//[ExpectedException(typeof(Saml20Exception), ExpectedMessage = "Assertion is no longer valid.")] public void CanDecryptFOBSAssertion() { // Arrange var doc = AssertionUtil.LoadBase64EncodedXmlDocument(@"Assertions\fobs-assertion2"); var encryptedList = doc.GetElementsByTagName(EncryptedAssertion.ElementName, Saml20Constants.Assertion); // Do some mock configuration. var config = new Saml2Configuration { AllowedAudienceUris = new System.Collections.Generic.List <Uri>(), IdentityProviders = new IdentityProviders() }; config.AllowedAudienceUris.Add(new Uri("https://saml.safewhere.net")); config.IdentityProviders.AddByMetadataDirectory(Path.Combine(Directory.GetCurrentDirectory(), @"Protocol\MetadataDocs\FOBS")); // Set it manually. var cert = _context.SafewhereTest_SFS; var encryptedAssertion = new Saml20EncryptedAssertion((RSA)cert.PrivateKey); encryptedAssertion.LoadXml((XmlElement)encryptedList[0]); // Act encryptedAssertion.Decrypt(); // Retrieve metadata var assertion = new Saml20Assertion(encryptedAssertion.Assertion.DocumentElement, null, false, TestConfiguration.Configuration); var endp = config.IdentityProviders.FirstOrDefault(x => x.Id == assertion.Issuer); // Assert Assert.True(encryptedList.Count == 1); Assert.NotNull(endp); //, "Endpoint not found"); Assert.NotNull(endp.Metadata); //, "Metadata not found"); Assert.Throws(typeof(InvalidOperationException), () => { assertion.CheckValid(AssertionUtil.GetTrustedSigners(assertion.Issuer)); //Assert.Fail("Verification should fail. Token does not include its signing key."); }); Assert.Null(assertion.SigningKey); //, "Signing key is already present on assertion. Modify test."); //Assert.IsTrue("We have tested this next test" == ""); //Assert.True(assertion.CheckSignature(Saml20SignonHandler.GetTrustedSigners(endp.Metadata.GetKeys(KeyTypes.Signing), endp))); //Assert.IsNotNull(assertion.SigningKey, "Signing key was not set on assertion instance."); }
public void TestSigning03() { // Load an unsigned assertion. var assertion = new Saml20Assertion(AssertionUtil.GetTestAssertion().DocumentElement, null, false, null); // Check that the assertion is not considered valid in any way. try { assertion.CheckValid(AssertionUtil.GetTrustedSigners(assertion.Issuer)); //Assert.Fail("Unsigned assertion was passed off as valid."); } catch { // Added to make resharper happy Assert.True(true); } var cert = _context.Sts_Dev_cetificate; assertion.Sign(cert, null); // Check that the signature is now valid assertion.CheckValid(new[] { cert.PublicKey.Key }); }