New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TCPWare Wise Turtle Pull Request #6

Closed
wants to merge 41 commits into
base: master
from
Commits
Jump to file or symbol
Failed to load files and symbols.
+113 −222
Diff settings

Always

Just for now

Viewing a subset of changes. View all

Refactor SamlHelper and Home Controller

to take advantage of the previous changes (IdP classes and X409 class)
  • Loading branch information...
ncarandini committed Oct 21, 2017
commit b8227f88888e8e75cc2e2cf2b333d7d83edee263
Copy path View file
@@ -10,6 +10,7 @@
using System.IO;
using TPCWare.Spid.Sdk.Schema;
using log4net;
using TPCWare.Spid.Sdk.IdP;
namespace TPCWare.Spid.Sdk
{
@@ -128,7 +129,7 @@ private static AssertionType CreateSamlAssertion(string issuer, string recipient
}
/// <summary>
/// GetPostSamlResponse - Returns a Base64 Encoded String with the SamlResponse in it.
/// GetPostSamlResponse - Returns a Base64 Encoded String with the SamlResponse in it with a Default Signature type.
/// </summary>
/// <param name="recipient">Recipient</param>
/// <param name="issuer">Issuer</param>
@@ -142,11 +143,10 @@ private static AssertionType CreateSamlAssertion(string issuer, string recipient
/// <param name="certFile">Certificate File (used instead of the above Certificate Parameters)</param>
/// <param name="certPassword">Certificate Password (used instead of the above Certificate Parameters)</param>
/// <param name="attributes">A list of attributes to pass</param>
/// <param name="signatureType">Whether to sign Response or Assertion</param>
/// <returns>A base64Encoded string with a SAML response.</returns>
public static string BuildPostSamlResponse(string recipient, string issuer, string domain, string subject,
StoreLocation storeLocation, StoreName storeName, X509FindType findType, string certFile, string certPassword, object findValue,
Dictionary<string, string> attributes, SigningHelper.SignatureType signatureType)
Dictionary<string, string> attributes)
{
ResponseType response = new ResponseType
{
@@ -191,7 +191,7 @@ private static AssertionType CreateSamlAssertion(string issuer, string recipient
string samlString = string.Empty;
AssertionType assertionType = Saml2Helper.CreateSamlAssertion(
AssertionType assertionType = CreateSamlAssertion(
issuer.Trim(), recipient.Trim(), domain.Trim(), subject.Trim(), attributes);
response.Items = new AssertionType[] { assertionType };
@@ -252,151 +252,107 @@ private static AssertionType CreateSamlAssertion(string issuer, string recipient
return returnValue;
}
/// <summary>
/// GetPostSamlResponse - Returns a Base64 Encoded String with the SamlResponse in it with a Default Signature type.
/// </summary>
/// <param name="recipient">Recipient</param>
/// <param name="issuer">Issuer</param>
/// <param name="domain">Domain</param>
/// <param name="subject">Subject</param>
/// <param name="storeLocation">Certificate Store Location</param>
/// <param name="storeName">Certificate Store Name</param>
/// <param name="findType">Certificate Find Type</param>
/// <param name="certLocation">Certificate Location</param>
/// <param name="findValue">Certificate Find Value</param>
/// <param name="certFile">Certificate File (used instead of the above Certificate Parameters)</param>
/// <param name="certPassword">Certificate Password (used instead of the above Certificate Parameters)</param>
/// <param name="attributes">A list of attributes to pass</param>
/// <returns>A base64Encoded string with a SAML response.</returns>
public static string BuildPostSamlResponse(string recipient, string issuer, string domain, string subject,
StoreLocation storeLocation, StoreName storeName, X509FindType findType, string certFile, string certPassword, object findValue,
Dictionary<string, string> attributes)
{
return BuildPostSamlResponse(recipient, issuer, domain, subject, storeLocation, storeName, findType, certFile, certPassword, findValue, attributes,
SigningHelper.SignatureType.Response);
}
/// <summary>
///
/// Build a signed SAML request.
/// </summary>
/// <param name="UUID"></param>
/// <param name="Destination"></param>
/// <param name="ConsumerServiceURL"></param>
/// <param name="uuid"></param>
/// <param name="destination"></param>
/// <param name="consumerServiceURL"></param>
/// <param name="securityLevel"></param>
/// <param name="certFile"></param>
