public override XmlElement GetIdElement(XmlDocument doc, string id)
{
var idElem = doc.SelectSingleNode("//*[@wsu:Id=\"" + id + "\"]", NameSpaces.MakeNsManager(doc.NameTable)) as XmlElement;
var tid = idElem ?? base.GetIdElement(doc, id);
return(tid);
}
public XmlDocument SignAssertion(X509Certificate2 cert, string id)
{
var refnames = new[] { "#" + id };
foreach (var s in refnames)
{
var reference = new Reference();
reference.Uri = s;
reference.AddTransform(new XmlDsigExcC14NTransform());
reference.DigestMethod = XmlDsigSHA1Url;
AddReference(reference);
}
// TODO: Use BouncyCastle
SigningKey = cert.PrivateKey;
SignedInfo.CanonicalizationMethod = new XmlDsigExcC14NTransform().Algorithm;
SignedInfo.SignatureMethod = XmlDsigRSASHA1Url;
KeyInfo = new KeyInfo();
KeyInfo.AddClause(new KeyInfoX509Data(cert));
ComputeSignature();
XmlElement signaelm = GetXml();
var assertion = xml.SelectSingleNode("/saml:Assertion", NameSpaces.MakeNsManager(xml.NameTable)) as XmlElement;
if (assertion == null)
{
throw new InvalidOperationException("No Signature element found in /Envolope/Header/Security");
}
assertion.AppendChild(signaelm);
return(xml);
}
public object BeforeSendRequest(ref Message request, IClientChannel channel)
{
if (clientCredentials == null || clientCredentials.ClientCertificate.Certificate == null)
{
throw new Exception("clientCredentials Certificate is missing");
}
string action = null, messageID = "urn:uuid:" + Guid.NewGuid().ToString("D");
foreach (var head in request.Headers)
{
var x = XElement.Parse(head.ToString());
switch (head.Name)
{
case "Action": action = x.Value; break;
case "MessageID": messageID = x.Value; break;
}
}
MessageBuffer msgbuf = request.CreateBufferedCopy(int.MaxValue);
var xdoc = XDocument.Load(msgbuf.AsStream());
SealUtilities.CheckAndSetSamlDsPreFix(xdoc); //Hack
//Fill header
NameSpaces.SetMissingNamespaces(xdoc);
var hd = xdoc.Root.Element(NameSpaces.xsoap + "Header");
var ac = hd.Element(NameSpaces.xwsa2 + "Action") ?? hd.Element(NameSpaces.xwsa + "Action");
var md = hd.Element(NameSpaces.xwsa2 + "MessageID") ?? hd.Element(NameSpaces.xwsa + "MessageID");
hd.Add(new XElement(NameSpaces.xwsa + "Action", new XAttribute("mustUnderstand", "1"), new XAttribute(NameSpaces.xwsu + "Id", "action"), action),
new XElement(NameSpaces.xwsa + "MessageID", new XAttribute(NameSpaces.xwsu + "Id", "messageID"), messageID),
new XElement(NameSpaces.xwsse + "Security", new XAttribute("mustUnderstand", "1"), new XAttribute(NameSpaces.xwsu + "Id", "security"),
new XElement(NameSpaces.xwsu + "Timestamp", new XAttribute(NameSpaces.xwsu + "Id", "timestamp"),
new XElement(NameSpaces.xwsu + "Created", DateTime.UtcNow.ToString("u").Replace(' ', 'T'))
)
)
);
ac.Remove();
if (md != null)
{
md.Remove();
}
xdoc.Root.Element(NameSpaces.xsoap + "Body").Add(new XAttribute(NameSpaces.xwsu + "Id", "body"));
var signer = new SealSignedXml(xdoc);
XmlDocument envelope = signer.Sign(clientCredentials.ClientCertificate.Certificate);
var nrd = new XmlNodeReader(envelope);
msgbuf = Message.CreateMessage(nrd, int.MaxValue, request.Version).CreateBufferedCopy(int.MaxValue);
request = msgbuf.CreateMessage();
return(envelope);
}
public X509Certificate2 GetSignature()
{
var nsManager = NameSpaces.MakeNsManager(xml.NameTable);
var xmlass = xml.DocumentElement.LocalName == "Assertion" ? xml.DocumentElement : xml.GetElementsByTagName("Assertion", NameSpaces.saml)[0] as XmlElement;
var sig = xmlass.GetElementsByTagName("Signature", NameSpaces.ds)[0] as XmlElement;
if (sig == null)
{
return(null);
}
sig = MakeSignatureCheckSamlCompliant(sig);
LoadXml(sig);
var cert = KeyInfo.Cast <KeyInfoX509Data>().Select(d => d.Certificates[0] as X509Certificate2).Where(c => c != null).FirstOrDefault();
return(cert);
}
public bool CheckEnvelopeSignature()
{
var nsManager = NameSpaces.MakeNsManager(xml.NameTable);
var sig = xml.SelectSingleNode("/soap:Envelope/soap:Header/wsse:Security/ds:Signature", nsManager) as XmlElement;
if (sig == null)
{
throw new ModelBuildException("Could not find Liberty signature element");
}
sig = MakeSignatureCheckSamlCompliant(sig);
LoadXml(sig);
var cert = KeyInfo.Cast <KeyInfoX509Data>().Select(d => d.Certificates[0] as X509Certificate2).Where(c => c != null).FirstOrDefault();
if (cert == null)
{
throw new InvalidOperationException("No X509Certificate2 certificate found in Keyinfo");
}
return(CheckSignature(cert, true));
}
public XmlDocument Sign(X509Certificate2 cert)
{
var refnames = new [] { "#messageID", "#action", "#timestamp", "#body" };
foreach (var s in refnames)
{
var reference = new Reference();
reference.Uri = s;
reference.AddTransform(new XmlDsigExcC14NTransform());
reference.DigestMethod = XmlDsigSHA1Url;
AddReference(reference);
}
SigningKey = cert.PrivateKey;
SignedInfo.CanonicalizationMethod = new XmlDsigExcC14NTransform().Algorithm;
SignedInfo.SignatureMethod = XmlDsigRSASHA1Url;
KeyInfo = new KeyInfo();
KeyInfo.AddClause(new KeyInfoX509Data(cert));
ComputeSignature();
XmlElement signaelm = GetXml();
var xSecurity = xml.SelectSingleNode("/soap:Envelope/soap:Header/wsse:Security", NameSpaces.MakeNsManager(xml.NameTable)) as XmlElement;
if (xSecurity == null)
{
throw new InvalidOperationException("No Signature element found in /Envolope/Header/Security");
}
xSecurity.AppendChild(xSecurity.OwnerDocument.ImportNode(signaelm, true));
return(xml);
}