protected virtual System.IdentityModel.Tokens.SecurityToken VerifySignature(string signingInput, string signature, string algorithm, System.IdentityModel.Tokens.SecurityToken signingToken) { Utility.VerifyNonNullArgument("signingToken", signingToken); bool flag = false; System.IdentityModel.Tokens.SecurityToken result = null; if (string.Equals(algorithm, "RS256", System.StringComparison.Ordinal)) { System.IdentityModel.Tokens.X509SecurityToken x509SecurityToken = signingToken as System.IdentityModel.Tokens.X509SecurityToken; if (x509SecurityToken == null) { throw new System.IdentityModel.Tokens.SecurityTokenException("Unsupported issuer token type for asymmetric signature."); } System.Security.Cryptography.RSACryptoServiceProvider rSACryptoServiceProvider = x509SecurityToken.Certificate.PublicKey.Key as System.Security.Cryptography.RSACryptoServiceProvider; if (rSACryptoServiceProvider == null) { throw new System.IdentityModel.Tokens.SecurityTokenException("Unsupported asymmetric signing algorithm."); } using (X509AsymmetricSignatureProvider x509AsymmetricSignatureProvider = new X509AsymmetricSignatureProvider(rSACryptoServiceProvider)) { flag = x509AsymmetricSignatureProvider.Verify(Base64UrlEncoder.TextEncoding.GetBytes(signingInput), Base64UrlEncoder.DecodeBytes(signature)); if (flag) { result = signingToken; } goto IL_133; } } if (string.Equals(algorithm, "HS256", System.StringComparison.Ordinal)) { byte[] bytes = Base64UrlEncoder.TextEncoding.GetBytes(signingInput); byte[] signature2 = Base64UrlEncoder.DecodeBytes(signature); using (System.Collections.Generic.IEnumerator <System.IdentityModel.Tokens.SecurityKey> enumerator = signingToken.SecurityKeys.GetEnumerator()) { while (enumerator.MoveNext()) { System.IdentityModel.Tokens.SecurityKey current = enumerator.Current; System.IdentityModel.Tokens.SymmetricSecurityKey symmetricSecurityKey = current as System.IdentityModel.Tokens.SymmetricSecurityKey; if (symmetricSecurityKey != null) { using (SymmetricSignatureProvider symmetricSignatureProvider = new SymmetricSignatureProvider(symmetricSecurityKey)) { flag = symmetricSignatureProvider.Verify(bytes, signature2); if (flag) { result = new BinarySecretSecurityToken(symmetricSecurityKey.GetSymmetricKey()); break; } } } } goto IL_133; } } throw new System.IdentityModel.Tokens.SecurityTokenException("Unsupported signing algorithm."); IL_133: if (!flag) { throw new System.IdentityModel.Tokens.SecurityTokenException("Invalid issuer or signature."); } return(result); }
protected override bool TryResolveSecurityKeyCore(System.IdentityModel.Tokens.SecurityKeyIdentifierClause keyIdentifierClause, out System.IdentityModel.Tokens.SecurityKey key) { key = default(System.IdentityModel.Tokens.SecurityKey); return(default(bool)); }
protected override bool TryResolveSecurityKeyCore(System.IdentityModel.Tokens.SecurityKeyIdentifierClause keyIdentifierClause, out System.IdentityModel.Tokens.SecurityKey key) { return(base.TryResolveSecurityKeyCore(keyIdentifierClause, out key)); }
protected override bool TryResolveSecurityKeyCore(System.IdentityModel.Tokens.SecurityKeyIdentifierClause keyIdentifierClause, out System.IdentityModel.Tokens.SecurityKey key) { var token = _tokens[0] as X509SecurityToken; var myCert = token.Certificate; key = null; var ekec = keyIdentifierClause as EncryptedKeyIdentifierClause; if (ekec != null) { if (ekec.EncryptionMethod == "http://www.w3.org/2001/04/xmlenc#rsa-1_5") { var encKey = ekec.GetEncryptedKey(); var rsa = myCert.PrivateKey as RSACryptoServiceProvider; var decKey = rsa.Decrypt(encKey, false); key = new InMemorySymmetricSecurityKey(decKey); return(true); } var data = ekec.GetEncryptedKey(); var id = ekec.EncryptingKeyIdentifier; } return(true); }