public override void SecureMessage(SoapEnvelope envelope, WSE.Security security) { // get server password from database string password = parentAssertion.Password; if (password == null) return; // hash password password = SHA1(password); // create username token UsernameToken userToken = new UsernameToken(parentAssertion.ServerId.ToString(), password, PasswordOption.SendNone); if (parentAssertion.signRequest || parentAssertion.encryptRequest) { // Add the token to the SOAP header. security.Tokens.Add(userToken); } if (parentAssertion.signRequest) { // Sign the SOAP message by using the UsernameToken. MessageSignature sig = new MessageSignature(userToken); security.Elements.Add(sig); } if (parentAssertion.encryptRequest) { // we don't return any custom SOAP headers // so, just encrypt a message Body EncryptedData data = new EncryptedData(userToken); // encrypt custom headers for (int index = 0; index < envelope.Header.ChildNodes.Count; index++) { XmlElement child = envelope.Header.ChildNodes[index] as XmlElement; // find all SecureSoapHeader headers marked with a special attribute if (child != null && child.NamespaceURI == "http://smbsaas/websitepanel/server/") { // create ID attribute for referencing purposes string id = Guid.NewGuid().ToString(); child.SetAttribute("Id", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", id); // Create an encryption reference for the custom SOAP header. data.AddReference(new EncryptionReference("#" + id)); } } security.Elements.Add(data); } }
public override void SecureMessage(SoapEnvelope envelope, WSE.Security security) { // create username token UsernameToken userToken = new UsernameToken(parentAssertion.Username, parentAssertion.Password, PasswordOption.SendNone); // Add the token to the SOAP header. security.Tokens.Add(userToken); // Sign the SOAP message by using the UsernameToken. MessageSignature sig = new MessageSignature(userToken); security.Elements.Add(sig); // Encrypt SOAP message EncryptedData data = new EncryptedData(userToken); security.Elements.Add(data); }
public CustomSecurityClientOutputFilter(CustomSecurityAssertion parentAssertion) : base(parentAssertion.ServiceActor, true) { userToken = new UsernameToken(parentAssertion.Username.Trim(), parentAssertion.Password.Trim(), PasswordOption.SendPlainText); signatureToken = GetSecurityToken(); sig = new MessageSignature(signatureToken); }
public CustomSecurityClientOutputFilter(CustomSecurityAssertion parentAssertion) : base(parentAssertion.ServiceActor, true) { X509Certificate2 solutionCertificate = parentAssertion.SolutionCertificate; solutionCertificateToken = new X509SecurityToken(solutionCertificate); sig = new MessageSignature(solutionCertificateToken); }
/// <summary> /// Creates a custom SOAP request filter /// </summary> /// <param name="parentAssertion">Custom security assertion</param> public CustomSecurityClientOutputFilterHok(CustomSecurityAssertionHok parentAssertion) : base(parentAssertion.ServiceActor, true) { issuedToken = new IssuedToken(parentAssertion.BinaryToken, parentAssertion.TokenType); samlAssertionId = parentAssertion.BinaryToken.Attributes.GetNamedItem("ID").Value; messageSignature = new MessageSignature(parentAssertion.SecurityToken); }
public bool VerifyMessageSignature(int messageHash, MessageSignature messageSignature, PublicKey publicKey) { /* * h = 3 # the hash value as the message digest * w = 6 # computed: s*w mod q = 1: 2*w mod 11 = 1 * u1 = 7 # computed: u1 = h*w mod q = 3*6 mod 11 = 7 * u2 = 6 # computed: u2 = r*w mod q = 1*6 mod 11 = 6 * v = 1 # computed: v = (((g**u1)*(y**u2)) mod p) mod q # = (((4**7)*(8**6)) mod 23) mod 11 = 2 # = 16384*262144 mod 23 mod 11 = 1 # v == r # verification passed */ var inverseW = NaiveModuloInverse(messageSignature.SignatureS, publicKey.PrimeQ); var factorU1 = messageHash * inverseW % publicKey.PrimeQ; var factorU2 = messageSignature.RandomR * inverseW % publicKey.PrimeQ; var verificationV = ((long)Math.Pow(publicKey.BaseG, factorU1) % publicKey.PrimeP) * ((long)Math.Pow(publicKey.PublicKeyY, factorU2) % publicKey.PrimeP) % publicKey.PrimeP % publicKey.PrimeQ; return(verificationV == messageSignature.RandomR); }
