private EndpointMetadata GetMetadata(string tenant)
{
if (!_metadata.ContainsKey(tenant) ||
_metadata[tenant].ExpiresOn < DateTime.Now)
{
using (var metaDataReader = XmlReader.Create(string.Format(CultureInfo.InvariantCulture, SecurityTokenServiceAddressFormat, tenant), _SafeSettings))
{
var endpointMetadata = new EndpointMetadata();
var serializer = new MetadataSerializer()
{
CertificateValidationMode = X509CertificateValidationMode.None
};
MetadataBase metadata = serializer.ReadMetadata(metaDataReader);
var entityDescriptor = (EntityDescriptor)metadata;
if (!string.IsNullOrWhiteSpace(entityDescriptor.EntityId.Id))
{
endpointMetadata.Issuer = entityDescriptor.EntityId.Id;
}
var tokens = new List<SecurityToken>();
var stsd = entityDescriptor.RoleDescriptors.OfType<SecurityTokenServiceDescriptor>().First();
if (stsd == null)
{
throw new InvalidOperationException("No SecurityTokenServiceType descriptor in metadata.");
}
IEnumerable<X509RawDataKeyIdentifierClause> x509DataClauses = stsd.Keys.Where(key => key.KeyInfo != null && (key.Use == KeyType.Signing || key.Use == KeyType.Unspecified)).Select(key => key.KeyInfo.OfType<X509RawDataKeyIdentifierClause>().First());
tokens.AddRange(x509DataClauses.Select(token => new X509SecurityToken(new X509Certificate2(token.GetX509RawData()))));
endpointMetadata.SigningTokens = tokens.AsReadOnly();
endpointMetadata.ExpiresOn = DateTime.Now.Add(CacheLength);
lock (_metadata)
{
_metadata[tenant] = endpointMetadata;
}
}
}
return _metadata[tenant];
}
private EndpointMetadata GetMetadata(string tenant)
{
if (!_metadata.ContainsKey(tenant) ||
_metadata[tenant].ExpiresOn < DateTime.Now)
{
using (var metaDataReader = XmlReader.Create(string.Format(CultureInfo.InvariantCulture, SecurityTokenServiceAddressFormat, tenant), _SafeSettings))
{
var endpointMetadata = new EndpointMetadata();
var serializer = new MetadataSerializer()
{
CertificateValidationMode = X509CertificateValidationMode.None
};
MetadataBase metadata = serializer.ReadMetadata(metaDataReader);
var entityDescriptor = (EntityDescriptor)metadata;
if (!string.IsNullOrWhiteSpace(entityDescriptor.EntityId.Id))
{
endpointMetadata.Issuer = entityDescriptor.EntityId.Id;
}
var tokens = new List <SecurityToken>();
var stsd = entityDescriptor.RoleDescriptors.OfType <SecurityTokenServiceDescriptor>().First();
if (stsd == null)
{
throw new InvalidOperationException("No SecurityTokenServiceType descriptor in metadata.");
}
IEnumerable <X509RawDataKeyIdentifierClause> x509DataClauses = stsd.Keys.Where(key => key.KeyInfo != null && (key.Use == KeyType.Signing || key.Use == KeyType.Unspecified)).Select(key => key.KeyInfo.OfType <X509RawDataKeyIdentifierClause>().First());
tokens.AddRange(x509DataClauses.Select(token => new X509SecurityToken(new X509Certificate2(token.GetX509RawData()))));
endpointMetadata.SigningTokens = tokens.AsReadOnly();
endpointMetadata.ExpiresOn = DateTime.Now.Add(CacheLength);
lock (_metadata)
{
_metadata[tenant] = endpointMetadata;
}
}
}
return(_metadata[tenant]);
}
