public void NegativeSerialNumber()
        {
            var clause = new X509IssuerSerialKeyIdentifierClause(cert3);

            Assert.AreEqual("CN=test, OU=cert, O=test, [email protected]", clause.IssuerName, "#1");
            Assert.AreEqual("-168428216848510272180165529369113665228", clause.IssuerSerialNumber, "#2");
            Assert.AreEqual(null, clause.ClauseType, "#3");
        }
        public void Properties()
        {
            X509IssuerSerialKeyIdentifierClause ic =
                new X509IssuerSerialKeyIdentifierClause(cert);

            Assert.AreEqual("CN=Mono Test Root Agency", ic.IssuerName, "#1");
            Assert.AreEqual("22491767666218099257720700881460366085", ic.IssuerSerialNumber, "#2");
            Assert.AreEqual(null, ic.ClauseType, "#3");
        }
 void WriteX509IssuerSerialKeyIdentifierClause(
     XmlWriter w, X509IssuerSerialKeyIdentifierClause ic)
 {
     w.WriteStartElement("o", "SecurityTokenReference", Constants.WssNamespace);
     w.WriteStartElement("X509Data", Constants.XmlDsig);
     w.WriteStartElement("X509IssuerSerial", Constants.XmlDsig);
     w.WriteStartElement("X509IssuerName", Constants.XmlDsig);
     w.WriteString(ic.IssuerName);
     w.WriteEndElement();
     w.WriteStartElement("X509SerialNumber", Constants.XmlDsig);
     w.WriteString(ic.IssuerSerialNumber);
     w.WriteEndElement();
     w.WriteEndElement();
     w.WriteEndElement();
     w.WriteEndElement();
 }
Beispiel #4
0
    /// <summary>
    /// Resolves the given SecurityKeyIdentifierClause to a SecurityToken.
    /// </summary>
    /// <param name="keyIdentifierClause">SecurityKeyIdentifierClause to resolve.</param>
    /// <param name="token">The resolved SecurityToken.</param>
    /// <returns>True if successfully resolved.</returns>
    /// <exception cref="ArgumentNullException">The input argument 'keyIdentifierClause' is null.</exception>
    protected override bool TryResolveTokenCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityToken token)
    {
        if (keyIdentifierClause == null)
        {
            throw new ArgumentNullException("keyIdentifierClause");
        }

        token = null;

        foreach (X509Certificate2 cert in trustedIssuerCertificates)
        {
            X509ThumbprintKeyIdentifierClause thumbprintKeyIdentifierClause = keyIdentifierClause as X509ThumbprintKeyIdentifierClause;
            if ((thumbprintKeyIdentifierClause != null) && (thumbprintKeyIdentifierClause.Matches(cert)))
            {
                token = new X509SecurityToken(cert);
                return(true);
            }

            X509IssuerSerialKeyIdentifierClause issuerSerialKeyIdentifierClause = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause;
            if ((issuerSerialKeyIdentifierClause != null) && (issuerSerialKeyIdentifierClause.Matches(cert)))
            {
                token = new X509SecurityToken(cert);
                return(true);
            }

            X509SubjectKeyIdentifierClause subjectKeyIdentifierClause = keyIdentifierClause as X509SubjectKeyIdentifierClause;
            if ((subjectKeyIdentifierClause != null) && (subjectKeyIdentifierClause.Matches(cert)))
            {
                token = new X509SecurityToken(cert);
                return(true);
            }

            X509RawDataKeyIdentifierClause rawDataKeyIdentifierClause = keyIdentifierClause as X509RawDataKeyIdentifierClause;
            if ((rawDataKeyIdentifierClause != null) && (rawDataKeyIdentifierClause.Matches(cert)))
            {
                token = new X509SecurityToken(cert);
                return(true);
            }
        }

        return(false);
    }
        protected override bool TryResolveTokenCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityToken token)
        {
            token = null;
            X509Certificate2 matched = null;
            X509ThumbprintKeyIdentifierClause clause = keyIdentifierClause as X509ThumbprintKeyIdentifierClause;

            if ((clause != null) && this.TryMatchCertificates(clause.Matches, out matched))
            {
                token = new X509SecurityToken(matched);
                return(true);
            }
            X509IssuerSerialKeyIdentifierClause clause2 = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause;

            if ((clause2 != null) && TryMatchCertificates(clause2.Matches, out matched))
            {
                token = new X509SecurityToken(matched);
                return(true);
            }
            X509SubjectKeyIdentifierClause clause3 = keyIdentifierClause as X509SubjectKeyIdentifierClause;

            if ((clause3 != null) && TryMatchCertificates(clause3.Matches, out matched))
            {
                token = new X509SecurityToken(matched);
                return(true);
            }
            X509RawDataKeyIdentifierClause clause4 = keyIdentifierClause as X509RawDataKeyIdentifierClause;

            if ((clause4 != null) && TryMatchCertificates(clause4.Matches, out matched))
            {
                token = new X509SecurityToken(matched);
                return(true);
            }

            if (this.innerResolver != null)
            {
                return(this.innerResolver.TryResolveToken(keyIdentifierClause, out token));
            }

            return(false);
        }
Beispiel #6
0
        public void MatchesKeyIdentifierClause()
        {
            UniqueId                   id = new UniqueId();
            X509SecurityToken          t  = new X509SecurityToken(cert, id.ToString());
            LocalIdKeyIdentifierClause l  =
                new LocalIdKeyIdentifierClause(id.ToString());

