public void Call(NameID id)
{
if (id == ID)
{
OnMatch.Invoke();
}
}
public void Call(NameID id)
{
if (ID == id)
{
onMactch.Invoke();
}
}
public void OnTriggerEnter(Collider other)
{
nameIdObj = other.GetComponent <BehaviourID>().IDNameObj;
CheckID();
//if (nameIdObj == null) return;
// var otherNameID = nameIdObj;
}
private void Call(NameID id)
{
if (id == ID)
{
OnMatch.Invoke();
}
}
public void Invoke(NameID id)
{
if (id == ID) //Comparing a name ID to another name ID
{
OnMatch.Invoke();
print("Match");
}
}
private void OnTriggerEnter(Collider obj)
{
if (ID = obj.GetComponent <ObjectID>().ID)
{
OnMatch.Invoke();
print("Match");
}
}
public void Invoke(NameID id)
{
if (id == ID)
{
OnMatch.Invoke();
print("Match");
}
}
public void Call(NameID match)
{
if (match == Id)
{
OnMatch.Invoke();
StartCoroutine(Restart());
}
}
public void Call(NameID id)
{
if (id == ID)
{
OnMatch.Invoke();
print("MATCH!");
}
}
// Process a successful SAML response.
private void ProcessSuccessSAMLResponse(SAMLResponse samlResponse, string relayState)
{
Trace.Write("SP", "Processing successful SAML response");
// Load the decryption key.
X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.SPX509Certificate];
// Extract the asserted identity from the SAML response.
SAMLAssertion samlAssertion = null;
if (samlResponse.GetUnsignedAssertions().Count > 0)
{
samlAssertion = samlResponse.GetUnsignedAssertions()[0];
}
else if (samlResponse.GetEncryptedAssertions().Count > 0)
{
Trace.Write("SP", "Decrypting assertion");
samlAssertion = samlResponse.GetEncryptedAssertions()[0].Decrypt(x509Certificate.PrivateKey, null, null);
}
else
{
throw new ArgumentException("No assertions in response");
}
// Get the subject name identifier.
string userName = null;
if (samlAssertion.Subject.NameID != null)
{
userName = samlAssertion.Subject.NameID.NameIdentifier;
}
else if (samlAssertion.Subject.EncryptedID != null)
{
Trace.Write("SP", "Decrypting ID");
NameID nameID = samlAssertion.Subject.EncryptedID.Decrypt(x509Certificate.PrivateKey, null, null);
userName = nameID.NameIdentifier;
}
else
{
throw new ArgumentException("No name in subject");
}
// Get the originally requested resource URL from the relay state.
RelayState cachedRelayState = RelayStateCache.Remove(relayState);
if (cachedRelayState == null)
{
throw new ArgumentException("Invalid relay state");
}
// Create a login context for the asserted identity.
FormsAuthentication.SetAuthCookie(userName, false);
// Redirect to the originally requested resource URL.
Response.Redirect(cachedRelayState.ResourceURL, false);
Trace.Write("SP", "Processed successful SAML response");
}
private void OnTriggerExit(Collider other)
{
otherBehaviorObj = other.GetComponent <IDBehavior>();
if (otherBehaviorObj == null)
{
return;
}
otherIdObj = otherBehaviorObj.nameIdObj;
CheckID(2);
}
public override XElement ToXml()
{
return(new XElement(
NA.saml + "SubjectConfirmation",
new XElement(NA.saml + "ConfirmationMethod", SamlIDs.HolderOfKey), //specielt for DGWS
//BaseID == null ? null : BaseID.ToXml(),
NameID == null ? null : NameID.ToXml(),
//EncryptedID == null ? null : EncryptedID.ToXml(),
SubjectConfirmationData == null ? null : SubjectConfirmationData.ToXml()
));
}
public void CompareMatch(NameID match)
{
if (match == ID)
{
// Matched.Value = true;
OnMatch.Invoke();
}
else
{
NoMatch.Invoke();
}
}
public Message(EndianBinaryReader reader)
{
boxType = (TextboxType)reader.ReadInt32();
characterName = (NameID)reader.ReadInt32();
characterID = reader.ReadInt32();
index = reader.ReadInt32();