public override void SecureMessage(SoapEnvelope envelope, WSE.Security security) { // get server password from database string password = parentAssertion.Password; if (password == null) { return; } // hash password password = CryptoUtils.SHA1(password); // create username token UsernameToken userToken = new UsernameToken(parentAssertion.ServerId.ToString(), password, PasswordOption.SendNone); if (parentAssertion.signRequest || parentAssertion.encryptRequest) { // Add the token to the SOAP header. security.Tokens.Add(userToken); } if (parentAssertion.signRequest) { // Sign the SOAP message by using the UsernameToken. MessageSignature sig = new MessageSignature(userToken); security.Elements.Add(sig); } if (parentAssertion.encryptRequest) { // we don't return any custom SOAP headers // so, just encrypt a message Body EncryptedData data = new EncryptedData(userToken); // encrypt custom headers for (int index = 0; index < envelope.Header.ChildNodes.Count; index++) { XmlElement child = envelope.Header.ChildNodes[index] as XmlElement; // find all SecureSoapHeader headers marked with a special attribute if (child != null && child.NamespaceURI == "http://com/SolidCP/server/") { // create ID attribute for referencing purposes string id = Guid.NewGuid().ToString(); child.SetAttribute("Id", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", id); // Create an encryption reference for the custom SOAP header. data.AddReference(new EncryptionReference("#" + id)); } } security.Elements.Add(data); } }
public CustomSecurityClientOutputFilter(CustomSecurityAssertion parentAssertion) : base(parentAssertion.ServiceActor, true) { String username = parentAssertion.username; String password = parentAssertion.password; userToken = new UsernameToken(username.Trim(), password.Trim(), PasswordOption.SendPlainText); signatureToken = GetSecurityToken("CN=TestSSSCert"); sig = new MessageSignature(signatureToken); }
//get certificate and attach it public static void prepareSoapContext(SoapContext soapContext) { X509Certificate2 ucert = GetCertificate(); X509SecurityToken cerToken = new X509SecurityToken(ucert); MessageSignature cerSig = new MessageSignature(cerToken); soapContext.Security.Elements.Add(cerSig); // requestContext.Security.Tokens.Add(cerToken); }
protected void SetUsernameToken(UsernameToken userToken) { if (webService.RequestSoapContext.Security.Tokens.Contains(userToken)) { return; } webService.RequestSoapContext.Security.Tokens.Add(userToken); var sig = new MessageSignature(userToken); webService.RequestSoapContext.Security.Elements.Add(sig); webService.RequestSoapContext.Security.Timestamp.TtlInSeconds = 60; }
static bool CheckSignature(SoapContext context, MessageSignature signature) { // // Now verify which parts of the message were actually signed. // SignatureOptions actualOptions = signature.SignatureOptions; SignatureOptions expectedOptions = SignatureOptions.IncludeSoapBody; if (context.Security != null && context.Security.Timestamp != null && context.Security.Timestamp.TargetElement != null) { expectedOptions |= SignatureOptions.IncludeTimestamp; } // // The <Action> and <To> are required addressing elements. // expectedOptions |= SignatureOptions.IncludeAction; expectedOptions |= SignatureOptions.IncludeTo; if (context.Addressing.FaultTo != null && context.Addressing.FaultTo.TargetElement != null) { expectedOptions |= SignatureOptions.IncludeFaultTo; } if (context.Addressing.From != null && context.Addressing.From.TargetElement != null) { expectedOptions |= SignatureOptions.IncludeFrom; } if (context.Addressing.MessageID != null && context.Addressing.MessageID.TargetElement != null) { expectedOptions |= SignatureOptions.IncludeMessageId; } if (context.Addressing.RelatesTo != null && context.Addressing.RelatesTo.TargetElement != null) { expectedOptions |= SignatureOptions.IncludeRelatesTo; } if (context.Addressing.ReplyTo != null && context.Addressing.ReplyTo.TargetElement != null) { expectedOptions |= SignatureOptions.IncludeReplyTo; } // // Check if the all the expected options are the present. // return((expectedOptions & actualOptions) == expectedOptions); }
public Signature(Exception exception) { ErrorType = exception.GetType().FullName; ClassName = exception.TargetSite == null ? null : exception.TargetSite.DeclaringType?.FullName; MethodName = exception.TargetSite == null ? null : exception.TargetSite.Name; AssemblyName = exception.TargetSite == null ? null : exception.TargetSite.DeclaringType?.Assembly.GetName().Name; StackTrace = exception.StackTrace; Message = exception.Message; // signatures StackTraceSignature = exception.GetCleanStackTrace(1).GetSignature(); MessageSignature = exception.GetCleanMessage().GetSignature(); MethodSignature = (ClassName + "." + MethodName).GetSignature(); ExceptionSignature = $"{MethodSignature.Substring(0, 7)}_{MessageSignature.Substring(0, 7)}_{StackTraceSignature}"; }
public CustomSecurityClientOutputFilter(CustomSecurityAssertion parentAssertion) : base(parentAssertion.ServiceActor, true) { if (parentAssertion.BinaryToken == null) { userToken = new UsernameToken(parentAssertion.Username.Trim(), parentAssertion.Password.Trim(), PasswordOption.SendPlainText); signatureToken = GetSecurityToken(); parentAssertion.SecurityToken = signatureToken; } else { issuedToken = new IssuedToken(parentAssertion.BinaryToken); signatureToken = parentAssertion.SecurityToken; samlAssertionId = parentAssertion.BinaryToken.Attributes.GetNamedItem("ID").Value; } sig = new MessageSignature(signatureToken); }
