private SecurityToken ResolveSignatureToken(SecurityKeyIdentifier keyIdentifier, SecurityTokenResolver resolver, bool isPrimarySignature) { SecurityToken token; RsaKeyIdentifierClause clause; TryResolveKeyIdentifier(keyIdentifier, resolver, true, out token); if (((token == null) && !isPrimarySignature) && ((keyIdentifier.Count == 1) && keyIdentifier.TryFind <RsaKeyIdentifierClause>(out clause))) { RsaSecurityTokenAuthenticator tokenAuthenticator = base.FindAllowedAuthenticator <RsaSecurityTokenAuthenticator>(false); if (tokenAuthenticator != null) { SupportingTokenAuthenticatorSpecification specification; token = new RsaSecurityToken(clause.Rsa); ReadOnlyCollection <IAuthorizationPolicy> onlys = tokenAuthenticator.ValidateToken(token); TokenTracker supportingTokenTracker = base.GetSupportingTokenTracker(tokenAuthenticator, out specification); if (supportingTokenTracker == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(System.ServiceModel.SR.GetString("UnknownTokenAuthenticatorUsedInTokenProcessing", new object[] { tokenAuthenticator }))); } supportingTokenTracker.RecordToken(token); base.SecurityTokenAuthorizationPoliciesMapping.Add(token, onlys); } } if (token == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnableToResolveKeyInfoForVerifyingSignature", new object[] { keyIdentifier, resolver }))); } return(token); }
private SecurityToken ResolveSignatureToken(SecurityKeyIdentifier keyIdentifier, SecurityTokenResolver resolver, bool isPrimarySignature) { TryResolveKeyIdentifier(keyIdentifier, resolver, true, out SecurityToken token); if (token == null && !isPrimarySignature) { // check if there is a rsa key token authenticator if (keyIdentifier.Count == 1) { if (keyIdentifier.TryFind <RsaKeyIdentifierClause>(out RsaKeyIdentifierClause rsaClause)) { RsaSecurityTokenAuthenticator rsaAuthenticator = FindAllowedAuthenticator <RsaSecurityTokenAuthenticator>(false); if (rsaAuthenticator != null) { token = new RsaSecurityToken(rsaClause.Rsa); ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies = rsaAuthenticator.ValidateToken(token); TokenTracker rsaTracker = GetSupportingTokenTracker(rsaAuthenticator, out SupportingTokenAuthenticatorSpecification spec); if (rsaTracker == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.Format(SR.UnknownTokenAuthenticatorUsedInTokenProcessing, rsaAuthenticator))); } rsaTracker.RecordToken(token); SecurityTokenAuthorizationPoliciesMapping.Add(token, authorizationPolicies); } } } } if (token == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException( SR.Format(SR.UnableToResolveKeyInfoForVerifyingSignature, keyIdentifier, resolver))); } return(token); }