pos = (PortraitPosition)reader.ReadInt16();
unknown1 = reader.ReadInt16();
int messageSize = reader.ReadInt32();
List <byte> chars = new List <byte>();
// Switch endianness because text is stored in big endian
reader.CurrentEndian = Endian.Big;
for (int i = 0; i < messageSize; i++)
{
if (reader.PeekReadByte() == (byte)'C' || reader.PeekReadByte() == (byte)'#' || reader.PeekReadByte() == (byte)'I')
{
long curPos = reader.BaseStream.Position;
GetControlCode(reader, chars);
i--;
i += (int)(reader.BaseStream.Position - curPos);
}
else
{
chars.Add(reader.ReadByte());
}
}
if (chars[chars.Count - 1] != 0)
{
chars[chars.Count - 1] = 0;
}
reader.CurrentEndian = Endian.Little;
Encoding shiftJis = Encoding.GetEncoding(932);
char[] test = shiftJis.GetChars(chars.ToArray());
string testString = new string(test);
message = testString.Normalize(NormalizationForm.FormKD).Trim('\0');
PadStream(reader, 4);
while (reader.PeekReadUInt32() > 12)
{
reader.SkipByte();
}
}
public void CompareMatch(NameID match)
{
if (match == Id)
{
// Matched.Value = true;
OnMatch.Invoke();
print("Match motha flippa");
// StartCoroutine(Restart());
}
else
{
NoMatch.Invoke();
}
}
private IEnumerator CheckId(NameID nameId, List <possibleMatch> possibleMatches)
{
if (nameId == null)
{
yield break;
}
otherIdObj = nameId;
foreach (var obj in possibleMatches)
{
if (otherIdObj == obj.nameIdObj)
{
obj.workEvent.Invoke();
yield return(waitObj);
obj.delayedEvent.Invoke();
}
}
}
/// <summary>
/// Performs the attribute query against the specified IdP endpoint and adds the resulting attributes to Saml20Identity.Current.
/// </summary>
/// <param name="context">The http context.</param>
/// <param name="endPoint">The IdP to perform the query against.</param>
/// <param name="nameIdFormat">The nameid format.</param>
public void PerformQuery(HttpContext context, IDPEndPoint endPoint, string nameIdFormat)
{
Trace.TraceMethodCalled(GetType(), "PerformQuery()");
HttpSOAPBindingBuilder builder = new HttpSOAPBindingBuilder(context);
NameID name = new NameID();
name.Value = Saml20Identity.Current.Name;
name.Format = nameIdFormat;
_attrQuery.Subject.Items = new object[] { name };
_attrQuery.SamlAttribute = _attributes.ToArray();
XmlDocument query = new XmlDocument();
query.XmlResolver = null;
query.LoadXml(Serialization.SerializeToXmlString(_attrQuery));
var signingCertificate = FederationConfig.GetConfig().SigningCertificate.GetCertificate();
var shaHashingAlgorithm = SignatureProviderFactory.ValidateShaHashingAlgorithm(endPoint.ShaHashingAlgorithm);
var signatureProvider = SignatureProviderFactory.CreateFromShaHashingAlgorithmName(shaHashingAlgorithm);
signatureProvider.SignAssertion(query, ID, signingCertificate);
if (query.FirstChild is XmlDeclaration)
{
query.RemoveChild(query.FirstChild);
}
Stream s;
if (Trace.ShouldTrace(TraceEventType.Information))
{
Trace.TraceData(TraceEventType.Information, string.Format(Tracing.SendAttrQuery, endPoint.metadata.GetAttributeQueryEndpointLocation(), query.OuterXml));
}
try
{
s = builder.GetResponse(endPoint.metadata.GetAttributeQueryEndpointLocation(), query.OuterXml,
endPoint.AttributeQuery);
}
catch (Exception e)
{
Trace.TraceData(TraceEventType.Error, e.ToString());
throw;
}
HttpSOAPBindingParser parser = new HttpSOAPBindingParser(s);
Status status = parser.GetStatus();
if (status.StatusCode.Value != Saml20Constants.StatusCodes.Success)
{
Trace.TraceData(TraceEventType.Error,
string.Format(Tracing.AttrQueryStatusError, Serialization.SerializeToXmlString(status)));
throw new Saml20Exception(status.StatusMessage);
