Beispiel #1
0
        internal static bool VerifyDetachedSignature(
            string detachedSignature,
            string detachedSignatureAlgorithm,
            string signedQueryString,
            string certIdentifier
            )
        {
            if (string.IsNullOrWhiteSpace(detachedSignature))
            {
                throw new ArgumentException("DetachedSignature not mentioned");
            }

            // Check that we have a signature algorithm, if not throw error
            if (string.IsNullOrWhiteSpace(detachedSignatureAlgorithm))
            {
                throw new ArgumentException("DetachedSignature not mentioned");
            }

            X509Certificate2           samlEncryptionAndSigningKey = SignMessage.GetSamlEncryptionAndSigningKey(certIdentifier);
            X509Certificate2Collection publicKeys = new X509Certificate2Collection();

            publicKeys.Add(samlEncryptionAndSigningKey);

            object hashAlgorithmProvider = GetAlgorithmProvider(detachedSignatureAlgorithm);

            try
            {
                // Now verify
                return(IsValidDetachedSignature(
                           signedQueryString,
                           hashAlgorithmProvider,
                           detachedSignature,
                           publicKeys));
            }
            finally
            {
                IDisposable hashAlgorithmProviderDisp = hashAlgorithmProvider as IDisposable;
                if (hashAlgorithmProviderDisp != null)
                {
                    hashAlgorithmProviderDisp.Dispose();
                }
            }
        }
Beispiel #2
0
        /// <summary>
        /// Gets SamlSigned RedirectUrl
        /// </summary>
        /// <param name="destination"></param>
        /// <param name="samlPayLoad"></param>
        /// <param name="relayStateInput"></param>
        /// <param name="signatureAlogrithm"></param>
        /// <param name="certSubject"></param>
        /// <returns></returns>
        public static UrlBuilder GetSamlSignedRedirectUrl
        (
            string destination,
            string samlPayLoad,
            string relayStateInput,
            string signatureAlogrithm,
            string certSubject
        )
        {
            UrlBuilder redirectUrl = new UrlBuilder()
            {
                Uri = new Uri(destination)
            };

            // Add the request parameters to the URL builder
            redirectUrl.AddOrUpdateParameter("SAMLRequest", samlPayLoad.RedirectEncode());

            if (!string.IsNullOrWhiteSpace(relayStateInput))
            {
                redirectUrl.AddOrUpdateParameter("RelayState", relayStateInput.RedirectEncode());
            }

            // Save signature algorithm
            SignMessage.SignatureAlgorithm sigAlgorithm = (SignMessage.SignatureAlgorithm)Enum.Parse(typeof(SignMessage.SignatureAlgorithm), signatureAlogrithm, true);

            AddSignatureToRequest(redirectUrl, sigAlgorithm);

            X509Certificate2 samlEncryptionAndSigningKey = SignMessage.GetSamlEncryptionAndSigningKey(certSubject);

            string signature = SignMessage.SignDetached(redirectUrl.GetQueryString(), samlEncryptionAndSigningKey, sigAlgorithm);

            redirectUrl.AddOrUpdateParameter("Signature", signature);

            string signedSamlRedirectMessage = redirectUrl.ToString();

            return(redirectUrl);
        }