public override T CreateKeyIdentifierClause <T>()
{
ThrowIfDisposed();
if (typeof(T) == typeof(X509SubjectKeyIdentifierClause))
{
X509SubjectKeyIdentifierClause x509KeyIdentifierClause;
if (X509SubjectKeyIdentifierClause.TryCreateFrom(certificate, out x509KeyIdentifierClause))
{
return(x509KeyIdentifierClause as T);
}
}
else if (typeof(T) == typeof(X509ThumbprintKeyIdentifierClause))
{
return(new X509ThumbprintKeyIdentifierClause(certificate) as T);
}
else if (typeof(T) == typeof(X509IssuerSerialKeyIdentifierClause))
{
return(new X509IssuerSerialKeyIdentifierClause(certificate) as T);
}
else if (typeof(T) == typeof(X509RawDataKeyIdentifierClause))
{
return(new X509RawDataKeyIdentifierClause(certificate) as T);
}
return(base.CreateKeyIdentifierClause <T>());
}
public override T CreateKeyIdentifierClause <T>() where T : SecurityKeyIdentifierClause
{
this.ThrowIfDisposed();
if (typeof(T) == typeof(X509SubjectKeyIdentifierClause))
{
X509SubjectKeyIdentifierClause clause;
if (X509SubjectKeyIdentifierClause.TryCreateFrom(this.certificate, out clause))
{
return(clause as T);
}
}
else
{
if (typeof(T) == typeof(X509ThumbprintKeyIdentifierClause))
{
return(new X509ThumbprintKeyIdentifierClause(this.certificate) as T);
}
if (typeof(T) == typeof(X509IssuerSerialKeyIdentifierClause))
{
return(new X509IssuerSerialKeyIdentifierClause(this.certificate) as T);
}
if (typeof(T) == typeof(X509RawDataKeyIdentifierClause))
{
return(new X509RawDataKeyIdentifierClause(this.certificate) as T);
}
}
return(base.CreateKeyIdentifierClause <T>());
}
public override bool MatchesKeyIdentifierClause(SecurityKeyIdentifierClause keyIdentifierClause)
{
this.ThrowIfDisposed();
X509SubjectKeyIdentifierClause clause = keyIdentifierClause as X509SubjectKeyIdentifierClause;
if (clause != null)
{
return(clause.Matches(this.certificate));
}
X509ThumbprintKeyIdentifierClause clause2 = keyIdentifierClause as X509ThumbprintKeyIdentifierClause;
if (clause2 != null)
{
return(clause2.Matches(this.certificate));
}
X509IssuerSerialKeyIdentifierClause clause3 = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause;
if (clause3 != null)
{
return(clause3.Matches(this.certificate));
}
X509RawDataKeyIdentifierClause clause4 = keyIdentifierClause as X509RawDataKeyIdentifierClause;
if (clause4 != null)
{
return(clause4.Matches(this.certificate));
}
return(base.MatchesKeyIdentifierClause(keyIdentifierClause));
}
public override bool MatchesKeyIdentifierClause(SecurityKeyIdentifierClause keyIdentifierClause)
{
ThrowIfDisposed();
X509SubjectKeyIdentifierClause subjectKeyIdentifierClause = keyIdentifierClause as X509SubjectKeyIdentifierClause;
if (subjectKeyIdentifierClause != null)
{
return(subjectKeyIdentifierClause.Matches(certificate));
}
X509ThumbprintKeyIdentifierClause thumbprintKeyIdentifierClause = keyIdentifierClause as X509ThumbprintKeyIdentifierClause;
if (thumbprintKeyIdentifierClause != null)
{
return(thumbprintKeyIdentifierClause.Matches(certificate));
}
X509IssuerSerialKeyIdentifierClause issuerKeyIdentifierClause = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause;
if (issuerKeyIdentifierClause != null)
{
return(issuerKeyIdentifierClause.Matches(certificate));
}
X509RawDataKeyIdentifierClause rawCertKeyIdentifierClause = keyIdentifierClause as X509RawDataKeyIdentifierClause;
if (rawCertKeyIdentifierClause != null)
{
return(rawCertKeyIdentifierClause.Matches(certificate));
}
return(base.MatchesKeyIdentifierClause(keyIdentifierClause));
}
public static bool TryCreateFrom(X509Certificate2 certificate, out X509SubjectKeyIdentifierClause keyIdentifierClause)
{
byte[] skiRawData = GetSkiRawData(certificate);
