//-----------------------------------------------------------------------
// <copyright file="X509DataSecurityKeyIdentifierClauseSerializer.cs" company="Microsoft">
// Copyright (c) Microsoft Corporation. All rights reserved.
// </copyright>
//-----------------------------------------------------------------------
namespace System.IdentityModel.Tokens
{
using System.Collections.Generic;
using System.Xml;
/// <summary>
/// Implementation of SecurityKeyIdentifierClauseSerializer that handles X.509 Certificate
/// reference types.
/// </summary>
public class X509DataSecurityKeyIdentifierClauseSerializer : SecurityKeyIdentifierClauseSerializer
{
/// <summary>
/// Checks if the given reader is referring to a <ds:X509Data> element.
/// </summary>
/// <param name="reader">XmlReader positioned at the SecurityKeyIdentifierClause. </param>
/// <returns>True if the XmlReader is referring to a <ds:X509Data> element.</returns>
/// <exception cref="ArgumentNullException">The input parameter 'reader' is null.</exception>
public override bool CanReadKeyIdentifierClause(XmlReader reader)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
return reader.IsStartElement(XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace);
}
/// <summary>
/// Checks if the given SecurityKeyIdentifierClause can be serialized. The
/// supported SecurityKeyIdentifierClause are,
/// 1. <see cref="System.IdentityModel.Tokens.X509IssuerSerialKeyIdentifierClause"/>
/// 2. <see cref="System.IdentityModel.Tokens.X509RawDataKeyIdentifierClause"/>
/// 3. <see cref="System.IdentityModel.Tokens.X509SubjectKeyIdentifierClause"/>
/// </summary>
/// <param name="securityKeyIdentifierClause">SecurityKeyIdentifierClause to be serialized.</param>
/// <returns>True if the 'securityKeyIdentifierClause' is supported.</returns>
/// <exception cref="ArgumentNullException">The parameter 'securityKeyIdentifierClause' is null.</exception>
public override bool CanWriteKeyIdentifierClause(SecurityKeyIdentifierClause securityKeyIdentifierClause)
{
if (securityKeyIdentifierClause == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityKeyIdentifierClause");
}
return securityKeyIdentifierClause is X509IssuerSerialKeyIdentifierClause ||
securityKeyIdentifierClause is X509RawDataKeyIdentifierClause ||
securityKeyIdentifierClause is X509SubjectKeyIdentifierClause;
}
/// <summary>
/// Deserializes a SecurityKeyIdentifierClause from a given XmlReader.
/// </summary>
/// <param name="reader">XmlReader that references a SecurityKeyIdentifierClause.</param>
/// <returns>Instance of SecurityKeyIdentifierClause</returns>
/// <exception cref="ArgumentNullException">The input parameter 'reader' is null.</exception>
/// <exception cref="InvalidOperationException">The XmlReader is not positioned at a valid X.509 SecurityTokenReference.</exception>
public override SecurityKeyIdentifierClause ReadKeyIdentifierClause(XmlReader reader)
{
if (!this.CanReadKeyIdentifierClause(reader))
{
throw DiagnosticUtility.ThrowHelperInvalidOperation(
SR.GetString(SR.ID3032, reader.LocalName, reader.NamespaceURI, XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace));
}
XmlDictionaryReader dictionaryReader = XmlDictionaryReader.CreateDictionaryReader(reader);
// Read the starting <X509Data> element.
dictionaryReader.ReadStartElement(XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace);
List<SecurityKeyIdentifierClause> clauses = new List<SecurityKeyIdentifierClause>();
while (dictionaryReader.IsStartElement())
{
if (dictionaryReader.IsStartElement(XmlSignatureConstants.Elements.X509IssuerSerial, XmlSignatureConstants.Namespace))
{
clauses.Add(CreateIssuerSerialKeyIdentifierClause(dictionaryReader));
}
else if (dictionaryReader.IsStartElement(XmlSignatureConstants.Elements.X509SKI, XmlSignatureConstants.Namespace))
{
clauses.Add(CreateSubjectKeyIdentifierClause(dictionaryReader));
}
else if (dictionaryReader.IsStartElement(XmlSignatureConstants.Elements.X509Certificate, XmlSignatureConstants.Namespace))
{
clauses.Add(CreateRawDataKeyIdentifierClause(dictionaryReader));
}
else
{
// Skip the element since it is not one of <X509IssuerSerial>, <X509SKI> and <X509Certificate>
dictionaryReader.Skip();
}
}
// Read the ending </X509Data> element.
dictionaryReader.ReadEndElement();
// Return the first identified clause or null if none is identified
return clauses.Count > 0 ? clauses[0] : null;
}
/// <summary>
/// Serialize a SecurityKeyIdentifierClause to the given XmlWriter.
