/// <summary>
/// Initializes the object with a UA identity token
/// </summary>
private void Initialize(IssuedIdentityToken token, SecurityTokenSerializer serializer, SecurityTokenResolver resolver)
{
if (token == null)
{
throw new ArgumentNullException("token");
}
string text = new UTF8Encoding().GetString(token.DecryptedTokenData);
XmlDocument document = new XmlDocument();
document.InnerXml = text.Trim();
XmlNodeReader reader = new XmlNodeReader(document.DocumentElement);
try
{
if (document.DocumentElement.NamespaceURI == "urn:oasis:names:tc:SAML:1.0:assertion")
{
SecurityToken samlToken = new SamlSerializer().ReadToken(reader, serializer, resolver);
Initialize(samlToken);
}
else
{
SecurityToken securityToken = serializer.ReadToken(reader, resolver);
Initialize(securityToken);
}
}
finally
{
reader.Close();
}
}
public static async Task <IUserIdentity> ValidateTokenAsync(Uri authorityUrl, string audiance, string jwt)
{
JwtSecurityToken token = new JwtSecurityToken(jwt);
SecurityToken validatedToken = new JwtSecurityToken();
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
TokenValidationParameters validationParameters = new TokenValidationParameters
{
ValidAudience = audiance
};
ConfigurationManager <OpenIdConnectConfiguration> configManager = new ConfigurationManager <OpenIdConnectConfiguration>(
authorityUrl.ToString() + "/.well-known/openid-configuration",
new OpenIdConnectConfigurationRetriever());
OpenIdConnectConfiguration config = await configManager.GetConfigurationAsync();
validationParameters.ValidIssuer = new Uri(config.Issuer).ToString();
validationParameters.IssuerSigningKeys = (IEnumerable <SecurityKey>)config.JsonWebKeySet;
tokenHandler.ValidateToken(jwt, validationParameters, out validatedToken);
IssuedIdentityToken issuedToken = new IssuedIdentityToken();
issuedToken.IssuedTokenType = IssuedTokenType.JWT;
issuedToken.DecryptedTokenData = new UTF8Encoding(false).GetBytes(((JwtSecurityToken)validatedToken).RawData);
return(new UserIdentity(issuedToken));
}
/// <summary>
/// Initializes the object with a UA identity token
/// </summary>
private void Initialize(UserIdentityToken token)
{
if (token == null)
{
throw new ArgumentNullException("token");
}
m_policyId = token.PolicyId;
UserNameIdentityToken usernameToken = token as UserNameIdentityToken;
if (usernameToken != null)
{
Initialize(new UserNameSecurityToken(usernameToken.UserName, usernameToken.DecryptedPassword));
return;
}
X509IdentityToken x509Token = token as X509IdentityToken;
if (x509Token != null)
{
X509Certificate2 certificate = CertificateFactory.Create(x509Token.CertificateData, true);
Initialize(new X509SecurityToken(certificate));
return;
}
IssuedIdentityToken wssToken = token as IssuedIdentityToken;
if (wssToken != null)
{
Initialize(wssToken, WSSecurityTokenSerializer.DefaultInstance, null);
return;
}
AnonymousIdentityToken anonymousToken = token as AnonymousIdentityToken;
if (anonymousToken != null)
{
m_tokenType = UserTokenType.Anonymous;
m_issuedTokenType = null;
m_displayName = "Anonymous";
m_token = null;
return;
}
throw new ArgumentException("Unrecognized UA user identity token type.", "token");
}
/// <summary>
/// Initializes the object with a UA identity token.
