public void Encrypt_DecryptDocument_AES()
{
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
string xml = "<root> <child>sample</child> </root>";
doc.LoadXml(xml);
var aes = CipherUtilities.GetCipher("AES/CBC/ZEROBYTEPADDING");
var random = new SecureRandom();
var ivdata = new byte[128 / 8];
var keydata = new byte[256 / 8];
random.NextBytes(ivdata);
random.NextBytes(keydata);
var param = new ParametersWithIV(new KeyParameter(keydata), ivdata);
EncryptedXml exml = new EncryptedXml();
exml.AddKeyNameMapping("aes", param);
EncryptedData ed = exml.Encrypt(doc.DocumentElement, "aes");
doc.LoadXml(ed.GetXml().OuterXml);
EncryptedXml exmlDecryptor = new EncryptedXml(doc);
exmlDecryptor.AddKeyNameMapping("aes", param);
exmlDecryptor.DecryptDocument();
Assert.Equal(xml, doc.OuterXml);
}
public void Encrypt()
{
var encryptionAlgorithm = new AesGcm {
KeySize = 128
};
encryptionAlgorithm.GenerateKey();
byte[] encryptedSymmetricKey = RsaOaepSha256.Encrypt(encryptionAlgorithm.Key, PublicKeyInAsn1Format);
var encryptedKey = new EncryptedKey
{
Id = "ek-" + Guid.NewGuid(),
EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSAOAEPUrl),
CipherData = new CipherData
{
CipherValue = encryptedSymmetricKey
}
};
var encryptedDataList = new List <EncryptedData>();
foreach (Attachment attachment in Attachments)
{
attachment.Stream.Position = 0;
Stream encryptedStream = new MemoryStream();
encryptedStream.Write(encryptionAlgorithm.IV, 0, encryptionAlgorithm.IV.Length);
var cryptoStream = new CryptoStream(encryptedStream, encryptionAlgorithm.CreateEncryptor(), CryptoStreamMode.Write);
attachment.Stream.CopyTo(cryptoStream);
cryptoStream.FlushFinalBlock();
attachment.Stream = encryptedStream;
var encryptedData = new EncryptedData
{
Id = "ed-" + Guid.NewGuid(),
Type = "http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Only",
EncryptionMethod = new EncryptionMethod("http://www.w3.org/2009/xmlenc11#aes128-gcm"),
CipherData = new CipherData
{
CipherReference = new CipherReference("cid:" + attachment.ContentId)
}
};
encryptedData.KeyInfo.AddClause(new SecurityTokenReference(encryptedKey.Id));
encryptedData.CipherData.CipherReference.TransformChain.Add(new AttachmentCiphertextTransform());
encryptedDataList.Add(encryptedData);
encryptedKey.ReferenceList.Add(new DataReference(encryptedData.Id));
}
var securityXml = GetSecurity() ?? CreateSecurity();
foreach (var encryptedData in encryptedDataList)
{
Insert(encryptedData.GetXml(), securityXml);
}
Insert(encryptedKey.GetXml(), securityXml);
}
static void Main(string[] args)
{
// Create a new CipherData object.
CipherData cd = new CipherData();
// Assign a byte array to be the CipherValue. This is a byte array representing encrypted data.
cd.CipherValue = new byte[8];
// Create a new EncryptedData object.
EncryptedData ed = new EncryptedData();
//Add an encryption method to the object.
ed.Id = "ED";
ed.EncryptionMethod = new EncryptionMethod("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
ed.CipherData = cd;
//Add key information to the object.
KeyInfo ki = new KeyInfo();
ki.AddClause(new KeyInfoRetrievalMethod("#EK", "http://www.w3.org/2001/04/xmlenc#EncryptedKey"));
ed.KeyInfo = ki;
// Create new XML document and put encrypted data into it.
