/// <summary>
/// Gets the certificate specifications.
/// </summary>
/// <param name="endpoint">The endpoint.</param>
/// <returns>A list of certificate validation specifications for this endpoint</returns>
public static List <ICertificateSpecification> GetCertificateSpecifications(IDPEndPoint endpoint)
{
List <ICertificateSpecification> specs = new List <ICertificateSpecification>();
if (endpoint.CertificateValidation != null && endpoint.CertificateValidation.CertificateValidations != null &&
endpoint.CertificateValidation.CertificateValidations.Count > 0)
{
foreach (CertificateValidationElement elem in endpoint.CertificateValidation.CertificateValidations)
{
try
{
ICertificateSpecification val = (ICertificateSpecification)Activator.CreateInstance(Type.GetType(elem.type));
specs.Add(val);
}catch (Exception e)
{
Trace.TraceData(TraceEventType.Error, e.ToString());
}
}
}
if (specs.Count == 0)
{
//Add default specification
specs.Add(new DefaultCertificateSpecification());
}
return(specs);
}
/// <summary>
/// Enables processing of HTTP Web requests by a custom HttpHandler that implements the <see cref="T:System.Web.IHttpHandler"/> interface.
/// </summary>
/// <param name="context">An <see cref="T:System.Web.HttpContext"/> object that provides references to the intrinsic server objects (for example, Request, Response, Session, and Server) used to service HTTP requests.</param>
public override void ProcessRequest(HttpContext context)
{
try
{
Trace.TraceMethodCalled(GetType(), "ProcessRequest()");
SAML20FederationConfig config = SAML20FederationConfig.GetConfig();
if (config == null)
{
throw new Saml20Exception("Missing SAML20Federation config section in web.config.");
}
Saml20ServiceEndpoint endp
= config.ServiceProvider.serviceEndpoints.Find(delegate(Saml20ServiceEndpoint ep) { return(ep.endpointType == EndpointType.SIGNON); });
if (endp == null)
{
throw new Saml20Exception("Signon endpoint not found in configuration");
}
string returnUrl = config.ServiceProvider.Server + endp.localPath + "?r=1";
HttpCookie samlIdp = context.Request.Cookies[CommonDomainCookie.COMMON_DOMAIN_COOKIE_NAME];
if (samlIdp != null)
{
returnUrl += "&_saml_idp=" + HttpUtility.UrlEncode(samlIdp.Value);
if (Trace.ShouldTrace(TraceEventType.Information))
{
Trace.TraceData(TraceEventType.Information, string.Format(Tracing.CDC, samlIdp.Value));
}
AuditLogging.logEntry(Direction.OUT, Operation.AUTHNREQUEST_REDIRECT,
"Redirection to Signon endpoint found in Common Domain Cookie: " + samlIdp.Value);
}
else
{
AuditLogging.logEntry(Direction.OUT, Operation.AUTHNREQUEST_REDIRECT,
"Redirection to Signon endpoint, no Common Domain Cookie found: " + returnUrl);
}
context.Response.Redirect(returnUrl);
}
catch (Exception ex)
{
HandleError(context, ex);
}
}
/// <summary>
/// Determines whether the specified certificate is considered valid according to the RFC3280 specification.
///
/// </summary>
/// <param name="certificate">The certificate to validate.</param>
/// <returns>
/// <c>true</c> if valid; otherwise, <c>false</c>.
/// </returns>
public bool IsSatisfiedBy(X509Certificate2 certificate)
{
bool useMachineContext = false;
X509ChainPolicy chainPolicy = new X509ChainPolicy();
chainPolicy.RevocationMode = X509RevocationMode.Online;
X509CertificateValidator defaultCertificateValidator = X509CertificateValidator.CreateChainTrustValidator(useMachineContext, chainPolicy);
try
{
defaultCertificateValidator.Validate(certificate);
return(true);
}catch (Exception e)
{
Trace.TraceData(TraceEventType.Warning, string.Format(Tracing.CertificateIsNotRFC3280Valid, certificate.SubjectName.Name, certificate.Thumbprint, e));
}
return(false);
}
/// <summary>
/// Determines whether the specified certificate is considered valid by this specification.
/// Always returns true. No online validation attempted.
/// </summary>
/// <param name="certificate">The certificate to validate.</param>
/// <returns>
/// <c>true</c>.
/// </returns>
public bool IsSatisfiedBy(X509Certificate2 certificate)
{
X509ChainPolicy chainPolicy = new X509ChainPolicy();
chainPolicy.RevocationMode = X509RevocationMode.NoCheck;
chainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;
X509CertificateValidator defaultCertificateValidator = X509CertificateValidator.CreateChainTrustValidator(false, chainPolicy);
try
{
defaultCertificateValidator.Validate(certificate);
return(true);
}
catch (Exception e)
{
Trace.TraceData(TraceEventType.Warning, string.Format(Tracing.CertificateIsNotRFC3280Valid, certificate.SubjectName.Name, certificate.Thumbprint, e));
}
return(false);
}
