static public byte[] GenerateIDPMetadata(
string baseUrl,
string artifactResolutionServicePath = "/ArtifactResolutionService",
string singleSignonServicePath = "/saml/ssoservice",
string singleLogoutServicePath = "/saml/sloservice"
)
{
var idpCertificate = SAMLController.CertificateManager.GetLocalIdentityProviderSignatureCertificates("default", null).FirstOrDefault();
if (idpCertificate == null)
{
return(null);
}
var artifactResolutionServiceUrl = new UriBuilder(baseUrl);
artifactResolutionServiceUrl.Path = artifactResolutionServicePath;
var singleSignonServiceUrl = new UriBuilder(baseUrl);
singleSignonServiceUrl.Path = singleSignonServicePath;
var singleLogoutServiceUrl = new UriBuilder(baseUrl);
singleLogoutServiceUrl.Path = singleLogoutServicePath;
var entityUrl = new UriBuilder(baseUrl);
entityUrl = new UriBuilder(entityUrl.Scheme, entityUrl.Host);
var descriptor = CreateIDPEntityDescriptor(
idpCertificate,
entityUrl.Uri,
artifactResolutionServiceUrl.Uri,
singleSignonServiceUrl.Uri,
singleLogoutServiceUrl.Uri
);
var xmlElement = descriptor.ToXml();
SAMLMetadataSignature.Generate(xmlElement, idpCertificate.PrivateKey, idpCertificate);
var xmlWriterSettings = new XmlWriterSettings();
xmlWriterSettings.Indent = true;
xmlWriterSettings.Encoding = new UTF8Encoding(false);
var stringWriter = new MemoryStream();
var xmlWriter = XmlWriter.Create(stringWriter, xmlWriterSettings);
xmlElement.OwnerDocument.WriteContentTo(xmlWriter);
xmlWriter.Flush();
stringWriter.Flush();
stringWriter.Position = 0;
return(stringWriter.GetBuffer());
}
private static void VerifyMetadata(XmlElement xmlElement)
{
Console.Error.WriteLine("Verifying SAML metadata");
if (SAMLMetadataSignature.IsSigned(xmlElement))
{
bool verified = SAMLMetadataSignature.Verify(xmlElement, x509Certificate);
Console.Error.WriteLine("Verified: " + verified);
}
else
{
Console.Error.WriteLine("The SAML metadata isn't signed");
}
}
static void Main(string[] args)
{
// Create an IdP entity descriptor
EntityDescriptor idpEntityDescriptor = CreateIDPEntityDescriptor();
// Convert the IdP entity descriptor to XML
XmlElement xmlElement = idpEntityDescriptor.ToXml();
string s = xmlElement.OuterXml;
Console.WriteLine(s);
// Sign the IdP entity descriptor
X509Certificate2 x509Certificate = new X509Certificate2(idpPrivateKeyFileName, privateKeyFilePassword);
SAMLMetadataSignature.Generate(xmlElement, x509Certificate.PrivateKey, x509Certificate);
Console.WriteLine(xmlElement.OuterXml);
// Verify the IdP entity descriptor signature
if (!SAMLMetadataSignature.Verify(xmlElement))
{
throw new ArgumentException("The IdP entity descriptor signature failed to verify");
}
// Read the IdP entity descriptor
ReadMetadata(xmlElement);
// Create an SP entity descriptor
EntityDescriptor spEntityDescriptor = CreateSPEntityDescriptor();
// Convert the SP entity descriptor to XML
xmlElement = spEntityDescriptor.ToXml();
Console.WriteLine(xmlElement.OuterXml);
// Sign the SP entity descriptor
x509Certificate = new X509Certificate2(spPrivateKeyFileName, privateKeyFilePassword);
SAMLMetadataSignature.Generate(xmlElement, x509Certificate.PrivateKey, x509Certificate);
Console.WriteLine(xmlElement.OuterXml);
// Verify the SP entity descriptor signature
if (!SAMLMetadataSignature.Verify(xmlElement))
{
throw new ArgumentException("The SP entity descriptor signature failed to verify");
}
// Read the SP entity descriptor
ReadMetadata(xmlElement);
}
private static void SignMetadata(XmlElement xmlElement)
{
Console.Error.WriteLine("Signing SAML metadata");
SAMLMetadataSignature.Generate(xmlElement, x509Certificate.PrivateKey, x509Certificate);
}
public async Task <string> UploadSingleFile()
{
var result = "ok";
var streamProvider = new MultipartMemoryStreamProvider();
await Request.Content.ReadAsMultipartAsync <MultipartMemoryStreamProvider>(streamProvider).ContinueWith(async(tsk) =>
{
foreach (HttpContent ctnt in streamProvider.Contents)
{
// You would get hold of the inner memory stream here
Stream stream = await ctnt.ReadAsStreamAsync();
// do something witht his stream now
System.Diagnostics.Debug.WriteLine("piece transferred - " + ctnt.Headers.ContentDisposition.FileName);
if (ctnt.Headers.ContentType.MediaType != "text/xml")
{
System.Diagnostics.Debug.WriteLine("Not an XML file");
result = "fail";
continue;
}
stream.Position = 0;
var xmlDocument = new XmlDocument();
xmlDocument.PreserveWhitespace = true;
xmlDocument.Load(stream);
try
{
if (SAMLMetadataSignature.Verify(xmlDocument.DocumentElement))
{
System.Diagnostics.Debug.WriteLine("Valid metadata signature");
}
}
catch (SAMLSignatureException e)
{
System.Diagnostics.Debug.WriteLine(e.Message);
}
if (EntityDescriptor.IsValid(xmlDocument.DocumentElement))
{
var entityDescriptor = new EntityDescriptor(xmlDocument.DocumentElement);
IList <X509Certificate2> x509Certificates = new List <X509Certificate2>();
var certificatePath = new DirectoryInfo(System.Web.Hosting.HostingEnvironment.MapPath("~/app_data/Certificates"));
ComponentSpace.SAML2.Configuration.MetadataImporter.Import(entityDescriptor, ComponentSpace.SAML2.SAMLController.Configuration, x509Certificates);
var partner = ComponentSpace.SAML2.SAMLController.Configuration.GetPartnerServiceProvider(entityDescriptor.EntityID.URI);
foreach (var certificate in x509Certificates)
{
var fileName = CreateCertificateFileName(certificate);
ComponentSpace.SAML2.Configuration.MetadataImporter.SaveCertificate(certificate, Path.Combine(certificatePath.FullName, fileName));
partner.PartnerCertificateFile = Path.Combine("Certificates", fileName);
}
ComponentSpace.SAML2.Configuration.SAMLConfigurationFile.Save(ComponentSpace.SAML2.SAMLController.Configuration);
var wtf = ComponentSpace.SAML2.SAMLController.CertificateManager.GetPartnerServiceProviderSignatureCertificates("default", partner.Name);
result = "valid entity descriptor";
}
}
});
return(result);
}
