Namespace);
while (reader.IsStartElement())
{
if (reader.IsStartElement(XD.SecurityJan2004Dictionary.UserNameElement, XD.SecurityJan2004Dictionary.Namespace))
{
userName = reader.ReadElementString();
}
else if (reader.IsStartElement(XD.SecurityJan2004Dictionary.PasswordElement, XD.SecurityJan2004Dictionary.Namespace))
{
password = ParsePassword(reader);
}
else if (reader.IsStartElement(XD.SecurityJan2004Dictionary.NonceElement, XD.SecurityJan2004Dictionary.Namespace))
{
// Nonce can be safely ignored
reader.Skip();
}
else if (reader.IsStartElement(XD.UtilityDictionary.CreatedElement, XD.UtilityDictionary.Namespace))
{
// wsu:Created can be safely ignored
reader.Skip();
}
else
{
XmlHelper.OnUnexpectedChildNodeError(SecurityJan2004Strings.UserNameTokenElement, reader);
}
}
reader.ReadEndElement();
if (userName == null)
XmlHelper.OnRequiredElementMissing(SecurityJan2004Strings.UserNameElement, SecurityJan2004Strings.Namespace);
}
public static ClaimSet DeserializeClaimSet(XmlDictionaryReader reader, SctClaimDictionary dictionary, XmlObjectSerializer serializer, XmlObjectSerializer claimSerializer)
{
if (reader.IsStartElement(dictionary.NullValue, dictionary.EmptyString))
{
reader.ReadElementString();
return null;
}
else if (reader.IsStartElement(dictionary.X509CertificateClaimSet, dictionary.EmptyString))
{
reader.ReadStartElement();
byte[] rawData = reader.ReadContentAsBase64();
reader.ReadEndElement();
return new X509CertificateClaimSet(new X509Certificate2(rawData), false);
}
else if (reader.IsStartElement(dictionary.SystemClaimSet, dictionary.EmptyString))
{
reader.ReadElementString();
return ClaimSet.System;
}
else if (reader.IsStartElement(dictionary.WindowsClaimSet, dictionary.EmptyString))
{
reader.ReadElementString();
return ClaimSet.Windows;
}
else if (reader.IsStartElement(dictionary.AnonymousClaimSet, dictionary.EmptyString))
{
reader.ReadElementString();
return ClaimSet.Anonymous;
}
else if (reader.IsStartElement(dictionary.ClaimSet, dictionary.EmptyString))
{
ClaimSet issuer = null;
List<Claim> claims = new List<Claim>();
reader.ReadStartElement();
if (reader.IsStartElement(dictionary.PrimaryIssuer, dictionary.EmptyString))
{
reader.ReadStartElement();
issuer = DeserializeClaimSet(reader, dictionary, serializer, claimSerializer);
reader.ReadEndElement();
}
while (reader.IsStartElement())
{
reader.ReadStartElement();
claims.Add(DeserializeClaim(reader, dictionary, claimSerializer));
reader.ReadEndElement();
}
reader.ReadEndElement();
return issuer != null ? new DefaultClaimSet(issuer, claims) : new DefaultClaimSet(claims);
}
else
{
return (ClaimSet)serializer.ReadObject(reader);
}
}
/// <summary>
/// Deserializes a WCF claim.
