internal Saml2FormBinding(IdentityHttpRequest request, BindingDirection bindingDirection) { this.BindingDirection = bindingDirection; string samlEncoded = this.BindingDirection switch { BindingDirection.Request => request.Form[Saml2Names.RequestParameterName], BindingDirection.Response => request.Form[Saml2Names.ResponseParameterName], _ => throw new NotImplementedException(), }; var samlRequestDecoded = DecodeSaml(samlEncoded); this.Document = new XmlDocument(); this.Document.LoadXml(samlRequestDecoded); this.HasSignature = X509XmlSigner.HasSignature(this.Document.DocumentElement); if (this.HasSignature) { this.SignatureAlgorithm = X509XmlSigner.GetSignatureAlgorithm(this.Document.DocumentElement); this.DigestAlgorithm = X509XmlSigner.GetDigestAlgorithm(this.Document.DocumentElement); } this.HasEncryption = X509XmlEncryptor.HasEncryptedDataElements(this.Document.DocumentElement); if (this.HasEncryption) { this.EncryptionAlgorithm = X509XmlEncryptor.GetEncryptionAlgorithm(this.Document.DocumentElement); } }
public override void Decrypt(X509Certificate2 cert, bool requiredEncryption) { if (requiredEncryption && cert == null) { throw new IdentityProviderException("Saml2 Missing Cert for Decryption"); } if (requiredEncryption && !this.HasEncryption) { throw new IdentityProviderException("Saml2 Document Missing Required Encryption"); } if (this.HasEncryption) { this.Document = X509XmlEncryptor.DecryptXmlDoc(this.Document, cert); this.HasEncryption = false; } }
internal Saml2FormBinding(Saml2Document document, XmlSignatureAlgorithmType?signatureAlgorithm, XmlDigestAlgorithmType?digestAlgorithm, XmlEncryptionAlgorithmType?encryptionAlgorithm) { this.BindingDirection = document.BindingDirection; this.SignatureAlgorithm = signatureAlgorithm; this.DigestAlgorithm = digestAlgorithm; this.EncryptionAlgorithm = encryptionAlgorithm; this.Document = document.GetSaml(); this.HasSignature = X509XmlSigner.HasSignature(this.Document.DocumentElement); if (this.HasSignature) { this.SignatureAlgorithm = X509XmlSigner.GetSignatureAlgorithm(this.Document.DocumentElement); this.DigestAlgorithm = X509XmlSigner.GetDigestAlgorithm(this.Document.DocumentElement); } this.HasEncryption = X509XmlEncryptor.HasEncryptedDataElements(this.Document.DocumentElement); if (this.HasEncryption) { this.EncryptionAlgorithm = X509XmlEncryptor.GetEncryptionAlgorithm(this.Document.DocumentElement); } }
public override void Encrypt(X509Certificate2 cert, bool requiredEncryption) { if (requiredEncryption && cert == null) { throw new InvalidOperationException("Saml2 Missing Cert for Required Encryption"); } if (this.HasSignature) { throw new InvalidOperationException("Saml2 Document is already signed"); } if (this.HasEncryption) { throw new InvalidOperationException("Saml2 Document is already encrypted"); } if (this.EncryptionAlgorithm == null) { this.EncryptionAlgorithm = Cryptography.XmlEncryptionAlgorithmType.Aes128Cbc; } this.Document = X509XmlEncryptor.EncryptXmlDoc(this.Document, cert, this.EncryptionAlgorithm.Value, Saml2Names.AssertionPrefix, "Assertion", Saml2Names.AssertionPrefix, "EncryptedAssertion"); this.HasEncryption = true; }