public void ComputeSignature(SecurityKey signingKey) { string signatureMethod = this.Signature.SignedInfo.SignatureMethod; SymmetricSecurityKey key = signingKey as SymmetricSecurityKey; if (key != null) { using (KeyedHashAlgorithm algorithm = key.GetKeyedHashAlgorithm(signatureMethod)) { if (algorithm == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.IdentityModel.SR.GetString("UnableToCreateKeyedHashAlgorithm", new object[] { key, signatureMethod }))); } this.ComputeSignature(algorithm); return; } } AsymmetricSecurityKey key2 = signingKey as AsymmetricSecurityKey; if (key2 == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.IdentityModel.SR.GetString("UnknownICryptoType", new object[] { signingKey }))); } using (HashAlgorithm algorithm2 = key2.GetHashAlgorithmForSignature(signatureMethod)) { if (algorithm2 == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.IdentityModel.SR.GetString("UnableToCreateHashAlgorithmFromAsymmetricCrypto", new object[] { signatureMethod, key2 }))); } AsymmetricSignatureFormatter signatureFormatter = key2.GetSignatureFormatter(signatureMethod); if (signatureFormatter == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.IdentityModel.SR.GetString("UnableToCreateSignatureFormatterFromAsymmetricCrypto", new object[] { signatureMethod, key2 }))); } this.ComputeSignature(algorithm2, signatureFormatter, signatureMethod); } }
private void InitCrypto(SecurityKey securityKey) { m_securityKey = securityKey; List<SecurityKey> securityKeys = new List<SecurityKey>(1); securityKeys.Add(securityKey); m_securityKeys = securityKeys.AsReadOnly(); }
public SigningCredentials (SecurityKey signingKey, string signatureAlgorithm, string digestAlgorithm, SecurityKeyIdentifier signingKeyIdentifier) : this (signingKey, signatureAlgorithm, digestAlgorithm) { if (signingKeyIdentifier == null) throw new ArgumentNullException ("signingKeyIdentifier"); this.identifier = signingKeyIdentifier; }
/// <summary> /// Inherited from <see cref="SecurityTokenResolver"/>. /// </summary> protected override bool TryResolveSecurityKeyCore( SecurityKeyIdentifierClause keyIdentifierClause, out SecurityKey key ) { if ( keyIdentifierClause == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "keyIdentifierClause" ); } key = null; X509RawDataKeyIdentifierClause rawDataClause = keyIdentifierClause as X509RawDataKeyIdentifierClause; if ( rawDataClause != null ) { key = rawDataClause.CreateKey(); return true; } RsaKeyIdentifierClause rsaClause = keyIdentifierClause as RsaKeyIdentifierClause; if ( rsaClause != null ) { key = rsaClause.CreateKey(); return true; } if ( _wrappedTokenResolver.TryResolveSecurityKey( keyIdentifierClause, out key ) ) { return true; } return false; }
/// <summary> /// Constructs an EncryptingCredentials with a security key, a security key identifier and /// the encryption algorithm. /// </summary> /// <param name="key">A security key for encryption.</param> /// <param name="keyIdentifier">A security key identifier for the encryption key.</param> /// <param name="algorithm">The encryption algorithm.</param> /// <exception cref="ArgumentNullException">When key is null.</exception> /// <exception cref="ArgumentNullException">When key identifier is null.</exception> /// <exception cref="ArgumentNullException">When algorithm is null.</exception> public EncryptingCredentials(SecurityKey key, SecurityKeyIdentifier keyIdentifier, string algorithm) { if (key == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("key"); } if (keyIdentifier == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("keyIdentifier"); } if (string.IsNullOrEmpty(algorithm)) { throw DiagnosticUtility.ThrowHelperArgumentNullOrEmptyString("algorithm"); } // // It is possible that keyIdentifier is pointing to a token which // is not capable of doing the given algorithm, we have no way verify // that at this level. // _algorithm = algorithm; _key = key; _keyIdentifier = keyIdentifier; }
public bool TryResolveSecurityKey(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityKey key) { if (keyIdentifierClause == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("keyIdentifierClause"); } return this.TryResolveSecurityKeyCore(keyIdentifierClause, out key); }
