861 lines
40 KiB
C#
861 lines
40 KiB
C#
//------------------------------------------------------------
|
|
// Copyright (c) Microsoft Corporation. All rights reserved.
|
|
//------------------------------------------------------------
|
|
|
|
namespace System.IdentityModel.Tokens
|
|
{
|
|
using System;
|
|
using System.Collections.Generic;
|
|
using System.Globalization;
|
|
using System.IdentityModel;
|
|
using System.IdentityModel.Selectors;
|
|
using System.ServiceModel.Security;
|
|
using System.ServiceModel.Security.Tokens;
|
|
using System.Text;
|
|
using System.Xml;
|
|
using HexBinary = System.Runtime.Remoting.Metadata.W3cXsd2001.SoapHexBinary;
|
|
using KeyIdentifierClauseEntry = System.IdentityModel.Selectors.SecurityTokenSerializer.KeyIdentifierClauseEntry;
|
|
using StrEntry = System.IdentityModel.Selectors.SecurityTokenSerializer.StrEntry;
|
|
using TokenEntry = System.IdentityModel.Selectors.SecurityTokenSerializer.TokenEntry;
|
|
|
|
class WSSecurityJan2004 : SecurityTokenSerializer.SerializerEntries
|
|
{
|
|
KeyInfoSerializer securityTokenSerializer;
|
|
|
|
public WSSecurityJan2004(KeyInfoSerializer securityTokenSerializer)
|
|
{
|
|
this.securityTokenSerializer = securityTokenSerializer;
|
|
}
|
|
|
|
public KeyInfoSerializer SecurityTokenSerializer
|
|
{
|
|
get { return this.securityTokenSerializer; }
|
|
}
|
|
|
|
public override void PopulateKeyIdentifierClauseEntries(IList<KeyIdentifierClauseEntry> clauseEntries)
|
|
{
|
|
List<StrEntry> strEntries = new List<StrEntry>();
|
|
this.securityTokenSerializer.PopulateStrEntries(strEntries);
|
|
SecurityTokenReferenceJan2004ClauseEntry strClause = new SecurityTokenReferenceJan2004ClauseEntry(this.securityTokenSerializer.EmitBspRequiredAttributes, strEntries);
|
|
clauseEntries.Add(strClause);
|
|
}
|
|
|
|
protected void PopulateJan2004StrEntries(IList<StrEntry> strEntries)
|
|
{
|
|
strEntries.Add(new LocalReferenceStrEntry(this.securityTokenSerializer.EmitBspRequiredAttributes, this.securityTokenSerializer));
|
|
strEntries.Add(new KerberosHashStrEntry(this.securityTokenSerializer.EmitBspRequiredAttributes));
|
|
strEntries.Add(new X509SkiStrEntry(this.securityTokenSerializer.EmitBspRequiredAttributes));
|
|
strEntries.Add(new X509IssuerSerialStrEntry());
|
|
strEntries.Add(new RelDirectStrEntry());
|
|
strEntries.Add(new SamlJan2004KeyIdentifierStrEntry());
|
|
strEntries.Add(new Saml2Jan2004KeyIdentifierStrEntry());
|
|
}
|
|
|
|
|
|
public override void PopulateStrEntries(IList<StrEntry> strEntries)
|
|
{
|
|
PopulateJan2004StrEntries(strEntries);
|
|
}
|
|
|
|
protected void PopulateJan2004TokenEntries(IList<TokenEntry> tokenEntryList)
|
|
{
|
|
tokenEntryList.Add(new GenericXmlTokenEntry());
|
|
tokenEntryList.Add(new UserNamePasswordTokenEntry());
|
|
tokenEntryList.Add(new KerberosTokenEntry());
|
|
tokenEntryList.Add(new X509TokenEntry());
|
|
}
|
|
|
|
public override void PopulateTokenEntries(IList<TokenEntry> tokenEntryList)
|
|
{
|
|
PopulateJan2004TokenEntries(tokenEntryList);
|
|
tokenEntryList.Add(new SamlTokenEntry());
|
|
tokenEntryList.Add(new WrappedKeyTokenEntry());
|
|
}
|
|
|
|
internal abstract class BinaryTokenEntry : TokenEntry
|
|
{
|
|
internal static readonly XmlDictionaryString ElementName = XD.SecurityJan2004Dictionary.BinarySecurityToken;
|
|
internal static readonly XmlDictionaryString EncodingTypeAttribute = XD.SecurityJan2004Dictionary.EncodingType;
|
|
internal const string EncodingTypeAttributeString = SecurityJan2004Strings.EncodingType;
|
|
internal const string EncodingTypeValueBase64Binary = SecurityJan2004Strings.EncodingTypeValueBase64Binary;
|
|
internal const string EncodingTypeValueHexBinary = SecurityJan2004Strings.EncodingTypeValueHexBinary;
|
|
internal static readonly XmlDictionaryString ValueTypeAttribute = XD.SecurityJan2004Dictionary.ValueType;
|
|
|
|
string[] valueTypeUris = null;
|
|
|
|
protected BinaryTokenEntry(string valueTypeUri)
|
|
{
|
|
this.valueTypeUris = new string[1];
|
|
this.valueTypeUris[0] = valueTypeUri;
|
|
}
|
|
|
|
protected BinaryTokenEntry(string[] valueTypeUris)
|
|
{
|
|
if (valueTypeUris == null)
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("valueTypeUris");
|
|
|
|
