public override bool Matches(SecurityKeyIdentifierClause clause)
{
X509IssuerSerialKeyIdentifierClause other =
clause as X509IssuerSerialKeyIdentifierClause;
return(other != null && Matches(other.name, other.serial));
}
public void MatchesKeyIdentifierClause ()
{
UniqueId id = new UniqueId ();
X509SecurityToken t = new X509SecurityToken (cert, id.ToString ());
LocalIdKeyIdentifierClause l =
new LocalIdKeyIdentifierClause (id.ToString ());
Assert.IsTrue (t.MatchesKeyIdentifierClause (l), "#1-1");
l = new LocalIdKeyIdentifierClause ("#" + id.ToString ());
Assert.IsFalse (t.MatchesKeyIdentifierClause (l), "#1-2");
X509ThumbprintKeyIdentifierClause h =
new X509ThumbprintKeyIdentifierClause (cert);
Assert.IsTrue (t.MatchesKeyIdentifierClause (h), "#2-1");
h = new X509ThumbprintKeyIdentifierClause (cert2);
Assert.IsFalse (t.MatchesKeyIdentifierClause (h), "#2-2");
X509IssuerSerialKeyIdentifierClause i =
new X509IssuerSerialKeyIdentifierClause (cert);
Assert.IsTrue (t.MatchesKeyIdentifierClause (i), "#3-1");
i = new X509IssuerSerialKeyIdentifierClause (cert2);
Assert.IsFalse (t.MatchesKeyIdentifierClause (i), "#3-2");
X509RawDataKeyIdentifierClause s =
new X509RawDataKeyIdentifierClause (cert);
Assert.IsTrue (t.MatchesKeyIdentifierClause (s), "#4-1");
s = new X509RawDataKeyIdentifierClause (cert2);
Assert.IsFalse (t.MatchesKeyIdentifierClause (s), "#4-2");
}
public override bool MatchesKeyIdentifierClause(SecurityKeyIdentifierClause keyIdentifierClause)
{
ThrowIfDisposed();
X509SubjectKeyIdentifierClause subjectKeyIdentifierClause = keyIdentifierClause as X509SubjectKeyIdentifierClause;
if (subjectKeyIdentifierClause != null)
{
return(subjectKeyIdentifierClause.Matches(certificate));
}
X509ThumbprintKeyIdentifierClause thumbprintKeyIdentifierClause = keyIdentifierClause as X509ThumbprintKeyIdentifierClause;
if (thumbprintKeyIdentifierClause != null)
{
return(thumbprintKeyIdentifierClause.Matches(certificate));
}
X509IssuerSerialKeyIdentifierClause issuerKeyIdentifierClause = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause;
if (issuerKeyIdentifierClause != null)
{
return(issuerKeyIdentifierClause.Matches(certificate));
}
X509RawDataKeyIdentifierClause rawCertKeyIdentifierClause = keyIdentifierClause as X509RawDataKeyIdentifierClause;
if (rawCertKeyIdentifierClause != null)
{
return(rawCertKeyIdentifierClause.Matches(certificate));
}
return(base.MatchesKeyIdentifierClause(keyIdentifierClause));
}
public void NegativeSerialNumber ()
{
var clause = new X509IssuerSerialKeyIdentifierClause (cert3);
Assert.AreEqual ("CN=test, OU=cert, O=test, [email protected]", clause.IssuerName, "#1");
Assert.AreEqual ("-168428216848510272180165529369113665228", clause.IssuerSerialNumber, "#2");
Assert.AreEqual (null, clause.ClauseType, "#3");
}
public override bool MatchesKeyIdentifierClause(SecurityKeyIdentifierClause keyIdentifierClause)
{
this.ThrowIfDisposed();
X509SubjectKeyIdentifierClause clause = keyIdentifierClause as X509SubjectKeyIdentifierClause;
if (clause != null)
{
return(clause.Matches(this.certificate));
}
X509ThumbprintKeyIdentifierClause clause2 = keyIdentifierClause as X509ThumbprintKeyIdentifierClause;
if (clause2 != null)
{
return(clause2.Matches(this.certificate));
}
X509IssuerSerialKeyIdentifierClause clause3 = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause;
if (clause3 != null)
{
return(clause3.Matches(this.certificate));
}
X509RawDataKeyIdentifierClause clause4 = keyIdentifierClause as X509RawDataKeyIdentifierClause;
if (clause4 != null)
{
return(clause4.Matches(this.certificate));
}
return(base.MatchesKeyIdentifierClause(keyIdentifierClause));
}
public void Properties ()
{
X509IssuerSerialKeyIdentifierClause ic =
new X509IssuerSerialKeyIdentifierClause (cert);
Assert.AreEqual ("CN=Mono Test Root Agency", ic.IssuerName, "#1");
Assert.AreEqual ("22491767666218099257720700881460366085", ic.IssuerSerialNumber, "#2");
Assert.AreEqual (null, ic.ClauseType, "#3");
}
public override bool Matches(SecurityKeyIdentifierClause keyIdentifierClause)
{
X509IssuerSerialKeyIdentifierClause that = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause;
// PreSharp Bug: Parameter 'that' to this public method must be validated: A null-dereference can occur here.
