public object BeforeSendRequest(ref Message request, IClientChannel channel) { if (clientCredentials == null || clientCredentials.ClientCertificate.Certificate == null) { throw new Exception("clientCredentials Certificate is missing"); } string action = null, messageID = "urn:uuid:" + Guid.NewGuid().ToString("D"); foreach (var head in request.Headers) { var x = XElement.Parse(head.ToString()); switch (head.Name) { case "Action": action = x.Value; break; case "MessageID": messageID = x.Value; break; } } MessageBuffer msgbuf = request.CreateBufferedCopy(int.MaxValue); var xdoc = XDocument.Load(msgbuf.AsStream()); SealUtilities.CheckAndSetSamlDsPreFix(xdoc); //Hack //Fill header NameSpaces.SetMissingNamespaces(xdoc); var hd = xdoc.Root.Element(NameSpaces.xsoap + "Header"); var ac = hd.Element(NameSpaces.xwsa2 + "Action") ?? hd.Element(NameSpaces.xwsa + "Action"); var md = hd.Element(NameSpaces.xwsa2 + "MessageID") ?? hd.Element(NameSpaces.xwsa + "MessageID"); hd.Add(new XElement(NameSpaces.xwsa + "Action", new XAttribute("mustUnderstand", "1"), new XAttribute(NameSpaces.xwsu + "Id", "action"), action), new XElement(NameSpaces.xwsa + "MessageID", new XAttribute(NameSpaces.xwsu + "Id", "messageID"), messageID), new XElement(NameSpaces.xwsse + "Security", new XAttribute("mustUnderstand", "1"), new XAttribute(NameSpaces.xwsu + "Id", "security"), new XElement(NameSpaces.xwsu + "Timestamp", new XAttribute(NameSpaces.xwsu + "Id", "timestamp"), new XElement(NameSpaces.xwsu + "Created", DateTime.UtcNow.ToString("u").Replace(' ', 'T')) ) ) ); ac.Remove(); if (md != null) { md.Remove(); } xdoc.Root.Element(NameSpaces.xsoap + "Body").Add(new XAttribute(NameSpaces.xwsu + "Id", "body")); var signer = new SealSignedXml(xdoc); XmlDocument envelope = signer.Sign(clientCredentials.ClientCertificate.Certificate); var nrd = new XmlNodeReader(envelope); msgbuf = Message.CreateMessage(nrd, int.MaxValue, request.Version).CreateBufferedCopy(int.MaxValue); request = msgbuf.CreateMessage(); return(envelope); }
public static bool CheckAssertionSignatureNSCheck(XElement element) { var ss = new SealSignedXml(element); if (ss.CheckAssertionSignature()) { return(true); } SetSamlDsPreFix(element); ss = new SealSignedXml(element); return(ss.CheckAssertionSignature()); }
public static X509Certificate2 GetAssertionSignature(XElement element) { var ss = new SealSignedXml(element); if (ss.CheckAssertionSignature()) { return(ss.GetSignature()); } SetSamlDsPreFix(element); ss = new SealSignedXml(element); return(ss.GetSignature()); }
public void AfterReceiveReply(ref Message reply, object correlationState) { XmlDocument request = correlationState as XmlDocument; if (!reply.IsFault) { MessageBuffer msgbuf = reply.CreateBufferedCopy(int.MaxValue); var signcheck = new SealSignedXml(msgbuf.AsStream()); if (!signcheck.CheckEnvelopeSignature()) { throw new Exception("Response signature Error"); } reply = msgbuf.CreateMessage(); } }
internal static void CheckAndSetSamlDsPreFix(XDocument xdoc) { var signature = xdoc.Descendants(NameSpaces.xsaml + "Assertion").Elements(NameSpaces.xds + "Signature").FirstOrDefault(); if (signature != null) { var ss = new SealSignedXml(xdoc); if (!ss.CheckAssertionSignature()) { SetSamlDsPreFix(xdoc.Root); var ss2 = new SealSignedXml(xdoc.Root); if (!ss2.CheckAssertionSignature()) { throw new FaultException("Error in signature of assertion in requestheader"); } } } }
public static T SignAssertion <T>(T element, X509Certificate2 cert) where T : class { var sxml = new SealSignedXml(SerializerUtil.Serialize(element)); var xassertion = sxml.xml.GetElementsByTagName("Assertion", NameSpaces.saml)[0] as XmlElement; if (xassertion == null) { throw new InvalidOperationException("Assertion not found"); } var keyName = xassertion.GetElementsByTagName("KeyName", NameSpaces.ds)[0].InnerText; var xsignature = sxml.GetDGWSSign(cert); xsignature.SetAttribute("id", keyName); xassertion.AppendChild(xsignature); return(SerializerUtil.Deserialize <T>(sxml.xml.DocumentElement)); }
public static IdCard SignIn(OioWsTrustRequest request, string endpointAdr) { var ss = WebPost(request.XAssertion, endpointAdr); var fault = ss.Element(NameSpaces.xsoap + "Body")?.Element(NameSpaces.xsoap + "Fault"); if (fault != null) { throw new FaultException(new FaultReason(fault.Element("faultstring")?.Value), new FaultCode(fault.Element("faultcode")?.Value), null); } var signed = new SealSignedXml(ss); if (!signed.CheckEnvelopeSignature()) { throw new FaultException(new FaultReason("Envelope Signature error"), new FaultCode("STS"), null); } var idCardModelBuilder = new IdCardModelBuilder(); return(idCardModelBuilder.BuildModel(ss.Descendants(NameSpaces.xsaml + "Assertion").First())); }
public SealSignedXml(Stream stream) : this(SealSignedXml.streamToXml(stream)) { }
public static bool CheckAssertionSignature(XElement element) { var ss = new SealSignedXml(element); return(ss.CheckAssertionSignature()); }
public static bool CheckAssertionSignature <T>(T element) { var ss = new SealSignedXml(SerializerUtil.Serialize(element)); return(ss.CheckAssertionSignature()); }