/// <summary> /// Extracts the session key. /// </summary> /// <param name="encryptedElement">The encrypted element.</param> /// <param name="privateKey">The private key.</param> /// <returns></returns> /// <exception cref="Exception">Unable to locate assertion decryption key.</exception> private SymmetricAlgorithm ExtractSessionKey(EncryptedElementType encryptedElement, AsymmetricAlgorithm privateKey) { if (encryptedElement.EncryptedData != null) { if (encryptedElement.EncryptedData.KeyInfo.Items[0] != null) { XmlElement encryptedKeyElement = (XmlElement)encryptedElement.EncryptedData.KeyInfo.Items[0]; var encryptedKey = new EncryptedKey(); encryptedKey.LoadXml(encryptedKeyElement); return(ToSymmetricKey(encryptedKey, encryptedElement.EncryptedData.EncryptionMethod.Algorithm, privateKey)); } } throw new NotImplementedException("Unable to locate assertion decryption key."); }
/// <summary> /// Gets the assertion. /// </summary> /// <param name="idpSamlResponseToken">The idp saml response token.</param> /// <param name="options">The options.</param> /// <returns></returns> /// <exception cref="Exception">Missing assertion /// or /// Unable to parse the decrypted assertion.</exception> /// <exception cref="System.Exception">Missing assertion /// or /// Unable to parse the decrypted assertion.</exception> public string GetAssertion(ResponseType idpSamlResponseToken, Saml2Options options) { string token; string xmlTemplate; var assertion = idpSamlResponseToken.Items[0]; if (assertion == null) { throw new Exception("Missing assertion"); } //check if its a decrypted assertion if (assertion.GetType() == typeof(EncryptedElementType)) { EncryptedElementType encryptedElement = (EncryptedElementType)assertion; SymmetricAlgorithm sessionKey; if (encryptedElement.EncryptedData.EncryptionMethod != null) { sessionKey = ExtractSessionKey(encryptedElement, options.ServiceProvider.X509Certificate2.PrivateKey); var encryptedXml = new EncryptedXml(); XmlSerializer xmlSerializer = new XmlSerializer(typeof(EncryptedDataType)); using (MemoryStream memStm = new MemoryStream()) { xmlSerializer.Serialize(memStm, encryptedElement.EncryptedData); memStm.Position = 0; xmlTemplate = new StreamReader(memStm).ReadToEnd(); } var doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.LoadXml(xmlTemplate); var t = doc.GetElementsByTagName("EncryptedData"); var encryptedData = new EncryptedData(); encryptedData.LoadXml((XmlElement)t[0]); byte[] plaintext = encryptedXml.DecryptData(encryptedData, sessionKey); token = Encoding.UTF8.GetString(plaintext); return(token); } } else { XmlSerializer xmlSerializer = new XmlSerializer(typeof(AssertionType)); using (MemoryStream memStm = new MemoryStream()) { xmlSerializer.Serialize(memStm, assertion); memStm.Position = 0; xmlTemplate = new StreamReader(memStm).ReadToEnd(); } var doc = new XmlDocument(); doc.PreserveWhitespace = false; doc.LoadXml(xmlTemplate); string request = doc.OuterXml; return(request); } throw new Exception("Unable to parse the decrypted assertion."); }