#pragma warning suppress 56506
return(ReferenceEquals(this, that) || (that != null && that.Matches(this.issuerName, this.issuerSerialNumber)));
}
public override bool Matches(SecurityKeyIdentifierClause keyIdentifierClause)
{
X509IssuerSerialKeyIdentifierClause that = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause;
// PreSharp
#pragma warning suppress 56506
return(ReferenceEquals(this, that) || (that != null && that.Matches(this.issuerName, this.issuerSerialNumber)));
}
public override void WriteContent(XmlDictionaryWriter writer, SecurityKeyIdentifierClause clause)
{
X509IssuerSerialKeyIdentifierClause issuerClause = clause as X509IssuerSerialKeyIdentifierClause;
writer.WriteStartElement(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509Data, XD.XmlSignatureDictionary.Namespace);
writer.WriteStartElement(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509IssuerSerial, XD.XmlSignatureDictionary.Namespace);
writer.WriteElementString(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509IssuerName, XD.XmlSignatureDictionary.Namespace, issuerClause.IssuerName);
writer.WriteElementString(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509SerialNumber, XD.XmlSignatureDictionary.Namespace, issuerClause.IssuerSerialNumber);
writer.WriteEndElement();
writer.WriteEndElement();
}
public override void WriteKeyIdentifierClauseCore(XmlDictionaryWriter writer, SecurityKeyIdentifierClause keyIdentifierClause)
{
X509RawDataKeyIdentifierClause x509Clause = keyIdentifierClause as X509RawDataKeyIdentifierClause;
if (x509Clause != null)
{
writer.WriteStartElement(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509Data, NamespaceUri);
writer.WriteStartElement(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509Certificate, NamespaceUri);
byte[] certBytes = x509Clause.GetX509RawData();
writer.WriteBase64(certBytes, 0, certBytes.Length);
writer.WriteEndElement();
writer.WriteEndElement();
}
X509IssuerSerialKeyIdentifierClause issuerSerialClause = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause;
if (issuerSerialClause != null)
{
writer.WriteStartElement(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509Data, XD.XmlSignatureDictionary.Namespace);
writer.WriteStartElement(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509IssuerSerial, XD.XmlSignatureDictionary.Namespace);
writer.WriteElementString(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509IssuerName, XD.XmlSignatureDictionary.Namespace, issuerSerialClause.IssuerName);
writer.WriteElementString(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509SerialNumber, XD.XmlSignatureDictionary.Namespace, issuerSerialClause.IssuerSerialNumber);
writer.WriteEndElement();
writer.WriteEndElement();
return;
}
X509SubjectKeyIdentifierClause skiClause = keyIdentifierClause as X509SubjectKeyIdentifierClause;
if (skiClause != null)
{
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace);
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509SKI, XmlSignatureConstants.Namespace);
byte[] ski = skiClause.GetX509SubjectKeyIdentifier();
writer.WriteBase64(ski, 0, ski.Length);
writer.WriteEndElement();
writer.WriteEndElement();
return;
}
}
public override bool MatchesKeyIdentifierClause(
SecurityKeyIdentifierClause keyIdentifierClause)
{
LocalIdKeyIdentifierClause l =
keyIdentifierClause as LocalIdKeyIdentifierClause;
if (l != null)
{
return(l.LocalId == Id);
}
X509ThumbprintKeyIdentifierClause t =
keyIdentifierClause as X509ThumbprintKeyIdentifierClause;
