private static bool IsRequiredPropertyAvailable(X509Certificate2 certificate, string name) { return(ExternalAuthentication.IsRequiredPropertyAvailable((certificate == null) ? null : certificate.Thumbprint, name)); }
private static ExternalAuthentication.FederationTrustResults TryCreateSecurityTokenService(FederationTrust federationTrust, WebProxy webProxy) { if (!ExternalAuthentication.IsRequiredPropertyAvailable(federationTrust.TokenIssuerUri, "TokenIssuerUri")) { return(new ExternalAuthentication.FederationTrustResults { FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust, SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.MissingTokenIssuerUri }); } if (!ExternalAuthentication.IsRequiredPropertyAvailable(federationTrust.TokenIssuerEpr, "TokenIssuerEpr")) { return(new ExternalAuthentication.FederationTrustResults { FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust, SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.MissingTokenIssuerEpr }); } if (!ExternalAuthentication.IsRequiredPropertyAvailable(federationTrust.ApplicationUri, "ApplicationUri")) { return(new ExternalAuthentication.FederationTrustResults { FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust, SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.MissingApplicationUri }); } if (!ExternalAuthentication.IsRequiredPropertyAvailable(federationTrust.TokenIssuerCertificate, "TokenIssuerCertificate")) { return(new ExternalAuthentication.FederationTrustResults { FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust, SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.MissingTokenIssuerCertificate }); } X509Certificate2[] tokenSignatureCertificates = (federationTrust.TokenIssuerPrevCertificate != null) ? new X509Certificate2[] { federationTrust.TokenIssuerCertificate, federationTrust.TokenIssuerPrevCertificate } : new X509Certificate2[] { federationTrust.TokenIssuerCertificate }; if (!ExternalAuthentication.HasAtLeastOneValidCertificate(tokenSignatureCertificates, federationTrust.Id, "TokenIssuerCertificate and TokenIssuerPrevCertificate")) { return(new ExternalAuthentication.FederationTrustResults { FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.InvalidTokenIssuerCertificate, SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.NoSubCode }); } if (!ExternalAuthentication.IsRequiredPropertyAvailable(federationTrust.OrgPrivCertificate, "OrgPrivCertificate")) { return(new ExternalAuthentication.FederationTrustResults { FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust, SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.MissingOrgPrivCertificate }); } X509Store x509Store = new X509Store(StoreName.My, StoreLocation.LocalMachine); x509Store.Open(OpenFlags.ReadOnly); X509Certificate2 certificate; X509Certificate2[] tokenDecryptionCertificates; try { ExternalAuthentication.ExternalAuthenticationSubFailureType externalAuthenticationSubFailureType; certificate = ExternalAuthentication.GetCertificate(x509Store, federationTrust.OrgPrivCertificate, federationTrust.Id, "OrgPrivCertificate", true, out externalAuthenticationSubFailureType); if (certificate == null) { ExternalAuthentication.ConfigurationTracer.TraceError <string>(0L, "Federation trust is misconfigured. Unable to find certificate corresponding to OrgPrivCertificate={0}", federationTrust.OrgPrivCertificate); return(new ExternalAuthentication.FederationTrustResults { FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust, SubFailureType = externalAuthenticationSubFailureType }); } X509Certificate2 x509Certificate = null; if (!string.IsNullOrEmpty(federationTrust.OrgPrevPrivCertificate)) { x509Certificate = ExternalAuthentication.GetCertificate(x509Store, federationTrust.OrgPrevPrivCertificate, federationTrust.Id, "OrgPrevPrivCertificate", false, out externalAuthenticationSubFailureType); } tokenDecryptionCertificates = ((x509Certificate != null) ? new X509Certificate2[] { certificate, x509Certificate } : new X509Certificate2[] { certificate }); } finally { x509Store.Close(); } SecurityTokenService securityTokenService = new SecurityTokenService(federationTrust.TokenIssuerEpr, webProxy, certificate, federationTrust.TokenIssuerUri, federationTrust.PolicyReferenceUri, federationTrust.ApplicationUri.OriginalString); ExternalAuthentication.ConfigurationTracer.TraceDebug(0L, "New instance of SecurityTokenService successfully built."); return(new ExternalAuthentication.FederationTrustResults { FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.NoFailure, SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.NoFailure, SecurityTokenService = securityTokenService, TokenSignatureCertificates = tokenSignatureCertificates, TokenDecryptionCertificates = tokenDecryptionCertificates }); }