public void NegativeSerialNumber()
{
var clause = new X509IssuerSerialKeyIdentifierClause(cert3);
Assert.AreEqual("CN=test, OU=cert, O=test, [email protected]", clause.IssuerName, "#1");
Assert.AreEqual("-168428216848510272180165529369113665228", clause.IssuerSerialNumber, "#2");
Assert.AreEqual(null, clause.ClauseType, "#3");
}
public void Properties()
{
X509IssuerSerialKeyIdentifierClause ic =
new X509IssuerSerialKeyIdentifierClause(cert);
Assert.AreEqual("CN=Mono Test Root Agency", ic.IssuerName, "#1");
Assert.AreEqual("22491767666218099257720700881460366085", ic.IssuerSerialNumber, "#2");
Assert.AreEqual(null, ic.ClauseType, "#3");
}
void WriteX509IssuerSerialKeyIdentifierClause(
XmlWriter w, X509IssuerSerialKeyIdentifierClause ic)
{
w.WriteStartElement("o", "SecurityTokenReference", Constants.WssNamespace);
w.WriteStartElement("X509Data", Constants.XmlDsig);
w.WriteStartElement("X509IssuerSerial", Constants.XmlDsig);
w.WriteStartElement("X509IssuerName", Constants.XmlDsig);
w.WriteString(ic.IssuerName);
w.WriteEndElement();
w.WriteStartElement("X509SerialNumber", Constants.XmlDsig);
w.WriteString(ic.IssuerSerialNumber);
w.WriteEndElement();
w.WriteEndElement();
w.WriteEndElement();
w.WriteEndElement();
}
/// <summary>
/// Resolves the given SecurityKeyIdentifierClause to a SecurityToken.
/// </summary>
/// <param name="keyIdentifierClause">SecurityKeyIdentifierClause to resolve.</param>
/// <param name="token">The resolved SecurityToken.</param>
/// <returns>True if successfully resolved.</returns>
/// <exception cref="ArgumentNullException">The input argument 'keyIdentifierClause' is null.</exception>
protected override bool TryResolveTokenCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityToken token)
{
if (keyIdentifierClause == null)
{
throw new ArgumentNullException("keyIdentifierClause");
}
token = null;
foreach (X509Certificate2 cert in trustedIssuerCertificates)
{
X509ThumbprintKeyIdentifierClause thumbprintKeyIdentifierClause = keyIdentifierClause as X509ThumbprintKeyIdentifierClause;
if ((thumbprintKeyIdentifierClause != null) && (thumbprintKeyIdentifierClause.Matches(cert)))
{
token = new X509SecurityToken(cert);
return(true);
}
X509IssuerSerialKeyIdentifierClause issuerSerialKeyIdentifierClause = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause;
if ((issuerSerialKeyIdentifierClause != null) && (issuerSerialKeyIdentifierClause.Matches(cert)))
{
token = new X509SecurityToken(cert);
return(true);
}
X509SubjectKeyIdentifierClause subjectKeyIdentifierClause = keyIdentifierClause as X509SubjectKeyIdentifierClause;
if ((subjectKeyIdentifierClause != null) && (subjectKeyIdentifierClause.Matches(cert)))
{
token = new X509SecurityToken(cert);
return(true);
}
X509RawDataKeyIdentifierClause rawDataKeyIdentifierClause = keyIdentifierClause as X509RawDataKeyIdentifierClause;
if ((rawDataKeyIdentifierClause != null) && (rawDataKeyIdentifierClause.Matches(cert)))
{
token = new X509SecurityToken(cert);
return(true);
}
}
return(false);
}
protected override bool TryResolveTokenCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityToken token)
{
token = null;
X509Certificate2 matched = null;
X509ThumbprintKeyIdentifierClause clause = keyIdentifierClause as X509ThumbprintKeyIdentifierClause;
if ((clause != null) && this.TryMatchCertificates(clause.Matches, out matched))
{
token = new X509SecurityToken(matched);
return(true);
}
X509IssuerSerialKeyIdentifierClause clause2 = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause;
if ((clause2 != null) && TryMatchCertificates(clause2.Matches, out matched))
{
token = new X509SecurityToken(matched);
return(true);
}
X509SubjectKeyIdentifierClause clause3 = keyIdentifierClause as X509SubjectKeyIdentifierClause;
if ((clause3 != null) && TryMatchCertificates(clause3.Matches, out matched))
{
token = new X509SecurityToken(matched);
return(true);
}
X509RawDataKeyIdentifierClause clause4 = keyIdentifierClause as X509RawDataKeyIdentifierClause;