public SwtIssuerTokenResolver() { var signValue = ConfigurationManager.AppSettings[SigningKeyAppSetting]; if (string.IsNullOrEmpty(signValue)) throw new InvalidSecurityException(string.Format( "Required appSettings key '{0}' containing the 256-bit symmetric key for token signing was not found.", SigningKeyAppSetting)); this.key = new InMemorySymmetricSecurityKey(Convert.FromBase64String(signValue)); }
protected BinarySecretSecurityToken (string id, byte [] key, bool allowCrypto) : this (id, allowCrypto) { if (key == null) throw new ArgumentNullException ("key"); this.key = key; SecurityKey [] arr = new SecurityKey [] {new InMemorySymmetricSecurityKey (key)}; keys = new ReadOnlyCollection<SecurityKey> (arr); }
protected override bool TryResolveSecurityKeyCore ( SecurityKeyIdentifierClause keyIdentifierClause, out SecurityKey key) { key = null; foreach (SecurityTokenResolver r in resolvers) if (r != null && r.TryResolveSecurityKey (keyIdentifierClause, out key)) return true; return false; }
protected override bool TryResolveSecurityKeyCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityKey key) { SecurityToken token; if (this.TryResolveTokenCore(keyIdentifierClause, out token)) { key = ((SecurityContextSecurityToken) token).SecurityKeys[0]; return true; } key = null; return false; }
public SigningCredentials (SecurityKey signingKey, string signatureAlgorithm, string digestAlgorithm) { if (signingKey == null) throw new ArgumentNullException ("signingKey"); if (signatureAlgorithm == null) throw new ArgumentNullException ("signatureAlgorithm"); if (digestAlgorithm == null) throw new ArgumentNullException ("digestAlgorithm"); this.key = signingKey; this.sig_alg = signatureAlgorithm; this.dig_alg = digestAlgorithm; }
protected override bool TryResolveSecurityKeyCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityKey key) { // We pass ourselves a SwtSecurityKeyClause from the SwtSecurityTokenHandler on ValidateToken. var nameClause = keyIdentifierClause as SwtSecurityKeyClause; // If it wasn't us passing the clause, let the base class handle other built-in scenarios (i.e. X509) if (nameClause == null) return base.TryResolveSecurityKeyCore(keyIdentifierClause, out key); key = this.key; return true; }
protected override bool TryResolveSecurityKeyCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityKey key) { key = null; var swtClause = keyIdentifierClause as WebTokenSecurityKeyClause; string value; if (_signingKeys.TryGetValue(swtClause.Issuer.ToLowerInvariant(), out value)) { key = new InMemorySymmetricSecurityKey(Convert.FromBase64String(value)); return true; } return false; }
/// <summary> /// Initializes a new instance of the <see cref="NamedKeySecurityToken"/> class that contains a single <see cref="SecurityKey"/>. /// </summary> /// <param name="name">A name for the <see cref="SecurityKey"/>.</param> /// <param name="id">the identifier for this token.</param> /// <param name="key">A <see cref="SecurityKey"/></param> /// <exception cref="ArgumentNullException">if 'name' is null or whitespace.</exception> /// <exception cref="ArgumentNullException">if 'id' is null or whitespace.</exception> /// <exception cref="ArgumentNullException">if 'key' is null.</exception> public NamedKeySecurityToken(string name, string id, SecurityKey key) { if (string.IsNullOrWhiteSpace(name)) throw new ArgumentNullException("name"); if (string.IsNullOrWhiteSpace(id)) throw new ArgumentNullException("id"); if (key == null) throw new ArgumentNullException("key"); this.id = id; this.name = name; this.securityKeys = new List<SecurityKey>{key}; this.validFrom = DateTime.UtcNow; }
protected override bool TryResolveSecurityKeyCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityKey key) { key = null; CustomTokenKeyIdentifierClause keyClause = keyIdentifierClause as CustomTokenKeyIdentifierClause; if (keyClause != null) { string base64Key = null; _keys.TryGetValue(keyClause.Audience, out base64Key); if (!string.IsNullOrEmpty(base64Key)) { key = new InMemorySymmetricSecurityKey(Encoding.UTF8.GetBytes(base64Key)); return true; } } return false; }
