Example #1
0
 public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement)
 {
     if (tokenRequirement.TokenType == SecurityTokenTypes.Saml || tokenRequirement.TokenType == "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1")
     {
         SamlAssertion samlAssertion = this.samlClientCredentials.Assertion;
         SecurityToken securityToken = this.samlClientCredentials.ProofToken;
         if (samlAssertion == null || securityToken == null)
         {
             SecurityBindingElement securityBindingElement = null;
             SecurityAlgorithmSuite algoSuite = null;
             if (tokenRequirement.TryGetProperty <SecurityBindingElement>("http://schemas.microsoft.com/ws/2006/05/servicemodel/securitytokenrequirement/SecurityBindingElement", out securityBindingElement))
             {
                 algoSuite = securityBindingElement.DefaultAlgorithmSuite;
             }
             if (tokenRequirement.KeyType == SecurityKeyType.SymmetricKey)
             {
                 securityToken = SamlUtilities.CreateSymmetricProofToken(tokenRequirement.KeySize);
                 samlAssertion = SamlUtilities.CreateSymmetricKeyBasedAssertion(this.samlClientCredentials.Claims, new X509SecurityToken(this.samlClientCredentials.ClientCertificate.Certificate), new X509SecurityToken(this.samlClientCredentials.ServiceCertificate.DefaultCertificate), (BinarySecretSecurityToken)securityToken, algoSuite);
             }
             else
             {
                 securityToken = SamlUtilities.CreateAsymmetricProofToken();
                 samlAssertion = SamlUtilities.CreateAsymmetricKeyBasedAssertion(this.samlClientCredentials.Claims, securityToken, algoSuite);
             }
         }
         return(new SamlSecurityTokenProvider(samlAssertion, securityToken));
     }
     return(base.CreateSecurityTokenProvider(tokenRequirement));
 }
Example #2
0
        public static SamlAssertion CreateSymmetricKeyBasedAssertion(ClaimSet claims, X509SecurityToken signatureToken, X509SecurityToken encryptionToken, BinarySecretSecurityToken proofToken, SecurityAlgorithmSuite algoSuite)
        {
            if (claims == null)
            {
                throw new ArgumentNullException("claims");
            }
            if (claims.Count == 0)
            {
                throw new ArgumentException("Provided ClaimSet must contain at least one claim");
            }
            if (proofToken == null)
            {
                throw new ArgumentNullException("proofToken");
            }
            if (signatureToken == null)
            {
                throw new ArgumentNullException("signatureToken");
            }
            if (encryptionToken == null)
            {
                throw new ArgumentNullException("encryptionToken");
            }
            if (proofToken == null)
            {
                throw new ArgumentNullException("proofToken");
            }
            if (algoSuite == null)
            {
                throw new ArgumentNullException("algoSuite");
            }
            SecurityKey signatureKey = signatureToken.SecurityKeys[0];
            SecurityKeyIdentifierClause securityKeyIdentifierClause = signatureToken.CreateKeyIdentifierClause <X509ThumbprintKeyIdentifierClause>();
            SecurityKeyIdentifier       signatureKeyIdentifier      = new SecurityKeyIdentifier(new SecurityKeyIdentifierClause[]
            {
                securityKeyIdentifierClause
            });
            SecurityKey securityKey = encryptionToken.SecurityKeys[0];
            SecurityKeyIdentifierClause securityKeyIdentifierClause2 = encryptionToken.CreateKeyIdentifierClause <X509ThumbprintKeyIdentifierClause>();
            SecurityKeyIdentifier       encryptingKeyIdentifier      = new SecurityKeyIdentifier(new SecurityKeyIdentifierClause[]
            {
                securityKeyIdentifierClause2
            });

            byte[] keyBytes     = proofToken.GetKeyBytes();
            byte[] encryptedKey = new byte[keyBytes.Length];
            encryptedKey = securityKey.EncryptKey(algoSuite.DefaultAsymmetricKeyWrapAlgorithm, keyBytes);
            SecurityKeyIdentifier proofKeyIdentifier = new SecurityKeyIdentifier(new SecurityKeyIdentifierClause[]
            {
                new EncryptedKeyIdentifierClause(encryptedKey, algoSuite.DefaultAsymmetricKeyWrapAlgorithm, encryptingKeyIdentifier)
            });

            return(SamlUtilities.CreateAssertion(claims, signatureKey, signatureKeyIdentifier, proofKeyIdentifier, algoSuite));
        }
Example #3
0
        public static SamlAssertion CreateAsymmetricKeyBasedAssertion(ClaimSet claims, SecurityToken proofToken, SecurityAlgorithmSuite algoSuite)
        {
            if (claims == null)
            {
                throw new ArgumentNullException("claims");
            }
            if (proofToken == null)
            {
                throw new ArgumentNullException("proofToken");
            }
            if (claims.Count == 0)
            {
                throw new ArgumentException("Provided ClaimSet must contain at least one claim");
            }
            SecurityKeyIdentifier securityKeyIdentifier = new SecurityKeyIdentifier(new SecurityKeyIdentifierClause[]
            {
                proofToken.CreateKeyIdentifierClause <RsaKeyIdentifierClause>()
            });
            SecurityKey           signatureKey           = proofToken.SecurityKeys[0];
            SecurityKeyIdentifier signatureKeyIdentifier = securityKeyIdentifier;

            return(SamlUtilities.CreateAssertion(claims, signatureKey, signatureKeyIdentifier, securityKeyIdentifier, algoSuite));
        }