keyIdentifierClause = null;
if (skiRawData != null)
{
byte[] ski = System.IdentityModel.SecurityUtils.CloneBuffer(skiRawData, 2, skiRawData.Length - 2);
keyIdentifierClause = new X509SubjectKeyIdentifierClause(ski, false);
}
return (keyIdentifierClause != null);
}
public static bool TryCreateFrom(X509Certificate2 certificate, out X509SubjectKeyIdentifierClause keyIdentifierClause)
{
byte[] data = GetSkiRawData(certificate);
keyIdentifierClause = null;
if (data != null)
{
byte[] ski = SecurityUtils.CloneBuffer(data, SkiDataOffset, data.Length - SkiDataOffset);
keyIdentifierClause = new X509SubjectKeyIdentifierClause(ski, false);
}
return(keyIdentifierClause != null);
}
public static bool TryCreateFrom(X509Certificate2 certificate, out X509SubjectKeyIdentifierClause keyIdentifierClause)
{
byte[] skiRawData = GetSkiRawData(certificate);
keyIdentifierClause = null;
if (skiRawData != null)
{
byte[] ski = System.IdentityModel.SecurityUtils.CloneBuffer(skiRawData, 2, skiRawData.Length - 2);
keyIdentifierClause = new X509SubjectKeyIdentifierClause(ski, false);
}
return(keyIdentifierClause != null);
}
public static bool TryCreateFrom(X509Certificate2 certificate, out X509SubjectKeyIdentifierClause keyIdentifierClause)
{
byte[] data = GetSkiRawData(certificate);
keyIdentifierClause = null;
if (data != null)
{
byte[] ski = SecurityUtils.CloneBuffer(data, SkiDataOffset, data.Length - SkiDataOffset);
keyIdentifierClause = new X509SubjectKeyIdentifierClause(ski, false);
}
return keyIdentifierClause != null;
}
public override bool CanCreateKeyIdentifierClause <T>() where T : SecurityKeyIdentifierClause
{
this.ThrowIfDisposed();
if (typeof(T) == typeof(X509SubjectKeyIdentifierClause))
{
return(X509SubjectKeyIdentifierClause.CanCreateFrom(this.certificate));
}
if ((!(typeof(T) == typeof(X509ThumbprintKeyIdentifierClause)) && !(typeof(T) == typeof(X509IssuerSerialKeyIdentifierClause))) && !(typeof(T) == typeof(X509RawDataKeyIdentifierClause)))
{
return(base.CanCreateKeyIdentifierClause <T>());
}
return(true);
}
public override bool CanCreateKeyIdentifierClause <T>()
{
ThrowIfDisposed();
if (typeof(T) == typeof(X509SubjectKeyIdentifierClause))
{
return(X509SubjectKeyIdentifierClause.CanCreateFrom(certificate));
}
return(typeof(T) == typeof(X509ThumbprintKeyIdentifierClause) ||
typeof(T) == typeof(X509IssuerSerialKeyIdentifierClause) ||
typeof(T) == typeof(X509RawDataKeyIdentifierClause) ||
base.CanCreateKeyIdentifierClause <T>());
}
public override void WriteKeyIdentifierClauseCore(XmlDictionaryWriter writer, SecurityKeyIdentifierClause keyIdentifierClause)
{
X509RawDataKeyIdentifierClause x509Clause = keyIdentifierClause as X509RawDataKeyIdentifierClause;
if (x509Clause != null)
{
writer.WriteStartElement(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509Data, NamespaceUri);
writer.WriteStartElement(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509Certificate, NamespaceUri);
byte[] certBytes = x509Clause.GetX509RawData();
writer.WriteBase64(certBytes, 0, certBytes.Length);
writer.WriteEndElement();
writer.WriteEndElement();
}
X509IssuerSerialKeyIdentifierClause issuerSerialClause = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause;
if (issuerSerialClause != null)
{
writer.WriteStartElement(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509Data, XD.XmlSignatureDictionary.Namespace);
writer.WriteStartElement(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509IssuerSerial, XD.XmlSignatureDictionary.Namespace);
writer.WriteElementString(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509IssuerName, XD.XmlSignatureDictionary.Namespace, issuerSerialClause.IssuerName);
