-
Notifications
You must be signed in to change notification settings - Fork 471
Expand file tree
/
Copy pathValidators.TokenReplay.cs
More file actions
94 lines (86 loc) · 5.07 KB
/
Copy pathValidators.TokenReplay.cs
File metadata and controls
94 lines (86 loc) · 5.07 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.
using System;
namespace Microsoft.IdentityModel.Tokens
{
/// <summary>
/// Definition for delegate that will validate that a <see cref="SecurityToken"/> has not been replayed.
/// </summary>
/// <param name="expirationTime">When does the <see cref="SecurityToken"/> expire..</param>
/// <param name="securityToken">The security token that is being validated.</param>
/// <param name="validationParameters">The <see cref="ValidationParameters"/> to be used for validating the token.</param>
/// <param name="callContext"></param>
/// <returns>A <see cref="ValidationResult{TResult}"/>that contains the results of validating the token.</returns>
/// <remarks>This delegate is not expected to throw.</remarks>
internal delegate ValidationResult<DateTime?> TokenReplayValidationDelegate(
DateTime? expirationTime,
string securityToken,
ValidationParameters validationParameters,
CallContext callContext);
/// <summary>
/// Partial class for Token Replay validation.
/// </summary>
public static partial class Validators
{
/// <summary>
/// Validates if a token has been replayed.
/// </summary>
/// <param name="expirationTime">When does the security token expire.</param>
/// <param name="securityToken">The <see cref="SecurityToken"/> being validated.</param>
/// <param name="validationParameters">The <see cref="ValidationParameters"/> to be used for validating the token.</param>
/// <param name="callContext"></param>
/// <exception cref="ArgumentNullException">If 'securityToken' is null or whitespace.</exception>
/// <exception cref="ArgumentNullException">If 'validationParameters' is null or whitespace.</exception>
/// <exception cref="SecurityTokenNoExpirationException">If <see cref="ValidationParameters.TokenReplayCache"/> is not null and expirationTime.HasValue is false. When a TokenReplayCache is set, tokens require an expiration time.</exception>
/// <exception cref="SecurityTokenReplayDetectedException">If the 'securityToken' is found in the cache.</exception>
/// <exception cref="SecurityTokenReplayAddFailedException">If the 'securityToken' could not be added to the <see cref="ValidationParameters.TokenReplayCache"/>.</exception>
#pragma warning disable CA1801 // Review unused parameters
internal static ValidationResult<DateTime?> ValidateTokenReplay(DateTime? expirationTime, string securityToken, ValidationParameters validationParameters, CallContext callContext)
#pragma warning restore CA1801 // Review unused parameters
{
if (string.IsNullOrWhiteSpace(securityToken))
return TokenReplayValidationError.NullParameter(
nameof(securityToken),
ValidationError.GetCurrentStackFrame());
if (validationParameters == null)
return TokenReplayValidationError.NullParameter(
nameof(validationParameters),
ValidationError.GetCurrentStackFrame());
// check if token if replay cache is set, then there must be an expiration time.
if (validationParameters.TokenReplayCache != null)
{
if (expirationTime == null)
return new TokenReplayValidationError(
new MessageDetail(
LogMessages.IDX10227,
securityToken),
ValidationFailureType.TokenReplayValidationFailed,
typeof(SecurityTokenNoExpirationException),
ValidationError.GetCurrentStackFrame(),
expirationTime);
if (validationParameters.TokenReplayCache.TryFind(securityToken))
return new TokenReplayValidationError(
new MessageDetail(
LogMessages.IDX10228,
securityToken),
ValidationFailureType.TokenReplayValidationFailed,
typeof(SecurityTokenReplayDetectedException),
ValidationError.GetCurrentStackFrame(),
expirationTime);
if (!validationParameters.TokenReplayCache.TryAdd(securityToken, expirationTime.Value))
return new TokenReplayValidationError(
new MessageDetail(
LogMessages.IDX10229,
securityToken),
ValidationFailureType.TokenReplayValidationFailed,
typeof(SecurityTokenReplayAddFailedException),
ValidationError.GetCurrentStackFrame(),
expirationTime);
}
// if it reaches here, that means no token replay is detected.
// TODO: Move to CallContext
//LogHelper.LogInformation(LogMessages.IDX10240);
return expirationTime;
}
}
}