this.valueTypeUris = new string[valueTypeUris.GetLength(0)];
|
|
for (int i = 0; i < this.valueTypeUris.GetLength(0); ++i)
|
|
this.valueTypeUris[i] = valueTypeUris[i];
|
|
}
|
|
|
|
protected override XmlDictionaryString LocalName { get { return ElementName; } }
|
|
protected override XmlDictionaryString NamespaceUri { get { return XD.SecurityJan2004Dictionary.Namespace; } }
|
|
public override string TokenTypeUri { get { return this.valueTypeUris[0]; } }
|
|
protected override string ValueTypeUri { get { return this.valueTypeUris[0]; } }
|
|
public override bool SupportsTokenTypeUri(string tokenTypeUri)
|
|
{
|
|
for (int i = 0; i < this.valueTypeUris.GetLength(0); ++i)
|
|
{
|
|
if (this.valueTypeUris[i] == tokenTypeUri)
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
}
|
|
|
|
class GenericXmlTokenEntry : TokenEntry
|
|
{
|
|
protected override XmlDictionaryString LocalName { get { return null; } }
|
|
protected override XmlDictionaryString NamespaceUri { get { return null; } }
|
|
protected override Type[] GetTokenTypesCore() { return new Type[] { typeof(GenericXmlSecurityToken) }; }
|
|
public override string TokenTypeUri { get { return null; } }
|
|
protected override string ValueTypeUri { get { return null; } }
|
|
}
|
|
|
|
class KerberosTokenEntry : BinaryTokenEntry
|
|
{
|
|
public KerberosTokenEntry()
|
|
: base(new string[] { SecurityJan2004Strings.KerberosTokenTypeGSS, SecurityJan2004Strings.KerberosTokenType1510 })
|
|
{
|
|
}
|
|
|
|
protected override Type[] GetTokenTypesCore() { return new Type[] { typeof(KerberosReceiverSecurityToken), typeof(KerberosRequestorSecurityToken) }; }
|
|
}
|
|
|
|
protected class SamlTokenEntry : TokenEntry
|
|
{
|
|
protected override XmlDictionaryString LocalName { get { return XD.SecurityJan2004Dictionary.SamlAssertion; } }
|
|
protected override XmlDictionaryString NamespaceUri { get { return XD.SecurityJan2004Dictionary.SamlUri; } }
|
|
protected override Type[] GetTokenTypesCore() { return new Type[] { typeof(SamlSecurityToken) }; }
|
|
public override string TokenTypeUri { get { return null; } }
|
|
protected override string ValueTypeUri { get { return null; } }
|
|
}
|
|
|
|
class UserNamePasswordTokenEntry : TokenEntry
|
|
{
|
|
protected override XmlDictionaryString LocalName { get { return XD.SecurityJan2004Dictionary.UserNameTokenElement; } }
|
|
protected override XmlDictionaryString NamespaceUri { get { return XD.SecurityJan2004Dictionary.Namespace; } }
|
|
protected override Type[] GetTokenTypesCore() { return new Type[] { typeof(UserNameSecurityToken) }; }
|
|
public override string TokenTypeUri { get { return SecurityJan2004Strings.UPTokenType; } }
|
|
protected override string ValueTypeUri { get { return null; } }
|
|
|
|
}
|
|
|
|
protected class WrappedKeyTokenEntry : TokenEntry
|
|
{
|
|
protected override XmlDictionaryString LocalName { get { return EncryptedKey.ElementName; } }
|
|
protected override XmlDictionaryString NamespaceUri { get { return XD.XmlEncryptionDictionary.Namespace; } }
|
|
protected override Type[] GetTokenTypesCore() { return new Type[] { typeof(WrappedKeySecurityToken) }; }
|
|
public override string TokenTypeUri { get { return null; } }
|
|
protected override string ValueTypeUri { get { return null; } }
|
|
}
|
|
|
|
protected class X509TokenEntry : BinaryTokenEntry
|
|
{
|
|
internal const string ValueTypeAbsoluteUri = SecurityJan2004Strings.X509TokenType;
|
|
|
|
public X509TokenEntry()
|
|
: base(ValueTypeAbsoluteUri)
|
|
{
|
|
}
|
|
|
|
protected override Type[] GetTokenTypesCore() { return new Type[] { typeof(X509SecurityToken), typeof(X509WindowsSecurityToken) }; }
|
|
}
|
|
|
|
protected class SecurityTokenReferenceJan2004ClauseEntry : KeyIdentifierClauseEntry
|
|
{
|
|
const int DefaultDerivedKeyLength = 32;
|
|
|
|
bool emitBspRequiredAttributes;
|
|
IList<StrEntry> strEntries;
|
|
|
|
public SecurityTokenReferenceJan2004ClauseEntry(bool emitBspRequiredAttributes, IList<StrEntry> strEntries)
|
|
{
|
|
this.emitBspRequiredAttributes = emitBspRequiredAttributes;
|
|
this.strEntries = strEntries;
|
|
}
|
|
protected bool EmitBspRequiredAttributes
|
|
{
|
|
get
|
|
{
|
|
return this.emitBspRequiredAttributes;
|
|
}
|
|
}
|
|
protected IList<StrEntry> StrEntries
