public void NegativeSerialNumber() { var clause = new X509IssuerSerialKeyIdentifierClause(cert3); Assert.AreEqual("CN=test, OU=cert, O=test, [email protected]", clause.IssuerName, "#1"); Assert.AreEqual("-168428216848510272180165529369113665228", clause.IssuerSerialNumber, "#2"); Assert.AreEqual(null, clause.ClauseType, "#3"); }
public void Properties() { X509IssuerSerialKeyIdentifierClause ic = new X509IssuerSerialKeyIdentifierClause(cert); Assert.AreEqual("CN=Mono Test Root Agency", ic.IssuerName, "#1"); Assert.AreEqual("22491767666218099257720700881460366085", ic.IssuerSerialNumber, "#2"); Assert.AreEqual(null, ic.ClauseType, "#3"); }
void WriteX509IssuerSerialKeyIdentifierClause( XmlWriter w, X509IssuerSerialKeyIdentifierClause ic) { w.WriteStartElement("o", "SecurityTokenReference", Constants.WssNamespace); w.WriteStartElement("X509Data", Constants.XmlDsig); w.WriteStartElement("X509IssuerSerial", Constants.XmlDsig); w.WriteStartElement("X509IssuerName", Constants.XmlDsig); w.WriteString(ic.IssuerName); w.WriteEndElement(); w.WriteStartElement("X509SerialNumber", Constants.XmlDsig); w.WriteString(ic.IssuerSerialNumber); w.WriteEndElement(); w.WriteEndElement(); w.WriteEndElement(); w.WriteEndElement(); }
/// <summary> /// Resolves the given SecurityKeyIdentifierClause to a SecurityToken. /// </summary> /// <param name="keyIdentifierClause">SecurityKeyIdentifierClause to resolve.</param> /// <param name="token">The resolved SecurityToken.</param> /// <returns>True if successfully resolved.</returns> /// <exception cref="ArgumentNullException">The input argument 'keyIdentifierClause' is null.</exception> protected override bool TryResolveTokenCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityToken token) { if (keyIdentifierClause == null) { throw new ArgumentNullException("keyIdentifierClause"); } token = null; foreach (X509Certificate2 cert in trustedIssuerCertificates) { X509ThumbprintKeyIdentifierClause thumbprintKeyIdentifierClause = keyIdentifierClause as X509ThumbprintKeyIdentifierClause; if ((thumbprintKeyIdentifierClause != null) && (thumbprintKeyIdentifierClause.Matches(cert))) { token = new X509SecurityToken(cert); return(true); } X509IssuerSerialKeyIdentifierClause issuerSerialKeyIdentifierClause = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause; if ((issuerSerialKeyIdentifierClause != null) && (issuerSerialKeyIdentifierClause.Matches(cert))) { token = new X509SecurityToken(cert); return(true); } X509SubjectKeyIdentifierClause subjectKeyIdentifierClause = keyIdentifierClause as X509SubjectKeyIdentifierClause; if ((subjectKeyIdentifierClause != null) && (subjectKeyIdentifierClause.Matches(cert))) { token = new X509SecurityToken(cert); return(true); } X509RawDataKeyIdentifierClause rawDataKeyIdentifierClause = keyIdentifierClause as X509RawDataKeyIdentifierClause; if ((rawDataKeyIdentifierClause != null) && (rawDataKeyIdentifierClause.Matches(cert))) { token = new X509SecurityToken(cert); return(true); } } return(false); }
protected override bool TryResolveTokenCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityToken token) { token = null; X509Certificate2 matched = null; X509ThumbprintKeyIdentifierClause clause = keyIdentifierClause as X509ThumbprintKeyIdentifierClause; if ((clause != null) && this.TryMatchCertificates(clause.Matches, out matched)) { token = new X509SecurityToken(matched); return(true); } X509IssuerSerialKeyIdentifierClause clause2 = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause; if ((clause2 != null) && TryMatchCertificates(clause2.Matches, out matched)) { token = new X509SecurityToken(matched); return(true); } X509SubjectKeyIdentifierClause clause3 = keyIdentifierClause as X509SubjectKeyIdentifierClause; if ((clause3 != null) && TryMatchCertificates(clause3.Matches, out matched)) { token = new X509SecurityToken(matched); return(true); } X509RawDataKeyIdentifierClause clause4 = keyIdentifierClause as X509RawDataKeyIdentifierClause; if ((clause4 != null) && TryMatchCertificates(clause4.Matches, out matched)) { token = new X509SecurityToken(matched); return(true); } if (this.innerResolver != null) { return(this.innerResolver.TryResolveToken(keyIdentifierClause, out token)); } return(false); }
