internal static SecurityToken ResolveSecurityToken(SecurityKeyIdentifier ski, SecurityTokenResolver tokenResolver)
        {
            SecurityToken token = null;

            if (tokenResolver != null)
            {
                tokenResolver.TryResolveToken(ski, out token);
            }

            if (token == null)
            {
                // Check if this is a RSA key.
                RsaKeyIdentifierClause rsaClause;
                if (ski.TryFind <RsaKeyIdentifierClause>(out rsaClause))
                {
                    token = new RsaSecurityToken(rsaClause.Rsa);
                }
            }

            if (token == null)
            {
                // Check if this is a X509RawDataKeyIdentifier Clause.
                X509RawDataKeyIdentifierClause rawDataKeyIdentifierClause;
                if (ski.TryFind <X509RawDataKeyIdentifierClause>(out rawDataKeyIdentifierClause))
                {
                    token = new X509SecurityToken(new X509Certificate2(rawDataKeyIdentifierClause.GetX509RawData()));
                }
            }

            return(token);
        }
        internal static RsaSecurityToken CreateSafeRsaSecurityToken(int keySize)
        {
            RsaSecurityToken         token;
            RSACryptoServiceProvider rsa = null;

            RuntimeHelpers.PrepareConstrainedRegions();
            try
            {
                try
                {
                }
                finally
                {
                    rsa = new RSACryptoServiceProvider(keySize);
                }
                token = new RsaSecurityToken(rsa, true);
                rsa   = null;
            }
            finally
            {
                if (rsa != null)
                {
                    rsa.Dispose();
                }
            }
            return(token);
        }
Example #3
0
        /// <summary>
        /// Validates a <see cref="RsaSecurityToken"/>.
        /// </summary>
        /// <param name="token">The <see cref="RsaSecurityToken"/> to validate.</param>
        /// <returns>A <see cref="ReadOnlyCollection{T}"/> of <see cref="ClaimsIdentity"/> representing the identities contained in the token.</returns>
        /// <exception cref="ArgumentNullException">The parameter 'token' is null.</exception>
        /// <exception cref="ArgumentException">The token is not assignable from <see cref="RsaSecurityToken"/>.</exception>
        /// <exception cref="InvalidOperationException">Configuration <see cref="SecurityTokenHandlerConfiguration"/>is null.</exception>
        public override ReadOnlyCollection <ClaimsIdentity> ValidateToken(SecurityToken token)
        {
            if (token == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token");
            }

            RsaSecurityToken rsaToken = (RsaSecurityToken)token;

            if (rsaToken == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("token", SR.GetString(SR.ID0018, typeof(RsaSecurityToken)));
            }

            if (this.Configuration == null)
            {
                throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID4274));
            }

            try
            {
                // Export the Public Key of the RSA as a Claim.
                ClaimsIdentity identity = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Rsa, rsaToken.Rsa.ToXmlString(false), ClaimValueTypes.RsaKeyValue, ClaimsIdentity.DefaultIssuer) }, AuthenticationTypes.Signature);

                identity.AddClaim(new Claim(ClaimTypes.AuthenticationInstant, XmlConvert.ToString(DateTime.UtcNow, DateTimeFormats.Generated), ClaimValueTypes.DateTime));
                identity.AddClaim(new Claim(ClaimTypes.AuthenticationMethod, AuthenticationMethods.Signature));

                if (this.Configuration.SaveBootstrapContext)
                {
                    identity.BootstrapContext = new BootstrapContext(token, this);
                }

                this.TraceTokenValidationSuccess(token);

                List <ClaimsIdentity> identities = new List <ClaimsIdentity>(1);
                identities.Add(identity);
                return(identities.AsReadOnly());
            }
            catch (Exception e)
            {
                if (Fx.IsFatal(e))
                {
                    throw;
                }

                this.TraceTokenValidationFailure(token, e.Message);
                throw e;
            }
        }
Example #4
0
        /// <summary>
        /// Serializes an RSA security token to XML.
        /// </summary>
        /// <param name="writer">The XML writer.</param>
        /// <param name="token">An RSA security token.</param>
        /// <exception cref="ArgumentNullException">The input argument 'writer' is null.</exception>
        /// <exception cref="InvalidOperationException">The input argument 'token' is either null or not of type
        /// <see cref="RsaSecurityToken"/>.</exception>
        public override void WriteToken(XmlWriter writer, SecurityToken token)
        {
            if (writer == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer");
            }

            if (token == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token");
            }