/// <param name="certPassword"></param>
/// <param name="storeLocation"></param>
/// <param name="storeName"></param>
/// <param name="findType"></param>
/// <param name="findValue"></param>
/// <returns></returns>
public static string BuildPostSamlRequest(string UUID, string Destination, string ConsumerServiceURL, int SecurityLevel,
string certFile, string certPassword,
StoreLocation storeLocation, StoreName storeName,
X509FindType findType, object findValue, string IdentityProvider, int Enviroment)
/// <param name="identityProvider"></param>
/// <param name="enviroment"></param>
/// <returns>Returns a Base64 Encoded String of the SAML request</returns>
public static string BuildPostSamlRequest(string uuid, string destination, string consumerServiceURL, int securityLevel,
X509Certificate2 certificate, IdentityProvider identityProvider, int enviroment)
{
return BuildPostSamlRequest(UUID, Destination, ConsumerServiceURL, SecurityLevel, certFile, certPassword,
storeLocation, storeName, findType, findValue, SigningHelper.SignatureType.Request, IdentityProvider, Enviroment);
}
/// <summary>
///
/// </summary>
/// <param name="UUID"></param>
/// <param name="Destination"></param>
/// <param name="ConsumerServiceURL"></param>
/// <param name="certFile"></param>
/// <param name="certPassword"></param>
/// <param name="storeLocation"></param>
/// <param name="storeName"></param>
/// <param name="findType"></param>
/// <param name="findValue"></param>
/// <param name="signatureType"></param>
/// <returns></returns>
public static string BuildPostSamlRequest(string UUID, string Destination, string ConsumerServiceURL, int SecurityLevel,
string certFile, string certPassword,
StoreLocation storeLocation, StoreName storeName,
X509FindType findType, object findValue, SigningHelper.SignatureType signatureType, string IdentityProvider, int Enviroment)
{
AuthnRequestType MyRequest = new AuthnRequestType
if (string.IsNullOrWhiteSpace(uuid))
{
ID = UUID,
Version = "2.0"
};
DateTime now = DateTime.UtcNow;
DateTime after = now.AddMinutes(10);
string nowString = String.Empty;
string afterString = String.Empty;
if (IdentityProvider.Contains("sielte"))
{
// SIELTE
nowString = now.AddMinutes(-2).ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'Z'");
afterString = after.ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'Z'");
}
else
{
// POSTE - TIM - INFOCERT
nowString = now.ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'.'fff'Z'");
afterString = after.ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'.'fff'Z'");
log.Error("Error on BuildPostSamlRequest: The uuid parameter is null or empty.");
throw new ArgumentNullException("The uuid parameter can't be null or empty.");
}
MyRequest.IssueInstant = nowString;
if (SecurityLevel > 1)
if (string.IsNullOrWhiteSpace(destination))
{
MyRequest.ForceAuthn = true;
MyRequest.ForceAuthnSpecified = true;
log.Error("Error on BuildPostSamlRequest: The destination parameter is null or empty.");
throw new ArgumentNullException("The destination parameter can't be null or empty.");
}
MyRequest.Destination = Destination;
MyRequest.AssertionConsumerServiceIndex = (ushort)Enviroment ;
MyRequest.AssertionConsumerServiceIndexSpecified = true;
MyRequest.AttributeConsumingServiceIndex = 1;
MyRequest.AttributeConsumingServiceIndexSpecified = true;
NameIDType IssuerForRequest = new NameIDType
if (string.IsNullOrWhiteSpace(consumerServiceURL))
{
Value = ConsumerServiceURL.Trim(),
Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity",
NameQualifier = ConsumerServiceURL
};
MyRequest.Issuer = IssuerForRequest;
log.Error("Error on BuildPostSamlRequest: The consumerServiceURL parameter is null or empty.");
throw new ArgumentNullException("The consumerServiceURL parameter can't be null or empty.");
}
NameIDPolicyType NameIdPolicyForRequest = new NameIDPolicyType
if (certificate == null)
{
Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
AllowCreate = true,
AllowCreateSpecified = true
};
MyRequest.NameIDPolicy = NameIdPolicyForRequest;
log.Error("Error on BuildPostSamlRequest: The certificate parameter is null.");
throw new ArgumentNullException("The certificate parameter can't be null.");
}
ConditionsType Conditional = new ConditionsType();
if (IdentityProvider.Contains("sielte"))
if (identityProvider == null)
{
// SIELTE
Conditional.NotBefore = nowString;
