void certselect()
{
X509Certificate2 certSelected = null;
X509Store x509Store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
System.IdentityModel.Tokens.X509SecurityToken securityToken;
x509Store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection col = x509Store.Certificates;
X509Certificate2Collection sel = X509Certificate2UI.SelectFromCollection(col, "Velg sertifikat", "Velg sertifikat som du skal signere med:", X509SelectionFlag.SingleSelection);
RSACryptoServiceProvider csp = null;
String stringToBeSigned = "Dags tekst som skal signeres!";
if (sel.Count > 0)
{
X509Certificate2Enumerator en = sel.GetEnumerator();
en.MoveNext();
certSelected = en.Current;
//trenger vi denne?
securityToken = new System.IdentityModel.Tokens.X509SecurityToken(certSelected);
// se her for XML: https://msdn.microsoft.com/en-us/library/ms229745(v=vs.110).aspx
// Key info: https://msdn.microsoft.com/en-us/library/system.security.cryptography.xml.keyinfox509data(v=vs.90).aspx
SignedXml signedXml = new SignedXml();
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(new KeyInfoX509Data(certSelected));
if (certSelected.HasPrivateKey == true)
{
// signer med privat nøkkel
textBox1.Text += "Dette sertifikatet har privat nøkkel";
csp = (RSACryptoServiceProvider)certSelected.PrivateKey;
SignXmlFile("orig.xml", "signed.xml", csp, certSelected);
// SHA1Managed sha1 = new SHA1Managed();
// UnicodeEncoding encoding = new UnicodeEncoding();
//byte[] data = encoding.GetBytes(stringToBeSigned);
//byte[] hash = sha1.ComputeHash(data);
// Sign the hash
// byte[] signature = csp.SignHash(hash, CryptoConfig.MapNameToOID("SHA1"));
}
else
{
// Signer med offentlig nøkkel
}
}
x509Store.Close();
}
private ClaimsIdentityCollection ValidateTokenCore(System.IdentityModel.Tokens.SecurityToken token, bool isActorToken)
{
JsonWebSecurityToken jsonWebSecurityToken = token as JsonWebSecurityToken;
if (jsonWebSecurityToken == null)
{
return(base.ValidateToken(token));
}
if (base.Configuration == null)
{
throw new System.InvalidOperationException("No configuration.");
}
if (base.Configuration.IssuerNameRegistry == null)
{
throw new System.InvalidOperationException("No issuername registry configured.");
}
this.ValidateLifetime(jsonWebSecurityToken);
this.ValidateAudience(jsonWebSecurityToken);
System.IdentityModel.Tokens.X509SecurityToken x509SecurityToken = jsonWebSecurityToken.IssuerToken as System.IdentityModel.Tokens.X509SecurityToken;
if (x509SecurityToken != null)
{
base.Configuration.CertificateValidator.Validate(x509SecurityToken.Certificate);
}
ClaimsIdentityCollection claimsIdentityCollection = new ClaimsIdentityCollection();
ClaimsIdentity claimsIdentity = new ClaimsIdentity("Federation");
if (!isActorToken && jsonWebSecurityToken.ActorToken != null)
{
ValidateActorTokenForAppOnly(jsonWebSecurityToken.ActorToken);
ClaimsIdentityCollection claimsIdentityCollection2 = this.ValidateActorToken(jsonWebSecurityToken.ActorToken);
if (claimsIdentityCollection2.Count > 1)
{
throw new System.IdentityModel.Tokens.SecurityTokenException("Invalid JWT token. Actor has multiple identities.");
}
claimsIdentity.Actor = claimsIdentityCollection2[0];
}
string issuerName = this.GetIssuerName(jsonWebSecurityToken);
foreach (JsonWebTokenClaim current in jsonWebSecurityToken.Claims)
{
if (claimsIdentity.Actor == null || !System.StringComparer.Ordinal.Equals("actortoken", current.ClaimType))
{
string text = current.Value;
if (text == null)
{
text = "NULL";
}
claimsIdentity.Claims.Add(new Claim(current.ClaimType, text, "http://www.w3.org/2001/XMLSchema#string", issuerName));
}
}
if (!isActorToken && base.Configuration.SaveBootstrapTokens)
{
claimsIdentity.BootstrapToken = token;
}
claimsIdentityCollection.Add(claimsIdentity);
return(claimsIdentityCollection);
}
public virtual System.Collections.Generic.IDictionary <string, string> CreateHeaderClaims()
{
System.Collections.Generic.Dictionary <string, string> dictionary = new System.Collections.Generic.Dictionary <string, string>(System.StringComparer.Ordinal);
