PageRenderTime 59ms CodeModel.GetById 12ms RepoModel.GetById 1ms app.codeStats 0ms

/mcs/class/referencesource/System.IdentityModel/System/IdentityModel/Tokens/X509CertificateStoreTokenResolver.cs

https://github.com/pruiz/mono
C# | 222 lines | 153 code | 21 blank | 48 comment | 34 complexity | 5e88e0453f1d55692afd3d4d9ab61564 MD5 | raw file
Possible License(s): LGPL-2.0, MPL-2.0-no-copyleft-exception, CC-BY-SA-3.0, GPL-2.0
  1. //-----------------------------------------------------------------------
  2. // <copyright file="X509CertificateStoreTokenResolver.cs" company="Microsoft">
  3. // Copyright (c) Microsoft Corporation. All rights reserved.
  4. // </copyright>
  5. //-----------------------------------------------------------------------
  6. namespace System.IdentityModel.Tokens
  7. {
  8. using System;
  9. using System.Collections.Generic;
  10. using System.IdentityModel.Selectors;
  11. using System.Security.Cryptography.X509Certificates;
  12. using System.Text;
  13. /// <summary>
  14. /// Token Resolver that can resolve X509SecurityTokens against a given X.509 Certificate Store.
  15. /// </summary>
  16. public class X509CertificateStoreTokenResolver : SecurityTokenResolver
  17. {
  18. private string storeName;
  19. private StoreLocation storeLocation;
  20. /// <summary>
  21. /// Initializes an instance of <see cref="X509CertificateStoreTokenResolver"/>
  22. /// </summary>
  23. public X509CertificateStoreTokenResolver()
  24. : this(System.Security.Cryptography.X509Certificates.StoreName.My, StoreLocation.LocalMachine)
  25. {
  26. }
  27. /// <summary>
  28. /// Initializes an instance of <see cref="X509CertificateStoreTokenResolver"/>
  29. /// </summary>
  30. /// <param name="storeName">StoreName of the X.509 Certificate Store.</param>
  31. /// <param name="storeLocation">StoreLocation of the X.509 Certificate store.</param>
  32. public X509CertificateStoreTokenResolver(StoreName storeName, StoreLocation storeLocation)
  33. : this(Enum.GetName(typeof(System.Security.Cryptography.X509Certificates.StoreName), storeName), storeLocation)
  34. {
  35. }
  36. /// <summary>
  37. /// Initializes an instance of <see cref="X509CertificateStoreTokenResolver"/>
  38. /// </summary>
  39. /// <param name="storeName">StoreName of the X.509 Certificate Store.</param>
  40. /// <param name="storeLocation">StoreLocation of the X.509 Certificate store.</param>
  41. public X509CertificateStoreTokenResolver(string storeName, StoreLocation storeLocation)
  42. {
  43. if (string.IsNullOrEmpty(storeName))
  44. {
  45. throw DiagnosticUtility.ThrowHelperArgumentNullOrEmptyString("storeName");
  46. }
  47. this.storeName = storeName;
  48. this.storeLocation = storeLocation;
  49. }
  50. /// <summary>
  51. /// Gets the StoreName used by this TokenResolver.
  52. /// </summary>
  53. public string StoreName
  54. {
  55. get { return this.storeName; }
  56. }
  57. /// <summary>
  58. /// Gets the StoreLocation used by this TokenResolver.
  59. /// </summary>
  60. public StoreLocation StoreLocation
  61. {
  62. get { return this.storeLocation; }
  63. }
  64. /// <summary>
  65. /// Resolves the given SecurityKeyIdentifierClause to a SecurityKey.
  66. /// </summary>
  67. /// <param name="keyIdentifierClause">SecurityKeyIdentifierClause to resolve</param>
  68. /// <param name="key">The resolved SecurityKey.</param>
  69. /// <returns>True if successfully resolved.</returns>
  70. /// <exception cref="ArgumentNullException">The input argument 'keyIdentifierClause' is null.</exception>
  71. protected override bool TryResolveSecurityKeyCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityKey key)
  72. {
  73. if (keyIdentifierClause == null)
  74. {
  75. throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("keyIdentifierClause");
  76. }
  77. key = null;
  78. EncryptedKeyIdentifierClause encryptedKeyIdentifierClause = keyIdentifierClause as EncryptedKeyIdentifierClause;
  79. if (encryptedKeyIdentifierClause != null)
  80. {
  81. SecurityKeyIdentifier keyIdentifier = encryptedKeyIdentifierClause.EncryptingKeyIdentifier;
  82. if (keyIdentifier != null && keyIdentifier.Count > 0)
  83. {
  84. for (int i = 0; i < keyIdentifier.Count; i++)
  85. {
  86. SecurityKey unwrappingSecurityKey = null;
  87. if (TryResolveSecurityKey(keyIdentifier[i], out unwrappingSecurityKey))
  88. {
  89. byte[] wrappedKey = encryptedKeyIdentifierClause.GetEncryptedKey();
  90. string wrappingAlgorithm = encryptedKeyIdentifierClause.EncryptionMethod;
  91. byte[] unwrappedKey = unwrappingSecurityKey.DecryptKey(wrappingAlgorithm, wrappedKey);
  92. key = new InMemorySymmetricSecurityKey(unwrappedKey, false);
  93. return true;
  94. }
  95. }
  96. }
  97. }
  98. else
  99. {
  100. SecurityToken token = null;
  101. if (TryResolveToken(keyIdentifierClause, out token))
  102. {
  103. if (token.SecurityKeys.Count > 0)
  104. {
  105. key = token.SecurityKeys[0];
  106. return true;
  107. }
  108. }
  109. }
  110. return false;
  111. }
  112. /// <summary>
  113. /// Resolves the given SecurityKeyIdentifier to a SecurityToken.
