/// <summary>
/// Extracts the session key.
/// </summary>
/// <param name="encryptedElement">The encrypted element.</param>
/// <param name="privateKey">The private key.</param>
/// <returns></returns>
/// <exception cref="Exception">Unable to locate assertion decryption key.</exception>
private SymmetricAlgorithm ExtractSessionKey(EncryptedElementType encryptedElement, AsymmetricAlgorithm privateKey)
{
if (encryptedElement.EncryptedData != null)
{
if (encryptedElement.EncryptedData.KeyInfo.Items[0] != null)
{
XmlElement encryptedKeyElement = (XmlElement)encryptedElement.EncryptedData.KeyInfo.Items[0];
var encryptedKey = new EncryptedKey();
encryptedKey.LoadXml(encryptedKeyElement);
return(ToSymmetricKey(encryptedKey, encryptedElement.EncryptedData.EncryptionMethod.Algorithm, privateKey));
}
}
throw new NotImplementedException("Unable to locate assertion decryption key.");
}
/// <summary>
/// Gets the assertion.
/// </summary>
/// <param name="idpSamlResponseToken">The idp saml response token.</param>
/// <param name="options">The options.</param>
/// <returns></returns>
/// <exception cref="Exception">Missing assertion
/// or
/// Unable to parse the decrypted assertion.</exception>
/// <exception cref="System.Exception">Missing assertion
/// or
/// Unable to parse the decrypted assertion.</exception>
public string GetAssertion(ResponseType idpSamlResponseToken, Saml2Options options)
{
string token;
string xmlTemplate;
var assertion = idpSamlResponseToken.Items[0];
if (assertion == null)
{
throw new Exception("Missing assertion");
}
//check if its a decrypted assertion
if (assertion.GetType() == typeof(EncryptedElementType))
{
EncryptedElementType encryptedElement = (EncryptedElementType)assertion;
SymmetricAlgorithm sessionKey;
if (encryptedElement.EncryptedData.EncryptionMethod != null)
{
sessionKey = ExtractSessionKey(encryptedElement, options.ServiceProvider.X509Certificate2.PrivateKey);
var encryptedXml = new EncryptedXml();
XmlSerializer xmlSerializer = new XmlSerializer(typeof(EncryptedDataType));
using (MemoryStream memStm = new MemoryStream())
{
xmlSerializer.Serialize(memStm, encryptedElement.EncryptedData);
memStm.Position = 0;
xmlTemplate = new StreamReader(memStm).ReadToEnd();
}
var doc = new XmlDocument();
doc.PreserveWhitespace = true;
doc.LoadXml(xmlTemplate);
var t = doc.GetElementsByTagName("EncryptedData");
var encryptedData = new EncryptedData();
encryptedData.LoadXml((XmlElement)t[0]);
byte[] plaintext = encryptedXml.DecryptData(encryptedData, sessionKey);
token = Encoding.UTF8.GetString(plaintext);
return(token);
}
}
else
{
XmlSerializer xmlSerializer = new XmlSerializer(typeof(AssertionType));
using (MemoryStream memStm = new MemoryStream())
{
xmlSerializer.Serialize(memStm, assertion);
memStm.Position = 0;
xmlTemplate = new StreamReader(memStm).ReadToEnd();
}
var doc = new XmlDocument();
doc.PreserveWhitespace = false;
doc.LoadXml(xmlTemplate);
string request = doc.OuterXml;
return(request);
}
throw new Exception("Unable to parse the decrypted assertion.");
}