/// <summary> /// Override of the base class. Resolves the given SecurityKeyIdentifierClause to a /// SecurityKey. /// </summary> /// <param name="keyIdentifierClause">The Clause to be resolved.</param> /// <param name="key">The resolved SecurityKey</param> /// <returns>True if successfully resolved.</returns> /// <exception cref="ArgumentNullException">Input argument 'keyIdentifierClause' is null.</exception> protected override bool TryResolveSecurityKeyCore( SecurityKeyIdentifierClause keyIdentifierClause, out SecurityKey key ) { if ( keyIdentifierClause == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "keyIdentifierClause" ); } key = null; foreach ( SecurityTokenResolver tokenResolver in _tokenResolvers ) { if ( tokenResolver.TryResolveSecurityKey( keyIdentifierClause, out key ) ) { return true; } } return false; }
public SigningCredentials(SecurityKey signingKey, string signatureAlgorithm, string digestAlgorithm, SecurityKeyIdentifier signingKeyIdentifier) { if (signingKey == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("signingKey")); } if (signatureAlgorithm == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("signatureAlgorithm")); } if (digestAlgorithm == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("digestAlgorithm")); } this.signingKey = signingKey; this.signatureAlgorithm = signatureAlgorithm; this.digestAlgorithm = digestAlgorithm; this.signingKeyIdentifier = signingKeyIdentifier; }
/// <summary> /// Creates the JWT header /// </summary> /// <param name="token">The token.</param> /// <param name="credential">The credentials.</param> /// <returns>The JWT header</returns> protected virtual async Task<JwtHeader> CreateHeaderAsync(Token token, SecurityKey key) { JwtHeader header = null; #if DOTNET5_4 header = new JwtHeader(new SigningCredentials(key, SecurityAlgorithms.RsaSha256Signature)); #elif NET451 header = new JwtHeader(new SigningCredentials(key, SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.Sha256Digest)); var x509key = key as X509SecurityKey; if (x509key != null) { header.Add("kid", await _keyService.GetKidAsync(x509key.Certificate)); header.Add("x5t", await _keyService.GetKidAsync(x509key.Certificate)); } #endif return header; }
/// <summary> /// Resolves the given SecurityKeyIdentifierClause to a SecurityKey. /// </summary> /// <param name="keyIdentifierClause">SecurityKeyIdentifierClause to resolve</param> /// <param name="key">The resolved SecurityKey.</param> /// <returns>True if successfully resolved.</returns> /// <exception cref="ArgumentNullException">The input argument 'keyIdentifierClause' is null.</exception> protected override bool TryResolveSecurityKeyCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityKey key) { if (keyIdentifierClause == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("keyIdentifierClause"); } key = null; EncryptedKeyIdentifierClause encryptedKeyIdentifierClause = keyIdentifierClause as EncryptedKeyIdentifierClause; if (encryptedKeyIdentifierClause != null) { SecurityKeyIdentifier keyIdentifier = encryptedKeyIdentifierClause.EncryptingKeyIdentifier; if (keyIdentifier != null && keyIdentifier.Count > 0) { for (int i = 0; i < keyIdentifier.Count; i++) { SecurityKey unwrappingSecurityKey = null; if (TryResolveSecurityKey(keyIdentifier[i], out unwrappingSecurityKey)) { byte[] wrappedKey = encryptedKeyIdentifierClause.GetEncryptedKey(); string wrappingAlgorithm = encryptedKeyIdentifierClause.EncryptionMethod; byte[] unwrappedKey = unwrappingSecurityKey.DecryptKey(wrappingAlgorithm, wrappedKey); key = new InMemorySymmetricSecurityKey(unwrappedKey, false); return true; } } } } else { SecurityToken token = null; if (TryResolveToken(keyIdentifierClause, out token)) { if (token.SecurityKeys.Count > 0) { key = token.SecurityKeys[0]; return true; } } } return false; }
protected override bool TryResolveSecurityKeyCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityKey key) { bool flag = false; key = null; flag = this.tokenResolver.TryResolveSecurityKey(keyIdentifierClause, false, out key); if (!flag && (this.outOfBandTokenResolvers != null)) { for (int i = 0; i < this.outOfBandTokenResolvers.Count; i++) { flag = this.outOfBandTokenResolvers[i].TryResolveSecurityKey(keyIdentifierClause, out key); if (flag) { break; } } } if (!flag) { flag = System.ServiceModel.Security.SecurityUtils.TryCreateKeyFromIntrinsicKeyClause(keyIdentifierClause, this, out key); } return flag; }
