251 lines
11 KiB
C#
251 lines
11 KiB
C#
//------------------------------------------------------------
|
|
// Copyright (c) Microsoft Corporation. All rights reserved.
|
|
//------------------------------------------------------------
|
|
|
|
namespace System.IdentityModel.Tokens
|
|
{
|
|
using System;
|
|
using System.Collections.Generic;
|
|
using System.ServiceModel.Security;
|
|
using System.ServiceModel.Security.Tokens;
|
|
using System.Xml;
|
|
using KeyIdentifierClauseEntry = System.IdentityModel.Selectors.SecurityTokenSerializer.KeyIdentifierClauseEntry;
|
|
using StrEntry = System.IdentityModel.Selectors.SecurityTokenSerializer.StrEntry;
|
|
using TokenEntry = System.IdentityModel.Selectors.SecurityTokenSerializer.TokenEntry;
|
|
|
|
class WSSecurityXXX2005 : WSSecurityJan2004
|
|
{
|
|
public WSSecurityXXX2005(KeyInfoSerializer securityTokenSerializer)
|
|
: base(securityTokenSerializer)
|
|
{
|
|
}
|
|
|
|
public override void PopulateStrEntries(IList<StrEntry> strEntries)
|
|
{
|
|
PopulateJan2004StrEntries(strEntries);
|
|
strEntries.Add(new SamlDirectStrEntry());
|
|
strEntries.Add(new X509ThumbprintStrEntry(this.SecurityTokenSerializer.EmitBspRequiredAttributes));
|
|
strEntries.Add(new EncryptedKeyHashStrEntry(this.SecurityTokenSerializer.EmitBspRequiredAttributes));
|
|
}
|
|
|
|
public override void PopulateTokenEntries(IList<TokenEntry> tokenEntryList)
|
|
{
|
|
PopulateJan2004TokenEntries(tokenEntryList);
|
|
tokenEntryList.Add(new WSSecurityXXX2005.WrappedKeyTokenEntry());
|
|
tokenEntryList.Add(new WSSecurityXXX2005.SamlTokenEntry());
|
|
}
|
|
|
|
public override void PopulateKeyIdentifierClauseEntries(IList<KeyIdentifierClauseEntry> clauseEntries)
|
|
{
|
|
List<StrEntry> strEntries = new List<StrEntry>();
|
|
this.SecurityTokenSerializer.PopulateStrEntries(strEntries);
|
|
SecurityTokenReferenceXXX2005ClauseEntry strClause = new SecurityTokenReferenceXXX2005ClauseEntry(this.SecurityTokenSerializer.EmitBspRequiredAttributes, strEntries);
|
|
clauseEntries.Add(strClause);
|
|
}
|
|
|
|
new class SamlTokenEntry : WSSecurityJan2004.SamlTokenEntry
|
|
{
|
|
public override string TokenTypeUri { get { return SecurityXXX2005Strings.SamlTokenType; } }
|
|
}
|
|
|
|
new class WrappedKeyTokenEntry : WSSecurityJan2004.WrappedKeyTokenEntry
|
|
{
|
|
public override string TokenTypeUri { get { return SecurityXXX2005Strings.EncryptedKeyTokenType; } }
|
|
}
|
|
|
|
class SecurityTokenReferenceXXX2005ClauseEntry : SecurityTokenReferenceJan2004ClauseEntry
|
|
{
|
|
public SecurityTokenReferenceXXX2005ClauseEntry(bool emitBspRequiredAttributes, IList<StrEntry> strEntries)
|
|
: base(emitBspRequiredAttributes, strEntries)
|
|
{
|
|
}
|
|
|
|
protected override string ReadTokenType(XmlDictionaryReader reader)
|
|
{
|
|
return reader.GetAttribute(XD.SecurityXXX2005Dictionary.TokenTypeAttribute, XD.SecurityXXX2005Dictionary.Namespace);
|
|
}
|
|
|
|
public override void WriteKeyIdentifierClauseCore(XmlDictionaryWriter writer, SecurityKeyIdentifierClause keyIdentifierClause)
