public static bool ValidateMessageSignature(SamlInboundMessageContext inboundContext, IXmlSignatureManager signatureManager) { var validated = false; var cspParams = new CspParameters(); cspParams.KeyContainerName = "XML_DSIG_RSA_KEY"; var rsaKey = new RSACryptoServiceProvider(cspParams); var doc = new XmlDocument { PreserveWhitespace = true }; doc.LoadXml(inboundContext.SamlMassage); var signEl = TokenHelper.GetAllElements("Signature", "http://www.w3.org/2000/09/xmldsig#", doc.DocumentElement) .FirstOrDefault(x => x.ParentNode == doc.DocumentElement); if (signEl == null) { return(true); } foreach (var k in inboundContext.Keys.SelectMany(x => x.KeyInfo)) { var binaryClause = k as BinaryKeyIdentifierClause; if (binaryClause == null) { throw new InvalidOperationException(String.Format("Expected type: {0} but it was: {1}", typeof(BinaryKeyIdentifierClause), k.GetType())); } var certContent = binaryClause.GetBuffer(); var cert = new X509Certificate2(certContent); validated = signatureManager.VerifySignature(doc, signEl, cert.PublicKey.Key); if (validated) { break; } } if (!validated) { var certEl = TokenHelper.GetElement("X509Certificate", "http://www.w3.org/2000/09/xmldsig#", signEl); if (certEl != null) { var dcert2 = new X509Certificate2(Convert.FromBase64String(certEl.InnerText)); validated = signatureManager.VerifySignature(doc, signEl, dcert2.PublicKey.Key);//signedXml.CheckSignature(dcert2, true); } } return(validated); }
public static bool ValidateRedirectSignature(SamlInboundMessageContext inboundContext, ICertificateManager certificateManager) { var validated = false; foreach (var k in inboundContext.Keys.SelectMany(x => x.KeyInfo)) { var binaryClause = k as BinaryKeyIdentifierClause; if (binaryClause == null) { throw new InvalidOperationException(String.Format("Expected type: {0} but it was: {1}", typeof(BinaryKeyIdentifierClause), k.GetType())); } var certContent = binaryClause.GetBuffer(); var cert = new X509Certificate2(certContent); validated = Helper.VerifyRedirectSignature(inboundContext.OriginUrl, cert, inboundContext.SamlInboundMessage, certificateManager); if (validated) { break; } } return(validated); }