public void Decrypt(XmlDocument document, X509Certificate2 encryptionCert)
{
var assertion = document.FindChild(EncryptedAssertion);
if (assertion == null) return; // Not encrypted, shame on them.
var data = document.EncryptedChild("EncryptedData");
var keyElement = assertion.EncryptedChild("EncryptedKey");
var encryptedData = new EncryptedData();
encryptedData.LoadXml(data);
var encryptedKey = new EncryptedKey();
encryptedKey.LoadXml(keyElement);
var encryptedXml = new EncryptedXml(document);
// Get encryption secret key used by decrypting with the encryption certificate's private key
var secretKey = GetSecretKey(encryptedKey, encryptionCert.PrivateKey);
// Seed the decryption algorithm with secret key and then decrypt
var algorithm = GetSymmetricBlockEncryptionAlgorithm(encryptedData.EncryptionMethod.KeyAlgorithm);
algorithm.Key = secretKey;
var decryptedBytes = encryptedXml.DecryptData(encryptedData, algorithm);
// Put decrypted xml elements back into the document in place of the encrypted data
encryptedXml.ReplaceData(assertion, decryptedBytes);
}
public AuthenticationStatement(XmlDocument document)
{
var element = document.FindChild(AuthnStatement);
if (element == null) return;
Instant = element.ReadAttribute<DateTimeOffset>(AuthnInstant);
SessionIndex = element.ReadAttribute<string>(SessionIndexAtt);
SessionNotOnOrAfter = element.ReadAttribute<DateTimeOffset>(SessionNotOnOrAfterAtt);
var context = element.FindChild(AuthnContext, AssertionXsd);
DeclarationReference = context.ReadChildText<Uri>(AuthnContextDeclRef);
ClassReference = context.ReadChildText<Uri>(AuthnContextClassRef);
}
public void ApplySignature(SamlResponse response, X509Certificate2 certificate, XmlDocument document)
{
var keyInfo = new KeyInfo();
keyInfo.AddClause(new KeyInfoX509Data(certificate));
var signedXml = new SignedXml(document)
{
SigningKey = certificate.PrivateKey,
KeyInfo = keyInfo
};
var reference = new Reference(AssertionIdPrefix + response.Id);
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
signedXml.AddReference(reference);
signedXml.ComputeSignature();
var xml = signedXml.GetXml();
document.FindChild(AssertionElem).AppendChild(xml);
}
public void Encrypt(XmlDocument document, X509Certificate2 certificate)
{
var element = document.FindChild(AssertionElem);
var encryptedXml = new EncryptedXml {Encoding = Encoding.UTF8};
// TODO -- make this pluggable with settings?
//Create the Symmetric Key for encrypting
var key = new RijndaelManaged
{
KeySize = 128,
Mode = CipherMode.CBC,
Padding = PaddingMode.None
};
var encryptedData = ToEncryptedData(encryptedXml, element, key);
var encryptedKey = ToEncryptedKey(certificate, key);
var wrapper = document.CreateElement(EncryptedAssertion, AssertionXsd);
wrapper.AppendChild(document.ImportNode(encryptedData.GetXml(), true));
wrapper.AppendChild(document.ImportNode(encryptedKey.GetXml(), true));
element.ParentNode.ReplaceChild(wrapper, element);
}
