private Token(string tokenXml, Uri audience, TokenDecryptor decryptor) {
Requires.NotNullOrEmpty(tokenXml, "tokenXml");
Requires.True(decryptor != null || !IsEncrypted(tokenXml), null);
Contract.Ensures(this.AuthorizationContext != null);
byte[] decryptedBytes;
string decryptedString;
using (StringReader xmlReader = new StringReader(tokenXml)) {
var readerSettings = MessagingUtilities.CreateUntrustedXmlReaderSettings();
using (XmlReader tokenReader = XmlReader.Create(xmlReader, readerSettings)) {
Contract.Assume(tokenReader != null); // BCL contract should say XmlReader.Create result != null
if (IsEncrypted(tokenReader)) {
Logger.InfoCard.DebugFormat("Incoming SAML token, before decryption: {0}", tokenXml);
decryptedBytes = decryptor.DecryptToken(tokenReader);
decryptedString = Encoding.UTF8.GetString(decryptedBytes);
Contract.Assume(decryptedString != null); // BCL contracts should be enhanced here
} else {
decryptedBytes = Encoding.UTF8.GetBytes(tokenXml);
decryptedString = tokenXml;
}
}
}
var stringReader = new StringReader(decryptedString);
try {
this.Xml = new XPathDocument(stringReader).CreateNavigator();
} catch {
stringReader.Dispose();
throw;
}
Logger.InfoCard.DebugFormat("Incoming SAML token, after any decryption: {0}", this.Xml.InnerXml);
this.AuthorizationContext = TokenUtility.AuthenticateToken(this.Xml.ReadSubtree(), audience);
}