private void InternalValidateSignature(Federation.Federation federation, ICredentialVault vault, bool checkTrust = true) { if (AuthenticationLevel.Level < AuthenticationLevel.VocesTrustedSystem.Level) { throw new ModelException("AuthenticationLevel does not support signature"); } if (Xassertion == null) { throw new ModelException("Assertion not initialized"); } if (!SealUtilities.CheckAssertionSignature(Xassertion)) { throw new ModelException("IDCard is not signed!"); } if (ConfigurationManager.AppSettings.AllKeys.Contains("CheckTrust")) { checkTrust = ConfigurationManager.AppSettings["CheckTrust"].ToLower().Equals("true"); } if (checkTrust) { var checkCrl = true; if (ConfigurationManager.AppSettings.AllKeys.Contains("CheckCrl")) { checkCrl = ConfigurationManager.AppSettings["CheckCrl"].ToLower().Equals("true"); } //Check that Signature is in credentialVault and that no certificate in chain is revoked if (!SignatureUtil.Validate(Xassertion, federation, vault, checkTrust, checkCrl)) { throw new ModelException("Signature on IdCard could not be validated"); } } }
public void TestSignAndValidateNotTrusted() { GenericCredentialVault vault = new GenericCredentialVault(); //Add test certificate to vault X509Certificate2 newCert = new X509Certificate2(AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "\\Resources\\oces2\\PP\\FOCES_gyldig.p12", "Test1234"); var cert2 = new X509Certificate2(AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "\\Resources\\oces2\\PP\\VOCES_gyldig.p12", "Test1234"); cert2.FriendlyName = vault.ALIAS_SYSTEM; vault.AddTrustedCertificate(cert2); var ass = AssertionMaker.MakeAssertionForSTS(newCert); var signedAss = SealUtilities.SignAssertion(ass, newCert); var signedXml = Serialize(signedAss); try { SignatureUtil.Validate(signedXml.Root, null, vault, true, true); } catch (Exception e) { //Assert.IsInstanceOfType(e, typeof(ModelException)); } }
private bool SignAndValidate(X509Certificate2 cert, bool checkTrust, bool checkRevoked) { GenericCredentialVault vault = new GenericCredentialVault(); cert.FriendlyName = vault.ALIAS_SYSTEM; vault.AddTrustedCertificate(cert); var ass = AssertionMaker.MakeAssertionForSTS(cert); var signedAss = SealUtilities.SignAssertion(ass, cert); var signedXml = Serialize(signedAss); return(SignatureUtil.Validate(signedXml.Root, null, vault, checkTrust, checkRevoked)); }
/// <summary> /// Checks the signature on the <see cref="OioWsTrustRequest"/> and whether the signing certificate is trusted. /// </summary> /// <param name="vault">The CredentialVault containing trusted certificates used to check trust for the <see cref="OioWsTrustRequest"/>.</param> public void ValidateSignatureAndTrust(ICredentialVault vault) { var checkTrust = false; if (ConfigurationManager.AppSettings.AllKeys.Contains("CheckTrust")) { checkTrust = ConfigurationManager.AppSettings["CheckTrust"].ToLower().Equals("true"); } var checkCrl = false; if (ConfigurationManager.AppSettings.AllKeys.Contains("CheckCrl")) { checkCrl = ConfigurationManager.AppSettings["CheckCrl"].ToLower().Equals("true"); } if (!SignatureUtil.Validate(dom, null, vault, checkTrust, checkCrl)) { throw new ModelBuildException("Liberty signature could not be validated"); } }