protected SignatureValidation ValidateXmlSignature(XmlElement xmlElement)
{
var xmlSignatures = xmlElement.SelectNodes($"*[local-name()='{Saml2Constants.Message.Signature}' and namespace-uri()='{Saml2SignedXml.XmlDsigNamespaceUrl}']");
if (xmlSignatures.Count == 0)
{
return(SignatureValidation.NotPresent);
}
if (xmlSignatures.Count > 1)
{
throw new InvalidSignatureException("There is more then one Signature element.");
}
foreach (var signatureValidationCertificate in SignatureValidationCertificates)
{
IdentityConfiguration.CertificateValidator.Validate(signatureValidationCertificate);
var signedXml = new Saml2SignedXml(xmlElement, signatureValidationCertificate, SignatureAlgorithm);
signedXml.LoadXml(xmlSignatures[0] as XmlElement);
if (signedXml.CheckSignature())
{
// Signature is valid.
return(SignatureValidation.Valid);
}
}
return(SignatureValidation.Invalid);
}
private void ValidateXmlSignature()
{
var signedXml = new Saml2SignedXml(XmlDocument);
var xmlSignatures = XmlDocument.DocumentElement.GetElementsByTagName(Saml2Constants.Message.Signature, Saml2SignedXml.XmlDsigNamespaceUrl);
if (xmlSignatures.Count == 0)
{
throw new Saml2ResponseException("Signature Not Found. Maybe the response is encrypted.");
}
else
{
signedXml.LoadXml(xmlSignatures[0] as XmlElement);
if (!signedXml.CheckSignature(SignatureValidationCertificate))
{
throw new Saml2ResponseException("Signature is invalid.");
}
}
}