|
|
{
|
|
get
|
|
{
|
|
return this.strEntries;
|
|
}
|
|
}
|
|
|
|
protected override XmlDictionaryString LocalName
|
|
{
|
|
get
|
|
{
|
|
return XD.SecurityJan2004Dictionary.SecurityTokenReference;
|
|
}
|
|
}
|
|
|
|
protected override XmlDictionaryString NamespaceUri
|
|
{
|
|
get
|
|
{
|
|
return XD.SecurityJan2004Dictionary.Namespace;
|
|
}
|
|
}
|
|
|
|
protected virtual string ReadTokenType(XmlDictionaryReader reader)
|
|
{
|
|
return null;
|
|
}
|
|
|
|
public override SecurityKeyIdentifierClause ReadKeyIdentifierClauseCore(XmlDictionaryReader reader)
|
|
{
|
|
byte[] nonce = null;
|
|
int length = 0;
|
|
if (reader.IsStartElement(XD.SecurityJan2004Dictionary.SecurityTokenReference, NamespaceUri))
|
|
{
|
|
string nonceString = reader.GetAttribute(XD.SecureConversationFeb2005Dictionary.Nonce, XD.SecureConversationFeb2005Dictionary.Namespace);
|
|
if (nonceString != null)
|
|
{
|
|
nonce = Convert.FromBase64String(nonceString);
|
|
}
|
|
|
|
string lengthString = reader.GetAttribute(XD.SecureConversationFeb2005Dictionary.Length, XD.SecureConversationFeb2005Dictionary.Namespace);
|
|
if (lengthString != null)
|
|
{
|
|
length = Convert.ToInt32(lengthString, CultureInfo.InvariantCulture);
|
|
}
|
|
else
|
|
{
|
|
length = DefaultDerivedKeyLength;
|
|
}
|
|
}
|
|
string tokenType = ReadTokenType(reader);
|
|
string strId = reader.GetAttribute(XD.UtilityDictionary.IdAttribute, XD.UtilityDictionary.Namespace);
|
|
reader.ReadStartElement(XD.SecurityJan2004Dictionary.SecurityTokenReference, NamespaceUri);
|
|
SecurityKeyIdentifierClause clause = null;
|
|
for (int i = 0; i < this.strEntries.Count; ++i)
|
|
{
|
|
if (this.strEntries[i].CanReadClause(reader, tokenType))
|
|
{
|
|
clause = this.strEntries[i].ReadClause(reader, nonce, length, tokenType);
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (clause == null)
|
|
{
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.CannotReadKeyIdentifierClause, reader.LocalName, reader.NamespaceURI)));
|
|
}
|
|
|
|
if (!string.IsNullOrEmpty(strId))
|
|
{
|
|
clause.Id = strId;
|
|
}
|
|
|
|
reader.ReadEndElement();
|
|
return clause;
|
|
}
|
|
|
|
public override bool SupportsCore(SecurityKeyIdentifierClause keyIdentifierClause)
|
|
{
|
|
for (int i = 0; i < this.strEntries.Count; ++i)
|
|
{
|
|
if (this.strEntries[i].SupportsCore(keyIdentifierClause))
|
|
{
|
|
return true;
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
|
|
public override void WriteKeyIdentifierClauseCore(XmlDictionaryWriter writer, SecurityKeyIdentifierClause keyIdentifierClause)
|
|
{
|
|
for (int i = 0; i < this.strEntries.Count; ++i)
|
|
{
|
|
if (this.strEntries[i].SupportsCore(keyIdentifierClause))
|
|
{
|
|
writer.WriteStartElement(XD.SecurityJan2004Dictionary.Prefix.Value, XD.SecurityJan2004Dictionary.SecurityTokenReference, XD.SecurityJan2004Dictionary.Namespace);
|
|
this.strEntries[i].WriteContent(writer, keyIdentifierClause);
|
|
writer.WriteEndElement();
|
|
return;
|
|
}
|
|
}
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.StandardsManagerCannotWriteObject, keyIdentifierClause.GetType())));
|
|
}
|
|
}
|
|
|
|
protected abstract class KeyIdentifierStrEntry : StrEntry
|
|
{
|
|
bool emitBspRequiredAttributes;
|
|
|
|
protected const string EncodingTypeValueBase64Binary = SecurityJan2004Strings.EncodingTypeValueBase64Binary;
|
|
protected const string EncodingTypeValueHexBinary = SecurityJan2004Strings.EncodingTypeValueHexBinary;
|
|
protected const string EncodingTypeValueText = SecurityJan2004Strings.EncodingTypeValueText;
|
|
|
|
protected abstract Type ClauseType { get; }
|
|
protected virtual string DefaultEncodingType { get { return EncodingTypeValueBase64Binary; } }
|
|
public abstract Type TokenType { get; }
|
|
protected abstract string ValueTypeUri { get; }
|
|
protected bool EmitBspRequiredAttributes { get { return this.emitBspRequiredAttributes; } }
|
|
|
|
protected KeyIdentifierStrEntry(bool emitBspRequiredAttributes)
|
|
{
|
|
this.emitBspRequiredAttributes = emitBspRequiredAttributes;
|
|
}
|
|
|
|
public override bool CanReadClause(XmlDictionaryReader reader, string tokenType)
|
|
{
|
|
if (reader.IsStartElement(XD.SecurityJan2004Dictionary.KeyIdentifier, XD.SecurityJan2004Dictionary.Namespace))