public SecurityToken GetSigningToken() { SoapContext context = RequestSoapContext.Current; foreach (ISecurityElement element in context.Security.Elements) { if (element is MessageSignature) { // The given context contains a Signature element. MessageSignature sig = element as MessageSignature; return(sig.SigningToken); //if (CheckSignature(context, sig)) { // return sig.SigningToken; //} } } return(null); }
public static SecurityToken GetSigningToken(SoapContext context) { foreach (ISecurityElement element in context.Security.Elements) { if (element is MessageSignature) { // The given context contains a Signature element. MessageSignature sig = element as MessageSignature; if (CheckSignature(context, sig)) { // The SOAP Body is signed. return(sig.SigningToken); } } } return(null); }
public override void ValidateMessageSecurity(SoapEnvelope envelope, WebSecurity security) { if (!ServerConfiguration.Security.SecurityEnabled) { return; } // by default we consider that SOAP messages is not signed bool IsSigned = false; // if security element is null // the call is made not from WSE-enabled client if (security != null) { foreach (ISecurityElement element in security.Elements) { if (element is MessageSignature) { // The given context contains a Signature element. MessageSignature sign = element as MessageSignature; if (CheckSignature(envelope, security, sign)) { // The SOAP message is signed. if (sign.SigningToken is UsernameToken) { UsernameToken token = sign.SigningToken as UsernameToken; // The SOAP message is signed // with a UsernameToken. IsSigned = true; } } } } } // throw an exception if the message did not pass all the tests if (!IsSigned) { throw new SecurityFault("Message did not meet security requirements."); } }
void verifyAll(Asn1Reader tbsResponseData, Byte[] signature, Oid signatureAlgorithm) { verifyHeaders(); decodeTbsResponse(tbsResponseData); if (NonceReceived) { if (Request.NonceValue != NonceValue) { ResponseErrorInformation += (Int32)OCSPResponseComplianceError.NonceMismatch; } } if (SignerCertificates.Count > 0) { SignatureIsValid = MessageSignature.VerifySignature( SignerCertificates[0], tbsResponseData.RawData, signature, signatureAlgorithm ); } else { findCertInStore(); if (SignerCertificates.Count > 0) { SignatureIsValid = MessageSignature.VerifySignature( SignerCertificates[0], tbsResponseData.RawData, signature, signatureAlgorithm ); } else { ResponseErrorInformation += (Int32)OCSPResponseComplianceError.MissingCert; } } verifyResponses(); }
public static bool VerifyAckResponse(STPProvider.PostTradeServiceWse postTradeSvc) { SoapContext respCtx = postTradeSvc.ResponseSoapContext; //Iterate through all Security elements foreach (ISecurityElement secElement in respCtx.Security.Elements) { //Check if message is digitally signed if (secElement is MessageSignature) { MessageSignature signature = (MessageSignature)secElement; X509SecurityToken signingToken = signature.SigningToken as X509SecurityToken; //Authenticate the Sender using any one of the attributes of Certificate //More secure way is to verify using STP-Provider A public key if (signingToken != null && signingToken.Certificate.FriendlyDisplayName == "STP-Provider A") { return(true); } } } return(false); }
public bool VerifySignatureOrigin() { SoapContext reqCtx = RequestSoapContext.Current; //Iterate through all Security elements foreach (ISecurityElement secElement in reqCtx.Security.Elements) { //Check if message is digitally signed if (secElement is MessageSignature) { MessageSignature signature = (MessageSignature)secElement; X509SecurityToken signingToken = signature.SigningToken as X509SecurityToken; //Authenticate the Sender using any one of the attributes of Certificate //More secure way is to verify using Vendor B public key if (signingToken != null && signingToken.Certificate.FriendlyDisplayName == "Vendor B") { return(true); } } } return(false); }
void signRequest(X509Certificate2 signerCert) { List <Byte> tbsRequest = buildTbsRequest(signerCert.SubjectName); Byte[] signature = MessageSignature.SignMessage(signerCert, tbsRequest.ToArray(), signatureAlgID); SignerCertificate = signerCert; if (includeFullSigChain) { buildSignerCertChain(); } else { _signerChain.Add(signerCert); } AlgorithmIdentifier algId = new AlgorithmIdentifier(signatureAlgID); List <Byte> signatureInfo = new List <Byte>(algId.RawData); signatureInfo.AddRange(new Asn1BitString(signature, false).RawData); signatureInfo.AddRange(Asn1Utils.Encode(_signerChain.Encode(), 0xa0)); tbsRequest.AddRange(Asn1Utils.Encode(Asn1Utils.Encode(signatureInfo.ToArray(), 48), 0xa0)); RawData = Asn1Utils.Encode(tbsRequest.ToArray(), 48); IsReadOnly = true; }
