예제 #1
0
            public override void SecureMessage(SoapEnvelope envelope, WSE.Security security)
            {
                // get server password from database
                string password = parentAssertion.Password;

                if (password == null)
                {
                    return;
                }

                // hash password
                password = CryptoUtils.SHA1(password);

                // create username token
                UsernameToken userToken = new UsernameToken(parentAssertion.ServerId.ToString(), password,
                                                            PasswordOption.SendNone);

                if (parentAssertion.signRequest || parentAssertion.encryptRequest)
                {
                    // Add the token to the SOAP header.
                    security.Tokens.Add(userToken);
                }

                if (parentAssertion.signRequest)
                {
                    // Sign the SOAP message by using the UsernameToken.
                    MessageSignature sig = new MessageSignature(userToken);
                    security.Elements.Add(sig);
                }

                if (parentAssertion.encryptRequest)
                {
                    // we don't return any custom SOAP headers
                    // so, just encrypt a message Body
                    EncryptedData data = new EncryptedData(userToken);

                    // encrypt custom headers
                    for (int index = 0; index < envelope.Header.ChildNodes.Count; index++)
                    {
                        XmlElement child = envelope.Header.ChildNodes[index] as XmlElement;

                        // find all SecureSoapHeader headers marked with a special attribute
                        if (child != null && child.NamespaceURI == "http://com/SolidCP/server/")
                        {
                            // create ID attribute for referencing purposes
                            string id = Guid.NewGuid().ToString();
                            child.SetAttribute("Id", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", id);

                            // Create an encryption reference for the custom SOAP header.
                            data.AddReference(new EncryptionReference("#" + id));
                        }
                    }

                    security.Elements.Add(data);
                }
            }
예제 #2
0
 public override void ValidateMessageSecurity(SoapEnvelope envelope, WSE.Security security)
 {
     if (security != null)
     {
         ProcessWSERequest(envelope, security);
     }
     //else if (envelope.Header != null)
     //    ProcessSoapRequest(envelope);
     else// if (HttpContext.Current.Request.Headers["Authorization"] != null)
     {
         ProcessBasicAuthRequest();
     }
 }
예제 #3
0
            private bool CheckSignature(SoapEnvelope envelope, WebSecurity security, MessageSignature signature)
            {
                //
                // Now verify which parts of the message were actually signed.
                //
                SignatureOptions actualOptions   = signature.SignatureOptions;
                SignatureOptions expectedOptions = SignatureOptions.IncludeSoapBody;

                if (security != null && security.Timestamp != null)
                {
                    expectedOptions |= SignatureOptions.IncludeTimestamp;
                }

                //
                // The <Action> and <To> are required addressing elements.
                //
                expectedOptions |= SignatureOptions.IncludeAction;
                expectedOptions |= SignatureOptions.IncludeTo;

                if (envelope.Context.Addressing.FaultTo != null && envelope.Context.Addressing.FaultTo.TargetElement != null)
                {
                    expectedOptions |= SignatureOptions.IncludeFaultTo;
                }

                if (envelope.Context.Addressing.From != null && envelope.Context.Addressing.From.TargetElement != null)
                {
                    expectedOptions |= SignatureOptions.IncludeFrom;
                }

                if (envelope.Context.Addressing.MessageID != null && envelope.Context.Addressing.MessageID.TargetElement != null)
                {
                    expectedOptions |= SignatureOptions.IncludeMessageId;
                }

                if (envelope.Context.Addressing.RelatesTo != null && envelope.Context.Addressing.RelatesTo.TargetElement != null)
                {
                    expectedOptions |= SignatureOptions.IncludeRelatesTo;
                }

                if (envelope.Context.Addressing.ReplyTo != null && envelope.Context.Addressing.ReplyTo.TargetElement != null)
                {
                    expectedOptions |= SignatureOptions.IncludeReplyTo;
                }
                //
                // Check if the all the expected options are the present.
                //
                return((expectedOptions & actualOptions) == expectedOptions);
            }
예제 #4
0
            public override void ValidateMessageSecurity(SoapEnvelope envelope, WebSecurity security)
            {
                if (!ServerConfiguration.Security.SecurityEnabled)
                {
                    return;
                }

                // by default we consider that SOAP messages is not signed
                bool IsSigned = false;

                // if security element is null
                // the call is made not from WSE-enabled client
                if (security != null)
                {
                    foreach (ISecurityElement element in security.Elements)
                    {
                        if (element is MessageSignature)
                        {
                            // The given context contains a Signature element.
                            MessageSignature sign = element as MessageSignature;

                            if (CheckSignature(envelope, security, sign))
                            {
                                // The SOAP message is signed.
                                if (sign.SigningToken is UsernameToken)
                                {
                                    UsernameToken token = sign.SigningToken as UsernameToken;

                                    // The SOAP message is signed
                                    // with a UsernameToken.
                                    IsSigned = true;
                                }
                            }
                        }
                    }
                }