}
bool isEncrypted;
XmlElement xmlAssertion = Saml20SignonHandler.GetAssertion(parser.SamlMessage, out isEncrypted);
if (isEncrypted)
{
Saml20EncryptedAssertion ass =
new Saml20EncryptedAssertion(
(RSA)FederationConfig.GetConfig().SigningCertificate.GetCertificate().PrivateKey);
ass.LoadXml(xmlAssertion);
ass.Decrypt();
xmlAssertion = ass.Assertion.DocumentElement;
}
Saml20Assertion assertion =
new Saml20Assertion(xmlAssertion, null,
AssertionProfile.Core, endPoint.QuirksMode);
assertion.Validate(DateTime.UtcNow);
if (Trace.ShouldTrace(TraceEventType.Information))
{
Trace.TraceData(TraceEventType.Information, string.Format(Tracing.AttrQueryAssertion, xmlAssertion == null ? string.Empty : xmlAssertion.OuterXml));
}
IEnumerable <string> validationFailures;
if (!assertion.CheckSignature(Saml20SignonHandler.GetTrustedSigners(endPoint.metadata.Keys, endPoint, out validationFailures)))
{
Trace.TraceData(TraceEventType.Error, Resources.SignatureInvalid);
throw new Saml20Exception(Resources.SignatureInvalid);
}
foreach (SamlAttribute attr in assertion.Attributes)
{
Saml20Identity.Current.AddAttributeFromQuery(attr.Name, attr);
}
}
protected override Assertion GenerateAssertion()
{
//Create SubjectConfirmationData based on AuthLevel.
SubjectConfirmation subjectConf = new SubjectConfirmation();
if (AuthenticationLevel.Equals(AuthenticationLevel.UsernamePasswordAuthentication))
{
var subjectConfData = new SubjectConfirmationData
{
Item = new UsernameToken()
{
Username = Username, Password = Password
}
};
subjectConf.SubjectConfirmationData = subjectConfData;
}
else if (AuthenticationLevel.Equals(AuthenticationLevel.MocesTrustedUser) || AuthenticationLevel.Equals(AuthenticationLevel.VocesTrustedSystem))
{
var subjectConfData = new SubjectConfirmationData
{
Item = new KeyInfo
{
Item = "OCESSignature"
}
};
subjectConf.SubjectConfirmationData = subjectConfData;
subjectConf.ConfirmationMethod = ConfirmationMethod.urnoasisnamestcSAML20cmholderofkey;
}
//Create NameID based on alternative identifier
NameID nameId = new NameID();
if (string.IsNullOrEmpty(AlternativeIdentifier))
{
nameId.Format = SystemInfo.CareProvider.Type;
nameId.Value = SystemInfo.CareProvider.Id;
}
else
{
nameId.Format = SubjectIdentifierType.medcomother;
nameId.Value = AlternativeIdentifier;
}
var ass = new Assertion
{
IssueInstant = CreatedDate,
id = "IDCard",
Version = 2.0m,
Issuer = Issuer,
Conditions = new Conditions
{
NotBefore = CreatedDate,
NotOnOrAfter = ExpiryDate
},
Subject = new Subject
{
NameID = nameId,
SubjectConfirmation = AuthenticationLevel.Equals(AuthenticationLevel.NoAuthentication) ? null : subjectConf
},
AttributeStatement = new[]
{
new AttributeStatement
{
id = AttributeStatementID.IDCardData,
Attribute = new []
{
new Attribute {
Name = AttributeName.sosiIDCardID, AttributeValue = IdCardId
},
new Attribute {
Name = AttributeName.sosiIDCardVersion, AttributeValue = Version
},
new Attribute {
Name = AttributeName.sosiIDCardType, AttributeValue = "system"
},
new Attribute {
Name = AttributeName.sosiAuthenticationLevel, AttributeValue = AuthenticationLevel.Level.ToString()
},
new Attribute {
Name = AttributeName.sosiOCESCertHash, AttributeValue = CertHash,
}
}
},
new AttributeStatement
{
id = AttributeStatementID.SystemLog,
Attribute = new []
{
new Attribute {
Name = AttributeName.medcomITSystemName, AttributeValue = SystemInfo.ItSystemName
},
new Attribute
{
Name = AttributeName.medcomCareProviderID,
AttributeValue = SystemInfo.CareProvider.Id,
NameFormatSpecified = true,
NameFormat = SystemInfo.CareProvider.Type
