protected override SecurityKeyIdentifierClause CreateKeyIdentifierClause(
SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
if (token == null)
{
throw new ArgumentNullException("token");
}
if (referenceStyle == SecurityTokenReferenceStyle.Internal)
{
return(new LocalIdKeyIdentifierClause(token.Id, token.GetType()));
}
switch (reference_style)
{
default:
return(token.CreateKeyIdentifierClause <X509IssuerSerialKeyIdentifierClause> ());
case X509KeyIdentifierClauseType.Thumbprint:
return(token.CreateKeyIdentifierClause <X509ThumbprintKeyIdentifierClause> ());
case X509KeyIdentifierClauseType.SubjectKeyIdentifier:
return(token.CreateKeyIdentifierClause <X509SubjectKeyIdentifierClause> ());
case X509KeyIdentifierClauseType.RawDataKeyIdentifier:
return(token.CreateKeyIdentifierClause <X509RawDataKeyIdentifierClause> ());
case X509KeyIdentifierClauseType.Any:
if (token.CanCreateKeyIdentifierClause <X509SubjectKeyIdentifierClause> ())
{
goto case X509KeyIdentifierClauseType.SubjectKeyIdentifier;
}
goto default;
}
}
// This method returns a security key identifier that can be used to refer to the provided security token when
// the provided token appears in the message
private SecurityKeyIdentifier GetInternalSecurityKeyIdentifier(SecurityToken t)
{
// If t is null, we're toast
if (t == null)
{
throw new ArgumentNullException("t");
}
// Set skiClause to null
SecurityKeyIdentifierClause skiClause = null;
// Try for a local id reference first...
if (t.CanCreateKeyIdentifierClause <LocalIdKeyIdentifierClause>())
{
Console.WriteLine("GetInternalSecurityKeyIdentifier using LocalIdKeyIdentifierClause");
skiClause = t.CreateKeyIdentifierClause <LocalIdKeyIdentifierClause>();
// return a SecurityKeyIdentifier
return(new SecurityKeyIdentifier(skiClause));
}
else
{
return(GetExternalSecurityKeyIdentifier(t));
}
}
// This method returns a security key identifier that can be used to refer to the provided security token when
// the provided token does not appear in the message
private SecurityKeyIdentifier GetExternalSecurityKeyIdentifier(SecurityToken t)
{
// If t is null, we're toast
if (t == null)
{
throw new ArgumentNullException("t");
}
// Set skiClause to null
SecurityKeyIdentifierClause skiClause = null;
// Try for an encrypted key reference first...
if (t.CanCreateKeyIdentifierClause <EncryptedKeyIdentifierClause>())
{
Console.WriteLine("GetExternalSecurityKeyIdentifier using EncryptedKeyIdentifierClause");
skiClause = t.CreateKeyIdentifierClause <EncryptedKeyIdentifierClause>();
}
// ... kerb token reference next...
else if (t.CanCreateKeyIdentifierClause <KerberosTicketHashKeyIdentifierClause>())
{
Console.WriteLine("GetExternalSecurityKeyIdentifier using KerberosTicketHashKeyIdentifierClause");
skiClause = t.CreateKeyIdentifierClause <KerberosTicketHashKeyIdentifierClause>();
}
// ... X509 thumbprint next...
else if (t.CanCreateKeyIdentifierClause <X509ThumbprintKeyIdentifierClause>())
{
Console.WriteLine("GetExternalSecurityKeyIdentifier using X509ThumbprintKeyIdentifierClause");
skiClause = t.CreateKeyIdentifierClause <X509ThumbprintKeyIdentifierClause>();
}
// ... X509 raw reference next...
else if (t.CanCreateKeyIdentifierClause <X509RawDataKeyIdentifierClause>())
{
Console.WriteLine("GetExternalSecurityKeyIdentifier using X509RawDataKeyIdentifierClause");
skiClause = t.CreateKeyIdentifierClause <X509RawDataKeyIdentifierClause>();
}
// ... X509 SKI next...
else if (t.CanCreateKeyIdentifierClause <X509SubjectKeyIdentifierClause>())
{
Console.WriteLine("GetExternalSecurityKeyIdentifier using X509SubjectKeyIdentifierClause");
skiClause = t.CreateKeyIdentifierClause <X509SubjectKeyIdentifierClause>();
}
// ... try for a binary secret...
else if (t.CanCreateKeyIdentifierClause <BinarySecretKeyIdentifierClause>())
{
Console.WriteLine("GetExternalSecurityKeyIdentifier using BinarySecretKeyIdentifierClause");
skiClause = t.CreateKeyIdentifierClause <BinarySecretKeyIdentifierClause>();
}
// ... then a X509IssuerSerial reference ...
else if (t.CanCreateKeyIdentifierClause <X509IssuerSerialKeyIdentifierClause>())
{
Console.WriteLine("GetExternalSecurityKeyIdentifier using X509IssuerSerialKeyIdentifierClause");
skiClause = t.CreateKeyIdentifierClause <X509IssuerSerialKeyIdentifierClause>();
}
// ... then a SAML assertion reference...
else if (t.CanCreateKeyIdentifierClause <SamlAssertionKeyIdentifierClause>())
{
Console.WriteLine("GetExternalSecurityKeyIdentifier using SamlAssertionKeyIdentifierClause");
skiClause = t.CreateKeyIdentifierClause <SamlAssertionKeyIdentifierClause>();
}
// ... then an RSA key reference...
else if (t.CanCreateKeyIdentifierClause <RsaKeyIdentifierClause>())
{
Console.WriteLine("GetExternalSecurityKeyIdentifier using RsaKeyIdentifierClause");
skiClause = t.CreateKeyIdentifierClause <RsaKeyIdentifierClause>();
}
// ... then a key name reference...
else if (t.CanCreateKeyIdentifierClause <KeyNameIdentifierClause>())
{
Console.WriteLine("GetExternalSecurityKeyIdentifier using KeyNameIdentifierClause");
skiClause = t.CreateKeyIdentifierClause <KeyNameIdentifierClause>();
}
// ... and finally an SCT reference...
else if (t.CanCreateKeyIdentifierClause <SecurityContextKeyIdentifierClause>())
{
Console.WriteLine("GetExternalSecurityKeyIdentifier using SecurityContextKeyIdentifierClause");
skiClause = t.CreateKeyIdentifierClause <SecurityContextKeyIdentifierClause>();
}
// return a SecurityKeyIdentifier
return(new SecurityKeyIdentifier(skiClause));
}