/// </summary>
/// <param name="writer">XmlWriter to which the SecurityKeyIdentifierClause is serialized.</param>
/// <param name="securityKeyIdentifierClause">SecurityKeyIdentifierClause to serialize.</param>
/// <exception cref="ArgumentNullException">The input parameter 'reader' or 'securityKeyIdentifierClause' is null.</exception>
/// <exception cref="ArgumentException">The parameter 'securityKeyIdentifierClause' is not a supported clause type.</exception>
public override void WriteKeyIdentifierClause(XmlWriter writer, SecurityKeyIdentifierClause securityKeyIdentifierClause)
{
if (writer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer");
}
if (securityKeyIdentifierClause == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityKeyIdentifierClause");
}
X509IssuerSerialKeyIdentifierClause issuerSerialClause = securityKeyIdentifierClause as X509IssuerSerialKeyIdentifierClause;
if (issuerSerialClause != null)
{
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace);
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509IssuerSerial, XmlSignatureConstants.Namespace);
writer.WriteElementString(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509IssuerName, XmlSignatureConstants.Namespace, issuerSerialClause.IssuerName);
writer.WriteElementString(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509SerialNumber, XmlSignatureConstants.Namespace, issuerSerialClause.IssuerSerialNumber);
writer.WriteEndElement();
writer.WriteEndElement();
return;
}
X509SubjectKeyIdentifierClause skiClause = securityKeyIdentifierClause as X509SubjectKeyIdentifierClause;
if (skiClause != null)
{
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace);
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509SKI, XmlSignatureConstants.Namespace);
byte[] ski = skiClause.GetX509SubjectKeyIdentifier();
writer.WriteBase64(ski, 0, ski.Length);
writer.WriteEndElement();
writer.WriteEndElement();
return;
}
#if INCLUDE_CERT_CHAIN
X509ChainRawDataKeyIdentifierClause x509ChainDataClause = securityKeyIdentifierClause as X509ChainRawDataKeyIdentifierClause;
if ( x509ChainDataClause != null )
{
writer.WriteStartElement( XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace );
for( int i = 0; i < x509ChainDataClause.CertificateCount; i++ )
{
writer.WriteStartElement( XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Certificate, XmlSignatureConstants.Namespace );
byte[] rawData = x509ChainDataClause.GetX509RawData( i );
writer.WriteBase64( rawData, 0, rawData.Length );
writer.WriteEndElement();
}
writer.WriteEndElement();
return;
}
#endif
X509RawDataKeyIdentifierClause rawDataClause = securityKeyIdentifierClause as X509RawDataKeyIdentifierClause;
if (rawDataClause != null)
{
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace);
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Certificate, XmlSignatureConstants.Namespace);
byte[] rawData = rawDataClause.GetX509RawData();
writer.WriteBase64(rawData, 0, rawData.Length);
writer.WriteEndElement();
writer.WriteEndElement();
return;
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("securityKeyIdentifierClause", SR.GetString(SR.ID4259, securityKeyIdentifierClause.GetType()));
}
/// <summary>
/// Parses the "X509IssuerSerial" element and generates a corresponding <see cref="X509IssuerSerialKeyIdentifierClause"/> instance.