},
new Attribute {
Name = AttributeName.medcomCareProviderName, AttributeValue = SystemInfo.CareProvider.OrgName
},
}
}
}
};
return(ass);
}
private void OnTriggerEnter(Collider other)
{
otherIDObj = other.GetComponent <BehaviorID>().nameIDObj;
CheckID();
}
public void ValidateNameID(NameID nameID)
{
if (nameID == null)
{
throw new ArgumentNullException("nameID");
}
if (string.IsNullOrEmpty(nameID.Format))
{
return;
}
if (!Uri.IsWellFormedUriString(nameID.Format, UriKind.Absolute))
{
throw new Saml20FormatException("NameID element has Format attribute which is not a wellformed absolute uri.");
}
// The processing rules from [SAML2.0std] section 8.3 are implemented here
if (nameID.Format == Saml20Constants.NameIdentifierFormats.Email)
{
if (!Saml20Utils.ValidateRequiredString(nameID.Value))
{
throw new Saml20FormatException("NameID with Email Format attribute MUST contain a Value that contains more than whitespace characters");
}
try
{
new MailAddress(nameID.Value);
}
catch (FormatException fe)
{
throw new Saml20FormatException("Value of NameID is not a valid email address according to the IETF RFC 2822 specification", fe);
}
catch (IndexOutOfRangeException ie)
{
throw new Saml20FormatException("Value of NameID is not a valid email address according to the IETF RFC 2822 specification", ie);
}
}
else if (nameID.Format == Saml20Constants.NameIdentifierFormats.X509SubjectName)
{
if (!Saml20Utils.ValidateRequiredString(nameID.Value))
{
throw new Saml20FormatException("NameID with X509SubjectName Format attribute MUST contain a Value that contains more than whitespace characters");
}
// TODO: Consider checking for correct encoding of the Value according to the
// XML Signature Recommendation (http://www.w3.org/TR/xmldsig-core/) section 4.4.4
}
else if (nameID.Format == Saml20Constants.NameIdentifierFormats.Windows)
{
// Required format is 'DomainName\UserName' but the domain name and the '\' are optional
if (!Saml20Utils.ValidateRequiredString(nameID.Value))
{
throw new Saml20FormatException("NameID with Windows Format attribute MUST contain a Value that contains more than whitespace characters");
}
}
else if (nameID.Format == Saml20Constants.NameIdentifierFormats.Kerberos)
{
// Required format is 'name[/instance]@REALM'
if (!Saml20Utils.ValidateRequiredString(nameID.Value))
{
throw new Saml20FormatException("NameID with Kerberos Format attribute MUST contain a Value that contains more than whitespace characters");
}
if (nameID.Value.Length < 3)
{
throw new Saml20FormatException("NameID with Kerberos Format attribute MUST contain a Value with at least 3 characters");
}
if (nameID.Value.IndexOf("@") < 0)
{
throw new Saml20FormatException("NameID with Kerberos Format attribute MUST contain a Value that contains a '@'");
}
//TODO: Consider implementing the rules for 'name', 'instance' and 'REALM' found in IETF RFC 1510 (http://www.ietf.org/rfc/rfc1510.txt) here
}
else if (nameID.Format == Saml20Constants.NameIdentifierFormats.Entity)
{
if (!Saml20Utils.ValidateRequiredString(nameID.Value))
{
throw new Saml20FormatException("NameID with Entity Format attribute MUST contain a Value that contains more than whitespace characters");
}
if (nameID.Value.Length > 1024)
{
throw new Saml20FormatException("NameID with Entity Format attribute MUST have a Value that contains no more than 1024 characters");
}
if (nameID.NameQualifier != null)
{
throw new Saml20FormatException("NameID with Entity Format attribute MUST NOT set the NameQualifier attribute");
}
if (nameID.SPNameQualifier != null)
{
