public static AuthMetadata GetOpenIdConnectAuthMetadata(string content, bool requireIssuingEndpoint) { OpenIdConnectJsonMetadataDocument document = AuthMetadataParser.GetDocument <OpenIdConnectJsonMetadataDocument>(content); AuthMetadata authMetadata = new AuthMetadata(); if (!string.IsNullOrEmpty(document.token_endpoint)) { authMetadata.IssuingEndpoint = document.token_endpoint.Trim(); } if (requireIssuingEndpoint && string.IsNullOrEmpty(authMetadata.IssuingEndpoint)) { throw new AuthMetadataParserException(DirectoryStrings.ErrorAuthMetadataNoIssuingEndpoint); } string serviceName; string realm; if (AuthMetadataParser.TryExtractUrlFormatServiceNameAndRealm(document.issuer, out serviceName, out realm)) { authMetadata.ServiceName = serviceName; authMetadata.Realm = realm; } if (string.IsNullOrEmpty(authMetadata.ServiceName)) { throw new AuthMetadataParserException(DirectoryStrings.ErrorAuthMetadataCannotResolveServiceName); } if (!string.IsNullOrEmpty(document.jwks_uri)) { authMetadata.KeysEndpoint = document.jwks_uri.Trim(); } if (string.IsNullOrEmpty(authMetadata.KeysEndpoint)) { throw new AuthMetadataParserException(DirectoryStrings.ErrorAuthMetadataNoSigningKey); } if (!string.IsNullOrEmpty(document.authorization_endpoint)) { authMetadata.AuthorizationEndpoint = document.authorization_endpoint.Trim(); } if (string.IsNullOrEmpty(authMetadata.AuthorizationEndpoint)) { throw new AuthMetadataParserException(DirectoryStrings.ErrorAuthMetadataNoIssuingEndpoint); } return(authMetadata); }
public static AuthMetadata GetWSFederationMetadata(string content) { AuthMetadata result; try { using (TextReader textReader = new StringReader(content)) { using (XmlReader xmlReader = XmlReader.Create(textReader)) { MetadataSerializer metadataSerializer = new MetadataSerializer { CertificateValidationMode = X509CertificateValidationMode.None }; EntityDescriptor entityDescriptor = metadataSerializer.ReadMetadata(xmlReader) as EntityDescriptor; SecurityTokenServiceDescriptor securityTokenServiceDescriptor = entityDescriptor.RoleDescriptors.OfType <SecurityTokenServiceDescriptor>().First <SecurityTokenServiceDescriptor>(); List <string> list = new List <string>(); foreach (KeyDescriptor keyDescriptor in from k in securityTokenServiceDescriptor.Keys where k.Use == KeyType.Signing select k) { foreach (SecurityKeyIdentifierClause securityKeyIdentifierClause in keyDescriptor.KeyInfo) { X509RawDataKeyIdentifierClause x509RawDataKeyIdentifierClause = securityKeyIdentifierClause as X509RawDataKeyIdentifierClause; if (x509RawDataKeyIdentifierClause != null) { list.Add(Convert.ToBase64String(x509RawDataKeyIdentifierClause.GetX509RawData())); } } } AuthMetadata authMetadata = new AuthMetadata(); authMetadata.CertificateStrings = list.ToArray(); string serviceName; string realm; if (AuthMetadataParser.TryExtractUrlFormatServiceNameAndRealm(entityDescriptor.EntityId.Id, out serviceName, out realm)) { authMetadata.ServiceName = serviceName; authMetadata.Realm = realm; } else { authMetadata.ServiceName = entityDescriptor.EntityId.Id; authMetadata.Realm = null; } if (string.IsNullOrEmpty(authMetadata.ServiceName)) { throw new AuthMetadataParserException(DirectoryStrings.ErrorAuthMetadataCannotResolveServiceName); } result = authMetadata; } } } catch (XmlException innerException) { throw new AuthMetadataParserException(DirectoryStrings.ErrorCannotParseAuthMetadata, innerException); } catch (IOException innerException2) { throw new AuthMetadataParserException(DirectoryStrings.ErrorCannotParseAuthMetadata, innerException2); } catch (SecurityException innerException3) { throw new AuthMetadataParserException(DirectoryStrings.ErrorCannotParseAuthMetadata, innerException3); } catch (SystemException innerException4) { throw new AuthMetadataParserException(DirectoryStrings.ErrorCannotParseAuthMetadata, innerException4); } return(result); }