2 // X509SecurityToken.cs
5 // Atsushi Enomoto <atsushi@ximian.com>
7 // Copyright (C) 2006 Novell, Inc. http://www.novell.com
9 // Permission is hereby granted, free of charge, to any person obtaining
10 // a copy of this software and associated documentation files (the
11 // "Software"), to deal in the Software without restriction, including
12 // without limitation the rights to use, copy, modify, merge, publish,
13 // distribute, sublicense, and/or sell copies of the Software, and to
14 // permit persons to whom the Software is furnished to do so, subject to
15 // the following conditions:
17 // The above copyright notice and this permission notice shall be
18 // included in all copies or substantial portions of the Software.
20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 using System.Collections.ObjectModel;
31 using System.IdentityModel.Policy;
32 using System.Security.Cryptography.X509Certificates;
34 namespace System.IdentityModel.Tokens
36 public class X509SecurityToken : SecurityToken, IDisposable
38 public X509SecurityToken (X509Certificate2 certificate)
39 : this (certificate, "uuid:" + Guid.NewGuid ().ToString ())
43 public X509SecurityToken (X509Certificate2 certificate, string id)
45 if (certificate == null)
46 throw new ArgumentNullException ("certificate");
48 throw new ArgumentNullException ("id");
49 this.cert = certificate;
53 X509Certificate2 cert;
55 ReadOnlyCollection<SecurityKey> keys;
57 public X509Certificate2 Certificate {
61 public override DateTime ValidFrom {
62 get { return cert.NotBefore.ToUniversalTime (); }
65 public override DateTime ValidTo {
66 get { return cert.NotAfter.ToUniversalTime (); }
69 public override string Id {
73 public virtual void Dispose ()
79 public override ReadOnlyCollection<SecurityKey> SecurityKeys {
82 keys = new ReadOnlyCollection<SecurityKey> (new SecurityKey [] {new X509AsymmetricSecurityKey (cert)});
87 public override bool CanCreateKeyIdentifierClause<T> ()
91 // t == typeof (X509SubjectKeyIdentifierClause) ||
92 t == typeof (X509ThumbprintKeyIdentifierClause) ||
93 t == typeof (X509IssuerSerialKeyIdentifierClause) ||
94 t == typeof (X509RawDataKeyIdentifierClause);
97 public override T CreateKeyIdentifierClause<T> ()
100 // if (t == typeof (X509SubjectKeyIdentifierClause))
101 // return (T) (object) new X509SubjectKeyIdentifierClause (cert.SubjectName.RawData);
102 if (t == typeof (X509ThumbprintKeyIdentifierClause))
103 return (T) (object) new X509ThumbprintKeyIdentifierClause (cert);
104 if (t == typeof (X509IssuerSerialKeyIdentifierClause))
105 return (T) (object) new X509IssuerSerialKeyIdentifierClause (cert);
106 if (t == typeof (X509RawDataKeyIdentifierClause))
107 return (T) (object) new X509RawDataKeyIdentifierClause (cert);
109 throw new NotSupportedException (String.Format ("X509SecurityToken does not support creation of {0}.", t));
113 public override bool MatchesKeyIdentifierClause (
114 SecurityKeyIdentifierClause skiClause)
116 LocalIdKeyIdentifierClause l =
117 skiClause as LocalIdKeyIdentifierClause;
119 return l.LocalId == Id;
121 X509ThumbprintKeyIdentifierClause t =
122 skiClause as X509ThumbprintKeyIdentifierClause;
124 return t.Matches (cert);
125 X509IssuerSerialKeyIdentifierClause i =
126 skiClause as X509IssuerSerialKeyIdentifierClause;
128 return i.Matches (cert);
129 X509SubjectKeyIdentifierClause s =
130 skiClause as X509SubjectKeyIdentifierClause;
132 return s.Matches (cert);
133 X509RawDataKeyIdentifierClause r =
134 skiClause as X509RawDataKeyIdentifierClause;
136 return r.Matches (cert);
141 protected void ThrowIfDisposed ()
144 throw new ObjectDisposedException ("This X509SecurityToken has already been disposed.");