192 lines
6.7 KiB
C#
192 lines
6.7 KiB
C#
|
//------------------------------------------------------------
|
||
|
// Copyright (c) Microsoft Corporation. All rights reserved.
|
||
|
//------------------------------------------------------------
|
||
|
|
||
|
namespace System.IdentityModel.Tokens
|
||
|
{
|
||
|
using System;
|
||
|
using System.Collections.ObjectModel;
|
||
|
using System.Globalization;
|
||
|
using System.IO;
|
||
|
using System.IdentityModel.Claims;
|
||
|
using System.IdentityModel.Policy;
|
||
|
using System.Security.Cryptography;
|
||
|
using System.Security.Principal;
|
||
|
using System.Xml;
|
||
|
using System.Runtime.Serialization;
|
||
|
using System.Collections.Generic;
|
||
|
|
||
|
public class GenericXmlSecurityToken : SecurityToken
|
||
|
{
|
||
|
const int SupportedPersistanceVersion = 1;
|
||
|
string id;
|
||
|
SecurityToken proofToken;
|
||
|
SecurityKeyIdentifierClause internalTokenReference;
|
||
|
SecurityKeyIdentifierClause externalTokenReference;
|
||
|
XmlElement tokenXml;
|
||
|
ReadOnlyCollection<IAuthorizationPolicy> authorizationPolicies;
|
||
|
DateTime effectiveTime;
|
||
|
DateTime expirationTime;
|
||
|
|
||
|
public GenericXmlSecurityToken(
|
||
|
XmlElement tokenXml,
|
||
|
SecurityToken proofToken,
|
||
|
DateTime effectiveTime,
|
||
|
DateTime expirationTime,
|
||
|
SecurityKeyIdentifierClause internalTokenReference,
|
||
|
SecurityKeyIdentifierClause externalTokenReference,
|
||
|
ReadOnlyCollection<IAuthorizationPolicy> authorizationPolicies
|
||
|
)
|
||
|
{
|
||
|
if (tokenXml == null)
|
||
|
{
|
||
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenXml");
|
||
|
}
|
||
|
|
||
|
this.id = GetId(tokenXml);
|
||
|
this.tokenXml = tokenXml;
|
||
|
this.proofToken = proofToken;
|
||
|
this.effectiveTime = effectiveTime.ToUniversalTime();
|
||
|
this.expirationTime = expirationTime.ToUniversalTime();
|
||
|
|
||
|
this.internalTokenReference = internalTokenReference;
|
||
|
this.externalTokenReference = externalTokenReference;
|
||
|
this.authorizationPolicies = authorizationPolicies ?? EmptyReadOnlyCollection<IAuthorizationPolicy>.Instance;
|
||
|
}
|
||
|
|
||
|
public override string Id
|
||
|
{
|
||
|
get { return this.id; }
|
||
|
}
|
||
|
|
||
|
public override DateTime ValidFrom
|
||
|
{
|
||
|
get { return this.effectiveTime; }
|
||
|
}
|
||
|
|
||
|
public override DateTime ValidTo
|
||
|
{
|
||
|
get { return this.expirationTime; }
|
||
|
}
|
||
|
|
||
|
public SecurityKeyIdentifierClause InternalTokenReference
|
||
|
{
|
||
|
get { return this.internalTokenReference; }
|
||
|
}
|
||
|
|
||
|
public SecurityKeyIdentifierClause ExternalTokenReference
|
||
|
{
|
||
|
get { return this.externalTokenReference; }
|
||
|
}
|
||
|
|
||
|
public XmlElement TokenXml
|
||
|
{
|
||
|
get { return this.tokenXml; }
|
||
|
}
|
||
|
|
||
|
public SecurityToken ProofToken
|
||
|
{
|
||
|
get { return this.proofToken; }
|
||
|
}
|
||
|
|
||
|
public ReadOnlyCollection<IAuthorizationPolicy> AuthorizationPolicies
|
||
|
{
|
||
|
get { return this.authorizationPolicies; }
|
||
|
}
|
||
|
|
||
|
public override ReadOnlyCollection<SecurityKey> SecurityKeys
|
||
|
{
|
||
|
get
|
||
|
{
|