|
|
{
|
|
string valueType = reader.GetAttribute(XD.SecurityJan2004Dictionary.ValueType, null);
|
|
return (ValueTypeUri == valueType);
|
|
}
|
|
return false;
|
|
}
|
|
|
|
protected abstract SecurityKeyIdentifierClause CreateClause(byte[] bytes, byte[] derivationNonce, int derivationLength);
|
|
|
|
public override Type GetTokenType(SecurityKeyIdentifierClause clause)
|
|
{
|
|
return this.TokenType;
|
|
}
|
|
|
|
public override SecurityKeyIdentifierClause ReadClause(XmlDictionaryReader reader, byte[] derivationNonce, int derivationLength, string tokenType)
|
|
{
|
|
string encodingType = reader.GetAttribute(XD.SecurityJan2004Dictionary.EncodingType, null);
|
|
if (encodingType == null)
|
|
{
|
|
encodingType = DefaultEncodingType;
|
|
}
|
|
|
|
reader.ReadStartElement();
|
|
|
|
byte[] bytes;
|
|
if (encodingType == EncodingTypeValueBase64Binary)
|
|
{
|
|
bytes = reader.ReadContentAsBase64();
|
|
}
|
|
else if (encodingType == EncodingTypeValueHexBinary)
|
|
{
|
|
bytes = HexBinary.Parse(reader.ReadContentAsString()).Value;
|
|
}
|
|
else if (encodingType == EncodingTypeValueText)
|
|
{
|
|
bytes = new UTF8Encoding().GetBytes(reader.ReadContentAsString());
|
|
}
|
|
else
|
|
{
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityMessageSerializationException(SR.GetString(SR.UnknownEncodingInKeyIdentifier)));
|
|
}
|
|
|
|
reader.ReadEndElement();
|
|
|
|
return CreateClause(bytes, derivationNonce, derivationLength);
|
|
}
|
|
|
|
public override bool SupportsCore(SecurityKeyIdentifierClause clause)
|
|
{
|
|
return ClauseType.IsAssignableFrom(clause.GetType());
|
|
}
|
|
|
|
public override void WriteContent(XmlDictionaryWriter writer, SecurityKeyIdentifierClause clause)
|
|
{
|
|
writer.WriteStartElement(XD.SecurityJan2004Dictionary.Prefix.Value, XD.SecurityJan2004Dictionary.KeyIdentifier, XD.SecurityJan2004Dictionary.Namespace);
|
|
writer.WriteAttributeString(XD.SecurityJan2004Dictionary.ValueType, null, ValueTypeUri);
|
|
if (this.emitBspRequiredAttributes)
|
|
{
|
|
// Emit the encodingType attribute.
|
|
writer.WriteAttributeString(XD.SecurityJan2004Dictionary.EncodingType, null, DefaultEncodingType);
|
|
}
|
|
string encoding = DefaultEncodingType;
|
|
BinaryKeyIdentifierClause binaryClause = clause as BinaryKeyIdentifierClause;
|
|
|
|
byte[] keyIdentifier = binaryClause.GetBuffer();
|
|
if (encoding == EncodingTypeValueBase64Binary)
|
|
{
|
|
writer.WriteBase64(keyIdentifier, 0, keyIdentifier.Length);
|
|
}
|
|
else if (encoding == EncodingTypeValueHexBinary)
|
|
{
|
|
writer.WriteBinHex(keyIdentifier, 0, keyIdentifier.Length);
|
|
}
|
|
else if (encoding == EncodingTypeValueText)
|
|
{
|
|
writer.WriteString(new UTF8Encoding().GetString(keyIdentifier, 0, keyIdentifier.Length));
|
|
}
|
|
writer.WriteEndElement();
|
|
}
|
|
}
|
|
|
|
protected class KerberosHashStrEntry : KeyIdentifierStrEntry
|
|
{
|
|
protected override Type ClauseType { get { return typeof(KerberosTicketHashKeyIdentifierClause); } }
|
|
public override Type TokenType { get { return typeof(KerberosRequestorSecurityToken); } }
|
|
protected override string ValueTypeUri { get { return SecurityJan2004Strings.KerberosHashValueType; } }
|
|
|
|
public KerberosHashStrEntry(bool emitBspRequiredAttributes)
|
|
: base(emitBspRequiredAttributes)
|
|
{
|
|
}
|
|
|
|
protected override SecurityKeyIdentifierClause CreateClause(byte[] bytes, byte[] derivationNonce, int derivationLength)
|
|
{
|
|
return new KerberosTicketHashKeyIdentifierClause(bytes, derivationNonce, derivationLength);
|
|
}
|
|
|
|
public override string GetTokenTypeUri()
|
|
{
|
|
return XD.SecurityJan2004Dictionary.KerberosTokenTypeGSS.Value;
|
|
}
|
|
public override void WriteContent(XmlDictionaryWriter writer, SecurityKeyIdentifierClause clause)
|
|
{
|
|
writer.WriteStartElement(XD.SecurityJan2004Dictionary.Prefix.Value, XD.SecurityJan2004Dictionary.KeyIdentifier, XD.SecurityJan2004Dictionary.Namespace);
|
|
writer.WriteAttributeString(XD.SecurityJan2004Dictionary.ValueType, null, ValueTypeUri);
|
|
KerberosTicketHashKeyIdentifierClause binaryClause = clause as KerberosTicketHashKeyIdentifierClause;
|
|
if (this.EmitBspRequiredAttributes)
|
|
{
|
|
// Emit the encodingType attribute.