throw new Saml20FormatException("NameID with Entity Format attribute MUST NOT set the SPNameQualifier attribute");
}
if (nameID.SPProvidedID != null)
{
throw new Saml20FormatException("NameID with Entity Format attribute MUST NOT set the SPProvidedID attribute");
}
}
else if (nameID.Format == Saml20Constants.NameIdentifierFormats.Persistent)
{
if (!Saml20Utils.ValidateRequiredString(nameID.Value))
{
throw new Saml20FormatException("NameID with Persistent Format attribute MUST contain a Value that contains more than whitespace characters");
}
if (nameID.Value.Length > 256)
{
throw new Saml20FormatException("NameID with Persistent Format attribute MUST have a Value that contains no more than 256 characters");
}
}
else if (nameID.Format == Saml20Constants.NameIdentifierFormats.Transient)
{
if (!Saml20Utils.ValidateRequiredString(nameID.Value))
{
throw new Saml20FormatException("NameID with Transient Format attribute MUST contain a Value that contains more than whitespace characters");
}
if (nameID.Value.Length > 256)
{
throw new Saml20FormatException("NameID with Transient Format attribute MUST have a Value that contains no more than 256 characters");
}
if (!Saml20Utils.ValidateIDString(nameID.Value))
{
throw new Saml20FormatException("NameID with Transient Format attribute MUST have a Value with at least 16 characters (the equivalent of 128 bits)");
}
}
}
private Assertion CreateAssertion(User user, string receiver, string nameIdFormat)
{
Assertion assertion = new Assertion();
{ // Subject element
assertion.Subject = new Subject();
assertion.ID = "id" + Guid.NewGuid().ToString("N");
assertion.IssueInstant = DateTime.Now.AddMinutes(10);
assertion.Issuer = new NameID();
assertion.Issuer.Value = IDPConfig.ServerBaseUrl;
SubjectConfirmation subjectConfirmation = new SubjectConfirmation();
subjectConfirmation.Method = SubjectConfirmation.BEARER_METHOD;
subjectConfirmation.SubjectConfirmationData = new SubjectConfirmationData();
subjectConfirmation.SubjectConfirmationData.NotOnOrAfter = DateTime.Now.AddHours(1);
subjectConfirmation.SubjectConfirmationData.Recipient = receiver;
NameID nameId = new NameID();
nameId.Format = nameIdFormat;
if (nameIdFormat == Saml20Constants.NameIdentifierFormats.Transient)
{
nameId.Value = $"https://data.gov.dk/model/core/eid/{user.Profile}/uuid/" + Guid.NewGuid();
}
else
{
nameId.Value = $"https://data.gov.dk/model/core/eid/{user.Profile}/uuid/{user.uuid}";
}
assertion.Subject.Items = new object[] { nameId, subjectConfirmation };
}
{ // Conditions element
assertion.Conditions = new Conditions();
assertion.Conditions.Items = new List <ConditionAbstract>();
assertion.Conditions.NotOnOrAfter = DateTime.Now.AddHours(1);
AudienceRestriction audienceRestriction = new AudienceRestriction();
audienceRestriction.Audience = new List <string>();
audienceRestriction.Audience.Add(receiver);
assertion.Conditions.Items.Add(audienceRestriction);
}
List <StatementAbstract> statements = new List <StatementAbstract>(2);
{ // AuthnStatement element
AuthnStatement authnStatement = new AuthnStatement();
authnStatement.AuthnInstant = DateTime.Now;
authnStatement.SessionIndex = Convert.ToString(new Random().Next());
authnStatement.AuthnContext = new AuthnContext();
authnStatement.AuthnContext.Items =
new object[] { "urn:oasis:names:tc:SAML:2.0:ac:classes:X509" };
// Wow! Setting the AuthnContext is .... verbose.
authnStatement.AuthnContext.ItemsElementName =
new ItemsChoiceType5[] { ItemsChoiceType5.AuthnContextClassRef };
statements.Add(authnStatement);
}
{ // Generate attribute list.