writer.WriteElementString(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509SerialNumber, XD.XmlSignatureDictionary.Namespace, issuerSerialClause.IssuerSerialNumber);
writer.WriteEndElement();
writer.WriteEndElement();
return;
}
X509SubjectKeyIdentifierClause skiClause = keyIdentifierClause as X509SubjectKeyIdentifierClause;
if (skiClause != null)
{
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace);
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509SKI, XmlSignatureConstants.Namespace);
byte[] ski = skiClause.GetX509SubjectKeyIdentifier();
writer.WriteBase64(ski, 0, ski.Length);
writer.WriteEndElement();
writer.WriteEndElement();
return;
}
}
public override bool MatchesKeyIdentifierClause(
SecurityKeyIdentifierClause keyIdentifierClause)
{
LocalIdKeyIdentifierClause l =
keyIdentifierClause as LocalIdKeyIdentifierClause;
if (l != null)
{
return(l.LocalId == Id);
}
X509ThumbprintKeyIdentifierClause t =
keyIdentifierClause as X509ThumbprintKeyIdentifierClause;
if (t != null)
{
return(t.Matches(cert));
}
X509IssuerSerialKeyIdentifierClause i =
keyIdentifierClause as X509IssuerSerialKeyIdentifierClause;
if (i != null)
{
return(i.Matches(cert));
}
X509SubjectKeyIdentifierClause s =
keyIdentifierClause as X509SubjectKeyIdentifierClause;
if (s != null)
{
return(s.Matches(cert));
}
X509RawDataKeyIdentifierClause r =
keyIdentifierClause as X509RawDataKeyIdentifierClause;
if (r != null)
{
return(r.Matches(cert));
}
return(false);
}
public override SecurityKeyIdentifierClause ReadKeyIdentifierClauseCore(XmlDictionaryReader reader)
{
SecurityKeyIdentifierClause ski = null;
reader.ReadStartElement(XD.XmlSignatureDictionary.X509Data, NamespaceUri);
while (reader.IsStartElement())
{
if (ski == null && reader.IsStartElement(XD.XmlSignatureDictionary.X509Certificate, NamespaceUri))
{
X509Certificate2 certificate = null;
if (!SecurityUtils.TryCreateX509CertificateFromRawData(reader.ReadElementContentAsBase64(), out certificate))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityMessageSerializationException(SR.GetString(SR.InvalidX509RawData)));
}
ski = new X509RawDataKeyIdentifierClause(certificate);
}
else if (ski == null && reader.IsStartElement(XmlSignatureStrings.X509Ski, NamespaceUri.ToString()))
{
ski = new X509SubjectKeyIdentifierClause(reader.ReadElementContentAsBase64());
}
else if ((ski == null) && reader.IsStartElement(XD.XmlSignatureDictionary.X509IssuerSerial, XD.XmlSignatureDictionary.Namespace))
{
reader.ReadStartElement(XD.XmlSignatureDictionary.X509IssuerSerial, XD.XmlSignatureDictionary.Namespace);
reader.ReadStartElement(XD.XmlSignatureDictionary.X509IssuerName, XD.XmlSignatureDictionary.Namespace);
string issuerName = reader.ReadContentAsString();
reader.ReadEndElement();
reader.ReadStartElement(XD.XmlSignatureDictionary.X509SerialNumber, XD.XmlSignatureDictionary.Namespace);
string serialNumber = reader.ReadContentAsString();
reader.ReadEndElement();
reader.ReadEndElement();
ski = new X509IssuerSerialKeyIdentifierClause(issuerName, serialNumber);
}
else
{
reader.Skip();
}
}
reader.ReadEndElement();
return(ski);
}
public override SecurityKeyIdentifierClause ReadKeyIdentifierClauseCore( XmlDictionaryReader reader )
{
SecurityKeyIdentifierClause ski = null;
reader.ReadStartElement( XD.XmlSignatureDictionary.X509Data, NamespaceUri );
while ( reader.IsStartElement() )
{
if ( ski == null && reader.IsStartElement( XD.XmlSignatureDictionary.X509Certificate, NamespaceUri ) )
{
X509Certificate2 certificate = null;
if ( !SecurityUtils.TryCreateX509CertificateFromRawData( reader.ReadElementContentAsBase64(), out certificate ) )