                // throw an exception if the message did not pass all the tests
                if (!IsSigned)
                {
                    throw new SecurityFault("Message did not meet security requirements.");
                }
            }
예제 #5
0
            public override void SecureMessage(SoapEnvelope envelope, WSE.Security security)
            {
                // create username token
                UsernameToken userToken = new UsernameToken(parentAssertion.Username, parentAssertion.Password,
                                                            PasswordOption.SendNone);

                // Add the token to the SOAP header.
                security.Tokens.Add(userToken);

                // Sign the SOAP message by using the UsernameToken.
                MessageSignature sig = new MessageSignature(userToken);

                security.Elements.Add(sig);

                // Encrypt SOAP message
                EncryptedData data = new EncryptedData(userToken);

                security.Elements.Add(data);
            }
예제 #6
0
            private void ProcessWSERequest(SoapEnvelope envelope, WSE.Security security)
            {
                // by default we consider that SOAP messages is not signed
                bool IsSigned = false;

                // if security element is null
                // the call is made not from WSE-enabled client
                if (security != null)
                {
                    foreach (ISecurityElement element in security.Elements)
                    {
                        if (element is MessageSignature)
                        {
                            // The given context contains a Signature element.
                            MessageSignature sign = element as MessageSignature;

                            if (CheckSignature(envelope, security, sign))
                            {
                                // The SOAP message is signed.
                                if (sign.SigningToken is UsernameToken)
                                {
                                    UsernameToken token = sign.SigningToken as UsernameToken;

                                    // The SOAP message is signed
                                    // with a UsernameToken.
                                    IsSigned = true;
                                }
                            }
                        }
                    }
                }

                // throw an exception if the message did not pass all the tests
                if (!IsSigned)
                {
                    throw new SecurityFault("SOAP response should be signed.");
                }

                // check encryption
                bool IsEncrypted = false;

                foreach (ISecurityElement element in security.Elements)
                {
                    if (element is EncryptedData)
                    {
                        EncryptedData         encryptedData = element as EncryptedData;
                        System.Xml.XmlElement targetElement = encryptedData.TargetElement;

                        if (SoapHelper.IsBodyElement(targetElement))
                        {
                            // The given SOAP message has the Body element Encrypted.
                            IsEncrypted = true;
                        }
                    }
                }

                if (!IsEncrypted)
                {
                    throw new SecurityFault("SOAP response should be encrypted.");
                }
            }
예제 #7
0
            private bool CheckSignature(SoapEnvelope envelope, WebSecurity security, MessageSignature signature)
            {
                //
                // Now verify which parts of the message were actually signed.
                //
                SignatureOptions actualOptions = signature.SignatureOptions;
                SignatureOptions expectedOptions = SignatureOptions.IncludeSoapBody;

                if (security != null && security.Timestamp != null)
                    expectedOptions |= SignatureOptions.IncludeTimestamp;

                //
                // The <Action> and <To> are required addressing elements.
                //
                expectedOptions |= SignatureOptions.IncludeAction;
                expectedOptions |= SignatureOptions.IncludeTo;

                if (envelope.Context.Addressing.FaultTo != null && envelope.Context.Addressing.FaultTo.TargetElement != null)
                    expectedOptions |= SignatureOptions.IncludeFaultTo;

                if (envelope.Context.Addressing.From != null && envelope.Context.Addressing.From.TargetElement != null)
                    expectedOptions |= SignatureOptions.IncludeFrom;

                if (envelope.Context.Addressing.MessageID != null && envelope.Context.Addressing.MessageID.TargetElement != null)
                    expectedOptions |= SignatureOptions.IncludeMessageId;

                if (envelope.Context.Addressing.RelatesTo != null && envelope.Context.Addressing.RelatesTo.TargetElement != null)
                    expectedOptions |= SignatureOptions.IncludeRelatesTo;

                if (envelope.Context.Addressing.ReplyTo != null && envelope.Context.Addressing.ReplyTo.TargetElement != null)
                    expectedOptions |= SignatureOptions.IncludeReplyTo;
                //
                // Check if the all the expected options are the present.
                //
                return ((expectedOptions & actualOptions) == expectedOptions);
            }
예제 #8
0
            public override void ValidateMessageSecurity(SoapEnvelope envelope, WebSecurity security)
            {
                if (!ServerConfiguration.Security.SecurityEnabled)
                    return;

                // by default we consider that SOAP messages is not signed
                bool IsSigned = false;

                // if security element is null
                // the call is made not from WSE-enabled client
                if (security != null)
                {
                    foreach (ISecurityElement element in security.Elements)
                    {
                        if (element is MessageSignature)
                        {
                            // The given context contains a Signature element.
                            MessageSignature sign = element as MessageSignature;

                            if (CheckSignature(envelope, security, sign))
                            {
                                // The SOAP message is signed.
                                if (sign.SigningToken is UsernameToken)
                                {
                                    UsernameToken token = sign.SigningToken as UsernameToken;

                                    // The SOAP message is signed 
                                    // with a UsernameToken.
                                    IsSigned = true;
                                }
                            }
                        }
                    }
                }

                // throw an exception if the message did not pass all the tests
                if (!IsSigned)
                    throw new SecurityFault("Message did not meet security requirements.");
            }