public string[] Format(IToken token, int maxChunkLength)
{
var parameters = new List <ParamValue>();
parameters.Add(new ParamValue(ParamValue.Param.token, Convert.ToBase64String(Compress(Encoding.UTF8.GetBytes(token.SamlToken)))));
parameters.Add(new ParamValue(ParamValue.Param.nonce, token.Nonce.ToString()));
if (token.BodyHash != null)
{
parameters.Add(new ParamValue(ParamValue.Param.bodyhash, Convert.ToBase64String(token.BodyHash)));
}
parameters.Add(new ParamValue(ParamValue.Param.signature_alg, SigningAlgorithmConverter.EnumToString(token.SignatureAlgorithm)));
parameters.Add(new ParamValue(ParamValue.Param.signature, Convert.ToBase64String(token.Signature)));
var res = new List <string>();
ChunkBuilder chunkFormatter = new ChunkBuilder(maxChunkLength, $"{AUTH_SCHEME} ");
foreach (var param in parameters)
{
chunkFormatter = AppendParam(res, chunkFormatter, maxChunkLength, param);
}
res.Add(chunkFormatter.GetValue());
return(res.ToArray());
}
private byte[] ComputeSignature(IRequest request, RSA signingAlgorithm)
{
return(signingAlgorithm.SignData(
NormalizeMsg(request),
SigningAlgorithmConverter.ToHashAlgorithmName(SignatureAlgorithm),
RSASignaturePadding.Pkcs1));
}
public IToken Parse(string[] tokens)
{
var paramValues = new Dictionary <ParamValue.Param, ParamValue>();
for (int i = 0; i < tokens.Length; i++)
{
var chunkParser = new ChunkParser(tokens[i], i == 0 ? AUTH_SCHEME : null);
do
{
var currentParamValue = chunkParser.Current;
if (currentParamValue == null)
{
continue;
}
if (paramValues.ContainsKey(currentParamValue.Key))
{
paramValues[currentParamValue.Key] = paramValues[currentParamValue.Key].Concat(currentParamValue);
}
else
{
paramValues[currentParamValue.Key] = currentParamValue;
}
} while (chunkParser.MoveNext());
}
CheckMissingParams(paramValues);
var samlToken = Encoding.UTF8.GetString(
Decompress(
Convert.FromBase64String(
paramValues[ParamValue.Param.token].Value)));
var nonce = Nonce.FromString(paramValues[ParamValue.Param.nonce].Value);
var signAlgorithm = SigningAlgorithmConverter.StringToEnum(paramValues[ParamValue.Param.signature_alg].Value);
byte[] bodyHash = null;
if (paramValues.ContainsKey(ParamValue.Param.bodyhash))
{
bodyHash = Convert.FromBase64String(paramValues[ParamValue.Param.bodyhash].Value);
}
var signature = Convert.FromBase64String(paramValues[ParamValue.Param.signature].Value);
return(new Token(samlToken, nonce, signAlgorithm, bodyHash, signature));
}
public void VerifySignature(IRequest request, X509Certificate2 signingCertificate)
{
if (request == null || signingCertificate == null)
{
throw new AuthException(Resources.VerifySignature_Expects_NonNull_RequestAndCertificate);
}
using (var publicKey = signingCertificate.GetRSAPublicKey()) {
if (!publicKey.VerifyData(
NormalizeMsg(request),
Signature,
SigningAlgorithmConverter.ToHashAlgorithmName(SignatureAlgorithm),
RSASignaturePadding.Pkcs1))
{
throw new AuthException(Resources.Verify_Signature_Failed);
}
}
}
private HashAlgorithm CreateHashAlgorithm()
{
if (SignatureAlgorithm == SigningAlgorithm.RSA_SHA256)
{
return(SHA256.Create());
}
if (SignatureAlgorithm == SigningAlgorithm.RSA_SHA384)
{
return(SHA384.Create());
}
if (SignatureAlgorithm == SigningAlgorithm.RSA_SHA512)
{
return(SHA512.Create());
}
throw new AuthenticationException(
string.Format(
Resources.Hash_Algorithm_Not_Supported,
SigningAlgorithmConverter.ToHashAlgorithmName(SignatureAlgorithm)));
}