|
|
{
|
|
for (int i = 0; i < this.StrEntries.Count; ++i)
|
|
{
|
|
if (this.StrEntries[i].SupportsCore(keyIdentifierClause))
|
|
{
|
|
writer.WriteStartElement(XD.SecurityJan2004Dictionary.Prefix.Value, XD.SecurityJan2004Dictionary.SecurityTokenReference, XD.SecurityJan2004Dictionary.Namespace);
|
|
|
|
string tokenTypeUri = this.GetTokenTypeUri(this.StrEntries[i], keyIdentifierClause);
|
|
if (tokenTypeUri != null)
|
|
{
|
|
writer.WriteAttributeString(XD.SecurityXXX2005Dictionary.Prefix.Value, XD.SecurityXXX2005Dictionary.TokenTypeAttribute, XD.SecurityXXX2005Dictionary.Namespace, tokenTypeUri);
|
|
}
|
|
|
|
this.StrEntries[i].WriteContent(writer, keyIdentifierClause);
|
|
writer.WriteEndElement();
|
|
return;
|
|
}
|
|
}
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.StandardsManagerCannotWriteObject, keyIdentifierClause.GetType())));
|
|
}
|
|
|
|
private string GetTokenTypeUri(StrEntry str, SecurityKeyIdentifierClause keyIdentifierClause)
|
|
{
|
|
bool emitTokenType = this.EmitTokenType(str);
|
|
if (emitTokenType)
|
|
{
|
|
string tokenTypeUri;
|
|
if (str is LocalReferenceStrEntry)
|
|
{
|
|
tokenTypeUri = (str as LocalReferenceStrEntry).GetLocalTokenTypeUri(keyIdentifierClause);
|
|
// only emit token type for SAML,Kerberos and Encrypted References
|
|
switch (tokenTypeUri)
|
|
{
|
|
case SecurityXXX2005Strings.Saml20TokenType:
|
|
case SecurityXXX2005Strings.SamlTokenType:
|
|
case SecurityXXX2005Strings.EncryptedKeyTokenType:
|
|
case SecurityJan2004Strings.KerberosTokenTypeGSS: break;
|
|
|
|
default:
|
|
tokenTypeUri = null;
|
|
break;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
tokenTypeUri = str.GetTokenTypeUri();
|
|
}
|
|
|
|
return tokenTypeUri;
|
|
}
|
|
else
|
|
{
|
|
return null;
|
|
}
|
|
}
|
|
|
|
private bool EmitTokenType(StrEntry str)
|
|
{
|
|
bool emitTokenType = false;
|
|
// we emit tokentype always for SAML and Encrypted Key Tokens
|
|
if ((str is SamlJan2004KeyIdentifierStrEntry)
|
|
|| (str is EncryptedKeyHashStrEntry)
|
|
|| (str is SamlDirectStrEntry))
|
|
{
|
|
emitTokenType = true;
|
|
}
|
|
else if (this.EmitBspRequiredAttributes)
|
|
{
|
|
if ((str is KerberosHashStrEntry)
|
|
|| (str is LocalReferenceStrEntry))
|
|
{
|
|
emitTokenType = true;
|
|
}
|
|
}
|
|
return emitTokenType;
|
|
}
|
|
}
|
|
|
|
class EncryptedKeyHashStrEntry : WSSecurityJan2004.KeyIdentifierStrEntry
|
|
{
|
|
protected override Type ClauseType { get { return typeof(EncryptedKeyHashIdentifierClause); } }
|
|
public override Type TokenType { get { return typeof(WrappedKeySecurityToken); } }
|
|
protected override string ValueTypeUri { get { return SecurityXXX2005Strings.EncryptedKeyHashValueType; } }
|
|
|
|
public EncryptedKeyHashStrEntry(bool emitBspRequiredAttributes)
|
|
: base(emitBspRequiredAttributes)
|
|
{
|
|
}
|
|
|
|
public override bool CanReadClause(XmlDictionaryReader reader, string tokenType)
|
|
{
|
|
// Backward compatible with V1. Accept if missing.
