public IActionResult Index([FromBody] JObject json)
{
if (json == null)
{
throw new ArgumentNullException(nameof(json));
}
var session = _sessionStore.GetSession();
if (session != null)
{
return(this.BuildError(Constants.ErrorCodes.Request, Constants.ErrorMessages.ActiveSession));
}
JToken jTokenPinCode;
if (!json.TryGetValue(Constants.DtoPropertyNames.PinCode, out jTokenPinCode))
{
return(this.BuildError(Constants.ErrorCodes.Request, Constants.ErrorMessages.NoPinCode));
}
if (ConfigurationHelper.IsFakeEidEnabled()) // For testing purpose we generate a fake session.
{
/*
* var payload = System.Convert.FromBase64String("MIID7zCCAtegAwIBAgIQEAAAAAAAjzo9FBi9BAvSgTANBgkqhkiG9w0BAQUFADA1MQswCQYDVQQGEwJCRTEVMBMGA1UEAxMMRm9yZWlnbmVyIENBMQ8wDQYDVQQFEwYyMDE0MDIwHhcNMTQwMjA1MTIzMzEyWhcNMTkwMTMwMjM1OTU5WjB3MQswCQYDVQQGEwJGUjEoMCYGA1UEAxMfVGhpZXJyeSBIYWJhcnQgKEF1dGhlbnRpY2F0aW9uKTEPMA0GA1UEBBMGSGFiYXJ0MRcwFQYDVQQqEw5UaGllcnJ5IFJvYmVydDEUMBIGA1UEBRMLODkxMDA3Mzk1NzMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAI4At/6KxOpRKiFEluuMVRaP+YI4gKKeVpl10CY+vPln9P3dvUh7gdNWfEN2Fn0LzvOslVDWZeb+A8/HBhPePpTJ9sACPJG+BjcLKZYKwjc6eEKAHmDTqClTuvrSi5hzpEuDJ7gHQmzJcochdcKRr06MIg3wP7P8s91VxSJoKJ0/AgMBAAGjggE7MIIBNzAfBgNVHSMEGDAWgBTD/rhgVgSUYRHFYhTWJlYgS27SvTBwBggrBgEFBQcBAQRkMGIwNgYIKwYBBQUHMAKGKmh0dHA6Ly9jZXJ0cy5laWQuYmVsZ2l1bS5iZS9iZWxnaXVtcnMyLmNydDAoBggrBgEFBQcwAYYcaHR0cDovL29jc3AuZWlkLmJlbGdpdW0uYmUvMjBEBgNVHSAEPTA7MDkGB2A4CQEBBwIwLjAsBggrBgEFBQcCARYgaHR0cDovL3JlcG9zaXRvcnkuZWlkLmJlbGdpdW0uYmUwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5laWQuYmVsZ2l1bS5iZS9laWRmMjAxNDAyLmNybDAOBgNVHQ8BAf8EBAMCB4AwEQYJYIZIAYb4QgEBBAQDAgWgMA0GCSqGSIb3DQEBBQUAA4IBAQBSz7layb5HgSQM+ZB2np1/gAUJ+8wuxoU62vxGrj7T1K5tmRK5WeX4rpEJ8h0Nv1169GGng77xlAdE9s8noQXQ063SuBg/QAXSYTRF2T+g9rZinC12aljo/bLz8jWSBY8AM4GZQcVAQ31aD+mWzO0DPwVtDvhl0/6jFVprKFDhAnPJvzMQe7a6zwi5lL+GXIKrnNhlvfQDtxJRV4Jr1vps7ZBjXnAOuatMIxlJ9eafU3dgQ2TvTpwSVDV8UgrInhKD9cLBzymli4LeMWyD6qC3SwfDwRVODqNSIogBnSH91fn3nZUDKpUYfOCSGxNozGYZsVnqwO0jJf4E69O5lUgg");
* var certificate = new X509Certificate(payload);
* var soapEnvelope = _ehealthSamlTokenRequestBuilder.New(certificate).Build();
* var xmlDocument = _soapMessageSerializer.Serialize(soapEnvelope); // STORE THE SOAP REQUEST.
