129 lines
4.4 KiB
C#
129 lines
4.4 KiB
C#
using System;
|
|
using System.IO;
|
|
using System.Net.Security;
|
|
using System.Security.Cryptography.X509Certificates;
|
|
using System.Xml;
|
|
using System.Xml.Serialization;
|
|
using Kreta.EESZTInterface.STS.Saml20;
|
|
using Kreta.Resources;
|
|
|
|
namespace Kreta.EESZTInterface.STS
|
|
{
|
|
public class SamlRequest
|
|
{
|
|
private readonly X509Certificate2 sslCert;
|
|
|
|
private bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
|
|
{
|
|
return true;
|
|
}
|
|
|
|
public SamlRequest(X509Certificate2 sslCerrtificate)
|
|
{
|
|
sslCert = sslCerrtificate;
|
|
}
|
|
|
|
public string GetX509Saml(string interfaceUrl, X509Certificate2 stsCert, X509Certificate2 userCert)
|
|
{
|
|
var rst = CreateSoap.CreateX509Soap(stsCert, userCert);
|
|
rst = DoRequest.GetSoapSamlResponse($"{interfaceUrl}/STS_x509", sslCert, rst);
|
|
rst = DecryptFromRSTResponse(rst, stsCert, userCert);
|
|
|
|
return XmlToString(GetSamlFromRSTR(rst));
|
|
}
|
|
|
|
private string XmlToString(XmlDocument xmlDoc)
|
|
{
|
|
if (xmlDoc.FirstChild is XmlDeclaration)
|
|
{
|
|
xmlDoc.RemoveChild(xmlDoc.FirstChild);
|
|
}
|
|
|
|
return xmlDoc.OuterXml;
|
|
}
|
|
|
|
private XmlDocument GetSamlFromRSTR(XmlDocument rstResponse)
|
|
{
|
|
var actionElement = XmlHelper.GetElement("Action", Namespaces.addressingNs, rstResponse.DocumentElement);
|
|
if (!actionElement.InnerText.ToLower().Equals(STSValues.finalActionValue.ToLower()))
|
|
throw new Exception(EESZTInterfaceResource.NemMegfeleloActionErtek);
|
|
|
|
var deserializer = new XmlSerializer(typeof(AssertionType));
|
|
AssertionType assetion;
|
|
var body = XmlHelper.GetElement("Body", Namespaces.soap12Ns, rstResponse.DocumentElement);
|
|
var assertionElement = XmlHelper.GetElement("Assertion", Namespaces.samlNs, body);
|
|
if (assertionElement == null)
|
|
throw new Exception(EESZTInterfaceResource.AssertionElementNemTalalhato);
|
|
var saml = new XmlDocument
|
|
{
|
|
PreserveWhitespace = true
|
|
};
|
|
saml.LoadXml(assertionElement.OuterXml);
|
|
|
|
using (TextReader xmlreader = new StringReader(assertionElement.OuterXml))
|
|
{
|
|
try
|
|
{
|
|
assetion = (AssertionType)deserializer.Deserialize(xmlreader);
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
throw new Exception(EESZTInterfaceResource.AssertionElementNemMegfelelo, ex);
|
|
}
|
|
}
|
|
|
|
X509DataType x509dt;
|
|
X509Certificate2 samlCert = null;
|
|
|
|
foreach (var item in assetion.Signature.KeyInfo.Items)
|
|
{
|
|
if (item.GetType().Equals(typeof(X509DataType)))
|
|
{
|
|
x509dt = (X509DataType)item;
|
|
for (int i1 = 0; i1 < x509dt.ItemsElementName.Length; i1++)
|
|
{
|
|
if (x509dt.ItemsElementName[i1].Equals(ItemsChoiceType.X509Certificate))
|
|
{
|
|
samlCert = new X509Certificate2((byte[])x509dt.Items[i1]);
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
if (samlCert != null)
|
|
{
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (samlCert == null)
|
|
throw new Exception(EESZTInterfaceResource.SamlTanusitvanyNemTalalhato);
|
|
var samlXml = new XmlDocument
|
|
{
|
|
PreserveWhitespace = true
|
|
};
|
|
samlXml.LoadXml(assertionElement.OuterXml);
|
|
var valid = SignHelper.CheckSignature(samlXml, samlCert);
|
|
|
|
if (valid)
|
|
{
|
|
return saml;
|
|
}
|
|
|
|
throw new Exception(EESZTInterfaceResource.SamlAlairasaErvenytelen);
|
|
|
|
}
|
|
private XmlDocument DecryptFromRSTResponse(XmlDocument rstResponse, X509Certificate2 stsCert, X509Certificate2 userCert)
|
|
{
|
|
rstResponse = EncryptHelper.DecryptMessageAll(rstResponse, userCert);
|
|
|
|
if (SignHelper.CheckSignature(rstResponse, stsCert))
|
|
{
|
|
return rstResponse;
|
|
}
|
|
|
|
throw new Exception(EESZTInterfaceResource.RSTRalairasaErvenytelen);
|
|
}
|
|
|
|
}
|
|
}
|