public void TestAssertionEncryption()
{
Saml20EncryptedAssertion encryptedAssertion = new Saml20EncryptedAssertion();
encryptedAssertion.Assertion = AssertionUtil.GetTestAssertion_01();
X509Certificate2 cert = new X509Certificate2(@"Saml20\Certificates\sts_dev_certificate.pfx", "test1234");
encryptedAssertion.TransportKey = (RSA)cert.PublicKey.Key;
encryptedAssertion.Encrypt();
XmlDocument encryptedAssertionXML = encryptedAssertion.GetXml();
Assert.IsNotNull(encryptedAssertionXML);
// A number of simple tests until we get some better way to verify the generated encrypted assertion.
XmlNodeList list;
list = encryptedAssertionXML.GetElementsByTagName(EncryptedAssertion.ELEMENT_NAME, Saml20Constants.ASSERTION);
Assert.AreEqual(1, list.Count);
list = encryptedAssertionXML.GetElementsByTagName(dk.nita.saml20.Schema.XEnc.EncryptedKey.ELEMENT_NAME, Saml20Constants.XENC);
Assert.AreEqual(1, list.Count);
}
public void TestAlgorithmConfiguration_02()
{
Saml20EncryptedAssertion encryptedAssertion = new Saml20EncryptedAssertion();
encryptedAssertion.SessionKeyAlgorithm = EncryptedXml.XmlEncAES128Url;
encryptedAssertion.Assertion = AssertionUtil.GetTestAssertion_01();
X509Certificate2 cert = new X509Certificate2(@"Saml20\Certificates\sts_dev_certificate.pfx", "test1234");
encryptedAssertion.TransportKey = (RSA)cert.PublicKey.Key;
encryptedAssertion.Encrypt();
XmlDocument encryptedAssertionXML = encryptedAssertion.GetXml();
Assert.IsNotNull(encryptedAssertionXML);
// Verify that the EncryptionMethod element is set correctly.
XmlNodeList list =
encryptedAssertionXML.GetElementsByTagName(dk.nita.saml20.Schema.XEnc.EncryptedData.ELEMENT_NAME,
Saml20Constants.XENC);
Assert.AreEqual(1, list.Count);
XmlElement el = (XmlElement)list[0];
// Go through the children and look for the EncryptionMethod element, and verify its algorithm attribute.
bool encryptionMethodFound = false;
foreach (XmlNode node in el.ChildNodes)
{
if (node.LocalName == dk.nita.saml20.Schema.XEnc.EncryptionMethod.ELEMENT_NAME &&
node.NamespaceURI == Saml20Constants.XENC)
{
el = (XmlElement)node;
Assert.AreEqual(EncryptedXml.XmlEncAES128Url, el.GetAttribute("Algorithm"));
encryptionMethodFound = true;
}
}
Assert.That(encryptionMethodFound, "Unable to find EncryptionMethod element in EncryptedData.");
// Now decrypt the assertion, and verify that it recognizes the Algorithm used.
Saml20EncryptedAssertion decrypter = new Saml20EncryptedAssertion((RSA)cert.PrivateKey);
Assert.IsNull(decrypter.Assertion);
decrypter.LoadXml(encryptedAssertionXML.DocumentElement);
// Set a wrong algorithm and make sure that the class gets it algorithm info from the assertion itself.
decrypter.SessionKeyAlgorithm = EncryptedXml.XmlEncTripleDESUrl;
decrypter.Decrypt();
// Verify that the class has discovered the correct algorithm and set the SessionKeyAlgorithm property accordingly.
Assert.AreEqual(EncryptedXml.XmlEncAES128Url, decrypter.SessionKeyAlgorithm);
Assert.IsNotNull(decrypter.Assertion);
}
public void CanEncryptAssertionFull()
{
// Arrange
var encryptedAssertion = new Saml20EncryptedAssertion
{
SessionKeyAlgorithm = EncryptedXml.XmlEncAES128Url,
Assertion = AssertionUtil.GetTestAssertion()
};
var cert = new X509Certificate2(TestContext.CurrentContext.TestDirectory + @"\Certificates\sts_dev_certificate.pfx", "test1234");
encryptedAssertion.TransportKey = (RSA)cert.PublicKey.Key;
// Act
encryptedAssertion.Encrypt();
var encryptedAssertionXml = encryptedAssertion.GetXml();
// Now decrypt the assertion, and verify that it recognizes the Algorithm used.
var decrypter = new Saml20EncryptedAssertion((RSA)cert.PrivateKey);
decrypter.LoadXml(encryptedAssertionXml.DocumentElement);
// Set a wrong algorithm and make sure that the class gets it algorithm info from the assertion itself.
decrypter.SessionKeyAlgorithm = EncryptedXml.XmlEncTripleDESUrl;
decrypter.Decrypt();
// Assert
// Go through the children and look for the EncryptionMethod element, and verify its algorithm attribute.
var encryptionMethodFound = false;
foreach (XmlNode node in encryptedAssertionXml.GetElementsByTagName(Schema.XEnc.EncryptedData.ElementName, Saml20Constants.Xenc)[0].ChildNodes)
{
if (node.LocalName == Schema.XEnc.EncryptionMethod.ElementName && node.NamespaceURI == Saml20Constants.Xenc)
{
var element = (XmlElement)node;
Assert.AreEqual(EncryptedXml.XmlEncAES128Url, element.GetAttribute("Algorithm"));
encryptionMethodFound = true;
}
}
Assert.That(encryptionMethodFound, "Unable to find EncryptionMethod element in EncryptedData.");
// Verify that the class has discovered the correct algorithm and set the SessionKeyAlgorithm property accordingly.
