public void TestSigning03()
        {
            // Load an unsigned assertion.
            var assertion = new Saml20Assertion(AssertionUtil.GetTestAssertion().DocumentElement, null, false, null);

            // Check that the assertion is not considered valid in any way.
            try
            {
                assertion.CheckValid(AssertionUtil.GetTrustedSigners(assertion.Issuer));
                Assert.Fail("Unsigned assertion was passed off as valid.");
            }
            catch
            {
                // Added to make resharper happy
                Assert.That(true);
            }

            var cert = new X509Certificate2(@"Certificates\sts_dev_certificate.pfx", "test1234");

            Assert.That(cert.HasPrivateKey, "Certificate no longer contains a private key. Modify test.");
            assertion.Sign(cert, null);

            // Check that the signature is now valid
            assertion.CheckValid(new[] { cert.PublicKey.Key });
        }
Exemple #2
0
        public void DecryptPingAssertion()
        {
            // Load the assertion
            var doc = new XmlDocument();

            doc.Load(File.OpenRead(@"c:\tmp\pingassertion.txt"));

            var xe = GetElement(EncryptedAssertion.ElementName, Saml20Constants.Assertion, doc);

            var doc2 = new XmlDocument();

            doc2.AppendChild(doc2.ImportNode(xe, true));

            var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);

            store.Open(OpenFlags.ReadOnly);
            X509Certificate2Collection coll = store.Certificates.Find(X509FindType.FindBySubjectDistinguishedName,
                                                                      "CN=SafewhereTest_SFS, O=Safewhere, C=DK",
                                                                      true);

            Assert.That(coll.Count == 1);

            var cert = coll[0];

            var encass = new Saml20EncryptedAssertion((RSA)cert.PrivateKey, doc2);

            encass.Decrypt();

            var writer = new XmlTextWriter(Console.Out)
            {
                Formatting  = Formatting.Indented,
                Indentation = 3,
                IndentChar  = ' '
            };

            encass.Assertion.WriteTo(writer);
            writer.Flush();

            var assertion = new Saml20Assertion(encass.Assertion.DocumentElement, AssertionUtil.GetTrustedSigners(encass.Assertion.Attributes["Issuer"].Value), false, TestConfiguration.Configuration);

            Assert.That(encass.Assertion != null);

            Console.WriteLine();
            foreach (SamlAttribute attribute in assertion.Attributes)
            {
                Console.WriteLine(attribute.Name + " : " + attribute.AttributeValue[0]);
            }
        }
Exemple #3
0
            //[ExpectedException(typeof(Saml20Exception), ExpectedMessage = "Assertion is no longer valid.")]
            public void CanDecryptFOBSAssertion()
            {
                // Arrange
                var doc           = AssertionUtil.LoadBase64EncodedXmlDocument(@"Assertions\fobs-assertion2");
                var encryptedList = doc.GetElementsByTagName(EncryptedAssertion.ElementName, Saml20Constants.Assertion);

                // Do some mock configuration.
                var config = new Saml2Configuration
                {
                    AllowedAudienceUris = new System.Collections.Generic.List <Uri>(),
                    IdentityProviders   = new IdentityProviders()
                };

                config.AllowedAudienceUris.Add(new Uri("https://saml.safewhere.net"));
                config.IdentityProviders.AddByMetadataDirectory(@"Protocol\MetadataDocs\FOBS"); // Set it manually.

                var cert = new X509Certificate2(@"Certificates\SafewhereTest_SFS.pfx", "test1234");
                var encryptedAssertion = new Saml20EncryptedAssertion((RSA)cert.PrivateKey);

                encryptedAssertion.LoadXml((XmlElement)encryptedList[0]);

                // Act
                encryptedAssertion.Decrypt();

                // Retrieve metadata
                var assertion = new Saml20Assertion(encryptedAssertion.Assertion.DocumentElement, null, false, TestConfiguration.Configuration);
                var endp      = config.IdentityProviders.FirstOrDefault(x => x.Id == assertion.Issuer);

                // Assert
                Assert.That(encryptedList.Count == 1);
                Assert.IsNotNull(endp, "Endpoint not found");
                Assert.IsNotNull(endp.Metadata, "Metadata not found");

                try {
                    assertion.CheckValid(AssertionUtil.GetTrustedSigners(assertion.Issuer));
                    Assert.Fail("Verification should fail. Token does not include its signing key.");
                }
                catch (InvalidOperationException) {
                }

                Assert.IsNull(assertion.SigningKey, "Signing key is already present on assertion. Modify test.");
                //Assert.IsTrue("We have tested this next test" == "");
                //Assert.That(assertion.CheckSignature(Saml20SignonHandler.GetTrustedSigners(endp.Metadata.GetKeys(KeyTypes.Signing), endp)));
                //Assert.IsNotNull(assertion.SigningKey, "Signing key was not set on assertion instance.");
            }