/// </summary>
/// <param name="reader">XmlReader to the WCF Claim.</param>
/// <returns>Instance of <see cref="System.IdentityModel.Claims.Claim"/></returns>
private SysClaim DeserializeSysClaim(XmlDictionaryReader reader)
{
SessionDictionary dictionary = SessionDictionary.Instance;
if (reader.IsStartElement(dictionary.NullValue, dictionary.EmptyString))
{
reader.ReadElementString();
return null;
}
else if (reader.IsStartElement(dictionary.WindowsSidClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] sidBytes = reader.ReadContentAsBase64();
reader.ReadEndElement();
return new SysClaim(SysClaimTypes.Sid, new SecurityIdentifier(sidBytes, 0), right);
}
else if (reader.IsStartElement(dictionary.DenyOnlySidClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] sidBytes = reader.ReadContentAsBase64();
reader.ReadEndElement();
return new SysClaim(SysClaimTypes.DenyOnlySid, new SecurityIdentifier(sidBytes, 0), right);
}
else if (reader.IsStartElement(dictionary.X500DistinguishedNameClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] rawData = reader.ReadContentAsBase64();
reader.ReadEndElement();
return new SysClaim(SysClaimTypes.X500DistinguishedName, new X500DistinguishedName(rawData), right);
}
else if (reader.IsStartElement(dictionary.X509ThumbprintClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] thumbprint = reader.ReadContentAsBase64();
reader.ReadEndElement();
return new SysClaim(SysClaimTypes.Thumbprint, thumbprint, right);
}
else if (reader.IsStartElement(dictionary.NameClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string name = reader.ReadString();
reader.ReadEndElement();
return new SysClaim(SysClaimTypes.Name, name, right);
}
else if (reader.IsStartElement(dictionary.DnsClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string dns = reader.ReadString();
reader.ReadEndElement();
return new SysClaim(SysClaimTypes.Dns, dns, right);
}
else if (reader.IsStartElement(dictionary.RsaClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string rsaXml = reader.ReadString();
reader.ReadEndElement();
System.Security.Cryptography.RSACryptoServiceProvider rsa = new System.Security.Cryptography.RSACryptoServiceProvider();
rsa.FromXmlString(rsaXml);
return new SysClaim(SysClaimTypes.Rsa, rsa, right);
}
else if (reader.IsStartElement(dictionary.MailAddressClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string address = reader.ReadString();
reader.ReadEndElement();
return new SysClaim(SysClaimTypes.Email, new System.Net.Mail.MailAddress(address), right);
}
else if (reader.IsStartElement(dictionary.SystemClaim, dictionary.EmptyString))
{
reader.ReadElementString();
return SysClaim.System;
}
else if (reader.IsStartElement(dictionary.HashClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] hash = reader.ReadContentAsBase64();
reader.ReadEndElement();
return new SysClaim(SysClaimTypes.Hash, hash, right);
}
else if (reader.IsStartElement(dictionary.SpnClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string spn = reader.ReadString();
reader.ReadEndElement();
return new SysClaim(SysClaimTypes.Spn, spn, right);
}
else if (reader.IsStartElement(dictionary.UpnClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string upn = reader.ReadString();
reader.ReadEndElement();
return new SysClaim(SysClaimTypes.Upn, upn, right);
}
else if (reader.IsStartElement(dictionary.UrlClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string url = reader.ReadString();
reader.ReadEndElement();
return new SysClaim(SysClaimTypes.Uri, new Uri(url), right);
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.ID4289, reader.LocalName, reader.NamespaceURI)));
}
}
private static string ParsePassword(XmlDictionaryReader reader)
{
string attribute = reader.GetAttribute(XD.SecurityJan2004Dictionary.TypeAttribute, null);
if (((attribute != null) && (attribute.Length > 0)) && (attribute != "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(System.ServiceModel.SR.GetString("UnsupportedPasswordType", new object[] { attribute })));
}
return reader.ReadElementString();
}
public static Claim DeserializeClaim(XmlDictionaryReader reader, SctClaimDictionary dictionary, XmlObjectSerializer serializer)
{
if (reader.IsStartElement(dictionary.NullValue, dictionary.EmptyString))
{
reader.ReadElementString();
return null;
}
else if (reader.IsStartElement(dictionary.WindowsSidClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] sidBytes = reader.ReadContentAsBase64();
reader.ReadEndElement();
return new Claim(ClaimTypes.Sid, new SecurityIdentifier(sidBytes, 0), right);
}
