private SecurityToken ResolveSignatureToken(SecurityKeyIdentifier keyIdentifier, SecurityTokenResolver resolver, bool isPrimarySignature) { TryResolveKeyIdentifier(keyIdentifier, resolver, true, out SecurityToken token); if (token == null && !isPrimarySignature) { // check if there is a rsa key token authenticator if (keyIdentifier.Count == 1) { if (keyIdentifier.TryFind <RsaKeyIdentifierClause>(out RsaKeyIdentifierClause rsaClause)) { RsaSecurityTokenAuthenticator rsaAuthenticator = FindAllowedAuthenticator <RsaSecurityTokenAuthenticator>(false); if (rsaAuthenticator != null) { token = new RsaSecurityToken(rsaClause.Rsa); ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies = rsaAuthenticator.ValidateToken(token); TokenTracker rsaTracker = GetSupportingTokenTracker(rsaAuthenticator, out SupportingTokenAuthenticatorSpecification spec); if (rsaTracker == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.Format(SR.UnknownTokenAuthenticatorUsedInTokenProcessing, rsaAuthenticator))); } rsaTracker.RecordToken(token); SecurityTokenAuthorizationPoliciesMapping.Add(token, authorizationPolicies); } } } } if (token == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException( SR.Format(SR.UnableToResolveKeyInfoForVerifyingSignature, keyIdentifier, resolver))); } return(token); }
private SecurityToken ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver, IList <SecurityTokenAuthenticator> allowedTokenAuthenticators, out SecurityTokenAuthenticator usedTokenAuthenticator) { SecurityToken token = StandardsManager.SecurityTokenSerializer.ReadToken(reader, tokenResolver); if (token is DerivedKeySecurityTokenStub) { if (DerivedTokenAuthenticator == null) { // No Authenticator registered for DerivedKeySecurityToken throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException( SR.Format(SR.UnableToFindTokenAuthenticator, typeof(DerivedKeySecurityToken)))); } // This is just the stub. Nothing to Validate. Set the usedTokenAuthenticator to // DerivedKeySecurityTokenAuthenticator. usedTokenAuthenticator = DerivedTokenAuthenticator; return(token); } for (int i = 0; i < allowedTokenAuthenticators.Count; ++i) { SecurityTokenAuthenticator tokenAuthenticator = allowedTokenAuthenticators[i]; if (tokenAuthenticator.CanValidateToken(token)) { ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies; authorizationPolicies = tokenAuthenticator.ValidateToken(token); SecurityTokenAuthorizationPoliciesMapping.Add(token, authorizationPolicies); usedTokenAuthenticator = tokenAuthenticator; return(token); } } throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException( SR.Format(SR.UnableToFindTokenAuthenticator, token.GetType()))); }