* _sessionStore.StoreSession(xmlDocument, type);
*/
}
else
{
BeIdCardConnector beIdCardConnector = null;
PcscConnection connect = null;
PcscContext context = null;
try
{
beIdCardConnector = new BeIdCardConnector(); // 1. Try to connect to the card reader.
context = beIdCardConnector.EstablishContext();
var readers = beIdCardConnector.GetReaders();
if (!readers.Any())
{
return(this.BuildError(Constants.ErrorCodes.Eid, Constants.ErrorMessages.NoCard));
}
connect = beIdCardConnector.Connect(readers.First()); // 2. Construct SAML token.
var certificate = beIdCardConnector.GetAuthenticateCertificate();
var identityPayload = beIdCardConnector.GetIdentity();
var addressPayload = beIdCardConnector.GetAddress();
var picturePayload = beIdCardConnector.GetPhoto();
var identity = _tlvParser.Parse <Identity>(identityPayload);
var address = _tlvParser.Parse <Address>(addressPayload);
var builder = _ehealthSamlTokenRequestBuilder.New(certificate);
var soapEnvelope = builder.SetImage(picturePayload).SetIdentity(identity).SetAddress(address).Build();
var signSamlToken = new SignSamlToken();
var signatureNode = signSamlToken.BuildSignatureWithEid(soapEnvelope, jTokenPinCode.ToString(), beIdCardConnector); // 3. Build signature.
soapEnvelope.Header.Security.Signature = signatureNode;
var xmlDocument = _soapMessageSerializer.Serialize(soapEnvelope);
_sessionStore.StoreSession(xmlDocument);
_sessionHubContext.Clients.All.SendAsync("Session", new { xml = xmlDocument.OuterXml });
}
catch (BeIdCardException ex)
{
return(this.BuildError(Constants.ErrorCodes.Eid, ex.Message));
}
catch (Exception e)
{
return(this.BuildError(Constants.ErrorCodes.Server, Constants.ErrorMessages.CardError));
}
finally
{
beIdCardConnector.Dispose();
}
}
return(new OkResult());
}
public void WhenAuthenticateUserWithSamlTokenThenNoExceptionIsThrown()
{
string outerXml;
XmlDocument xmlDocument;
SoapEnvelope soapEnvelope;
var beIdCardConnector = new BeIdCardConnector();
var context = beIdCardConnector.EstablishContext();
var readers = beIdCardConnector.GetReaders();
var connection = beIdCardConnector.Connect(readers.First());
var ehealthSamlTokenRequestBuilder = new EhealthSamlTokenRequestBuilder(); // 1. Construct SAML token.
var certificate = beIdCardConnector.GetAuthenticateCertificate();
var tlvParser = new TlvParser();
var identityPayload = beIdCardConnector.GetIdentity();
var addressPayload = beIdCardConnector.GetAddress();
var identity = tlvParser.Parse <Identity>(identityPayload);
var address = tlvParser.Parse <Address>(addressPayload);
ehealthSamlTokenRequestBuilder.New(certificate).SetIdentity(identity);
soapEnvelope = ehealthSamlTokenRequestBuilder.Build();
var signSamlToken = new SignSamlToken(); // 2. Build signature.
var signatureNode = signSamlToken.BuildSignatureWithEid(soapEnvelope, "0726", beIdCardConnector);
soapEnvelope.Header.Security.Signature = signatureNode;
var soapSerializer = new SoapMessageSerializer(); // 3. Serialize the request.
xmlDocument = soapSerializer.Serialize(soapEnvelope);
outerXml = xmlDocument.OuterXml;
beIdCardConnector.Dispose();
var nsmgr = new XmlNamespaceManager(xmlDocument.NameTable);
nsmgr.AddNamespace(Common.Saml.Constants.XmlPrefixes.Ds, Common.Saml.Constants.XmlNamespaces.Ds);
nsmgr.AddNamespace(Common.Saml.Constants.XmlPrefixes.Wsse, Common.Saml.Constants.XmlNamespaces.Wsse);
var signatureValue = xmlDocument.SelectSingleNode("//ds:SignatureValue", nsmgr).InnerText; // 5. Check signature value.
var binarySecurityToken = xmlDocument.SelectSingleNode("//wsse:BinarySecurityToken", nsmgr).InnerText;
var signedInfo = xmlDocument.SelectSingleNode("//ds:SignedInfo", nsmgr).OuterXml;
var serializer = new XmlDsigExcC14NTransform();
var doc = new XmlDocument();
doc.LoadXml(signedInfo);
serializer.LoadInput(doc);
var c14n = new StreamReader((Stream)serializer.GetOutput(typeof(Stream))).ReadToEnd();
var signedInfoPayload = Encoding.UTF8.GetBytes(c14n);
var b64 = Convert.ToBase64String(signedInfoPayload);
byte[] hashResult = null;
using (var sha = new SHA1CryptoServiceProvider())
{
hashResult = sha.ComputeHash(signedInfoPayload);
}
var b64Hash = Convert.ToBase64String(hashResult);
var signature = System.Convert.FromBase64String(signatureValue);
var x509Certificate = new X509Certificate2(Convert.FromBase64String(binarySecurityToken));
var publicKey = x509Certificate.GetRSAPublicKey();
var isSignatureCorrect = publicKey.VerifyHash(hashResult, signature, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);
Assert.True(isSignatureCorrect);
}
