public void TestAssertionEncryption() { Saml20EncryptedAssertion encryptedAssertion = new Saml20EncryptedAssertion(); encryptedAssertion.Assertion = AssertionUtil.GetTestAssertion_01(); X509Certificate2 cert = new X509Certificate2(@"Saml20\Certificates\sts_dev_certificate.pfx", "test1234"); encryptedAssertion.TransportKey = (RSA)cert.PublicKey.Key; encryptedAssertion.Encrypt(); XmlDocument encryptedAssertionXML = encryptedAssertion.GetXml(); Assert.IsNotNull(encryptedAssertionXML); // A number of simple tests until we get some better way to verify the generated encrypted assertion. XmlNodeList list; list = encryptedAssertionXML.GetElementsByTagName(EncryptedAssertion.ELEMENT_NAME, Saml20Constants.ASSERTION); Assert.AreEqual(1, list.Count); list = encryptedAssertionXML.GetElementsByTagName(dk.nita.saml20.Schema.XEnc.EncryptedKey.ELEMENT_NAME, Saml20Constants.XENC); Assert.AreEqual(1, list.Count); }
public void TestSigning_04() { // Any key-containing algorithm will do - the basic assertion is NOT signed anyway X509Certificate2 cert = new X509Certificate2(@"Saml20\Certificates\sts_dev_certificate.pfx", "test1234"); new Saml20Assertion(AssertionUtil.GetTestAssertion_01().DocumentElement, new AsymmetricAlgorithm[] { cert.PublicKey.Key }, false); }
[Ignore] // TODO: test data needs fixing public void TestSigning_03() { // Load an unsigned assertion. Saml20Assertion assertion = new Saml20Assertion(AssertionUtil.GetTestAssertion_01().DocumentElement, null, false); // Check that the assertion is not considered valid in any way. try { assertion.CheckValid(AssertionUtil.GetTrustedSigners(assertion.Issuer)); Assert.Fail("Unsigned assertion was passed off as valid."); } catch { //Added to make resharper happy Assert.That(true); } X509Certificate2 cert = new X509Certificate2(@"Saml20\Certificates\sts_dev_certificate.pfx", "test1234"); Assert.That(cert.HasPrivateKey, "Certificate no longer contains a private key. Modify test."); assertion.Sign(cert); // Check that the signature is now valid assertion.CheckValid(new AsymmetricAlgorithm[] { cert.PublicKey.Key }); WriteToFile(@"\signedassertion.xml", assertion.GetXml()); }
public void TestSigning_01() { XmlDocument token = AssertionUtil.GetTestAssertion_01(); SignDocument(token); bool verified = VerifySignature(token); Assert.That(verified); WriteToFile(@"signedassertion.xml", token.DocumentElement); }
public void GenerateEncryptedAssertion_01() { XmlDocument assertion = AssertionUtil.GetTestAssertion_01(); // Create an EncryptedData instance to hold the results of the encryption.o EncryptedData encryptedData = new EncryptedData(); encryptedData.Type = EncryptedXml.XmlEncElementUrl; encryptedData.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url); // Create a symmetric key. RijndaelManaged aes = new RijndaelManaged(); aes.KeySize = 256; aes.GenerateKey(); // Encrypt the assertion and add it to the encryptedData instance. EncryptedXml encryptedXml = new EncryptedXml(); byte[] encryptedElement = encryptedXml.EncryptData(assertion.DocumentElement, aes, false); encryptedData.CipherData.CipherValue = encryptedElement; // Add an encrypted version of the key used. encryptedData.KeyInfo = new KeyInfo(); EncryptedKey encryptedKey = new EncryptedKey(); // Use this certificate to encrypt the key. X509Certificate2 cert = new X509Certificate2(@"Saml20\Certificates\sts_dev_certificate.pfx", "test1234"); RSA publicKeyRSA = cert.PublicKey.Key as RSA; Assert.IsNotNull(publicKeyRSA, "Public key of certificate was not an RSA key. Modify test."); encryptedKey.