else if (reader.IsStartElement(dictionary.DenyOnlySidClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] sidBytes = reader.ReadContentAsBase64();
reader.ReadEndElement();
return new Claim(ClaimTypes.DenyOnlySid, new SecurityIdentifier(sidBytes, 0), right);
}
else if (reader.IsStartElement(dictionary.X500DistinguishedNameClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] rawData = reader.ReadContentAsBase64();
reader.ReadEndElement();
return new Claim(ClaimTypes.X500DistinguishedName, new X500DistinguishedName(rawData), right);
}
else if (reader.IsStartElement(dictionary.X509ThumbprintClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] thumbprint = reader.ReadContentAsBase64();
reader.ReadEndElement();
return new Claim(ClaimTypes.Thumbprint, thumbprint, right);
}
else if (reader.IsStartElement(dictionary.NameClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string name = reader.ReadString();
reader.ReadEndElement();
return new Claim(ClaimTypes.Name, name, right);
}
else if (reader.IsStartElement(dictionary.DnsClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string dns = reader.ReadString();
reader.ReadEndElement();
return new Claim(ClaimTypes.Dns, dns, right);
}
else if (reader.IsStartElement(dictionary.RsaClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string rsaXml = reader.ReadString();
reader.ReadEndElement();
System.Security.Cryptography.RSACryptoServiceProvider rsa = new System.Security.Cryptography.RSACryptoServiceProvider();
rsa.FromXmlString(rsaXml);
return new Claim(ClaimTypes.Rsa, rsa, right);
}
else if (reader.IsStartElement(dictionary.MailAddressClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string address = reader.ReadString();
reader.ReadEndElement();
return new Claim(ClaimTypes.Email, new System.Net.Mail.MailAddress(address), right);
}
else if (reader.IsStartElement(dictionary.SystemClaim, dictionary.EmptyString))
{
reader.ReadElementString();
return Claim.System;
}
else if (reader.IsStartElement(dictionary.HashClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] hash = reader.ReadContentAsBase64();
reader.ReadEndElement();
return new Claim(ClaimTypes.Hash, hash, right);
}
else if (reader.IsStartElement(dictionary.SpnClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string spn = reader.ReadString();
reader.ReadEndElement();
return new Claim(ClaimTypes.Spn, spn, right);
}
else if (reader.IsStartElement(dictionary.UpnClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string upn = reader.ReadString();
reader.ReadEndElement();
return new Claim(ClaimTypes.Upn, upn, right);
}
else if (reader.IsStartElement(dictionary.UrlClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string url = reader.ReadString();
reader.ReadEndElement();
return new Claim(ClaimTypes.Uri, new Uri(url), right);
}
else
{
return (Claim)serializer.ReadObject(reader);
}
}
private static void ParseToken(XmlDictionaryReader reader, out string id, out string userName, out string password)
{
id = null;
userName = null;
password = null;
reader.MoveToContent();
id = reader.GetAttribute(XD.UtilityDictionary.IdAttribute, XD.UtilityDictionary.Namespace);
reader.ReadStartElement(XD.SecurityJan2004Dictionary.UserNameTokenElement, XD.SecurityJan2004Dictionary.Namespace);
while (reader.IsStartElement())
{
if (reader.IsStartElement(XD.SecurityJan2004Dictionary.UserNameElement, XD.SecurityJan2004Dictionary.Namespace))
{
userName = reader.ReadElementString();
}
else
{
if (reader.IsStartElement(XD.SecurityJan2004Dictionary.PasswordElement, XD.SecurityJan2004Dictionary.Namespace))
{
password = ParsePassword(reader);
continue;
}
if (reader.IsStartElement(XD.SecurityJan2004Dictionary.NonceElement, XD.SecurityJan2004Dictionary.Namespace))
{
reader.Skip();
continue;
}
if (reader.IsStartElement(XD.UtilityDictionary.CreatedElement, XD.UtilityDictionary.Namespace))
{
reader.Skip();
continue;
}
XmlHelper.OnUnexpectedChildNodeError("UsernameToken", reader);
}
}
reader.ReadEndElement();
if (userName == null)
{
XmlHelper.OnRequiredElementMissing("Username", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
}
}
public override string ReadElementString(string localName)
{
return(reader.ReadElementString(localName));
}
public static CustomSecurityHeader ReadHeader(XmlDictionaryReader reader)
{
if (reader.ReadToDescendant(CustomHeaderNames.KeyName, CustomHeaderNames.CustomHeaderNamespace))
{
String key = reader.ReadElementString();
return (new CustomSecurityHeader(key));
}
else
{
return null;
}
}
public static Claim DeserializeClaim(XmlDictionaryReader reader, SctClaimDictionary dictionary, XmlObjectSerializer serializer)
{
if (reader.IsStartElement(dictionary.NullValue, dictionary.EmptyString))