public void MatchesKeyIdentifierClause() { UniqueId id = new UniqueId(); X509SecurityToken t = new X509SecurityToken(cert, id.ToString()); LocalIdKeyIdentifierClause l = new LocalIdKeyIdentifierClause(id.ToString()); Assert.IsTrue(t.MatchesKeyIdentifierClause(l), "#1-1"); l = new LocalIdKeyIdentifierClause("#" + id.ToString()); Assert.IsFalse(t.MatchesKeyIdentifierClause(l), "#1-2"); X509ThumbprintKeyIdentifierClause h = new X509ThumbprintKeyIdentifierClause(cert); Assert.IsTrue(t.MatchesKeyIdentifierClause(h), "#2-1"); h = new X509ThumbprintKeyIdentifierClause(cert2); Assert.IsFalse(t.MatchesKeyIdentifierClause(h), "#2-2"); X509IssuerSerialKeyIdentifierClause i = new X509IssuerSerialKeyIdentifierClause(cert); Assert.IsTrue(t.MatchesKeyIdentifierClause(i), "#3-1"); i = new X509IssuerSerialKeyIdentifierClause(cert2); Assert.IsFalse(t.MatchesKeyIdentifierClause(i), "#3-2"); X509RawDataKeyIdentifierClause s = new X509RawDataKeyIdentifierClause(cert); Assert.IsTrue(t.MatchesKeyIdentifierClause(s), "#4-1"); s = new X509RawDataKeyIdentifierClause(cert2); Assert.IsFalse(t.MatchesKeyIdentifierClause(s), "#4-2"); }
private bool ResolvesToSigningToken(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityKey key, out SecurityToken token) { token = null; key = null; CertMatcher certMatcher = null; // for SAML tokens the highest probability are certs, with RawData first X509RawDataKeyIdentifierClause rawCertKeyIdentifierClause = keyIdentifierClause as X509RawDataKeyIdentifierClause; if (rawCertKeyIdentifierClause != null) { certMatcher = rawCertKeyIdentifierClause.Matches; } else { X509SubjectKeyIdentifierClause subjectKeyIdentifierClause = keyIdentifierClause as X509SubjectKeyIdentifierClause; if (subjectKeyIdentifierClause != null) { certMatcher = subjectKeyIdentifierClause.Matches; } else { X509ThumbprintKeyIdentifierClause thumbprintKeyIdentifierClause = keyIdentifierClause as X509ThumbprintKeyIdentifierClause; if (thumbprintKeyIdentifierClause != null) { certMatcher = thumbprintKeyIdentifierClause.Matches; } else { X509IssuerSerialKeyIdentifierClause issuerKeyIdentifierClause = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause; if (issuerKeyIdentifierClause != null) { certMatcher = issuerKeyIdentifierClause.Matches; } } } } if (_validationParameters.IssuerSigningKeyResolver != null) { key = _validationParameters.IssuerSigningKeyResolver(token: _securityToken, securityToken: null, keyIdentifier: new SecurityKeyIdentifier(keyIdentifierClause), validationParameters: _validationParameters); if (key != null) { this.IsKeyMatched = true; } } if (_validationParameters.IssuerSigningKey != null) { if (Matches(keyIdentifierClause, _validationParameters.IssuerSigningKey, certMatcher, out token)) { key = _validationParameters.IssuerSigningKey; this.IsKeyMatched = true; } } if (_validationParameters.IssuerSigningKeys != null) { foreach (SecurityKey securityKey in _validationParameters.IssuerSigningKeys) { if (Matches(keyIdentifierClause, securityKey, certMatcher, out token)) { key = securityKey; this.IsKeyMatched = true; break; } } } if (_validationParameters.IssuerSigningToken != null) { if (_validationParameters.IssuerSigningToken.MatchesKeyIdentifierClause(keyIdentifierClause)) { token = _validationParameters.IssuerSigningToken; key = token.SecurityKeys[0]; this.IsKeyMatched = true; } } if (_validationParameters.IssuerSigningTokens != null) { foreach (SecurityToken issuerToken in _validationParameters.IssuerSigningTokens) { if (_validationParameters.IssuerSigningToken.MatchesKeyIdentifierClause(keyIdentifierClause)) { token = issuerToken; key = token.SecurityKeys[0]; this.IsKeyMatched = true; break; } } } return(this.IsKeyMatched); }