protected SignatureValidation ValidateXmlSignature(XmlElement xmlElement)
{
var xmlSignatures = xmlElement.SelectNodes($"*[local-name()='{Saml2Constants.Message.Signature}' and namespace-uri()='{Saml2SignedXml.XmlDsigNamespaceUrl}']");
if (xmlSignatures.Count == 0)
{
return(SignatureValidation.NotPresent);
}
if (xmlSignatures.Count > 1)
{
throw new InvalidSignatureException("There is more then one Signature element.");
}
foreach (var signatureValidationCertificate in SignatureValidationCertificates)
{
IdentityConfiguration.CertificateValidator.Validate(signatureValidationCertificate);
var signedXml = new Saml2SignedXml(xmlElement, signatureValidationCertificate, SignatureAlgorithm);
signedXml.LoadXml(xmlSignatures[0] as XmlElement);
if (signedXml.CheckSignature())
{
// Signature is valid.
return(SignatureValidation.Valid);
}
}
return(SignatureValidation.Invalid);
}
/// <summary>
/// Signs an XmlDocument with an xml signature using the signing certificate given as argument to the method.
/// </summary>
/// <param name="certificate">The certificate used to sign the document</param>
/// <param name="certificate">The Signature Algorithm used to sign the document</param>
/// <param name="includeOption">Certificate include option</param>
/// <param name="id">The is of the topmost element in the xmldocument</param>
internal static XmlDocument SignDocument(this XmlDocument xmlDocument, X509Certificate2 certificate, string signatureAlgorithm, X509IncludeOption includeOption, string id)
{
if (certificate == null)
{
throw new ArgumentNullException(nameof(certificate));
}
var signedXml = new Saml2SignedXml(xmlDocument.DocumentElement, certificate, signatureAlgorithm);
signedXml.ComputeSignature(includeOption, id);
var issuer = xmlDocument.DocumentElement[Saml2Constants.Message.Issuer, Saml2Constants.AssertionNamespace.OriginalString];
xmlDocument.DocumentElement.InsertAfter(xmlDocument.ImportNode(signedXml.GetXml(), true), issuer);
return(xmlDocument);
}
/// <summary>
/// Signs an Xml assertion with an xml signature using the signing certificate given as argument to the method.
/// </summary>
/// <param name="certificate">The certificate used to sign the assertion</param>
/// <param name="signatureAlgorithm">The Signature Algorithm used to sign the assertion</param>
/// <param name="xmlCanonicalizationMethod">The Signature XML canonicalization method used to sign the assertion</param>
/// <param name="includeOption">Certificate include option</param>
internal static void SignAssertion(this XmlDocument xmlDocument, XmlElement xmlAssertionElement, X509Certificate2 certificate, string signatureAlgorithm, string xmlCanonicalizationMethod, X509IncludeOption includeOption)
{
if (certificate == null)
{
throw new ArgumentNullException(nameof(certificate));
}
var id = xmlAssertionElement.GetAttribute(Saml2Constants.Message.Id);
var signedXml = new Saml2SignedXml(xmlAssertionElement, certificate, signatureAlgorithm, xmlCanonicalizationMethod);
signedXml.ComputeSignature(includeOption, id);
var issuer = xmlAssertionElement[Saml2Constants.Message.Issuer, Saml2Constants.AssertionNamespace.OriginalString];
xmlAssertionElement.InsertAfter(xmlDocument.ImportNode(signedXml.GetXml(), true), issuer);
}
private void ValidateXmlSignature()
{
var signedXml = new Saml2SignedXml(XmlDocument);
var xmlSignatures = XmlDocument.DocumentElement.GetElementsByTagName(Saml2Constants.Message.Signature, Saml2SignedXml.XmlDsigNamespaceUrl);
if (xmlSignatures.Count == 0)
{
throw new Saml2ResponseException("Signature Not Found. Maybe the response is encrypted.");
}
else
{
signedXml.LoadXml(xmlSignatures[0] as XmlElement);
if (!signedXml.CheckSignature(SignatureValidationCertificate))
{
throw new Saml2ResponseException("Signature is invalid.");
}
}
}
/// <summary>
/// Signs an XmlDocument with an xml signature using the signing certificate given as argument to the method.
/// </summary>
/// <param name="certificate">The certificate used to sign the document</param>
/// <param name="includeOption">Certificate include option</param>
/// <param name="id">The is of the topmost element in the xmldocument</param>
/// <param name="removeKeyInfo">Set to true if key info should be removed from the signature.</param>
public static XmlDocument SignDocument(this XmlDocument xmlDocument, X509Certificate2 certificate, X509IncludeOption includeOption, string id, bool removeKeyInfo = false)
{
if (certificate == null)
{
throw new ArgumentNullException("certificate");
}
var signedXml = new Saml2SignedXml(xmlDocument);
signedXml.ComputeSignature(certificate, includeOption, id);
var issuer = xmlDocument.DocumentElement[Saml2Constants.Message.Issuer, Saml2Constants.AssertionNamespace.OriginalString];
if (removeKeyInfo)
{
signedXml.KeyInfo = null;
}
xmlDocument.DocumentElement.InsertAfter(xmlDocument.ImportNode(signedXml.GetXml(), true), issuer);
return(xmlDocument);
}