|
|
writer.WriteAttributeString(XD.SecurityJan2004Dictionary.EncodingType, null, DefaultEncodingType);
|
|
}
|
|
string encoding = DefaultEncodingType;
|
|
|
|
byte[] keyIdentifier = binaryClause.GetBuffer();
|
|
if (encoding == EncodingTypeValueBase64Binary)
|
|
{
|
|
writer.WriteBase64(keyIdentifier, 0, keyIdentifier.Length);
|
|
}
|
|
else if (encoding == EncodingTypeValueHexBinary)
|
|
{
|
|
writer.WriteBinHex(keyIdentifier, 0, keyIdentifier.Length);
|
|
}
|
|
else if (encoding == EncodingTypeValueText)
|
|
{
|
|
writer.WriteString(new UTF8Encoding().GetString(keyIdentifier, 0, keyIdentifier.Length));
|
|
}
|
|
writer.WriteEndElement();
|
|
}
|
|
}
|
|
|
|
protected class X509SkiStrEntry : KeyIdentifierStrEntry
|
|
{
|
|
protected override Type ClauseType { get { return typeof(X509SubjectKeyIdentifierClause); } }
|
|
public override Type TokenType { get { return typeof(X509SecurityToken); } }
|
|
protected override string ValueTypeUri { get { return SecurityJan2004Strings.X509SKIValueType; } }
|
|
|
|
public X509SkiStrEntry(bool emitBspRequiredAttributes)
|
|
: base(emitBspRequiredAttributes)
|
|
{
|
|
}
|
|
|
|
protected override SecurityKeyIdentifierClause CreateClause(byte[] bytes, byte[] derivationNonce, int derivationLength)
|
|
{
|
|
return new X509SubjectKeyIdentifierClause(bytes);
|
|
}
|
|
public override string GetTokenTypeUri()
|
|
{
|
|
return SecurityJan2004Strings.X509TokenType;
|
|
}
|
|
}
|
|
|
|
protected class LocalReferenceStrEntry : StrEntry
|
|
{
|
|
bool emitBspRequiredAttributes;
|
|
KeyInfoSerializer tokenSerializer;
|
|
|
|
public LocalReferenceStrEntry(bool emitBspRequiredAttributes, KeyInfoSerializer tokenSerializer)
|
|
{
|
|
this.emitBspRequiredAttributes = emitBspRequiredAttributes;
|
|
this.tokenSerializer = tokenSerializer;
|
|
}
|
|
|
|
public override Type GetTokenType(SecurityKeyIdentifierClause clause)
|
|
{
|
|
LocalIdKeyIdentifierClause localClause = clause as LocalIdKeyIdentifierClause;
|
|
return localClause.OwnerType;
|
|
}
|
|
|
|
public string GetLocalTokenTypeUri(SecurityKeyIdentifierClause clause)
|
|
{
|
|
Type tokenType = GetTokenType(clause);
|
|
return this.tokenSerializer.GetTokenTypeUri(tokenType);
|
|
}
|
|
public override string GetTokenTypeUri()
|
|
{
|
|
return null;
|
|
}
|
|
|
|
public override bool CanReadClause(XmlDictionaryReader reader, string tokenType)
|
|
{
|
|
if (reader.IsStartElement(XD.SecurityJan2004Dictionary.Reference, XD.SecurityJan2004Dictionary.Namespace))
|
|
{
|
|
string uri = reader.GetAttribute(XD.SecurityJan2004Dictionary.URI, null);
|
|
if (uri != null && uri.Length > 0 && uri[0] == '#')
|
|
{
|
|
return true;
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
|
|
public override SecurityKeyIdentifierClause ReadClause(XmlDictionaryReader reader, byte[] derivationNonce, int derivationLength, string tokenType)
|
|
{
|
|
string uri = reader.GetAttribute(XD.SecurityJan2004Dictionary.URI, null);
|
|
string tokenTypeUri = reader.GetAttribute(XD.SecurityJan2004Dictionary.ValueType, null);
|
|
Type[] tokenTypes = null;
|
|
if (tokenTypeUri != null)
|
|
{
|
|
tokenTypes = this.tokenSerializer.GetTokenTypes(tokenTypeUri);
|
|
}
|
|
SecurityKeyIdentifierClause clause = new LocalIdKeyIdentifierClause(uri.Substring(1), derivationNonce, derivationLength, tokenTypes);
|
|
if (reader.IsEmptyElement)
|
|
{
|
|
reader.Read();
|
|
}
|
|
else
|
|
{
|
|
reader.ReadStartElement();
|
|
reader.ReadEndElement();
|
|
}
|
|
return clause;
|
|
}
|
|
|
|
public override bool SupportsCore(SecurityKeyIdentifierClause clause)
|
|
{
|
|
return clause is LocalIdKeyIdentifierClause;
|
|
}
|
|
|
|
public override void WriteContent(XmlDictionaryWriter writer, SecurityKeyIdentifierClause clause)
|
|
{
|
|
LocalIdKeyIdentifierClause localIdClause = clause as LocalIdKeyIdentifierClause;
|
|
writer.WriteStartElement(XD.SecurityJan2004Dictionary.Prefix.Value, XD.SecurityJan2004Dictionary.Reference, XD.SecurityJan2004Dictionary.Namespace);
|
|
if (this.emitBspRequiredAttributes)