            RsaSecurityToken rsaToken = token as RsaSecurityToken;

            if (rsaToken == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("token", SR.GetString(SR.ID0018, typeof(RsaSecurityToken)));
            }

            RSAParameters rsaParams = rsaToken.Rsa.ExportParameters(false);

            writer.WriteStartElement(XmlSignatureConstants.Elements.KeyInfo, XmlSignatureConstants.Namespace);
            writer.WriteStartElement(XmlSignatureConstants.Elements.KeyValue, XmlSignatureConstants.Namespace);

            //
            // RSA.ToXmlString shouldn't be used here because it doesn't write namespaces.  The modulus and exponent are written manually.
            //
            writer.WriteStartElement(XmlSignatureConstants.Elements.RsaKeyValue, XmlSignatureConstants.Namespace);

            writer.WriteStartElement(XmlSignatureConstants.Elements.Modulus, XmlSignatureConstants.Namespace);

            byte[] modulus = rsaParams.Modulus;
            writer.WriteBase64(modulus, 0, modulus.Length);
            writer.WriteEndElement(); // </modulus>

            writer.WriteStartElement(XmlSignatureConstants.Elements.Exponent, XmlSignatureConstants.Namespace);

            byte[] exponent = rsaParams.Exponent;
            writer.WriteBase64(exponent, 0, exponent.Length);
            writer.WriteEndElement(); // </exponent>

            writer.WriteEndElement(); // </RsaKeyValue>
            writer.WriteEndElement(); // </KeyValue>
            writer.WriteEndElement(); // </KeyInfo>
        }
        internal static SecurityToken ResolveSecurityToken(SecurityKeyIdentifier ski, SecurityTokenResolver tokenResolver)
        {
            SecurityToken                  token = null;
            RsaKeyIdentifierClause         clause;
            X509RawDataKeyIdentifierClause clause2;

            if (tokenResolver != null)
            {
                tokenResolver.TryResolveToken(ski, out token);
            }
            if ((token == null) && ski.TryFind <RsaKeyIdentifierClause>(out clause))
            {
                token = new RsaSecurityToken(clause.Rsa);
            }
            if ((token == null) && ski.TryFind <X509RawDataKeyIdentifierClause>(out clause2))
            {
                token = new X509SecurityToken(new X509Certificate2(clause2.GetX509RawData()));
            }
            return(token);
        }
Example #6
0
        /// <summary>
        /// Inherited from <see cref="SecurityTokenResolver"/>.
        /// </summary>
        protected override bool TryResolveTokenCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityToken token)
        {
            if (keyIdentifierClause == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("keyIdentifierClause");
            }

            token = null;

            //
            // Try raw X509
            //
            X509RawDataKeyIdentifierClause rawDataClause = keyIdentifierClause as X509RawDataKeyIdentifierClause;

            if (rawDataClause != null)
            {
                token = new X509SecurityToken(new X509Certificate2(rawDataClause.GetX509RawData()));
                return(true);
            }

            //
            // Try RSA
            //
            RsaKeyIdentifierClause rsaClause = keyIdentifierClause as RsaKeyIdentifierClause;

            if (rsaClause != null)
            {
                token = new RsaSecurityToken(rsaClause.Rsa);
                return(true);
            }

            if (_wrappedTokenResolver.TryResolveToken(keyIdentifierClause, out token))
            {
                return(true);
            }

            return(false);
        }
Example #7
0
 public FederatedTokenProviderState(System.IdentityModel.Tokens.RsaSecurityToken rsaToken) : base(null)
 {
     this.rsaToken = rsaToken;
 }