/// <summary> /// Gets the certificate specifications. /// </summary> /// <param name="endpoint">The endpoint.</param> /// <returns>A list of certificate validation specifications for this endpoint</returns> public static List <ICertificateSpecification> GetCertificateSpecifications(IDPEndPoint endpoint) { List <ICertificateSpecification> specs = new List <ICertificateSpecification>(); if (endpoint.CertificateValidation != null && endpoint.CertificateValidation.CertificateValidations != null && endpoint.CertificateValidation.CertificateValidations.Count > 0) { foreach (CertificateValidationElement elem in endpoint.CertificateValidation.CertificateValidations) { try { ICertificateSpecification val = (ICertificateSpecification)Activator.CreateInstance(Type.GetType(elem.type)); specs.Add(val); }catch (Exception e) { Trace.TraceData(TraceEventType.Error, e.ToString()); } } } if (specs.Count == 0) { //Add default specification specs.Add(new DefaultCertificateSpecification()); } return(specs); }
/// <summary> /// Enables processing of HTTP Web requests by a custom HttpHandler that implements the <see cref="T:System.Web.IHttpHandler"/> interface. /// </summary> /// <param name="context">An <see cref="T:System.Web.HttpContext"/> object that provides references to the intrinsic server objects (for example, Request, Response, Session, and Server) used to service HTTP requests.</param> public override void ProcessRequest(HttpContext context) { try { Trace.TraceMethodCalled(GetType(), "ProcessRequest()"); SAML20FederationConfig config = SAML20FederationConfig.GetConfig(); if (config == null) { throw new Saml20Exception("Missing SAML20Federation config section in web.config."); } Saml20ServiceEndpoint endp = config.ServiceProvider.serviceEndpoints.Find(delegate(Saml20ServiceEndpoint ep) { return(ep.endpointType == EndpointType.SIGNON); }); if (endp == null) { throw new Saml20Exception("Signon endpoint not found in configuration"); } string returnUrl = config.ServiceProvider.Server + endp.localPath + "?r=1"; HttpCookie samlIdp = context.Request.Cookies[CommonDomainCookie.COMMON_DOMAIN_COOKIE_NAME]; if (samlIdp != null) { returnUrl += "&_saml_idp=" + HttpUtility.UrlEncode(samlIdp.Value); if (Trace.ShouldTrace(TraceEventType.Information)) { Trace.TraceData(TraceEventType.Information, string.Format(Tracing.CDC, samlIdp.Value)); } AuditLogging.logEntry(Direction.OUT, Operation.AUTHNREQUEST_REDIRECT, "Redirection to Signon endpoint found in Common Domain Cookie: " + samlIdp.Value); } else { AuditLogging.logEntry(Direction.OUT, Operation.AUTHNREQUEST_REDIRECT, "Redirection to Signon endpoint, no Common Domain Cookie found: " + returnUrl); } context.Response.Redirect(returnUrl); } catch (Exception ex) { HandleError(context, ex); } }
/// <summary> /// Determines whether the specified certificate is considered valid according to the RFC3280 specification. /// /// </summary> /// <param name="certificate">The certificate to validate.</param> /// <returns> /// <c>true</c> if valid; otherwise, <c>false</c>. /// </returns> public bool IsSatisfiedBy(X509Certificate2 certificate) { bool useMachineContext = false; X509ChainPolicy chainPolicy = new X509ChainPolicy(); chainPolicy.RevocationMode = X509RevocationMode.Online; X509CertificateValidator defaultCertificateValidator = X509CertificateValidator.CreateChainTrustValidator(useMachineContext, chainPolicy); try { defaultCertificateValidator.Validate(certificate); return(true); }catch (Exception e) { Trace.TraceData(TraceEventType.Warning, string.Format(Tracing.CertificateIsNotRFC3280Valid, certificate.SubjectName.Name, certificate.Thumbprint, e)); } return(false); }
/// <summary> /// Determines whether the specified certificate is considered valid by this specification. /// Always returns true. No online validation attempted. /// </summary> /// <param name="certificate">The certificate to validate.</param> /// <returns> /// <c>true</c>. /// </returns> public bool IsSatisfiedBy(X509Certificate2 certificate) { X509ChainPolicy chainPolicy = new X509ChainPolicy(); chainPolicy.RevocationMode = X509RevocationMode.NoCheck; chainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority; X509CertificateValidator defaultCertificateValidator = X509CertificateValidator.CreateChainTrustValidator(false, chainPolicy); try { defaultCertificateValidator.Validate(certificate); return(true); } catch (Exception e) { Trace.TraceData(TraceEventType.Warning, string.Format(Tracing.CertificateIsNotRFC3280Valid, certificate.SubjectName.Name, certificate.Thumbprint, e)); } return(false); }