Token.IssuerPublicKeyHash

Updated on 20 May 2007 to fix a bug in the code.

In my last post, I complained about the Token class not exposing the public key claim directly. Here's some code that will help you if you simply want to track the public key for a personal card in a user profile. Add this to the Token class and party on.

Here's the code:

// If this code works, Keith wrote it!
string issuerPublicKeyHash;
public string IssuerPublicKeyHash {
    get {
        if (null == issuerPublicKeyHash) {
            issuerPublicKeyHash = computeIssuerPublicKeyHash();
        }
        return issuerPublicKeyHash;
    }
}
string computeIssuerPublicKeyHash() {
    RSA issuerPublicKey = null;
    foreach (ClaimSet cs in m_authorizationContext.ClaimSets) {
        // find the ClaimSet whose issuer is identified by an Rsa key.
        foreach (Claim rsaClaim in cs.Issuer.FindClaims(ClaimTypes.Rsa, Rights.Identity)) {
            issuerPublicKey = (RSA)rsaClaim.Resource;
            break;
        }
        if (null != issuerPublicKey) break;
    }
    if (null == issuerPublicKey) throw new Exception("Couldn't find issuer's RSA claim");
    // hash exponent and modulus, and return base64 encoded string
    RSAParameters keyParams = issuerPublicKey.ExportParameters(false);
    SHA256Managed hashAlg = new SHA256Managed();
    hashAlg.TransformBlock(keyParams.Exponent, 0,
        keyParams.Exponent.Length, null, 0);
    byte[] hash = hashAlg.TransformFinalBlock(keyParams.Modulus, 0,
        keyParams.Modulus.Length);
    return Convert.ToBase64String(hash);
}