public void Decrypt(XmlDocument document, X509Certificate2 encryptionCert)
        {
            var assertion = document.FindChild(EncryptedAssertion);
            if (assertion == null) return; // Not encrypted, shame on them.

            var data = document.EncryptedChild("EncryptedData");
            var keyElement = assertion.EncryptedChild("EncryptedKey");

            var encryptedData = new EncryptedData();
            encryptedData.LoadXml(data);

            var encryptedKey = new EncryptedKey();
            encryptedKey.LoadXml(keyElement);

            var encryptedXml = new EncryptedXml(document);

            // Get encryption secret key used by decrypting with the encryption certificate's private key
            var secretKey = GetSecretKey(encryptedKey, encryptionCert.PrivateKey);

            // Seed the decryption algorithm with secret key and then decrypt
            var algorithm = GetSymmetricBlockEncryptionAlgorithm(encryptedData.EncryptionMethod.KeyAlgorithm);
            algorithm.Key = secretKey;
            var decryptedBytes = encryptedXml.DecryptData(encryptedData, algorithm);

            // Put decrypted xml elements back into the document in place of the encrypted data
            encryptedXml.ReplaceData(assertion, decryptedBytes);
        }
        public AuthenticationStatement(XmlDocument document)
        {
            var element = document.FindChild(AuthnStatement);
            if (element == null) return;

            Instant = element.ReadAttribute<DateTimeOffset>(AuthnInstant);
            SessionIndex = element.ReadAttribute<string>(SessionIndexAtt);
            SessionNotOnOrAfter = element.ReadAttribute<DateTimeOffset>(SessionNotOnOrAfterAtt);

            var context = element.FindChild(AuthnContext, AssertionXsd);
            DeclarationReference = context.ReadChildText<Uri>(AuthnContextDeclRef);
            ClassReference = context.ReadChildText<Uri>(AuthnContextClassRef);
        }
        public void ApplySignature(SamlResponse response, X509Certificate2 certificate, XmlDocument document)
        {
            var keyInfo = new KeyInfo();
            keyInfo.AddClause(new KeyInfoX509Data(certificate));

            var signedXml = new SignedXml(document)
            {
                SigningKey = certificate.PrivateKey,
                KeyInfo = keyInfo
            };

            var reference = new Reference(AssertionIdPrefix + response.Id);
            reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
            signedXml.AddReference(reference);
            signedXml.ComputeSignature();

            var xml = signedXml.GetXml();

            document.FindChild(AssertionElem).AppendChild(xml);
        }
        public void Encrypt(XmlDocument document, X509Certificate2 certificate)
        {
            var element = document.FindChild(AssertionElem);
            var encryptedXml = new EncryptedXml {Encoding = Encoding.UTF8};
            
            // TODO -- make this pluggable with settings?
            //Create the Symmetric Key for encrypting
            var key = new RijndaelManaged
            {
                KeySize = 128,
                Mode = CipherMode.CBC,
                Padding = PaddingMode.None
            };

            var encryptedData = ToEncryptedData(encryptedXml, element, key);
            var encryptedKey = ToEncryptedKey(certificate, key);

            var wrapper = document.CreateElement(EncryptedAssertion, AssertionXsd);
            wrapper.AppendChild(document.ImportNode(encryptedData.GetXml(), true));
            wrapper.AppendChild(document.ImportNode(encryptedKey.GetXml(), true));

            element.ParentNode.ReplaceChild(wrapper, element);
        }