/// <summary>Returns a value indicating whether the key identifier for this instance is equal to the specified key identifier.</summary>
/// <param name="keyIdentifierClause">An <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifierClause" /> to compare to this instance.</param>
/// <returns>
/// <see langword="true" /> if <paramref name="keyIdentifierClause" /> is one of the <see cref="T:System.IdentityModel.Tokens.X509SubjectKeyIdentifierClause" />, <see cref="T:System.IdentityModel.Tokens.X509ThumbprintKeyIdentifierClause" />, <see cref="T:System.IdentityModel.Tokens.X509IssuerSerialKeyIdentifierClause" />, or <see cref="T:System.IdentityModel.Tokens.X509RawDataKeyIdentifierClause" /> types and the key identifier clauses match; otherwise, <see langword="false" />.</returns>
public override bool MatchesKeyIdentifierClause(SecurityKeyIdentifierClause keyIdentifierClause)
{
this.ThrowIfDisposed();
X509SubjectKeyIdentifierClause identifierClause1 = keyIdentifierClause as X509SubjectKeyIdentifierClause;
if (identifierClause1 != null)
{
return(identifierClause1.Matches(this.certificate));
}
X509ThumbprintKeyIdentifierClause identifierClause2 = keyIdentifierClause as X509ThumbprintKeyIdentifierClause;
if (identifierClause2 != null)
{
return(identifierClause2.Matches(this.certificate));
}
X509IssuerSerialKeyIdentifierClause identifierClause3 = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause;
if (identifierClause3 != null)
{
return(identifierClause3.Matches(this.certificate));
}
X509RawDataKeyIdentifierClause identifierClause4 = keyIdentifierClause as X509RawDataKeyIdentifierClause;
if (identifierClause4 != null)
{
return(identifierClause4.Matches(this.certificate));
}
return(base.MatchesKeyIdentifierClause(keyIdentifierClause));
}
/// <summary>Creates the specified key identifier clause.</summary>
/// <typeparam name="T">A <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifierClause" /> that specifies the key identifier to create.</typeparam>
/// <returns>A <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifierClause" /> that is a key identifier clause for the security token.</returns>
public override T CreateKeyIdentifierClause <T>()
{
this.ThrowIfDisposed();
if (typeof(T) == typeof(X509SubjectKeyIdentifierClause))
{
X509SubjectKeyIdentifierClause keyIdentifierClause;
if (X509SubjectKeyIdentifierClause.TryCreateFrom(this.certificate, out keyIdentifierClause))
{
return(keyIdentifierClause as T);
}
}
else
{
if (typeof(T) == typeof(X509ThumbprintKeyIdentifierClause))
{
return(new X509ThumbprintKeyIdentifierClause(this.certificate) as T);
}
if (typeof(T) == typeof(X509IssuerSerialKeyIdentifierClause))
{
return(new X509IssuerSerialKeyIdentifierClause(this.certificate) as T);
}
if (typeof(T) == typeof(X509RawDataKeyIdentifierClause))
{
return(new X509RawDataKeyIdentifierClause(this.certificate) as T);
}
}
return(base.CreateKeyIdentifierClause <T>());
}
/// <summary>Creates a key identifier clause using the specified X.509 certificate.</summary>
/// <param name="certificate">An <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2" /> to create the key identifier clause for.</param>
/// <param name="keyIdentifierClause">When this method returns, contains a <see cref="T:System.IdentityModel.Tokens.X509SubjectKeyIdentifierClause" /> that represents the key identifier clause. This parameter is passed uninitialized. </param>
/// <returns>
/// <see langword="true" /> when a key identifier clause can be created for the specified X.509 certificate; otherwise, <see langword="false" />. </returns>
/// <exception cref="T:System.ArgumentNullException">
/// <paramref name="certificate" /> is <see langword="null" />.</exception>
public static bool TryCreateFrom(
X509Certificate2 certificate,
out X509SubjectKeyIdentifierClause keyIdentifierClause)
{
byte[] skiRawData = X509SubjectKeyIdentifierClause.GetSkiRawData(certificate);
keyIdentifierClause = (X509SubjectKeyIdentifierClause)null;
if (skiRawData != null)
{
byte[] ski = CloneBuffer(skiRawData, 2, skiRawData.Length - 2);
keyIdentifierClause = new X509SubjectKeyIdentifierClause(ski, false);
}
return(keyIdentifierClause != null);
}
/// <summary>Returns a value that indicates whether the key identifier for this instance is equivalent to the key identifier of the specified X.509 certificate.</summary>
/// <param name="certificate">An <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2" /> that contains the X.509 certificate to compare.</param>
/// <returns>
/// <see langword="true" /> if <paramref name="certificate" /> has the same subject key identifier as the current instance; otherwise, <see langword="false" />.</returns>
/// <exception cref="T:System.ArgumentNullException">
/// <paramref name="certificate" /> is <see langword="null" />.</exception>
public bool Matches(X509Certificate2 certificate)
{
if (certificate == null)
{
return(false);
}
byte[] skiRawData = X509SubjectKeyIdentifierClause.GetSkiRawData(certificate);
if (skiRawData != null)
{
return(this.Matches(skiRawData, 2));
}
return(false);
}
/// <summary>Gets a value indicating whether this security token is capable of creating the specified key identifier.</summary>
public override bool CanCreateKeyIdentifierClause <T>()
{
this.ThrowIfDisposed();
if (typeof(T) == typeof(X509SubjectKeyIdentifierClause))
{
return(X509SubjectKeyIdentifierClause.CanCreateFrom(this.certificate));
}
if (!(typeof(T) == typeof(X509ThumbprintKeyIdentifierClause)) && !(typeof(T) == typeof(X509IssuerSerialKeyIdentifierClause)) && !(typeof(T) == typeof(X509RawDataKeyIdentifierClause)))
{
return(base.CanCreateKeyIdentifierClause <T>());
}
return(true);
}
/// <summary>Gets a value that indicates whether a key identifier clause can be created for the specified X.509 certificate. </summary>
/// <param name="certificate">An <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2" /> that contains the X.509 certificate.</param>
/// <returns>
/// <see langword="true" /> if a key identifier clause can be created for <paramref name="certificate" />; otherwise, <see langword="false" />.</returns>
/// <exception cref="T:System.ArgumentNullException">
/// <paramref name="certificate" /> is <see langword="null" />.</exception>
public static bool CanCreateFrom(X509Certificate2 certificate)
{
return(X509SubjectKeyIdentifierClause.GetSkiRawData(certificate) != null);
}