private void ProcessWSERequest(SoapEnvelope envelope, WSE.Security security) { // by default we consider that SOAP messages is not signed bool IsSigned = false; // if security element is null // the call is made not from WSE-enabled client if (security != null) { foreach (ISecurityElement element in security.Elements) { if (element is MessageSignature) { // The given context contains a Signature element. MessageSignature sign = element as MessageSignature; if (CheckSignature(envelope, security, sign)) { // The SOAP message is signed. if (sign.SigningToken is UsernameToken) { UsernameToken token = sign.SigningToken as UsernameToken; // The SOAP message is signed // with a UsernameToken. IsSigned = true; } } } } } // throw an exception if the message did not pass all the tests if (!IsSigned) { throw new SecurityFault("SOAP response should be signed."); } // check encryption bool IsEncrypted = false; foreach (ISecurityElement element in security.Elements) { if (element is EncryptedData) { EncryptedData encryptedData = element as EncryptedData; System.Xml.XmlElement targetElement = encryptedData.TargetElement; if (SoapHelper.IsBodyElement(targetElement)) { // The given SOAP message has the Body element Encrypted. IsEncrypted = true; } } } if (!IsEncrypted) { throw new SecurityFault("SOAP response should be encrypted."); } }
private bool CheckSignature(SoapEnvelope envelope, Security security, MessageSignature signature) { // // Now verify which parts of the message were actually signed. // SignatureOptions actualOptions = signature.SignatureOptions; SignatureOptions expectedOptions = SignatureOptions.IncludeSoapBody; if (security != null && security.Timestamp != null) expectedOptions |= SignatureOptions.IncludeTimestamp; // // The <Action> and <To> are required addressing elements. // expectedOptions |= SignatureOptions.IncludeAction; expectedOptions |= SignatureOptions.IncludeTo; if (envelope.Context.Addressing.FaultTo != null && envelope.Context.Addressing.FaultTo.TargetElement != null) expectedOptions |= SignatureOptions.IncludeFaultTo; if (envelope.Context.Addressing.From != null && envelope.Context.Addressing.From.TargetElement != null) expectedOptions |= SignatureOptions.IncludeFrom; if (envelope.Context.Addressing.MessageID != null && envelope.Context.Addressing.MessageID.TargetElement != null) expectedOptions |= SignatureOptions.IncludeMessageId; if (envelope.Context.Addressing.RelatesTo != null && envelope.Context.Addressing.RelatesTo.TargetElement != null) expectedOptions |= SignatureOptions.IncludeRelatesTo; if (envelope.Context.Addressing.ReplyTo != null && envelope.Context.Addressing.ReplyTo.TargetElement != null) expectedOptions |= SignatureOptions.IncludeReplyTo; // // Check if the all the expected options are the present. // return ((expectedOptions & actualOptions) == expectedOptions); }
public override void SecureMessage(SoapEnvelope envelope, Security security) { UsernameToken userToken = new UsernameToken( parentAssertion.username, parentAssertion.password, PasswordOption.SendNone); // we don't send password over network // but we just use username/password to sign/encrypt message // Add the token to the SOAP header. security.Tokens.Add(userToken); // Sign the SOAP message by using the UsernameToken. MessageSignature sig = new MessageSignature(userToken); security.Elements.Add(sig); // encrypt BODY EncryptedData data = new EncryptedData(userToken); // encrypt custom headers for (int index = 0; index < envelope.Header.ChildNodes.Count; index++) { XmlElement child = envelope.Header.ChildNodes[index] as XmlElement; // find all SecureSoapHeader headers marked with a special attribute if (child != null && child.NamespaceURI == "http://company.com/samples/wse/") { // create ID attribute for referencing purposes string id = Guid.NewGuid().ToString(); child.SetAttribute("Id", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", id); // Create an encryption reference for the custom SOAP header. data.AddReference(new EncryptionReference("#" + id)); } } // add ancrypted data to the security context security.Elements.Add(data); }
public void Decode(NetIncomingMessage im) { this.Message = im.ReadString(); this.Signature = (MessageSignature)im.ReadByte(); }
void m_verifysignature() { SignatureIsValid = MessageSignature.VerifySignature(PublicKey, signedData); }
public CustomSecurityClientOutputFilter(CustomSecurityAssertion parentAssertion) : base(parentAssertion.ServiceActor, true) { signatureToken = GetSecurityToken(); sig = new MessageSignature(signatureToken); }