//private void ValidateSignatures(SoapContext context, IEnumerable<SecurityToken> tokens)
//{
// using var buffer = context.Request.CreateBufferedCopy((int)(context.HttpContext.Request.ContentLength ?? 64 * 1024));
// using var request = buffer.CreateMessage();
// using var stream = new MemoryStream();
// using (var writer = XmlWriter.Create(stream, new XmlWriterSettings { CloseOutput = false }))
// request.WriteMessage(writer);
// stream.Position = 0;
// using (var reader = new EnvelopedSignatureReader(XmlReader.Create(stream)))
// _ = reader.ReadOuterXml();
// context.Request = buffer.CreateMessage();
//}
//private AsymmetricAlgorithm GetPublicKey(SoapContext context, KeyInfo keyInfo, IEnumerable<SecurityToken> tokens)
//{
// keyInfo.
// var inner = keyInfo.GetXml().ChildNodes.OfType<XmlElement>().First();
// if (inner.LocalName != "SecurityTokenReference" || inner.NamespaceURI != WsSecurityConstants.WsSecurity10Namespace) return null;
// var children = inner.Elements();
// if (!children.Any()) throw context.CreateFailedCheckFault();
// var first = children.First();
// if (first.LocalName == "Reference" && first.NamespaceURI == WsSecurityConstants.WsSecurity10Namespace)
// {
// var id = first.GetAttribute("URI")?.Substring(1);
// var token = store.GetSecurityToken(id);
// if (token == null)
// throw context.CreateFailedCheckFault();
// return token.SecurityKey?.CryptoProviderFactory.;
// }
// return null;
//}
private async ValueTask <VerifyTokenResult> VerifyTokenAsync(XmlReader reader, SoapContext soap)
{
WsSecurityLogMessages.LogSecurityTokenElement(Logger, ref reader);
foreach (var handler in _securityTokenHandlerProvider.GetAllSecurityTokenHandlers())
{
if (!handler.CanValidateToken)
{
continue;
}
if (!await CanReadTokenAsync(handler, reader))
{
continue;
}
WsSecurityLogMessages.LogSecurityTokenHandlerValidationAttempt(Logger, handler);
var parameters = await _tokenValidationParametersFactory.CreateAsync();
var user = null as ClaimsPrincipal;
var securityToken = null as SecurityToken;
var token = null as string;
try
{
if (handler is IAsyncSecurityTokenHandler asyncHandler)
{
var result = await asyncHandler.ValidateTokenAsync(reader, parameters);
if (!result.Success)
{
throw result.Error;
}
user = result.User;
securityToken = result.Token;
}
else
{
user = handler.ValidateToken(reader, parameters, out securityToken);
}
}
catch (Exception ex)
{
WsSecurityLogMessages.LogFailedSecurityTokenHandlerValidation(Logger, handler, ex);
continue;
}
if (user != null && securityToken != null)
{
WsSecurityLogMessages.LogSuccessfulSecurityTokenHandlerValidation(Logger, handler);
return(new VerifyTokenResult(user, securityToken));
}
}
throw soap.CreateInvalidSecurityTokenFault();
}
