public static AuthMetadata GetAuthMetadata(string content, bool requireIssuingEndpoint)
        {
            JsonMetadataDocument document     = AuthMetadataParser.GetDocument <JsonMetadataDocument>(content);
            AuthMetadata         authMetadata = new AuthMetadata();

            AuthMetadataParser.ExtractServiceNameRealmAndIssuer(document, authMetadata);
            if (document.keys == null)
            {
                throw new AuthMetadataParserException(DirectoryStrings.ErrorAuthMetadataNoSigningKey);
            }
            string[] array = (from k in document.keys
                              where string.Equals(k.usage, AuthMetadataConstants.KeyUsage, StringComparison.OrdinalIgnoreCase) && k.keyvalue != null && string.Equals(k.keyvalue.type, AuthMetadataConstants.SigningKeyType, StringComparison.OrdinalIgnoreCase) && !string.IsNullOrEmpty(k.keyvalue.value)
                              select k.keyvalue.value).ToArray <string>();
            if (array.Length == 0)
            {
                throw new AuthMetadataParserException(DirectoryStrings.ErrorAuthMetadataNoSigningKey);
            }
            authMetadata.CertificateStrings = array;
            if (document.endpoints != null)
            {
                string[] array2 = (from e in document.endpoints
                                   where string.Equals(e.protocol, AuthMetadataConstants.Protocol, StringComparison.OrdinalIgnoreCase) && string.Equals(e.usage, AuthMetadataConstants.IssuingEndpointUsage, StringComparison.OrdinalIgnoreCase) && !string.IsNullOrEmpty(e.location)
                                   select e.location).ToArray <string>();
                if (array2.Length > 0)
                {
                    authMetadata.IssuingEndpoint = array2[0];
                }
            }
            if (requireIssuingEndpoint && string.IsNullOrEmpty(authMetadata.IssuingEndpoint))
            {
                throw new AuthMetadataParserException(DirectoryStrings.ErrorAuthMetadataNoIssuingEndpoint);
            }
            return(authMetadata);
        }
        private static void ExtractServiceNameRealmAndIssuer(JsonMetadataDocument document, AuthMetadata authData)
        {
            string serviceName;
            string realm;

            if (document.version == AuthMetadataConstants.SelfIssuingAuthorityMetadataVersion)
            {
                authData.ServiceName = document.serviceName;
                authData.Issuer      = document.issuer;
                authData.Realm       = document.realm;
                if (string.IsNullOrEmpty(authData.Issuer))
                {
                    throw new AuthMetadataParserException(DirectoryStrings.ErrorAuthMetadataCannotResolveIssuer);
                }
            }
            else if (AuthMetadataParser.TryExtractServiceNameAndRealm(document.issuer, out serviceName, out realm))
            {
                authData.ServiceName = serviceName;
                authData.Realm       = realm;
            }
            else if (!string.IsNullOrEmpty(document.serviceName))
            {
                authData.ServiceName = document.serviceName;
                authData.Realm       = document.realm;
            }
            if (string.IsNullOrEmpty(authData.ServiceName))
            {
                throw new AuthMetadataParserException(DirectoryStrings.ErrorAuthMetadataCannotResolveServiceName);
            }
        }
        public static AuthMetadata AcquireMetadata(string authMetadataUrl, bool requireIssuingEndpoint, bool trustSslCert, bool wrapException = true)
        {
            AuthMetadataClient authMetadataClient = new AuthMetadataClient(authMetadataUrl, trustSslCert);
            string             content            = authMetadataClient.Acquire(wrapException);
            AuthMetadata       authMetadata;

            switch (AuthMetadataParser.DecideMetadataDocumentType(authMetadataUrl))
            {
            case AuthMetadataParser.MetadataDocType.OAuthS2SV1Metadata:
                return(AuthMetadataParser.GetAuthMetadata(content, requireIssuingEndpoint));

