[Ignore]    // TODO: test data needs fixing
        public void TestSigning_03()
        {
            // Load an unsigned assertion.
            Saml20Assertion assertion = new Saml20Assertion(AssertionUtil.GetTestAssertion_01().DocumentElement, null, false);

            // Check that the assertion is not considered valid in any way.
            try
            {
                assertion.CheckValid(AssertionUtil.GetTrustedSigners(assertion.Issuer));
                Assert.Fail("Unsigned assertion was passed off as valid.");
            }
            catch
            {
                //Added to make resharper happy
                Assert.That(true);
            }

            X509Certificate2 cert = new X509Certificate2(@"Saml20\Certificates\sts_dev_certificate.pfx", "test1234");

            Assert.That(cert.HasPrivateKey, "Certificate no longer contains a private key. Modify test.");
            assertion.Sign(cert);

            // Check that the signature is now valid
            assertion.CheckValid(new AsymmetricAlgorithm[] { cert.PublicKey.Key });

            WriteToFile(@"\signedassertion.xml", assertion.GetXml());
        }
        /// <summary>
        /// Decrypts an assertion we received from "fælles-offentlige brugerstyring".
        /// </summary>
        private static void DecryptFOBSAssertion(string file)
        {
            string assertionBase64 = File.ReadAllText(file);

            byte[] assertionBytes = Convert.FromBase64String(assertionBase64);

            XmlDocument doc = new XmlDocument();

            doc.PreserveWhitespace = true;
            doc.Load(new MemoryStream(assertionBytes));

            XmlNodeList encryptedList =
                doc.GetElementsByTagName(EncryptedAssertion.ELEMENT_NAME, Saml20Constants.ASSERTION);

            Assert.That(encryptedList.Count == 1);

            // Do some mock configuration.
            FederationConfig config = FederationConfig.GetConfig();

            config.AllowedAudienceUris.Audiences.Add("https://saml.safewhere.net");

            SAML20FederationConfig descr = SAML20FederationConfig.GetConfig();

            descr.Endpoints.MetadataLocation = @"Saml20\Protocol\MetadataDocs\FOBS"; // Set it manually.
            Assert.That(Directory.Exists(descr.Endpoints.MetadataLocation));

            X509Certificate2         cert   = new X509Certificate2(@"Saml20\Certificates\SafewhereTest_SFS.pfx", "test1234");
            Saml20EncryptedAssertion encass =
                new Saml20EncryptedAssertion((RSA)cert.PrivateKey);

            encass.LoadXml((XmlElement)encryptedList[0]);
            encass.Decrypt();

            // Retrieve metadata
            Saml20Assertion assertion = new Saml20Assertion(encass.Assertion.DocumentElement, null, false);

            IDPEndPoint endp = descr.FindEndPoint(assertion.Issuer);

            Assert.IsNotNull(endp, "Endpoint not found");
            Assert.IsNotNull(endp.metadata, "Metadata not found");

            try
            {
                assertion.CheckValid(AssertionUtil.GetTrustedSigners(assertion.Issuer));
                Assert.Fail("Verification should fail. Token does not include its signing key.");
            } catch (InvalidOperationException)
            {}

            Assert.IsNull(assertion.SigningKey, "Signing key is already present on assertion. Modify test.");
            IEnumerable <string> validationFailures;

            Assert.That(assertion.CheckSignature(Saml20SignonHandler.GetTrustedSigners(endp.metadata.GetKeys(KeyTypes.signing), endp, out validationFailures)));
            Assert.IsNotNull(assertion.SigningKey, "Signing key was not set on assertion instance.");
        }
Exemplo n.º 3
0
        public void DecryptPingAssertion()
        {
            // Load the assertion
            XmlDocument doc = new XmlDocument();

            doc.Load(File.OpenRead(@"c:\tmp\pingassertion.txt"));

            XmlElement xe = GetElement(EncryptedAssertion.ELEMENT_NAME, Saml20Constants.ASSERTION, doc);

            XmlDocument doc2 = new XmlDocument();

            doc2.AppendChild(doc2.ImportNode(xe, true));

            X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);

            store.Open(OpenFlags.ReadOnly);

            X509Certificate2Collection coll = store.Certificates.Find(X509FindType.FindBySubjectDistinguishedName,
                                                                      "CN=SafewhereTest_SFS, O=Safewhere, C=DK", true);

            Assert.That(coll.Count == 1);

            X509Certificate2 cert = coll[0];

            Saml20EncryptedAssertion encass = new Saml20EncryptedAssertion((RSA)cert.PrivateKey, doc2);

            encass.Decrypt();

            XmlTextWriter writer = new XmlTextWriter(Console.Out);

            writer.Formatting  = Formatting.Indented;
            writer.Indentation = 3;
            writer.IndentChar  = ' ';

            encass.Assertion.WriteTo(writer);
            writer.Flush();

            Saml20Assertion assertion = new Saml20Assertion(encass.Assertion.DocumentElement, AssertionUtil.GetTrustedSigners(encass.Assertion.Attributes["Issuer"].Value), false);

            Assert.That(encass.Assertion != null);

            Console.WriteLine();
            foreach (SamlAttribute attribute in assertion.Attributes)
            {
                Console.WriteLine(attribute.Name + " : " + attribute.AttributeValue[0]);
            }
        }
Exemplo n.º 4
0
        /// <summary>
        /// Loads an assertion and tries to deserialize it using the <code>Assertion</code> class.
        /// </summary>
        public static Saml20Assertion DeserializeToken(string assertionFile)
        {
            FileStream fs = File.OpenRead(assertionFile);

            XmlDocument document = new XmlDocument();

            document.PreserveWhitespace = true;
            document.Load(fs);
            fs.Close();

            XmlNodeList     nodes     = document.DocumentElement.GetElementsByTagName("Issuer", Saml20Constants.ASSERTION);
            Saml20Assertion assertion = new Saml20Assertion(document.DocumentElement, AssertionUtil.GetTrustedSigners(nodes[0].Value), false);

            return(assertion);
        }