Skip to content

Commit c905153

Browse files
fixed #504
1 parent a725269 commit c905153

1 file changed

Lines changed: 13 additions & 6 deletions

File tree

  • root/programs/CS/Frameworks/Infrastructure/Framework/Authentication

root/programs/CS/Frameworks/Infrastructure/Framework/Authentication/SAML2Client.cs

Lines changed: 13 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -53,18 +53,22 @@ public class SAML2Client
5353
/// <param name="assertionConsumerService">string</param>
5454
/// <param name="relayState">string</param>
5555
/// <param name="id">out string</param>
56+
/// <param name="hashAlgorithmName">HashAlgorithmName</param>
5657
/// <returns>queryString</returns>
5758
public static string CreateRedirectRequest(
5859
SAML2Enum.RequestOrResponse createRoR,
5960
SAML2Enum.ProtocolBinding protocolBinding,
6061
SAML2Enum.NameIDFormat nameIDFormat,
61-
string iss, string assertionConsumerService, string relayState, out string id)
62-
{
62+
string iss, string assertionConsumerService, string relayState, out string id,
63+
HashAlgorithmName? hashAlgorithmName = null) // 既定値の変更 SHA1 → SHA256
64+
{
6365
// DigitalSignX509
64-
DigitalSignX509 dsX509 = new DigitalSignX509(CmnClientParams.RsaPfxFilePath, CmnClientParams.RsaPfxPassword, HashAlgorithmName.SHA1);
66+
HashAlgorithmName han = hashAlgorithmName ?? HashAlgorithmName.SHA256;
67+
DigitalSignX509 dsX509 = new DigitalSignX509(
68+
CmnClientParams.RsaPfxFilePath, CmnClientParams.RsaPfxPassword, han);
6569

6670
// SamlRequestの生成
67-
71+
6872
string samlRequest = SAML2Bindings.CreateRequest(
6973
iss, protocolBinding, nameIDFormat,
7074
assertionConsumerService, out id).OuterXml;
@@ -119,6 +123,7 @@ public static string CreatePostRequest(
119123
/// <param name="nameIDFormat">SAML2Enum.NameIDFormat</param>
120124
/// <param name="authnContextClassRef">SAML2Enum.AuthnContextClassRef</param>
121125
/// <param name="samlResponse2">XmlDocument</param>
126+
/// <param name="hashAlgorithmName">HashAlgorithmName</param>
122127
/// <returns>bool</returns>
123128
public static bool VerifyResponse(
124129
string queryString, string samlResponse,
@@ -127,7 +132,8 @@ public static bool VerifyResponse(
127132
out SAML2Enum.StatusCode? statusCode,
128133
out SAML2Enum.NameIDFormat? nameIDFormat,
129134
out SAML2Enum.AuthnContextClassRef? authnContextClassRef,
130-
out XmlDocument samlResponse2)
135+
out XmlDocument samlResponse2,
136+
HashAlgorithmName? hashAlgorithmName = null) // 既定値の変更 SHA1 → SHA256
131137
{
132138
bool verified = false;
133139

@@ -177,7 +183,8 @@ public static bool VerifyResponse(
177183

178184
#region 検証
179185
// Metadata利用を検討
180-
DigitalSignX509 dsX509 = new DigitalSignX509(CmnClientParams.RsaCerFilePath, "", HashAlgorithmName.SHA1);
186+
HashAlgorithmName han = hashAlgorithmName ?? HashAlgorithmName.SHA256;
187+
DigitalSignX509 dsX509 = new DigitalSignX509(CmnClientParams.RsaCerFilePath, "", han);
181188

182189
if (!string.IsNullOrEmpty(queryString))
183190
{

0 commit comments

Comments
 (0)