public string[] Format(IToken token, int maxChunkLength) { var parameters = new List <ParamValue>(); parameters.Add(new ParamValue(ParamValue.Param.token, Convert.ToBase64String(Compress(Encoding.UTF8.GetBytes(token.SamlToken))))); parameters.Add(new ParamValue(ParamValue.Param.nonce, token.Nonce.ToString())); if (token.BodyHash != null) { parameters.Add(new ParamValue(ParamValue.Param.bodyhash, Convert.ToBase64String(token.BodyHash))); } parameters.Add(new ParamValue(ParamValue.Param.signature_alg, SigningAlgorithmConverter.EnumToString(token.SignatureAlgorithm))); parameters.Add(new ParamValue(ParamValue.Param.signature, Convert.ToBase64String(token.Signature))); var res = new List <string>(); ChunkBuilder chunkFormatter = new ChunkBuilder(maxChunkLength, $"{AUTH_SCHEME} "); foreach (var param in parameters) { chunkFormatter = AppendParam(res, chunkFormatter, maxChunkLength, param); } res.Add(chunkFormatter.GetValue()); return(res.ToArray()); }
private byte[] ComputeSignature(IRequest request, RSA signingAlgorithm) { return(signingAlgorithm.SignData( NormalizeMsg(request), SigningAlgorithmConverter.ToHashAlgorithmName(SignatureAlgorithm), RSASignaturePadding.Pkcs1)); }
public IToken Parse(string[] tokens) { var paramValues = new Dictionary <ParamValue.Param, ParamValue>(); for (int i = 0; i < tokens.Length; i++) { var chunkParser = new ChunkParser(tokens[i], i == 0 ? AUTH_SCHEME : null); do { var currentParamValue = chunkParser.Current; if (currentParamValue == null) { continue; } if (paramValues.ContainsKey(currentParamValue.Key)) { paramValues[currentParamValue.Key] = paramValues[currentParamValue.Key].Concat(currentParamValue); } else { paramValues[currentParamValue.Key] = currentParamValue; } } while (chunkParser.MoveNext()); } CheckMissingParams(paramValues); var samlToken = Encoding.UTF8.GetString( Decompress( Convert.FromBase64String( paramValues[ParamValue.Param.token].Value))); var nonce = Nonce.FromString(paramValues[ParamValue.Param.nonce].Value); var signAlgorithm = SigningAlgorithmConverter.StringToEnum(paramValues[ParamValue.Param.signature_alg].Value); byte[] bodyHash = null; if (paramValues.ContainsKey(ParamValue.Param.bodyhash)) { bodyHash = Convert.FromBase64String(paramValues[ParamValue.Param.bodyhash].Value); } var signature = Convert.FromBase64String(paramValues[ParamValue.Param.signature].Value); return(new Token(samlToken, nonce, signAlgorithm, bodyHash, signature)); }
public void VerifySignature(IRequest request, X509Certificate2 signingCertificate) { if (request == null || signingCertificate == null) { throw new AuthException(Resources.VerifySignature_Expects_NonNull_RequestAndCertificate); } using (var publicKey = signingCertificate.GetRSAPublicKey()) { if (!publicKey.VerifyData( NormalizeMsg(request), Signature, SigningAlgorithmConverter.ToHashAlgorithmName(SignatureAlgorithm), RSASignaturePadding.Pkcs1)) { throw new AuthException(Resources.Verify_Signature_Failed); } } }
private HashAlgorithm CreateHashAlgorithm() { if (SignatureAlgorithm == SigningAlgorithm.RSA_SHA256) { return(SHA256.Create()); } if (SignatureAlgorithm == SigningAlgorithm.RSA_SHA384) { return(SHA384.Create()); } if (SignatureAlgorithm == SigningAlgorithm.RSA_SHA512) { return(SHA512.Create()); } throw new AuthenticationException( string.Format( Resources.Hash_Algorithm_Not_Supported, SigningAlgorithmConverter.ToHashAlgorithmName(SignatureAlgorithm))); }