private void InternalValidateSignature(Federation.Federation federation, ICredentialVault vault, bool checkTrust = true)
{
if (AuthenticationLevel.Level < AuthenticationLevel.VocesTrustedSystem.Level)
{
throw new ModelException("AuthenticationLevel does not support signature");
}
if (Xassertion == null)
{
throw new ModelException("Assertion not initialized");
}
if (!SealUtilities.CheckAssertionSignature(Xassertion))
{
throw new ModelException("IDCard is not signed!");
}
if (ConfigurationManager.AppSettings.AllKeys.Contains("CheckTrust"))
{
checkTrust = ConfigurationManager.AppSettings["CheckTrust"].ToLower().Equals("true");
}
if (checkTrust)
{
var checkCrl = true;
if (ConfigurationManager.AppSettings.AllKeys.Contains("CheckCrl"))
{
checkCrl = ConfigurationManager.AppSettings["CheckCrl"].ToLower().Equals("true");
}
//Check that Signature is in credentialVault and that no certificate in chain is revoked
if (!SignatureUtil.Validate(Xassertion, federation, vault, checkTrust, checkCrl))
{
throw new ModelException("Signature on IdCard could not be validated");
}
}
}
public object AfterReceiveRequest(ref Message request, IClientChannel channel, InstanceContext instanceContext)
{
var xdoc = new XDocument();
using (var wr = xdoc.CreateWriter())
{
wr.WriteStartElement("DGWSInfo");
request.Headers.WriteHeader(request.Headers.FindHeader("Security", NameSpaces.wsse), wr);
request.Headers.WriteHeader(request.Headers.FindHeader("Header", NameSpaces.dgws), wr);
wr.WriteEndElement();
}
var err = SealUtilities.ValidateSecurity(xdoc.Root.Descendants(NameSpaces.xwsse + "Security").FirstOrDefault());
if (err != null)
{
xdoc.Root.Add(new XElement("Fault",
new XElement("reason", err.Item1),
new XElement("detail", err.Item2))
);
throw new FaultException <string>(xdoc.ToString(SaveOptions.DisableFormatting), new FaultReason("requesterror"));
}
return(xdoc);
}
public object BeforeSendRequest(ref Message request, IClientChannel channel)
{
if (clientCredentials == null || clientCredentials.ClientCertificate.Certificate == null)
{
throw new Exception("clientCredentials Certificate is missing");
}
string action = null, messageID = "urn:uuid:" + Guid.NewGuid().ToString("D");
foreach (var head in request.Headers)
{
var x = XElement.Parse(head.ToString());
switch (head.Name)
{
case "Action": action = x.Value; break;
case "MessageID": messageID = x.Value; break;
}
}
MessageBuffer msgbuf = request.CreateBufferedCopy(int.MaxValue);
var xdoc = XDocument.Load(msgbuf.AsStream());
SealUtilities.CheckAndSetSamlDsPreFix(xdoc); //Hack
//Fill header
NameSpaces.SetMissingNamespaces(xdoc);
var hd = xdoc.Root.Element(NameSpaces.xsoap + "Header");
var ac = hd.Element(NameSpaces.xwsa2 + "Action") ?? hd.Element(NameSpaces.xwsa + "Action");
var md = hd.Element(NameSpaces.xwsa2 + "MessageID") ?? hd.Element(NameSpaces.xwsa + "MessageID");
hd.Add(new XElement(NameSpaces.xwsa + "Action", new XAttribute("mustUnderstand", "1"), new XAttribute(NameSpaces.xwsu + "Id", "action"), action),
new XElement(NameSpaces.xwsa + "MessageID", new XAttribute(NameSpaces.xwsu + "Id", "messageID"), messageID),
new XElement(NameSpaces.xwsse + "Security", new XAttribute("mustUnderstand", "1"), new XAttribute(NameSpaces.xwsu + "Id", "security"),
new XElement(NameSpaces.xwsu + "Timestamp", new XAttribute(NameSpaces.xwsu + "Id", "timestamp"),
new XElement(NameSpaces.xwsu + "Created", DateTime.UtcNow.ToString("u").Replace(' ', 'T'))
)
)
);
ac.Remove();
if (md != null)
{
md.Remove();
}
xdoc.Root.Element(NameSpaces.xsoap + "Body").Add(new XAttribute(NameSpaces.xwsu + "Id", "body"));
var signer = new SealSignedXml(xdoc);
XmlDocument envelope = signer.Sign(clientCredentials.ClientCertificate.Certificate);
var nrd = new XmlNodeReader(envelope);
msgbuf = Message.CreateMessage(nrd, int.MaxValue, request.Version).CreateBufferedCopy(int.MaxValue);
request = msgbuf.CreateMessage();
return(envelope);
}
public object BeforeSendRequest(ref Message request, IClientChannel channel)
{
var hdidx = request.Headers.FindHeader("Security", NameSpaces.wsse);
if (hdidx == -1)
{
throw new FaultException("Security header is missing");
}
var hd = request.Headers[hdidx];
if (!(hd is SealCardMessageHeader))
{
var xdoc = XDocument.Load(request.ToStream());
SealUtilities.CheckAndSetSamlDsPreFix(xdoc); //Hack
request = xdoc.ToMessage(request.Version);
}
else
{
request.Headers.RemoveAt(hdidx);
request.Headers.Insert(hdidx, hd as SealCardMessageHeader);
}
return(null);
}