/// <summary>
/// Removes the encryption from a given encrypted assertion
/// </summary>
/// <param name="responseWithEncAssertion">encrypted assertion to encrypt</param>
public void RemoveEncryptedAssertion(Response responseWithEncAssertion)
{
EncryptedData encData = responseWithEncAssertion.EncryptedAssertion.EncryptedData;
LogService.Log(LogService.LogType.Info, "RemoveEncryptedAssertion called");
// maybe there is an reference available - if so, check reference id
if (encData.KeyInfo.RetrievalMethod != null)
{
string id = encData.KeyInfo.RetrievalMethod.URI;
// the # is needed because there is a reference in the id
if (("#" + responseWithEncAssertion.EncryptedAssertion.EncryptedKey.Id) == id)
{
EncryptedKey encKey = responseWithEncAssertion.EncryptedAssertion.EncryptedKey;
string alg = encKey.EncryptionMethod.Algorithm;
string decryptionKey = encKey.CipherData.CipherValue;
string encryptedData = encData.CipherData.CipherValue;
string decryptedAssertion = crypto.Decrypt(decryptionKey, encryptedData, Cryptography.EncryptionAlgorithm.AES256CBC, certificate); // LoadCertificate());
// get only <saml2:Assertion ..> ... </saml2:Assertion> from the decrypted string (remove junk)
string assertion = Regex.Match(decryptedAssertion, "(<saml2:Assertion)(.|\\s)*(<\\/saml2:Assertion>)").Groups[0].Value;
responseWithEncAssertion.Assertion = serializer.ConvertXMLToAssertionObject(assertion);
LogService.Log(LogService.LogType.Info, "RemoveEncryptedAssertion encrypted assertion is decrypted");
}
else
{
throw new SamlCommunicationException("EncryptedData.KeyInfo.RetrievalMethod.URI does not match reference EncryptedKey.Id",
SamlCommunicationType.SAMLCOMMUNICATION);
}
}
else
{
throw new SamlCommunicationException(
"EncryptedAssertion must have a EncryptedData.KeyInfo.RetrievalMethod.URI - your version is not supported at the moment.",
SamlCommunicationType.SAMLCOMMUNICATION);
}
}