/// </summary>
/// <param name="token">The token.</param>
public UserIdentity(IssuedIdentityToken issuedToken)
{
Initialize(issuedToken);
}
/// <summary>
/// Initializes the object with a UA identity token
/// </summary>
private void Initialize(UserIdentityToken token)
{
if (token == null)
{
throw new ArgumentNullException("token");
}
m_token = token;
UserNameIdentityToken usernameToken = token as UserNameIdentityToken;
if (usernameToken != null)
{
m_tokenType = UserTokenType.UserName;
m_issuedTokenType = null;
m_displayName = usernameToken.UserName;
return;
}
X509IdentityToken x509Token = token as X509IdentityToken;
if (x509Token != null)
{
m_tokenType = UserTokenType.Certificate;
m_issuedTokenType = null;
if (x509Token.Certificate != null)
{
m_displayName = x509Token.Certificate.Subject;
}
else
{
X509Certificate2 cert = CertificateFactory.Create(x509Token.CertificateData, true);
m_displayName = cert.Subject;
}
return;
}
IssuedIdentityToken issuedToken = token as IssuedIdentityToken;
if (issuedToken != null)
{
if (issuedToken.IssuedTokenType == Ua.IssuedTokenType.JWT)
{
if (issuedToken.DecryptedTokenData == null || issuedToken.DecryptedTokenData.Length == 0)
{
throw new ArgumentException("JSON Web Token has no data associated with it.", "token");
}
m_tokenType = UserTokenType.IssuedToken;
m_issuedTokenType = new XmlQualifiedName("", Opc.Ua.Profiles.JwtUserToken);
m_displayName = "JWT";
return;
}
else
{
throw new NotSupportedException("Only JWT Issued Tokens are supported!");
}
}
AnonymousIdentityToken anonymousToken = token as AnonymousIdentityToken;
if (anonymousToken != null)
{
m_tokenType = UserTokenType.Anonymous;
m_issuedTokenType = null;
m_displayName = "Anonymous";
return;
}
throw new ArgumentException("Unrecognized UA user identity token type.", "token");
}
/// <summary cref="IUserIdentity.GetIdentityToken" />
public UserIdentityToken GetIdentityToken()
{
// check for anonymous.
if (m_token == null)
{
AnonymousIdentityToken token = new AnonymousIdentityToken();
token.PolicyId = m_policyId;
return(token);
}
// return a user name token.
UserNameSecurityToken usernameToken = m_token as UserNameSecurityToken;
if (usernameToken != null)
{
UserNameIdentityToken token = new UserNameIdentityToken();
token.PolicyId = m_policyId;
token.UserName = usernameToken.UserName;
token.DecryptedPassword = usernameToken.Password;
return(token);
}
// return an X509 token.
X509SecurityToken x509Token = m_token as X509SecurityToken;
if (x509Token != null)
{
X509IdentityToken token = new X509IdentityToken();
token.PolicyId = m_policyId;
token.CertificateData = x509Token.Certificate.GetRawCertData();
token.Certificate = x509Token.Certificate;
return(token);
}
// handle SAML token.
SamlSecurityToken samlToken = m_token as SamlSecurityToken;
if (samlToken != null)
{
MemoryStream ostrm = new MemoryStream();
XmlTextWriter writer = new XmlTextWriter(ostrm, new UTF8Encoding());
try
{
SamlSerializer serializer = new SamlSerializer();
serializer.WriteToken(samlToken, writer, WSSecurityTokenSerializer.DefaultInstance);
}
finally
{
writer.Close();
}
IssuedIdentityToken wssToken = new IssuedIdentityToken();
wssToken.PolicyId = m_policyId;
wssToken.DecryptedTokenData = ostrm.ToArray();
return(wssToken);
}
// return a WSS token by default.
if (m_token != null)
{
MemoryStream ostrm = new MemoryStream();
XmlWriter writer = new XmlTextWriter(ostrm, new UTF8Encoding());
try
{
WSSecurityTokenSerializer serializer = new WSSecurityTokenSerializer();
serializer.WriteToken(writer, m_token);
}
finally
{
writer.Close();
}
IssuedIdentityToken wssToken = new IssuedIdentityToken();
wssToken.PolicyId = m_policyId;
wssToken.DecryptedTokenData = ostrm.ToArray();
return(wssToken);
}
return(null);
}
/// <summary>
/// Initializes the object with a UA identity token.
