private bool ResolvesToSigningToken(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityKey key, out SecurityToken token) { token = null; key = null; CertMatcher certMatcher = null; // for SAML tokens the highest probability are certs, with RawData first X509RawDataKeyIdentifierClause rawCertKeyIdentifierClause = keyIdentifierClause as X509RawDataKeyIdentifierClause; if (rawCertKeyIdentifierClause != null) { certMatcher = rawCertKeyIdentifierClause.Matches; } else { X509SubjectKeyIdentifierClause subjectKeyIdentifierClause = keyIdentifierClause as X509SubjectKeyIdentifierClause; if (subjectKeyIdentifierClause != null) { certMatcher = subjectKeyIdentifierClause.Matches; } else { X509ThumbprintKeyIdentifierClause thumbprintKeyIdentifierClause = keyIdentifierClause as X509ThumbprintKeyIdentifierClause; if (thumbprintKeyIdentifierClause != null) { certMatcher = thumbprintKeyIdentifierClause.Matches; } else { X509IssuerSerialKeyIdentifierClause issuerKeyIdentifierClause = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause; if (issuerKeyIdentifierClause != null) { certMatcher = issuerKeyIdentifierClause.Matches; } } } } if (_validationParameters.IssuerSigningKeyResolver != null) { key = _validationParameters.IssuerSigningKeyResolver(token: _securityToken, securityToken: null, keyIdentifier: new SecurityKeyIdentifier(keyIdentifierClause), validationParameters: _validationParameters); if (key != null) { this.IsKeyMatched = true; } } if (_validationParameters.IssuerSigningKey != null) { if (Matches(keyIdentifierClause, _validationParameters.IssuerSigningKey, certMatcher, out token)) { key = _validationParameters.IssuerSigningKey; this.IsKeyMatched = true; } } if (_validationParameters.IssuerSigningKeys != null) { foreach (SecurityKey securityKey in _validationParameters.IssuerSigningKeys) { if (Matches(keyIdentifierClause, securityKey, certMatcher, out token)) { key = securityKey; this.IsKeyMatched = true; break; } } } if (_validationParameters.IssuerSigningToken != null) { if (_validationParameters.IssuerSigningToken.MatchesKeyIdentifierClause(keyIdentifierClause)) { token = _validationParameters.IssuerSigningToken; key = token.SecurityKeys[0]; this.IsKeyMatched = true; } } if (_validationParameters.IssuerSigningTokens != null) { foreach (SecurityToken issuerToken in _validationParameters.IssuerSigningTokens) { if (_validationParameters.IssuerSigningToken.MatchesKeyIdentifierClause(keyIdentifierClause)) { token = issuerToken; key = token.SecurityKeys[0]; this.IsKeyMatched = true; break; } } } return(this.IsKeyMatched); }
private static bool Matches(SecurityKeyIdentifierClause keyIdentifierClause, SecurityKey key, CertMatcher certMatcher, out SecurityToken token) { token = null; if (certMatcher != null) { X509SecurityKey x509Key = key as X509SecurityKey; if (x509Key != null) { if (certMatcher(x509Key.Certificate)) { token = new X509SecurityToken(x509Key.Certificate); return true; } } else { X509AsymmetricSecurityKey x509AsymmKey = key as X509AsymmetricSecurityKey; if (x509AsymmKey != null) { X509Certificate2 cert = _certFieldInfo.GetValue(x509AsymmKey) as X509Certificate2; if (cert != null && certMatcher(cert)) { token = new X509SecurityToken(cert); return true; } } } } return false; }
private static bool Matches(SecurityKeyIdentifierClause keyIdentifierClause, SecurityKey key, CertMatcher certMatcher, out SecurityToken token) { token = null; if (certMatcher != null) { X509SecurityKey x509Key = key as X509SecurityKey; if (x509Key != null) { if (certMatcher(x509Key.Certificate)) { token = new X509SecurityToken(x509Key.Certificate); return(true); } } else { X509AsymmetricSecurityKey x509AsymmKey = key as X509AsymmetricSecurityKey; if (x509AsymmKey != null) { X509Certificate2 cert = _certFieldInfo.GetValue(x509AsymmKey) as X509Certificate2; if (cert != null && certMatcher(cert)) { token = new X509SecurityToken(cert); return(true); } } } } return(false); }