public override void WriteKeyIdentifierClauseCore(XmlDictionaryWriter writer, SecurityKeyIdentifierClause keyIdentifierClause) { X509RawDataKeyIdentifierClause x509Clause = keyIdentifierClause as X509RawDataKeyIdentifierClause; if (x509Clause != null) { writer.WriteStartElement(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509Data, NamespaceUri); writer.WriteStartElement(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509Certificate, NamespaceUri); byte[] certBytes = x509Clause.GetX509RawData(); writer.WriteBase64(certBytes, 0, certBytes.Length); writer.WriteEndElement(); writer.WriteEndElement(); } X509IssuerSerialKeyIdentifierClause issuerSerialClause = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause; if (issuerSerialClause != null) { writer.WriteStartElement(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509Data, XD.XmlSignatureDictionary.Namespace); writer.WriteStartElement(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509IssuerSerial, XD.XmlSignatureDictionary.Namespace); writer.WriteElementString(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509IssuerName, XD.XmlSignatureDictionary.Namespace, issuerSerialClause.IssuerName); writer.WriteElementString(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509SerialNumber, XD.XmlSignatureDictionary.Namespace, issuerSerialClause.IssuerSerialNumber); writer.WriteEndElement(); writer.WriteEndElement(); return; } X509SubjectKeyIdentifierClause skiClause = keyIdentifierClause as X509SubjectKeyIdentifierClause; if (skiClause != null) { writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace); writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509SKI, XmlSignatureConstants.Namespace); byte[] ski = skiClause.GetX509SubjectKeyIdentifier(); writer.WriteBase64(ski, 0, ski.Length); writer.WriteEndElement(); writer.WriteEndElement(); return; } }
/// <summary> /// Inherited from <see cref="SecurityTokenResolver"/>. /// </summary> protected override bool TryResolveTokenCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityToken token) { if (keyIdentifierClause == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("keyIdentifierClause"); } token = null; // // Try raw X509 // X509RawDataKeyIdentifierClause rawDataClause = keyIdentifierClause as X509RawDataKeyIdentifierClause; if (rawDataClause != null) { token = new X509SecurityToken(new X509Certificate2(rawDataClause.GetX509RawData())); return(true); } // // Try RSA // RsaKeyIdentifierClause rsaClause = keyIdentifierClause as RsaKeyIdentifierClause; if (rsaClause != null) { token = new RsaSecurityToken(rsaClause.Rsa); return(true); } if (_wrappedTokenResolver.TryResolveToken(keyIdentifierClause, out token)) { return(true); } return(false); }
/// <summary> /// Serialize a SecurityKeyIdentifierClause to the given XmlWriter. /// </summary> /// <param name="writer">XmlWriter to which the SecurityKeyIdentifierClause is serialized.</param> /// <param name="securityKeyIdentifierClause">SecurityKeyIdentifierClause to serialize.</param> /// <exception cref="ArgumentNullException">The input parameter 'reader' or 'securityKeyIdentifierClause' is null.</exception> /// <exception cref="ArgumentException">The parameter 'securityKeyIdentifierClause' is not a supported clause type.</exception> public override void WriteKeyIdentifierClause(XmlWriter writer, SecurityKeyIdentifierClause securityKeyIdentifierClause) { if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (securityKeyIdentifierClause == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityKeyIdentifierClause"); } X509IssuerSerialKeyIdentifierClause issuerSerialClause = securityKeyIdentifierClause as X509IssuerSerialKeyIdentifierClause; if (issuerSerialClause != null) { writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace); writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509IssuerSerial, XmlSignatureConstants.Namespace); writer.WriteElementString(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509IssuerName, XmlSignatureConstants.Namespace, issuerSerialClause.IssuerName); writer.WriteElementString(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509SerialNumber, XmlSignatureConstants.Namespace, issuerSerialClause.IssuerSerialNumber); writer.WriteEndElement(); writer.WriteEndElement(); return; } X509SubjectKeyIdentifierClause skiClause = securityKeyIdentifierClause as X509SubjectKeyIdentifierClause; if (skiClause != null) { writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace); writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509SKI, XmlSignatureConstants.Namespace); byte[] ski = skiClause.GetX509SubjectKeyIdentifier(); writer.WriteBase64(ski, 0, ski.Length); writer.WriteEndElement(); writer.WriteEndElement(); return; } #if INCLUDE_CERT_CHAIN X509ChainRawDataKeyIdentifierClause x509ChainDataClause = securityKeyIdentifierClause as X509ChainRawDataKeyIdentifierClause; if (x509ChainDataClause != null) { writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace); for (int i = 0; i < x509ChainDataClause.CertificateCount; i++) { writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Certificate, XmlSignatureConstants.Namespace); byte[] rawData = x509ChainDataClause.GetX509RawData(i); writer.WriteBase64(rawData, 0, rawData.Length); writer.WriteEndElement(); } writer.WriteEndElement(); return; } #endif X509RawDataKeyIdentifierClause rawDataClause = securityKeyIdentifierClause as X509RawDataKeyIdentifierClause; if (rawDataClause != null) { writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace); writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Certificate, XmlSignatureConstants.Namespace); byte[] rawData = rawDataClause.GetX509RawData(); writer.WriteBase64(rawData, 0, rawData.Length); writer.WriteEndElement(); writer.WriteEndElement(); return; } throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("securityKeyIdentifierClause", SR.GetString(SR.ID4259, securityKeyIdentifierClause.GetType())); }
static ClaimsPrincipal ValidateTokenWithX509SecurityToken(X509RawDataKeyIdentifierClause x509DataClause, string token) { var validatingCertificate = new X509Certificate2(x509DataClause.GetX509RawData()); var tokenHandler = new JwtSecurityTokenHandler(); var x509SecurityToken = new X509SecurityToken(validatingCertificate); var validationParameters = new TokenValidationParameters() { AllowedAudience = "http://www.example.com", SigningToken = x509SecurityToken, ValidIssuer = "self", }; ClaimsPrincipal claimsPrincipal = tokenHandler.ValidateToken(new JwtSecurityToken(token), validationParameters); return claimsPrincipal; }