[Ignore] // TODO: test data needs fixing
public void TestSigning_03()
{
// Load an unsigned assertion.
Saml20Assertion assertion = new Saml20Assertion(AssertionUtil.GetTestAssertion_01().DocumentElement, null, false);
// Check that the assertion is not considered valid in any way.
try
{
assertion.CheckValid(AssertionUtil.GetTrustedSigners(assertion.Issuer));
Assert.Fail("Unsigned assertion was passed off as valid.");
}
catch
{
//Added to make resharper happy
Assert.That(true);
}
X509Certificate2 cert = new X509Certificate2(@"Saml20\Certificates\sts_dev_certificate.pfx", "test1234");
Assert.That(cert.HasPrivateKey, "Certificate no longer contains a private key. Modify test.");
assertion.Sign(cert);
// Check that the signature is now valid
assertion.CheckValid(new AsymmetricAlgorithm[] { cert.PublicKey.Key });
WriteToFile(@"\signedassertion.xml", assertion.GetXml());
}
/// <summary>
/// Decrypts an assertion we received from "fælles-offentlige brugerstyring".
/// </summary>
private static void DecryptFOBSAssertion(string file)
{
string assertionBase64 = File.ReadAllText(file);
byte[] assertionBytes = Convert.FromBase64String(assertionBase64);
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
doc.Load(new MemoryStream(assertionBytes));
XmlNodeList encryptedList =
doc.GetElementsByTagName(EncryptedAssertion.ELEMENT_NAME, Saml20Constants.ASSERTION);
Assert.That(encryptedList.Count == 1);
// Do some mock configuration.
FederationConfig config = FederationConfig.GetConfig();
config.AllowedAudienceUris.Audiences.Add("https://saml.safewhere.net");
SAML20FederationConfig descr = SAML20FederationConfig.GetConfig();
descr.Endpoints.MetadataLocation = @"Saml20\Protocol\MetadataDocs\FOBS"; // Set it manually.
Assert.That(Directory.Exists(descr.Endpoints.MetadataLocation));
X509Certificate2 cert = new X509Certificate2(@"Saml20\Certificates\SafewhereTest_SFS.pfx", "test1234");
Saml20EncryptedAssertion encass =
new Saml20EncryptedAssertion((RSA)cert.PrivateKey);
encass.LoadXml((XmlElement)encryptedList[0]);
encass.Decrypt();
// Retrieve metadata
Saml20Assertion assertion = new Saml20Assertion(encass.Assertion.DocumentElement, null, false);
IDPEndPoint endp = descr.FindEndPoint(assertion.Issuer);
Assert.IsNotNull(endp, "Endpoint not found");
Assert.IsNotNull(endp.metadata, "Metadata not found");
try
{
assertion.CheckValid(AssertionUtil.GetTrustedSigners(assertion.Issuer));
Assert.Fail("Verification should fail. Token does not include its signing key.");
} catch (InvalidOperationException)
{}
Assert.IsNull(assertion.SigningKey, "Signing key is already present on assertion. Modify test.");
IEnumerable <string> validationFailures;
Assert.That(assertion.CheckSignature(Saml20SignonHandler.GetTrustedSigners(endp.metadata.GetKeys(KeyTypes.signing), endp, out validationFailures)));
Assert.IsNotNull(assertion.SigningKey, "Signing key was not set on assertion instance.");
}
public void DecryptPingAssertion()
{
// Load the assertion
XmlDocument doc = new XmlDocument();
doc.Load(File.OpenRead(@"c:\tmp\pingassertion.txt"));
XmlElement xe = GetElement(EncryptedAssertion.ELEMENT_NAME, Saml20Constants.ASSERTION, doc);
XmlDocument doc2 = new XmlDocument();
doc2.AppendChild(doc2.ImportNode(xe, true));
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection coll = store.Certificates.Find(X509FindType.FindBySubjectDistinguishedName,
"CN=SafewhereTest_SFS, O=Safewhere, C=DK", true);
Assert.That(coll.Count == 1);
X509Certificate2 cert = coll[0];
Saml20EncryptedAssertion encass = new Saml20EncryptedAssertion((RSA)cert.PrivateKey, doc2);
encass.Decrypt();
XmlTextWriter writer = new XmlTextWriter(Console.Out);
writer.Formatting = Formatting.Indented;
writer.Indentation = 3;
writer.IndentChar = ' ';
encass.Assertion.WriteTo(writer);
writer.Flush();
Saml20Assertion assertion = new Saml20Assertion(encass.Assertion.DocumentElement, AssertionUtil.GetTrustedSigners(encass.Assertion.Attributes["Issuer"].Value), false);
Assert.That(encass.Assertion != null);
Console.WriteLine();
foreach (SamlAttribute attribute in assertion.Attributes)
{
Console.WriteLine(attribute.Name + " : " + attribute.AttributeValue[0]);
}
}
/// <summary>
/// Loads an assertion and tries to deserialize it using the <code>Assertion</code> class.
/// </summary>
public static Saml20Assertion DeserializeToken(string assertionFile)
{
FileStream fs = File.OpenRead(assertionFile);
XmlDocument document = new XmlDocument();
document.PreserveWhitespace = true;
document.Load(fs);
fs.Close();
XmlNodeList nodes = document.DocumentElement.GetElementsByTagName("Issuer", Saml20Constants.ASSERTION);
Saml20Assertion assertion = new Saml20Assertion(document.DocumentElement, AssertionUtil.GetTrustedSigners(nodes[0].Value), false);
return(assertion);
}
