/// <summary> /// Returns all <see cref="SecurityKey"/> to use when validating the signature of a token. /// </summary> /// <param name="token">The <see cref="string"/> representation of the token that is being validated.</param> /// <param name="samlToken">The <see cref="SecurityToken"/> that is being validated.</param> /// <param name="tokenKeyInfo">The <see cref="KeyInfo"/> field of the token being validated</param> /// <param name="validationParameters">A <see cref="TokenValidationParameters"/> required for validation.</param> /// <param name="keyMatched">A <see cref="bool"/> to represent if a a issuer signing key matched with token kid or x5t</param> /// <returns>Returns all <see cref="SecurityKey"/> to use for signature validation.</returns> internal static IEnumerable <SecurityKey> GetKeysForTokenSignatureValidation(string token, SecurityToken samlToken, KeyInfo tokenKeyInfo, TokenValidationParameters validationParameters, out bool keyMatched) { keyMatched = false; if (validationParameters.IssuerSigningKeyResolver != null) { return(validationParameters.IssuerSigningKeyResolver(token, samlToken, tokenKeyInfo?.Id, validationParameters)); } else { SecurityKey key = ResolveTokenSigningKey(tokenKeyInfo, validationParameters); if (key != null) { keyMatched = true; return(new List <SecurityKey> { key }); } else { keyMatched = false; if (validationParameters.TryAllIssuerSigningKeys) { return(TokenUtilities.GetAllSigningKeys(validationParameters)); } } } return(null); }