XmlDocument doc = new XmlDocument();
XmlElement encryptionPropertyElement = (XmlElement)doc.CreateElement("EncryptionProperty", EncryptedXml.XmlEncNamespaceUrl);
EncryptionProperty ep = new EncryptionProperty(encryptionPropertyElement);
ed.AddProperty(ep);
// Output the resulting XML information into a file.
string path = @"c:\test\MyTest.xml";
File.WriteAllText(path, ed.GetXml().OuterXml);
//Console.WriteLine(ed.GetXml().OuterXml);
}
public static XmlElement Encrypt(XmlElement xmlElement, SymmetricSecurityKey symmetricSecurityKey)
{
EncryptedXml encryptedXml = new EncryptedXml();
encryptedXml.AddKeyNameMapping("key", symmetricSecurityKey.GetSymmetricAlgorithm("http://www.w3.org/2001/04/xmlenc#tripledes-cbc"));
EncryptedData encryptedData = encryptedXml.Encrypt(xmlElement, "key");
return(encryptedData.GetXml());
}
/// <summary>
/// Encrypt data with X509 certificate
/// </summary>
/// <param name="node"></param>
/// <returns></returns>
public override System.Xml.XmlNode Encrypt(System.Xml.XmlNode node)
{
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
doc.LoadXml(node.OuterXml);
EncryptedXml eXml = new EncryptedXml();
EncryptedData eData = eXml.Encrypt(doc.DocumentElement, cert);
return(eData.GetXml());
}
static void Main(string[] args)
{
//Create a URI string.
String uri = "http://www.woodgrovebank.com/document.xml";
// Create a Base64 transform. The input content retrieved from the
// URI should be Base64-decoded before other processing.
Transform base64 = new XmlDsigBase64Transform();
//Create a transform chain and add the transform to it.
TransformChain tc = new TransformChain();
tc.Add(base64);
//Create <CipherReference> information.
CipherReference reference = new CipherReference(uri, tc);
// Create a new CipherData object using the CipherReference information.
// Note that you cannot assign both a CipherReference and a CipherValue
// to a CipherData object.
CipherData cd = new CipherData(reference);
// Create a new EncryptedData object.
EncryptedData ed = new EncryptedData();
//Add an encryption method to the object.
ed.Id = "ED";
ed.EncryptionMethod = new EncryptionMethod("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
ed.CipherData = cd;
//Add key information to the object.
KeyInfo ki = new KeyInfo();
ki.AddClause(new KeyInfoRetrievalMethod("#EK", "http://www.w3.org/2001/04/xmlenc#EncryptedKey"));
ed.KeyInfo = ki;
// Create new XML document and put encrypted data into it.
XmlDocument doc = new XmlDocument();
XmlElement encryptionPropertyElement = (XmlElement)doc.CreateElement("EncryptionProperty", EncryptedXml.XmlEncNamespaceUrl);
EncryptionProperty ep = new EncryptionProperty(encryptionPropertyElement);
ed.AddProperty(ep);
// Output the resulting XML information into a file.
try
{
string path = @"c:\test\MyTest.xml";
File.WriteAllText(path, ed.GetXml().OuterXml);
}
catch (IOException e)
{
Console.WriteLine("File IO error. {0}", e);
}
}
public void DecryptData_CipherReference_IdUri()
{
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
string xml = "<root> <child>sample</child> </root>";
doc.LoadXml(xml);
var random = new SecureRandom();
var ivdata = new byte[128 / 8];
var keydata = new byte[256 / 8];
random.NextBytes(ivdata);
random.NextBytes(keydata);
var param = new ParametersWithIV(new KeyParameter(keydata), ivdata);
XmlEncryption exml = new XmlEncryption(doc);
XmlDecryption dexml = new XmlDecryption(doc);
string cipherValue = Convert.ToBase64String(exml.EncryptData(Encoding.UTF8.GetBytes(xml), param));
EncryptedData ed = new EncryptedData();
ed.Type = XmlNameSpace.Url[NS.XmlEncElementUrl];
ed.EncryptionMethod = new EncryptionMethod(NS.XmlEncAES256Url);
ed.CipherData = new CipherData();
ed.CipherData.CipherReference = new CipherReference("#ID_0");