|
|
{
|
|
string tokenTypeUri = GetLocalTokenTypeUri(localIdClause);
|
|
if (tokenTypeUri != null)
|
|
{
|
|
writer.WriteAttributeString(XD.SecurityJan2004Dictionary.ValueType, null, tokenTypeUri);
|
|
}
|
|
}
|
|
writer.WriteAttributeString(XD.SecurityJan2004Dictionary.URI, null, "#" + localIdClause.LocalId);
|
|
writer.WriteEndElement();
|
|
}
|
|
}
|
|
|
|
protected class SamlJan2004KeyIdentifierStrEntry : StrEntry
|
|
{
|
|
protected virtual bool IsMatchingValueType(string valueType)
|
|
{
|
|
return (valueType == SecurityJan2004Strings.SamlAssertionIdValueType);
|
|
}
|
|
|
|
public override bool CanReadClause(XmlDictionaryReader reader, string tokenType)
|
|
{
|
|
if (reader.IsStartElement(XD.SamlDictionary.AuthorityBinding, XD.SecurityJan2004Dictionary.SamlUri))
|
|
{
|
|
return true;
|
|
}
|
|
else if (reader.IsStartElement(XD.SecurityJan2004Dictionary.KeyIdentifier, XD.SecurityJan2004Dictionary.Namespace))
|
|
{
|
|
string valueType = reader.GetAttribute(XD.SecurityJan2004Dictionary.ValueType, null);
|
|
return IsMatchingValueType(valueType);
|
|
}
|
|
return false;
|
|
}
|
|
|
|
public override Type GetTokenType(SecurityKeyIdentifierClause clause)
|
|
{
|
|
return typeof(SamlSecurityToken);
|
|
}
|
|
|
|
public override string GetTokenTypeUri()
|
|
{
|
|
return XD.SecurityXXX2005Dictionary.SamlTokenType.Value;
|
|
}
|
|
|
|
public override SecurityKeyIdentifierClause ReadClause(XmlDictionaryReader reader, byte[] derivationNone, int derivationLength, string tokenType)
|
|
{
|
|
bool readAuthorityBinding = false;
|
|
bool readKeyIdentifier = false;
|
|
string id = null;
|
|
string valueType = null;
|
|
string binding = null;
|
|
string location = null;
|
|
string authorityKind = null;
|
|
while (reader.IsStartElement())
|
|
{
|
|
if (reader.IsStartElement(XD.SamlDictionary.AuthorityBinding, XD.SecurityJan2004Dictionary.SamlUri))
|
|
{
|
|
if (readAuthorityBinding)
|
|
{
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.MultipleSamlAuthorityBindingsInReference)));
|
|
}
|
|
readAuthorityBinding = true;
|
|
binding = reader.GetAttribute(XD.SamlDictionary.Binding, null);
|
|
if (string.IsNullOrEmpty(binding))
|
|
{
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.RequiredAttributeMissing, XD.SamlDictionary.Binding.Value, XD.SamlDictionary.AuthorityBinding.Value)));
|
|
}
|
|
location = reader.GetAttribute(XD.SamlDictionary.Location, null);
|
|
if (string.IsNullOrEmpty(location))
|
|
{
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.RequiredAttributeMissing, XD.SamlDictionary.Location.Value, XD.SamlDictionary.AuthorityBinding.Value)));
|
|
}
|
|
authorityKind = reader.GetAttribute(XD.SamlDictionary.AuthorityKind, null);
|
|
if (string.IsNullOrEmpty(authorityKind))
|
|
{
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.RequiredAttributeMissing, XD.SamlDictionary.AuthorityKind.Value, XD.SamlDictionary.AuthorityBinding.Value)));
|
|
}
|
|
if (reader.IsEmptyElement)
|
|
{
|
|
reader.Read();
|
|
}
|
|
else
|
|
{
|
|
reader.ReadStartElement();
|
|
reader.ReadEndElement();
|
|
}
|
|
}
|
|
else if (reader.IsStartElement(XD.SecurityJan2004Dictionary.KeyIdentifier, XD.SecurityJan2004Dictionary.Namespace))
|
|
{
|
|
if (readKeyIdentifier)
|
|
{
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.MultipleKeyIdentifiersInReference)));
|
|
}
|
|
readKeyIdentifier = true;
|
|
valueType = reader.GetAttribute(XD.SecurityJan2004Dictionary.ValueType, null);
|
|
id = reader.ReadElementContentAsString();
|
|
}
|
|
else
|
|
{
|
|
break;
|
|
}
|
|
}
|
|
if (!readKeyIdentifier)
|
|
{
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.DidNotFindKeyIdentifierInReference)));
|
|
}
|
|
return new SamlAssertionKeyIdentifierClause(id, derivationNone, derivationLength, valueType, tokenType, binding, location, authorityKind);
|
|
}
|
|
|
|
public override bool SupportsCore(SecurityKeyIdentifierClause clause)
|
|
{
|
|
|
|
if (typeof(SamlAssertionKeyIdentifierClause).IsAssignableFrom(clause.GetType()))
|
