165 lines
5.5 KiB
C#
165 lines
5.5 KiB
C#
|
//------------------------------------------------------------------------------
|
|||
|
// Copyright (c) Microsoft Corporation. All rights reserved.
|
|||
|
//------------------------------------------------------------------------------
|
|||
|
|
|||
|
using System;
|
|||
|
using System.Collections.Generic;
|
|||
|
using System.Text;
|
|||
|
using System.IdentityModel.Selectors;
|
|||
|
using System.Security.Cryptography.X509Certificates;
|
|||
|
|
|||
|
namespace System.IdentityModel.Tokens
|
|||
|
{
|
|||
|
/// <summary>
|
|||
|
/// Resolves issuer tokens received from service partners.
|
|||
|
/// </summary>
|
|||
|
public class IssuerTokenResolver : SecurityTokenResolver
|
|||
|
{
|
|||
|
/// <summary>
|
|||
|
/// Default store for resolving X509 certificates.
|
|||
|
/// </summary>
|
|||
|
public static readonly StoreName DefaultStoreName = StoreName.TrustedPeople;
|
|||
|
/// <summary>
|
|||
|
/// Default store location for resolving X509 certificates.
|
|||
|
/// </summary>
|
|||
|
public static readonly StoreLocation DefaultStoreLocation = StoreLocation.LocalMachine;
|
|||
|
|
|||
|
//
|
|||
|
// By default, the wrapped resolver is an X509CertificateStoreResolver using LM.TrustedPeople.
|
|||
|
// This can be overridden by the caller.
|
|||
|
//
|
|||
|
SecurityTokenResolver _wrappedTokenResolver = null;
|
|||
|
|
|||
|
internal static IssuerTokenResolver DefaultInstance = new IssuerTokenResolver();
|
|||
|
|
|||
|
/// <summary>
|
|||
|
/// Creates an instance of IssuerTokenResolver.
|
|||
|
/// </summary>
|
|||
|
public IssuerTokenResolver()
|
|||
|
: this( new X509CertificateStoreTokenResolver( DefaultStoreName, DefaultStoreLocation ) )
|
|||
|
{
|
|||
|
}
|
|||
|
|
|||
|
/// <summary>
|
|||
|
/// Creates an instance of IssuerTokenResolver using a given <see cref="SecurityTokenResolver"/>.
|
|||
|
/// </summary>
|
|||
|
/// <param name="wrappedTokenResolver">The <see cref="SecurityTokenResolver"/> to use.</param>
|
|||
|
public IssuerTokenResolver( SecurityTokenResolver wrappedTokenResolver )
|
|||
|
{
|
|||
|
if ( wrappedTokenResolver == null )
|
|||
|
{
|
|||
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "wrappedTokenResolver" );
|
|||
|
}
|
|||
|
|
|||
|
_wrappedTokenResolver = wrappedTokenResolver;
|
|||
|
}
|
|||
|
|
|||
|
/// <summary>
|
|||
|
/// Gets the <see cref="SecurityTokenResolver"/> wrapped by this class.
|
|||
|
/// </summary>
|
|||
|
public SecurityTokenResolver WrappedTokenResolver
|
|||
|
{
|
|||
|
get
|
|||
|
{
|
|||
|
return _wrappedTokenResolver;
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
/// <summary>
|
|||
|
/// Inherited from <see cref="SecurityTokenResolver"/>.
|
|||
|
/// </summary>
|
|||
|
protected override bool TryResolveSecurityKeyCore( SecurityKeyIdentifierClause keyIdentifierClause, out SecurityKey key )
|
|||
|
{
|
|||
|
if ( keyIdentifierClause == null )
|
|||
|
{
|
|||
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "keyIdentifierClause" );
|
|||
|
}
|
|||
|
|
|||
|
key = null;
|
|||
|
|
|||
|
X509RawDataKeyIdentifierClause rawDataClause = keyIdentifierClause as X509RawDataKeyIdentifierClause;
|
|||
|
if ( rawDataClause != null )
|
|||
|
{
|
|||
|
key = rawDataClause.CreateKey();
|
|||
|
return true;
|
|||
|
}
|
|||
|
|
|||
|
RsaKeyIdentifierClause rsaClause = keyIdentifierClause as RsaKeyIdentifierClause;
|
|||
|
if ( rsaClause != null )
|
|||
|
{
|
|||
|
key = rsaClause.CreateKey();
|
|||
|
return true;
|
|||
|
}
|
|||
|
|
|||
|
if ( _wrappedTokenResolver.TryResolveSecurityKey( keyIdentifierClause, out key ) )
|
|||
|
{
|
|||
|
return true;
|
|||
|
}
|
|||
|
|
|||
|
return false;
|
|||
|
}
|
|||
|
|
|||
|
/// <summary>
|
|||
|
/// Inherited from <see cref="SecurityTokenResolver"/>.
|
|||
|
/// </summary>
|
|||
|
protected override bool TryResolveTokenCore( SecurityKeyIdentifier keyIdentifier, out SecurityToken token )
|
|||
|
{
|
|||
|
if ( keyIdentifier == null )
|
|||
|
{
|
|||
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "keyIdentifier" );
|
|||
|
}
|
|||
|
|
|||
|
token = null;
|
|||
|
foreach ( SecurityKeyIdentifierClause clause in keyIdentifier )
|
|||
|
{
|
|||
|
if ( TryResolveTokenCore( clause, out token ) )
|
|||
|
{
|
|||
|
return true;
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
return false;
|
|||
|
}
|
|||
|
|
|||
|
/// <summary>
|
|||
|
/// Inherited from <see cref="SecurityTokenResolver"/>.
|
|||
|
/// </summary>
|
|||
|
protected override bool TryResolveTokenCore( SecurityKeyIdentifierClause keyIdentifierClause, out SecurityToken token )
|
|||
|
{
|
|||
|
if ( keyIdentifierClause == null )
|
|||
|
{
|
|||
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "keyIdentifierClause" );
|
|||
|
}
|
|||
|
|
|||
|
token = null;
|
|||
|
|
|||
|
//
|
|||
|
// Try raw X509
|
|||
|
//
|
|||
|
X509RawDataKeyIdentifierClause rawDataClause = keyIdentifierClause as X509RawDataKeyIdentifierClause;
|
|||
|
if ( rawDataClause != null )
|
|||
|
{
|
|||
|
token = new X509SecurityToken( new X509Certificate2( rawDataClause.GetX509RawData() ) );
|
|||
|
return true;
|
|||
|
}
|
|||
|
|
|||
|
//
|
|||
|
// Try RSA
|
|||
|
//
|
|||
|
RsaKeyIdentifierClause rsaClause = keyIdentifierClause as RsaKeyIdentifierClause;
|
|||
|
if ( rsaClause != null )
|
|||
|
{
|
|||
|
token = new RsaSecurityToken( rsaClause.Rsa );
|
|||
|
return true;
|
|||
|
}
|
|||
|
|
|||
|
if ( _wrappedTokenResolver.TryResolveToken( keyIdentifierClause, out token ) )
|
|||
|
{
|
|||
|
return true;
|
|||
|
}
|
|||
|
|
|||
|
return false;
|
|||
|
}
|
|||
|
}
|
|||
|
}
|