private SecurityToken ResolveSignatureToken(SecurityKeyIdentifier keyIdentifier, SecurityTokenResolver resolver, bool isPrimarySignature)
{
TryResolveKeyIdentifier(keyIdentifier, resolver, true, out SecurityToken token);
if (token == null && !isPrimarySignature)
{
// check if there is a rsa key token authenticator
if (keyIdentifier.Count == 1)
{
if (keyIdentifier.TryFind <RsaKeyIdentifierClause>(out RsaKeyIdentifierClause rsaClause))
{
RsaSecurityTokenAuthenticator rsaAuthenticator = FindAllowedAuthenticator <RsaSecurityTokenAuthenticator>(false);
if (rsaAuthenticator != null)
{
token = new RsaSecurityToken(rsaClause.Rsa);
ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies = rsaAuthenticator.ValidateToken(token);
TokenTracker rsaTracker = GetSupportingTokenTracker(rsaAuthenticator, out SupportingTokenAuthenticatorSpecification spec);
if (rsaTracker == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.Format(SR.UnknownTokenAuthenticatorUsedInTokenProcessing, rsaAuthenticator)));
}
rsaTracker.RecordToken(token);
SecurityTokenAuthorizationPoliciesMapping.Add(token, authorizationPolicies);
}
}
}
}
if (token == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(
SR.Format(SR.UnableToResolveKeyInfoForVerifyingSignature, keyIdentifier, resolver)));
}
return(token);
}
private SecurityToken ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver, IList <SecurityTokenAuthenticator> allowedTokenAuthenticators, out SecurityTokenAuthenticator usedTokenAuthenticator)
{
SecurityToken token = StandardsManager.SecurityTokenSerializer.ReadToken(reader, tokenResolver);
if (token is DerivedKeySecurityTokenStub)
{
if (DerivedTokenAuthenticator == null)
{
// No Authenticator registered for DerivedKeySecurityToken
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(
SR.Format(SR.UnableToFindTokenAuthenticator, typeof(DerivedKeySecurityToken))));
}
// This is just the stub. Nothing to Validate. Set the usedTokenAuthenticator to
// DerivedKeySecurityTokenAuthenticator.
usedTokenAuthenticator = DerivedTokenAuthenticator;
return(token);
}
for (int i = 0; i < allowedTokenAuthenticators.Count; ++i)
{
SecurityTokenAuthenticator tokenAuthenticator = allowedTokenAuthenticators[i];
if (tokenAuthenticator.CanValidateToken(token))
{
ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies;
authorizationPolicies = tokenAuthenticator.ValidateToken(token);
SecurityTokenAuthorizationPoliciesMapping.Add(token, authorizationPolicies);
usedTokenAuthenticator = tokenAuthenticator;
return(token);
}
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(
SR.Format(SR.UnableToFindTokenAuthenticator, token.GetType())));
}