/// </summary>
/// <param name="token">The token.</param>
/// <param name="serializer">The token serializer.</param>
/// <param name="resolver">The token resolver.</param>
public UserIdentity(IssuedIdentityToken token, SecurityTokenSerializer serializer, SecurityTokenResolver resolver)
{
Initialize(token, serializer, resolver);
}
/// <summary>
/// Initializes the object with a UA identity token.
/// </summary>
/// <param name="token">The token.</param>
/// <param name="serializer">The token serializer.</param>
/// <param name="resolver">The token resolver.</param>
public UserIdentity(IssuedIdentityToken token, SecurityTokenSerializer serializer, SecurityTokenResolver resolver)
{
Initialize(token, serializer, resolver);
}
/// <summary>
/// Initializes the object with a UA identity token
/// </summary>
private void Initialize(IssuedIdentityToken token, SecurityTokenSerializer serializer, SecurityTokenResolver resolver)
{
if (token == null) throw new ArgumentNullException("token");
string text = new UTF8Encoding().GetString(token.DecryptedTokenData);
XmlDocument document = new XmlDocument();
document.InnerXml = text.Trim();
XmlNodeReader reader = new XmlNodeReader(document.DocumentElement);
try
{
if (document.DocumentElement.NamespaceURI == "urn:oasis:names:tc:SAML:1.0:assertion")
{
SecurityToken samlToken = new SamlSerializer().ReadToken(reader, serializer, resolver);
Initialize(samlToken);
}
else
{
SecurityToken securityToken = serializer.ReadToken(reader, resolver);
Initialize(securityToken);
}
}
finally
{
reader.Close();
}
}
/// <summary cref="IUserIdentity.GetIdentityToken" />
public UserIdentityToken GetIdentityToken()
{
// check for anonymous.
if (m_token == null)
{
AnonymousIdentityToken token = new AnonymousIdentityToken();
token.PolicyId = m_policyId;
return token;
}
// return a user name token.
UserNameSecurityToken usernameToken = m_token as UserNameSecurityToken;
if (usernameToken != null)
{
UserNameIdentityToken token = new UserNameIdentityToken();
token.PolicyId = m_policyId;
token.UserName = usernameToken.UserName;
token.DecryptedPassword = usernameToken.Password;
return token;
}
// return an X509 token.
X509SecurityToken x509Token = m_token as X509SecurityToken;
if (x509Token != null)
{
X509IdentityToken token = new X509IdentityToken();
token.PolicyId = m_policyId;
token.CertificateData = x509Token.Certificate.GetRawCertData();
token.Certificate = x509Token.Certificate;
return token;
}
// handle SAML token.
SamlSecurityToken samlToken = m_token as SamlSecurityToken;
if (samlToken != null)
{
MemoryStream ostrm = new MemoryStream();
XmlTextWriter writer = new XmlTextWriter(ostrm, new UTF8Encoding());
try
{
SamlSerializer serializer = new SamlSerializer();
serializer.WriteToken(samlToken, writer, WSSecurityTokenSerializer.DefaultInstance);
}
finally
{
writer.Close();
}
IssuedIdentityToken wssToken = new IssuedIdentityToken();
wssToken.PolicyId = m_policyId;
wssToken.DecryptedTokenData = ostrm.ToArray();
return wssToken;
}
// return a WSS token by default.
if (m_token != null)
{
MemoryStream ostrm = new MemoryStream();
XmlWriter writer = new XmlTextWriter(ostrm, new UTF8Encoding());
try
{
WSSecurityTokenSerializer serializer = new WSSecurityTokenSerializer();
serializer.WriteToken(writer, m_token);
}
finally
{
writer.Close();
}
IssuedIdentityToken wssToken = new IssuedIdentityToken();
wssToken.PolicyId = m_policyId;
wssToken.DecryptedTokenData = ostrm.ToArray();
return wssToken;
}
return null;
}
/// <summary>
/// Initializes the object with a UA identity token.
/// </summary>
/// <param name="token">The token.</param>
public UserIdentity(IssuedIdentityToken issuedToken)
{
Initialize(issuedToken);
}
