//------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //------------------------------------------------------------ namespace System.IdentityModel.Tokens { using System.Globalization; using System.Security.Cryptography.X509Certificates; public class X509SubjectKeyIdentifierClause : BinaryKeyIdentifierClause { const string SubjectKeyIdentifierOid = "2.5.29.14"; const int SkiDataOffset = 2; public X509SubjectKeyIdentifierClause(byte[] ski) : this(ski, true) { } internal X509SubjectKeyIdentifierClause(byte[] ski, bool cloneBuffer) : base(null, ski, cloneBuffer) { } static byte[] GetSkiRawData(X509Certificate2 certificate) { if (certificate == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("certificate"); X509SubjectKeyIdentifierExtension skiExtension = certificate.Extensions[SubjectKeyIdentifierOid] as X509SubjectKeyIdentifierExtension; if (skiExtension != null) { return skiExtension.RawData; } else { return null; } } public byte[] GetX509SubjectKeyIdentifier() { return GetBuffer(); } public bool Matches(X509Certificate2 certificate) { if (certificate == null) return false; byte[] data = GetSkiRawData(certificate); return data != null && Matches(data, SkiDataOffset); } public static bool TryCreateFrom(X509Certificate2 certificate, out X509SubjectKeyIdentifierClause keyIdentifierClause) { byte[] data = GetSkiRawData(certificate); keyIdentifierClause = null; if (data != null) { byte[] ski = SecurityUtils.CloneBuffer(data, SkiDataOffset, data.Length - SkiDataOffset); keyIdentifierClause = new X509SubjectKeyIdentifierClause(ski, false); } return keyIdentifierClause != null; } public static bool CanCreateFrom(X509Certificate2 certificate) { return null != GetSkiRawData(certificate); } public override string ToString() { return string.Format(CultureInfo.InvariantCulture, "X509SubjectKeyIdentifierClause(SKI = 0x{0})", ToHexString()); } } }