Skip to content

Commit e66b7f3

Browse files
danielegiallonardoDaniele Giallonardo
danielegiallonardo
and
Daniele Giallonardo
authored
Fix xml signature verification and update to .net 9.0 (#19)
* Fix xml signature verification and update to .net 9.0 * fix pipe * fix version number --------- Co-authored-by: Daniele Giallonardo <[email protected]>
1 parent 920e382 commit e66b7f3

File tree

4 files changed

+44
-97
lines changed

4 files changed

+44
-97
lines changed

.github/workflows/dotnet.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ jobs:
2222
- name: Setup .NET
2323
uses: actions/setup-dotnet@v1
2424
with:
25-
dotnet-version: 7.x
25+
dotnet-version: 9.x
2626
- name: Restore dependencies
2727
run: dotnet restore
2828
working-directory: CIE.AspNetCore.Authentication
@@ -44,7 +44,7 @@ jobs:
4444
- name: Update apt repo
4545
run: sudo apt update
4646
- name: Install dependencies
47-
run: sudo apt install -y libxml2-dev libxmlsec1-dev libxmlsec1-openssl xmlsec1 python3-pip && pip install cryptography==38.0.4
47+
run: sudo apt install -y libxml2-dev libxmlsec1-dev libxmlsec1-openssl xmlsec1 python3-pip
4848
- name: Install spid-sp-test
4949
run: sudo pip install spid-sp-test --upgrade --no-cache
5050
- name: Test Metadata cie-sp-public with spid-sp-test

CIE.AspNetCore.Authentication/CIE.AspNetCore.Authentication/CIE.AspNetCore.Authentication.csproj

Lines changed: 23 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
<Project Sdk="Microsoft.NET.Sdk">
22

33
<PropertyGroup>
4-
<TargetFrameworks>net7.0;net6.0;net5.0</TargetFrameworks>
4+
<TargetFrameworks>net9.0;net8.0;net7.0;net6.0</TargetFrameworks>
55
<LangVersion>latest</LangVersion>
66
<Description>AspNetCore Remote Authenticator for CIE</Description>
77
<Authors>Daniele Giallonardo, Stefano Mostarda</Authors>
@@ -12,42 +12,42 @@
1212
<PackageProjectUrl>https://github.com/italia/cie-aspnetcore</PackageProjectUrl>
1313
<PackageIcon>cie-nuget.png</PackageIcon>
1414
<PackageLicenseExpression>MIT</PackageLicenseExpression>
15-
<PackageVersion>2.0.4</PackageVersion>
16-
<Version>2.0.4</Version>
17-
<AssemblyVersion>2.0.4</AssemblyVersion>
18-
<FileVersion>2.0.4</FileVersion>
19-
<InformationalVersion>2.0.4</InformationalVersion>
15+
<PackageVersion>2.1.0</PackageVersion>
16+
<Version>2.1.0</Version>
17+
<AssemblyVersion>2.1.0</AssemblyVersion>
18+
<FileVersion>2.1.0</FileVersion>
19+
<InformationalVersion>2.1.0</InformationalVersion>
2020
<PackageRequireLicenseAcceptance>true</PackageRequireLicenseAcceptance>
2121
<PackageReadmeFile>README.md</PackageReadmeFile>
2222
<RepositoryUrl>https://github.com/italia/cie-aspnetcore</RepositoryUrl>
2323
</PropertyGroup>
2424

25-
<ItemGroup>
26-
<PackageReference Include="Microsoft.AspNetCore.Authentication" Version="2.2.0" />
27-
<PackageReference Include="Microsoft.AspNetCore.Mvc.ViewFeatures" Version="2.2.0" />
28-
<PackageReference Include="Microsoft.AspNetCore.Razor" Version="2.2.0" />
29-
<PackageReference Include="Microsoft.AspNetCore.Razor.Language" Version="6.0.21" />
25+
<ItemGroup>
26+
<FrameworkReference Include="Microsoft.AspNetCore.App" />
27+
</ItemGroup>
28+
29+
<ItemGroup Condition=" '$(TargetFramework)' == 'net9.0' ">
30+
<PackageReference Include="Microsoft.Extensions.Http" Version="9.0.1" />
31+
<PackageReference Include="System.Security.Cryptography.Xml" Version="9.0.1" />
32+
<PackageReference Include="Microsoft.Extensions.Identity.Core" Version="9.0.1" />
3033
</ItemGroup>
3134