/// </summary>
/// <param name="dictionaryReader">The <see cref="XmlDictionaryReader"/> currently positioning on the "X509IssuerSerial" element. </param>
/// <returns>An instance of <see cref="X509IssuerSerialKeyIdentifierClause"/> created from the "X509IssuerSerial" element.</returns>
private static SecurityKeyIdentifierClause CreateIssuerSerialKeyIdentifierClause(XmlDictionaryReader dictionaryReader)
{
dictionaryReader.ReadStartElement(XmlSignatureConstants.Elements.X509IssuerSerial, XmlSignatureConstants.Namespace);
if (!dictionaryReader.IsStartElement(XmlSignatureConstants.Elements.X509IssuerName, XmlSignatureConstants.Namespace))
{
throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID3032, dictionaryReader.LocalName, dictionaryReader.NamespaceURI, XmlSignatureConstants.Elements.X509IssuerName, XmlSignatureConstants.Namespace));
}
string issuerName = dictionaryReader.ReadElementContentAsString(XmlSignatureConstants.Elements.X509IssuerName, XmlSignatureConstants.Namespace);
if (!dictionaryReader.IsStartElement(XmlSignatureConstants.Elements.X509SerialNumber, XmlSignatureConstants.Namespace))
{
throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID3032, dictionaryReader.LocalName, dictionaryReader.NamespaceURI, XmlSignatureConstants.Elements.X509SerialNumber, XmlSignatureConstants.Namespace));
}
string serialNumber = dictionaryReader.ReadElementContentAsString(XmlSignatureConstants.Elements.X509SerialNumber, XmlSignatureConstants.Namespace);
dictionaryReader.ReadEndElement(); // Reade the ending </X509IssuerSerial> element.
return new X509IssuerSerialKeyIdentifierClause(issuerName, serialNumber);
}
/// <summary>
/// Parses the "X509SKI" element and generates a corresponding <see cref="SecurityKeyIdentifierClause"/> instance.
/// </summary>
/// <param name="dictionaryReader">The <see cref="XmlDictionaryReader"/> currently positioning on the "X509SKI" element. </param>
/// <returns>An instance of <see cref="X509SubjectKeyIdentifierClause"/> created from the "X509SKI" element.</returns>
private static SecurityKeyIdentifierClause CreateSubjectKeyIdentifierClause(XmlDictionaryReader dictionaryReader)
{
byte[] ski = dictionaryReader.ReadElementContentAsBase64();
if ((ski == null) || (ski.Length == 0))
{
throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID4258, XmlSignatureConstants.Elements.X509SKI, XmlSignatureConstants.Namespace));
}
return new X509SubjectKeyIdentifierClause(ski);
}
/// <summary>
/// Parses the "X509Certificate" element and generates a corresponding <see cref="X509RawDataKeyIdentifierClause"/> instance.
/// </summary>
/// <param name="dictionaryReader">The <see cref="XmlDictionaryReader"/> currently positioning on the "X509Certificate" element. </param>
/// <returns>An instance of <see cref="X509RawDataKeyIdentifierClause"/> created from the "X509Certificate" element.</returns>
private static SecurityKeyIdentifierClause CreateRawDataKeyIdentifierClause(XmlDictionaryReader dictionaryReader)
{
#if INCLUDE_CERT_CHAIN
List<byte[]> rawDatas = new List<byte[]>();
while (dictionaryReader.IsStartElement(XmlSignatureConstants.Elements.X509Certificate, XmlSignatureConstants.Namespace))
{
byte[] rawBuffer = dictionaryReader.ReadElementContentAsBase64();
if (rawBuffer == null || rawBuffer.Length == 0)
{
throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID4258, XmlSignatureConstants.Elements.X509Certificate, XmlSignatureConstants.Namespace));
}
rawDatas.Add(rawBuffer);
}
if (rawDatas.Count > 1)
{
return new X509ChainRawDataKeyIdentifierClause(rawDatas);
}
else
{
return new X509RawDataKeyIdentifierClause(rawDatas[0]);
}
#else
byte[] rawData = null;
while (dictionaryReader.IsStartElement(XmlSignatureConstants.Elements.X509Certificate, XmlSignatureConstants.Namespace))
{
if (rawData == null)
{
rawData = dictionaryReader.ReadElementContentAsBase64();
if ((rawData == null) || (rawData.Length == 0))
{
throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID4258, XmlSignatureConstants.Elements.X509Certificate, XmlSignatureConstants.Namespace));
}
}
else
{
// We do not support reading intermediary certs.
dictionaryReader.Skip();
}
}
return new X509RawDataKeyIdentifierClause(rawData);
#endif
}
}
}