|
|
if (tokenType != null && tokenType != SecurityXXX2005Strings.EncryptedKeyTokenType)
|
|
{
|
|
return false;
|
|
}
|
|
return base.CanReadClause(reader, tokenType);
|
|
}
|
|
|
|
protected override SecurityKeyIdentifierClause CreateClause(byte[] bytes, byte[] derivationNonce, int derivationLength)
|
|
{
|
|
return new EncryptedKeyHashIdentifierClause(bytes, true, derivationNonce, derivationLength);
|
|
}
|
|
|
|
public override string GetTokenTypeUri()
|
|
{
|
|
return SecurityXXX2005Strings.EncryptedKeyTokenType;
|
|
}
|
|
}
|
|
|
|
class X509ThumbprintStrEntry : WSSecurityJan2004.KeyIdentifierStrEntry
|
|
{
|
|
protected override Type ClauseType { get { return typeof(X509ThumbprintKeyIdentifierClause); } }
|
|
public override Type TokenType { get { return typeof(X509SecurityToken); } }
|
|
protected override string ValueTypeUri { get { return SecurityXXX2005Strings.ThumbprintSha1ValueType; } }
|
|
|
|
public X509ThumbprintStrEntry(bool emitBspRequiredAttributes)
|
|
: base(emitBspRequiredAttributes)
|
|
{
|
|
}
|
|
|
|
protected override SecurityKeyIdentifierClause CreateClause(byte[] bytes, byte[] derivationNonce, int derivationLength)
|
|
{
|
|
return new X509ThumbprintKeyIdentifierClause(bytes);
|
|
}
|
|
public override string GetTokenTypeUri()
|
|
{
|
|
return XD.SecurityXXX2005Dictionary.ThumbprintSha1ValueType.Value;
|
|
}
|
|
}
|
|
|
|
class SamlDirectStrEntry : StrEntry
|
|
{
|
|
public override bool CanReadClause(XmlDictionaryReader reader, string tokenType)
|
|
{
|
|
if (tokenType != XD.SecurityXXX2005Dictionary.Saml20TokenType.Value)
|
|
{
|
|
return false;
|
|
}
|
|
return (reader.IsStartElement(XD.SecurityJan2004Dictionary.Reference, XD.SecurityJan2004Dictionary.Namespace));
|
|
}
|
|
|
|
public override Type GetTokenType(SecurityKeyIdentifierClause clause)
|
|
{
|
|
return null;
|
|
}
|
|
|
|
public override string GetTokenTypeUri()
|
|
{
|
|
return XD.SecurityXXX2005Dictionary.Saml20TokenType.Value;
|
|
}
|
|
|
|
public override SecurityKeyIdentifierClause ReadClause(XmlDictionaryReader reader, byte[] derivationNone, int derivationLength, string tokenType)
|
|
{
|
|
string samlUri = reader.GetAttribute(XD.SecurityJan2004Dictionary.URI, null);
|
|
if (reader.IsEmptyElement)
|
|
{
|
|
reader.Read();
|
|
}
|
|
else
|
|
{
|
|
reader.ReadStartElement();
|
|
reader.ReadEndElement();
|
|
}
|
|
return new SamlAssertionDirectKeyIdentifierClause(samlUri, derivationNone, derivationLength);
|
|
}
|
|
|
|
public override bool SupportsCore(SecurityKeyIdentifierClause clause)
|
|
{
|
|
return typeof(SamlAssertionDirectKeyIdentifierClause).IsAssignableFrom(clause.GetType());
|
|
}
|
|
|
|
public override void WriteContent(XmlDictionaryWriter writer, SecurityKeyIdentifierClause clause)
|
|
{
|
|
SamlAssertionDirectKeyIdentifierClause samlClause = clause as SamlAssertionDirectKeyIdentifierClause;
|
|
writer.WriteStartElement(XD.SecurityJan2004Dictionary.Prefix.Value, XD.SecurityJan2004Dictionary.Reference, XD.SecurityJan2004Dictionary.Namespace);
|
|
writer.WriteAttributeString(XD.SecurityJan2004Dictionary.URI, null, samlClause.SamlUri);
|
|
writer.WriteEndElement();
|
|
}
|
|
}
|
|
}
|
|
}
|