{
reader.ReadElementString();
return null;
}
if (reader.IsStartElement(dictionary.WindowsSidClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] binaryForm = reader.ReadContentAsBase64();
reader.ReadEndElement();
return new Claim(ClaimTypes.Sid, new SecurityIdentifier(binaryForm, 0), right);
}
if (reader.IsStartElement(dictionary.DenyOnlySidClaim, dictionary.EmptyString))
{
string str2 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] buffer2 = reader.ReadContentAsBase64();
reader.ReadEndElement();
return new Claim(ClaimTypes.DenyOnlySid, new SecurityIdentifier(buffer2, 0), str2);
}
if (reader.IsStartElement(dictionary.X500DistinguishedNameClaim, dictionary.EmptyString))
{
string str3 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] encodedDistinguishedName = reader.ReadContentAsBase64();
reader.ReadEndElement();
return new Claim(ClaimTypes.X500DistinguishedName, new X500DistinguishedName(encodedDistinguishedName), str3);
}
if (reader.IsStartElement(dictionary.X509ThumbprintClaim, dictionary.EmptyString))
{
string str4 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] resource = reader.ReadContentAsBase64();
reader.ReadEndElement();
return new Claim(ClaimTypes.Thumbprint, resource, str4);
}
if (reader.IsStartElement(dictionary.NameClaim, dictionary.EmptyString))
{
string str5 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string str6 = reader.ReadString();
reader.ReadEndElement();
return new Claim(ClaimTypes.Name, str6, str5);
}
if (reader.IsStartElement(dictionary.DnsClaim, dictionary.EmptyString))
{
string str7 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string str8 = reader.ReadString();
reader.ReadEndElement();
return new Claim(ClaimTypes.Dns, str8, str7);
}
if (reader.IsStartElement(dictionary.RsaClaim, dictionary.EmptyString))
{
string str9 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string xmlString = reader.ReadString();
reader.ReadEndElement();
RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
provider.FromXmlString(xmlString);
return new Claim(ClaimTypes.Rsa, provider, str9);
}
if (reader.IsStartElement(dictionary.MailAddressClaim, dictionary.EmptyString))
{
string str11 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string address = reader.ReadString();
reader.ReadEndElement();
return new Claim(ClaimTypes.Email, new MailAddress(address), str11);
}
if (reader.IsStartElement(dictionary.SystemClaim, dictionary.EmptyString))
{
reader.ReadElementString();
return Claim.System;
}
if (reader.IsStartElement(dictionary.HashClaim, dictionary.EmptyString))
{
string str13 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] buffer5 = reader.ReadContentAsBase64();
reader.ReadEndElement();
return new Claim(ClaimTypes.Hash, buffer5, str13);
}
if (reader.IsStartElement(dictionary.SpnClaim, dictionary.EmptyString))
{
string str14 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string str15 = reader.ReadString();
reader.ReadEndElement();
return new Claim(ClaimTypes.Spn, str15, str14);
}
if (reader.IsStartElement(dictionary.UpnClaim, dictionary.EmptyString))
{
string str16 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string str17 = reader.ReadString();
reader.ReadEndElement();
return new Claim(ClaimTypes.Upn, str17, str16);
}
if (reader.IsStartElement(dictionary.UrlClaim, dictionary.EmptyString))
{
string str18 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string uriString = reader.ReadString();
reader.ReadEndElement();
return new Claim(ClaimTypes.Uri, new Uri(uriString), str18);
}
return (Claim) serializer.ReadObject(reader);
}
internal static EndpointIdentity ReadIdentity(XmlDictionaryReader reader)
{
if (reader == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
EndpointIdentity readIdentity = null;
reader.MoveToContent();
if (reader.IsEmptyElement)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.Format(SR.UnexpectedEmptyElementExpectingClaim, XD.AddressingDictionary.Identity.Value, XD.AddressingDictionary.IdentityExtensionNamespace.Value)));
reader.ReadStartElement(XD.AddressingDictionary.Identity, XD.AddressingDictionary.IdentityExtensionNamespace);
if (reader.IsStartElement(XD.AddressingDictionary.Spn, XD.AddressingDictionary.IdentityExtensionNamespace))
{
readIdentity = new SpnEndpointIdentity(reader.ReadElementString());
}
else if (reader.IsStartElement(XD.AddressingDictionary.Upn, XD.AddressingDictionary.IdentityExtensionNamespace))
{
readIdentity = new UpnEndpointIdentity(reader.ReadElementString());
}
else if (reader.IsStartElement(XD.AddressingDictionary.Dns, XD.AddressingDictionary.IdentityExtensionNamespace))
{