|
{
|
|
SamlAssertionKeyIdentifierClause samlclause = clause as SamlAssertionKeyIdentifierClause;
|
|
if ((samlclause.TokenTypeUri == null) || (samlclause.TokenTypeUri == this.GetTokenTypeUri()))
|
|
{
|
|
return true;
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
|
|
public override void WriteContent(XmlDictionaryWriter writer, SecurityKeyIdentifierClause clause)
|
|
{
|
|
SamlAssertionKeyIdentifierClause samlClause = clause as SamlAssertionKeyIdentifierClause;
|
|
if (!string.IsNullOrEmpty(samlClause.Binding) || !string.IsNullOrEmpty(samlClause.Location) || !string.IsNullOrEmpty(samlClause.AuthorityKind))
|
|
{
|
|
writer.WriteStartElement(XD.SamlDictionary.PreferredPrefix.Value, XD.SamlDictionary.AuthorityBinding, XD.SecurityJan2004Dictionary.SamlUri);
|
|
if (!string.IsNullOrEmpty(samlClause.Binding))
|
|
{
|
|
writer.WriteAttributeString(XD.SamlDictionary.Binding, null, samlClause.Binding);
|
|
}
|
|
if (!string.IsNullOrEmpty(samlClause.Location))
|
|
{
|
|
writer.WriteAttributeString(XD.SamlDictionary.Location, null, samlClause.Location);
|
|
}
|
|
if (!string.IsNullOrEmpty(samlClause.AuthorityKind))
|
|
{
|
|
writer.WriteAttributeString(XD.SamlDictionary.AuthorityKind, null, samlClause.AuthorityKind);
|
|
}
|
|
writer.WriteEndElement();
|
|
}
|
|
writer.WriteStartElement(XD.SecurityJan2004Dictionary.Prefix.Value, XD.SecurityJan2004Dictionary.KeyIdentifier, XD.SecurityJan2004Dictionary.Namespace);
|
|
string valueType = string.IsNullOrEmpty(samlClause.ValueType) ? XD.SecurityJan2004Dictionary.SamlAssertionIdValueType.Value : samlClause.ValueType;
|
|
writer.WriteAttributeString(XD.SecurityJan2004Dictionary.ValueType, null, valueType);
|
|
writer.WriteString(samlClause.AssertionId);
|
|
writer.WriteEndElement();
|
|
}
|
|
}
|
|
|
|
class Saml2Jan2004KeyIdentifierStrEntry : SamlJan2004KeyIdentifierStrEntry
|
|
{
|
|
// handles SAML2.0
|
|
protected override bool IsMatchingValueType(string valueType)
|
|
{
|
|
return (valueType == XD.SecurityXXX2005Dictionary.Saml11AssertionValueType.Value);
|
|
}
|
|
|
|
public override string GetTokenTypeUri()
|
|
{
|
|
return XD.SecurityXXX2005Dictionary.Saml20TokenType.Value;
|
|
}
|
|
}
|
|
|
|
protected class RelDirectStrEntry : StrEntry
|
|
{
|
|
public override bool CanReadClause(XmlDictionaryReader reader, string tokenType)
|
|
{
|
|
if (reader.IsStartElement(XD.SecurityJan2004Dictionary.Reference, XD.SecurityJan2004Dictionary.Namespace))
|
|
{
|
|
string valueType = reader.GetAttribute(XD.SecurityJan2004Dictionary.ValueType, null);
|
|
return (valueType == SecurityJan2004Strings.RelAssertionValueType);
|
|
}
|
|
return false;
|
|
}
|
|
|
|
public override Type GetTokenType(SecurityKeyIdentifierClause clause)
|
|
{
|
|
return null;
|
|
}
|
|
public override string GetTokenTypeUri()
|
|
{
|
|
return XD.SecurityJan2004Dictionary.RelAssertionValueType.Value;
|
|
}
|
|
|
|
public override SecurityKeyIdentifierClause ReadClause(XmlDictionaryReader reader, byte[] derivationNone, int derivationLength, string tokenType)
|
|
{
|
|
string assertionId = reader.GetAttribute(XD.SecurityJan2004Dictionary.URI, null);
|
|
if (reader.IsEmptyElement)
|
|
{
|
|
reader.Read();
|
|
}
|
|
else
|
|
{
|
|
reader.ReadStartElement();
|
|
reader.ReadEndElement();
|
|
}
|
|
return new RelAssertionDirectKeyIdentifierClause(assertionId, derivationNone, derivationLength);
|
|
}
|
|
|
|
public override bool SupportsCore(SecurityKeyIdentifierClause clause)
|
|
{
|
|
return typeof(RelAssertionDirectKeyIdentifierClause).IsAssignableFrom(clause.GetType());
|
|
}
|
|
|
|
public override void WriteContent(XmlDictionaryWriter writer, SecurityKeyIdentifierClause clause)
|
|
{
|
|
RelAssertionDirectKeyIdentifierClause relClause = clause as RelAssertionDirectKeyIdentifierClause;
|
|
writer.WriteStartElement(XD.SecurityJan2004Dictionary.Prefix.Value, XD.SecurityJan2004Dictionary.Reference, XD.SecurityJan2004Dictionary.Namespace);
|
|
writer.WriteAttributeString(XD.SecurityJan2004Dictionary.ValueType, null, SecurityJan2004Strings.RelAssertionValueType);
