private void SAMLValidate_Click(object sender, RoutedEventArgs e)
{
TreeViewValidatedClaims.Items.Clear();
if (string.IsNullOrEmpty(TextBoxSamlToken.Text))
{
return;
}
try
{
var tokenHandler = new CustomSaml2SecurityTokenHandler();
var samlToken2 = tokenHandler.ReadToken(new XmlTextReader(new StringReader(TextBoxSamlToken.Text)));
var identity = ValidateSamlToken(samlToken2);
var parent = new TreeViewItem {
Header = "Validated Claims"
};
foreach (var item in identity.Claims)
{
if (item.Type == XspaClaimTypes.PurposeOfUse)
{
parent.Items.Add(PopulateNestedItem <PurposeOfUseClaim>(item));
continue;
}
if (item.Type == XspaClaimTypes.SubjectRole)
{
parent.Items.Add(PopulateNestedItem <RoleClaim>(item));
continue;
}
var claimItem = new TreeViewItem {
Header = item.Type
};
claimItem.Items.Add(AddItemToTree("Value", item.Value));
claimItem.Items.Add(AddItemToTree("Issued by", item.OriginalIssuer));
parent.Items.Add(claimItem);
}
TreeViewValidatedClaims.Items.Add(parent);
}
catch (Exception err)
{
MessageBox.Show(err.Message, "Error", MessageBoxButton.OK, MessageBoxImage.Error);
}
}
private string BuildSamlToken()
{
var xmlToken = GenerateSAML2Token();
var token = (Saml2SecurityToken)xmlToken.ToSecurityToken();
var tokenHandler = new CustomSaml2SecurityTokenHandler();
var settings = new XmlWriterSettings {
Indent = false, Encoding = Encoding.Default
};
var sbuilder = new StringBuilder();
using (XmlWriter writer = XmlWriter.Create(sbuilder, settings))
{
if (token != null)
{
tokenHandler.WriteToken(writer, token);
}
}
var tokenString = sbuilder.ToString();
return(tokenString);
}
private GenericXmlSecurityToken GenerateSAML2Token()
{
var signingCertificatePrivateKey = new X509Certificate2(Settings.Default.CertificatePath,
Settings.Default.Passphrase);
var encryptingCertificatePublicKey = signingCertificatePrivateKey;
//new X509Certificate2(@"C:\Users\ed2ny1e\Documents\CommonWell\Integration Certificates\McKesson.cer");
string signingAlgorithm = SignatureAlgorithm.Sha256;
string digestAlgorithm = DigestAlgorithm.Sha256;
SigningCredentials signingCredentials = null;
SymmetricProofDescriptor proof = CreateSymmetricProofDescriptor(encryptingCertificatePublicKey);
switch (ComboBoxSigningAlgorithm.SelectedValue.ToString())
{
case "SHA1":
signingAlgorithm = SignatureAlgorithm.Sha1;
break;
case "SHA256":
signingAlgorithm = SignatureAlgorithm.Sha256;
break;
}
switch (ComboBoxDigestAlgorithm.SelectedValue.ToString())
{
case "SHA1":
digestAlgorithm = DigestAlgorithm.Sha1;
break;
case "SHA256":
digestAlgorithm = DigestAlgorithm.Sha256;
break;
}
if (Rsa.IsChecked.HasValue && Rsa.IsChecked.Value)
{
var rsa = signingCertificatePrivateKey.PrivateKey as RSACryptoServiceProvider;
if (rsa != null)
{
var rsaKey = new RsaSecurityKey(rsa);
var rsaClause = new RsaKeyIdentifierClause(rsa);
var ski = new SecurityKeyIdentifier(new SecurityKeyIdentifierClause[] { rsaClause });
signingCredentials = new SigningCredentials(rsaKey, signingAlgorithm, digestAlgorithm, ski);
}
}
else
{
var clause =
new X509SecurityToken(signingCertificatePrivateKey)
.CreateKeyIdentifierClause <X509RawDataKeyIdentifierClause>();
var ski = new SecurityKeyIdentifier(clause);
signingCredentials = new X509SigningCredentials(signingCertificatePrivateKey, ski, signingAlgorithm,
digestAlgorithm);
}
SecurityTokenDescriptor tokenDescriptor = BuildSAMLDescriptorUsingXspaProfile();
tokenDescriptor.TokenType = WSTrust.TokenType;
tokenDescriptor.SigningCredentials = signingCredentials;
if (CheckBoxEncrypt.IsChecked.HasValue && CheckBoxEncrypt.IsChecked.Value)
{
const string keyWrapAlgorithm = WSTrust.KeyWrapAlgorithm;
const string encryptionAlgorithm = WSTrust.EncryptionAlgorithm;
var encryptingCredentials = new EncryptedKeyEncryptingCredentials(encryptingCertificatePublicKey,
keyWrapAlgorithm, WSTrust.KeySize, encryptionAlgorithm);
tokenDescriptor.EncryptingCredentials = encryptingCredentials;
}
switch (ComboBoxConfirmation.SelectedValue.ToString())
{
case "holder":
if (AsymmetricKey.IsChecked != null && (bool)AsymmetricKey.IsChecked)
{
tokenDescriptor.Proof = CreateAsymmetricProofDescriptor(encryptingCertificatePublicKey);
}
else
{
tokenDescriptor.Proof = proof;
}
break;
case "sender":
//TODO
break;
}
var tokenHandler = new CustomSaml2SecurityTokenHandler();
tokenDescriptor.AddAuthenticationClaims("uurn:oasis:names:tc:SAML:2.0:ac:classes:X509");
var outputToken = tokenHandler.CreateToken(tokenDescriptor) as Saml2SecurityToken;
if (outputToken == null)
{
throw new Exception("Failed to create Saml2 Security token");
}
// turn token into a generic xml security token
var outputTokenString = outputToken.ToTokenXmlString();
// create attached and unattached references
var attachedReference = tokenHandler.CreateSecurityTokenReference(outputToken, true);
var unattachedReference = tokenHandler.CreateSecurityTokenReference(outputToken, false);
GenericXmlSecurityToken xmlToken;
if (ComboBoxConfirmation.SelectedValue.ToString().Equals("holder"))
{
xmlToken = new GenericXmlSecurityToken(
GetElement(outputTokenString),
new BinarySecretSecurityToken(proof.GetKeyBytes()),
DateTime.UtcNow,
DateTime.UtcNow.AddHours(1),
attachedReference,
unattachedReference,
new ReadOnlyCollection <IAuthorizationPolicy>(new List <IAuthorizationPolicy>()));
}
else
{
xmlToken = new GenericXmlSecurityToken(
GetElement(outputTokenString),
null,
DateTime.UtcNow,
DateTime.UtcNow.AddHours(8),
attachedReference,
unattachedReference,
new ReadOnlyCollection <IAuthorizationPolicy>(new List <IAuthorizationPolicy>()));
}
return(xmlToken);
}