string xslt = "<xsl:stylesheet version=\"1.0\" xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\"><xsl:template match = \"/\"><xsl:value-of select=\".\" /></xsl:template></xsl:stylesheet>";
XmlDsigXsltTransform xsltTransform = new XmlDsigXsltTransform();
XmlDocument xsltDoc = new XmlDocument();
xsltDoc.LoadXml(xslt);
xsltTransform.LoadInnerXml(xsltDoc.ChildNodes);
ed.CipherData.CipherReference.AddTransform(xsltTransform);
ed.CipherData.CipherReference.AddTransform(new XmlDsigBase64Transform());
doc.LoadXml("<root></root>");
XmlNode encryptedDataNode = doc.ImportNode(ed.GetXml(), true);
doc.DocumentElement.AppendChild(encryptedDataNode);
XmlElement cipherDataByReference = doc.CreateElement("CipherData");
cipherDataByReference.SetAttribute("ID", "ID_0");
cipherDataByReference.InnerText = cipherValue;
doc.DocumentElement.AppendChild(cipherDataByReference);
string decryptedXmlString = Encoding.UTF8.GetString(dexml.DecryptData(ed, param));
Assert.Equal(xml, decryptedXmlString);
}
public static XmlElement Encrypt(SmtpAddress externalId, SymmetricSecurityKey symmetricSecurityKey)
{
XmlDocument xmlDocument = new SafeXmlDocument();
XmlElement xmlElement = xmlDocument.CreateElement("SharingKey");
xmlElement.InnerText = externalId.ToString();
EncryptedXml encryptedXml = new EncryptedXml();
encryptedXml.AddKeyNameMapping("key", symmetricSecurityKey.GetSymmetricAlgorithm("http://www.w3.org/2001/04/xmlenc#tripledes-cbc"));
EncryptedData encryptedData = encryptedXml.Encrypt(xmlElement, "key");
return(encryptedData.GetXml());
}
private void Encrypt()
{
_encryptedStream.Position = 0;
var algorithm = _credentials.Enc;
var document = new XmlDocument();
document.Load(_encryptedStream);
var symmetric = Crypto.CreateSymmetricAlgorithm(algorithm);
var xml = new EncryptedXml();
xml.Mode = symmetric.Mode;
var cipherText = xml.EncryptData(document.DocumentElement, symmetric, false);
var keyInfo = new KeyInfo();
var data = new EncryptedData
{
Type = EncryptedXml.XmlEncElementUrl,
EncryptionMethod = new EncryptionMethod(algorithm),
CipherData = new CipherData {
CipherValue = cipherText
}
};
if (_credentials.Key is RsaSecurityKey rsa)
{
keyInfo.AddClause(CreateEncryptedKeyClause(symmetric.Key, rsa.Rsa, document));
}
else if (_credentials.Key is X509SecurityKey x509)
{
keyInfo.AddClause(CreateEncryptedKeyClause(symmetric.Key, x509.Certificate, document));
}
else if (!string.IsNullOrEmpty(_credentials.Key.KeyId))
{
keyInfo.AddClause(new KeyInfoName(_credentials.Key.KeyId));
}
if (keyInfo.Cast <KeyInfoClause>().Any())
{
data.KeyInfo = keyInfo;
}
var element = data.GetXml();
//element = AddDigestMethodToEncryptionMethod(element, "http://www.w3.org/2000/09/xmldsig#sha1");
WriteNode(element.CreateNavigator(), true);
Crypto.ReleaseSymmetricAlgorithm(symmetric);
}
public override XmlNode Encrypt(XmlNode node)
{
XmlDocument doc = new ConfigurationXmlDocument();
doc.Load(new StringReader(node.OuterXml));
EncryptedXml ex = new EncryptedXml(doc);
ex.AddKeyNameMapping("Rsa Key", GetProvider());
EncryptedData d = ex.Encrypt(doc.DocumentElement, "Rsa Key");
return(d.GetXml());
}
public override XmlNode Encrypt(XmlNode node)
{
// Load config section to encrypt into xmlDocument instance
XmlDocument doc = new XmlDocument {
PreserveWhitespace = true
};
doc.LoadXml(node.OuterXml);
// Create Rijndael key.
RijndaelManaged sessionKey = new RijndaelManaged();
sessionKey.KeySize = 256;
EncryptedXml eXml = new EncryptedXml();
XmlElement elementToEncrypt = (XmlElement)node;
byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, sessionKey, false);
EncryptedData edElement = new EncryptedData();
edElement.Type = EncryptedXml.XmlEncElementUrl;
edElement.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
// Encrypt the session key and add it to an EncryptedKey element.