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url); encryptedKey.CipherData = new CipherData(EncryptedXml.EncryptKey(aes.Key, publicKeyRSA, false)); encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey)); // Create the resulting Xml-document to hook into. EncryptedAssertion encryptedAssertion = new EncryptedAssertion(); encryptedAssertion.encryptedData = new saml20.Schema.XEnc.EncryptedData(); encryptedAssertion.encryptedKey = new saml20.Schema.XEnc.EncryptedKey[1]; encryptedAssertion.encryptedKey[0] = new saml20.Schema.XEnc.EncryptedKey(); XmlDocument result; result = Serialization.Serialize(encryptedAssertion); XmlElement encryptedDataElement = GetElement(dk.nita.saml20.Schema.XEnc.EncryptedData.ELEMENT_NAME, Saml20Constants.XENC, result); EncryptedXml.ReplaceElement(encryptedDataElement, encryptedData, false); }
public void TestAlgorithmConfiguration_02() { Saml20EncryptedAssertion encryptedAssertion = new Saml20EncryptedAssertion(); encryptedAssertion.SessionKeyAlgorithm = EncryptedXml.XmlEncAES128Url; encryptedAssertion.Assertion = AssertionUtil.GetTestAssertion_01(); X509Certificate2 cert = new X509Certificate2(@"Saml20\Certificates\sts_dev_certificate.pfx", "test1234"); encryptedAssertion.TransportKey = (RSA)cert.PublicKey.Key; encryptedAssertion.Encrypt(); XmlDocument encryptedAssertionXML = encryptedAssertion.GetXml(); Assert.IsNotNull(encryptedAssertionXML); // Verify that the EncryptionMethod element is set correctly. XmlNodeList list = encryptedAssertionXML.GetElementsByTagName(dk.nita.saml20.Schema.XEnc.EncryptedData.ELEMENT_NAME, Saml20Constants.XENC); Assert.AreEqual(1, list.Count); XmlElement el = (XmlElement)list[0]; // Go through the children and look for the EncryptionMethod element, and verify its algorithm attribute. bool encryptionMethodFound = false; foreach (XmlNode node in el.ChildNodes) { if (node.LocalName == dk.nita.saml20.Schema.XEnc.EncryptionMethod.ELEMENT_NAME && node.NamespaceURI == Saml20Constants.XENC) { el = (XmlElement)node; Assert.AreEqual(EncryptedXml.XmlEncAES128Url, el.GetAttribute("Algorithm")); encryptionMethodFound = true; } } Assert.That(encryptionMethodFound, "Unable to find EncryptionMethod element in EncryptedData."); // Now decrypt the assertion, and verify that it recognizes the Algorithm used. Saml20EncryptedAssertion decrypter = new Saml20EncryptedAssertion((RSA)cert.PrivateKey); Assert.IsNull(decrypter.Assertion); decrypter.LoadXml(encryptedAssertionXML.DocumentElement); // Set a wrong algorithm and make sure that the class gets it algorithm info from the assertion itself. decrypter.SessionKeyAlgorithm = EncryptedXml.XmlEncTripleDESUrl; decrypter.Decrypt(); // Verify that the class has discovered the correct algorithm and set the SessionKeyAlgorithm property accordingly. Assert.AreEqual(EncryptedXml.XmlEncAES128Url, decrypter.SessionKeyAlgorithm); Assert.IsNotNull(decrypter.Assertion); }
public void TestSigning_02() { XmlDocument token = AssertionUtil.GetTestAssertion_01(); SignDocument(token); // Manipulate the #%!;er: Attempt to remove the <AudienceRestriction> from the list of conditions. XmlElement conditions = (XmlElement)token.GetElementsByTagName("Conditions", "urn:oasis:names:tc:SAML:2.0:assertion")[0]; XmlElement audienceRestriction = (XmlElement)conditions.GetElementsByTagName("AudienceRestriction", "urn:oasis:names:tc:SAML:2.0:assertion")[0]; conditions.RemoveChild(audienceRestriction); bool verified = VerifySignature(token); Assert.IsFalse(verified); }