public BackchannelConfiguration GeBackchannelConfiguration(Expression <Func <FederationPartySettings, bool> > predicate, string keyPrefex) { var key = String.Format(CertificateValidationConfigurationProvider.PinsKey, keyPrefex); if (this._cacheProvider.Contains(key)) { return(this._cacheProvider.Get <BackchannelConfiguration>(key)); } var settings = this._dbContext.Set <FederationPartySettings>() .Where(predicate) .Select(r => new { r.SecuritySettings, Pins = r.CertificatePins.Select(p => new { p.PinType, p.Value, p.Algorithm }) }) .SingleOrDefault(); if (settings == null) { throw new InvalidOperationException("No federationParty configuration found for"); } var configuration = new BackchannelConfiguration { UsePinningValidation = settings.SecuritySettings.PinnedValidation, BackchannelValidatorResolver = new Kernel.Data.TypeDescriptor(settings.SecuritySettings.PinnedTypeValidator) }; settings.Pins.GroupBy(k => k.PinType, v => v.Value) .ToDictionary(k => k.Key, v => v.Select(r => r)) .Aggregate(configuration.Pins, (t, next) => { t.Add(next.Key, next.Value); return(t); }); this._cacheProvider.Put(key, configuration); return(configuration); }
public static IEnumerable <IBackchannelCertificateValidationRule> GetRules(BackchannelConfiguration configuration) { var rules = ReflectionHelper.GetAllTypes(new[] { typeof(BackchannelValidationRule).Assembly }, t => !t.IsAbstract && !t.IsInterface && typeof(IBackchannelCertificateValidationRule).IsAssignableFrom(t)) .Select(t => BackchannelCertificateValidationRulesFactory.InstanceCreator(t)); return(rules); }
public BackchannelConfiguration GeBackchannelConfiguration(Expression <Func <FederationPartyConfiguration, bool> > predicate, string keyPrefex) { var configuration = new BackchannelConfiguration { UsePinningValidation = false, BackchannelValidatorResolver = new Kernel.Data.TypeDescriptor("Microsoft.Owin.CertificateValidators.CertificateValidatorResolver, Microsoft.Owin.CertificateValidators, Version = 1.0.0.0, Culture = neutral, PublicKeyToken = null") }; return(configuration); }
public IEnumerable <IPinningSertificateValidator> Resolve(BackchannelConfiguration configuration) { var pins = configuration.Pins; if (pins == null || pins.Count == 0) { return(Enumerable.Empty <IPinningSertificateValidator>()); } //thumbprints validator var validThumbprints = pins.ContainsKey(PinType.Thumbprint) ? pins[PinType.Thumbprint] : Enumerable.Empty <string>(); var thumbprintValidator = new ThumbprintValidator(validThumbprints); var local = new LocalThumbprintValidator(validThumbprints); // subject identifiers validator var validSubjectKeyIdentifiers = pins.ContainsKey(PinType.SubjectKeyIdentifier) ? pins[PinType.SubjectKeyIdentifier] : Enumerable.Empty <string>(); var subjectKeyIdentifierValidator = validSubjectKeyIdentifiers.Count() == 0 ? (IPinningSertificateValidator)null : new SubjectKeyIdentifierValidator(validSubjectKeyIdentifiers); //spki validator var validBase64EncodedSubjectPublicKeyInfoHashes = pins.ContainsKey(PinType.SubjectPublicKeyInfo) ? pins[PinType.SubjectPublicKeyInfo] : Enumerable.Empty <string>(); var subjectPublicKeyInfoValidator = validBase64EncodedSubjectPublicKeyInfoHashes.Count() == 0 ? (IPinningSertificateValidator)null : new SubjectPublicKeyInfoValidator(validSubjectKeyIdentifiers, Security.SubjectPublicKeyInfoAlgorithm.Sha256); return(new[] { local, thumbprintValidator, subjectKeyIdentifierValidator, subjectPublicKeyInfoValidator }); }