Ejemplo n.º 1
0
            //[ExpectedException(typeof(Saml20Exception), ExpectedMessage = "Assertion is no longer valid.")]
            public void CanDecryptFOBSAssertion()
            {
                // Arrange
                var doc           = AssertionUtil.LoadBase64EncodedXmlDocument(@"Assertions\fobs-assertion2");
                var encryptedList = doc.GetElementsByTagName(EncryptedAssertion.ElementName, Saml20Constants.Assertion);

                // Do some mock configuration.
                var config = new Saml2Configuration
                {
                    AllowedAudienceUris = new System.Collections.Generic.List <Uri>(),
                    IdentityProviders   = new IdentityProviders()
                };

                config.AllowedAudienceUris.Add(new Uri("https://saml.safewhere.net"));
                config.IdentityProviders.AddByMetadataDirectory(Path.Combine(Directory.GetCurrentDirectory(), @"Protocol\MetadataDocs\FOBS")); // Set it manually.

                var cert = _context.SafewhereTest_SFS;
                var encryptedAssertion = new Saml20EncryptedAssertion((RSA)cert.PrivateKey);

                encryptedAssertion.LoadXml((XmlElement)encryptedList[0]);

                // Act
                encryptedAssertion.Decrypt();

                // Retrieve metadata
                var assertion = new Saml20Assertion(encryptedAssertion.Assertion.DocumentElement, null, false, TestConfiguration.Configuration);
                var endp      = config.IdentityProviders.FirstOrDefault(x => x.Id == assertion.Issuer);

                // Assert
                Assert.True(encryptedList.Count == 1);
                Assert.NotNull(endp);          //, "Endpoint not found");
                Assert.NotNull(endp.Metadata); //, "Metadata not found");

                Assert.Throws(typeof(InvalidOperationException), () =>
                {
                    assertion.CheckValid(AssertionUtil.GetTrustedSigners(assertion.Issuer));
                    //Assert.Fail("Verification should fail. Token does not include its signing key.");
                });

                Assert.Null(assertion.SigningKey); //, "Signing key is already present on assertion. Modify test.");
                //Assert.IsTrue("We have tested this next test" == "");
                //Assert.True(assertion.CheckSignature(Saml20SignonHandler.GetTrustedSigners(endp.Metadata.GetKeys(KeyTypes.Signing), endp)));
                //Assert.IsNotNull(assertion.SigningKey, "Signing key was not set on assertion instance.");
            }
Ejemplo n.º 2
0
        public void TestSigning03()
        {
            // Load an unsigned assertion.
            var assertion = new Saml20Assertion(AssertionUtil.GetTestAssertion().DocumentElement, null, false, null);

            // Check that the assertion is not considered valid in any way.
            try
            {
                assertion.CheckValid(AssertionUtil.GetTrustedSigners(assertion.Issuer));
                //Assert.Fail("Unsigned assertion was passed off as valid.");
            }
            catch
            {
                // Added to make resharper happy
                Assert.True(true);
            }

            var cert = _context.Sts_Dev_cetificate;

            assertion.Sign(cert, null);

            // Check that the signature is now valid
            assertion.CheckValid(new[] { cert.PublicKey.Key });
        }