Assert.AreEqual(EncryptedXml.XmlEncAES128Url, decrypter.SessionKeyAlgorithm);
Assert.IsNotNull(decrypter.Assertion);
}
public void CanEncryptAssertion()
{
// Arrange
var encryptedAssertion = new Saml20EncryptedAssertion {
Assertion = AssertionUtil.GetTestAssertion()
};
encryptedAssertion.TransportKey = (RSA)_context.Sts_Dev_cetificate.PublicKey.Key;
// Act
encryptedAssertion.Encrypt();
var encryptedAssertionXml = encryptedAssertion.GetXml();
// Assert
Assert.NotNull(encryptedAssertionXml);
Assert.Equal(1, encryptedAssertionXml.GetElementsByTagName(EncryptedAssertion.ElementName, Saml20Constants.Assertion).Count);
Assert.Equal(1, encryptedAssertionXml.GetElementsByTagName(Schema.XEnc.EncryptedKey.ElementName, Saml20Constants.Xenc).Count);
}
public void CanEncryptAssertion()
{
// Arrange
var encryptedAssertion = new Saml20EncryptedAssertion {
Assertion = AssertionUtil.GetTestAssertion()
};
var cert = new X509Certificate2(TestContext.CurrentContext.TestDirectory + @"\Certificates\sts_dev_certificate.pfx", "test1234");
encryptedAssertion.TransportKey = (RSA)cert.PublicKey.Key;
// Act
encryptedAssertion.Encrypt();
var encryptedAssertionXml = encryptedAssertion.GetXml();
// Assert
Assert.IsNotNull(encryptedAssertionXml);
Assert.AreEqual(1, encryptedAssertionXml.GetElementsByTagName(EncryptedAssertion.ElementName, Saml20Constants.Assertion).Count);
Assert.AreEqual(1, encryptedAssertionXml.GetElementsByTagName(Schema.XEnc.EncryptedKey.ElementName, Saml20Constants.Xenc).Count);
}
public void CanEncryptAssertionFull()
{
// Arrange
var encryptedAssertion = new Saml20EncryptedAssertion
{
SessionKeyAlgorithm = EncryptedXml.XmlEncAES128Url,
Assertion = AssertionUtil.GetTestAssertion()
};
var cert = new X509Certificate2(@"Certificates\sts_dev_certificate.pfx", "test1234");
encryptedAssertion.TransportKey = (RSA)cert.PublicKey.Key;
// Act
encryptedAssertion.Encrypt();
var encryptedAssertionXml = encryptedAssertion.GetXml();
// Now decrypt the assertion, and verify that it recognizes the Algorithm used.
var decrypter = new Saml20EncryptedAssertion((RSA)cert.PrivateKey);
decrypter.LoadXml(encryptedAssertionXml.DocumentElement);
// Set a wrong algorithm and make sure that the class gets it algorithm info from the assertion itself.
decrypter.SessionKeyAlgorithm = EncryptedXml.XmlEncTripleDESUrl;
decrypter.Decrypt();
// Assert
// Go through the children and look for the EncryptionMethod element, and verify its algorithm attribute.
var encryptionMethodFound = false;
foreach (XmlNode node in encryptedAssertionXml.GetElementsByTagName(Schema.XEnc.EncryptedData.ElementName, Saml20Constants.Xenc)[0].ChildNodes)
{
if (node.LocalName == Schema.XEnc.EncryptionMethod.ElementName && node.NamespaceURI == Saml20Constants.Xenc)
{
var element = (XmlElement)node;
Assert.AreEqual(EncryptedXml.XmlEncAES128Url, element.GetAttribute("Algorithm"));
encryptionMethodFound = true;
}
}
Assert.That(encryptionMethodFound, "Unable to find EncryptionMethod element in EncryptedData.");
// Verify that the class has discovered the correct algorithm and set the SessionKeyAlgorithm property accordingly.
Assert.AreEqual(EncryptedXml.XmlEncAES128Url, decrypter.SessionKeyAlgorithm);
Assert.IsNotNull(decrypter.Assertion);
}
public void CanEncryptAssertion()
{
// Arrange
var encryptedAssertion = new Saml20EncryptedAssertion { Assertion = AssertionUtil.GetTestAssertion() };
var cert = new X509Certificate2(@"Certificates\sts_dev_certificate.pfx", "test1234");
encryptedAssertion.TransportKey = (RSA)cert.PublicKey.Key;
// Act
encryptedAssertion.Encrypt();
var encryptedAssertionXml = encryptedAssertion.GetXml();
// Assert
Assert.IsNotNull(encryptedAssertionXml);
Assert.AreEqual(1, encryptedAssertionXml.GetElementsByTagName(EncryptedAssertion.ElementName, Saml20Constants.Assertion).Count);
Assert.AreEqual(1, encryptedAssertionXml.GetElementsByTagName(Schema.XEnc.EncryptedKey.ElementName, Saml20Constants.Xenc).Count);
}
