//------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //------------------------------------------------------------ namespace System.IdentityModel.Tokens { using System.Collections.Generic; using System.Collections.ObjectModel; using System.Security.Cryptography.X509Certificates; public class X509SecurityToken : SecurityToken, IDisposable { string id; X509Certificate2 certificate; ReadOnlyCollection securityKeys; DateTime effectiveTime = SecurityUtils.MaxUtcDateTime; DateTime expirationTime = SecurityUtils.MinUtcDateTime; bool disposed = false; bool disposable; public X509SecurityToken(X509Certificate2 certificate) : this(certificate, SecurityUniqueId.Create().Value) { } public X509SecurityToken(X509Certificate2 certificate, string id) : this(certificate, id, true) { } internal X509SecurityToken(X509Certificate2 certificate, bool clone) : this(certificate, SecurityUniqueId.Create().Value, clone) { } internal X509SecurityToken(X509Certificate2 certificate, bool clone, bool disposable) : this(certificate, SecurityUniqueId.Create().Value, clone, disposable) { } internal X509SecurityToken(X509Certificate2 certificate, string id, bool clone) : this(certificate, id, clone, true) { } internal X509SecurityToken(X509Certificate2 certificate, string id, bool clone, bool disposable) { if (certificate == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("certificate"); if (id == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("id"); this.id = id; this.certificate = clone ? new X509Certificate2(certificate) : certificate; // if the cert needs to be cloned then the token owns the clone and should dispose it this.disposable = clone || disposable; } public override string Id { get { return this.id; } } public override ReadOnlyCollection SecurityKeys { get { ThrowIfDisposed(); if (this.securityKeys == null) { List temp = new List(1); temp.Add(new X509AsymmetricSecurityKey(this.certificate)); this.securityKeys = temp.AsReadOnly(); } return this.securityKeys; } } public override DateTime ValidFrom { get { ThrowIfDisposed(); if (this.effectiveTime == SecurityUtils.MaxUtcDateTime) this.effectiveTime = this.certificate.NotBefore.ToUniversalTime(); return this.effectiveTime; } } public override DateTime ValidTo { get { ThrowIfDisposed(); if (this.expirationTime == SecurityUtils.MinUtcDateTime) this.expirationTime = this.certificate.NotAfter.ToUniversalTime(); return this.expirationTime; } } public X509Certificate2 Certificate { get { ThrowIfDisposed(); return this.certificate; } } public override bool CanCreateKeyIdentifierClause() { ThrowIfDisposed(); if (typeof(T) == typeof(X509SubjectKeyIdentifierClause)) return X509SubjectKeyIdentifierClause.CanCreateFrom(certificate); return typeof(T) == typeof(X509ThumbprintKeyIdentifierClause) || typeof(T) == typeof(X509IssuerSerialKeyIdentifierClause) || typeof(T) == typeof(X509RawDataKeyIdentifierClause) || base.CanCreateKeyIdentifierClause(); } public override T CreateKeyIdentifierClause() { ThrowIfDisposed(); if (typeof(T) == typeof(X509SubjectKeyIdentifierClause)) { X509SubjectKeyIdentifierClause x509KeyIdentifierClause; if (X509SubjectKeyIdentifierClause.TryCreateFrom(certificate, out x509KeyIdentifierClause)) return x509KeyIdentifierClause as T; } else if (typeof(T) == typeof(X509ThumbprintKeyIdentifierClause)) { return new X509ThumbprintKeyIdentifierClause(certificate) as T; } else if (typeof(T) == typeof(X509IssuerSerialKeyIdentifierClause)) { return new X509IssuerSerialKeyIdentifierClause(certificate) as T; } else if (typeof(T) == typeof(X509RawDataKeyIdentifierClause)) { return new X509RawDataKeyIdentifierClause(certificate) as T; } return base.CreateKeyIdentifierClause(); } public override bool MatchesKeyIdentifierClause(SecurityKeyIdentifierClause keyIdentifierClause) { ThrowIfDisposed(); X509SubjectKeyIdentifierClause subjectKeyIdentifierClause = keyIdentifierClause as X509SubjectKeyIdentifierClause; if (subjectKeyIdentifierClause != null) return subjectKeyIdentifierClause.Matches(certificate); X509ThumbprintKeyIdentifierClause thumbprintKeyIdentifierClause = keyIdentifierClause as X509ThumbprintKeyIdentifierClause; if (thumbprintKeyIdentifierClause != null) return thumbprintKeyIdentifierClause.Matches(certificate); X509IssuerSerialKeyIdentifierClause issuerKeyIdentifierClause = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause; if (issuerKeyIdentifierClause != null) return issuerKeyIdentifierClause.Matches(certificate); X509RawDataKeyIdentifierClause rawCertKeyIdentifierClause = keyIdentifierClause as X509RawDataKeyIdentifierClause; if (rawCertKeyIdentifierClause != null) return rawCertKeyIdentifierClause.Matches(certificate); return base.MatchesKeyIdentifierClause(keyIdentifierClause); } public virtual void Dispose() { if (this.disposable && !this.disposed) { this.disposed = true; this.certificate.Reset(); } } protected void ThrowIfDisposed() { if (this.disposed) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ObjectDisposedException(this.GetType().FullName)); } } } }