protected SignatureValidation ValidateXmlSignature(XmlElement xmlElement)
        {
            var xmlSignatures = xmlElement.SelectNodes($"*[local-name()='{Saml2Constants.Message.Signature}' and namespace-uri()='{Saml2SignedXml.XmlDsigNamespaceUrl}']");

            if (xmlSignatures.Count == 0)
            {
                return(SignatureValidation.NotPresent);
            }
            if (xmlSignatures.Count > 1)
            {
                throw new InvalidSignatureException("There is more then one Signature element.");
            }

            foreach (var signatureValidationCertificate in SignatureValidationCertificates)
            {
                IdentityConfiguration.CertificateValidator.Validate(signatureValidationCertificate);

                var signedXml = new Saml2SignedXml(xmlElement, signatureValidationCertificate, SignatureAlgorithm);
                signedXml.LoadXml(xmlSignatures[0] as XmlElement);
                if (signedXml.CheckSignature())
                {
                    // Signature is valid.
                    return(SignatureValidation.Valid);
                }
            }
            return(SignatureValidation.Invalid);
        }
示例#2
0
        private void ValidateXmlSignature()
        {
            var signedXml = new Saml2SignedXml(XmlDocument);

            var xmlSignatures = XmlDocument.DocumentElement.GetElementsByTagName(Saml2Constants.Message.Signature, Saml2SignedXml.XmlDsigNamespaceUrl);

            if (xmlSignatures.Count == 0)
            {
                throw new Saml2ResponseException("Signature Not Found. Maybe the response is encrypted.");
            }
            else
            {
                signedXml.LoadXml(xmlSignatures[0] as XmlElement);
                if (!signedXml.CheckSignature(SignatureValidationCertificate))
                {
                    throw new Saml2ResponseException("Signature is invalid.");
                }
            }
        }