protected virtual ValueTask <SigningCredentials> CreateSigningCredentialsAsync(IRelyingParty party, CancellationToken cancellationToken)
        {
            var key    = party.SigningKey;
            var method = party.SigningAlgorithm ?? Options.DefaultSigningAlgorithm;

            if (key == null)
            {
                key    = Options.DefaultSigningKey;
                method = Options.DefaultSigningAlgorithm;
            }

            if (key == null)
            {
                return(new ValueTask <SigningCredentials>());
            }

            var credentials = method.CreateCredentials(key);

            var information = new SigningCredentialsInformation
            {
                SecurityKeyName = (key is X509SecurityKey x509) ? x509.Certificate.Subject : key.KeyId,
                SecurityKeyType = key.GetType().Name,
                Algorithm       = method.SignatureAlgortihm,
                Digest          = method.DigestAlgorithm
            };

            WsTrustLogMessages.SigningCredentialsCreated(Logger, information, null);

            return(new ValueTask <SigningCredentials>(credentials));
        }
        protected virtual ValueTask <EncryptingCredentials> CreateEncryptingCredentialsAsync(IRelyingParty party, CancellationToken cancellationToken)
        {
            if (!party.RequiresEncryptedToken && !party.RequiresEncryptedSymmetricKeys)
            {
                return(new ValueTask <EncryptingCredentials>());
            }

            var key    = party.EncryptingKey;
            var method = party.EncryptingAlgorithm ?? Options.DefaultEncryptionAlgorithm;

            if (key == null)
            {
                key    = Options.DefaultSigningKey;
                method = Options.DefaultEncryptionAlgorithm;
            }

            if (key == null)
            {
                return(new ValueTask <EncryptingCredentials>());
            }

            var credentials = method.CreateCredentials(key);

            var information = new EncryptingCredentialsInformation
            {
                SecurityKeyName         = (key is X509SecurityKey x509) ? x509.Certificate.Subject : key.KeyId,
                SecurityKeyType         = key.GetType().Name,
                DataEncryptionAlgorithm = method.EncryptionAlgorithm,
                KeyWrapAlgorithm        = method.KeyWrapAlgorithm
            };

            WsTrustLogMessages.EncryptingCredentialsCreated(Logger, information, null);

            return(new ValueTask <EncryptingCredentials>(credentials));
        }
Exemplo n.º 3
0
        protected virtual async ValueTask <Message> ProcessCoreAsync(Message requestMessage, string requestAction, string responseAction, WsTrustVersion version)
        {
            var constants = GetWsTrustConstants(version);

            var trace = new WsTrustMessageInformation
            {
                RequestAction  = requestAction,
                ResponseAction = responseAction,
                WsTrustVersion = version,
                TrustNamespace = constants.Namespace
            };

            WsTrustLogMessages.WsTrustMessage(_logger, trace, null);

            var context = await CreateDispatchContextAsync(requestMessage, requestAction, responseAction, constants);

            await ValidateDispatchContextAsync(context);
            await DispatchRequestAsync(context, constants);

            var serializer = _serializerFactory.Create();

            _logger.LogInformation($"Serializing response for '{responseAction}'.");
            var response = Message.CreateMessage(context.MessageVersion, context.ResponseAction, context.ResponseMessage, new WsTrustResponseObjectSerializer(version, serializer));

            return(response);
        }
Exemplo n.º 4
0
        private async Task <bool> TryGetClaimsAsync(IEnumerable <string> requestedClaimTypes, string requirement, ClaimsIdentity source, IRelyingParty party, ICollection <Claim> claims)
        {
            var list   = requestedClaimTypes.ToList();
            var stores = new List <IRelyingPartyClaimStore>();

            foreach (var type in requestedClaimTypes)
            {
                if (!_relyingPartyClaimStores.TryGetValue(type, out var relyingPartyClaimStores))
                {
                    continue;
                }
                stores.AddRange(relyingPartyClaimStores);
            }

            foreach (var store in stores.Distinct())
            {
                if (!store.CanGenerateClaims(party.AppliesTo))
                {
                    continue;
                }

                _logger.LogDebug($"Attempting to get {requirement} claims from {store.GetType().Name}");
                var requiredClaims = await store.GetClaimsAsync(source, party);

                foreach (var claim in requiredClaims)
                {
                    _logger.LogTrace($"Adding {requirement} claim '{claim.Type}' from {store.GetType().Name}");
                    claims.Add(claim);
                    if (list.Contains(claim.Type))
                    {
                        list.Remove(claim.Type);
                    }
                }
            }

            var copy = list.ToArray();

            foreach (var type in copy)
            {
                var claim = source.FindFirst(type);
                if (claim == null)
                {
                    continue;
                }

                _logger.LogDebug($"Adding {requirement} claim '{type}' from source identity.");
                claims.Add(claim);
                list.Remove(type);
            }

            var success = !list.Any();

            if (!success)
            {
                WsTrustLogMessages.UnableToGetAllClaims(_logger, requirement, new UnableToGetAllClaims {
                    UnpopulatedClaimTypes = list
                }, null);
            }

            return(success);
        }