if ((clause4 != null) && TryMatchCertificates(clause4.Matches, out matched))
{
token = new X509SecurityToken(matched);
return(true);
}
if (this.innerResolver != null)
{
return(this.innerResolver.TryResolveToken(keyIdentifierClause, out token));
}
return(false);
}
public void MatchesKeyIdentifierClause()
{
UniqueId id = new UniqueId();
X509SecurityToken t = new X509SecurityToken(cert, id.ToString());
LocalIdKeyIdentifierClause l =
new LocalIdKeyIdentifierClause(id.ToString());
Assert.IsTrue(t.MatchesKeyIdentifierClause(l), "#1-1");
l = new LocalIdKeyIdentifierClause("#" + id.ToString());
Assert.IsFalse(t.MatchesKeyIdentifierClause(l), "#1-2");
X509ThumbprintKeyIdentifierClause h =
new X509ThumbprintKeyIdentifierClause(cert);
Assert.IsTrue(t.MatchesKeyIdentifierClause(h), "#2-1");
h = new X509ThumbprintKeyIdentifierClause(cert2);
Assert.IsFalse(t.MatchesKeyIdentifierClause(h), "#2-2");
X509IssuerSerialKeyIdentifierClause i =
new X509IssuerSerialKeyIdentifierClause(cert);
Assert.IsTrue(t.MatchesKeyIdentifierClause(i), "#3-1");
i = new X509IssuerSerialKeyIdentifierClause(cert2);
Assert.IsFalse(t.MatchesKeyIdentifierClause(i), "#3-2");
X509RawDataKeyIdentifierClause s =
new X509RawDataKeyIdentifierClause(cert);
Assert.IsTrue(t.MatchesKeyIdentifierClause(s), "#4-1");
s = new X509RawDataKeyIdentifierClause(cert2);
Assert.IsFalse(t.MatchesKeyIdentifierClause(s), "#4-2");
}
private bool ResolvesToSigningToken(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityKey key, out SecurityToken token)
{
token = null;
key = null;
CertMatcher certMatcher = null;
// for SAML tokens the highest probability are certs, with RawData first
X509RawDataKeyIdentifierClause rawCertKeyIdentifierClause = keyIdentifierClause as X509RawDataKeyIdentifierClause;
if (rawCertKeyIdentifierClause != null)
{
certMatcher = rawCertKeyIdentifierClause.Matches;
}
else
{
X509SubjectKeyIdentifierClause subjectKeyIdentifierClause = keyIdentifierClause as X509SubjectKeyIdentifierClause;
if (subjectKeyIdentifierClause != null)
{
certMatcher = subjectKeyIdentifierClause.Matches;
}
else
{
X509ThumbprintKeyIdentifierClause thumbprintKeyIdentifierClause = keyIdentifierClause as X509ThumbprintKeyIdentifierClause;
if (thumbprintKeyIdentifierClause != null)
{
certMatcher = thumbprintKeyIdentifierClause.Matches;
}
else
{
X509IssuerSerialKeyIdentifierClause issuerKeyIdentifierClause = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause;
if (issuerKeyIdentifierClause != null)
{
certMatcher = issuerKeyIdentifierClause.Matches;
}
}
}
}
if (_validationParameters.IssuerSigningKeyResolver != null)
{
key = _validationParameters.IssuerSigningKeyResolver(token: _securityToken, securityToken: null, keyIdentifier: new SecurityKeyIdentifier(keyIdentifierClause), validationParameters: _validationParameters);
if (key != null)
{
this.IsKeyMatched = true;
}
}
if (_validationParameters.IssuerSigningKey != null)
{
if (Matches(keyIdentifierClause, _validationParameters.IssuerSigningKey, certMatcher, out token))
{
key = _validationParameters.IssuerSigningKey;
this.IsKeyMatched = true;
}
}
if (_validationParameters.IssuerSigningKeys != null)
{
foreach (SecurityKey securityKey in _validationParameters.IssuerSigningKeys)
{
if (Matches(keyIdentifierClause, securityKey, certMatcher, out token))
{
key = securityKey;
this.IsKeyMatched = true;
break;
}
}
}
if (_validationParameters.IssuerSigningToken != null)
{
if (_validationParameters.IssuerSigningToken.MatchesKeyIdentifierClause(keyIdentifierClause))
{
token = _validationParameters.IssuerSigningToken;
key = token.SecurityKeys[0];
this.IsKeyMatched = true;
}
}
if (_validationParameters.IssuerSigningTokens != null)
{
foreach (SecurityToken issuerToken in _validationParameters.IssuerSigningTokens)
{
if (_validationParameters.IssuerSigningToken.MatchesKeyIdentifierClause(keyIdentifierClause))
{
token = issuerToken;
key = token.SecurityKeys[0];
this.IsKeyMatched = true;
break;
}
}
}
return(this.IsKeyMatched);
}
