/// <summary>
/// Encrypts the Assertion in the assertion property and creates an <code>EncryptedAssertion</code> element
/// that can be retrieved using the <code>GetXml</code> method.
/// </summary>
public void Encrypt()
{
if (TransportKey == null)
{
throw new InvalidOperationException("The \"TransportKey\" property is required to encrypt the assertion.");
}
if (Assertion == null)
{
throw new InvalidOperationException("The \"Assertion\" property is required for this operation.");
}
var encryptedData = new EncryptedData
{
Type = EncryptedXml.XmlEncElementUrl,
EncryptionMethod = new EncryptionMethod(_sessionKeyAlgorithm)
};
// Encrypt the assertion and add it to the encryptedData instance.
var encryptedXml = new EncryptedXml();
var encryptedElement = encryptedXml.EncryptData(Assertion.DocumentElement, SessionKey, false);
encryptedData.CipherData.CipherValue = encryptedElement;
// Add an encrypted version of the key used.
encryptedData.KeyInfo = new KeyInfo();
var encryptedKey = new EncryptedKey
{
EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url),
CipherData = new CipherData(EncryptedXml.EncryptKey(SessionKey.Key, TransportKey, false))
};
encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey));
// Create an empty EncryptedAssertion to hook into.
var encryptedAssertion = new EncryptedAssertion { EncryptedData = new Schema.XEnc.EncryptedData() };
var result = new XmlDocument();
result.LoadXml(Serialization.SerializeToXmlString(encryptedAssertion));
var encryptedDataElement = GetElement(Schema.XEnc.EncryptedData.ElementName, Saml20Constants.Xenc, result.DocumentElement);
EncryptedXml.ReplaceElement(encryptedDataElement, encryptedData, false);
_encryptedAssertion = result;
}
/// <summary>
/// Generates an encrypted assertion and writes it to disk.
/// </summary>
public static void GenerateEncryptedAssertion()
{
var assertion = AssertionUtil.GetTestAssertion();
// Create an EncryptedData instance to hold the results of the encryption.o
var encryptedData = new EncryptedData
{
Type = EncryptedXml.XmlEncElementUrl,
EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url)
};
// Create a symmetric key.
var aes = new RijndaelManaged { KeySize = 256 };
aes.GenerateKey();
// Encrypt the assertion and add it to the encryptedData instance.
var encryptedXml = new EncryptedXml();
var encryptedElement = encryptedXml.EncryptData(assertion.DocumentElement, aes, false);
encryptedData.CipherData.CipherValue = encryptedElement;
// Add an encrypted version of the key used.
encryptedData.KeyInfo = new KeyInfo();
var encryptedKey = new EncryptedKey();
// Use this certificate to encrypt the key.
var cert = new X509Certificate2(@"Certificates\sts_dev_certificate.pfx", "test1234");
var publicKeyRsa = cert.PublicKey.Key as RSA;
Assert.IsNotNull(publicKeyRsa, "Public key of certificate was not an RSA key. Modify test.");
encryptedKey.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
encryptedKey.CipherData = new CipherData(EncryptedXml.EncryptKey(aes.Key, publicKeyRsa, false));
encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey));
// Create the resulting Xml-document to hook into.
var encryptedAssertion = new EncryptedAssertion
{
EncryptedData = new Schema.XEnc.EncryptedData(),
EncryptedKey = new Schema.XEnc.EncryptedKey[1]
};
encryptedAssertion.EncryptedKey[0] = new Schema.XEnc.EncryptedKey();
var result = Serialization.Serialize(encryptedAssertion);
var encryptedDataElement = GetElement(Schema.XEnc.EncryptedData.ElementName, Saml20Constants.Xenc, result);
EncryptedXml.ReplaceElement(encryptedDataElement, encryptedData, false);
// At this point, result can be output to text
}
