1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
|
//-----------------------------------------------------------------------
// <copyright file="Saml2Assertion.cs" company="Microsoft">
// Copyright (c) Microsoft Corporation. All rights reserved.
// </copyright>
//-----------------------------------------------------------------------
namespace System.IdentityModel.Tokens
{
using System;
using System.Collections.ObjectModel;
using System.Xml;
/// <summary>
/// Represents the Assertion element specified in [Saml2Core, 2.3.3].
/// </summary>
public class Saml2Assertion
{
private Saml2Advice advice;
private Saml2Conditions conditions;
private EncryptingCredentials encryptingCredentials;
private Collection<EncryptedKeyIdentifierClause> externalEncryptedKeys = new Collection<EncryptedKeyIdentifierClause>();
private Saml2Id id = new Saml2Id();
private DateTime issueInstant = DateTime.UtcNow;
private Saml2NameIdentifier issuer;
private SigningCredentials signingCredentials;
private XmlTokenStream sourceData;
private Collection<Saml2Statement> statements = new Collection<Saml2Statement>();
private Saml2Subject subject;
private string version = "2.0";
/// <summary>
/// Creates an instance of a Saml2Assertion.
/// </summary>
/// <param name="issuer">Issuer of the assertion.</param>
public Saml2Assertion(Saml2NameIdentifier issuer)
{
if (issuer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("issuer");
}
this.issuer = issuer;
}
/// <summary>
/// Gets or sets additional information related to the assertion that assists processing in certain
/// situations but which may be ignored by applications that do not understand the
/// advice or do not wish to make use of it. [Saml2Core, 2.3.3]
/// </summary>
public Saml2Advice Advice
{
get { return this.advice; }
set { this.advice = value; }
}
/// <summary>
/// Gets a value indicating whether this assertion was deserialized from XML source
/// and can re-emit the XML data unchanged.
/// </summary>
/// <remarks>
/// <para>
/// The default implementation preserves the source data when read using
/// Saml2AssertionSerializer.ReadAssertion and is willing to re-emit the
/// original data as long as the Id has not changed from the time that
/// assertion was read.
/// </para>
/// <para>
/// Note that it is vitally important that SAML assertions with different
/// data have different IDs. If implementing a scheme whereby an assertion
/// "template" is loaded and certain bits of data are filled in, the Id
/// must be changed.
/// </para>
/// </remarks>
/// <returns>'True' if this instance can write the source data.</returns>
public virtual bool CanWriteSourceData
{
get { return null != this.sourceData; }
}
/// <summary>
/// Gets or sets conditions that must be evaluated when assessing the validity of and/or
/// when using the assertion. [Saml2Core 2.3.3]
/// </summary>
public Saml2Conditions Conditions
{
get { return this.conditions; }
set { this.conditions = value; }
}
/// <summary>
/// Gets or sets the credentials used for encrypting the assertion. The key
/// identifier in the encrypting credentials will be used for the
/// embedded EncryptedKey in the EncryptedData element.
/// </summary>
public EncryptingCredentials EncryptingCredentials
{
get { return this.encryptingCredentials; }
set { this.encryptingCredentials = value; }
}
/// <summary>
/// Gets additional encrypted keys which will be specified external to the
/// EncryptedData element, as children of the EncryptedAssertion element.
/// </summary>
public Collection<EncryptedKeyIdentifierClause> ExternalEncryptedKeys
{
get { return this.externalEncryptedKeys; }
}
/// <summary>
/// Gets or sets the <see cref="Saml2Id"/> identifier for this assertion. [Saml2Core, 2.3.3]
/// </summary>
public Saml2Id Id
{
get
{
return this.id;
}
set
{
if (null == value)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value");
}
this.id = value;
this.sourceData = null;
}
}
/// <summary>
/// Gets or sets the time instant of issue in UTC. [Saml2Core, 2.3.3]
/// </summary>
public DateTime IssueInstant
{
get { return this.issueInstant; }
set { this.issueInstant = DateTimeUtil.ToUniversalTime(value); }
}
/// <summary>
/// Gets or sets the <see cref="Saml2NameIdentifier"/> as the authority that is making the claim(s) in the assertion. [Saml2Core, 2.3.3]
/// </summary>
public Saml2NameIdentifier Issuer
{
get
{
return this.issuer;
}
set
{
if (value == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value");
}
this.issuer = value;
}
}
/// <summary>
/// Gets or sets the <see cref="SigningCredentials"/> used by the issuer to protect the integrity of the assertion.
/// </summary>
public SigningCredentials SigningCredentials
{
get { return this.signingCredentials; }
set { this.signingCredentials = value; }
}
/// <summary>
/// Gets or sets the <see cref="Saml2Subject"/> of the statement(s) in the assertion. [Saml2Core, 2.3.3]
/// </summary>
public Saml2Subject Subject
{
get { return this.subject; }
set { this.subject = value; }
}
/// <summary>
/// Gets the <see cref="Saml2Statement"/>(s) regarding the subject.
/// </summary>
public Collection<Saml2Statement> Statements
{
get { return this.statements; }
}
/// <summary>
/// Gets the version of this assertion. [Saml2Core, 2.3.3]
/// </summary>
/// <remarks>
/// In this version of the Windows Identity Foundation, only version "2.0" is supported.
/// </remarks>
public string Version
{
get { return this.version; }
}
/// <summary>
/// Writes the source data, if available.
/// </summary>
/// <exception cref="InvalidOperationException">When no source data is available</exception>
/// <param name="writer">A <see cref="XmlWriter"/> for writting the data.</param>
public virtual void WriteSourceData(XmlWriter writer)
{
if (!this.CanWriteSourceData)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(
new InvalidOperationException(SR.GetString(SR.ID4140)));
}
// This call will properly just reuse the existing writer if it already qualifies
XmlDictionaryWriter dictionaryWriter = XmlDictionaryWriter.CreateDictionaryWriter(writer);
this.sourceData.SetElementExclusion(null, null);
this.sourceData.GetWriter().WriteTo(dictionaryWriter, new DictionaryManager());
}
/// <summary>
/// Captures the XML source data from an EnvelopedSignatureReader.
/// </summary>
/// <remarks>
/// The EnvelopedSignatureReader that was used to read the data for this
/// assertion should be passed to this method after the </Assertion>
/// element has been read. This method will preserve the raw XML data
/// that was read, including the signature, so that it may be re-emitted
/// without changes and without the need to re-sign the data. See
/// CanWriteSourceData and WriteSourceData.
/// </remarks>
/// <param name="reader"><see cref="EnvelopedSignatureReader"/> that contains the data for the assertion.</param>
internal virtual void CaptureSourceData(EnvelopedSignatureReader reader)
{
if (null == reader)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
this.sourceData = reader.XmlTokens;
}
}
}
|
