public override void Sign(X509Certificate2 cert, bool requiredSignature)
{
if (requiredSignature && cert == null)
{
throw new InvalidOperationException("Saml2 Missing Cert for Required Signing");
}
if (this.HasSignature)
{
throw new InvalidOperationException("Saml2 Document is Already Signed");
}
if (cert == null)
{
return;
}
if (this.SignatureAlgorithm == null)
{
this.SignatureAlgorithm = Cryptography.XmlSignatureAlgorithmType.RsaSha256;
}
if (this.DigestAlgorithm == null)
{
this.DigestAlgorithm = Cryptography.XmlDigestAlgorithmType.Sha256;
}
this.Document = X509XmlSigner.SignXmlDoc(this.Document, cert, this.SignatureAlgorithm.Value, this.DigestAlgorithm.Value);
this.HasSignature = true;
}
internal Saml2FormBinding(IdentityHttpRequest request, BindingDirection bindingDirection)
{
this.BindingDirection = bindingDirection;
string samlEncoded = this.BindingDirection switch
{
BindingDirection.Request => request.Form[Saml2Names.RequestParameterName],
BindingDirection.Response => request.Form[Saml2Names.ResponseParameterName],
_ => throw new NotImplementedException(),
};
var samlRequestDecoded = DecodeSaml(samlEncoded);
this.Document = new XmlDocument();
this.Document.LoadXml(samlRequestDecoded);
this.HasSignature = X509XmlSigner.HasSignature(this.Document.DocumentElement);
if (this.HasSignature)
{
this.SignatureAlgorithm = X509XmlSigner.GetSignatureAlgorithm(this.Document.DocumentElement);
this.DigestAlgorithm = X509XmlSigner.GetDigestAlgorithm(this.Document.DocumentElement);
}
this.HasEncryption = X509XmlEncryptor.HasEncryptedDataElements(this.Document.DocumentElement);
if (this.HasEncryption)
{
this.EncryptionAlgorithm = X509XmlEncryptor.GetEncryptionAlgorithm(this.Document.DocumentElement);
}
}
public override void ValidateSignature(X509Certificate2 cert, bool requiredSignature)
{
if (requiredSignature && cert == null)
{
throw new InvalidOperationException("Saml2 Missing Cert for Validating Required Signature");
}
if (requiredSignature && !this.HasSignature)
{
throw new IdentityProviderException("Saml2 Document Missing Required Signature");
}
if (cert == null)
{
return;
}
if (this.HasSignature)
{
var validSignature = X509XmlSigner.Validate(this.Document, cert);
if (!validSignature)
{
throw new IdentityProviderException("Saml2 Document Signature Not Valid");
}
}
}
internal Saml2StreamBinding(Saml2Document document, XmlSignatureAlgorithmType?signatureAlgorithm = null, XmlDigestAlgorithmType?digestAlgorithm = null)
{
this.BindingDirection = document.BindingDirection;
this.Document = document.GetSaml();
this.HasSignature = X509XmlSigner.HasSignature(this.Document.DocumentElement);
}
internal Saml2StreamBinding(WebResponse response, BindingDirection bindingDirection)
{
this.BindingDirection = bindingDirection;
var stream = response.GetResponseStream();
var sr = new System.IO.StreamReader(stream);
var body = sr.ReadToEnd();
response.Close();
this.Document = new XmlDocument();
this.Document.LoadXml(body);
this.HasSignature = X509XmlSigner.HasSignature(this.Document.DocumentElement);
}
internal Saml2FormBinding(Saml2Document document, XmlSignatureAlgorithmType?signatureAlgorithm, XmlDigestAlgorithmType?digestAlgorithm, XmlEncryptionAlgorithmType?encryptionAlgorithm)
{
this.BindingDirection = document.BindingDirection;
this.SignatureAlgorithm = signatureAlgorithm;
this.DigestAlgorithm = digestAlgorithm;
this.EncryptionAlgorithm = encryptionAlgorithm;
this.Document = document.GetSaml();
this.HasSignature = X509XmlSigner.HasSignature(this.Document.DocumentElement);
if (this.HasSignature)
{
this.SignatureAlgorithm = X509XmlSigner.GetSignatureAlgorithm(this.Document.DocumentElement);
this.DigestAlgorithm = X509XmlSigner.GetDigestAlgorithm(this.Document.DocumentElement);
}
this.HasEncryption = X509XmlEncryptor.HasEncryptedDataElements(this.Document.DocumentElement);
if (this.HasEncryption)
{
this.EncryptionAlgorithm = X509XmlEncryptor.GetEncryptionAlgorithm(this.Document.DocumentElement);
}
}
