public Exception GetInvalidSignatureValidationCertificateException(FoxIDsSaml2Configuration samlConfig, Exception ex) { if (samlConfig.InvalidSignatureValidationCertificates?.Count() > 0) { var certInfo = samlConfig.InvalidSignatureValidationCertificates.Select(c => $"'{c.Subject}, Valid from {c.NotBefore.ToShortDateString()} to {c.NotAfter.ToShortDateString()}, Thumbprint: {c.Thumbprint}'"); return(new Exception($"Invalid signature validation certificates {string.Join(", ", certInfo)}.", ex)); } return(null); }
public async Task <FoxIDsSaml2Configuration> GetSamlUpConfigAsync(SamlUpParty party, bool includeSigningAndDecryptionCertificate = false, bool includeSignatureValidationCertificates = true) { var samlConfig = new FoxIDsSaml2Configuration(); if (party != null) { samlConfig.AllowedIssuer = party.Issuer; } samlConfig.Issuer = !string.IsNullOrEmpty(party?.SpIssuer) ? party.SpIssuer : trackIssuerLogic.GetIssuer(); samlConfig.AllowedAudienceUris.Add(samlConfig.Issuer); if (party != null) { samlConfig.SingleSignOnDestination = new Uri(party.AuthnUrl); if (!string.IsNullOrEmpty(party?.LogoutUrl)) { samlConfig.SingleLogoutDestination = new Uri(party.LogoutUrl); } if (includeSignatureValidationCertificates) { var partyCertificates = party.Keys.ToSaml2X509Certificates(); foreach (var partyCertificate in partyCertificates) { if (partyCertificate.IsValidLocalTime()) { samlConfig.SignatureValidationCertificates.Add(partyCertificate); } else { samlConfig.InvalidSignatureValidationCertificates.Add(partyCertificate); } } } } if (includeSigningAndDecryptionCertificate) { samlConfig.SigningCertificate = samlConfig.DecryptionCertificate = await trackKeyLogic.GetPrimarySaml2X509CertificateAsync(RouteBinding.Key); samlConfig.SecondaryDecryptionCertificate = trackKeyLogic.GetSecondarySaml2X509Certificate(RouteBinding.Key); } if (party != null) { samlConfig.SignatureAlgorithm = party.SignatureAlgorithm; samlConfig.SignAuthnRequest = party.SignAuthnRequest; samlConfig.CertificateValidationMode = party.CertificateValidationMode; samlConfig.RevocationMode = party.RevocationMode; } return(samlConfig); }
public async Task <FoxIDsSaml2Configuration> GetSamlDownConfigAsync(SamlDownParty party, bool includeSigningCertificate = false, bool includeSignatureValidationCertificates = true) { var samlConfig = new FoxIDsSaml2Configuration(); samlConfig.Issuer = !string.IsNullOrEmpty(party?.IdPIssuer) ? party.IdPIssuer : trackIssuerLogic.GetIssuer(); if (party != null) { if (party.Keys?.Count > 0 && includeSignatureValidationCertificates) { var partyCertificates = party.Keys.ToSaml2X509Certificates(); foreach (var partyCertificate in partyCertificates) { if (partyCertificate.IsValidLocalTime()) { samlConfig.SignatureValidationCertificates.Add(partyCertificate); } else { samlConfig.InvalidSignatureValidationCertificates.Add(partyCertificate); } } } } if (includeSigningCertificate) { samlConfig.SigningCertificate = await trackKeyLogic.GetPrimarySaml2X509CertificateAsync(RouteBinding.Key); } if (party != null) { samlConfig.SignatureAlgorithm = party.SignatureAlgorithm; samlConfig.CertificateValidationMode = party.CertificateValidationMode; samlConfig.RevocationMode = party.RevocationMode; } return(samlConfig); }