|
|
writer.WriteAttributeString(XD.SecurityJan2004Dictionary.URI, null, relClause.AssertionId);
|
|
writer.WriteEndElement();
|
|
}
|
|
}
|
|
|
|
protected class X509IssuerSerialStrEntry : StrEntry
|
|
{
|
|
public override Type GetTokenType(SecurityKeyIdentifierClause clause)
|
|
{
|
|
return typeof(X509SecurityToken);
|
|
}
|
|
|
|
public override bool CanReadClause(XmlDictionaryReader reader, string tokenType)
|
|
{
|
|
return reader.IsStartElement(XD.XmlSignatureDictionary.X509Data, XD.XmlSignatureDictionary.Namespace);
|
|
}
|
|
public override string GetTokenTypeUri()
|
|
{
|
|
return SecurityJan2004Strings.X509TokenType;
|
|
}
|
|
|
|
public override SecurityKeyIdentifierClause ReadClause(XmlDictionaryReader reader, byte[] derivationNonce, int derivationLength, string tokenType)
|
|
{
|
|
reader.ReadStartElement(XD.XmlSignatureDictionary.X509Data, XD.XmlSignatureDictionary.Namespace);
|
|
reader.ReadStartElement(XD.XmlSignatureDictionary.X509IssuerSerial, XD.XmlSignatureDictionary.Namespace);
|
|
reader.ReadStartElement(XD.XmlSignatureDictionary.X509IssuerName, XD.XmlSignatureDictionary.Namespace);
|
|
string issuerName = reader.ReadContentAsString();
|
|
reader.ReadEndElement();
|
|
reader.ReadStartElement(XD.XmlSignatureDictionary.X509SerialNumber, XD.XmlSignatureDictionary.Namespace);
|
|
string serialNumber = reader.ReadContentAsString();
|
|
reader.ReadEndElement();
|
|
reader.ReadEndElement();
|
|
reader.ReadEndElement();
|
|
|
|
return new X509IssuerSerialKeyIdentifierClause(issuerName, serialNumber);
|
|
}
|
|
|
|
public override bool SupportsCore(SecurityKeyIdentifierClause clause)
|
|
{
|
|
return clause is X509IssuerSerialKeyIdentifierClause;
|
|
}
|
|
|
|
public override void WriteContent(XmlDictionaryWriter writer, SecurityKeyIdentifierClause clause)
|
|
{
|
|
X509IssuerSerialKeyIdentifierClause issuerClause = clause as X509IssuerSerialKeyIdentifierClause;
|
|
writer.WriteStartElement(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509Data, XD.XmlSignatureDictionary.Namespace);
|
|
writer.WriteStartElement(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509IssuerSerial, XD.XmlSignatureDictionary.Namespace);
|
|
writer.WriteElementString(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509IssuerName, XD.XmlSignatureDictionary.Namespace, issuerClause.IssuerName);
|
|
writer.WriteElementString(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509SerialNumber, XD.XmlSignatureDictionary.Namespace, issuerClause.IssuerSerialNumber);
|
|
writer.WriteEndElement();
|
|
writer.WriteEndElement();
|
|
}
|
|
}
|
|
|
|
public class IdManager : SignatureTargetIdManager
|
|
{
|
|
internal static readonly XmlDictionaryString ElementName = XD.XmlEncryptionDictionary.EncryptedData;
|
|
|
|
static readonly IdManager instance = new IdManager();
|
|
|
|
IdManager()
|
|
{
|
|
}
|
|
|
|
public override string DefaultIdNamespacePrefix
|
|
{
|
|
get { return UtilityStrings.Prefix; }
|
|
}
|
|
|
|
public override string DefaultIdNamespaceUri
|
|
{
|
|
get { return UtilityStrings.Namespace; }
|
|
}
|
|
|
|
internal static IdManager Instance
|
|
{
|
|
get { return instance; }
|
|
}
|
|
|
|
public override string ExtractId(XmlDictionaryReader reader)
|
|
{
|
|
if (reader == null)
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
|
|
|
|
if (reader.IsStartElement(ElementName, XD.XmlEncryptionDictionary.Namespace))
|
|
{
|
|
return reader.GetAttribute(XD.XmlEncryptionDictionary.Id, null);
|
|
}
|
|
else
|
|
{
|
|
return reader.GetAttribute(XD.UtilityDictionary.IdAttribute, XD.UtilityDictionary.Namespace);
|
|
}
|
|
}
|
|
|
|
public override void WriteIdAttribute(XmlDictionaryWriter writer, string id)
|
|
{
|
|
if (writer == null)
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer");
|
|
|
|
writer.WriteAttributeString(XD.UtilityDictionary.Prefix.Value, XD.UtilityDictionary.IdAttribute, XD.UtilityDictionary.Namespace, id);
|
|
}
|
|
}
|
|
}
|
|
}
|