private static string AddSignature(string queryString, ISaml2Message message)
{
string signingAlgorithmUrl = message.SigningAlgorithm;
queryString += "&SigAlg=" + Uri.EscapeDataString(signingAlgorithmUrl);
var signatureDescription = (SignatureDescription)CryptographyExtensions.CreateAlgorithmFromName(signingAlgorithmUrl);
HashAlgorithm hashAlg = signatureDescription.CreateDigest();
hashAlg.ComputeHash(Encoding.UTF8.GetBytes(queryString));
AsymmetricSignatureFormatter asymmetricSignatureFormatter =
signatureDescription.CreateFormatter(
EnvironmentHelpers.IsNetCore ? message.SigningCertificate.PrivateKey :
((RSACryptoServiceProvider)message.SigningCertificate.PrivateKey)
.GetSha256EnabledRSACryptoServiceProvider());
byte[] signatureValue = asymmetricSignatureFormatter.CreateSignature(hashAlg);
queryString += "&Signature=" + Uri.EscapeDataString(Convert.ToBase64String(signatureValue));
return(queryString);
}
public void Saml2RedirectBinding_Bind_AddsSignature()
{
var actual = CreateAndBindMessageWithSignature();
var queryParams = HttpUtility.ParseQueryString(actual.Location.Query);
var query = actual.Location.Query.TrimStart('?');
var signedData = query.Split(new[] { "&Signature=" }, StringSplitOptions.None)[0];
var sigalg = queryParams["SigAlg"];
var signatureDescription = (SignatureDescription)CryptographyExtensions
.CreateAlgorithmFromName(sigalg);
var hashAlg = signatureDescription.CreateDigest();
hashAlg.ComputeHash(Encoding.UTF8.GetBytes(signedData));
var asymmetricSignatureDeformatter = signatureDescription.CreateDeformatter(
SignedXmlHelper.TestCert.PublicKey.Key);
asymmetricSignatureDeformatter.VerifySignature(
hashAlg, Convert.FromBase64String(queryParams["Signature"]))
.Should().BeTrue("signature should be valid");
}