AttributeStatement attributeStatement = new AttributeStatement();
List <SamlAttribute> attributes = new List <SamlAttribute>(user.Attributes.Count);
foreach (KeyValuePair <string, string> att in user.Attributes)
{
var existingAttribute = attributes.FirstOrDefault(x => x.Name == att.Key);
if (existingAttribute != null)
{
var attributesValues = new List <string>();
attributesValues.AddRange(existingAttribute.AttributeValue);
attributesValues.Add(att.Value);
existingAttribute.AttributeValue = attributesValues.ToArray();
}
else
{
SamlAttribute attribute = new SamlAttribute();
attribute.Name = att.Key;
attribute.AttributeValue = new string[] { att.Value };
attribute.NameFormat = SamlAttribute.NAMEFORMAT_URI;
attributes.Add(attribute);
}
}
attributeStatement.Items = attributes.ToArray();
statements.Add(attributeStatement);
}
assertion.Items = statements.ToArray();
return(assertion);
}
private void Call(NameID id)
{
throw new NotImplementedException();
}
private void OnTriggerEnter(Collider other)
{
otherNameID = other.GetComponent <BehaviorID>().nameIDObj;
ChangeValue();
}
private void OnTriggerEnter(Collider other)
{
id = other.GetComponent <ObjectID>().ID;
Call(id);
}
private void OnTriggerExit(Collider other)
{
otherIdObj = other.GetComponent <IDBehavior>().nameIdObj;
StartCoroutine(CheckId(otherIdObj, triggerExitMatches));
//CheckId(otherIdObj, );
}
// Process a successful SAML response.
private void ProcessSuccessSAMLResponse(SAMLResponse samlResponse, string relayState)
{
//Processing successful SAML response
// Load the decryption key.
X509Certificate2 x509Certificate = GetSelerixCertificate();
// Extract the asserted identity from the SAML response.
SAMLAssertion samlAssertion = null;
if (samlResponse.GetAssertions().Count > 0)
{
samlAssertion = samlResponse.GetAssertions()[0];
}
else if (samlResponse.GetEncryptedAssertions().Count > 0)
{
//"Decrypting assertion");
samlAssertion = samlResponse.GetEncryptedAssertions()[0].Decrypt(x509Certificate.PrivateKey, null);
}
else if (samlResponse.GetSignedAssertions().Count > 0)
{
samlAssertion = new SAMLAssertion(samlResponse.GetSignedAssertions()[0]);
}
else
{
throw new ArgumentException("No assertions in response");
}
// Get the subject name identifier.
string userName = null;
if (samlAssertion.Subject.NameID != null)
{
userName = samlAssertion.Subject.NameID.NameIdentifier;
}
else if (samlAssertion.Subject.EncryptedID != null)
{
//"Decrypting ID");
NameID nameID = samlAssertion.Subject.EncryptedID.Decrypt(x509Certificate.PrivateKey, null);
userName = nameID.NameIdentifier;
}
else
{
throw new ArgumentException("No name in subject");
}
Dictionary <string, string> outputData = new Dictionary <string, string>();
foreach (AttributeStatement attributeStatement in samlAssertion.GetAttributeStatements())
{
foreach (SAMLAttribute samlAttribute in attributeStatement.GetUnencryptedAttributes())
{
foreach (AttributeValue attributeValue in samlAttribute.Values)
{
if (!outputData.ContainsKey(samlAttribute.Name))
{
outputData.Add(samlAttribute.Name, attributeValue.ToString());
}
else
{
outputData[samlAttribute.Name] = attributeValue.ToString();
}
}
}
foreach (EncryptedAttribute encryptedAttribute in attributeStatement.GetEncryptedAttributes())
{
SAMLAttribute samlAttribute = encryptedAttribute.Decrypt(x509Certificate.PrivateKey, null);
foreach (AttributeValue attributeValue in samlAttribute.Values)
{
if (!outputData.ContainsKey(samlAttribute.Name))
{
outputData.Add(samlAttribute.Name, attributeValue.ToString());
}
else
{
outputData[samlAttribute.Name] = attributeValue.ToString();
}
}
}
}
// prevent the output of aspx page from being cached by the browser
Response.AddHeader("Cache-Control", "no-cache");
Response.AddHeader("Pragma", "no-cache");
if (outputData.ContainsKey("Transmittal"))
{
Session["Transmittal"] = Selerix.Foundation.Data.SerializationHelper.DeserializeFromString(outputData["Transmittal"], typeof(Transmittal));
}
else
{
Session["Transmittal"] = null;
}
Session["SAMLParameters"] = outputData;
Response.Redirect("~/ShowTransmittal.aspx", false);
//"Processed successful SAML response");
}
private void OnTriggerEnter(Collider other)
{
otherNameID = other.GetComponent <BehaviourID>().nameIdObj;
ChangeHealth();
}
private void OnTriggerEnter(Collider other)
{
otherIDObj = other.GetComponent <IDBehaviour>().nameIDObjs;
}
