public void RoundTripSaml2(EnvelopedSignatureTheoryData theoryData)
{
var context = TestUtilities.WriteHeader($"{this}.RoundTripSaml2", theoryData);
try
{
var serializer = new Saml2Serializer();
var samlAssertion = serializer.ReadAssertion(XmlUtilities.CreateDictionaryReader(theoryData.Xml));
var stream = new MemoryStream();
var writer = XmlDictionaryWriter.CreateTextWriter(stream);
samlAssertion.SigningCredentials = theoryData.SigningCredentials;
serializer.WriteAssertion(writer, samlAssertion);
writer.Flush();
var xml = Encoding.UTF8.GetString(stream.ToArray());
samlAssertion.SigningCredentials = null;
var samlAssertion2 = serializer.ReadAssertion(XmlUtilities.CreateDictionaryReader(xml));
samlAssertion2.Signature.Verify(theoryData.SigningCredentials.Key, theoryData.CryptoProviderFactory);
IdentityComparer.AreEqual(samlAssertion, samlAssertion2, context);
}
catch (Exception ex)
{
theoryData.ExpectedException.ProcessException(ex, context);
}
TestUtilities.AssertFailIfErrors(context);
}
private void WriteRequestedSecurityToken(XmlWriter writer, Saml2SecurityToken token)
{
writer.WriteStartElement("t", "RequestedSecurityToken", WsTrust200502Namespace);
Saml2Serializer serializer = new Saml2Serializer();
serializer.WriteAssertion(writer, token.Assertion);
writer.WriteEndElement();
}
public void Serialize(XmlWriter writer, SamlResponseMessage response)
{
if (writer == null)
{
throw new ArgumentNullException(nameof(writer));
}
if (response == null)
{
throw new ArgumentNullException(nameof(response));
}
writer.WriteStartElement("samlp", response.ResponseType, SamlProtocolNamespace);
writer.WriteAttributeString("IssueInstant", XmlConvert.ToString(DateTime.Now, XmlDateTimeSerializationMode.Utc));
writer.WriteAttributeString("ID", "_" + response.Id);
writer.WriteAttributeString("Version", "2.0");
writer.WriteAttributeString("Destination", response.ReplyTo.ToString());
if (!string.IsNullOrWhiteSpace(response.InResponseTo))
{
writer.WriteAttributeString("InResponseTo", response.InResponseTo);
}
writer.WriteStartElement("Issuer", Saml2Namespace);
writer.WriteString(response.Issuer);
writer.WriteEndElement();
writer.WriteStartElement("samlp", "Status", SamlProtocolNamespace);
writer.WriteStartElement("samlp", "StatusCode", SamlProtocolNamespace);
writer.WriteAttributeString("Value", "urn:oasis:names:tc:SAML:2.0:status:Success");
writer.WriteEndElement();
writer.WriteEndElement();
if (response.Token != null)
{
Saml2Serializer serializer = new Saml2Serializer();
serializer.WriteAssertion(writer, response.Token.Assertion);
}
writer.WriteEndElement();
}
public void RoundTripSamlPSignatureAfterAssertion()
{
var context = new CompareContext($"{this}.RoundTripSamlPSignatureAfterAssertion");
ExpectedException expectedException = ExpectedException.NoExceptionExpected;
var samlpTokenKey = KeyingMaterial.RsaSigningCreds_4096_Public.Key;
var samlpTokenSigningCredentials = KeyingMaterial.RsaSigningCreds_4096;
var samlpKey = KeyingMaterial.RsaSigningCreds_2048_Public.Key;
var samlpSigningCredentials = KeyingMaterial.RsaSigningCreds_2048;
try
{
// write samlp
var settings = new XmlWriterSettings
{
Encoding = new UTF8Encoding(false)
};
var buffer = new MemoryStream();
var esw = new EnvelopedSignatureWriter(XmlWriter.Create(buffer, settings), samlpSigningCredentials, "id-uAOhNLe7abGB6WGPk");
esw.WriteStartElement("ns0", "Response", "urn:oasis:names:tc:SAML:2.0:protocol");
esw.WriteAttributeString("ns1", "urn:oasis:names:tc:SAML:2.0:assertion");
esw.WriteAttributeString("ns2", "http://www.w3.org/2000/09/xmldsig#");
esw.WriteAttributeString("Destination", "https://tnia.eidentita.cz/fpsts/processRequest.aspx");
esw.WriteAttributeString("ID", "id-uAOhNLe7abGB6WGPk");
esw.WriteAttributeString("InResponseTo", "ida5714d006fcc430c92aacf34ab30b166");
esw.WriteAttributeString("IssueInstant", "2019-04-08T10:30:49Z");
esw.WriteAttributeString("Version", "2.0");
esw.WriteStartElement("ns1", "Issuer");
esw.WriteAttributeString("Format", "urn:oasis:names:tc:SAML:2.0:nameid-format:entity");
esw.WriteString("https://mojeid.regtest.nic.cz/saml/idp.xml");
esw.WriteEndElement();
esw.WriteStartElement("ns0", "Status", null);
esw.WriteStartElement("ns0", "StatusCode", null);
esw.WriteAttributeString("Value", "urn:oasis:names:tc:SAML:2.0:status:Success");
esw.WriteEndElement();
esw.WriteEndElement();
Saml2Serializer samlSerializer = new Saml2Serializer();
Saml2Assertion assertion = CreateAssertion(samlpTokenSigningCredentials);
samlSerializer.WriteAssertion(esw, assertion);
esw.WriteSignature();
esw.WriteEndElement();
var xml = Encoding.UTF8.GetString(buffer.ToArray());
// read samlp and verify signatures
XmlReader reader = XmlUtilities.CreateDictionaryReader(xml);
IXmlElementReader tokenReaders = new TokenReaders(new List <SecurityTokenHandler> {
new Saml2SecurityTokenHandler()
});
EnvelopedSignatureReader envelopedReader = new EnvelopedSignatureReader(reader, tokenReaders);
while (envelopedReader.Read())
{
;
}
foreach (var item in tokenReaders.Items)
{
if (item is Saml2SecurityToken samlToken)
{
samlToken.Assertion.Signature.Verify(samlpTokenKey);
}
}
envelopedReader.Signature.Verify(samlpKey, samlpKey.CryptoProviderFactory);
expectedException.ProcessNoException(context);
}
catch (Exception ex)
{
expectedException.ProcessException(ex, context);
}
TestUtilities.AssertFailIfErrors(context);
}
