1 //------------------------------------------------------------
2 // Copyright (c) Microsoft Corporation. All rights reserved.
3 //------------------------------------------------------------
5 namespace System.IdentityModel.Tokens
7 using System.Diagnostics;
8 using System.Globalization;
9 using System.Security.Cryptography;
10 using System.Security.Cryptography.X509Certificates;
12 public class X509IssuerSerialKeyIdentifierClause : SecurityKeyIdentifierClause
14 readonly string issuerName;
15 readonly string issuerSerialNumber;
17 public X509IssuerSerialKeyIdentifierClause(string issuerName, string issuerSerialNumber)
20 if (string.IsNullOrEmpty(issuerName))
21 throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("issuerName");
22 if (string.IsNullOrEmpty(issuerSerialNumber))
23 throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("issuerSerialNumber");
25 this.issuerName = issuerName;
26 this.issuerSerialNumber = issuerSerialNumber;
29 public X509IssuerSerialKeyIdentifierClause(X509Certificate2 certificate)
32 if (certificate == null)
33 throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("certificate");
35 this.issuerName = certificate.Issuer;
36 this.issuerSerialNumber = Asn1IntegerConverter.Asn1IntegerToDecimalString(certificate.GetSerialNumber());
39 public string IssuerName
41 get { return this.issuerName; }
44 public string IssuerSerialNumber
46 get { return this.issuerSerialNumber; }
49 public override bool Matches(SecurityKeyIdentifierClause keyIdentifierClause)
51 X509IssuerSerialKeyIdentifierClause that = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause;
53 // PreSharp Bug: Parameter 'that' to this public method must be validated: A null-dereference can occur here.
54 #pragma warning suppress 56506
55 return ReferenceEquals(this, that) || (that != null && that.Matches(this.issuerName, this.issuerSerialNumber));
58 public bool Matches(X509Certificate2 certificate)
60 if (certificate == null)
63 return Matches(certificate.Issuer, Asn1IntegerConverter.Asn1IntegerToDecimalString(certificate.GetSerialNumber()));
66 public bool Matches(string issuerName, string issuerSerialNumber)
68 if (issuerName == null)
73 // If serial numbers dont match, we can avoid the potentially expensive issuer name comparison
74 if (this.issuerSerialNumber != issuerSerialNumber)
79 // Serial numbers match. Do a string comparison of issuer names
80 if (this.issuerName == issuerName)
85 // String equality comparison for issuer names failed
86 // Do a byte-level comparison of the X500 distinguished names corresponding to the issuer names.
87 // X500DistinguishedName constructor can throw for malformed inputs
88 bool x500IssuerNameMatch = false;
91 if (CryptoHelper.IsEqual(new X500DistinguishedName(this.issuerName).RawData,
92 new X500DistinguishedName(issuerName).RawData))
94 x500IssuerNameMatch = true;
97 catch (CryptographicException e)
99 // Absorb and log exception. Fallthrough and return false from method.
100 DiagnosticUtility.TraceHandledException(e, TraceEventType.Warning);
103 return x500IssuerNameMatch;
106 public override string ToString()
108 return string.Format(CultureInfo.InvariantCulture, "X509IssuerSerialKeyIdentifierClause(Issuer = '{0}', Serial = '{1}')",
109 this.IssuerName, this.IssuerSerialNumber);