log.Error("Error on BuildPostSamlRequest: The identityProvider parameter is null.");
throw new ArgumentNullException("The identityProvider parameter can't be null.");
}
else
if (enviroment < 0 )
{
// POSTE - TIM - INFOCERT
Conditional.NotBefore = now.AddMinutes(-2).ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'.'fff'Z'");
log.Error("Error on BuildPostSamlRequest: The enviroment parameter is less than zero.");
throw new ArgumentNullException("The enviroment parameter can't be less than zero.");
}
Conditional.NotBeforeSpecified = true;
Conditional.NotOnOrAfter = afterString;
Conditional.NotOnOrAfterSpecified = true;
MyRequest.Conditions = Conditional;
RequestedAuthnContextType RequestedAuthn = new RequestedAuthnContextType
DateTime now = DateTime.UtcNow;
AuthnRequestType MyRequest = new AuthnRequestType
{
Comparison = AuthnContextComparisonType.minimum,
ComparisonSpecified = true,
ItemsElementName = new ItemsChoiceType7[] { ItemsChoiceType7.AuthnContextClassRef },
Items = new string[] { "https://www.spid.gov.it/SpidL" + SecurityLevel.ToString() }
ID = "_" + uuid,
Version = "2.0",
IssueInstant = identityProvider.Now(now),
Destination = destination,
AssertionConsumerServiceIndex = (ushort)enviroment,
AssertionConsumerServiceIndexSpecified = true,
AttributeConsumingServiceIndex = 1,
AttributeConsumingServiceIndexSpecified = true,
ForceAuthn = (securityLevel > 1),
ForceAuthnSpecified = (securityLevel > 1),
Issuer = new NameIDType
{
Value = consumerServiceURL.Trim(),
Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity",
NameQualifier = consumerServiceURL
},
NameIDPolicy = new NameIDPolicyType
{
Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
AllowCreate = true,
AllowCreateSpecified = true
},
Conditions = new ConditionsType
{
NotBefore = identityProvider.NotBefore(now),
NotBeforeSpecified = true,
NotOnOrAfter = identityProvider.After(now.AddMinutes(10)),
NotOnOrAfterSpecified = true
},
RequestedAuthnContext = new RequestedAuthnContextType
{
Comparison = AuthnContextComparisonType.minimum,
ComparisonSpecified = true,
ItemsElementName = new ItemsChoiceType7[] { ItemsChoiceType7.AuthnContextClassRef },
Items = new string[] { "https://www.spid.gov.it/SpidL" + securityLevel.ToString() }
}
};
MyRequest.RequestedAuthnContext = RequestedAuthn;
XmlSerializerNamespaces ns = new XmlSerializerNamespaces();
ns.Add("saml2p", "urn:oasis:names:tc:SAML:2.0:protocol");
//ns.Add("saml2", "urn:oasis:names:tc:SAML:2.0:assertion");
XmlSerializer responseSerializer = new XmlSerializer(MyRequest.GetType());
StringWriter stringWriter = new StringWriter();
XmlWriterSettings settings = new XmlWriterSettings
@@ -407,50 +363,21 @@ private static AssertionType CreateSamlAssertion(string issuer, string recipient
};
XmlWriter responseWriter = XmlTextWriter.Create(stringWriter, settings);
XmlSerializer responseSerializer = new XmlSerializer(MyRequest.GetType());
responseSerializer.Serialize(responseWriter, MyRequest, ns);
responseWriter.Close();
string samlString = string.Empty;
samlString = stringWriter.ToString();
string samlString = stringWriter.ToString();
stringWriter.Close();
XmlDocument doc = new XmlDocument();
doc.LoadXml(samlString);
X509Certificate2 cert = null;
if (System.IO.File.Exists(certFile))
{
cert = new X509Certificate2(certFile, certPassword);
}
else
{
X509Store store = new X509Store(storeName, storeLocation);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection CertCol = store.Certificates;
X509Certificate2Collection coll = store.Certificates.Find(findType, findValue.ToString(), false);
if (coll.Count < 1)
{
throw new ArgumentException("Unable to locate certificate");
}
cert = coll[0];
store.Close();
}
XmlElement signature = SigningHelper.SignDoc(doc, cert, UUID);
XmlElement signature = SigningHelper.SignDoc(doc, certificate, "_" + uuid);
doc.DocumentElement.InsertBefore(signature, doc.DocumentElement.ChildNodes[1]);
string responseStr = doc.OuterXml;
//byte[] base64EncodedBytes =
// Encoding.UTF8.GetBytes(responseStr);
//string returnValue = System.Convert.ToBase64String(
// base64EncodedBytes);
return "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" + responseStr;
return Convert.ToBase64String(Encoding.UTF8.GetBytes("<?xml version=\"1.0\" encoding=\"UTF-8\"?>" + doc.OuterXml));
}
}
}
Oops, something went wrong.
ProTip! Use n and p to navigate between commits in a pull request.