if (t != null)
{
return(t.Matches(cert));
}
X509IssuerSerialKeyIdentifierClause i =
keyIdentifierClause as X509IssuerSerialKeyIdentifierClause;
if (i != null)
{
return(i.Matches(cert));
}
X509SubjectKeyIdentifierClause s =
keyIdentifierClause as X509SubjectKeyIdentifierClause;
if (s != null)
{
return(s.Matches(cert));
}
X509RawDataKeyIdentifierClause r =
keyIdentifierClause as X509RawDataKeyIdentifierClause;
if (r != null)
{
return(r.Matches(cert));
}
return(false);
}
public override SecurityKeyIdentifierClause ReadKeyIdentifierClauseCore(XmlDictionaryReader reader)
{
SecurityKeyIdentifierClause ski = null;
reader.ReadStartElement(XD.XmlSignatureDictionary.X509Data, NamespaceUri);
while (reader.IsStartElement())
{
if (ski == null && reader.IsStartElement(XD.XmlSignatureDictionary.X509Certificate, NamespaceUri))
{
X509Certificate2 certificate = null;
if (!SecurityUtils.TryCreateX509CertificateFromRawData(reader.ReadElementContentAsBase64(), out certificate))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityMessageSerializationException(SR.GetString(SR.InvalidX509RawData)));
}
ski = new X509RawDataKeyIdentifierClause(certificate);
}
else if (ski == null && reader.IsStartElement(XmlSignatureStrings.X509Ski, NamespaceUri.ToString()))
{
ski = new X509SubjectKeyIdentifierClause(reader.ReadElementContentAsBase64());
}
else if ((ski == null) && reader.IsStartElement(XD.XmlSignatureDictionary.X509IssuerSerial, XD.XmlSignatureDictionary.Namespace))
{
reader.ReadStartElement(XD.XmlSignatureDictionary.X509IssuerSerial, XD.XmlSignatureDictionary.Namespace);
reader.ReadStartElement(XD.XmlSignatureDictionary.X509IssuerName, XD.XmlSignatureDictionary.Namespace);
string issuerName = reader.ReadContentAsString();
reader.ReadEndElement();
reader.ReadStartElement(XD.XmlSignatureDictionary.X509SerialNumber, XD.XmlSignatureDictionary.Namespace);
string serialNumber = reader.ReadContentAsString();
reader.ReadEndElement();
reader.ReadEndElement();
ski = new X509IssuerSerialKeyIdentifierClause(issuerName, serialNumber);
}
else
{
reader.Skip();
}
}
reader.ReadEndElement();
return(ski);
}
public void WriteX509IssuerSerialKeyIdentifierClause1 ()
{
StringWriter sw = new StringWriter ();
X509IssuerSerialKeyIdentifierClause ic = new X509IssuerSerialKeyIdentifierClause (cert);
string expected = "<o:SecurityTokenReference xmlns:o=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"><X509Data xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><X509IssuerSerial><X509IssuerName>CN=Mono Test Root Agency</X509IssuerName><X509SerialNumber>22491767666218099257720700881460366085</X509SerialNumber></X509IssuerSerial></X509Data></o:SecurityTokenReference>";
using (XmlWriter w = XmlWriter.Create (sw, GetWriterSettings ())) {
WSSecurityTokenSerializer.DefaultInstance.WriteKeyIdentifierClause (w, ic);
}
Assert.AreEqual (expected, sw.ToString (), "WSS1.1");
sw = new StringWriter ();
using (XmlWriter w = XmlWriter.Create (sw, GetWriterSettings ())) {
new WSSecurityTokenSerializer (SecurityVersion.WSSecurity10).WriteKeyIdentifierClause (w, ic);
Assert.AreEqual (expected, sw.ToString (), "WSS1.0");
}
}
public override bool Matches(SecurityKeyIdentifierClause keyIdentifierClause)
{
X509IssuerSerialKeyIdentifierClause that = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause;
return(ReferenceEquals(this, that) || (that != null && that.Matches(IssuerName, _issuerSerialNumber)));
}
/// <summary>
/// Resolves the given SecurityKeyIdentifierClause to a SecurityToken.