  114. /// </summary>
  115. /// <param name="keyIdentifier">SecurityKeyIdentifier to resolve.</param>
  116. /// <param name="token">The resolved SecurityToken.</param>
  117. /// <returns>True if successfully resolved.</returns>
  118. /// <exception cref="ArgumentNullException">The input argument 'keyIdentifier' is null.</exception>
  119. protected override bool TryResolveTokenCore(SecurityKeyIdentifier keyIdentifier, out SecurityToken token)
  120. {
  121. if (keyIdentifier == null)
  122. {
  123. throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("keyIdentifier");
  124. }
  125. token = null;
  126. foreach (SecurityKeyIdentifierClause clause in keyIdentifier)
  127. {
  128. if (TryResolveToken(clause, out token))
  129. {
  130. return true;
  131. }
  132. }
  133. return false;
  134. }
  135. /// <summary>
  136. /// Resolves the given SecurityKeyIdentifierClause to a SecurityToken.
  137. /// </summary>
  138. /// <param name="keyIdentifierClause">SecurityKeyIdentifierClause to resolve.</param>
  139. /// <param name="token">The resolved SecurityToken.</param>
  140. /// <returns>True if successfully resolved.</returns>
  141. /// <exception cref="ArgumentNullException">The input argument 'keyIdentifierClause' is null.</exception>
  142. protected override bool TryResolveTokenCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityToken token)
  143. {
  144. if (keyIdentifierClause == null)
  145. {
  146. throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("keyIdentifierClause");
  147. }
  148. token = null;
  149. X509Store store = null;
  150. X509Certificate2Collection certs = null;
  151. try
  152. {
  153. store = new X509Store(this.storeName, this.storeLocation);
  154. store.Open(OpenFlags.ReadOnly);
  155. certs = store.Certificates;
  156. foreach (X509Certificate2 cert in certs)
  157. {
  158. X509ThumbprintKeyIdentifierClause thumbprintKeyIdentifierClause = keyIdentifierClause as X509ThumbprintKeyIdentifierClause;
  159. if (thumbprintKeyIdentifierClause != null && thumbprintKeyIdentifierClause.Matches(cert))
  160. {
  161. token = new X509SecurityToken(cert);
  162. return true;
  163. }
  164. X509IssuerSerialKeyIdentifierClause issuerSerialKeyIdentifierClause = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause;
  165. if (issuerSerialKeyIdentifierClause != null && issuerSerialKeyIdentifierClause.Matches(cert))
  166. {
  167. token = new X509SecurityToken(cert);
  168. return true;
  169. }
  170. X509SubjectKeyIdentifierClause subjectKeyIdentifierClause = keyIdentifierClause as X509SubjectKeyIdentifierClause;
  171. if (subjectKeyIdentifierClause != null && subjectKeyIdentifierClause.Matches(cert))
  172. {
  173. token = new X509SecurityToken(cert);
  174. return true;
  175. }
  176. X509RawDataKeyIdentifierClause rawDataKeyIdentifierClause = keyIdentifierClause as X509RawDataKeyIdentifierClause;
  177. if (rawDataKeyIdentifierClause != null && rawDataKeyIdentifierClause.Matches(cert))
  178. {
  179. token = new X509SecurityToken(cert);
  180. return true;
  181. }
  182. }
  183. }
  184. finally
  185. {
  186. if (certs != null)
  187. {
  188. for (int i = 0; i < certs.Count; i++)
  189. {
  190. certs[i].Reset();
  191. }
  192. }
  193. if (store != null)
  194. {
  195. store.Close();
  196. }
  197. }
  198. return false;
  199. }
  200. }
  201. }