public IActionResult Index([FromBody] JObject json) { if (json == null) { throw new ArgumentNullException(nameof(json)); } var session = _sessionStore.GetSession(); if (session != null) { return(this.BuildError(Constants.ErrorCodes.Request, Constants.ErrorMessages.ActiveSession)); } JToken jTokenPinCode; if (!json.TryGetValue(Constants.DtoPropertyNames.PinCode, out jTokenPinCode)) { return(this.BuildError(Constants.ErrorCodes.Request, Constants.ErrorMessages.NoPinCode)); } if (ConfigurationHelper.IsFakeEidEnabled()) // For testing purpose we generate a fake session. { /* * var payload = System.Convert.FromBase64String("MIID7zCCAtegAwIBAgIQEAAAAAAAjzo9FBi9BAvSgTANBgkqhkiG9w0BAQUFADA1MQswCQYDVQQGEwJCRTEVMBMGA1UEAxMMRm9yZWlnbmVyIENBMQ8wDQYDVQQFEwYyMDE0MDIwHhcNMTQwMjA1MTIzMzEyWhcNMTkwMTMwMjM1OTU5WjB3MQswCQYDVQQGEwJGUjEoMCYGA1UEAxMfVGhpZXJyeSBIYWJhcnQgKEF1dGhlbnRpY2F0aW9uKTEPMA0GA1UEBBMGSGFiYXJ0MRcwFQYDVQQqEw5UaGllcnJ5IFJvYmVydDEUMBIGA1UEBRMLODkxMDA3Mzk1NzMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAI4At/6KxOpRKiFEluuMVRaP+YI4gKKeVpl10CY+vPln9P3dvUh7gdNWfEN2Fn0LzvOslVDWZeb+A8/HBhPePpTJ9sACPJG+BjcLKZYKwjc6eEKAHmDTqClTuvrSi5hzpEuDJ7gHQmzJcochdcKRr06MIg3wP7P8s91VxSJoKJ0/AgMBAAGjggE7MIIBNzAfBgNVHSMEGDAWgBTD/rhgVgSUYRHFYhTWJlYgS27SvTBwBggrBgEFBQcBAQRkMGIwNgYIKwYBBQUHMAKGKmh0dHA6Ly9jZXJ0cy5laWQuYmVsZ2l1bS5iZS9iZWxnaXVtcnMyLmNydDAoBggrBgEFBQcwAYYcaHR0cDovL29jc3AuZWlkLmJlbGdpdW0uYmUvMjBEBgNVHSAEPTA7MDkGB2A4CQEBBwIwLjAsBggrBgEFBQcCARYgaHR0cDovL3JlcG9zaXRvcnkuZWlkLmJlbGdpdW0uYmUwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5laWQuYmVsZ2l1bS5iZS9laWRmMjAxNDAyLmNybDAOBgNVHQ8BAf8EBAMCB4AwEQYJYIZIAYb4QgEBBAQDAgWgMA0GCSqGSIb3DQEBBQUAA4IBAQBSz7layb5HgSQM+ZB2np1/gAUJ+8wuxoU62vxGrj7T1K5tmRK5WeX4rpEJ8h0Nv1169GGng77xlAdE9s8noQXQ063SuBg/QAXSYTRF2T+g9rZinC12aljo/bLz8jWSBY8AM4GZQcVAQ31aD+mWzO0DPwVtDvhl0/6jFVprKFDhAnPJvzMQe7a6zwi5lL+GXIKrnNhlvfQDtxJRV4Jr1vps7ZBjXnAOuatMIxlJ9eafU3dgQ2TvTpwSVDV8UgrInhKD9cLBzymli4LeMWyD6qC3SwfDwRVODqNSIogBnSH91fn3nZUDKpUYfOCSGxNozGYZsVnqwO0jJf4E69O5lUgg"); * var certificate = new X509Certificate(payload); * var soapEnvelope = _ehealthSamlTokenRequestBuilder.New(certificate).Build(); * var xmlDocument = _soapMessageSerializer.Serialize(soapEnvelope); // STORE THE SOAP REQUEST. * _sessionStore.StoreSession(xmlDocument, type); */ } else { BeIdCardConnector beIdCardConnector = null; PcscConnection connect = null; PcscContext context = null; try { beIdCardConnector = new BeIdCardConnector(); // 1. Try to connect to the card reader. context = beIdCardConnector.EstablishContext(); var readers = beIdCardConnector.GetReaders(); if (!readers.Any()) { return(this.BuildError(Constants.ErrorCodes.Eid, Constants.ErrorMessages.NoCard)); } connect = beIdCardConnector.Connect(readers.First()); // 2. Construct SAML token. var certificate = beIdCardConnector.GetAuthenticateCertificate(); var identityPayload = beIdCardConnector.GetIdentity(); var addressPayload = beIdCardConnector.GetAddress(); var picturePayload = beIdCardConnector.GetPhoto(); var identity = _tlvParser.Parse <Identity>(identityPayload); var address = _tlvParser.Parse <Address>(addressPayload); var builder = _ehealthSamlTokenRequestBuilder.New(certificate); var soapEnvelope = builder.SetImage(picturePayload).SetIdentity(identity).SetAddress(address).Build(); var signSamlToken = new SignSamlToken(); var signatureNode = signSamlToken.BuildSignatureWithEid(soapEnvelope, jTokenPinCode.ToString(), beIdCardConnector); // 3. Build signature. soapEnvelope.Header.Security.Signature = signatureNode; var xmlDocument = _soapMessageSerializer.Serialize(soapEnvelope); _sessionStore.StoreSession(xmlDocument); _sessionHubContext.Clients.All.SendAsync("Session", new { xml = xmlDocument.OuterXml }); } catch (BeIdCardException ex) { return(this.BuildError(Constants.ErrorCodes.Eid, ex.Message)); } catch (Exception e) { return(this.BuildError(Constants.ErrorCodes.Server, Constants.ErrorMessages.CardError)); } finally { beIdCardConnector.Dispose(); } } return(new OkResult()); }
public void WhenAuthenticateUserWithSamlTokenThenNoExceptionIsThrown() { string outerXml; XmlDocument xmlDocument; SoapEnvelope soapEnvelope; var beIdCardConnector = new BeIdCardConnector(); var context = beIdCardConnector.EstablishContext(); var readers = beIdCardConnector.GetReaders(); var connection = beIdCardConnector.Connect(readers.First()); var ehealthSamlTokenRequestBuilder = new EhealthSamlTokenRequestBuilder(); // 1. Construct SAML token. var certificate = beIdCardConnector.GetAuthenticateCertificate(); var tlvParser = new TlvParser(); var identityPayload = beIdCardConnector.GetIdentity(); var addressPayload = beIdCardConnector.GetAddress(); var identity = tlvParser.Parse <Identity>(identityPayload); var address = tlvParser.Parse <Address>(addressPayload); ehealthSamlTokenRequestBuilder.New(certificate).SetIdentity(identity); soapEnvelope = ehealthSamlTokenRequestBuilder.Build(); var signSamlToken = new SignSamlToken(); // 2. Build signature. var signatureNode = signSamlToken.BuildSignatureWithEid(soapEnvelope, "0726", beIdCardConnector); soapEnvelope.Header.Security.Signature = signatureNode; var soapSerializer = new SoapMessageSerializer(); // 3. Serialize the request. xmlDocument = soapSerializer.Serialize(soapEnvelope); outerXml = xmlDocument.OuterXml; beIdCardConnector.Dispose(); var nsmgr = new XmlNamespaceManager(xmlDocument.NameTable); nsmgr.AddNamespace(Common.Saml.Constants.XmlPrefixes.Ds, Common.Saml.Constants.XmlNamespaces.Ds); nsmgr.AddNamespace(Common.Saml.Constants.XmlPrefixes.Wsse, Common.Saml.Constants.XmlNamespaces.Wsse); var signatureValue = xmlDocument.SelectSingleNode("//ds:SignatureValue", nsmgr).InnerText; // 5. Check signature value. var binarySecurityToken = xmlDocument.SelectSingleNode("//wsse:BinarySecurityToken", nsmgr).InnerText; var signedInfo = xmlDocument.SelectSingleNode("//ds:SignedInfo", nsmgr).OuterXml; var serializer = new XmlDsigExcC14NTransform(); var doc = new XmlDocument(); doc.LoadXml(signedInfo); serializer.LoadInput(doc); var c14n = new StreamReader((Stream)serializer.GetOutput(typeof(Stream))).ReadToEnd(); var signedInfoPayload = Encoding.UTF8.GetBytes(c14n); var b64 = Convert.ToBase64String(signedInfoPayload); byte[] hashResult = null; using (var sha = new SHA1CryptoServiceProvider()) { hashResult = sha.ComputeHash(signedInfoPayload); } var b64Hash = Convert.ToBase64String(hashResult); var signature = System.Convert.FromBase64String(signatureValue); var x509Certificate = new X509Certificate2(Convert.FromBase64String(binarySecurityToken)); var publicKey = x509Certificate.GetRSAPublicKey(); var isSignatureCorrect = publicKey.VerifyHash(hashResult, signature, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1); Assert.True(isSignatureCorrect); }