using System; using System.IO; using System.Net.Security; using System.Security.Cryptography.X509Certificates; using System.Xml; using System.Xml.Serialization; using Kreta.EESZTInterface.STS.Saml20; using Kreta.Resources; namespace Kreta.EESZTInterface.STS { public class SamlRequest { private readonly X509Certificate2 sslCert; private bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; } public SamlRequest(X509Certificate2 sslCerrtificate) { sslCert = sslCerrtificate; } public string GetX509Saml(string interfaceUrl, X509Certificate2 stsCert, X509Certificate2 userCert) { var rst = CreateSoap.CreateX509Soap(stsCert, userCert); rst = DoRequest.GetSoapSamlResponse($"{interfaceUrl}/STS_x509", sslCert, rst); rst = DecryptFromRSTResponse(rst, stsCert, userCert); return XmlToString(GetSamlFromRSTR(rst)); } private string XmlToString(XmlDocument xmlDoc) { if (xmlDoc.FirstChild is XmlDeclaration) { xmlDoc.RemoveChild(xmlDoc.FirstChild); } return xmlDoc.OuterXml; } private XmlDocument GetSamlFromRSTR(XmlDocument rstResponse) { var actionElement = XmlHelper.GetElement("Action", Namespaces.addressingNs, rstResponse.DocumentElement); if (!actionElement.InnerText.ToLower().Equals(STSValues.finalActionValue.ToLower())) throw new Exception(EESZTInterfaceResource.NemMegfeleloActionErtek); var deserializer = new XmlSerializer(typeof(AssertionType)); AssertionType assetion; var body = XmlHelper.GetElement("Body", Namespaces.soap12Ns, rstResponse.DocumentElement); var assertionElement = XmlHelper.GetElement("Assertion", Namespaces.samlNs, body); if (assertionElement == null) throw new Exception(EESZTInterfaceResource.AssertionElementNemTalalhato); var saml = new XmlDocument { PreserveWhitespace = true }; saml.LoadXml(assertionElement.OuterXml); using (TextReader xmlreader = new StringReader(assertionElement.OuterXml)) { try { assetion = (AssertionType)deserializer.Deserialize(xmlreader); } catch (Exception ex) { throw new Exception(EESZTInterfaceResource.AssertionElementNemMegfelelo, ex); } } X509DataType x509dt; X509Certificate2 samlCert = null; foreach (var item in assetion.Signature.KeyInfo.Items) { if (item.GetType().Equals(typeof(X509DataType))) { x509dt = (X509DataType)item; for (int i1 = 0; i1 < x509dt.ItemsElementName.Length; i1++) { if (x509dt.ItemsElementName[i1].Equals(ItemsChoiceType.X509Certificate)) { samlCert = new X509Certificate2((byte[])x509dt.Items[i1]); break; } } } if (samlCert != null) { break; } } if (samlCert == null) throw new Exception(EESZTInterfaceResource.SamlTanusitvanyNemTalalhato); var samlXml = new XmlDocument { PreserveWhitespace = true }; samlXml.LoadXml(assertionElement.OuterXml); var valid = SignHelper.CheckSignature(samlXml, samlCert); if (valid) { return saml; } throw new Exception(EESZTInterfaceResource.SamlAlairasaErvenytelen); } private XmlDocument DecryptFromRSTResponse(XmlDocument rstResponse, X509Certificate2 stsCert, X509Certificate2 userCert) { rstResponse = EncryptHelper.DecryptMessageAll(rstResponse, userCert); if (SignHelper.CheckSignature(rstResponse, stsCert)) { return rstResponse; } throw new Exception(EESZTInterfaceResource.RSTRalairasaErvenytelen); } } }