dictionary.Add("typ", "JWT");
if (this.SigningCredentials != null)
{
if (System.StringComparer.Ordinal.Compare(this.SigningCredentials.SignatureAlgorithm, "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256") == 0)
{
Microsoft.IdentityModel.SecurityTokenService.X509SigningCredentials x509SigningCredentials = this.SigningCredentials as Microsoft.IdentityModel.SecurityTokenService.X509SigningCredentials;
if (x509SigningCredentials == null)
{
throw new System.InvalidOperationException("JWT token is not valid. RSA signature requires X509SigningCredentials");
}
dictionary.Add("alg", "RS256");
dictionary.Add("x5t", Base64UrlEncoder.Encode(x509SigningCredentials.Certificate.GetCertHash()));
}
else if (System.StringComparer.Ordinal.Compare(this.SigningCredentials.SignatureAlgorithm, "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256") == 0)
{
dictionary.Add("alg", "HS256");
}
}
else if (this.IssuerToken != null)
{
System.IdentityModel.Tokens.X509SecurityToken x509SecurityToken = this.IssuerToken as System.IdentityModel.Tokens.X509SecurityToken;
if (x509SecurityToken != null)
{
dictionary.Add("alg", "RS256");
dictionary.Add("x5t", Base64UrlEncoder.Encode(x509SecurityToken.Certificate.GetCertHash()));
}
else if (this.IssuerToken is BinarySecretSecurityToken)
{
dictionary.Add("alg", "HS256");
}
}
else
{
dictionary.Add("alg", "none");
}
return(dictionary);
}
protected virtual System.IdentityModel.Tokens.SecurityToken VerifySignature(string signingInput, string signature, string algorithm, System.IdentityModel.Tokens.SecurityToken signingToken)
{
Utility.VerifyNonNullArgument("signingToken", signingToken);
bool flag = false;
System.IdentityModel.Tokens.SecurityToken result = null;
if (string.Equals(algorithm, "RS256", System.StringComparison.Ordinal))
{
System.IdentityModel.Tokens.X509SecurityToken x509SecurityToken = signingToken as System.IdentityModel.Tokens.X509SecurityToken;
if (x509SecurityToken == null)
{
throw new System.IdentityModel.Tokens.SecurityTokenException("Unsupported issuer token type for asymmetric signature.");
}
System.Security.Cryptography.RSACryptoServiceProvider rSACryptoServiceProvider = x509SecurityToken.Certificate.PublicKey.Key as System.Security.Cryptography.RSACryptoServiceProvider;
if (rSACryptoServiceProvider == null)
{
throw new System.IdentityModel.Tokens.SecurityTokenException("Unsupported asymmetric signing algorithm.");
}
using (X509AsymmetricSignatureProvider x509AsymmetricSignatureProvider = new X509AsymmetricSignatureProvider(rSACryptoServiceProvider))
{
flag = x509AsymmetricSignatureProvider.Verify(Base64UrlEncoder.TextEncoding.GetBytes(signingInput), Base64UrlEncoder.DecodeBytes(signature));
if (flag)
{
result = signingToken;
}
goto IL_133;
}
}
if (string.Equals(algorithm, "HS256", System.StringComparison.Ordinal))
{
byte[] bytes = Base64UrlEncoder.TextEncoding.GetBytes(signingInput);
byte[] signature2 = Base64UrlEncoder.DecodeBytes(signature);
using (System.Collections.Generic.IEnumerator <System.IdentityModel.Tokens.SecurityKey> enumerator = signingToken.SecurityKeys.GetEnumerator())
{
while (enumerator.MoveNext())
{
System.IdentityModel.Tokens.SecurityKey current = enumerator.Current;
System.IdentityModel.Tokens.SymmetricSecurityKey symmetricSecurityKey = current as System.IdentityModel.Tokens.SymmetricSecurityKey;
if (symmetricSecurityKey != null)
{
using (SymmetricSignatureProvider symmetricSignatureProvider = new SymmetricSignatureProvider(symmetricSecurityKey))
{
flag = symmetricSignatureProvider.Verify(bytes, signature2);
if (flag)
{
result = new BinarySecretSecurityToken(symmetricSecurityKey.GetSymmetricKey());
break;
}
}
}
}
goto IL_133;
}
}
throw new System.IdentityModel.Tokens.SecurityTokenException("Unsupported signing algorithm.");
IL_133:
if (!flag)
{
throw new System.IdentityModel.Tokens.SecurityTokenException("Invalid issuer or signature.");
}
return(result);
}
