/// <summary>EncodeAndSignPost</summary>
/// <param name="saml">string</param>
/// <param name="referenceId">string</param>
/// <param name="rsa">RSA</param>
/// <returns>RedirectPost用SAML文字列</returns>
public static string EncodeAndSignPost(string saml, string referenceId = "", RSA rsa = null)
{
//// エンコーディング オブジェクトの取得
//Encoding enc = XmlLib.GetEncodingFromXmlDeclaration(saml);
if (rsa == null)
{
// 署名しない
}
else
{
// 署名する
SignedXml2 signedXml2 = new SignedXml2(rsa);
saml = signedXml2.Create(saml, referenceId).OuterXml;
}
// XML (→ XML宣言のエンコーディングではなく、asciiエンコーディングに変更) → Base64エンコード
return(CustomEncode.ToBase64String(CustomEncode.StringToByte(
saml, CustomEncode.us_ascii))); //enc.CodePage));
}
/// <summary>DecodePost</summary>
/// <param name="saml">デコードされたsaml</param>
/// <param name="referenceId">string</param>
/// <param name="rsa">RSA</param>
/// <returns>bool</returns>
public static bool VerifyPost(string saml, string referenceId, RSA rsa)
{
SignedXml2 signedXml2 = new SignedXml2(rsa);
return(signedXml2.Verify(saml, referenceId));
}
/// <summary>CreateAssertion</summary>
/// <param name="inResponseTo">string</param>
/// <param name="issuer">string</param>
/// <param name="nameID">string</param>
/// <param name="nameIDFormat">SAML2Enum.NameIDFormat</param>
/// <param name="authnContextClassRef">SAML2Enum.AuthnContextClassRef</param>
/// <param name="expiresFromSecond">double</param>
/// <param name="recipient">string</param>
/// <param name="id">string</param>
/// <param name="rsa">RSA</param>
/// <returns>SAMLAssertion</returns>
public static XmlDocument CreateAssertion(
string inResponseTo, string issuer, string nameID,
SAML2Enum.NameIDFormat nameIDFormat,
SAML2Enum.AuthnContextClassRef authnContextClassRef,
double expiresFromSecond, string recipient,
out string id, RSA rsa = null)
{
// idの先頭は[A-Za-z]のみで、s2とするのが慣例っぽい。
id = "s2" + Guid.NewGuid().ToString("N");
string xmlString = SAML2Const.AssertionTemplate;
#region enum 2 string
string urnNameIDFormatString = SAML2Enum.EnumToString(nameIDFormat);
string urnAuthnContextClassRefString = SAML2Enum.EnumToString(authnContextClassRef);
#endregion
#region Replace
// 固定値
xmlString = xmlString.Replace("{UrnProtocol}", SAML2Const.UrnProtocol);
xmlString = xmlString.Replace("{UrnAssertion}", SAML2Const.UrnAssertion);
xmlString = xmlString.Replace("{UrnMethod}", SAML2Const.UrnMethodBearer);
// 可変値
// - ID
xmlString = xmlString.Replace("{ID}", id);
xmlString = xmlString.Replace("{InResponseTo}", inResponseTo);
xmlString = xmlString.Replace("{Issuer}", issuer);
// - 認証関連
xmlString = xmlString.Replace("{NameID}", nameID);
xmlString = xmlString.Replace("{UrnNameIDFormat}", urnNameIDFormatString);
xmlString = xmlString.Replace("{UrnAuthnContextClassRef}", urnAuthnContextClassRefString);
// - 時間関連
string utcNow = FormatConverter.ToW3cTimestamp(DateTime.UtcNow);
xmlString = xmlString.Replace("{IssueInstant}", utcNow);
xmlString = xmlString.Replace("{AuthnInstant}", utcNow);
xmlString = xmlString.Replace("{NotBefore}", utcNow);
string utcExpires = FormatConverter.ToW3cTimestamp(DateTime.UtcNow.AddSeconds(expiresFromSecond));
xmlString = xmlString.Replace("{NotOnOrAfter}", utcExpires);
// - SP関連
xmlString = xmlString.Replace("{Recipient}", recipient);
xmlString = xmlString.Replace("{Audience}", recipient); // recipientのFQDNまでらしい
// XmlDocument化
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.PreserveWhitespace = false;
xmlDoc.LoadXml(xmlString);
#endregion
#region Sign
if (rsa != null)
{
SignedXml2 signedXml2 = new SignedXml2(rsa);
xmlDoc = signedXml2.Create(xmlDoc, id);
}
#endregion
return(xmlDoc);
}