            Assert.IsTrue(t.MatchesKeyIdentifierClause(l), "#1-1");

            l = new LocalIdKeyIdentifierClause("#" + id.ToString());
            Assert.IsFalse(t.MatchesKeyIdentifierClause(l), "#1-2");

            X509ThumbprintKeyIdentifierClause h =
                new X509ThumbprintKeyIdentifierClause(cert);

            Assert.IsTrue(t.MatchesKeyIdentifierClause(h), "#2-1");

            h = new X509ThumbprintKeyIdentifierClause(cert2);
            Assert.IsFalse(t.MatchesKeyIdentifierClause(h), "#2-2");

            X509IssuerSerialKeyIdentifierClause i =
                new X509IssuerSerialKeyIdentifierClause(cert);

            Assert.IsTrue(t.MatchesKeyIdentifierClause(i), "#3-1");

            i = new X509IssuerSerialKeyIdentifierClause(cert2);
            Assert.IsFalse(t.MatchesKeyIdentifierClause(i), "#3-2");

            X509RawDataKeyIdentifierClause s =
                new X509RawDataKeyIdentifierClause(cert);

            Assert.IsTrue(t.MatchesKeyIdentifierClause(s), "#4-1");

            s = new X509RawDataKeyIdentifierClause(cert2);
            Assert.IsFalse(t.MatchesKeyIdentifierClause(s), "#4-2");
        }
        private bool ResolvesToSigningToken(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityKey key, out SecurityToken token)
        {
            token = null;
            key   = null;
            CertMatcher certMatcher = null;

            // for SAML tokens the highest probability are certs, with RawData first
            X509RawDataKeyIdentifierClause rawCertKeyIdentifierClause = keyIdentifierClause as X509RawDataKeyIdentifierClause;

            if (rawCertKeyIdentifierClause != null)
            {
                certMatcher = rawCertKeyIdentifierClause.Matches;
            }
            else
            {
                X509SubjectKeyIdentifierClause subjectKeyIdentifierClause = keyIdentifierClause as X509SubjectKeyIdentifierClause;
                if (subjectKeyIdentifierClause != null)
                {
                    certMatcher = subjectKeyIdentifierClause.Matches;
                }
                else
                {
                    X509ThumbprintKeyIdentifierClause thumbprintKeyIdentifierClause = keyIdentifierClause as X509ThumbprintKeyIdentifierClause;
                    if (thumbprintKeyIdentifierClause != null)
                    {
                        certMatcher = thumbprintKeyIdentifierClause.Matches;
                    }
                    else
                    {
                        X509IssuerSerialKeyIdentifierClause issuerKeyIdentifierClause = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause;
                        if (issuerKeyIdentifierClause != null)
                        {
                            certMatcher = issuerKeyIdentifierClause.Matches;
                        }
                    }
                }
            }

            if (_validationParameters.IssuerSigningKeyResolver != null)
            {
                key = _validationParameters.IssuerSigningKeyResolver(token: _securityToken, securityToken: null, keyIdentifier: new SecurityKeyIdentifier(keyIdentifierClause), validationParameters: _validationParameters);
                if (key != null)
                {
                    this.IsKeyMatched = true;
                }
            }

            if (_validationParameters.IssuerSigningKey != null)
            {
                if (Matches(keyIdentifierClause, _validationParameters.IssuerSigningKey, certMatcher, out token))
                {
                    key = _validationParameters.IssuerSigningKey;
                    this.IsKeyMatched = true;
                }
            }

            if (_validationParameters.IssuerSigningKeys != null)
            {
                foreach (SecurityKey securityKey in _validationParameters.IssuerSigningKeys)
                {
                    if (Matches(keyIdentifierClause, securityKey, certMatcher, out token))
                    {
                        key = securityKey;
                        this.IsKeyMatched = true;
                        break;
                    }
                }
            }

            if (_validationParameters.IssuerSigningToken != null)
            {
                if (_validationParameters.IssuerSigningToken.MatchesKeyIdentifierClause(keyIdentifierClause))
                {
                    token             = _validationParameters.IssuerSigningToken;
                    key               = token.SecurityKeys[0];
                    this.IsKeyMatched = true;
                }
            }

            if (_validationParameters.IssuerSigningTokens != null)
            {
                foreach (SecurityToken issuerToken in _validationParameters.IssuerSigningTokens)
                {
                    if (_validationParameters.IssuerSigningToken.MatchesKeyIdentifierClause(keyIdentifierClause))
                    {
                        token             = issuerToken;
                        key               = token.SecurityKeys[0];
                        this.IsKeyMatched = true;
                        break;
                    }
                }
            }

            return(this.IsKeyMatched);
        }