            case AuthMetadataParser.MetadataDocType.WSFedMetadata:
                return(AuthMetadataParser.GetWSFederationMetadata(content));

            case AuthMetadataParser.MetadataDocType.OAuthOpenIdConnectMetadata:
                authMetadata = AuthMetadataParser.GetOpenIdConnectAuthMetadata(content, requireIssuingEndpoint);
                if (!string.IsNullOrEmpty(authMetadata.KeysEndpoint))
                {
                    authMetadataClient = new AuthMetadataClient(authMetadata.KeysEndpoint, trustSslCert);
                    content            = authMetadataClient.Acquire(wrapException);
                    return(AuthMetadataParser.GetOpenIdConnectKeys(content, authMetadata));
                }
                return(authMetadata);
            }
            authMetadata = AuthMetadataParser.GetAuthMetadata(content, requireIssuingEndpoint);
            return(authMetadata);
        }
        public static void SetEndpointsIfWSFed(AuthMetadata authData, AuthServerType authServerType, string authMetadataUrl)
        {
            AuthMetadataParser.MetadataDocType metadataDocType = AuthMetadataParser.DecideMetadataDocumentType(authMetadataUrl);
            if (metadataDocType != AuthMetadataParser.MetadataDocType.WSFedMetadata)
            {
                return;
            }
            Uri uri = new Uri(authMetadataUrl);

            authData.AuthorizationEndpoint = string.Format("{0}/{1}/oauth2/authorize", uri.GetLeftPart(UriPartial.Authority), (authServerType == AuthServerType.ADFS) ? "adfs" : "common");
            authData.IssuingEndpoint       = string.Format("{0}/{1}/oauth2/token", uri.GetLeftPart(UriPartial.Authority), (authServerType == AuthServerType.ADFS) ? "adfs" : "common");
        }
        public static AuthMetadata GetOpenIdConnectAuthMetadata(string content, bool requireIssuingEndpoint)
        {
            OpenIdConnectJsonMetadataDocument document = AuthMetadataParser.GetDocument <OpenIdConnectJsonMetadataDocument>(content);
            AuthMetadata authMetadata = new AuthMetadata();

            if (!string.IsNullOrEmpty(document.token_endpoint))
            {
                authMetadata.IssuingEndpoint = document.token_endpoint.Trim();
            }
            if (requireIssuingEndpoint && string.IsNullOrEmpty(authMetadata.IssuingEndpoint))
            {
                throw new AuthMetadataParserException(DirectoryStrings.ErrorAuthMetadataNoIssuingEndpoint);
            }
            string serviceName;
            string realm;

            if (AuthMetadataParser.TryExtractUrlFormatServiceNameAndRealm(document.issuer, out serviceName, out realm))
            {
                authMetadata.ServiceName = serviceName;
                authMetadata.Realm       = realm;
            }
            if (string.IsNullOrEmpty(authMetadata.ServiceName))
            {
                throw new AuthMetadataParserException(DirectoryStrings.ErrorAuthMetadataCannotResolveServiceName);
            }
            if (!string.IsNullOrEmpty(document.jwks_uri))
            {
                authMetadata.KeysEndpoint = document.jwks_uri.Trim();
            }
            if (string.IsNullOrEmpty(authMetadata.KeysEndpoint))
            {
                throw new AuthMetadataParserException(DirectoryStrings.ErrorAuthMetadataNoSigningKey);
            }
            if (!string.IsNullOrEmpty(document.authorization_endpoint))
            {
                authMetadata.AuthorizationEndpoint = document.authorization_endpoint.Trim();
            }
            if (string.IsNullOrEmpty(authMetadata.AuthorizationEndpoint))
            {
                throw new AuthMetadataParserException(DirectoryStrings.ErrorAuthMetadataNoIssuingEndpoint);
            }
            return(authMetadata);
        }
        public static AuthMetadata GetOpenIdConnectKeys(string content, AuthMetadata authData)
        {
            OpenIdConnectKeysJsonMetadataDocument document = AuthMetadataParser.GetDocument <OpenIdConnectKeysJsonMetadataDocument>(content);

