private static void ValidateLogonto(OpensignSignature signature, string logonto)
{
SignatureProperty logontoProperty = GetSignatureProperty(signature, "logonto");
SignatureProperty requestIssuerProperty = GetSignatureProperty(signature, "RequestIssuer");
if (logontoProperty != null && requestIssuerProperty != null)
{
throw new InvalidOperationException("Invalid signature logonto and RequestIssuer parameters cannot both be set");
}
if (logontoProperty == null && requestIssuerProperty == null)
{
throw new InvalidOperationException("Invalid signature either logonto or RequestIssuer parameters must be set");
}
if (logontoProperty != null)
{
String logontoPropertyValue = logontoProperty.Value;
if (logontoPropertyValue != logonto)
{
throw new ServiceProviderException("Invalid signature logonto parameter does not match expected value. Expected: "
+ logonto + " actual: " + logontoPropertyValue);
}
}
if (requestIssuerProperty != null)
{
String requestIssuerValue = requestIssuerProperty.Value;
if (requestIssuerValue != logonto)
{
throw new ServiceProviderException("Invalid signature RequestIssuer parameter does not match expected value. Expected: "
+ logonto + " actual: " + requestIssuerValue);
}
}
}
private static void ValidateSignatureParameters(OpensignSignature opensignSignature, string challenge, string logonto)
{
ValidateChallenge(opensignSignature, challenge);
ValidateVisibleToSignerForSignText(opensignSignature);
if (logonto != null)
{
ValidateLogonto(opensignSignature, logonto);
}
}
private static void ValidateVisibleToSignerForSignText(OpensignSignature signature)
{
SignatureProperty signtextProperty = signature.SignatureProperties["signtext"];
if (IsNotSignedXmlDocument(signature) && !signtextProperty.VisibleToSigner)
{
throw new ServiceProviderException("Invalid sign signature - the parameter signtext in the signature " +
"must have the attribute visibleToSigner set to true");
}
}
private static SignatureProperty GetSignatureProperty(OpensignSignature signature, string propertyKey)
{
try
{
return(signature.SignatureProperties[propertyKey]);
}
catch (KeyNotFoundException)
{
return(null);
}
}
public SignatureValidationStatus(OpensignSignature signature, CertificateStatus certificateStatus, bool signatureMatches)
{
Signature = signature;
CertificateStatus = certificateStatus;
SignatureMatches = signatureMatches;
}
private static Boolean SignatureMatches(string encodedSignature, string encodedAgreement, string signTextTransformation, OpensignSignature opensignSignature)
{
if (!encodedAgreement.Equals(encodedSignature))
{
return(false);
}
var stylesheetDigest = opensignSignature.StylesheetDigest;
if (stylesheetDigest != null)
{
if (signTextTransformation == null)
{
throw new ArgumentException("signTextTransformation is required for XML signing");
}
var digest = new Sha256Digest();
var encode = new ASCIIEncoding();
byte[] stylesheetBytes = encode.GetBytes(signTextTransformation);
digest.BlockUpdate(stylesheetBytes, 0, stylesheetBytes.Length);
var digestBytes = new byte[digest.GetDigestSize()];
digest.DoFinal(digestBytes, 0);
var calculatedDigest = Encoding.UTF8.GetString(digestBytes, 0, digestBytes.Length);
return(stylesheetDigest.Equals(calculatedDigest));
}
return(true);
}
private static Boolean IsNotSignedXmlDocument(OpensignSignature opensignSignature)
{
return(opensignSignature.StylesheetDigest == null);
}
private static void ValidateChallenge(OpensignSignature opensignSignature, string challenge)
{
ChallengeVerifier.VerifyChallenge(opensignSignature, challenge);
}
private static string EncodeSignature(OpensignSignature opensignSignature)
{
return(Base64Encode(opensignSignature.Signtext));
}