private SignatureProvider CreateProvider(SecurityKey key, string algorithm, bool willCreateSignatures) { _Logger?.LogDebug($"Creating {algorithm} provider for {key.KeyId} for {(willCreateSignatures ? "signing" : "verifying")}"); if (key == null) throw new ArgumentNullException(nameof(key)); if (string.IsNullOrWhiteSpace(algorithm)) throw new ArgumentNullException(nameof(algorithm)); //AsymmetricSecurityKey asymmetricSecurityKey = key as AsymmetricSecurityKey; //if (asymmetricSecurityKey != null) // return new AsymmetricSignatureProvider(asymmetricSecurityKey, algorithm, willCreateSignatures, this.AsymmetricAlgorithmResolver); SymmetricSecurityKey symmetricSecurityKey = key as SymmetricSecurityKey; if (symmetricSecurityKey != null) return new SymmetricSignatureProvider(symmetricSecurityKey, algorithm); JsonWebKey jsonWebKey = key as JsonWebKey; if (jsonWebKey != null && jsonWebKey.Kty != null) { //if (jsonWebKey.Kty == "RSA" || jsonWebKey.Kty == "EC") // return new AsymmetricSignatureProvider(key, algorithm, willCreateSignatures, this.AsymmetricAlgorithmResolver); if (jsonWebKey.Kty == "oct") return new SymmetricSignatureProvider(key, algorithm); } throw new ArgumentException($"{typeof(SignatureProvider)} supports: '{typeof(SecurityKey)}' of types: '{typeof(AsymmetricSecurityKey)}' or '{typeof(AsymmetricSecurityKey)}'. SecurityKey received was of type: '{key.GetType()}'."); }
private static string GetEncryptionAlgorithm(SecurityKey key) { // If key is null, an exception is thrown. if (key == null) throw new ArgumentNullException("key"); // Set encryptionAlgorithm to null. string encryptionAlgorithm = null; // If the security key supports AES256 use that ... if (key.IsSupportedAlgorithm(SecurityAlgorithms.Aes256Encryption)) encryptionAlgorithm = SecurityAlgorithms.Aes256Encryption; // ... otherwise if it supports AES192 use that ... else if (key.IsSupportedAlgorithm(SecurityAlgorithms.Aes192Encryption)) encryptionAlgorithm = SecurityAlgorithms.Aes192Encryption; // ... otherwise if it supports AES128 use that ... else if (key.IsSupportedAlgorithm(SecurityAlgorithms.Aes128Encryption)) encryptionAlgorithm = SecurityAlgorithms.Aes128Encryption; return encryptionAlgorithm; }
private static string GetSignatureAlgorithm(SecurityKey key) { // If key is null, an exception is thrown. if (key == null) throw new ArgumentNullException("key"); // Set signatureAlgorithm to null. string signatureAlgorithm = null; // If the security key supports RsaSha1 then use that ... if (key.IsSupportedAlgorithm(SecurityAlgorithms.RsaSha1Signature)) signatureAlgorithm = SecurityAlgorithms.RsaSha1Signature; // ... otherwise if it supports HMACSha1 use that ... else if (key.IsSupportedAlgorithm(SecurityAlgorithms.HmacSha1Signature)) signatureAlgorithm = SecurityAlgorithms.HmacSha1Signature; return signatureAlgorithm; }
private static string GetKeyWrapAlgorithm(SecurityKey key) { // If key is null, an exception is thrown. if (key == null) throw new ArgumentNullException("key"); // Set keywrapAlgorithm to null. string keywrapAlgorithm = null; // If the security key supports RsaOaep then use that ... if (key.IsSupportedAlgorithm(SecurityAlgorithms.RsaOaepKeyWrap)) keywrapAlgorithm = SecurityAlgorithms.RsaOaepKeyWrap; // ... otherwise if it supports RSA15 use that ... else if (key.IsSupportedAlgorithm(SecurityAlgorithms.RsaV15KeyWrap)) keywrapAlgorithm = SecurityAlgorithms.RsaV15KeyWrap; // ... otherwise if it supports AES256 use that ... else if (key.IsSupportedAlgorithm(SecurityAlgorithms.Aes256KeyWrap)) keywrapAlgorithm = SecurityAlgorithms.Aes256KeyWrap; // ... otherwise if it supports AES192 use that ... else if (key.IsSupportedAlgorithm(SecurityAlgorithms.Aes192KeyWrap)) keywrapAlgorithm = SecurityAlgorithms.Aes192KeyWrap; // ... otherwise if it supports AES128 use that ... else if (key.IsSupportedAlgorithm(SecurityAlgorithms.Aes128KeyWrap)) keywrapAlgorithm = SecurityAlgorithms.Aes128KeyWrap; return keywrapAlgorithm; }
protected override bool TryResolveSecurityKeyCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityKey key) { key = null; var dictBasedClause = keyIdentifierClause as DictionaryBasedKeyIdentifierClause; if (dictBasedClause != null) { return this.keys.TryGetValue(dictBasedClause.Dictionary["Audience"].ToLowerInvariant(), out key); } return false; }