EncryptedKey ek = new EncryptedKey();
byte[] encryptedKey = EncryptedXml.EncryptKey(sessionKey.Key, this.rsaKey, false);
ek.CipherData = new CipherData(encryptedKey);
ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
// Set the KeyInfo element to specify the name of the RSA key.
edElement.KeyInfo = new KeyInfo();
KeyInfoName kin = new KeyInfoName();
kin.Value = this.keyName;
// Add the KeyInfoName element to the
// EncryptedKey object.
ek.KeyInfo.AddClause(kin);
edElement.KeyInfo.AddClause(new KeyInfoEncryptedKey(ek));
// Add the encrypted element data to the
// EncryptedData object.
edElement.CipherData.CipherValue = encryptedElement;
// EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false);
return(edElement.GetXml());
}
public override XmlNode Encrypt(XmlNode node)
{
// Load config section to encrypt into xmlDocument instance
XmlDocument doc = new XmlDocument {
PreserveWhitespace = true
};
doc.LoadXml(node.OuterXml);
// Encrypt it
EncryptedXml eXml = new EncryptedXml();
EncryptedData eData = eXml.Encrypt(doc.DocumentElement, this.cert);
return(eData.GetXml());
}
public void DecryptData_CipherReference_IdUri()
{
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
string xml = "<root> <child>sample</child> </root>";
doc.LoadXml(xml);
using (Aes aes = Aes.Create())
{
EncryptedXml exml = new EncryptedXml(doc);
string cipherValue = Convert.ToBase64String(exml.EncryptData(Encoding.UTF8.GetBytes(xml), aes));
EncryptedData ed = new EncryptedData();
ed.Type = EncryptedXml.XmlEncElementUrl;
ed.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
ed.CipherData = new CipherData();
// Create CipherReference: first extract node value, then convert from base64 using Transforms
ed.CipherData.CipherReference = new CipherReference("#ID_0");
string xslt = "<xsl:stylesheet version=\"1.0\" xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\"><xsl:template match = \"/\"><xsl:value-of select=\".\" /></xsl:template></xsl:stylesheet>";
XmlDsigXsltTransform xsltTransform = new XmlDsigXsltTransform();
XmlDocument xsltDoc = new XmlDocument();
xsltDoc.LoadXml(xslt);
xsltTransform.LoadInnerXml(xsltDoc.ChildNodes);
ed.CipherData.CipherReference.AddTransform(xsltTransform);
ed.CipherData.CipherReference.AddTransform(new XmlDsigBase64Transform());
// Create a document with EncryptedData and node with the actual cipher data (with the ID)
doc.LoadXml("<root></root>");
XmlNode encryptedDataNode = doc.ImportNode(ed.GetXml(), true);
doc.DocumentElement.AppendChild(encryptedDataNode);
XmlElement cipherDataByReference = doc.CreateElement("CipherData");
cipherDataByReference.SetAttribute("ID", "ID_0");
cipherDataByReference.InnerText = cipherValue;
doc.DocumentElement.AppendChild(cipherDataByReference);
if (PlatformDetection.IsXmlDsigXsltTransformSupported)
{
string decryptedXmlString = Encoding.UTF8.GetString(exml.DecryptData(ed, aes));
Assert.Equal(xml, decryptedXmlString);
}
}
}
public void Encrypt_DecryptDocument_AES()
{
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
string xml = "<root> <child>sample</child> </root>";
doc.LoadXml(xml);
using (Aes aes = Aes.Create())
{
EncryptedXml exml = new EncryptedXml();
exml.AddKeyNameMapping("aes", aes);
