mcs/class/System.IdentityModel/System.IdentityModel.Tokens/X509SecurityToken.cs

   1 //
   2 // X509SecurityToken.cs
   3 //
   4 // Author:
   5 //      Atsushi Enomoto <atsushi@ximian.com>
   6 //
   7 // Copyright (C) 2006 Novell, Inc.  http://www.novell.com
   8 //
   9 // Permission is hereby granted, free of charge, to any person obtaining
  10 // a copy of this software and associated documentation files (the
  11 // "Software"), to deal in the Software without restriction, including
  12 // without limitation the rights to use, copy, modify, merge, publish,
  13 // distribute, sublicense, and/or sell copies of the Software, and to
  14 // permit persons to whom the Software is furnished to do so, subject to
  15 // the following conditions:
  16 //
  17 // The above copyright notice and this permission notice shall be
  18 // included in all copies or substantial portions of the Software.
  19 //
  20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
  24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
  25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  27 //
  28 using System;
  29 using System.Collections.ObjectModel;
  30 using System.Xml;
  31 using System.IdentityModel.Policy;
  32 using System.Security.Cryptography.X509Certificates;
  33
  34 namespace System.IdentityModel.Tokens
  35 {
  36         public class X509SecurityToken : SecurityToken, IDisposable
  37         {
  38                 public X509SecurityToken (X509Certificate2 certificate)
  39                         : this (certificate, "uuid:" + Guid.NewGuid ().ToString ())
  40                 {
  41                 }
  42
  43                 public X509SecurityToken (X509Certificate2 certificate, string id)
  44                 {
  45                         if (certificate == null)
  46                                 throw new ArgumentNullException ("certificate");
  47                         if (id == null)
  48                                 throw new ArgumentNullException ("id");
  49                         this.cert = certificate;
  50                         this.id = id;
  51                 }
  52
  53                 X509Certificate2 cert;
  54                 string id;
  55                 ReadOnlyCollection<SecurityKey> keys;
  56
  57                 public X509Certificate2 Certificate {
  58                         get { return cert; }
  59                 }
  60
  61                 public override DateTime ValidFrom {
  62                         get { return cert.NotBefore.ToUniversalTime (); }
  63                 }
  64
  65                 public override DateTime ValidTo {
  66                         get { return cert.NotAfter.ToUniversalTime (); }
  67                 }
  68
  69                 public override string Id {
  70                         get { return id; }
  71                 }
  72
  73                 public virtual void Dispose ()
  74                 {
  75                         cert.Reset ();
  76                         cert = null;
  77                 }
  78
  79                 public override ReadOnlyCollection<SecurityKey> SecurityKeys {
  80                         get {
  81                                 if (keys == null)
  82                                         keys = new ReadOnlyCollection<SecurityKey> (new SecurityKey [] {new X509AsymmetricSecurityKey (cert)});
  83                                 return keys;
  84                         }
  85                 }
  86
  87                 public override bool CanCreateKeyIdentifierClause<T> ()
  88                 {
  89                         Type t = typeof (T);
  90                         return
  91 //                              t == typeof (X509SubjectKeyIdentifierClause) ||
  92                                 t == typeof (X509ThumbprintKeyIdentifierClause) ||
  93                                 t == typeof (X509IssuerSerialKeyIdentifierClause) ||
  94                                 t == typeof (X509RawDataKeyIdentifierClause);
  95                 }
  96
  97                 public override T CreateKeyIdentifierClause<T> ()
  98                 {
  99                         Type t = typeof (T);
 100 //                      if (t == typeof (X509SubjectKeyIdentifierClause))
 101 //                              return (T) (object) new X509SubjectKeyIdentifierClause (cert.SubjectName.RawData);
 102                         if (t == typeof (X509ThumbprintKeyIdentifierClause))
 103                                 return (T) (object) new X509ThumbprintKeyIdentifierClause (cert);
 104                         if (t == typeof (X509IssuerSerialKeyIdentifierClause))
 105                                 return (T) (object) new X509IssuerSerialKeyIdentifierClause (cert);
 106                         if (t == typeof (X509RawDataKeyIdentifierClause))
 107                                 return (T) (object) new X509RawDataKeyIdentifierClause (cert);
 108
 109                         throw new NotSupportedException (String.Format ("X509SecurityToken does not support creation of {0}.", t));
 110                 }
 111
 112                 [MonoTODO]
 113                 public override bool MatchesKeyIdentifierClause (
 114                         SecurityKeyIdentifierClause skiClause)
 115                 {
 116                         LocalIdKeyIdentifierClause l =
 117                                 skiClause as LocalIdKeyIdentifierClause;
 118                         if (l != null)
 119                                 return l.LocalId == Id;
 120
 121                         X509ThumbprintKeyIdentifierClause t =
 122                                 skiClause as X509ThumbprintKeyIdentifierClause;
 123                         if (t != null)
 124                                 return t.Matches (cert);
 125                         X509IssuerSerialKeyIdentifierClause i =
 126                                 skiClause as X509IssuerSerialKeyIdentifierClause;
 127                         if (i != null)
 128                                 return i.Matches (cert);
 129                         X509SubjectKeyIdentifierClause s =
 130                                 skiClause as X509SubjectKeyIdentifierClause;
 131                         if (s != null)
 132                                 return s.Matches (cert);
 133                         X509RawDataKeyIdentifierClause r =
 134                                 skiClause as X509RawDataKeyIdentifierClause;
 135                         if (r != null)
 136                                 return r.Matches (cert);
 137
 138                         return false;
 139                 }
 140
 141                 protected void ThrowIfDisposed ()
 142                 {
 143                         if (cert == null)
 144                                 throw new ObjectDisposedException ("This X509SecurityToken has already been disposed.");
 145                 }
 146         }
 147 }