/// </summary>
/// <param name="keyIdentifierClause">SecurityKeyIdentifierClause to resolve.</param>
/// <param name="token">The resolved SecurityToken.</param>
/// <returns>True if successfully resolved.</returns>
/// <exception cref="ArgumentNullException">The input argument 'keyIdentifierClause' is null.</exception>
protected override bool TryResolveTokenCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityToken token)
{
if (keyIdentifierClause == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("keyIdentifierClause");
}
token = null;
X509Store store = null;
X509Certificate2Collection certs = null;
try
{
store = new X509Store(this.storeName, this.storeLocation);
store.Open(OpenFlags.ReadOnly);
certs = store.Certificates;
foreach (X509Certificate2 cert in certs)
{
X509ThumbprintKeyIdentifierClause thumbprintKeyIdentifierClause = keyIdentifierClause as X509ThumbprintKeyIdentifierClause;
if (thumbprintKeyIdentifierClause != null && thumbprintKeyIdentifierClause.Matches(cert))
{
token = new X509SecurityToken(cert);
return(true);
}
X509IssuerSerialKeyIdentifierClause issuerSerialKeyIdentifierClause = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause;
if (issuerSerialKeyIdentifierClause != null && issuerSerialKeyIdentifierClause.Matches(cert))
{
token = new X509SecurityToken(cert);
return(true);
}
X509SubjectKeyIdentifierClause subjectKeyIdentifierClause = keyIdentifierClause as X509SubjectKeyIdentifierClause;
if (subjectKeyIdentifierClause != null && subjectKeyIdentifierClause.Matches(cert))
{
token = new X509SecurityToken(cert);
return(true);
}
X509RawDataKeyIdentifierClause rawDataKeyIdentifierClause = keyIdentifierClause as X509RawDataKeyIdentifierClause;
if (rawDataKeyIdentifierClause != null && rawDataKeyIdentifierClause.Matches(cert))
{
token = new X509SecurityToken(cert);
return(true);
}
}
}
finally
{
if (certs != null)
{
for (int i = 0; i < certs.Count; i++)
{
certs[i].Reset();
}
}
if (store != null)
{
store.Close();
}
}
return(false);
}
void WriteX509IssuerSerialKeyIdentifierClause (
XmlWriter w, X509IssuerSerialKeyIdentifierClause ic)
{
w.WriteStartElement ("o", "SecurityTokenReference", Constants.WssNamespace);
w.WriteStartElement ("X509Data", Constants.XmlDsig);
w.WriteStartElement ("X509IssuerSerial", Constants.XmlDsig);
w.WriteStartElement ("X509IssuerName", Constants.XmlDsig);
w.WriteString (ic.IssuerName);
w.WriteEndElement ();
w.WriteStartElement ("X509SerialNumber", Constants.XmlDsig);
w.WriteString (ic.IssuerSerialNumber);
w.WriteEndElement ();
w.WriteEndElement ();
w.WriteEndElement ();
w.WriteEndElement ();
}
public override SecurityKeyIdentifierClause ReadKeyIdentifierClauseCore( XmlDictionaryReader reader )
{
SecurityKeyIdentifierClause ski = null;
reader.ReadStartElement( XD.XmlSignatureDictionary.X509Data, NamespaceUri );
while ( reader.IsStartElement() )
{
if ( ski == null && reader.IsStartElement( XD.XmlSignatureDictionary.X509Certificate, NamespaceUri ) )
{
X509Certificate2 certificate = null;
if ( !SecurityUtils.TryCreateX509CertificateFromRawData( reader.ReadElementContentAsBase64(), out certificate ) )
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new SecurityMessageSerializationException( SR.GetString( SR.InvalidX509RawData ) ) );
}
ski = new X509RawDataKeyIdentifierClause( certificate );
}
else if ( ski == null && reader.IsStartElement( XmlSignatureStrings.X509Ski, NamespaceUri.ToString() ) )
{
ski = new X509SubjectKeyIdentifierClause( reader.ReadElementContentAsBase64() );
}
else if ( ( ski == null ) && reader.IsStartElement( XD.XmlSignatureDictionary.X509IssuerSerial, XD.XmlSignatureDictionary.Namespace ) )
{
reader.ReadStartElement( XD.XmlSignatureDictionary.X509IssuerSerial, XD.XmlSignatureDictionary.Namespace );
reader.ReadStartElement( XD.XmlSignatureDictionary.X509IssuerName, XD.XmlSignatureDictionary.Namespace );
string issuerName = reader.ReadContentAsString();
reader.ReadEndElement();
reader.ReadStartElement( XD.XmlSignatureDictionary.X509SerialNumber, XD.XmlSignatureDictionary.Namespace );
string serialNumber = reader.ReadContentAsString();
reader.ReadEndElement();
reader.ReadEndElement();
ski = new X509IssuerSerialKeyIdentifierClause( issuerName, serialNumber );
}
else
{
reader.Skip();
}
}
reader.ReadEndElement();
return ski;
}
/// <summary>
/// Serialize a SecurityKeyIdentifierClause to the given XmlWriter.
