public static SecurityHeaderType MakeSecurity(SealCard card, Guid id)
{
var assertionDoc = new XmlDocument();
var assertionElement = assertionDoc.ReadNode(card.Xassertion.CreateReader()) as XmlElement;
var timestampDoc = new XmlDocument();
var createdElement = timestampDoc.CreateElement("Created", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
// vær opmærkesom på at det er forskelligt fra dgws 1.0.1 til 1.1 om timestamps skal være i lokal tid eller i UTC !
createdElement.InnerText = (DateTimeEx.UtcNowRound - TimeSpan.FromMinutes(5)).ToLocalTime().ToString("yyyy-MM-ddThh:mm:sszzz");
var timestampElement = timestampDoc.CreateElement("Timestamp", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
timestampElement.AppendChild(createdElement);
var idAttribute = new XmlDocument().CreateAttribute("id");
idAttribute.Value = id.ToString("D");
return(new SecurityHeaderType
{
Any = new[] {
timestampElement,
assertionElement
},
AnyAttr = new[] {
idAttribute
}
});
}
private static void CallNts(SealCard sealCard)
{
var client = new NtsWSProviderClient();
client.Endpoint.EndpointBehaviors.Add(new SealEndpointBehavior());
using (new OperationContextScope(client.InnerChannel))
{
var header = new Header
{
SecurityLevel = 4,
SecurityLevelSpecified = true,
Linking = new Linking
{
MessageID = Guid.NewGuid().ToString("D")
}
};
// Adding seal-security and dgws-header soap header
OperationContext.Current.OutgoingMessageHeaders.Add(new SealCardMessageHeader(sealCard));
OperationContext.Current.OutgoingMessageHeaders.Add(new DgwsMessageHeader(DgwsHeader.Create(header)));
client.invoke("test");
}
}
/*[Test]
* public void GatewaySecureBrowserLoginTest()
* {
* DoLogin(Global.MocesCprGyldig);
*
* using (var stsClient = new Seal2SamlStsClient("GWFetchCard"))
* using (var scope = new OperationContextScope((IContextChannel) stsClient.Channel.Channel))
* {
* OperationContext.Current.OutgoingMessageHeaders.Add(new SealCardMessageHeader(SealCard.Create(_assertion)));
* var d = stsClient.ExchangeAssertionViaGW("http://sundhed.dk/") as GenericXmlSecurityToken;
* var elm = d.TokenXml;
* }
* }*/
public void DoLogin(X509Certificate2 cert)
{
var gwClient = new GW.SosiGWFacadeClient();
var sec = MakeSecurity(MakeAssertionForSTS());
var dig = gwClient.requestIdCardDigestForSigning(sec, "whatever");
var csp = (RSACryptoServiceProvider)cert.PrivateKey;
var sha1 = new SHA1Managed();
var hash = sha1.ComputeHash(dig.DigestValue);
var rb = new GW.signIdCardRequestBody
{
SignatureValue = csp.SignHash(hash, CryptoConfig.MapNameToOID("SHA1")),
KeyInfo = new GW.KeyInfo
{
Item = new GW.X509Data {
Item = cert.Export(X509ContentType.Cert)
}
}
};
var res = gwClient.signIdCard(sec, rb);
if (res != GW.signIdCardResponse.ok)
{
throw new Exception("Gateway logon error");
}
_header = MakeHeader();
_assertion = SealCard.Create(sec.Assertion).GetAssertion <Assertion>(typeof(GW.AssertionType).Name);
}
public SealCard GetIdCard()
{
if (!IsIdCardValid(_idCard))
{
var rsc = SealCard.Create(MakeAssertionForSts(_userCertificate));
_idCard = SealUtilities.SignIn(rsc, _issuer, _stsUrl);
}
return(_idCard);
}
public void TestIDcard_Does_not_change_whiteSpace()
{
var localSealCard = SealCard.Create(AssertionMaker.MakeAssertionForSTS(Global.MocesCprGyldig));
var sosiCardSTS = SealUtilities.SignIn(localSealCard, "http://www.ribeamt.dk/EPJ", Settings.Default.SecurityTokenService);
CallNts(sosiCardSTS);
Assert.IsTrue(SealUtilities.CheckAssertionSignature(localSealCard.Xassertion));
Assert.IsTrue(SealUtilities.CheckAssertionSignature(sosiCardSTS.Xassertion));
}
private static bool IsIdCardValid(SealCard sc)
{
var fiveMinAgo = FiveMinutesAgoUtc();
// Check if the card is created and valid for atleast five minutes.
if (sc != null && (sc.ValidTo.CompareTo(fiveMinAgo) < 0))
{
return(true);
}
return(false);
}
public void TestSTSogFMKAssertionAsType()
{
//Seal kort oprettes
//FMK kaldes
//Assertion overføres typestærkt
var rsc = SealCard.Create(AssertionMaker.MakeAssertionForSTS(Global.MocesCprGyldig));
var sc = SealUtilities.SignIn(rsc, "http://www.ribeamt.dk/EPJ", Settings.Default.SecurityTokenService);
var client = new proxy.MedicineCardPortTypeClient("localFMK");
client.GetMedicineCard_20120101(MakeSecurity(sc.GetAssertion <proxy.Assertion>()), MakeHeader());
}
public void TestSTSogFMKAssertionAsXml()
{
//Seal kort oprettes
//FMK kaldes
//Assertion overføres via SealCard som XML
var rsc = SealCard.Create(AssertionMaker.MakeAssertionForSTS(Global.MocesCprGyldig));
var sc = SealUtilities.SignIn(rsc, "http://www.ribeamt.dk/EPJ", Settings.Default.SecurityTokenService);
var client = new proxy.MedicineCardPortTypeClient("localFMK");
using (var scope = new OperationContextScope(client.InnerChannel))
{
OperationContext.Current.OutgoingMessageHeaders.Add(new SealCardMessageHeader(sc));
client.GetMedicineCard_20120101(null, MakeHeader());
}
}
public static GetMedicineCardRequest_2015_06_01 GetMedicineCardRequest20150601(string userCpr, SealCard ass)
{
return(new GetMedicineCardRequest_2015_06_01(
Security: MakeSecurity(ass, Guid.NewGuid()),
Header: MakeHeader(),
OnBehalfOf: GetOnBehalfOf(userCpr),
WhitelistingHeader: GetWhitelistingHeader(),
ConsentHeader: null,
GetMedicineCardRequest: GetGetMedicineCardRequest()));
}
