internal Saml2FormBinding(IdentityHttpRequest request, BindingDirection bindingDirection)
{
this.BindingDirection = bindingDirection;
string samlEncoded = this.BindingDirection switch
{
BindingDirection.Request => request.Form[Saml2Names.RequestParameterName],
BindingDirection.Response => request.Form[Saml2Names.ResponseParameterName],
_ => throw new NotImplementedException(),
};
var samlRequestDecoded = DecodeSaml(samlEncoded);
this.Document = new XmlDocument();
this.Document.LoadXml(samlRequestDecoded);
this.HasSignature = X509XmlSigner.HasSignature(this.Document.DocumentElement);
if (this.HasSignature)
{
this.SignatureAlgorithm = X509XmlSigner.GetSignatureAlgorithm(this.Document.DocumentElement);
this.DigestAlgorithm = X509XmlSigner.GetDigestAlgorithm(this.Document.DocumentElement);
}
this.HasEncryption = X509XmlEncryptor.HasEncryptedDataElements(this.Document.DocumentElement);
if (this.HasEncryption)
{
this.EncryptionAlgorithm = X509XmlEncryptor.GetEncryptionAlgorithm(this.Document.DocumentElement);
}
}
public override void Decrypt(X509Certificate2 cert, bool requiredEncryption)
{
if (requiredEncryption && cert == null)
{
throw new IdentityProviderException("Saml2 Missing Cert for Decryption");
}
if (requiredEncryption && !this.HasEncryption)
{
throw new IdentityProviderException("Saml2 Document Missing Required Encryption");
}
if (this.HasEncryption)
{
this.Document = X509XmlEncryptor.DecryptXmlDoc(this.Document, cert);
this.HasEncryption = false;
}
}
internal Saml2FormBinding(Saml2Document document, XmlSignatureAlgorithmType?signatureAlgorithm, XmlDigestAlgorithmType?digestAlgorithm, XmlEncryptionAlgorithmType?encryptionAlgorithm)
{
this.BindingDirection = document.BindingDirection;
this.SignatureAlgorithm = signatureAlgorithm;
this.DigestAlgorithm = digestAlgorithm;
this.EncryptionAlgorithm = encryptionAlgorithm;
this.Document = document.GetSaml();
this.HasSignature = X509XmlSigner.HasSignature(this.Document.DocumentElement);
if (this.HasSignature)
{
this.SignatureAlgorithm = X509XmlSigner.GetSignatureAlgorithm(this.Document.DocumentElement);
this.DigestAlgorithm = X509XmlSigner.GetDigestAlgorithm(this.Document.DocumentElement);
}
this.HasEncryption = X509XmlEncryptor.HasEncryptedDataElements(this.Document.DocumentElement);
if (this.HasEncryption)
{
this.EncryptionAlgorithm = X509XmlEncryptor.GetEncryptionAlgorithm(this.Document.DocumentElement);
}
}
public override void Encrypt(X509Certificate2 cert, bool requiredEncryption)
{
if (requiredEncryption && cert == null)
{
throw new InvalidOperationException("Saml2 Missing Cert for Required Encryption");
}
if (this.HasSignature)
{
throw new InvalidOperationException("Saml2 Document is already signed");
}
if (this.HasEncryption)
{
throw new InvalidOperationException("Saml2 Document is already encrypted");
}
if (this.EncryptionAlgorithm == null)
{
this.EncryptionAlgorithm = Cryptography.XmlEncryptionAlgorithmType.Aes128Cbc;
}
this.Document = X509XmlEncryptor.EncryptXmlDoc(this.Document, cert, this.EncryptionAlgorithm.Value, Saml2Names.AssertionPrefix, "Assertion", Saml2Names.AssertionPrefix, "EncryptedAssertion");
this.HasEncryption = true;
}