/// </summary>
/// <param name="writer">XmlWriter to which the SecurityKeyIdentifierClause is serialized.</param>
/// <param name="securityKeyIdentifierClause">SecurityKeyIdentifierClause to serialize.</param>
/// <exception cref="ArgumentNullException">The input parameter 'reader' or 'securityKeyIdentifierClause' is null.</exception>
/// <exception cref="ArgumentException">The parameter 'securityKeyIdentifierClause' is not a supported clause type.</exception>
public override void WriteKeyIdentifierClause(XmlWriter writer, SecurityKeyIdentifierClause securityKeyIdentifierClause)
{
if (writer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer");
}
if (securityKeyIdentifierClause == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityKeyIdentifierClause");
}
X509IssuerSerialKeyIdentifierClause issuerSerialClause = securityKeyIdentifierClause as X509IssuerSerialKeyIdentifierClause;
if (issuerSerialClause != null)
{
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace);
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509IssuerSerial, XmlSignatureConstants.Namespace);
writer.WriteElementString(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509IssuerName, XmlSignatureConstants.Namespace, issuerSerialClause.IssuerName);
writer.WriteElementString(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509SerialNumber, XmlSignatureConstants.Namespace, issuerSerialClause.IssuerSerialNumber);
writer.WriteEndElement();
writer.WriteEndElement();
return;
}
X509SubjectKeyIdentifierClause skiClause = securityKeyIdentifierClause as X509SubjectKeyIdentifierClause;
if (skiClause != null)
{
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace);
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509SKI, XmlSignatureConstants.Namespace);
byte[] ski = skiClause.GetX509SubjectKeyIdentifier();
writer.WriteBase64(ski, 0, ski.Length);
writer.WriteEndElement();
writer.WriteEndElement();
return;
}
#if INCLUDE_CERT_CHAIN
X509ChainRawDataKeyIdentifierClause x509ChainDataClause = securityKeyIdentifierClause as X509ChainRawDataKeyIdentifierClause;
if (x509ChainDataClause != null)
{
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace);
for (int i = 0; i < x509ChainDataClause.CertificateCount; i++)
{
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Certificate, XmlSignatureConstants.Namespace);
byte[] rawData = x509ChainDataClause.GetX509RawData(i);
writer.WriteBase64(rawData, 0, rawData.Length);
writer.WriteEndElement();
}
writer.WriteEndElement();
return;
}
#endif
X509RawDataKeyIdentifierClause rawDataClause = securityKeyIdentifierClause as X509RawDataKeyIdentifierClause;
if (rawDataClause != null)
{
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace);
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Certificate, XmlSignatureConstants.Namespace);
byte[] rawData = rawDataClause.GetX509RawData();
writer.WriteBase64(rawData, 0, rawData.Length);
writer.WriteEndElement();
writer.WriteEndElement();
return;
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("securityKeyIdentifierClause", SR.GetString(SR.ID4259, securityKeyIdentifierClause.GetType()));
}
public override bool Matches(SecurityKeyIdentifierClause keyIdentifierClause)
{
X509IssuerSerialKeyIdentifierClause objB = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause;
return(object.ReferenceEquals(this, objB) || ((objB != null) && objB.Matches(this.issuerName, this.issuerSerialNumber)));
}