protected override ISignatureValueSecurityElement CompletePrimarySignatureCore( SendSecurityHeaderElement[] signatureConfirmations, SecurityToken[] signedEndorsingTokens, SecurityToken[] signedTokens, SendSecurityHeaderElement[] basicTokens, bool isPrimarySignature) { if (this.signedXml == null) { return null; } SecurityTimestamp timestamp = this.Timestamp; if (timestamp != null) { if (timestamp.Id == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.TimestampToSignHasNoId))); } HashStream hashStream = TakeHashStream(); this.StandardsManager.WSUtilitySpecificationVersion.WriteTimestampCanonicalForm( hashStream, timestamp, this.signedInfo.ResourcePool.TakeEncodingBuffer()); signedInfo.AddReference(timestamp.Id, hashStream.FlushHashAndGetValue()); } if ((this.ShouldSignToHeader) && (this.signatureKey is AsymmetricSecurityKey) && (this.Version.Addressing != AddressingVersion.None)) { if (this.toHeaderHash != null) signedInfo.AddReference(this.toHeaderId, this.toHeaderHash); else throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.TransportSecurityRequireToHeader))); } AddSignatureReference(signatureConfirmations); if (isPrimarySignature && this.ShouldProtectTokens) { AddPrimaryTokenSignatureReference(this.ElementContainer.SourceSigningToken, this.SigningTokenParameters); } if (this.RequireMessageProtection) { AddSignatureReference(signedEndorsingTokens, SecurityTokenAttachmentMode.SignedEndorsing); AddSignatureReference(signedTokens, SecurityTokenAttachmentMode.Signed); AddSignatureReference(basicTokens); } if (this.signedInfo.ReferenceCount == 0) { throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.NoPartsOfMessageMatchedPartsToSign)), this.Message); } try { this.signedXml.ComputeSignature(this.signatureKey); return this.signedXml; } finally { this.hashStream = null; this.signedInfo = null; this.signedXml = null; this.signatureKey = null; this.effectiveSignatureParts = null; } }
protected abstract bool TryResolveSecurityKeyCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityKey key);
public override SignatureProvider CreateForSigning(SecurityKey key, string algorithm) { return(CreateProvider(key, algorithm, true)); }
protected override bool TryResolveSecurityKeyCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityKey key) { if (keyIdentifierClause == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("keyIdentifierClause"); key = null; for (int i = 0; i < this.tokens.Count; ++i) { SecurityKey securityKey = this.tokens[i].ResolveKeyIdentifierClause(keyIdentifierClause); if (securityKey != null) { key = securityKey; return true; } } if (keyIdentifierClause is EncryptedKeyIdentifierClause) { EncryptedKeyIdentifierClause keyClause = (EncryptedKeyIdentifierClause)keyIdentifierClause; SecurityKeyIdentifier keyIdentifier = keyClause.EncryptingKeyIdentifier; if (keyIdentifier != null && keyIdentifier.Count > 0) { for (int i = 0; i < keyIdentifier.Count; i++) { SecurityKey unwrappingSecurityKey = null; if (TryResolveSecurityKey(keyIdentifier[i], out unwrappingSecurityKey)) { byte[] wrappedKey = keyClause.GetEncryptedKey(); string wrappingAlgorithm = keyClause.EncryptionMethod; byte[] unwrappedKey = unwrappingSecurityKey.DecryptKey(wrappingAlgorithm, wrappedKey); key = new InMemorySymmetricSecurityKey(unwrappedKey, false); return true; } } } } return key != null; }
public override SignatureProvider CreateForVerifying(SecurityKey key, string algorithm) { return(CreateProvider(key, algorithm, false)); }
public EncryptingCredentials(SecurityKey key, SecurityKeyIdentifier keyIdentifier, string algorithm) { SecurityKey = key; SecurityKeyIdentifier = keyIdentifier; Algorithm = algorithm; }
