C# (CSharp) RequestedSecurityTokenDescriptor 예제들

예제 #1

파일: Saml2TestFixture.cs 프로젝트: SOLIDSoftworks/Solid.IdentityModel

        public SecurityTokenDescriptor CreateDescriptor(string name = "user", string nameIdentifier = "user-id", SecurityKey encryptionKey = null, SecurityKey signingKey = null, SecurityKey proofKey = null, bool encryptProofKey = true)
        {
            if (encryptionKey == null)
                encryptionKey = DefaultEncryptionKey;
            if (signingKey == null)
                signingKey = DefaultSigningKey;
            var claims = new List<Claim>();

            if (name != null)
                claims.Add(new Claim(ClaimTypes.Name, name));
            if (nameIdentifier != null)
                claims.Add(new Claim(ClaimTypes.NameIdentifier, nameIdentifier));

            var identity = new ClaimsIdentity(claims, "Test", ClaimTypes.NameIdentifier, ClaimTypes.Role);

            var encryptingCredentials = new EncryptingCredentials(encryptionKey, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes128Encryption);
            var descriptor = new RequestedSecurityTokenDescriptor
            {
                Issuer = "urn:tests",
                Audience = "urn:unittests",
                EncryptingCredentials = encryptingCredentials,
                SigningCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.Sha256Digest),
                IssuedAt = DateTime.UtcNow,
                Expires = DateTime.UtcNow.AddMinutes(5),
                NotBefore = DateTime.UtcNow,
                Subject = identity,
                ProofKey = proofKey,
                ProofKeyEncryptingCredentials = encryptProofKey ? encryptingCredentials : null
            };

            return descriptor;
        }

예제 #2

파일: ExtendedSaml2SecurityTokenHandler.cs 프로젝트: SOLIDSoftworks/Solid.IdentityModel

        protected virtual KeyInfo CreateProofKeyInfo(RequestedSecurityTokenDescriptor tokenDescriptor)
        {
            if (tokenDescriptor.ProofKey == null)
            {
                return(null);
            }

            if (tokenDescriptor.ProofKey is SymmetricSecurityKey symmetric)
            {
                var credentials = tokenDescriptor.ProofKeyEncryptingCredentials;
                if (credentials == null)
                {
                    return new BinarySecretKeyInfo {
                               Key = symmetric.Key
                    }
                }
                ;

                var crypto  = credentials.CryptoProviderFactory ?? credentials.Key.CryptoProviderFactory ?? CryptoProviderFactory.Default;
                var keyWrap = null as KeyWrapProvider;
                try
                {
                    keyWrap = crypto.CreateKeyWrapProvider(credentials.Key, credentials.Alg);

                    var wrapped     = keyWrap.WrapKey(symmetric.Key);
                    var cipherValue = wrapped;
                    return(new EncryptedKeyInfo
                    {
                        CipherValue = cipherValue,
                        EncryptionMethod = credentials.Alg,
                        KeyInfo = CreateKeyInfo(credentials.Key)
                    });
                }
                finally
                {
                    if (keyWrap != null)
                    {
                        crypto?.ReleaseKeyWrapProvider(keyWrap);
                    }
                }
            }
            else if (tokenDescriptor.ProofKey is AsymmetricSecurityKey)
            {
                throw new NotSupportedException($"Asymmetric proof keys not supported for now.");
            }
            else
            {
                throw new NotSupportedException($"Key type '{tokenDescriptor.ProofKey.GetType().Name}' not supported.");
            }
        }