//------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //------------------------------------------------------------ namespace System.IdentityModel.Tokens { using System; using System.Collections.ObjectModel; using System.Globalization; using System.IO; using System.IdentityModel.Claims; using System.IdentityModel.Policy; using System.Security.Cryptography; using System.Security.Principal; using System.Xml; using System.Runtime.Serialization; using System.Collections.Generic; public class GenericXmlSecurityToken : SecurityToken { const int SupportedPersistanceVersion = 1; string id; SecurityToken proofToken; SecurityKeyIdentifierClause internalTokenReference; SecurityKeyIdentifierClause externalTokenReference; XmlElement tokenXml; ReadOnlyCollection authorizationPolicies; DateTime effectiveTime; DateTime expirationTime; public GenericXmlSecurityToken( XmlElement tokenXml, SecurityToken proofToken, DateTime effectiveTime, DateTime expirationTime, SecurityKeyIdentifierClause internalTokenReference, SecurityKeyIdentifierClause externalTokenReference, ReadOnlyCollection authorizationPolicies ) { if (tokenXml == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenXml"); } this.id = GetId(tokenXml); this.tokenXml = tokenXml; this.proofToken = proofToken; this.effectiveTime = effectiveTime.ToUniversalTime(); this.expirationTime = expirationTime.ToUniversalTime(); this.internalTokenReference = internalTokenReference; this.externalTokenReference = externalTokenReference; this.authorizationPolicies = authorizationPolicies ?? EmptyReadOnlyCollection.Instance; } public override string Id { get { return this.id; } } public override DateTime ValidFrom { get { return this.effectiveTime; } } public override DateTime ValidTo { get { return this.expirationTime; } } public SecurityKeyIdentifierClause InternalTokenReference { get { return this.internalTokenReference; } } public SecurityKeyIdentifierClause ExternalTokenReference { get { return this.externalTokenReference; } } public XmlElement TokenXml { get { return this.tokenXml; } } public SecurityToken ProofToken { get { return this.proofToken; } } public ReadOnlyCollection AuthorizationPolicies { get { return this.authorizationPolicies; } } public override ReadOnlyCollection SecurityKeys { get { if (this.proofToken != null) return this.proofToken.SecurityKeys; else return EmptyReadOnlyCollection.Instance; } } public override string ToString() { StringWriter writer = new StringWriter(CultureInfo.InvariantCulture); writer.WriteLine("Generic XML token:"); writer.WriteLine(" validFrom: {0}", this.ValidFrom); writer.WriteLine(" validTo: {0}", this.ValidTo); if (this.internalTokenReference != null) writer.WriteLine(" InternalTokenReference: {0}", this.internalTokenReference); if (this.externalTokenReference != null) writer.WriteLine(" ExternalTokenReference: {0}", this.externalTokenReference); writer.WriteLine(" Token Element: ({0}, {1})", this.tokenXml.LocalName, this.tokenXml.NamespaceURI); return writer.ToString(); } static string GetId(XmlElement tokenXml) { if (tokenXml != null) { string id = tokenXml.GetAttribute(UtilityStrings.IdAttribute, UtilityStrings.Namespace); if ( string.IsNullOrEmpty( id ) ) { // special case SAML 1.1 as this is the only possible ID as // spec is closed. SAML 2.0 is xs:ID id = tokenXml.GetAttribute("AssertionID"); // if we are still null, "Id" if ( string.IsNullOrEmpty( id ) ) { id = tokenXml.GetAttribute("Id"); } //This fixes the unecnrypted SAML 2.0 case. Eg: () { if (this.internalTokenReference != null && typeof(T) == this.internalTokenReference.GetType()) return true; if (this.externalTokenReference != null && typeof(T) == this.externalTokenReference.GetType()) return true; return false; } public override T CreateKeyIdentifierClause() { if (this.internalTokenReference != null && typeof(T) == this.internalTokenReference.GetType()) return (T)this.internalTokenReference; if (this.externalTokenReference != null && typeof(T) == this.externalTokenReference.GetType()) return (T)this.externalTokenReference; throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.UnableToCreateTokenReference))); } public override bool MatchesKeyIdentifierClause(SecurityKeyIdentifierClause keyIdentifierClause) { if (this.internalTokenReference != null && this.internalTokenReference.Matches(keyIdentifierClause)) { return true; } else if (this.externalTokenReference != null && this.externalTokenReference.Matches(keyIdentifierClause)) { return true; } return false; } } }