Versions Compared

Old Version 94

changes.mady.by.user Henrik Eidnes Nielsen

Saved on

compared with

New Version 95

changes.mady.by.user Henrik Eidnes Nielsen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Vaults bruges til at holde certifikater, eller læse dem ind fra enhedens trust store.

'ThumbprintCertStoreCredentialVault' læser certifikater fra enhedens trust store.

'InMemoryCredentialVault' er et simpelt dataobjekt, der indeholder et certifikat.

De Begge er forholdsvis simple klasser med én metode, 'GetSystemCredentials', som returner et enkelt certifikat.

...

På sigt kan dette blive simplificeret, så man direkte kan give et X509Certificate2, i stedet for at man skal forbi det 'ICredentialVault interface', som er det interface vaults arver fra.


Findes under namespace 'dk.nsi.seal.Vault'.

...

Først logges der ind i gateway'en. Der bruges en WCF service reference, SosiGWFacadeClient, der er lavet ud fra en den WSDL fil som SOSI GW udstiller:

Code Block
languagec#
public static async Task LoginToGateway(IdCard idCard, X509Certificate2 userCert)
{
    var sosiGwAssertion = idCard.GetAssertion<AssertionType>();
    var security = new GW.Security
    {
        Timestamp = new GW.Timestamp { Created = DateTimeEx.UtcNowRound - TimeSpan.FromMinutes(5) },
        Assertion = sosiGwAssertion
    };
    const string endpointAddress = "http://test1.ekstern-test.nspop.dk:8080/sosigw/service/sosigw";
    using var gwClient = new SosiGWFacadeClient(SosiGWSoapBinding, endpointAddress);
    var dig = (await gwClient.requestIdCardDigestForSigningAsync(security, "whatever")).requestIdCardDigestForSigningResponse;
    var digestHash = SHA1.HashData(dig.DigestValue);
    var signature = userCert.GetRSAPrivateKey().SignHash(digestHash, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);
    var cardRequestBody = new signIdCardRequestBody
    {
        SignatureValue = signature,
        KeyInfo = new GW.KeyInfo
        {
            Item = new GW.X509Data { Item = userCert.Export(X509ContentType.Cert) }
        }
    };
    // The STS signed card is saved in the sosiGw cache and is used for future calls through the proxy
    var res = (await gwClient.signIdCardAsync(security, cardRequestBody)).signIdCardResponse;
    if (res != signIdCardResponse.ok) { throw new Exception("Gateway logon error"); }
    // Convert the GW Assertion to a dgwsType Assertion
    var sosiGwAssertionDocument = SerializerUtil.Serialize(sosiGwAssertion).Root;
    SerializerUtil.Deserialize<Assertion>(sosiGwAssertionDocument, typeof(AssertionType).Name);
}

...