public void TestCertificateExtraction_01()
{
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
doc.Load(@"Saml20\Protocol\MetadataDocs\metadata-ADLER.xml");
Saml20MetadataDocument metadata = new Saml20MetadataDocument(doc);
List<KeyDescriptor> keys = metadata.Keys;
Assert.That(keys[0].use == KeyTypes.signing);
Assert.That(keys[1].use == KeyTypes.encryption);
Assert.That(metadata.GetKeys(KeyTypes.signing).Count == 1);
Assert.That(metadata.GetKeys(KeyTypes.encryption).Count == 1);
// The two certs in the metadata document happen to be identical, and are also
// used for signing the entire document.
// Extract the certificate and verify the document.
KeyInfo keyinfo = (KeyInfo) keys[0].KeyInfo;
Assert.That(XmlSignatureUtils.CheckSignature(doc, keyinfo));
Assert.AreEqual("ADLER_SAML20_ID", metadata.EntityId);
}
/// <summary>
/// Checks the signature of a message received using the redirect binding using the keys found in the
/// metadata of the federation partner that sent the request.
/// </summary>
protected static bool CheckRedirectSignature(HttpRedirectBindingParser parser, Saml20MetadataDocument metadata)
{
List<KeyDescriptor> keys = metadata.GetKeys(KeyTypes.signing);
// Go through the list of signing keys (usually only one) and use it to verify the REDIRECT request.
foreach (KeyDescriptor key in keys)
{
KeyInfo keyinfo = (KeyInfo)key.KeyInfo;
foreach (KeyInfoClause keyInfoClause in keyinfo)
{
AsymmetricAlgorithm signatureKey = XmlSignatureUtils.ExtractKey(keyInfoClause);
if (signatureKey != null && parser.CheckSignature(signatureKey))
return true;
}
}
return false;
}