32-
<ItemGroup Condition=" '$(TargetFramework)' == 'net7.0' or '$(TargetFramework)' == 'net6.0'">
33-
<PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="7.0.4" />
34-
<PackageReference Include="Microsoft.Extensions.Http" Version="7.0.0" />
35-
<PackageReference Include="System.Security.Cryptography.Xml" Version="7.0.1" />
35+
<ItemGroup Condition=" '$(TargetFramework)' == 'net8.0' ">
36+
<PackageReference Include="Microsoft.Extensions.Http" Version="8.0.1" />
37+
<PackageReference Include="Microsoft.Extensions.Identity.Core" Version="8.0.12" />
38+
<PackageReference Include="System.Security.Cryptography.Xml" Version="8.0.2" />
3639
</ItemGroup>
3740

3841
<ItemGroup Condition=" '$(TargetFramework)' == 'net7.0' ">
39-
<PackageReference Include="Microsoft.Extensions.Identity.Core" Version="7.0.10" />
42+
<PackageReference Include="Microsoft.Extensions.Http" Version="8.0.1" />
43+
<PackageReference Include="Microsoft.Extensions.Identity.Core" Version="7.0.12" />
44+
<PackageReference Include="System.Security.Cryptography.Xml" Version="8.0.2" />
4045
</ItemGroup>
4146

4247
<ItemGroup Condition=" '$(TargetFramework)' == 'net6.0' ">
48+
<PackageReference Include="Microsoft.Extensions.Http" Version="8.0.1" />
4349
<PackageReference Include="Microsoft.Extensions.Identity.Core" Version="6.0.21" />
44-
</ItemGroup>
45-
46-
<ItemGroup Condition=" '$(TargetFramework)' == 'net5.0' ">
47-
<PackageReference Include="Microsoft.Extensions.Identity.Core" Version="5.0.17" />
48-
<PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="5.0.0" />
49-
<PackageReference Include="Microsoft.Extensions.Http" Version="5.0.0" />
50-
<PackageReference Include="System.Security.Cryptography.Xml" Version="5.0.0" />
50+
<PackageReference Include="System.Security.Cryptography.Xml" Version="8.0.2" />
5151
</ItemGroup>
5252

5353
<ItemGroup>

CIE.AspNetCore.Authentication/CIE.AspNetCore.Authentication/Helpers/XmlHelpers.cs

Lines changed: 17 additions & 70 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,10 @@
11
using CIE.AspNetCore.Authentication.Resources;
22
using System;
3-
using System.Collections.Concurrent;
43
using System.Linq;
54
using System.Security.Cryptography;
65
using System.Security.Cryptography.X509Certificates;
76
using System.Security.Cryptography.Xml;
87
using System.Xml;
9-
using System.Xml.Serialization;
108

119
namespace CIE.AspNetCore.Authentication.Helpers
1210
{
@@ -36,7 +34,7 @@ internal static XmlElement SignXMLDoc(XmlDocument doc,
3634

3735
try
3836
{
39-
privateKey = certificate.PrivateKey;
37+
privateKey = certificate.GetRSAPrivateKey();
4038
}
4139
catch (Exception ex)
4240
{
@@ -80,11 +78,9 @@ internal static bool VerifySignature(XmlDocument signedDocument, Saml.IdP.Entity
8078

8179
try
8280
{
83-
SignedXml signedXml = new SignedXml(signedDocument);
84-
8581
if (xmlMetadata is not null)
8682
{
87-
bool validated = false;
83+
var validated = false;
8884
var idpSSODescriptor = xmlMetadata.Items.FirstOrDefault(i => i is Saml.IdP.IDPSSODescriptorType) as Saml.IdP.IDPSSODescriptorType;
8985
if (idpSSODescriptor is not null)
9086
{
@@ -96,14 +92,7 @@ internal static bool VerifySignature(XmlDocument signedDocument, Saml.IdP.Entity
9692
var x509Cert = keyData.Items.FirstOrDefault(i => i is byte[]) as byte[];
9793
if (x509Cert is not null)
9894
{
99-
var publicMetadataCert = new X509Certificate2(x509Cert);
100-
XmlNodeList nodeList = (signedDocument.GetElementsByTagName("ds:Signature")?.Count > 1) ?
101-
signedDocument.GetElementsByTagName("ds:Signature") :
102-
(signedDocument.GetElementsByTagName("ns2:Signature")?.Count > 1) ?
103-
signedDocument.GetElementsByTagName("ns2:Signature") :
104-
signedDocument.GetElementsByTagName("Signature");
105-
signedXml.LoadXml((XmlElement)nodeList[0]);
106-
validated |= signedXml.CheckSignature(publicMetadataCert, true);
95+
validated |= VerifyAllSignatures(signedDocument, new X509Certificate2(x509Cert));
10796
}
10897
}
10998
}
@@ -112,11 +101,7 @@ internal static bool VerifySignature(XmlDocument signedDocument, Saml.IdP.Entity
112101
}
113102
else
114103
{
115-
XmlNodeList nodeList = (signedDocument.GetElementsByTagName("ds:Signature")?.Count > 0) ?
116-
signedDocument.GetElementsByTagName("ds:Signature") :
117-
signedDocument.GetElementsByTagName("Signature");
118-
signedXml.LoadXml((XmlElement)nodeList[0]);
119-
return signedXml.CheckSignature();
104+
return VerifyAllSignatures(signedDocument);
120105
}
121106
}
122107
catch (Exception)
@@ -125,64 +110,26 @@ internal static bool VerifySignature(XmlDocument signedDocument, Saml.IdP.Entity
125110
}
126111
}
127112