EncryptedData ed = exml.Encrypt(doc.DocumentElement, "aes");
doc.LoadXml(ed.GetXml().OuterXml);
EncryptedXml exmlDecryptor = new EncryptedXml(doc);
exmlDecryptor.AddKeyNameMapping("aes", aes);
exmlDecryptor.DecryptDocument();
Assert.Equal(xml, doc.OuterXml);
}
}
public void Encrypt_X509()
{
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
string xml = "<root> <child>sample</child> </root>";
doc.LoadXml(xml);
var certificate = TestHelpers.GetSampleX509Certificate();
EncryptedXml exml = new EncryptedXml();
EncryptedData ed = exml.Encrypt(doc.DocumentElement, certificate.Item1);
Assert.NotNull(ed);
doc.LoadXml(ed.GetXml().OuterXml);
XmlNamespaceManager nm = new XmlNamespaceManager(doc.NameTable);
nm.AddNamespace("enc", EncryptedXml.XmlEncNamespaceUrl);
Assert.NotNull(doc.SelectSingleNode("//enc:EncryptedKey", nm));
Assert.DoesNotContain("sample", doc.OuterXml);
}
public virtual XmlElement EncryptAassertion(XmlElement assertionElement)
{
using (var encryptionAlgorithm = new AesCryptoServiceProvider())
{
encryptionAlgorithm.KeySize = 256;
var encryptedData = new EncryptedData
{
Type = EncryptedXml.XmlEncElementUrl,
EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url),
KeyInfo = new KeyInfo()
};
encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(new EncryptedKey
{
EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSAOAEPUrl),
CipherData = new CipherData(EncryptedXml.EncryptKey(encryptionAlgorithm.Key, EncryptionPublicKey, true))
}));
var encryptedXml = new EncryptedXml();
encryptedData.CipherData.CipherValue = encryptedXml.EncryptData(assertionElement, encryptionAlgorithm, false);
return(encryptedData.GetXml());
}
}
static void Main(string[] args)
{
//<SNIPPET3>
//<SNIPPET1>
// Create a new CipherData object using a byte array to represent encrypted data.
Byte[] sampledata = new byte[8];
CipherData cd = new CipherData(sampledata);
//</SNIPPET1>
// Create a new EncryptedData object.
EncryptedData ed = new EncryptedData();
//Add an encryption method to the object.
ed.Id = "ED";
ed.EncryptionMethod = new EncryptionMethod("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
ed.CipherData = cd;
//</SNIPPET3>
//<SNIPPET2>
//Add key information to the object.
KeyInfo ki = new KeyInfo();
ki.AddClause(new KeyInfoRetrievalMethod("#EK", "http://www.w3.org/2001/04/xmlenc#EncryptedKey"));
ed.KeyInfo = ki;
//</SNIPPET2>
// Create new XML document and put encrypted data into it.
XmlDocument doc = new XmlDocument();
XmlElement encryptionPropertyElement = (XmlElement)doc.CreateElement("EncryptionProperty", EncryptedXml.XmlEncNamespaceUrl);
EncryptionProperty ep = new EncryptionProperty(encryptionPropertyElement);
ed.AddProperty(ep);
// Output the resulting XML information into a file. Change the path variable to point to a directory where
// the XML file should be written.
string path = @"c:\test\MyTest.xml";
File.WriteAllText(path, ed.GetXml().OuterXml);
}
/// <summary>
/// Шифрует XML файл по пути
/// </summary>
/// <param name="filename">Путь файла</param>
/// <returns>Путь зашифрованного файла</returns>
public string encryptXml(string filename)
{
if (externalFileSign) // Если выставлен флаг подписи внешними средствами - грузим его.
