|
//-----------------------------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
//-----------------------------------------------------------------------------
namespace System.ServiceModel.Security.Tokens
{
using System.IdentityModel.Tokens;
using System.ServiceModel;
using System.IdentityModel.Selectors;
using System.ServiceModel.Security;
using System.Text;
using System.Globalization;
public class X509SecurityTokenParameters : SecurityTokenParameters
{
internal const X509KeyIdentifierClauseType defaultX509ReferenceStyle = X509KeyIdentifierClauseType.Any;
X509KeyIdentifierClauseType x509ReferenceStyle;
protected X509SecurityTokenParameters(X509SecurityTokenParameters other)
: base(other)
{
this.x509ReferenceStyle = other.x509ReferenceStyle;
}
public X509SecurityTokenParameters()
: this(X509SecurityTokenParameters.defaultX509ReferenceStyle, SecurityTokenParameters.defaultInclusionMode)
{
// empty
}
public X509SecurityTokenParameters(X509KeyIdentifierClauseType x509ReferenceStyle)
: this(x509ReferenceStyle, SecurityTokenParameters.defaultInclusionMode)
{
// empty
}
public X509SecurityTokenParameters(X509KeyIdentifierClauseType x509ReferenceStyle, SecurityTokenInclusionMode inclusionMode)
: this(x509ReferenceStyle, inclusionMode, SecurityTokenParameters.defaultRequireDerivedKeys)
{
}
internal X509SecurityTokenParameters(X509KeyIdentifierClauseType x509ReferenceStyle, SecurityTokenInclusionMode inclusionMode,
bool requireDerivedKeys)
: base()
{
this.X509ReferenceStyle = x509ReferenceStyle;
this.InclusionMode = inclusionMode;
this.RequireDerivedKeys = requireDerivedKeys;
}
internal protected override bool HasAsymmetricKey { get { return true; } }
public X509KeyIdentifierClauseType X509ReferenceStyle
{
get
{
return this.x509ReferenceStyle;
}
set
{
X509SecurityTokenReferenceStyleHelper.Validate(value);
this.x509ReferenceStyle = value;
}
}
internal protected override bool SupportsClientAuthentication { get { return true; } }
internal protected override bool SupportsServerAuthentication { get { return true; } }
internal protected override bool SupportsClientWindowsIdentity { get { return true; } }
protected override SecurityTokenParameters CloneCore()
{
return new X509SecurityTokenParameters(this);
}
internal protected override SecurityKeyIdentifierClause CreateKeyIdentifierClause(SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
SecurityKeyIdentifierClause result = null;
switch (this.x509ReferenceStyle)
{
default:
case X509KeyIdentifierClauseType.Any:
if (referenceStyle == SecurityTokenReferenceStyle.External)
{
X509SecurityToken x509Token = token as X509SecurityToken;
if (x509Token != null)
{
X509SubjectKeyIdentifierClause x509KeyIdentifierClause;
if (X509SubjectKeyIdentifierClause.TryCreateFrom(x509Token.Certificate, out x509KeyIdentifierClause))
{
result = x509KeyIdentifierClause;
}
}
else
{
X509WindowsSecurityToken windowsX509Token = token as X509WindowsSecurityToken;
if (windowsX509Token != null)
{
X509SubjectKeyIdentifierClause x509KeyIdentifierClause;
if (X509SubjectKeyIdentifierClause.TryCreateFrom(windowsX509Token.Certificate, out x509KeyIdentifierClause))
{
result = x509KeyIdentifierClause;
}
}
}
if (result == null)
result = token.CreateKeyIdentifierClause<X509IssuerSerialKeyIdentifierClause>();
if (result == null)
result = token.CreateKeyIdentifierClause<X509ThumbprintKeyIdentifierClause>();
}
else
result = token.CreateKeyIdentifierClause<LocalIdKeyIdentifierClause>();
break;
case X509KeyIdentifierClauseType.Thumbprint:
result = this.CreateKeyIdentifierClause<X509ThumbprintKeyIdentifierClause, LocalIdKeyIdentifierClause>(token, referenceStyle);
break;
case X509KeyIdentifierClauseType.SubjectKeyIdentifier:
result = this.CreateKeyIdentifierClause<X509SubjectKeyIdentifierClause, LocalIdKeyIdentifierClause>(token, referenceStyle);
break;
case X509KeyIdentifierClauseType.IssuerSerial:
result = this.CreateKeyIdentifierClause<X509IssuerSerialKeyIdentifierClause, LocalIdKeyIdentifierClause>(token, referenceStyle);
break;
case X509KeyIdentifierClauseType.RawDataKeyIdentifier:
result = this.CreateKeyIdentifierClause<X509RawDataKeyIdentifierClause, LocalIdKeyIdentifierClause>(token, referenceStyle);
break;
}
return result;
}
protected internal override void InitializeSecurityTokenRequirement(SecurityTokenRequirement requirement)
{
requirement.TokenType = SecurityTokenTypes.X509Certificate;
requirement.RequireCryptographicToken = true;
requirement.KeyType = SecurityKeyType.AsymmetricKey;
}
public override string ToString()
{
StringBuilder sb = new StringBuilder();
sb.AppendLine(base.ToString());
sb.Append(String.Format(CultureInfo.InvariantCulture, "X509ReferenceStyle: {0}", this.x509ReferenceStyle.ToString()));
return sb.ToString();
}
}
}
|