128-
private static readonly ConcurrentDictionary<Type, XmlSerializer> serializers = new ConcurrentDictionary<Type, XmlSerializer>();
129-
/// <summary>
130-
/// Serializes to XML document.
131-
/// </summary>
132-
/// <param name="o">The o.</param>
133-
/// <returns></returns>
134-
public static XmlDocument SerializeToXmlDoc(this object o)
113+
private static bool VerifyAllSignatures(XmlDocument signedDocument, X509Certificate2? publicMetadataCert = null)
135114
{
136-
XmlDocument doc = new XmlDocument() { PreserveWhitespace = true };
115+
bool internalResult = true;
116+
117+
XmlNodeList signatureNodes = signedDocument.GetElementsByTagName("Signature", SignedXml.XmlDsigNamespaceUrl);
137118

138-
using XmlWriter writer = doc.CreateNavigator().AppendChild();
139-
if (!serializers.ContainsKey(o.GetType()))
119+
if (signatureNodes.Count == 0)
140120
{
141-
var serializer = new XmlSerializer(o.GetType());
142-
serializers.AddOrUpdate(o.GetType(), serializer, (key, value) => serializer);
121+
return false;
143122
}
144-
serializers[o.GetType()].Serialize(writer, o);
145-
146-
return doc;
147-
}
148-
149-
public static XmlElement SerializeInternalExtensionToXmlElement(object o, string namespacePrefix, string xmlNamespace)
150-
{
151-
XmlDocument doc = SerializeExtensionToXmlElementInternal(o, namespacePrefix, xmlNamespace);
152-
153-
return doc.DocumentElement.FirstChild as XmlElement;
154-
}
155123

156-
public static XmlElement SerializeExtensionToXmlElement(object o, string namespacePrefix, string xmlNamespace)
157-
{
158-
XmlDocument doc = SerializeExtensionToXmlElementInternal(o, namespacePrefix, xmlNamespace);
159-
160-
return doc.DocumentElement;
161-
}
162-
163-
private static XmlDocument SerializeExtensionToXmlElementInternal(object o, string namespacePrefix, string xmlNamespace)
164-
{
165-
XmlDocument doc = new XmlDocument();
166-
167-
using (XmlWriter writer = doc.CreateNavigator().AppendChild())
124+
foreach (var signatureNode in signatureNodes)
168125
{
169-
var ns = new XmlSerializerNamespaces();
170-
ns.Add(namespacePrefix, xmlNamespace);
171-
new XmlSerializer(o.GetType()).Serialize(writer, o, ns);
126+
SignedXml signedXml = new(signedDocument);
127+
signedXml.LoadXml((XmlElement)signatureNode);
128+
internalResult &= publicMetadataCert is null
129+
? signedXml.CheckSignature()
130+
: signedXml.CheckSignature(publicMetadataCert, true);
172131
}
173-
174-
return doc;
175-
}
176-
177-
public static XmlElement GetXmlElement(string prefix, string prefixNamespace, string tag, string value = null)
178-
{
179-
XmlDocument doc = new XmlDocument();
180-
181-
XmlElement elem = doc.CreateElement(prefix, tag, prefixNamespace);
182-
if(!string.IsNullOrEmpty(value))
183-
elem.InnerText = value;
184-
185-
return elem;
132+
return internalResult;
186133
}
187134
}
188135
}

CIE.AspNetCore.Authentication/CIE.AspNetCore.WebApp/CIE.AspNetCore.WebApp.csproj

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,13 @@
11
<Project Sdk="Microsoft.NET.Sdk.Web">
22

33
<PropertyGroup>
4-
<TargetFramework>net7.0</TargetFramework>
4+
<TargetFramework>net9.0</TargetFramework>
55
<CopyRefAssembliesToPublishDirectory>false</CopyRefAssembliesToPublishDirectory>
66
<UserSecretsId>b637b4cd-be76-4dc7-851e-b721746073a1</UserSecretsId>
77
</PropertyGroup>
88

99
<ItemGroup>
10-
<PackageReference Include="Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation" Version="7.0.10" />
10+
<PackageReference Include="Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation" Version="9.0.1" />
1111
</ItemGroup>
1212

1313
<ItemGroup>

0 commit comments

Comments
 (0)