public override void WriteKeyIdentifierClauseCore(XmlDictionaryWriter writer, SecurityKeyIdentifierClause keyIdentifierClause)
{
X509RawDataKeyIdentifierClause x509Clause = keyIdentifierClause as X509RawDataKeyIdentifierClause;
if (x509Clause != null)
{
writer.WriteStartElement(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509Data, NamespaceUri);
writer.WriteStartElement(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509Certificate, NamespaceUri);
byte[] certBytes = x509Clause.GetX509RawData();
writer.WriteBase64(certBytes, 0, certBytes.Length);
writer.WriteEndElement();
writer.WriteEndElement();
}
X509IssuerSerialKeyIdentifierClause issuerSerialClause = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause;
if (issuerSerialClause != null)
{
writer.WriteStartElement(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509Data, XD.XmlSignatureDictionary.Namespace);
writer.WriteStartElement(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509IssuerSerial, XD.XmlSignatureDictionary.Namespace);
writer.WriteElementString(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509IssuerName, XD.XmlSignatureDictionary.Namespace, issuerSerialClause.IssuerName);
writer.WriteElementString(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509SerialNumber, XD.XmlSignatureDictionary.Namespace, issuerSerialClause.IssuerSerialNumber);
writer.WriteEndElement();
writer.WriteEndElement();
return;
}
X509SubjectKeyIdentifierClause skiClause = keyIdentifierClause as X509SubjectKeyIdentifierClause;
if (skiClause != null)
{
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace);
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509SKI, XmlSignatureConstants.Namespace);
byte[] ski = skiClause.GetX509SubjectKeyIdentifier();
writer.WriteBase64(ski, 0, ski.Length);
writer.WriteEndElement();
writer.WriteEndElement();
return;
}
}
/// <summary>
/// Inherited from <see cref="SecurityTokenResolver"/>.
/// </summary>
protected override bool TryResolveTokenCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityToken token)
{
if (keyIdentifierClause == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("keyIdentifierClause");
}
token = null;
//
// Try raw X509
//
X509RawDataKeyIdentifierClause rawDataClause = keyIdentifierClause as X509RawDataKeyIdentifierClause;
if (rawDataClause != null)
{
token = new X509SecurityToken(new X509Certificate2(rawDataClause.GetX509RawData()));
return(true);
}
//
// Try RSA
//
RsaKeyIdentifierClause rsaClause = keyIdentifierClause as RsaKeyIdentifierClause;
if (rsaClause != null)
{
token = new RsaSecurityToken(rsaClause.Rsa);
return(true);
}
if (_wrappedTokenResolver.TryResolveToken(keyIdentifierClause, out token))
{
return(true);
}
return(false);
}
/// <summary>
/// Serialize a SecurityKeyIdentifierClause to the given XmlWriter.
/// </summary>
/// <param name="writer">XmlWriter to which the SecurityKeyIdentifierClause is serialized.</param>
/// <param name="securityKeyIdentifierClause">SecurityKeyIdentifierClause to serialize.</param>
/// <exception cref="ArgumentNullException">The input parameter 'reader' or 'securityKeyIdentifierClause' is null.</exception>
/// <exception cref="ArgumentException">The parameter 'securityKeyIdentifierClause' is not a supported clause type.</exception>
public override void WriteKeyIdentifierClause(XmlWriter writer, SecurityKeyIdentifierClause securityKeyIdentifierClause)
{
if (writer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer");
}
if (securityKeyIdentifierClause == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityKeyIdentifierClause");
}
X509IssuerSerialKeyIdentifierClause issuerSerialClause = securityKeyIdentifierClause as X509IssuerSerialKeyIdentifierClause;
if (issuerSerialClause != null)
{
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace);
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509IssuerSerial, XmlSignatureConstants.Namespace);
writer.WriteElementString(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509IssuerName, XmlSignatureConstants.Namespace, issuerSerialClause.IssuerName);
writer.WriteElementString(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509SerialNumber, XmlSignatureConstants.Namespace, issuerSerialClause.IssuerSerialNumber);
writer.WriteEndElement();
writer.WriteEndElement();
return;
}
X509SubjectKeyIdentifierClause skiClause = securityKeyIdentifierClause as X509SubjectKeyIdentifierClause;
if (skiClause != null)
{
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace);
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509SKI, XmlSignatureConstants.Namespace);
byte[] ski = skiClause.GetX509SubjectKeyIdentifier();
writer.WriteBase64(ski, 0, ski.Length);
writer.WriteEndElement();
writer.WriteEndElement();
return;
}
#if INCLUDE_CERT_CHAIN
X509ChainRawDataKeyIdentifierClause x509ChainDataClause = securityKeyIdentifierClause as X509ChainRawDataKeyIdentifierClause;
if (x509ChainDataClause != null)
{
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace);
for (int i = 0; i < x509ChainDataClause.CertificateCount; i++)
{
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Certificate, XmlSignatureConstants.Namespace);
byte[] rawData = x509ChainDataClause.GetX509RawData(i);
writer.WriteBase64(rawData, 0, rawData.Length);
writer.WriteEndElement();
}
writer.WriteEndElement();
return;
}
#endif
X509RawDataKeyIdentifierClause rawDataClause = securityKeyIdentifierClause as X509RawDataKeyIdentifierClause;
if (rawDataClause != null)
{
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace);
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Certificate, XmlSignatureConstants.Namespace);
byte[] rawData = rawDataClause.GetX509RawData();
writer.WriteBase64(rawData, 0, rawData.Length);
writer.WriteEndElement();
writer.WriteEndElement();
return;
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("securityKeyIdentifierClause", SR.GetString(SR.ID4259, securityKeyIdentifierClause.GetType()));
}
static ClaimsPrincipal ValidateTokenWithX509SecurityToken(X509RawDataKeyIdentifierClause x509DataClause, string token)
{
var validatingCertificate = new X509Certificate2(x509DataClause.GetX509RawData());
var tokenHandler = new JwtSecurityTokenHandler();
var x509SecurityToken = new X509SecurityToken(validatingCertificate);
var validationParameters = new TokenValidationParameters()
{
AllowedAudience = "http://www.example.com",
SigningToken = x509SecurityToken,
ValidIssuer = "self",
};
ClaimsPrincipal claimsPrincipal = tokenHandler.ValidateToken(new JwtSecurityToken(token), validationParameters);
return claimsPrincipal;
}
