예제 #1
0
        public static void BuildResponse()
        {
            string[] encryptionParameters = ConfigurationManager.AppSettings["SIBTargetHashParameters"].Split(';');
            string   plaintext            = String.Empty;
            string   ciphertext           = String.Empty;
            string   timestamp;

            // Populate timestamp parameter in preparation for use
            if (ConfigurationManager.AppSettings["SIBTargetTimestampUTC"].ToLower() == "true")
            {
                timestamp = SIBTime.UTCTimeStamp();
            }
            else
            {
                timestamp = SIBTime.TimeStamp();
            }
            SIBLog.Write("Debug", "Timestamp", timestamp);

            // acquire encryption parameters identified in config file and build a cleartext string
            foreach (string parm in encryptionParameters)
            {
                switch (parm)
                {
                case "SIBTargetCipherKey":
                    plaintext += ConfigurationManager.AppSettings["SIBTargetCipherKey"];
                    break;

                case "SIBTargetTimestamp":
                    plaintext += timestamp;
                    break;

                default:
                    plaintext += SIBData.inParams[parm];
                    break;
                }
            }
            SIBLog.Write("Debug", "Plaintext", plaintext);

            // Encrypt the required parameters with appropirate cipher
            switch (ConfigurationManager.AppSettings["SIBTargetCipher"].ToUpper())
            {
            case "MD5":
                if (ConfigurationManager.AppSettings["SIBTargetCipherEncoding"].ToUpper() == "HEX")
                {
                    ciphertext = SIBCrypto.HashMD5_HEX(plaintext);
                }
                else if (ConfigurationManager.AppSettings["SIBTargetCipherEncoding"].ToUpper() == "BASE64")
                {
                    ciphertext = SIBCrypto.HashMD5_64(plaintext);
                }
                break;

            default:
                ciphertext = plaintext;
                break;
            }
            SIBLog.Write("Debug", "Ciphertext", ciphertext);

            // Replace values from source to target in parameter list
            SIBData.outParams.Clear();
            SIBData.outParams.Add(BuildNVC(ConfigurationManager.AppSettings["SIBTargetParameters"], ';', '='));
            foreach (string key in SIBData.outParams.AllKeys)
            {
                switch (SIBData.outParams[key])
                {
                case "SIBTargetHashParameters":
                    SIBData.outParams[key] = ciphertext;
                    break;

                case "SIBTargetTimestamp":
                    SIBData.outParams[key] = timestamp;
                    break;

                default:
                    SIBData.outParams[key] = SIBData.inParams[SIBData.outParams[key]];
                    break;
                }
            }

            //Build the redirect URL
            SIBData.redirectGETRequest = ConfigurationManager.AppSettings["SIBTargetRedirectURL"] + "?";
            for (int i = 0; i < SIBData.outParams.Count; i++)
            {
                SIBData.redirectGETRequest += String.Format("{0}={1}", SIBData.outParams.GetKey(i), SIBData.outParams[i]);
                if (i < SIBData.outParams.Count - 1)
                {
                    SIBData.redirectGETRequest += "&";
                }
            }
            SIBLog.Write("Debug", "Get Request", SIBData.redirectGETRequest);

            //Build the response/redirect HTLM document
            SIBData.redirectPOSTRequest  = "<html>";
            SIBData.redirectPOSTRequest += @"<body onload='document.forms[""form""].submit()'>";
            SIBData.redirectPOSTRequest += String.Format("<form name='form' action='{0}' method='post'>", ConfigurationManager.AppSettings["SIBTargetRedirectURL"]);
            foreach (string key in SIBData.outParams.AllKeys)
            {
                SIBData.redirectPOSTRequest += String.Format("<input type='hidden' name='{0}' value='{1}'>", key, SIBData.outParams[key]);
            }
            SIBData.redirectPOSTRequest += "</form></body></html>";
            SIBLog.Write("Debug", "Post Request", SIBData.redirectPOSTRequest);
        }
예제 #2
0
        public static void ParseRequest(HttpRequest request)
        {
            SIBLog.Write("Debug", "HTTPRequest GET.", request.QueryString.ToString());
            SIBData.inParams.Clear();
            foreach (string key in request.QueryString.AllKeys)
            {
                SIBData.inParams.Set(key, request.QueryString[key]);
            }

            SIBLog.Write("Debug", "HTTPRequest POST.", request.Form.ToString());
            foreach (string key in request.Form.AllKeys)
            {
                SIBData.inParams.Set(key, request.Form[key]);
            }

            if (!String.IsNullOrEmpty(SIBData.inParams["SAMLResponse"]))
            {
                SIBLog.Write("Information", "SAMLResponse detected.");
                try
                {
                    XmlDocument xmlSAML     = new XmlDocument();
                    string      decodedSAML = System.Text.Encoding.UTF8.GetString(System.Convert.FromBase64String(SIBData.inParams["SAMLResponse"]));
                    SIBLog.Write("Debug", "Decoded SAML", decodedSAML);
                    xmlSAML.LoadXml(decodedSAML);
                    if (IsValidSignature(xmlSAML))
                    {
                        SIBLog.Write("Information", "SAML Signature is valid.");
                        XmlNodeList nodeList = xmlSAML.GetElementsByTagName(ConfigurationManager.AppSettings["SIBSourceSAMLAttributeElement"].ToString());

                        for (int i = 0; i < nodeList.Count; i++)
                        {
                            SIBData.inParams.Set(nodeList.Item(i).Attributes.Item(0).Value, nodeList.Item(i).InnerText);
                        }
                    }
                    else
                    {
                        SIBLog.Write("Error", "SAML Signature is invalid.");
                    }
                }
                catch
                {
                    SIBLog.Write("Error", "No or improperly formated SAMLResponse value presented");
                }
            }

            SIBLog.Write("Debug", "Parameters consumed from target post processing...");
            for (int i = 0; i < SIBData.inParams.Count; i++)
            {
                SIBLog.Write("Debug", SIBData.inParams.GetKey(i), SIBData.inParams[i]);
            }

            // Override static configuration values set by implementation
            NameValueCollection n = new NameValueCollection();

            n.Add(BuildNVC(ConfigurationManager.AppSettings["SIBSourceParametersOverride"], ';', '='));
            foreach (string key in n.AllKeys)
            {
                SIBData.inParams.Set(key, n[key]);
            }

            SIBLog.Write("Debug", "Parameters post override processing...");
            for (int i = 0; i < SIBData.inParams.Count; i++)
            {
                SIBLog.Write("Debug", SIBData.inParams.GetKey(i), SIBData.inParams[i]);
            }
        }