Example #1
0
        private static SigningInfo GetSigningInfo(SAMLSilly.Schema.XmlDSig.Signature signature)
        {
            var si = new SigningInfo();

            si.IsSigningPossiblyEnabled = signature != null;

            if (si.IsSigningPossiblyEnabled)
            {
                si.RecommendedSigningAlgorithm = ConfigurationHelpers.GetAlgorithmFromNamespace(signature.SignedInfo.SignatureMethod.Algorithm);

                var cert = GetCertificates(signature.KeyInfo);

                var defaultSpec = new SAMLSilly.Specification.DefaultCertificateSpecification();

                si.IsCertificateValid = defaultSpec.IsSatisfiedBy(cert);

                if (!si.IsCertificateValid)
                {
                    var selfSignedSpec = new SAMLSilly.Specification.SelfIssuedCertificateSpecification();
                    si.IsCertificateSelfSigned = selfSignedSpec.IsSatisfiedBy(cert);
                }
            }

            return(si);
        }
Example #2
0
        public static SigningInfo GetKeyDescriptorAsWell(SsoDescriptor sso, SigningInfo si)
        {
            if (si.IsSigningPossiblyEnabled)
            {
                return(si);
            }


            if (sso.KeyDescriptor.Any())
            {
                si.IsSigningPossiblyEnabled = true;
                var a = sso.KeyDescriptor.Select(x => x.KeyInfo).Select(GetCertificates);
                foreach (var cert in a)
                {
                    var defaultSpec = new SAMLSilly.Specification.DefaultCertificateSpecification();

                    si.IsCertificateValid = defaultSpec.IsSatisfiedBy(cert);

                    if (!si.IsCertificateValid)
                    {
                        var selfSignedSpec = new SAMLSilly.Specification.SelfIssuedCertificateSpecification();
                        si.IsCertificateSelfSigned = selfSignedSpec.IsSatisfiedBy(cert);
                    }

                    var sigMeth = cert.SignatureAlgorithm.FriendlyName.ToUpperInvariant();

                    if (sigMeth.Contains(AlgorithmType.SHA1.ToString()))
                    {
                        si.RecommendedSigningAlgorithm = AlgorithmType.SHA1;
                    }
                    else if (sigMeth.Contains(AlgorithmType.SHA256.ToString()))
                    {
                        si.RecommendedSigningAlgorithm = AlgorithmType.SHA256;
                    }
                    else if (sigMeth.Contains(AlgorithmType.SHA512.ToString()))
                    {
                        si.RecommendedSigningAlgorithm = AlgorithmType.SHA1;
                    }
                }
            }

            return(si);
        }