            if (document.keys == null)
            {
                throw new AuthMetadataParserException(DirectoryStrings.ErrorAuthMetadataNoSigningKey);
            }
            if (authData == null)
            {
                authData = new AuthMetadata();
            }
            string[] array = (from k in document.keys
                              where !string.IsNullOrEmpty(k.use) && k.use.Equals(AuthMetadataConstants.OpenIdConnectSigningKeyUsage, StringComparison.OrdinalIgnoreCase) && k.x5c != null && k.x5c.Length > 0
                              select k.x5c[0]).ToArray <string>();
            if (array.Length == 0)
            {
                throw new AuthMetadataParserException(DirectoryStrings.ErrorAuthMetadataNoSigningKey);
            }
            authData.CertificateStrings = array;
            return(authData);
        }
        public static AuthMetadata GetWSFederationMetadata(string content)
        {
            AuthMetadata result;

            try
            {
                using (TextReader textReader = new StringReader(content))
                {
                    using (XmlReader xmlReader = XmlReader.Create(textReader))
                    {
                        MetadataSerializer metadataSerializer = new MetadataSerializer
                        {
                            CertificateValidationMode = X509CertificateValidationMode.None
                        };
                        EntityDescriptor entityDescriptor = metadataSerializer.ReadMetadata(xmlReader) as EntityDescriptor;
                        SecurityTokenServiceDescriptor securityTokenServiceDescriptor = entityDescriptor.RoleDescriptors.OfType <SecurityTokenServiceDescriptor>().First <SecurityTokenServiceDescriptor>();
                        List <string> list = new List <string>();
                        foreach (KeyDescriptor keyDescriptor in from k in securityTokenServiceDescriptor.Keys
                                 where k.Use == KeyType.Signing
                                 select k)
                        {
                            foreach (SecurityKeyIdentifierClause securityKeyIdentifierClause in keyDescriptor.KeyInfo)
                            {
                                X509RawDataKeyIdentifierClause x509RawDataKeyIdentifierClause = securityKeyIdentifierClause as X509RawDataKeyIdentifierClause;
                                if (x509RawDataKeyIdentifierClause != null)
                                {
                                    list.Add(Convert.ToBase64String(x509RawDataKeyIdentifierClause.GetX509RawData()));
                                }
                            }
                        }
                        AuthMetadata authMetadata = new AuthMetadata();
                        authMetadata.CertificateStrings = list.ToArray();
                        string serviceName;
                        string realm;
                        if (AuthMetadataParser.TryExtractUrlFormatServiceNameAndRealm(entityDescriptor.EntityId.Id, out serviceName, out realm))
                        {
                            authMetadata.ServiceName = serviceName;
                            authMetadata.Realm       = realm;
                        }
                        else
                        {
                            authMetadata.ServiceName = entityDescriptor.EntityId.Id;
                            authMetadata.Realm       = null;
                        }
                        if (string.IsNullOrEmpty(authMetadata.ServiceName))
                        {
                            throw new AuthMetadataParserException(DirectoryStrings.ErrorAuthMetadataCannotResolveServiceName);
                        }
                        result = authMetadata;
                    }
                }
            }
            catch (XmlException innerException)
            {
                throw new AuthMetadataParserException(DirectoryStrings.ErrorCannotParseAuthMetadata, innerException);
            }
            catch (IOException innerException2)
            {
                throw new AuthMetadataParserException(DirectoryStrings.ErrorCannotParseAuthMetadata, innerException2);
            }
            catch (SecurityException innerException3)
            {
                throw new AuthMetadataParserException(DirectoryStrings.ErrorCannotParseAuthMetadata, innerException3);
            }
            catch (SystemException innerException4)
            {
                throw new AuthMetadataParserException(DirectoryStrings.ErrorCannotParseAuthMetadata, innerException4);
            }
            return(result);
        }