private SecurityToken CreateSAMLToken(DateTime validFrom, DateTime validTo, SecurityKey signingKey, SecurityKeyIdentifier signingKeyIdentifier, SecurityKeyIdentifier proofKeyIdentifier ) { // Create list of confirmation strings. List<string> confirmations = new List<string>(); // Add holder-of-key string to list of confirmation strings. confirmations.Add("urn:oasis:names:tc:SAML:1.0:cm:holder-of-key"); // Create SAML subject statement based on issuer member variable, confirmation string collection // local variable and proof key identifier parameter. SamlSubject subject = new SamlSubject(null, null, issuer, confirmations, null, proofKeyIdentifier); // Create a list of SAML attributes. List<SamlAttribute> attributes = new List<SamlAttribute>(); // Get the claimset to place into the SAML assertion. ClaimSet cs = GetClaimSet(); // Iterate through the claims and add a SamlAttribute for each claim. // Note that GetClaimSet call above returns a claimset that only contains PossessProperty claims. foreach (Claim c in cs) attributes.Add(new SamlAttribute(c)); // Create list of SAML statements. List<SamlStatement> statements = new List<SamlStatement>(); // Add a SAML attribute statement to the list of statements. An attribute statement is based on // a subject statement and SAML attributes that result from claims. statements.Add(new SamlAttributeStatement(subject, attributes)); // Create a valid from/until condition. SamlConditions conditions = new SamlConditions(validFrom, validTo); // Create the SAML assertion. SamlAssertion assertion = new SamlAssertion("_" + Guid.NewGuid().ToString(), issuer, validFrom, conditions, null, statements); // Set the signing credentials for the SAML assertion. string signatureAlgorithm = GetSignatureAlgorithm(signingKey); assertion.SigningCredentials = new SigningCredentials(signingKey, signatureAlgorithm, SecurityAlgorithms.Sha1Digest, signingKeyIdentifier); return new SamlSecurityToken(assertion); }
public virtual void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader")); } if (samlSerializer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("samlSerializer"); } SamlDictionary samlDictionary = samlSerializer.DictionaryManager.SamlDictionary; reader.MoveToContent(); reader.Read(); if (reader.IsStartElement(samlDictionary.NameIdentifier, samlDictionary.Namespace)) { this.nameFormat = reader.GetAttribute(samlDictionary.NameIdentifierFormat, null); this.nameQualifier = reader.GetAttribute(samlDictionary.NameIdentifierNameQualifier, null); reader.MoveToContent(); this.name = reader.ReadString(); if (this.name == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLNameIdentifierMissingIdentifierValueOnRead"))); } reader.MoveToContent(); reader.ReadEndElement(); } if (reader.IsStartElement(samlDictionary.SubjectConfirmation, samlDictionary.Namespace)) { reader.MoveToContent(); reader.Read(); while (reader.IsStartElement(samlDictionary.SubjectConfirmationMethod, samlDictionary.Namespace)) { string str = reader.ReadString(); if (string.IsNullOrEmpty(str)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLBadSchema", new object[] { samlDictionary.SubjectConfirmationMethod.Value }))); } this.confirmationMethods.Add(str); reader.MoveToContent(); reader.ReadEndElement(); } if (this.confirmationMethods.Count == 0) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLSubjectConfirmationClauseMissingConfirmationMethodOnRead"))); } if (reader.IsStartElement(samlDictionary.SubjectConfirmationData, samlDictionary.Namespace)) { reader.MoveToContent(); this.confirmationData = reader.ReadString(); reader.MoveToContent(); reader.ReadEndElement(); } if (reader.IsStartElement(samlSerializer.DictionaryManager.XmlSignatureDictionary.KeyInfo, samlSerializer.DictionaryManager.XmlSignatureDictionary.Namespace)) { XmlDictionaryReader reader2 = XmlDictionaryReader.CreateDictionaryReader(reader); this.securityKeyIdentifier = SamlSerializer.ReadSecurityKeyIdentifier(reader2, keyInfoSerializer); this.crypto = SamlSerializer.ResolveSecurityKey(this.securityKeyIdentifier, outOfBandTokenResolver); if (this.crypto == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SamlUnableToExtractSubjectKey"))); } this.subjectToken = SamlSerializer.ResolveSecurityToken(this.securityKeyIdentifier, outOfBandTokenResolver); } if ((this.confirmationMethods.Count == 0) && string.IsNullOrEmpty(this.name)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLSubjectRequiresNameIdentifierOrConfirmationMethodOnRead"))); } reader.MoveToContent(); reader.ReadEndElement(); } reader.MoveToContent(); reader.ReadEndElement(); }
protected override bool TryResolveSecurityKeyCore ( SecurityKeyIdentifierClause keyIdentifierClause, out SecurityKey key) { throw new NotImplementedException (); }
public SigningCredentials(SecurityKey signingKey, string signatureAlgorithm, string digestAlgorithm) : this(signingKey, signatureAlgorithm, digestAlgorithm, null) { }