readIdentity = new DnsEndpointIdentity(reader.ReadElementString());
}
else if (reader.IsStartElement(XD.XmlSignatureDictionary.KeyInfo, XD.XmlSignatureDictionary.Namespace))
{
reader.ReadStartElement();
if (reader.IsStartElement(XD.XmlSignatureDictionary.X509Data, XD.XmlSignatureDictionary.Namespace))
{
readIdentity = new X509CertificateEndpointIdentity(reader);
}
else if (reader.IsStartElement(XD.XmlSignatureDictionary.RsaKeyValue, XD.XmlSignatureDictionary.Namespace))
{
throw ExceptionHelper.PlatformNotSupported("EndpointIdentity.ReadIdentity RsaEndpointIdentity is not supported.");
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.Format(SR.UnrecognizedIdentityType, reader.Name, reader.NamespaceURI)));
}
reader.ReadEndElement();
}
else if (reader.NodeType == XmlNodeType.Element)
{
//
// Something unknown
//
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.Format(SR.UnrecognizedIdentityType, reader.Name, reader.NamespaceURI)));
}
else
{
//
// EndpointIdentity element is empty or some other invalid xml
//
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.InvalidIdentityElement));
}
reader.ReadEndElement();
return readIdentity;
}
internal static EndpointIdentity ReadIdentity(XmlDictionaryReader reader)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
EndpointIdentity identity = null;
reader.MoveToContent();
if (reader.IsEmptyElement)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(System.ServiceModel.SR.GetString("UnexpectedEmptyElementExpectingClaim", new object[] { XD.AddressingDictionary.Identity.Value, XD.AddressingDictionary.IdentityExtensionNamespace.Value })));
}
reader.ReadStartElement(XD.AddressingDictionary.Identity, XD.AddressingDictionary.IdentityExtensionNamespace);
if (reader.IsStartElement(XD.AddressingDictionary.Spn, XD.AddressingDictionary.IdentityExtensionNamespace))
{
identity = new SpnEndpointIdentity(reader.ReadElementString());
}
else if (reader.IsStartElement(XD.AddressingDictionary.Upn, XD.AddressingDictionary.IdentityExtensionNamespace))
{
identity = new UpnEndpointIdentity(reader.ReadElementString());
}
else if (reader.IsStartElement(XD.AddressingDictionary.Dns, XD.AddressingDictionary.IdentityExtensionNamespace))
{
identity = new DnsEndpointIdentity(reader.ReadElementString());
}
else if (reader.IsStartElement(XD.XmlSignatureDictionary.KeyInfo, XD.XmlSignatureDictionary.Namespace))
{
reader.ReadStartElement();
if (reader.IsStartElement(XD.XmlSignatureDictionary.X509Data, XD.XmlSignatureDictionary.Namespace))
{
identity = new X509CertificateEndpointIdentity(reader);
}
else
{
if (!reader.IsStartElement(XD.XmlSignatureDictionary.RsaKeyValue, XD.XmlSignatureDictionary.Namespace))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(System.ServiceModel.SR.GetString("UnrecognizedIdentityType", new object[] { reader.Name, reader.NamespaceURI })));
}
identity = new RsaEndpointIdentity(reader);
}
reader.ReadEndElement();
}
else
{
if (reader.NodeType == XmlNodeType.Element)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(System.ServiceModel.SR.GetString("UnrecognizedIdentityType", new object[] { reader.Name, reader.NamespaceURI })));
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(System.ServiceModel.SR.GetString("InvalidIdentityElement")));
}
reader.ReadEndElement();
return identity;
}
internal X509CertificateEndpointIdentity(XmlDictionaryReader reader)
{
this.certificateCollection = new X509Certificate2Collection();
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
reader.MoveToContent();
if (reader.IsEmptyElement)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(System.ServiceModel.SR.GetString("UnexpectedEmptyElementExpectingClaim", new object[] { XD.AddressingDictionary.X509v3Certificate.Value, XD.AddressingDictionary.IdentityExtensionNamespace.Value })));
}
reader.ReadStartElement(XD.XmlSignatureDictionary.X509Data, XD.XmlSignatureDictionary.Namespace);
while (reader.IsStartElement(XD.XmlSignatureDictionary.X509Certificate, XD.XmlSignatureDictionary.Namespace))
{
X509Certificate2 certificate = new X509Certificate2(Convert.FromBase64String(reader.ReadElementString()));
if (this.certificateCollection.Count == 0)
{
base.Initialize(new Claim(ClaimTypes.Thumbprint, certificate.GetCertHash(), Rights.PossessProperty));
}
this.certificateCollection.Add(certificate);
}
reader.ReadEndElement();
if (this.certificateCollection.Count == 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(System.ServiceModel.SR.GetString("UnexpectedEmptyElementExpectingClaim", new object[] { XD.AddressingDictionary.X509v3Certificate.Value, XD.AddressingDictionary.IdentityExtensionNamespace.Value })));
}
}