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new SecurityMessageSerializationException( SR.GetString( SR.InvalidX509RawData ) ) );
}
ski = new X509RawDataKeyIdentifierClause( certificate );
}
else if ( ski == null && reader.IsStartElement( XmlSignatureStrings.X509Ski, NamespaceUri.ToString() ) )
{
ski = new X509SubjectKeyIdentifierClause( reader.ReadElementContentAsBase64() );
}
else if ( ( ski == null ) && reader.IsStartElement( XD.XmlSignatureDictionary.X509IssuerSerial, XD.XmlSignatureDictionary.Namespace ) )
{
reader.ReadStartElement( XD.XmlSignatureDictionary.X509IssuerSerial, XD.XmlSignatureDictionary.Namespace );
reader.ReadStartElement( XD.XmlSignatureDictionary.X509IssuerName, XD.XmlSignatureDictionary.Namespace );
string issuerName = reader.ReadContentAsString();
reader.ReadEndElement();
reader.ReadStartElement( XD.XmlSignatureDictionary.X509SerialNumber, XD.XmlSignatureDictionary.Namespace );
string serialNumber = reader.ReadContentAsString();
reader.ReadEndElement();
reader.ReadEndElement();
ski = new X509IssuerSerialKeyIdentifierClause( issuerName, serialNumber );
}
else
{
reader.Skip();
}
}
reader.ReadEndElement();
return ski;
}
public static bool TryCreateFrom (X509Certificate2 certificate, out X509SubjectKeyIdentifierClause clause)
{
throw new NotImplementedException ();
}
/// <summary>
/// Resolves the given SecurityKeyIdentifierClause to a SecurityToken.
/// </summary>
/// <param name="keyIdentifierClause">SecurityKeyIdentifierClause to resolve.</param>
/// <param name="token">The resolved SecurityToken.</param>
/// <returns>True if successfully resolved.</returns>
/// <exception cref="ArgumentNullException">The input argument 'keyIdentifierClause' is null.</exception>
protected override bool TryResolveTokenCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityToken token)
{
if (keyIdentifierClause == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("keyIdentifierClause");
}
token = null;
X509Store store = null;
X509Certificate2Collection certs = null;
try
{
store = new X509Store(this.storeName, this.storeLocation);
store.Open(OpenFlags.ReadOnly);
certs = store.Certificates;
foreach (X509Certificate2 cert in certs)
{
X509ThumbprintKeyIdentifierClause thumbprintKeyIdentifierClause = keyIdentifierClause as X509ThumbprintKeyIdentifierClause;
if (thumbprintKeyIdentifierClause != null && thumbprintKeyIdentifierClause.Matches(cert))
{
token = new X509SecurityToken(cert);
return(true);
}
X509IssuerSerialKeyIdentifierClause issuerSerialKeyIdentifierClause = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause;
if (issuerSerialKeyIdentifierClause != null && issuerSerialKeyIdentifierClause.Matches(cert))
{
token = new X509SecurityToken(cert);
return(true);
}
X509SubjectKeyIdentifierClause subjectKeyIdentifierClause = keyIdentifierClause as X509SubjectKeyIdentifierClause;
if (subjectKeyIdentifierClause != null && subjectKeyIdentifierClause.Matches(cert))
{
token = new X509SecurityToken(cert);
return(true);
}
X509RawDataKeyIdentifierClause rawDataKeyIdentifierClause = keyIdentifierClause as X509RawDataKeyIdentifierClause;
if (rawDataKeyIdentifierClause != null && rawDataKeyIdentifierClause.Matches(cert))
{
token = new X509SecurityToken(cert);
return(true);
}
}
}
finally
{
if (certs != null)
{
for (int i = 0; i < certs.Count; i++)
{
certs[i].Reset();
}
}
if (store != null)
{
store.Close();
}
}
return(false);
}
public static bool TryCreateFrom(X509Certificate2 certificate, out X509SubjectKeyIdentifierClause keyIdentifierClause)
{
throw new NotImplementedException();
}
/// <summary>
/// Serialize a SecurityKeyIdentifierClause to the given XmlWriter.
