private void InternalValidateSignature(Federation.Federation federation, ICredentialVault vault, bool checkTrust = true)
{
if (AuthenticationLevel.Level < AuthenticationLevel.VocesTrustedSystem.Level)
{
throw new ModelException("AuthenticationLevel does not support signature");
}
if (Xassertion == null)
{
throw new ModelException("Assertion not initialized");
}
if (!SealUtilities.CheckAssertionSignature(Xassertion))
{
throw new ModelException("IDCard is not signed!");
}
if (ConfigurationManager.AppSettings.AllKeys.Contains("CheckTrust"))
{
checkTrust = ConfigurationManager.AppSettings["CheckTrust"].ToLower().Equals("true");
}
if (checkTrust)
{
var checkCrl = true;
if (ConfigurationManager.AppSettings.AllKeys.Contains("CheckCrl"))
{
checkCrl = ConfigurationManager.AppSettings["CheckCrl"].ToLower().Equals("true");
}
//Check that Signature is in credentialVault and that no certificate in chain is revoked
if (!SignatureUtil.Validate(Xassertion, federation, vault, checkTrust, checkCrl))
{
throw new ModelException("Signature on IdCard could not be validated");
}
}
}
public void TestSignAndValidateNotTrusted()
{
GenericCredentialVault vault = new GenericCredentialVault();
//Add test certificate to vault
X509Certificate2 newCert = new X509Certificate2(AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "\\Resources\\oces2\\PP\\FOCES_gyldig.p12", "Test1234");
var cert2 = new X509Certificate2(AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "\\Resources\\oces2\\PP\\VOCES_gyldig.p12", "Test1234");
cert2.FriendlyName = vault.ALIAS_SYSTEM;
vault.AddTrustedCertificate(cert2);
var ass = AssertionMaker.MakeAssertionForSTS(newCert);
var signedAss = SealUtilities.SignAssertion(ass, newCert);
var signedXml = Serialize(signedAss);
try
{
SignatureUtil.Validate(signedXml.Root, null, vault, true, true);
}
catch (Exception e)
{
//Assert.IsInstanceOfType(e, typeof(ModelException));
}
}
private bool SignAndValidate(X509Certificate2 cert, bool checkTrust, bool checkRevoked)
{
GenericCredentialVault vault = new GenericCredentialVault();
cert.FriendlyName = vault.ALIAS_SYSTEM;
vault.AddTrustedCertificate(cert);
var ass = AssertionMaker.MakeAssertionForSTS(cert);
var signedAss = SealUtilities.SignAssertion(ass, cert);
var signedXml = Serialize(signedAss);
return(SignatureUtil.Validate(signedXml.Root, null, vault, checkTrust, checkRevoked));
}
/// <summary>
/// Checks the signature on the <see cref="OioWsTrustRequest"/> and whether the signing certificate is trusted.
/// </summary>
/// <param name="vault">The CredentialVault containing trusted certificates used to check trust for the <see cref="OioWsTrustRequest"/>.</param>
public void ValidateSignatureAndTrust(ICredentialVault vault)
{
var checkTrust = false;
if (ConfigurationManager.AppSettings.AllKeys.Contains("CheckTrust"))
{
checkTrust = ConfigurationManager.AppSettings["CheckTrust"].ToLower().Equals("true");
}
var checkCrl = false;
if (ConfigurationManager.AppSettings.AllKeys.Contains("CheckCrl"))
{
checkCrl = ConfigurationManager.AppSettings["CheckCrl"].ToLower().Equals("true");
}
if (!SignatureUtil.Validate(dom, null, vault, checkTrust, checkCrl))
{
throw new ModelBuildException("Liberty signature could not be validated");
}
}
