protected SignatureValidation ValidateXmlSignature(XmlElement xmlElement) { var xmlSignatures = xmlElement.SelectNodes($"*[local-name()='{Saml2Constants.Message.Signature}' and namespace-uri()='{Saml2SignedXml.XmlDsigNamespaceUrl}']"); if (xmlSignatures.Count == 0) { return(SignatureValidation.NotPresent); } if (xmlSignatures.Count > 1) { throw new InvalidSignatureException("There is more then one Signature element."); } foreach (var signatureValidationCertificate in SignatureValidationCertificates) { IdentityConfiguration.CertificateValidator.Validate(signatureValidationCertificate); var signedXml = new Saml2SignedXml(xmlElement, signatureValidationCertificate, SignatureAlgorithm); signedXml.LoadXml(xmlSignatures[0] as XmlElement); if (signedXml.CheckSignature()) { // Signature is valid. return(SignatureValidation.Valid); } } return(SignatureValidation.Invalid); }
/// <summary> /// Signs an XmlDocument with an xml signature using the signing certificate given as argument to the method. /// </summary> /// <param name="certificate">The certificate used to sign the document</param> /// <param name="certificate">The Signature Algorithm used to sign the document</param> /// <param name="includeOption">Certificate include option</param> /// <param name="id">The is of the topmost element in the xmldocument</param> internal static XmlDocument SignDocument(this XmlDocument xmlDocument, X509Certificate2 certificate, string signatureAlgorithm, X509IncludeOption includeOption, string id) { if (certificate == null) { throw new ArgumentNullException(nameof(certificate)); } var signedXml = new Saml2SignedXml(xmlDocument.DocumentElement, certificate, signatureAlgorithm); signedXml.ComputeSignature(includeOption, id); var issuer = xmlDocument.DocumentElement[Saml2Constants.Message.Issuer, Saml2Constants.AssertionNamespace.OriginalString]; xmlDocument.DocumentElement.InsertAfter(xmlDocument.ImportNode(signedXml.GetXml(), true), issuer); return(xmlDocument); }
/// <summary> /// Signs an Xml assertion with an xml signature using the signing certificate given as argument to the method. /// </summary> /// <param name="certificate">The certificate used to sign the assertion</param> /// <param name="signatureAlgorithm">The Signature Algorithm used to sign the assertion</param> /// <param name="xmlCanonicalizationMethod">The Signature XML canonicalization method used to sign the assertion</param> /// <param name="includeOption">Certificate include option</param> internal static void SignAssertion(this XmlDocument xmlDocument, XmlElement xmlAssertionElement, X509Certificate2 certificate, string signatureAlgorithm, string xmlCanonicalizationMethod, X509IncludeOption includeOption) { if (certificate == null) { throw new ArgumentNullException(nameof(certificate)); } var id = xmlAssertionElement.GetAttribute(Saml2Constants.Message.Id); var signedXml = new Saml2SignedXml(xmlAssertionElement, certificate, signatureAlgorithm, xmlCanonicalizationMethod); signedXml.ComputeSignature(includeOption, id); var issuer = xmlAssertionElement[Saml2Constants.Message.Issuer, Saml2Constants.AssertionNamespace.OriginalString]; xmlAssertionElement.InsertAfter(xmlDocument.ImportNode(signedXml.GetXml(), true), issuer); }
private void ValidateXmlSignature() { var signedXml = new Saml2SignedXml(XmlDocument); var xmlSignatures = XmlDocument.DocumentElement.GetElementsByTagName(Saml2Constants.Message.Signature, Saml2SignedXml.XmlDsigNamespaceUrl); if (xmlSignatures.Count == 0) { throw new Saml2ResponseException("Signature Not Found. Maybe the response is encrypted."); } else { signedXml.LoadXml(xmlSignatures[0] as XmlElement); if (!signedXml.CheckSignature(SignatureValidationCertificate)) { throw new Saml2ResponseException("Signature is invalid."); } } }
/// <summary> /// Signs an XmlDocument with an xml signature using the signing certificate given as argument to the method. /// </summary> /// <param name="certificate">The certificate used to sign the document</param> /// <param name="includeOption">Certificate include option</param> /// <param name="id">The is of the topmost element in the xmldocument</param> /// <param name="removeKeyInfo">Set to true if key info should be removed from the signature.</param> public static XmlDocument SignDocument(this XmlDocument xmlDocument, X509Certificate2 certificate, X509IncludeOption includeOption, string id, bool removeKeyInfo = false) { if (certificate == null) { throw new ArgumentNullException("certificate"); } var signedXml = new Saml2SignedXml(xmlDocument); signedXml.ComputeSignature(certificate, includeOption, id); var issuer = xmlDocument.DocumentElement[Saml2Constants.Message.Issuer, Saml2Constants.AssertionNamespace.OriginalString]; if (removeKeyInfo) { signedXml.KeyInfo = null; } xmlDocument.DocumentElement.InsertAfter(xmlDocument.ImportNode(signedXml.GetXml(), true), issuer); return(xmlDocument); }