/// </summary>
/// <param name="writer">XmlWriter to which the SecurityKeyIdentifierClause is serialized.</param>
/// <param name="securityKeyIdentifierClause">SecurityKeyIdentifierClause to serialize.</param>
/// <exception cref="ArgumentNullException">The input parameter 'reader' or 'securityKeyIdentifierClause' is null.</exception>
/// <exception cref="ArgumentException">The parameter 'securityKeyIdentifierClause' is not a supported clause type.</exception>
public override void WriteKeyIdentifierClause(XmlWriter writer, SecurityKeyIdentifierClause securityKeyIdentifierClause)
{
if (writer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer");
}
if (securityKeyIdentifierClause == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityKeyIdentifierClause");
}
X509IssuerSerialKeyIdentifierClause issuerSerialClause = securityKeyIdentifierClause as X509IssuerSerialKeyIdentifierClause;
if (issuerSerialClause != null)
{
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace);
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509IssuerSerial, XmlSignatureConstants.Namespace);
writer.WriteElementString(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509IssuerName, XmlSignatureConstants.Namespace, issuerSerialClause.IssuerName);
writer.WriteElementString(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509SerialNumber, XmlSignatureConstants.Namespace, issuerSerialClause.IssuerSerialNumber);
writer.WriteEndElement();
writer.WriteEndElement();
return;
}
X509SubjectKeyIdentifierClause skiClause = securityKeyIdentifierClause as X509SubjectKeyIdentifierClause;
if (skiClause != null)
{
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace);
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509SKI, XmlSignatureConstants.Namespace);
byte[] ski = skiClause.GetX509SubjectKeyIdentifier();
writer.WriteBase64(ski, 0, ski.Length);
writer.WriteEndElement();
writer.WriteEndElement();
return;
}
#if INCLUDE_CERT_CHAIN
X509ChainRawDataKeyIdentifierClause x509ChainDataClause = securityKeyIdentifierClause as X509ChainRawDataKeyIdentifierClause;
if (x509ChainDataClause != null)
{
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace);
for (int i = 0; i < x509ChainDataClause.CertificateCount; i++)
{
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Certificate, XmlSignatureConstants.Namespace);
byte[] rawData = x509ChainDataClause.GetX509RawData(i);
writer.WriteBase64(rawData, 0, rawData.Length);
writer.WriteEndElement();
}
writer.WriteEndElement();
return;
}
#endif
X509RawDataKeyIdentifierClause rawDataClause = securityKeyIdentifierClause as X509RawDataKeyIdentifierClause;
if (rawDataClause != null)
{
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace);
writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Certificate, XmlSignatureConstants.Namespace);
byte[] rawData = rawDataClause.GetX509RawData();
writer.WriteBase64(rawData, 0, rawData.Length);
writer.WriteEndElement();
writer.WriteEndElement();
return;
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("securityKeyIdentifierClause", SR.GetString(SR.ID4259, securityKeyIdentifierClause.GetType()));
}
