//[ExpectedException(typeof(Saml20Exception), ExpectedMessage = "Assertion is no longer valid.")]
public void CanDecryptFOBSAssertion()
{
// Arrange
var doc = AssertionUtil.LoadBase64EncodedXmlDocument(@"Assertions\fobs-assertion2");
var encryptedList = doc.GetElementsByTagName(EncryptedAssertion.ElementName, Saml20Constants.Assertion);
// Do some mock configuration.
var config = new Saml2Configuration
{
AllowedAudienceUris = new System.Collections.Generic.List <Uri>(),
IdentityProviders = new IdentityProviders()
};
config.AllowedAudienceUris.Add(new Uri("https://saml.safewhere.net"));
config.IdentityProviders.AddByMetadataDirectory(Path.Combine(Directory.GetCurrentDirectory(), @"Protocol\MetadataDocs\FOBS")); // Set it manually.
var cert = _context.SafewhereTest_SFS;
var encryptedAssertion = new Saml20EncryptedAssertion((RSA)cert.PrivateKey);
encryptedAssertion.LoadXml((XmlElement)encryptedList[0]);
// Act
encryptedAssertion.Decrypt();
// Retrieve metadata
var assertion = new Saml20Assertion(encryptedAssertion.Assertion.DocumentElement, null, false, TestConfiguration.Configuration);
var endp = config.IdentityProviders.FirstOrDefault(x => x.Id == assertion.Issuer);
// Assert
Assert.True(encryptedList.Count == 1);
Assert.NotNull(endp); //, "Endpoint not found");
Assert.NotNull(endp.Metadata); //, "Metadata not found");
Assert.Throws(typeof(InvalidOperationException), () =>
{
assertion.CheckValid(AssertionUtil.GetTrustedSigners(assertion.Issuer));
//Assert.Fail("Verification should fail. Token does not include its signing key.");
});
Assert.Null(assertion.SigningKey); //, "Signing key is already present on assertion. Modify test.");
//Assert.IsTrue("We have tested this next test" == "");
//Assert.True(assertion.CheckSignature(Saml20SignonHandler.GetTrustedSigners(endp.Metadata.GetKeys(KeyTypes.Signing), endp)));
//Assert.IsNotNull(assertion.SigningKey, "Signing key was not set on assertion instance.");
}