{
OpenFileDialog ofd = new OpenFileDialog();
ofd.InitialDirectory = Path.GetTempPath();
ofd.Filter = "*.xml|*.xml";
string f = null;
while (f == null)
{
ofd.ShowDialog();
f = ofd.FileName;
}
filename = f;
}
if (!File.Exists(filename))
{
throw new Exception("Шаг 3. Файл не найден!\r\nПуть:" + filename);
}
string filename3 = filename + ".encrypted.xml";
// Открываем файл для шифрования
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.PreserveWhitespace = true;
xmlDoc.Load(filename);
// Шифруем по методу создания ключа обмена
EncryptedXml eXml = new EncryptedXml();
EncryptedData edElement = eXml.Encrypt(xmlDoc.DocumentElement, certFss);
edElement.Type = CPEncryptedXml.XmlEncGost28147Url;
XmlElement xe = edElement.GetXml();
XmlDocument xmlDocEnc = new XmlDocument();
xmlDocEnc.LoadXml(Properties.Resources.Source2);
// "Правильная" замена сертификата на наш, и вставка прочих данных
xmlDocEnc.DocumentElement.GetElementsByTagName("ds:X509Certificate").Item(0).InnerText =
Convert.ToBase64String(certOur.RawData);
xmlDocEnc.DocumentElement.GetElementsByTagName("xenc:CipherValue").Item(0).InnerText =
xe.GetElementsByTagName("CipherValue").Item(0).InnerText;
xmlDocEnc.DocumentElement.GetElementsByTagName("xenc:CipherValue").Item(1).InnerText =
xe.GetElementsByTagName("CipherValue").Item(1).InnerText;
// Сохраняем зашифрованный документ в файле
xmlDocEnc.Save(filename3);
// Отображаем файл если требуется для дебага
if (DEBUG_STEP < 3)
{
foView view = new foView();
view.Text = filename3;
view.xmlFileName = filename3;
view.Show();
}
return(filename3);
}
private static XElement CreateEncryptedAssertion(string destination, string partnerIdpUrl, string userId, string appKey,
string appSecret, X509Certificate2 encryptionCert)
{
// Create the SAML assertion containing the secrets
string assertionId = "_" + Guid.NewGuid();
string assertionIssuingTime = string.Format("{0:s}Z", DateTime.UtcNow);
string assertionExpiryTime = string.Format("{0:s}Z", DateTime.UtcNow.AddMinutes(2));
XElement assertion =
new XElement(SamlNs + "Assertion",
new XAttribute(XNamespace.Xmlns + "saml", SamlNs),
new XAttribute("Version", "2.0"),
new XAttribute("ID", assertionId),
new XAttribute("IssueInstant", assertionIssuingTime),
new XElement(SamlNs + "Issuer",
partnerIdpUrl),
new XElement(SamlNs + "Subject",
new XElement(SamlNs + "NameID",
userId
),
new XElement(SamlNs + "SubjectConfirmation",
new XAttribute("Method", "urn:oasis:names:tc:SAML:2.0:cm:bearer"),
new XElement(SamlNs + "SubjectConfirmationData",
new XAttribute("Recipient", destination)
)
)
),
new XElement(SamlNs + "Conditions",
new XAttribute("NotOnOrAfter", assertionExpiryTime),
new XElement(SamlNs + "AudienceRestriction",
new XElement(SamlNs + "Audience",
destination
)
)
),
new XElement(SamlNs + "AuthnStatement",
new XAttribute("AuthnInstant", assertionIssuingTime),
new XElement(SamlNs + "AuthnContext",
new XElement(SamlNs + "AuthnContextClassRef",
"urn:oasis:names:tc:SAML:2.0:ac:classes:Password"
)
)
),
new XElement(SamlNs + "AttributeStatement",
new XElement(SamlNs + "Attribute",
new XAttribute("Name", "IsCertificateBasedAuthentication"),
new XAttribute("NameFormat", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"),
new XElement(SamlNs + "AttributeValue",
true
)
)
),
new XElement(SamlNs + "AttributeStatement",
new XElement(SamlNs + "Attribute",
new XAttribute("Name", "AppKey"),
new XAttribute("NameFormat", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"),
new XElement(SamlNs + "AttributeValue",
appKey
)
)
),
new XElement(SamlNs + "AttributeStatement",
new XElement(SamlNs + "Attribute",
new XAttribute("Name", "AppSecret"),
new XAttribute("NameFormat", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"),
new XElement(SamlNs + "AttributeValue",
appSecret
)
)
)
);
// Encrypt the assertion
XmlDocument doc = new XmlDocument();
XmlElement assertionXmlEl = doc.ReadNode(assertion.CreateReader()) as XmlElement;
EncryptedXml eXml = new EncryptedXml();
if (assertionXmlEl == null)
{
throw new NullReferenceException("assertionXmlEl was null");
}
// Encrypt the element.
EncryptedData encryptedElement = eXml.Encrypt(assertionXmlEl, encryptionCert);
XElement encryptedAssertionXElement = XElement.Parse(encryptedElement.GetXml().OuterXml);
// .Net adds the encryption certificate in a KeyInfo->EncryptedKey_>KeyInfo, we don't want that, so we just remove it
encryptedAssertionXElement
.Element(XmlDsigNs + "KeyInfo")
.Element(XmlEncNs + "EncryptedKey")
.Element(XmlDsigNs + "KeyInfo")
.Remove();
return(encryptedAssertionXElement);
}
