private static bool IsRequiredPropertyAvailable(X509Certificate2 certificate, string name)
{
return(ExternalAuthentication.IsRequiredPropertyAvailable((certificate == null) ? null : certificate.Thumbprint, name));
}
private static ExternalAuthentication.FederationTrustResults TryCreateSecurityTokenService(FederationTrust federationTrust, WebProxy webProxy)
{
if (!ExternalAuthentication.IsRequiredPropertyAvailable(federationTrust.TokenIssuerUri, "TokenIssuerUri"))
{
return(new ExternalAuthentication.FederationTrustResults
{
FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust,
SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.MissingTokenIssuerUri
});
}
if (!ExternalAuthentication.IsRequiredPropertyAvailable(federationTrust.TokenIssuerEpr, "TokenIssuerEpr"))
{
return(new ExternalAuthentication.FederationTrustResults
{
FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust,
SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.MissingTokenIssuerEpr
});
}
if (!ExternalAuthentication.IsRequiredPropertyAvailable(federationTrust.ApplicationUri, "ApplicationUri"))
{
return(new ExternalAuthentication.FederationTrustResults
{
FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust,
SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.MissingApplicationUri
});
}
if (!ExternalAuthentication.IsRequiredPropertyAvailable(federationTrust.TokenIssuerCertificate, "TokenIssuerCertificate"))
{
return(new ExternalAuthentication.FederationTrustResults
{
FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust,
SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.MissingTokenIssuerCertificate
});
}
X509Certificate2[] tokenSignatureCertificates = (federationTrust.TokenIssuerPrevCertificate != null) ? new X509Certificate2[]
{
federationTrust.TokenIssuerCertificate,
federationTrust.TokenIssuerPrevCertificate
} : new X509Certificate2[]
{
federationTrust.TokenIssuerCertificate
};
if (!ExternalAuthentication.HasAtLeastOneValidCertificate(tokenSignatureCertificates, federationTrust.Id, "TokenIssuerCertificate and TokenIssuerPrevCertificate"))
{
return(new ExternalAuthentication.FederationTrustResults
{
FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.InvalidTokenIssuerCertificate,
SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.NoSubCode
});
}
if (!ExternalAuthentication.IsRequiredPropertyAvailable(federationTrust.OrgPrivCertificate, "OrgPrivCertificate"))
{
return(new ExternalAuthentication.FederationTrustResults
{
FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust,
SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.MissingOrgPrivCertificate
});
}
X509Store x509Store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
x509Store.Open(OpenFlags.ReadOnly);
X509Certificate2 certificate;
X509Certificate2[] tokenDecryptionCertificates;
try
{
ExternalAuthentication.ExternalAuthenticationSubFailureType externalAuthenticationSubFailureType;
certificate = ExternalAuthentication.GetCertificate(x509Store, federationTrust.OrgPrivCertificate, federationTrust.Id, "OrgPrivCertificate", true, out externalAuthenticationSubFailureType);
if (certificate == null)
{
ExternalAuthentication.ConfigurationTracer.TraceError <string>(0L, "Federation trust is misconfigured. Unable to find certificate corresponding to OrgPrivCertificate={0}", federationTrust.OrgPrivCertificate);
return(new ExternalAuthentication.FederationTrustResults
{
FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust,
SubFailureType = externalAuthenticationSubFailureType
});
}
X509Certificate2 x509Certificate = null;
if (!string.IsNullOrEmpty(federationTrust.OrgPrevPrivCertificate))
{
x509Certificate = ExternalAuthentication.GetCertificate(x509Store, federationTrust.OrgPrevPrivCertificate, federationTrust.Id, "OrgPrevPrivCertificate", false, out externalAuthenticationSubFailureType);
}
tokenDecryptionCertificates = ((x509Certificate != null) ? new X509Certificate2[]
{
certificate,
x509Certificate
} : new X509Certificate2[]
{
certificate
});
}
finally
{
x509Store.Close();
}
SecurityTokenService securityTokenService = new SecurityTokenService(federationTrust.TokenIssuerEpr, webProxy, certificate, federationTrust.TokenIssuerUri, federationTrust.PolicyReferenceUri, federationTrust.ApplicationUri.OriginalString);
ExternalAuthentication.ConfigurationTracer.TraceDebug(0L, "New instance of SecurityTokenService successfully built.");
return(new ExternalAuthentication.FederationTrustResults
{
FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.NoFailure,
SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.NoFailure,
SecurityTokenService = securityTokenService,
TokenSignatureCertificates = tokenSignatureCertificates,
TokenDecryptionCertificates = tokenDecryptionCertificates
});
}
