public BackchannelConfiguration GeBackchannelConfiguration(Expression <Func <FederationPartySettings, bool> > predicate, string keyPrefex)
{
var key = String.Format(CertificateValidationConfigurationProvider.PinsKey, keyPrefex);
if (this._cacheProvider.Contains(key))
{
return(this._cacheProvider.Get <BackchannelConfiguration>(key));
}
var settings = this._dbContext.Set <FederationPartySettings>()
.Where(predicate)
.Select(r => new { r.SecuritySettings, Pins = r.CertificatePins.Select(p => new { p.PinType, p.Value, p.Algorithm }) })
.SingleOrDefault();
if (settings == null)
{
throw new InvalidOperationException("No federationParty configuration found for");
}
var configuration = new BackchannelConfiguration
{
UsePinningValidation = settings.SecuritySettings.PinnedValidation,
BackchannelValidatorResolver = new Kernel.Data.TypeDescriptor(settings.SecuritySettings.PinnedTypeValidator)
};
settings.Pins.GroupBy(k => k.PinType, v => v.Value)
.ToDictionary(k => k.Key, v => v.Select(r => r))
.Aggregate(configuration.Pins, (t, next) => { t.Add(next.Key, next.Value); return(t); });
this._cacheProvider.Put(key, configuration);
return(configuration);
}
public static IEnumerable <IBackchannelCertificateValidationRule> GetRules(BackchannelConfiguration configuration)
{
var rules = ReflectionHelper.GetAllTypes(new[] { typeof(BackchannelValidationRule).Assembly }, t =>
!t.IsAbstract && !t.IsInterface && typeof(IBackchannelCertificateValidationRule).IsAssignableFrom(t))
.Select(t => BackchannelCertificateValidationRulesFactory.InstanceCreator(t));
return(rules);
}
public BackchannelConfiguration GeBackchannelConfiguration(Expression <Func <FederationPartyConfiguration, bool> > predicate, string keyPrefex)
{
var configuration = new BackchannelConfiguration
{
UsePinningValidation = false,
BackchannelValidatorResolver = new Kernel.Data.TypeDescriptor("Microsoft.Owin.CertificateValidators.CertificateValidatorResolver, Microsoft.Owin.CertificateValidators, Version = 1.0.0.0, Culture = neutral, PublicKeyToken = null")
};
return(configuration);
}
public IEnumerable <IPinningSertificateValidator> Resolve(BackchannelConfiguration configuration)
{
var pins = configuration.Pins;
if (pins == null || pins.Count == 0)
{
return(Enumerable.Empty <IPinningSertificateValidator>());
}
//thumbprints validator
var validThumbprints = pins.ContainsKey(PinType.Thumbprint) ? pins[PinType.Thumbprint] : Enumerable.Empty <string>();
var thumbprintValidator = new ThumbprintValidator(validThumbprints);
var local = new LocalThumbprintValidator(validThumbprints);
// subject identifiers validator
var validSubjectKeyIdentifiers = pins.ContainsKey(PinType.SubjectKeyIdentifier) ? pins[PinType.SubjectKeyIdentifier] : Enumerable.Empty <string>();
var subjectKeyIdentifierValidator = validSubjectKeyIdentifiers.Count() == 0 ? (IPinningSertificateValidator)null : new SubjectKeyIdentifierValidator(validSubjectKeyIdentifiers);
//spki validator
var validBase64EncodedSubjectPublicKeyInfoHashes = pins.ContainsKey(PinType.SubjectPublicKeyInfo) ? pins[PinType.SubjectPublicKeyInfo] : Enumerable.Empty <string>();
var subjectPublicKeyInfoValidator = validBase64EncodedSubjectPublicKeyInfoHashes.Count() == 0 ? (IPinningSertificateValidator)null : new SubjectPublicKeyInfoValidator(validSubjectKeyIdentifiers, Security.SubjectPublicKeyInfoAlgorithm.Sha256);
return(new[] { local, thumbprintValidator, subjectKeyIdentifierValidator, subjectPublicKeyInfoValidator });
}
