protected virtual ValueTask <SigningCredentials> CreateSigningCredentialsAsync(IRelyingParty party, CancellationToken cancellationToken)
{
var key = party.SigningKey;
var method = party.SigningAlgorithm ?? Options.DefaultSigningAlgorithm;
if (key == null)
{
key = Options.DefaultSigningKey;
method = Options.DefaultSigningAlgorithm;
}
if (key == null)
{
return(new ValueTask <SigningCredentials>());
}
var credentials = method.CreateCredentials(key);
var information = new SigningCredentialsInformation
{
SecurityKeyName = (key is X509SecurityKey x509) ? x509.Certificate.Subject : key.KeyId,
SecurityKeyType = key.GetType().Name,
Algorithm = method.SignatureAlgortihm,
Digest = method.DigestAlgorithm
};
WsTrustLogMessages.SigningCredentialsCreated(Logger, information, null);
return(new ValueTask <SigningCredentials>(credentials));
}
protected virtual ValueTask <EncryptingCredentials> CreateEncryptingCredentialsAsync(IRelyingParty party, CancellationToken cancellationToken)
{
if (!party.RequiresEncryptedToken && !party.RequiresEncryptedSymmetricKeys)
{
return(new ValueTask <EncryptingCredentials>());
}
var key = party.EncryptingKey;
var method = party.EncryptingAlgorithm ?? Options.DefaultEncryptionAlgorithm;
if (key == null)
{
key = Options.DefaultSigningKey;
method = Options.DefaultEncryptionAlgorithm;
}
if (key == null)
{
return(new ValueTask <EncryptingCredentials>());
}
var credentials = method.CreateCredentials(key);
var information = new EncryptingCredentialsInformation
{
SecurityKeyName = (key is X509SecurityKey x509) ? x509.Certificate.Subject : key.KeyId,
SecurityKeyType = key.GetType().Name,
DataEncryptionAlgorithm = method.EncryptionAlgorithm,
KeyWrapAlgorithm = method.KeyWrapAlgorithm
};
WsTrustLogMessages.EncryptingCredentialsCreated(Logger, information, null);
return(new ValueTask <EncryptingCredentials>(credentials));
}
protected virtual async ValueTask <Message> ProcessCoreAsync(Message requestMessage, string requestAction, string responseAction, WsTrustVersion version)
{
var constants = GetWsTrustConstants(version);
var trace = new WsTrustMessageInformation
{
RequestAction = requestAction,
ResponseAction = responseAction,
WsTrustVersion = version,
TrustNamespace = constants.Namespace
};
WsTrustLogMessages.WsTrustMessage(_logger, trace, null);
var context = await CreateDispatchContextAsync(requestMessage, requestAction, responseAction, constants);
await ValidateDispatchContextAsync(context);
await DispatchRequestAsync(context, constants);
var serializer = _serializerFactory.Create();
_logger.LogInformation($"Serializing response for '{responseAction}'.");
var response = Message.CreateMessage(context.MessageVersion, context.ResponseAction, context.ResponseMessage, new WsTrustResponseObjectSerializer(version, serializer));
return(response);
}
private async Task <bool> TryGetClaimsAsync(IEnumerable <string> requestedClaimTypes, string requirement, ClaimsIdentity source, IRelyingParty party, ICollection <Claim> claims)
{
var list = requestedClaimTypes.ToList();
var stores = new List <IRelyingPartyClaimStore>();
foreach (var type in requestedClaimTypes)
{
if (!_relyingPartyClaimStores.TryGetValue(type, out var relyingPartyClaimStores))
{
continue;
}
stores.AddRange(relyingPartyClaimStores);
}
foreach (var store in stores.Distinct())
{
if (!store.CanGenerateClaims(party.AppliesTo))
{
continue;
}
_logger.LogDebug($"Attempting to get {requirement} claims from {store.GetType().Name}");
var requiredClaims = await store.GetClaimsAsync(source, party);
foreach (var claim in requiredClaims)
{
_logger.LogTrace($"Adding {requirement} claim '{claim.Type}' from {store.GetType().Name}");
claims.Add(claim);
if (list.Contains(claim.Type))
{
list.Remove(claim.Type);
}
}
}
var copy = list.ToArray();
foreach (var type in copy)
{
var claim = source.FindFirst(type);
if (claim == null)
{
continue;
}
_logger.LogDebug($"Adding {requirement} claim '{type}' from source identity.");
claims.Add(claim);
list.Remove(type);
}
var success = !list.Any();
if (!success)
{
WsTrustLogMessages.UnableToGetAllClaims(_logger, requirement, new UnableToGetAllClaims {
UnpopulatedClaimTypes = list
}, null);
}
return(success);
}