public object BeforeSendRequest(ref Message request, IClientChannel channel)
{
if (clientCredentials == null || clientCredentials.ClientCertificate.Certificate == null)
{
throw new Exception("clientCredentials Certificate is missing");
}
string action = null, messageID = "urn:uuid:" + Guid.NewGuid().ToString("D");
foreach (var head in request.Headers)
{
var x = XElement.Parse(head.ToString());
switch (head.Name)
{
case "Action": action = x.Value; break;
case "MessageID": messageID = x.Value; break;
}
}
MessageBuffer msgbuf = request.CreateBufferedCopy(int.MaxValue);
var xdoc = XDocument.Load(msgbuf.AsStream());
SealUtilities.CheckAndSetSamlDsPreFix(xdoc); //Hack
//Fill header
NameSpaces.SetMissingNamespaces(xdoc);
var hd = xdoc.Root.Element(NameSpaces.xsoap + "Header");
var ac = hd.Element(NameSpaces.xwsa2 + "Action") ?? hd.Element(NameSpaces.xwsa + "Action");
var md = hd.Element(NameSpaces.xwsa2 + "MessageID") ?? hd.Element(NameSpaces.xwsa + "MessageID");
hd.Add(new XElement(NameSpaces.xwsa + "Action", new XAttribute("mustUnderstand", "1"), new XAttribute(NameSpaces.xwsu + "Id", "action"), action),
new XElement(NameSpaces.xwsa + "MessageID", new XAttribute(NameSpaces.xwsu + "Id", "messageID"), messageID),
new XElement(NameSpaces.xwsse + "Security", new XAttribute("mustUnderstand", "1"), new XAttribute(NameSpaces.xwsu + "Id", "security"),
new XElement(NameSpaces.xwsu + "Timestamp", new XAttribute(NameSpaces.xwsu + "Id", "timestamp"),
new XElement(NameSpaces.xwsu + "Created", DateTime.UtcNow.ToString("u").Replace(' ', 'T'))
)
)
);
ac.Remove();
if (md != null)
{
md.Remove();
}
xdoc.Root.Element(NameSpaces.xsoap + "Body").Add(new XAttribute(NameSpaces.xwsu + "Id", "body"));
var signer = new SealSignedXml(xdoc);
XmlDocument envelope = signer.Sign(clientCredentials.ClientCertificate.Certificate);
var nrd = new XmlNodeReader(envelope);
msgbuf = Message.CreateMessage(nrd, int.MaxValue, request.Version).CreateBufferedCopy(int.MaxValue);
request = msgbuf.CreateMessage();
return(envelope);
}
public static bool CheckAssertionSignatureNSCheck(XElement element)
{
var ss = new SealSignedXml(element);
if (ss.CheckAssertionSignature())
{
return(true);
}
SetSamlDsPreFix(element);
ss = new SealSignedXml(element);
return(ss.CheckAssertionSignature());
}
public static X509Certificate2 GetAssertionSignature(XElement element)
{
var ss = new SealSignedXml(element);
if (ss.CheckAssertionSignature())
{
return(ss.GetSignature());
}
SetSamlDsPreFix(element);
ss = new SealSignedXml(element);
return(ss.GetSignature());
}
public void AfterReceiveReply(ref Message reply, object correlationState)
{
XmlDocument request = correlationState as XmlDocument;
if (!reply.IsFault)
{
MessageBuffer msgbuf = reply.CreateBufferedCopy(int.MaxValue);
var signcheck = new SealSignedXml(msgbuf.AsStream());
if (!signcheck.CheckEnvelopeSignature())
{
throw new Exception("Response signature Error");
}
reply = msgbuf.CreateMessage();
}
}
internal static void CheckAndSetSamlDsPreFix(XDocument xdoc)
{
var signature = xdoc.Descendants(NameSpaces.xsaml + "Assertion").Elements(NameSpaces.xds + "Signature").FirstOrDefault();
if (signature != null)
{
var ss = new SealSignedXml(xdoc);
if (!ss.CheckAssertionSignature())
{
SetSamlDsPreFix(xdoc.Root);
var ss2 = new SealSignedXml(xdoc.Root);
if (!ss2.CheckAssertionSignature())
{
throw new FaultException("Error in signature of assertion in requestheader");
}
}
}
}
public static T SignAssertion <T>(T element, X509Certificate2 cert) where T : class
{
var sxml = new SealSignedXml(SerializerUtil.Serialize(element));
var xassertion = sxml.xml.GetElementsByTagName("Assertion", NameSpaces.saml)[0] as XmlElement;
if (xassertion == null)
{
throw new InvalidOperationException("Assertion not found");
}
var keyName = xassertion.GetElementsByTagName("KeyName", NameSpaces.ds)[0].InnerText;
var xsignature = sxml.GetDGWSSign(cert);
xsignature.SetAttribute("id", keyName);
xassertion.AppendChild(xsignature);
return(SerializerUtil.Deserialize <T>(sxml.xml.DocumentElement));
}
public static IdCard SignIn(OioWsTrustRequest request, string endpointAdr)
{
var ss = WebPost(request.XAssertion, endpointAdr);
var fault = ss.Element(NameSpaces.xsoap + "Body")?.Element(NameSpaces.xsoap + "Fault");
if (fault != null)
{
throw new FaultException(new FaultReason(fault.Element("faultstring")?.Value), new FaultCode(fault.Element("faultcode")?.Value), null);
}
var signed = new SealSignedXml(ss);
if (!signed.CheckEnvelopeSignature())
{
throw new FaultException(new FaultReason("Envelope Signature error"), new FaultCode("STS"), null);
}
var idCardModelBuilder = new IdCardModelBuilder();
return(idCardModelBuilder.BuildModel(ss.Descendants(NameSpaces.xsaml + "Assertion").First()));
}
public SealSignedXml(Stream stream)
: this(SealSignedXml.streamToXml(stream))
{
}
public static bool CheckAssertionSignature(XElement element)
{
var ss = new SealSignedXml(element);
return(ss.CheckAssertionSignature());
}
public static bool CheckAssertionSignature <T>(T element)
{
var ss = new SealSignedXml(SerializerUtil.Serialize(element));
return(ss.CheckAssertionSignature());
}
