public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { if (tokenRequirement.TokenType == SecurityTokenTypes.Saml || tokenRequirement.TokenType == "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1") { SamlAssertion samlAssertion = this.samlClientCredentials.Assertion; SecurityToken securityToken = this.samlClientCredentials.ProofToken; if (samlAssertion == null || securityToken == null) { SecurityBindingElement securityBindingElement = null; SecurityAlgorithmSuite algoSuite = null; if (tokenRequirement.TryGetProperty <SecurityBindingElement>("http://schemas.microsoft.com/ws/2006/05/servicemodel/securitytokenrequirement/SecurityBindingElement", out securityBindingElement)) { algoSuite = securityBindingElement.DefaultAlgorithmSuite; } if (tokenRequirement.KeyType == SecurityKeyType.SymmetricKey) { securityToken = SamlUtilities.CreateSymmetricProofToken(tokenRequirement.KeySize); samlAssertion = SamlUtilities.CreateSymmetricKeyBasedAssertion(this.samlClientCredentials.Claims, new X509SecurityToken(this.samlClientCredentials.ClientCertificate.Certificate), new X509SecurityToken(this.samlClientCredentials.ServiceCertificate.DefaultCertificate), (BinarySecretSecurityToken)securityToken, algoSuite); } else { securityToken = SamlUtilities.CreateAsymmetricProofToken(); samlAssertion = SamlUtilities.CreateAsymmetricKeyBasedAssertion(this.samlClientCredentials.Claims, securityToken, algoSuite); } } return(new SamlSecurityTokenProvider(samlAssertion, securityToken)); } return(base.CreateSecurityTokenProvider(tokenRequirement)); }
public static SamlAssertion CreateSymmetricKeyBasedAssertion(ClaimSet claims, X509SecurityToken signatureToken, X509SecurityToken encryptionToken, BinarySecretSecurityToken proofToken, SecurityAlgorithmSuite algoSuite) { if (claims == null) { throw new ArgumentNullException("claims"); } if (claims.Count == 0) { throw new ArgumentException("Provided ClaimSet must contain at least one claim"); } if (proofToken == null) { throw new ArgumentNullException("proofToken"); } if (signatureToken == null) { throw new ArgumentNullException("signatureToken"); } if (encryptionToken == null) { throw new ArgumentNullException("encryptionToken"); } if (proofToken == null) { throw new ArgumentNullException("proofToken"); } if (algoSuite == null) { throw new ArgumentNullException("algoSuite"); } SecurityKey signatureKey = signatureToken.SecurityKeys[0]; SecurityKeyIdentifierClause securityKeyIdentifierClause = signatureToken.CreateKeyIdentifierClause <X509ThumbprintKeyIdentifierClause>(); SecurityKeyIdentifier signatureKeyIdentifier = new SecurityKeyIdentifier(new SecurityKeyIdentifierClause[] { securityKeyIdentifierClause }); SecurityKey securityKey = encryptionToken.SecurityKeys[0]; SecurityKeyIdentifierClause securityKeyIdentifierClause2 = encryptionToken.CreateKeyIdentifierClause <X509ThumbprintKeyIdentifierClause>(); SecurityKeyIdentifier encryptingKeyIdentifier = new SecurityKeyIdentifier(new SecurityKeyIdentifierClause[] { securityKeyIdentifierClause2 }); byte[] keyBytes = proofToken.GetKeyBytes(); byte[] encryptedKey = new byte[keyBytes.Length]; encryptedKey = securityKey.EncryptKey(algoSuite.DefaultAsymmetricKeyWrapAlgorithm, keyBytes); SecurityKeyIdentifier proofKeyIdentifier = new SecurityKeyIdentifier(new SecurityKeyIdentifierClause[] { new EncryptedKeyIdentifierClause(encryptedKey, algoSuite.DefaultAsymmetricKeyWrapAlgorithm, encryptingKeyIdentifier) }); return(SamlUtilities.CreateAssertion(claims, signatureKey, signatureKeyIdentifier, proofKeyIdentifier, algoSuite)); }
public static SamlAssertion CreateAsymmetricKeyBasedAssertion(ClaimSet claims, SecurityToken proofToken, SecurityAlgorithmSuite algoSuite) { if (claims == null) { throw new ArgumentNullException("claims"); } if (proofToken == null) { throw new ArgumentNullException("proofToken"); } if (claims.Count == 0) { throw new ArgumentException("Provided ClaimSet must contain at least one claim"); } SecurityKeyIdentifier securityKeyIdentifier = new SecurityKeyIdentifier(new SecurityKeyIdentifierClause[] { proofToken.CreateKeyIdentifierClause <RsaKeyIdentifierClause>() }); SecurityKey signatureKey = proofToken.SecurityKeys[0]; SecurityKeyIdentifier signatureKeyIdentifier = securityKeyIdentifier; return(SamlUtilities.CreateAssertion(claims, signatureKey, signatureKeyIdentifier, securityKeyIdentifier, algoSuite)); }