||
|
if (this.proofToken != null)
|
||
|
return this.proofToken.SecurityKeys;
|
||
|
else
|
||
|
return EmptyReadOnlyCollection<SecurityKey>.Instance;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
public override string ToString()
|
||
|
{
|
||
|
StringWriter writer = new StringWriter(CultureInfo.InvariantCulture);
|
||
|
writer.WriteLine("Generic XML token:");
|
||
|
writer.WriteLine(" validFrom: {0}", this.ValidFrom);
|
||
|
writer.WriteLine(" validTo: {0}", this.ValidTo);
|
||
|
if (this.internalTokenReference != null)
|
||
|
writer.WriteLine(" InternalTokenReference: {0}", this.internalTokenReference);
|
||
|
if (this.externalTokenReference != null)
|
||
|
writer.WriteLine(" ExternalTokenReference: {0}", this.externalTokenReference);
|
||
|
writer.WriteLine(" Token Element: ({0}, {1})", this.tokenXml.LocalName, this.tokenXml.NamespaceURI);
|
||
|
return writer.ToString();
|
||
|
}
|
||
|
|
||
|
static string GetId(XmlElement tokenXml)
|
||
|
{
|
||
|
if (tokenXml != null)
|
||
|
{
|
||
|
string id = tokenXml.GetAttribute(UtilityStrings.IdAttribute, UtilityStrings.Namespace);
|
||
|
if ( string.IsNullOrEmpty( id ) )
|
||
|
{
|
||
|
// special case SAML 1.1 as this is the only possible ID as
|
||
|
// spec is closed. SAML 2.0 is xs:ID
|
||
|
id = tokenXml.GetAttribute("AssertionID");
|
||
|
|
||
|
// if we are still null, "Id"
|
||
|
if ( string.IsNullOrEmpty( id ) )
|
||
|
{
|
||
|
id = tokenXml.GetAttribute("Id");
|
||
|
}
|
||
|
|
||
|
//This fixes the unecnrypted SAML 2.0 case. Eg: <Assertion ID="_05955298-214f-41e7-b4c3-84dbff7f01b9"
|
||
|
if (string.IsNullOrEmpty(id))
|
||
|
{
|
||
|
id = tokenXml.GetAttribute("ID");
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if ( !string.IsNullOrEmpty(id) )
|
||
|
{
|
||
|
return id;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return null;
|
||
|
}
|
||
|
|
||
|
public override bool CanCreateKeyIdentifierClause<T>()
|
||
|
{
|
||
|
if (this.internalTokenReference != null && typeof(T) == this.internalTokenReference.GetType())
|
||
|
return true;
|
||
|
|
||
|
if (this.externalTokenReference != null && typeof(T) == this.externalTokenReference.GetType())
|
||
|
return true;
|
||
|
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
public override T CreateKeyIdentifierClause<T>()
|
||
|
{
|
||
|
if (this.internalTokenReference != null && typeof(T) == this.internalTokenReference.GetType())
|
||
|
return (T)this.internalTokenReference;
|
||
|
|
||
|
if (this.externalTokenReference != null && typeof(T) == this.externalTokenReference.GetType())
|
||
|
return (T)this.externalTokenReference;
|
||
|
|
||
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.UnableToCreateTokenReference)));
|
||
|
}
|
||
|
|
||
|
public override bool MatchesKeyIdentifierClause(SecurityKeyIdentifierClause keyIdentifierClause)
|
||
|
{
|
||
|
if (this.internalTokenReference != null && this.internalTokenReference.Matches(keyIdentifierClause))
|
||
|
{
|
||
|
return true;
|
||
|
}
|
||
|
else if (this.externalTokenReference != null && this.externalTokenReference.Matches(keyIdentifierClause))
|
||
|
{
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
return false;
|
||
|
}
|
||
|
}
|
||
|
}
|